From 291ca9384345d8c674a96f3671d44ba09af8b787 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 24 Sep 2008 19:27:09 +0200 Subject: Use loadparm since it's required by some modules. --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 2ca5b80c67..882376cb09 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -26,7 +26,7 @@ import os import ldb from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var -from samba.tests import LdbTestCase, TestCaseInTempDir +from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -76,7 +76,7 @@ class MapBaseTestCase(TestCaseInTempDir): self.url = "tdb://" + self.file self.basedn = basedn self.substvars = {"BASEDN": self.basedn} - self.db = Ldb() + self.db = Ldb(lp=cmdline_loadparm) self._dn = dn def dn(self, rdn): @@ -117,14 +117,14 @@ class Samba3SamTestCase(MapBaseTestCase): def setUp(self): super(Samba3SamTestCase, self).setUp() - ldb = Ldb(self.ldburl) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm) self.samba3.setup_data("samba3.ldif") self.templates.setup_data("provision_samba3sam_templates.ldif") ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) def test_search_non_mapped(self): """Looking up by non-mapped attribute""" @@ -287,13 +287,13 @@ class MapTestCase(MapBaseTestCase): def setUp(self): super(MapTestCase, self).setUp() - ldb = Ldb(self.ldburl) + ldb = Ldb(self.ldburl, lp=cmdline_loadparm) self.templates.setup_data("provision_samba3sam_templates.ldif") ldif = read_datafile("provision_samba3sam.ldif") ldb.add_ldif(self.samba4.subst(ldif)) self.setup_modules(ldb, self.samba3, self.samba4) del ldb - self.ldb = Ldb(self.ldburl) + self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm) def test_map_search(self): """Running search tests on mapped data.""" -- cgit From cf1935817fce0d6c7f4d2797c18f8c116220abd4 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:06:13 +0200 Subject: Cosmetic corrections for the DSDB module This commit applies some cosmetic corrections for the DSDB (Directory Server Database). --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 ++-- source4/dsdb/samdb/ldb_modules/proxy.c | 12 ++++++------ source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 14 +++++++------- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/lib/ldb-samba/ldif_handlers.c | 2 +- source4/lib/ldb_wrap.c | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6836f95873..11e2b7ade9 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -142,7 +142,7 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess ldb_msg_add_string(msg, attrName, attr_list[i]); } talloc_free(mem_ctx); - return 0; + return LDB_SUCCESS; } /* read all objectClasses */ @@ -201,7 +201,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d0a315e45a..7aa78e98a9 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -66,7 +66,7 @@ static int load_proxy_info(struct ldb_module *module) /* see if we have already loaded it */ if (proxy->upstream != NULL) { - return 0; + return LDB_SUCCESS; } dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO"); @@ -145,7 +145,7 @@ static int load_proxy_info(struct ldb_module *module) talloc_free(res); - return 0; + return LDB_SUCCESS; failed: talloc_free(res); @@ -153,7 +153,7 @@ failed: talloc_free(proxy->newdn); talloc_free(proxy->upstream); proxy->upstream = NULL; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -259,7 +259,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* see if the dn is within olddn */ @@ -269,7 +269,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq = talloc(module, struct ldb_request); if (newreq == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); @@ -298,7 +298,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); talloc_free(newreq); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } for (i = 0; i < newreq->op.search.res->count; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index dd5faf837a..34e235aec7 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -124,16 +124,16 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) char *s; if (ldb_msg_find_element(msg, attr) != NULL) { - return 0; + return LDB_SUCCESS; } s = ldb_timestring(msg, t); if (s == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (ldb_msg_add_string(msg, attr, s) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = ldb_msg_find_element(msg, attr); @@ -141,7 +141,7 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return 0; + return LDB_SUCCESS; } /* @@ -152,11 +152,11 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ struct ldb_message_element *el; if (ldb_msg_find_element(msg, attr) != NULL) { - return 0; + return LDB_SUCCESS; } if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = ldb_msg_find_element(msg, attr); @@ -164,7 +164,7 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return 0; + return LDB_SUCCESS; } static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1, diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 968b19c038..7c6a6dd26f 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -307,7 +307,7 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message } } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index a16582d294..46ea09554d 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -134,7 +134,7 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, /* Perhaps not a string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } - return 0; + return LDB_SUCCESS; } return ldb_handler_copy(ldb, mem_ctx, in, out); } diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 6c683a1e33..8082f4fac5 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -84,7 +84,7 @@ static int ldb_wrap_destructor(struct ldb_context *ldb) smb_panic("probable memory leak in ldb"); #endif } - return 0; + return LDB_SUCCESS; } /* -- cgit From 9261fa997ccda8f89556b644ddd45cd86919ec2e Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:36:14 +0200 Subject: Cosmetic corrections for the LDB backend modules This commit applies some cosmetic corrections for the LDB backend modules. --- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 ++--- source4/lib/ldb/ldb_ldap/ldb_ldap.c | 18 ++++++------- source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 28 ++++++++++----------- source4/lib/ldb/ldb_tdb/ldb_cache.c | 22 ++++++++-------- source4/lib/ldb/ldb_tdb/ldb_pack.c | 12 ++++----- source4/lib/ldb/ldb_tdb/ldb_search.c | 42 +++++++++++++++---------------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 20 +++++++-------- source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c | 2 +- 8 files changed, 75 insertions(+), 75 deletions(-) diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 5ad671ea2e..3a5da89c41 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -753,7 +753,7 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, module = talloc(ldb, struct ldb_module); if (!module) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, } *_module = module; - return 0; + return LDB_SUCCESS; failed: talloc_free(module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } _PUBLIC_ const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index a4534c549a..5026f9c006 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -180,14 +180,14 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, count = ldap_count_values_len(bval); if (count <= 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements + 1); if (!el) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } msg->elements = el; @@ -197,7 +197,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->name = talloc_strdup(msg->elements, attr); if (!el->name) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } el->flags = 0; @@ -205,7 +205,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->values = talloc_array(msg->elements, struct ldb_val, count); if (!el->values) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } for (i=0;ivalues[i].data = talloc_size(el->values, bval[i]->bv_len+1); if (!el->values[i].data) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len); el->values[i].data[bval[i]->bv_len] = 0; @@ -224,7 +224,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, msg->num_elements++; - return 0; + return LDB_SUCCESS; } /* @@ -785,7 +785,7 @@ static int lldb_connect(struct ldb_context *ldb, if (module == NULL) { ldb_oom(ldb); talloc_free(lldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int lldb_connect(struct ldb_context *ldb, } *_module = module; - return 0; + return LDB_SUCCESS; failed: talloc_free(module); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index a0e63c8da1..7e4fe1d08d 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -670,10 +670,10 @@ static int lsqlite3_safe_rollback(sqlite3 *sqlite) printf("lsqlite3_safe_rollback: Error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } - return 0; + return SQLITE_OK; } /* return an eid as result */ @@ -1440,13 +1440,13 @@ static int lsql_start_trans(struct ldb_module * module) printf("lsqlite3_start_trans: error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } }; lsqlite3->trans_count++; - return 0; + return SQLITE_OK; } static int lsql_end_trans(struct ldb_module *module) @@ -1457,7 +1457,7 @@ static int lsql_end_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return -1; + } else return SQLITE_ERROR; if (lsqlite3->trans_count == 0) { ret = sqlite3_exec(lsqlite3->sqlite, "COMMIT;", NULL, NULL, &errmsg); @@ -1466,11 +1466,11 @@ static int lsql_end_trans(struct ldb_module *module) printf("lsqlite3_end_trans: error: %s\n", errmsg); free(errmsg); } - return -1; + return SQLITE_ERROR; } } - return 0; + return SQLITE_OK; } static int lsql_del_trans(struct ldb_module *module) @@ -1479,13 +1479,13 @@ static int lsql_del_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return -1; + } else return SQLITE_ERROR; if (lsqlite3->trans_count == 0) { return lsqlite3_safe_rollback(lsqlite3->sqlite); } - return -1; + return SQLITE_ERROR; } static int destructor(struct lsqlite3_private *lsqlite3) @@ -1493,7 +1493,7 @@ static int destructor(struct lsqlite3_private *lsqlite3) if (lsqlite3->sqlite) { sqlite3_close(lsqlite3->sqlite); } - return 0; + return SQLITE_OK; } static int lsql_request(struct ldb_module *module, struct ldb_request *req) @@ -1540,7 +1540,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, /* create a local ctx */ local_ctx = talloc_named(lsqlite3, 0, "lsqlite3_rename local context"); if (local_ctx == NULL) { - return -1; + return SQLITE_ERROR; } schema = lsqlite3_tprintf(local_ctx, @@ -1792,7 +1792,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, failed: if (rollback) lsqlite3_safe_rollback(lsqlite3->sqlite); sqlite3_close(lsqlite3->sqlite); - return -1; + return SQLITE_ERROR; } /* @@ -1860,14 +1860,14 @@ static int lsqlite3_connect(struct ldb_context *ldb, } } - return 0; + return LDB_SUCCESS; failed: if (lsqlite3->sqlite != NULL) { (void) sqlite3_close(lsqlite3->sqlite); } talloc_free(lsqlite3); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } const struct ldb_backend_ops ldb_sqlite3_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c b/source4/lib/ldb/ldb_tdb/ldb_cache.c index 2576e2c7bd..e502f1e642 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_cache.c +++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c @@ -92,11 +92,11 @@ static int ltdb_attributes_flags(struct ldb_message_element *el, unsigned *v) } } if (ltdb_valid_attr_flags[j].name == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } *v = value; - return 0; + return LDB_SUCCESS; } /* @@ -118,7 +118,7 @@ static int ltdb_attributes_load(struct ldb_module *module) goto failed; } if (r == LDB_ERR_NO_SUCH_OBJECT) { - return 0; + return LDB_SUCCESS; } /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ @@ -162,9 +162,9 @@ static int ltdb_attributes_load(struct ldb_module *module) } } - return 0; + return LDB_SUCCESS; failed: - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -258,7 +258,7 @@ int ltdb_cache_load(struct ldb_module *module) /* a very fast check to avoid extra database reads */ if (ltdb->cache != NULL && tdb_get_seqnum(ltdb->tdb) == ltdb->tdb_seqnum) { - return 0; + return LDB_SUCCESS; } if (ltdb->cache == NULL) { @@ -344,7 +344,7 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - if (ltdb_attributes_load(module) == -1) { + if (ltdb_attributes_load(module) != LDB_SUCCESS) { goto failed; } @@ -353,14 +353,14 @@ done: talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return 0; + return LDB_SUCCESS; failed: talloc_free(options); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } @@ -449,10 +449,10 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value) for (i = 0; ltdb_valid_attr_flags[i].name != NULL; i++) { if ((strcmp(ltdb_valid_attr_flags[i].name, (char *)value->data) == 0)) { - return 0; + return LDB_SUCCESS; } } - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_pack.c b/source4/lib/ldb/ldb_tdb/ldb_pack.c index afb07dcbca..d96e7590e7 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_pack.c +++ b/source4/lib/ldb/ldb_tdb/ldb_pack.c @@ -89,7 +89,7 @@ int ltdb_pack_data(struct ldb_module *module, dn = ldb_dn_get_linearized(message->dn); if (dn == NULL) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* work out how big it needs to be */ @@ -114,7 +114,7 @@ int ltdb_pack_data(struct ldb_module *module, data->dptr = talloc_array(ldb, uint8_t, size); if (!data->dptr) { errno = ENOMEM; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } data->dsize = size; @@ -147,7 +147,7 @@ int ltdb_pack_data(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; } /* @@ -207,7 +207,7 @@ int ltdb_unpack_data(struct ldb_module *module, if (message->num_elements == 0) { message->elements = NULL; - return 0; + return LDB_SUCCESS; } if (message->num_elements > remaining / 6) { @@ -281,9 +281,9 @@ int ltdb_unpack_data(struct ldb_module *module, "Error: %d bytes unread in ltdb_unpack_data\n", remaining); } - return 0; + return LDB_SUCCESS; failed: talloc_free(message->elements); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index da899c361e..ce7a90e3d5 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -262,7 +262,7 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes ret = ltdb_unpack_data(module, &tdb_data, msg); free(tdb_data.dptr); - if (ret == -1) { + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } @@ -285,7 +285,7 @@ static int ltdb_lock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_lockall_read(ltdb->tdb); } - return 0; + return LDB_SUCCESS; } /* @@ -297,7 +297,7 @@ static int ltdb_unlock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_unlockall_read(ltdb->tdb); } - return 0; + return LDB_SUCCESS; } /* @@ -317,14 +317,14 @@ int ltdb_add_attr_results(struct ldb_module *module, /* pull the attributes that the user wants */ msg2 = ltdb_pull_attrs(module, mem_ctx, msg, attrs); if (!msg2) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* add to the results list */ res2 = talloc_realloc(mem_ctx, *res, struct ldb_message *, (*count)+2); if (!res2) { talloc_free(msg2); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } (*res) = res2; @@ -333,7 +333,7 @@ int ltdb_add_attr_results(struct ldb_module *module, (*res)[(*count)+1] = NULL; (*count)++; - return 0; + return LDB_SUCCESS; } @@ -356,7 +356,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) { if (msg_add_distinguished_name(msg) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } } @@ -366,9 +366,9 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (keep_all) { if (msg_add_distinguished_name(msg) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } for (i = 0; i < msg->num_elements; i++) { @@ -387,7 +387,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) } } - return 0; + return LDB_SUCCESS; } /* @@ -402,14 +402,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { - return 0; + return LDB_SUCCESS; } ares = talloc_zero(ac, struct ldb_reply); if (!ares) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ares->message = ldb_msg_new(ares); @@ -417,14 +417,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* unpack the record */ ret = ltdb_unpack_data(ac->module, &data, ares->message); - if (ret == -1) { + if (ret) { talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } if (!ares->message->dn) { @@ -433,7 +433,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } @@ -441,17 +441,17 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { talloc_free(ares); - return 0; + return LDB_SUCCESS; } /* filter the attributes that the user wants */ ret = ltdb_filter_attrs(ares->message, ac->attrs); - if (ret == -1) { + if (ret != LDB_SUCCESS) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ares->type = LDB_REPLY_ENTRY; @@ -460,10 +460,10 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (handle->status != LDB_SUCCESS) { /* don't try to free ares here, the callback is in charge of that */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 01d570c89a..b711efd1fa 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -174,7 +174,7 @@ int ltdb_check_special_dn(struct ldb_module *module, if (! ldb_dn_is_special(msg->dn) || ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { - return 0; + return LDB_SUCCESS; } /* we have @ATTRIBUTES, let's check attributes are fine */ @@ -188,7 +188,7 @@ int ltdb_check_special_dn(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; } @@ -231,7 +231,7 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg } ret = ltdb_pack_data(module, msg, &tdb_data); - if (ret == -1) { + if (ret != LDB_SUCCESS) { talloc_free(tdb_key.dptr); return LDB_ERR_OTHER; } @@ -626,7 +626,7 @@ int ltdb_modify_internal(struct ldb_module *module, } ret = ltdb_unpack_data(module, &tdb_data, msg2); - if (ret == -1) { + if (ret != LDB_SUCCESS) { ret = LDB_ERR_OTHER; goto failed; } @@ -1069,7 +1069,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (strncmp(url, "tdb://", 6) != 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid tdb URL '%s'", url); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } path = url+6; } else { @@ -1097,7 +1097,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb = talloc_zero(ldb, struct ltdb_private); if (!ltdb) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* note that we use quite a large default hash size */ @@ -1108,7 +1108,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ldb_debug(ldb, LDB_DEBUG_ERROR, "Unable to open tdb '%s'\n", path); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ltdb->sequence_number = 0; @@ -1117,7 +1117,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (!module) { ldb_oom(ldb); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } talloc_set_name_const(*module, "ldb_tdb backend"); (*module)->ldb = ldb; @@ -1128,10 +1128,10 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (ltdb_cache_load(*module) != 0) { talloc_free(*module); talloc_free(ltdb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } const struct ldb_backend_ops ldb_tdb_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c index 4fea43c8c8..9d856355be 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c @@ -53,7 +53,7 @@ static int ltdb_wrap_destructor(struct ltdb_wrap *w) if (w == tdb_list) { tdb_list = w->next; } - return 0; + return LDB_SUCCESS; } static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); -- cgit From 9d849c30bc5dfb4c3b27639c52ba8c2a54d07471 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:36:52 +0200 Subject: Cosmetic corrections for the LDB library This commit applies some cosmetic corrections for the LDB library. --- source4/lib/ldb/common/attrib_handlers.c | 22 +++++++++++----------- source4/lib/ldb/common/ldb_attributes.c | 8 ++++---- source4/lib/ldb/common/ldb_debug.c | 2 +- source4/lib/ldb/common/ldb_ldif.c | 18 +++++++++--------- source4/lib/ldb/common/ldb_modules.c | 6 +++--- source4/lib/ldb/modules/operational.c | 4 ++-- source4/lib/ldb/modules/paged_results.c | 2 +- source4/lib/ldb/modules/skel.c | 2 +- 8 files changed, 32 insertions(+), 32 deletions(-) diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index fb57e2dadc..6f1b0815d7 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -38,9 +38,9 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx, *out = ldb_val_dup(mem_ctx, in); if (in->length > 0 && out->data == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } - return 0; + return LDB_SUCCESS; } /* @@ -57,13 +57,13 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, int l; if (!in || !out || !(in->data)) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data), in->length); if (out->data == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb_handler_fold: unable to casefold string [%s]", in->data); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } s = (char *)(out->data); @@ -96,7 +96,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } @@ -111,14 +111,14 @@ int ldb_canonicalise_Integer(struct ldb_context *ldb, void *mem_ctx, char *end; long long i = strtoll((char *)in->data, &end, 0); if (*end != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lld", i); if (out->data == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } /* @@ -251,7 +251,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - ret = 0; + ret = LDB_SUCCESS; done: talloc_free(dn); @@ -305,10 +305,10 @@ int ldb_canonicalise_utctime(struct ldb_context *ldb, void *mem_ctx, time_t t = ldb_string_to_time((char *)in->data); out->data = (uint8_t *)ldb_timestring(mem_ctx, t); if (out->data == NULL) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } out->length = strlen((char *)out->data); - return 0; + return LDB_SUCCESS; } /* diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index 747f241781..0fbb5e2bfb 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -61,7 +61,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, struct ldb_schema_attribute, n); if (a == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } ldb->schema.attributes = a; @@ -70,7 +70,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, if (cmp == 0) { /* silently ignore attempts to overwrite fixed attributes */ if (a[i].flags & LDB_ATTR_FLAG_FIXED) { - return 0; + return LDB_SUCCESS; } if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) { talloc_free(discard_const_p(char, a[i].name)); @@ -93,11 +93,11 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, a[i].name = talloc_strdup(a, a[i].name); if (a[i].name == NULL) { ldb_oom(ldb); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } static const struct ldb_schema_syntax ldb_syntax_default = { diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 0f78e37c1c..8e1c491f12 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -43,7 +43,7 @@ int ldb_set_debug(struct ldb_context *ldb, { ldb->debug_ops.debug = debug; ldb->debug_ops.context = context; - return 0; + return LDB_SUCCESS; } /* diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index fb93e17c6c..6cbd30f377 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -191,19 +191,19 @@ int ldb_should_b64_encode(const struct ldb_val *val) uint8_t *p = val->data; if (val->length == 0) { - return 0; + return LDB_SUCCESS; } if (p[0] == ' ' || p[0] == ':') { - return 1; + return LDB_ERR_OPERATIONS_ERROR; } for (i=0; ilength; i++) { if (!isprint(p[i]) || p[i] == '\n') { - return 1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } /* this macro is used to handle the return checking on fprintf_fn() */ @@ -444,12 +444,12 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val value->length = 0; *attr = "-"; *s += 2; - return 0; + return LDB_SUCCESS; } p = strchr(*s, ':'); if (!p) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } *p++ = 0; @@ -487,7 +487,7 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_base64_decode((char *)value->data); if (len == -1) { /* it wasn't valid base64 data */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } value->length = len; } @@ -496,11 +496,11 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_read_data_file(mem_ctx, value); if (len == -1) { /* an error occured hile trying to retrieve the file */ - return -1; + return LDB_ERR_OPERATIONS_ERROR; } } - return 0; + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index c0cd616a76..046d36edf1 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -279,16 +279,16 @@ int ldb_register_module(const struct ldb_module_ops *ops) struct ops_list_entry *entry = talloc(talloc_autofree_context(), struct ops_list_entry); if (ldb_find_module_ops(ops->name) != NULL) - return -1; + return LDB_ERR_OPERATIONS_ERROR; if (entry == NULL) - return -1; + return LDB_ERR_OPERATIONS_ERROR; entry->ops = ops; entry->next = registered_modules; registered_modules = entry; - return 0; + return LDB_SUCCESS; } void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index a59e81becd..716f34d660 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -158,13 +158,13 @@ static int operational_search_post_process(struct ldb_module *module, } } - return 0; + return LDB_SUCCESS; failed: ldb_debug_set(module->ldb, LDB_DEBUG_WARNING, "operational_search_post_process failed for attribute '%s'\n", attrs[a]); - return -1; + return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index b62b1f92cb..c7296a1edf 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -86,7 +86,7 @@ int store_destructor(struct results_store *store) store->priv->store = NULL; } - return 0; + return LDB_SUCCESS; } static struct results_store *new_store(struct private_data *priv) diff --git a/source4/lib/ldb/modules/skel.c b/source4/lib/ldb/modules/skel.c index 0cd29ac4b7..15df46354b 100644 --- a/source4/lib/ldb/modules/skel.c +++ b/source4/lib/ldb/modules/skel.c @@ -90,7 +90,7 @@ static int skel_destructor(struct ldb_module *ctx) struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); /* put your clean-up functions here */ if (data->some_private_data) talloc_free(data->some_private_data); - return 0; + return LDB_SUCCESS; } static int skel_request(struct ldb_module *module, struct ldb_request *req) -- cgit From 57edd24ca0fd91ae4d967666dc381147654e27f7 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:37:33 +0200 Subject: Cosmetic corrections for the KERBEROS library This commit applies some cosmetic corrections for the KERBEROS library. --- source4/auth/gensec/cyrus_sasl.c | 2 +- source4/auth/kerberos/kerberos.c | 4 ++-- source4/auth/kerberos/kerberos_util.c | 18 ++++++++---------- source4/auth/kerberos/krb5_init_context.c | 4 ++-- source4/kdc/hdb-ldb.c | 6 +++--- 5 files changed, 16 insertions(+), 18 deletions(-) diff --git a/source4/auth/gensec/cyrus_sasl.c b/source4/auth/gensec/cyrus_sasl.c index 06a7b8a382..6f82de82fc 100644 --- a/source4/auth/gensec/cyrus_sasl.c +++ b/source4/auth/gensec/cyrus_sasl.c @@ -110,7 +110,7 @@ static int gensec_sasl_get_password(sasl_conn_t *conn, void *context, int id, static int gensec_sasl_dispose(struct gensec_sasl_state *gensec_sasl_state) { sasl_dispose(&gensec_sasl_state->conn); - return 0; + return SASL_OK; } static NTSTATUS gensec_sasl_client_start(struct gensec_security *gensec_security) diff --git a/source4/auth/kerberos/kerberos.c b/source4/auth/kerberos/kerberos.c index 2579ab20cc..d54664fe66 100644 --- a/source4/auth/kerberos/kerberos.c +++ b/source4/auth/kerberos/kerberos.c @@ -33,7 +33,7 @@ This version is built to use a keyblock, rather than needing the original password. */ - int kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_keyblock_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, krb5_keyblock *keyblock, time_t *expire_time, time_t *kdc_time) { @@ -77,7 +77,7 @@ simulate a kinit, putting the tgt in the given credentials cache. Orignally by remus@snapserver.com */ - int kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, + krb5_error_code kerberos_kinit_password_cc(krb5_context ctx, krb5_ccache cc, krb5_principal principal, const char *password, time_t *expire_time, time_t *kdc_time) { diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 9002715065..0567565d33 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -32,7 +32,7 @@ struct principal_container { krb5_principal principal; }; -static int free_principal(struct principal_container *pc) +static krb5_error_code free_principal(struct principal_container *pc) { /* current heimdal - 0.6.3, which we need anyway, fixes segfaults here */ krb5_free_principal(pc->smb_krb5_context->krb5_context, pc->principal); @@ -241,19 +241,17 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, return 0; } -static int free_keytab(struct keytab_container *ktc) +static krb5_error_code free_keytab(struct keytab_container *ktc) { - krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); - - return 0; + return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); } -int smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, +krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, struct smb_krb5_context *smb_krb5_context, const char *keytab_name, struct keytab_container **ktc) { krb5_keytab keytab; - int ret; + krb5_error_code ret; ret = krb5_kt_resolve(smb_krb5_context->krb5_context, keytab_name, &keytab); if (ret) { DEBUG(1,("failed to open krb5 keytab: %s\n", @@ -339,7 +337,7 @@ static krb5_error_code keytab_add_keys(TALLOC_CTX *parent_ctx, return 0; } -static int create_keytab(TALLOC_CTX *parent_ctx, +static krb5_error_code create_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -603,7 +601,7 @@ static krb5_error_code remove_old_entries(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, @@ -635,7 +633,7 @@ int smb_krb5_update_keytab(TALLOC_CTX *parent_ctx, return ret; } -int smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, +krb5_error_code smb_krb5_create_memory_keytab(TALLOC_CTX *parent_ctx, struct cli_credentials *machine_account, struct smb_krb5_context *smb_krb5_context, const char **enctype_strings, diff --git a/source4/auth/kerberos/krb5_init_context.c b/source4/auth/kerberos/krb5_init_context.c index 82e42a4560..90b542c4c4 100644 --- a/source4/auth/kerberos/krb5_init_context.c +++ b/source4/auth/kerberos/krb5_init_context.c @@ -49,13 +49,13 @@ struct smb_krb5_socket { krb5_krbhst_info *hi; }; -static int smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_1(struct smb_krb5_context *ctx) { krb5_free_context(ctx->krb5_context); return 0; } -static int smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) +static krb5_error_code smb_krb5_context_destroy_2(struct smb_krb5_context *ctx) { /* Otherwise krb5_free_context will try and close what we have already free()ed */ krb5_set_warn_dest(ctx->krb5_context, NULL); diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c index c5466f1acd..4fde75cf70 100644 --- a/source4/kdc/hdb-ldb.c +++ b/source4/kdc/hdb-ldb.c @@ -186,7 +186,7 @@ static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum h return flags; } -static int hdb_ldb_destrutor(struct hdb_ldb_private *private) +static int hdb_ldb_destructor(struct hdb_ldb_private *private) { hdb_entry_ex *entry_ex = private->entry_ex; free_hdb_entry(&entry_ex->entry); @@ -542,7 +542,7 @@ static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, private->iconv_convenience = lp_iconv_convenience(lp_ctx); private->netbios_name = lp_netbios_name(lp_ctx); - talloc_set_destructor(private, hdb_ldb_destrutor); + talloc_set_destructor(private, hdb_ldb_destructor); entry_ex->ctx = private; entry_ex->free_entry = hdb_ldb_free_entry; @@ -728,7 +728,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, private->iconv_convenience = lp_iconv_convenience(lp_ctx); private->netbios_name = lp_netbios_name(lp_ctx); - talloc_set_destructor(private, hdb_ldb_destrutor); + talloc_set_destructor(private, hdb_ldb_destructor); entry_ex->ctx = private; entry_ex->free_entry = hdb_ldb_free_entry; -- cgit From 79854dc48a6f5448e4a435261ad2d9e9a2bbc712 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Thu, 18 Sep 2008 15:34:58 +0200 Subject: Kerberos cosmetic changes: Revert a part of the patch Reverts a part of the patch because it changes the function of the code (suggested by Jelmer). --- source4/auth/kerberos/kerberos_util.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 0567565d33..4704f4805f 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -243,7 +243,9 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, static krb5_error_code free_keytab(struct keytab_container *ktc) { - return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); + krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); + + return 0; } krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, -- cgit From b39b6099a44ef40fc79fc68c9df740e0ef722d19 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 9 Sep 2008 17:37:33 +0200 Subject: Cosmetic corrections for the KERBEROS library This commit applies some cosmetic corrections for the KERBEROS library. --- source4/auth/kerberos/kerberos_util.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source4/auth/kerberos/kerberos_util.c b/source4/auth/kerberos/kerberos_util.c index 4704f4805f..0567565d33 100644 --- a/source4/auth/kerberos/kerberos_util.c +++ b/source4/auth/kerberos/kerberos_util.c @@ -243,9 +243,7 @@ static krb5_error_code salt_principal_from_credentials(TALLOC_CTX *parent_ctx, static krb5_error_code free_keytab(struct keytab_container *ktc) { - krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); - - return 0; + return krb5_kt_close(ktc->smb_krb5_context->krb5_context, ktc->keytab); } krb5_error_code smb_krb5_open_keytab(TALLOC_CTX *mem_ctx, -- cgit From 9cf1a68977d56d342ca7dbe8f07c725221dc1148 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 24 Sep 2008 09:53:21 -0700 Subject: printing: Rename new parameter "cups timeout" to "cups connection timeout". Karolin --- docs-xml/smbdotconf/printing/cupstimeout.xml | 17 ----------------- source3/include/printing.h | 2 +- source3/include/proto.h | 2 +- source3/param/loadparm.c | 10 +++++----- source3/printing/print_cups.c | 2 +- 5 files changed, 8 insertions(+), 25 deletions(-) delete mode 100644 docs-xml/smbdotconf/printing/cupstimeout.xml diff --git a/docs-xml/smbdotconf/printing/cupstimeout.xml b/docs-xml/smbdotconf/printing/cupstimeout.xml deleted file mode 100644 index 727ccce67b..0000000000 --- a/docs-xml/smbdotconf/printing/cupstimeout.xml +++ /dev/null @@ -1,17 +0,0 @@ - - - - - This parameter determines the timeout for connections to a CUPS server - in seconds. - - - -30 -cups timeout = 10 - diff --git a/source3/include/printing.h b/source3/include/printing.h index 04e30a011b..d91917b528 100644 --- a/source3/include/printing.h +++ b/source3/include/printing.h @@ -77,7 +77,7 @@ extern struct printif iprint_printif; #define NEXT_JOBID(j) ((j+1) % PRINT_MAX_JOBID > 0 ? (j+1) % PRINT_MAX_JOBID : 1) #define MAX_CACHE_VALID_TIME 3600 -#define CUPS_DEFAULT_TIMEOUT 30 +#define CUPS_DEFAULT_CONNECTION_TIMEOUT 30 #ifndef PRINT_SPOOL_PREFIX #define PRINT_SPOOL_PREFIX "smbprn." diff --git a/source3/include/proto.h b/source3/include/proto.h index b1c4d2e5d9..2ccf3b15f7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5824,7 +5824,7 @@ const char **lp_svcctl_list(void); char *lp_cups_options(int ); char *lp_cups_server(void); char *lp_iprint_server(void); -int lp_cups_timeout(void); +int lp_cups_connection_timeout(void); const char *lp_ctdbd_socket(void); const char **lp_cluster_addresses(void); bool lp_clustering(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index db9e990e64..87af7a3411 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -341,7 +341,7 @@ struct global { int iKeepalive; int iminreceivefile; struct param_opt_struct *param_opt; - int cups_timeout; + int cups_connection_timeout; }; static struct global Globals; @@ -2597,10 +2597,10 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED | FLAG_PRINT | FLAG_GLOBAL, }, { - .label = "cups timeout", + .label = "cups connection timeout", .type = P_INTEGER, .p_class = P_GLOBAL, - .ptr = &Globals.cups_timeout, + .ptr = &Globals.cups_connection_timeout, .special = NULL, .enum_list = NULL, .flags = FLAG_ADVANCED, @@ -4805,7 +4805,7 @@ static void init_globals(bool first_time_only) * to never expire, though, when this runs out the afs client will * forget the token. Set to 0 to get NEVERDATE.*/ Globals.iAfsTokenLifetime = 604800; - Globals.cups_timeout = CUPS_DEFAULT_TIMEOUT; + Globals.cups_connection_timeout = CUPS_DEFAULT_CONNECTION_TIMEOUT; /* these parameters are set to defaults that are more appropriate for the increasing samba install base: @@ -5247,7 +5247,7 @@ FN_GLOBAL_LIST(lp_svcctl_list, &Globals.szServicesList) FN_LOCAL_STRING(lp_cups_options, szCupsOptions) FN_GLOBAL_STRING(lp_cups_server, &Globals.szCupsServer) FN_GLOBAL_STRING(lp_iprint_server, &Globals.szIPrintServer) -FN_GLOBAL_INTEGER(lp_cups_timeout, &Globals.cups_timeout) +FN_GLOBAL_INTEGER(lp_cups_connection_timeout, &Globals.cups_connection_timeout) FN_GLOBAL_CONST_STRING(lp_ctdbd_socket, &Globals.ctdbdSocket) FN_GLOBAL_LIST(lp_cluster_addresses, &Globals.szClusterAddresses) FN_GLOBAL_BOOL(lp_clustering, &Globals.clustering) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 2b2cf159fb..f9568f0a54 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -56,7 +56,7 @@ static http_t *cups_connect(void) http_t *http; char *server, *p; int port; - int timeout = lp_cups_timeout(); + int timeout = lp_cups_connection_timeout(); gotalarm = 0; -- cgit From ec0eab7f0b20e6f1691ce3a723e29dbf7ee3fd99 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 23 Sep 2008 10:34:06 +0200 Subject: s3:configure: add -L./bin also for the merged build metze --- source3/configure.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index f23f6b55be..63e17dc717 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6276,6 +6276,10 @@ CFLAGS="${CFLAGS} \$(FLAGS)" if test x$MERGED_BUILD != x1; then CFLAGS="${CFLAGS} -D_SAMBA_BUILD_=3" +else + if test x"$BLDSHARED" = x"true" ; then + LDFLAGS="$LDFLAGS -L./bin" + fi fi AC_OUTPUT(Makefile -- cgit From 943387edc12a276d358add404e4fecd6c3aec303 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Sep 2008 22:49:05 +0200 Subject: build: fix the libcryptosrcdir for the merged build metze --- source3/samba4.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/samba4.mk b/source3/samba4.mk index 53ea76ed90..3abcbe121f 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -87,7 +87,7 @@ libstreamsrcdir := $(samba4srcdir)/lib/stream libutilsrcdir := $(samba4srcdir)/lib/util libtdrsrcdir := $(samba4srcdir)/lib/tdr libdbwrapsrcdir := $(samba4srcdir)/lib/dbwrap -libcryptosrcdir := $(samba4srcdir)/lib/crypto +libcryptosrcdir := $(samba4srcdir)/../lib/crypto libtorturesrcdir := $(samba4srcdir)/lib/torture libcompressionsrcdir := $(samba4srcdir)/../lib/compression libgencachesrcdir := $(samba4srcdir)/lib -- cgit From 31e10643c998e64c0ec432553ac9193d978e43f4 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 24 Sep 2008 14:28:18 -0700 Subject: Fix bug #5790 samba returns STATUS_OBJECT_NAME_NOT_FOUND on set file disposition. We were checking that fd != -1 in file_find_di_XXX calls which is no longer needed due to a change in internal semantics. Jeremy. --- source3/smbd/files.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 17c473f028..777f8e1e23 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -326,8 +326,7 @@ files_struct *file_find_di_first(struct file_id id) fsp_fi_cache.id = id; for (fsp=Files;fsp;fsp=fsp->next) { - if ( fsp->fh->fd != -1 && - file_id_equal(&fsp->file_id, &id)) { + if (file_id_equal(&fsp->file_id, &id)) { /* Setup positive cache. */ fsp_fi_cache.fsp = fsp; return fsp; @@ -348,8 +347,7 @@ files_struct *file_find_di_next(files_struct *start_fsp) files_struct *fsp; for (fsp = start_fsp->next;fsp;fsp=fsp->next) { - if ( fsp->fh->fd != -1 && - file_id_equal(&fsp->file_id, &start_fsp->file_id)) { + if (file_id_equal(&fsp->file_id, &start_fsp->file_id)) { return fsp; } } -- cgit From b0a95ad2f68cfc87822420c22216d83c0abf0690 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 24 Sep 2008 23:59:59 +0200 Subject: Revert LDB return code patches from Matthias. --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 4 +-- source4/dsdb/samdb/ldb_modules/proxy.c | 12 +++---- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 14 ++++----- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 2 +- source4/lib/ldb-samba/ldif_handlers.c | 2 +- source4/lib/ldb/common/attrib_handlers.c | 22 ++++++------- source4/lib/ldb/common/ldb_attributes.c | 8 ++--- source4/lib/ldb/common/ldb_debug.c | 2 +- source4/lib/ldb/common/ldb_ldif.c | 18 +++++------ source4/lib/ldb/common/ldb_modules.c | 6 ++-- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 6 ++-- source4/lib/ldb/ldb_ldap/ldb_ldap.c | 18 +++++------ source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 28 ++++++++--------- source4/lib/ldb/ldb_tdb/ldb_cache.c | 22 ++++++------- source4/lib/ldb/ldb_tdb/ldb_pack.c | 12 +++---- source4/lib/ldb/ldb_tdb/ldb_search.c | 42 ++++++++++++------------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 20 ++++++------ source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c | 2 +- source4/lib/ldb/modules/operational.c | 4 +-- source4/lib/ldb/modules/paged_results.c | 2 +- source4/lib/ldb/modules/skel.c | 2 +- source4/lib/ldb_wrap.c | 2 +- 22 files changed, 125 insertions(+), 125 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 11e2b7ade9..6836f95873 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -142,7 +142,7 @@ static int kludge_acl_allowedAttributes(struct ldb_context *ldb, struct ldb_mess ldb_msg_add_string(msg, attrName, attr_list[i]); } talloc_free(mem_ctx); - return LDB_SUCCESS; + return 0; } /* read all objectClasses */ @@ -201,7 +201,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 7aa78e98a9..d0a315e45a 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -66,7 +66,7 @@ static int load_proxy_info(struct ldb_module *module) /* see if we have already loaded it */ if (proxy->upstream != NULL) { - return LDB_SUCCESS; + return 0; } dn = ldb_dn_new(proxy, module->ldb, "@PROXYINFO"); @@ -145,7 +145,7 @@ static int load_proxy_info(struct ldb_module *module) talloc_free(res); - return LDB_SUCCESS; + return 0; failed: talloc_free(res); @@ -153,7 +153,7 @@ failed: talloc_free(proxy->newdn); talloc_free(proxy->upstream); proxy->upstream = NULL; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -259,7 +259,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* see if the dn is within olddn */ @@ -269,7 +269,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re newreq = talloc(module, struct ldb_request); if (newreq == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); @@ -298,7 +298,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); talloc_free(newreq); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } for (i = 0; i < newreq->op.search.res->count; i++) { diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index 34e235aec7..dd5faf837a 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -124,16 +124,16 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) char *s; if (ldb_msg_find_element(msg, attr) != NULL) { - return LDB_SUCCESS; + return 0; } s = ldb_timestring(msg, t); if (s == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } if (ldb_msg_add_string(msg, attr, s) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = ldb_msg_find_element(msg, attr); @@ -141,7 +141,7 @@ static int add_time_element(struct ldb_message *msg, const char *attr, time_t t) is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return LDB_SUCCESS; + return 0; } /* @@ -152,11 +152,11 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ struct ldb_message_element *el; if (ldb_msg_find_element(msg, attr) != NULL) { - return LDB_SUCCESS; + return 0; } if (ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)v) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = ldb_msg_find_element(msg, attr); @@ -164,7 +164,7 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ is ignored */ el->flags = LDB_FLAG_MOD_REPLACE; - return LDB_SUCCESS; + return 0; } static int replmd_replPropertyMetaData1_attid_sort(const struct replPropertyMetaData1 *m1, diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 7c6a6dd26f..968b19c038 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -307,7 +307,7 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message } } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c index 46ea09554d..a16582d294 100644 --- a/source4/lib/ldb-samba/ldif_handlers.c +++ b/source4/lib/ldb-samba/ldif_handlers.c @@ -134,7 +134,7 @@ static int ldb_canonicalise_objectSid(struct ldb_context *ldb, void *mem_ctx, /* Perhaps not a string after all */ return ldb_handler_copy(ldb, mem_ctx, in, out); } - return LDB_SUCCESS; + return 0; } return ldb_handler_copy(ldb, mem_ctx, in, out); } diff --git a/source4/lib/ldb/common/attrib_handlers.c b/source4/lib/ldb/common/attrib_handlers.c index 6f1b0815d7..fb57e2dadc 100644 --- a/source4/lib/ldb/common/attrib_handlers.c +++ b/source4/lib/ldb/common/attrib_handlers.c @@ -38,9 +38,9 @@ int ldb_handler_copy(struct ldb_context *ldb, void *mem_ctx, *out = ldb_val_dup(mem_ctx, in); if (in->length > 0 && out->data == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } /* @@ -57,13 +57,13 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, int l; if (!in || !out || !(in->data)) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->data = (uint8_t *)ldb_casefold(ldb, mem_ctx, (const char *)(in->data), in->length); if (out->data == NULL) { ldb_debug(ldb, LDB_DEBUG_ERROR, "ldb_handler_fold: unable to casefold string [%s]", in->data); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } s = (char *)(out->data); @@ -96,7 +96,7 @@ int ldb_handler_fold(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } @@ -111,14 +111,14 @@ int ldb_canonicalise_Integer(struct ldb_context *ldb, void *mem_ctx, char *end; long long i = strtoll((char *)in->data, &end, 0); if (*end != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lld", i); if (out->data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } /* @@ -251,7 +251,7 @@ int ldb_canonicalise_dn(struct ldb_context *ldb, void *mem_ctx, } out->length = strlen((char *)out->data); - ret = LDB_SUCCESS; + ret = 0; done: talloc_free(dn); @@ -305,10 +305,10 @@ int ldb_canonicalise_utctime(struct ldb_context *ldb, void *mem_ctx, time_t t = ldb_string_to_time((char *)in->data); out->data = (uint8_t *)ldb_timestring(mem_ctx, t); if (out->data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } out->length = strlen((char *)out->data); - return LDB_SUCCESS; + return 0; } /* diff --git a/source4/lib/ldb/common/ldb_attributes.c b/source4/lib/ldb/common/ldb_attributes.c index 0fbb5e2bfb..747f241781 100644 --- a/source4/lib/ldb/common/ldb_attributes.c +++ b/source4/lib/ldb/common/ldb_attributes.c @@ -61,7 +61,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, struct ldb_schema_attribute, n); if (a == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ldb->schema.attributes = a; @@ -70,7 +70,7 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, if (cmp == 0) { /* silently ignore attempts to overwrite fixed attributes */ if (a[i].flags & LDB_ATTR_FLAG_FIXED) { - return LDB_SUCCESS; + return 0; } if (a[i].flags & LDB_ATTR_FLAG_ALLOCATED) { talloc_free(discard_const_p(char, a[i].name)); @@ -93,11 +93,11 @@ int ldb_schema_attribute_add_with_syntax(struct ldb_context *ldb, a[i].name = talloc_strdup(a, a[i].name); if (a[i].name == NULL) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } - return LDB_SUCCESS; + return 0; } static const struct ldb_schema_syntax ldb_syntax_default = { diff --git a/source4/lib/ldb/common/ldb_debug.c b/source4/lib/ldb/common/ldb_debug.c index 8e1c491f12..0f78e37c1c 100644 --- a/source4/lib/ldb/common/ldb_debug.c +++ b/source4/lib/ldb/common/ldb_debug.c @@ -43,7 +43,7 @@ int ldb_set_debug(struct ldb_context *ldb, { ldb->debug_ops.debug = debug; ldb->debug_ops.context = context; - return LDB_SUCCESS; + return 0; } /* diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index 6cbd30f377..fb93e17c6c 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -191,19 +191,19 @@ int ldb_should_b64_encode(const struct ldb_val *val) uint8_t *p = val->data; if (val->length == 0) { - return LDB_SUCCESS; + return 0; } if (p[0] == ' ' || p[0] == ':') { - return LDB_ERR_OPERATIONS_ERROR; + return 1; } for (i=0; ilength; i++) { if (!isprint(p[i]) || p[i] == '\n') { - return LDB_ERR_OPERATIONS_ERROR; + return 1; } } - return LDB_SUCCESS; + return 0; } /* this macro is used to handle the return checking on fprintf_fn() */ @@ -444,12 +444,12 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val value->length = 0; *attr = "-"; *s += 2; - return LDB_SUCCESS; + return 0; } p = strchr(*s, ':'); if (!p) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } *p++ = 0; @@ -487,7 +487,7 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_base64_decode((char *)value->data); if (len == -1) { /* it wasn't valid base64 data */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } value->length = len; } @@ -496,11 +496,11 @@ static int next_attr(void *mem_ctx, char **s, const char **attr, struct ldb_val int len = ldb_read_data_file(mem_ctx, value); if (len == -1) { /* an error occured hile trying to retrieve the file */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index 046d36edf1..c0cd616a76 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -279,16 +279,16 @@ int ldb_register_module(const struct ldb_module_ops *ops) struct ops_list_entry *entry = talloc(talloc_autofree_context(), struct ops_list_entry); if (ldb_find_module_ops(ops->name) != NULL) - return LDB_ERR_OPERATIONS_ERROR; + return -1; if (entry == NULL) - return LDB_ERR_OPERATIONS_ERROR; + return -1; entry->ops = ops; entry->next = registered_modules; registered_modules = entry; - return LDB_SUCCESS; + return 0; } void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 3a5da89c41..5ad671ea2e 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -753,7 +753,7 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, module = talloc(ldb, struct ldb_module); if (!module) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, } *_module = module; - return LDB_SUCCESS; + return 0; failed: talloc_free(module); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } _PUBLIC_ const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index 5026f9c006..a4534c549a 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -180,14 +180,14 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, count = ldap_count_values_len(bval); if (count <= 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el = talloc_realloc(msg, msg->elements, struct ldb_message_element, msg->num_elements + 1); if (!el) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } msg->elements = el; @@ -197,7 +197,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->name = talloc_strdup(msg->elements, attr); if (!el->name) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } el->flags = 0; @@ -205,7 +205,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, el->values = talloc_array(msg->elements, struct ldb_val, count); if (!el->values) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } for (i=0;ivalues[i].data = talloc_size(el->values, bval[i]->bv_len+1); if (!el->values[i].data) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } memcpy(el->values[i].data, bval[i]->bv_val, bval[i]->bv_len); el->values[i].data[bval[i]->bv_len] = 0; @@ -224,7 +224,7 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, msg->num_elements++; - return LDB_SUCCESS; + return 0; } /* @@ -785,7 +785,7 @@ static int lldb_connect(struct ldb_context *ldb, if (module == NULL) { ldb_oom(ldb); talloc_free(lldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; @@ -819,11 +819,11 @@ static int lldb_connect(struct ldb_context *ldb, } *_module = module; - return LDB_SUCCESS; + return 0; failed: talloc_free(module); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } const struct ldb_backend_ops ldb_ldap_backend_ops = { diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index 7e4fe1d08d..a0e63c8da1 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -670,10 +670,10 @@ static int lsqlite3_safe_rollback(sqlite3 *sqlite) printf("lsqlite3_safe_rollback: Error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } - return SQLITE_OK; + return 0; } /* return an eid as result */ @@ -1440,13 +1440,13 @@ static int lsql_start_trans(struct ldb_module * module) printf("lsqlite3_start_trans: error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } }; lsqlite3->trans_count++; - return SQLITE_OK; + return 0; } static int lsql_end_trans(struct ldb_module *module) @@ -1457,7 +1457,7 @@ static int lsql_end_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return SQLITE_ERROR; + } else return -1; if (lsqlite3->trans_count == 0) { ret = sqlite3_exec(lsqlite3->sqlite, "COMMIT;", NULL, NULL, &errmsg); @@ -1466,11 +1466,11 @@ static int lsql_end_trans(struct ldb_module *module) printf("lsqlite3_end_trans: error: %s\n", errmsg); free(errmsg); } - return SQLITE_ERROR; + return -1; } } - return SQLITE_OK; + return 0; } static int lsql_del_trans(struct ldb_module *module) @@ -1479,13 +1479,13 @@ static int lsql_del_trans(struct ldb_module *module) if (lsqlite3->trans_count > 0) { lsqlite3->trans_count--; - } else return SQLITE_ERROR; + } else return -1; if (lsqlite3->trans_count == 0) { return lsqlite3_safe_rollback(lsqlite3->sqlite); } - return SQLITE_ERROR; + return -1; } static int destructor(struct lsqlite3_private *lsqlite3) @@ -1493,7 +1493,7 @@ static int destructor(struct lsqlite3_private *lsqlite3) if (lsqlite3->sqlite) { sqlite3_close(lsqlite3->sqlite); } - return SQLITE_OK; + return 0; } static int lsql_request(struct ldb_module *module, struct ldb_request *req) @@ -1540,7 +1540,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, /* create a local ctx */ local_ctx = talloc_named(lsqlite3, 0, "lsqlite3_rename local context"); if (local_ctx == NULL) { - return SQLITE_ERROR; + return -1; } schema = lsqlite3_tprintf(local_ctx, @@ -1792,7 +1792,7 @@ static int initialize(struct lsqlite3_private *lsqlite3, failed: if (rollback) lsqlite3_safe_rollback(lsqlite3->sqlite); sqlite3_close(lsqlite3->sqlite); - return SQLITE_ERROR; + return -1; } /* @@ -1860,14 +1860,14 @@ static int lsqlite3_connect(struct ldb_context *ldb, } } - return LDB_SUCCESS; + return 0; failed: if (lsqlite3->sqlite != NULL) { (void) sqlite3_close(lsqlite3->sqlite); } talloc_free(lsqlite3); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } const struct ldb_backend_ops ldb_sqlite3_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_cache.c b/source4/lib/ldb/ldb_tdb/ldb_cache.c index e502f1e642..2576e2c7bd 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_cache.c +++ b/source4/lib/ldb/ldb_tdb/ldb_cache.c @@ -92,11 +92,11 @@ static int ltdb_attributes_flags(struct ldb_message_element *el, unsigned *v) } } if (ltdb_valid_attr_flags[j].name == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } *v = value; - return LDB_SUCCESS; + return 0; } /* @@ -118,7 +118,7 @@ static int ltdb_attributes_load(struct ldb_module *module) goto failed; } if (r == LDB_ERR_NO_SUCH_OBJECT) { - return LDB_SUCCESS; + return 0; } /* mapping these flags onto ldap 'syntaxes' isn't strictly correct, but its close enough for now */ @@ -162,9 +162,9 @@ static int ltdb_attributes_load(struct ldb_module *module) } } - return LDB_SUCCESS; + return 0; failed: - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -258,7 +258,7 @@ int ltdb_cache_load(struct ldb_module *module) /* a very fast check to avoid extra database reads */ if (ltdb->cache != NULL && tdb_get_seqnum(ltdb->tdb) == ltdb->tdb_seqnum) { - return LDB_SUCCESS; + return 0; } if (ltdb->cache == NULL) { @@ -344,7 +344,7 @@ int ltdb_cache_load(struct ldb_module *module) goto failed; } - if (ltdb_attributes_load(module) != LDB_SUCCESS) { + if (ltdb_attributes_load(module) == -1) { goto failed; } @@ -353,14 +353,14 @@ done: talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return LDB_SUCCESS; + return 0; failed: talloc_free(options); talloc_free(baseinfo); talloc_free(baseinfo_dn); talloc_free(indexlist_dn); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } @@ -449,10 +449,10 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value) for (i = 0; ltdb_valid_attr_flags[i].name != NULL; i++) { if ((strcmp(ltdb_valid_attr_flags[i].name, (char *)value->data) == 0)) { - return LDB_SUCCESS; + return 0; } } - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_pack.c b/source4/lib/ldb/ldb_tdb/ldb_pack.c index d96e7590e7..afb07dcbca 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_pack.c +++ b/source4/lib/ldb/ldb_tdb/ldb_pack.c @@ -89,7 +89,7 @@ int ltdb_pack_data(struct ldb_module *module, dn = ldb_dn_get_linearized(message->dn); if (dn == NULL) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* work out how big it needs to be */ @@ -114,7 +114,7 @@ int ltdb_pack_data(struct ldb_module *module, data->dptr = talloc_array(ldb, uint8_t, size); if (!data->dptr) { errno = ENOMEM; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } data->dsize = size; @@ -147,7 +147,7 @@ int ltdb_pack_data(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; } /* @@ -207,7 +207,7 @@ int ltdb_unpack_data(struct ldb_module *module, if (message->num_elements == 0) { message->elements = NULL; - return LDB_SUCCESS; + return 0; } if (message->num_elements > remaining / 6) { @@ -281,9 +281,9 @@ int ltdb_unpack_data(struct ldb_module *module, "Error: %d bytes unread in ltdb_unpack_data\n", remaining); } - return LDB_SUCCESS; + return 0; failed: talloc_free(message->elements); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index ce7a90e3d5..da899c361e 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -262,7 +262,7 @@ int ltdb_search_dn1(struct ldb_module *module, struct ldb_dn *dn, struct ldb_mes ret = ltdb_unpack_data(module, &tdb_data, msg); free(tdb_data.dptr); - if (ret != LDB_SUCCESS) { + if (ret == -1) { return LDB_ERR_OPERATIONS_ERROR; } @@ -285,7 +285,7 @@ static int ltdb_lock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_lockall_read(ltdb->tdb); } - return LDB_SUCCESS; + return 0; } /* @@ -297,7 +297,7 @@ static int ltdb_unlock_read(struct ldb_module *module) if (ltdb->in_transaction == 0) { return tdb_unlockall_read(ltdb->tdb); } - return LDB_SUCCESS; + return 0; } /* @@ -317,14 +317,14 @@ int ltdb_add_attr_results(struct ldb_module *module, /* pull the attributes that the user wants */ msg2 = ltdb_pull_attrs(module, mem_ctx, msg, attrs); if (!msg2) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* add to the results list */ res2 = talloc_realloc(mem_ctx, *res, struct ldb_message *, (*count)+2); if (!res2) { talloc_free(msg2); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } (*res) = res2; @@ -333,7 +333,7 @@ int ltdb_add_attr_results(struct ldb_module *module, (*res)[(*count)+1] = NULL; (*count)++; - return LDB_SUCCESS; + return 0; } @@ -356,7 +356,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (ldb_attr_cmp(attrs[i], "distinguishedName") == 0) { if (msg_add_distinguished_name(msg) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } } @@ -366,9 +366,9 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) if (keep_all) { if (msg_add_distinguished_name(msg) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } for (i = 0; i < msg->num_elements; i++) { @@ -387,7 +387,7 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) } } - return LDB_SUCCESS; + return 0; } /* @@ -402,14 +402,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { - return LDB_SUCCESS; + return 0; } ares = talloc_zero(ac, struct ldb_reply); if (!ares) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ares->message = ldb_msg_new(ares); @@ -417,14 +417,14 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* unpack the record */ ret = ltdb_unpack_data(ac->module, &data, ares->message); - if (ret) { + if (ret == -1) { talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } if (!ares->message->dn) { @@ -433,7 +433,7 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } } @@ -441,17 +441,17 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { talloc_free(ares); - return LDB_SUCCESS; + return 0; } /* filter the attributes that the user wants */ ret = ltdb_filter_attrs(ares->message, ac->attrs); - if (ret != LDB_SUCCESS) { + if (ret == -1) { handle->status = LDB_ERR_OPERATIONS_ERROR; handle->state = LDB_ASYNC_DONE; talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ares->type = LDB_REPLY_ENTRY; @@ -460,10 +460,10 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi if (handle->status != LDB_SUCCESS) { /* don't try to free ares here, the callback is in charge of that */ - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index b711efd1fa..01d570c89a 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -174,7 +174,7 @@ int ltdb_check_special_dn(struct ldb_module *module, if (! ldb_dn_is_special(msg->dn) || ! ldb_dn_check_special(msg->dn, LTDB_ATTRIBUTES)) { - return LDB_SUCCESS; + return 0; } /* we have @ATTRIBUTES, let's check attributes are fine */ @@ -188,7 +188,7 @@ int ltdb_check_special_dn(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; } @@ -231,7 +231,7 @@ int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flg } ret = ltdb_pack_data(module, msg, &tdb_data); - if (ret != LDB_SUCCESS) { + if (ret == -1) { talloc_free(tdb_key.dptr); return LDB_ERR_OTHER; } @@ -626,7 +626,7 @@ int ltdb_modify_internal(struct ldb_module *module, } ret = ltdb_unpack_data(module, &tdb_data, msg2); - if (ret != LDB_SUCCESS) { + if (ret == -1) { ret = LDB_ERR_OTHER; goto failed; } @@ -1069,7 +1069,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (strncmp(url, "tdb://", 6) != 0) { ldb_debug(ldb, LDB_DEBUG_ERROR, "Invalid tdb URL '%s'", url); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } path = url+6; } else { @@ -1097,7 +1097,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb = talloc_zero(ldb, struct ltdb_private); if (!ltdb) { ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } /* note that we use quite a large default hash size */ @@ -1108,7 +1108,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ldb_debug(ldb, LDB_DEBUG_ERROR, "Unable to open tdb '%s'\n", path); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } ltdb->sequence_number = 0; @@ -1117,7 +1117,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (!module) { ldb_oom(ldb); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } talloc_set_name_const(*module, "ldb_tdb backend"); (*module)->ldb = ldb; @@ -1128,10 +1128,10 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, if (ltdb_cache_load(*module) != 0) { talloc_free(*module); talloc_free(ltdb); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } - return LDB_SUCCESS; + return 0; } const struct ldb_backend_ops ldb_tdb_backend_ops = { diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c index 9d856355be..4fea43c8c8 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb_wrap.c @@ -53,7 +53,7 @@ static int ltdb_wrap_destructor(struct ltdb_wrap *w) if (w == tdb_list) { tdb_list = w->next; } - return LDB_SUCCESS; + return 0; } static void ltdb_log_fn(struct tdb_context *tdb, enum tdb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index 716f34d660..a59e81becd 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -158,13 +158,13 @@ static int operational_search_post_process(struct ldb_module *module, } } - return LDB_SUCCESS; + return 0; failed: ldb_debug_set(module->ldb, LDB_DEBUG_WARNING, "operational_search_post_process failed for attribute '%s'\n", attrs[a]); - return LDB_ERR_OPERATIONS_ERROR; + return -1; } diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index c7296a1edf..b62b1f92cb 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -86,7 +86,7 @@ int store_destructor(struct results_store *store) store->priv->store = NULL; } - return LDB_SUCCESS; + return 0; } static struct results_store *new_store(struct private_data *priv) diff --git a/source4/lib/ldb/modules/skel.c b/source4/lib/ldb/modules/skel.c index 15df46354b..0cd29ac4b7 100644 --- a/source4/lib/ldb/modules/skel.c +++ b/source4/lib/ldb/modules/skel.c @@ -90,7 +90,7 @@ static int skel_destructor(struct ldb_module *ctx) struct private_data *data = talloc_get_type(ctx->private_data, struct private_data); /* put your clean-up functions here */ if (data->some_private_data) talloc_free(data->some_private_data); - return LDB_SUCCESS; + return 0; } static int skel_request(struct ldb_module *module, struct ldb_request *req) diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 8082f4fac5..6c683a1e33 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -84,7 +84,7 @@ static int ldb_wrap_destructor(struct ldb_context *ldb) smb_panic("probable memory leak in ldb"); #endif } - return LDB_SUCCESS; + return 0; } /* -- cgit From 964fb9f2492964472666cf10973e1abf6df6882c Mon Sep 17 00:00:00 2001 From: Holger Hetterich Date: Wed, 24 Sep 2008 19:01:00 -0400 Subject: SMB traffic analyzer vfs module from Holger Hetterich Used to gather data to feed to a database for live and historical analysis of usage per user, per share, etc. Helper apps to read the data still to come. This one still needs to be made ipv6 enabled (connection is made to the helper app). --- source3/Makefile.in | 5 + source3/configure.in | 4 +- source3/modules/vfs_smb_traffic_analyzer.c | 352 +++++++++++++++++++++++++++++ 3 files changed, 359 insertions(+), 2 deletions(-) create mode 100644 source3/modules/vfs_smb_traffic_analyzer.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 9e0a1179f3..e541fb32e1 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -621,6 +621,7 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o +VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -2403,6 +2404,10 @@ bin/acl_xattr.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_XATTR_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(VFS_ACL_XATTR_OBJ) +bin/smb_traffic_analyzer.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ) + @echo "Building plugin $@" + @$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ) + bin/registry.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/registry.o @echo "Building plugin $@" @$(SHLD_MODULE) libgpo/gpext/registry.o diff --git a/source3/configure.in b/source3/configure.in index 63e17dc717..8332b1e34a 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -407,7 +407,7 @@ dnl These have to be built static: default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template" dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr" +default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer" if test "x$developer" = xyes; then default_static_modules="$default_static_modules rpc_rpcecho" @@ -6116,7 +6116,7 @@ SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS) SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS) SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS) SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS) - +SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_traffic_analyzer.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c new file mode 100644 index 0000000000..4faa041c2f --- /dev/null +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -0,0 +1,352 @@ +/* + * traffic-analyzer VFS module. Measure the smb traffic users create + * on the net. + * + * Copyright (C) Holger Hetterich, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" +#include "safe_string.h" +#include +#include +#include + + +/* abstraction for the send_over_network function */ +#define UNIX_DOMAIN_SOCKET 1 +#define INTERNET_SOCKET 0 + + +/* Prototypes */ + +extern userdom_struct current_user_info; + +static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + +NTSTATUS init_samba_module(void); + +static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, + files_struct *fsp, const void *data, size_t n); + +static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, + files_struct *fsp, void *data, size_t n); + +static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, + files_struct *fsp, const void *data, size_t n, + SMB_OFF_T offset); + +static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, + files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); + + +/* VFS operations we use */ + +static vfs_op_tuple smb_traffic_analyzer_tuples[] = { + + {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} + + }; + + +/* Module initialization */ + +NTSTATUS init_samba_module(void) +{ + NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ + "smb_traffic_analyzer", smb_traffic_analyzer_tuples); + + if (!NT_STATUS_IS_OK(ret)) + return ret; + + vfs_smb_traffic_analyzer_debug_level = + debug_add_class("smb_traffic_analyzer"); + + if (vfs_smb_traffic_analyzer_debug_level == -1) { + vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + DEBUG(1, ("smb_traffic_analyzer: Couldn't register custom" + "debugging class!\n")); + } else { + DEBUG(3, ("smb_traffic_analyzer: Debug class number of" + "'smb_traffic_analyzer': %d\n", \ + vfs_smb_traffic_analyzer_debug_level)); + } + + return ret; +} + +/* create the timestamp in sqlite compatible format */ +static void get_timestamp( char *String ) +{ + struct timeval tv; + struct timezone tz; + struct tm *tm; + int seconds; + + gettimeofday(&tv, &tz); + tm=localtime(&tv.tv_sec); + seconds=(float) (tv.tv_usec / 1000); + + fstr_sprintf(String,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ + tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ + tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); + +} + +static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) +{ + connection_struct *conn = handle->conn; + const char *Mode; + Mode=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer","mode", \ + "internet_socket"); + if (strstr(Mode,"unix_domain_socket")) { + return UNIX_DOMAIN_SOCKET; + } else { + return INTERNET_SOCKET; + } + +} + + + +/* Send data over a internet socket */ +static void smb_traffic_analyzer_send_data_inet_socket( char *String, + vfs_handle_struct *handle, const char *file_name, + bool Write) +{ + /* Create a streaming Socket */ + const char *Hostname; + int sockfd, result; + int port; + struct sockaddr_in their_addr; + struct hostent *hp; + char Sender[200]; + char TimeStamp[200]; + int yes = 1; + connection_struct *conn; + + if ((sockfd=socket(AF_INET, SOCK_STREAM,0)) == -1) { + DEBUG(1, ("unable to create socket, error is %s", + strerror(errno))); + return; + } + if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, \ + sizeof(int)) == -1) { + DEBUG(1, ("unable to set socket options, error is %s", + strerror(errno))); + return; + } + /* get port number, target system from the config parameters */ + conn=handle->conn; + + Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", + "host", "localhost"); + + port = atoi( lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", "port", "9430")); + + hp = gethostbyname(Hostname); + if (hp == NULL) { + DEBUG(1, ("smb_traffic_analyzer: Unkown Hostname of" + "target system!\n")); + } + DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," + "Port: %i\n", Hostname, port)); + + their_addr.sin_family = AF_INET; + their_addr.sin_port = htons(port); + their_addr.sin_addr.s_addr = INADDR_ANY; + memset(their_addr.sin_zero, '\0', sizeof(their_addr.sin_zero)); + memcpy(hp->h_addr, &their_addr.sin_addr, hp->h_length); + their_addr.sin_port=htons(port); + result=connect( sockfd, &their_addr, sizeof( struct sockaddr_in)); + if ( result < 0 ) { + DEBUG(1, ("smb_traffic_analyzer: Couldn't connect to inet" + "socket!\n")); + } + safe_strcpy(Sender, String, sizeof(Sender) - 1); + safe_strcat(Sender, ",\"", sizeof(Sender) - 1); + safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + if (Write) + safe_strcat(Sender, "W", sizeof(Sender) - 1); + else + safe_strcat(Sender, "R", sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, file_name, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); + safe_strcat(Sender, "\");", sizeof(Sender) - 1); + DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); + if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); + return ; + } + + /* one operation, close the socket */ + close(sockfd); +} + + + +/* Send data over a unix domain socket */ +static void smb_traffic_analyzer_send_data_unix_socket( char *String , + vfs_handle_struct *handle, const char *file_name, + bool Write) +{ + /* Create the socket to stad */ + int len, sock; + struct sockaddr_un remote; + char Sender[200]; + char TimeStamp[200]; + DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " + "/var/tmp/stadsocket\n")); + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { + DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," + "make sure stad is running!\n")); + } + remote.sun_family = AF_UNIX; + safe_strcpy(remote.sun_path, "/var/tmp/stadsocket", + sizeof(remote.sun_path) - 1); + len=strlen(remote.sun_path) + sizeof(remote.sun_family); + if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: Could not connect to" + "socket, make sure\nstad is running!\n")); + } + safe_strcpy(Sender, String, sizeof(Sender) - 1); + safe_strcat(Sender, ",\"", sizeof(Sender) - 1); + safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); + safe_strcat(Sender,"\",\"",sizeof(Sender) - 1); + safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + if (Write) + safe_strcat(Sender, "W", sizeof(Sender) - 1); + else + safe_strcat(Sender, "R", sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + safe_strcat(Sender, file_name, sizeof(Sender) - 1); + safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); + safe_strcat(Sender, "\");", sizeof(Sender) - 1); + + DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); + if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer: error sending data to" + "socket!\n")); + return; + } + + /* one operation, close the socket */ + close(sock); + + return; +} + +static void smb_traffic_analyzer_send_data( char *Buffer , vfs_handle_struct \ + *handle, char *file_name, bool Write, files_struct *fsp) +{ + + if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { + smb_traffic_analyzer_send_data_unix_socket(Buffer, handle, \ + fsp->fsp_name, Write); + } else { + smb_traffic_analyzer_send_data_inet_socket(Buffer, handle, \ + fsp->fsp_name, Write); + } +} + + + +/* VFS Functions: write, read, pread, pwrite for now */ + +static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ + files_struct *fsp, void *data, size_t n) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_READ(handle, fsp, data, n); + DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + return result; +} + + +static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ + files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); + + DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer,"%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + + return result; +} + +static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ + files_struct *fsp, const void *data, size_t n) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); + + DEBUG(10, ("smb_traffic_analyzer: WRITE: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, \ + true, fsp ); + return result; +} + +static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ + files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) +{ + ssize_t result; + char Buffer[100]; + + result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); + + DEBUG(10, ("smb_traffic_analyzer: PWRITE: %s\n", fsp->fsp_name )); + + fstr_sprintf(Buffer, "%u", (uint) result); + smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); + return result; +} + -- cgit From 3eb122069b9f81196ac658375fcb828924af3e94 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 24 Sep 2008 19:22:39 -0400 Subject: Temporary build fix for the merged build --- libcli/netlogon.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/libcli/netlogon.c b/libcli/netlogon.c index ab5d9af8aa..36d9e5fdcd 100644 --- a/libcli/netlogon.c +++ b/libcli/netlogon.c @@ -22,6 +22,13 @@ #include "includes.h" #include "../libcli/netlogon.h" +#undef DEBUG +#define DEBUG(x, y) +#undef DEBUGLVL +#define DEBUGLVL(x) false +#undef DEBUGLEVEL +#define DEBUGLEVEL 0 + NTSTATUS push_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, struct smb_iconv_convenience *iconv_convenience, struct netlogon_samlogon_response *response) -- cgit From a78ac8a46be3e7c1cf3004b85aa1ec4d0330e5d2 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 24 Sep 2008 20:47:03 -0400 Subject: Fix the new vfs_smb_traffic_analyzer build for static links --- source3/modules/vfs_smb_traffic_analyzer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 4faa041c2f..237859182b 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -36,7 +36,7 @@ extern userdom_struct current_user_info; static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -NTSTATUS init_samba_module(void); +NTSTATUS vfs_smb_traffic_analyzer_init(void); static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, files_struct *fsp, const void *data, size_t n); @@ -71,7 +71,7 @@ static vfs_op_tuple smb_traffic_analyzer_tuples[] = { /* Module initialization */ -NTSTATUS init_samba_module(void) +NTSTATUS vfs_smb_traffic_analyzer_init(void) { NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ "smb_traffic_analyzer", smb_traffic_analyzer_tuples); -- cgit From ff542275c3e2bf432bcc303e95124374ada03675 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 23 Sep 2008 20:01:06 -0700 Subject: stricter checking of SMB2 echo body (per the spec) thanks to the bluearc test suite --- source4/smb_server/smb2/keepalive.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/source4/smb_server/smb2/keepalive.c b/source4/smb_server/smb2/keepalive.c index f40bcc485c..d1a0ef3d72 100644 --- a/source4/smb_server/smb2/keepalive.c +++ b/source4/smb_server/smb2/keepalive.c @@ -54,11 +54,16 @@ void smb2srv_keepalive_recv(struct smb2srv_request *req) { uint16_t _pad; - if (req->in.body_size < 0x04) { + if (req->in.body_size != 0x04) { smb2srv_send_error(req, NT_STATUS_FOOBAR); return; } + if (SVAL(req->in.body, 0x00) != 0x04) { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + return; + } + _pad = SVAL(req->in.body, 0x02); req->status = smb2srv_keepalive_backend(req); -- cgit From 71ae732669d641cf8b3fd7f6fa73ead4634178f1 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 08:58:16 -0700 Subject: fixed error code for bad keepalive --- source4/smb_server/smb2/keepalive.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/smb_server/smb2/keepalive.c b/source4/smb_server/smb2/keepalive.c index d1a0ef3d72..ff47d594f0 100644 --- a/source4/smb_server/smb2/keepalive.c +++ b/source4/smb_server/smb2/keepalive.c @@ -55,7 +55,7 @@ void smb2srv_keepalive_recv(struct smb2srv_request *req) uint16_t _pad; if (req->in.body_size != 0x04) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); return; } -- cgit From 9fcafbb42cbe759711db4a47c2969bd34229e4a0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 11:28:58 -0700 Subject: support NT_STATUS_XX:NT_STATUS_YY syntax in ignore files --- source4/torture/gentest.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 176fc035e7..1b8f97596b 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -1165,6 +1165,8 @@ static void idle_func_smb2(struct smb2_transport *transport, void *private) */ static bool compare_status(NTSTATUS status1, NTSTATUS status2) { + char *s; + if (NT_STATUS_EQUAL(status1, status2)) return true; /* one code being an error and the other OK is always an error */ @@ -1178,6 +1180,18 @@ static bool compare_status(NTSTATUS status1, NTSTATUS status2) ignore_pattern(nt_errstr(status2))) { return true; } + + /* also support ignore patterns of the form NT_STATUS_XX:NT_STATUS_YY + meaning that the first server returns NT_STATUS_XX and the 2nd + returns NT_STATUS_YY */ + s = talloc_asprintf(current_op.mem_ctx, "%s:%s", + nt_errstr(status1), + nt_errstr(status2)); + printf("pattern: %s\n", s); + if (ignore_pattern(s)) { + return true; + } + current_op.mismatch = nt_errstr(status1); return false; } @@ -1348,7 +1362,7 @@ again: } \ current_op.status = status[0]; \ for (i=1;i Date: Wed, 24 Sep 2008 15:40:55 -0700 Subject: fixed uninitialised variable bug --- source4/libcli/clideltree.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/libcli/clideltree.c b/source4/libcli/clideltree.c index d59a03f194..28563d918e 100644 --- a/source4/libcli/clideltree.c +++ b/source4/libcli/clideltree.c @@ -91,6 +91,7 @@ int smbcli_deltree(struct smbcli_tree *tree, const char *dname) dstate.failed = false; /* it might be a file */ + status = smbcli_unlink(tree, dname); if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) { return 1; } -- cgit From 76835f103ec65bb00ff3ca11015176ea2f5ecb06 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:17:41 -0700 Subject: fixed setpathinfo in gentest to not zero the filename/handle --- source4/torture/gentest.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index 1b8f97596b..fecdfda56e 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -1187,7 +1187,6 @@ static bool compare_status(NTSTATUS status1, NTSTATUS status2) s = talloc_asprintf(current_op.mem_ctx, "%s:%s", nt_errstr(status1), nt_errstr(status2)); - printf("pattern: %s\n", s); if (ignore_pattern(s)) { return true; } @@ -2393,9 +2392,8 @@ static bool handler_smb_spathinfo(int instance) union smb_setfileinfo parm[NSERVERS]; NTSTATUS status[NSERVERS]; - parm[0].generic.in.file.path = gen_fname_open(instance); - gen_setfileinfo(instance, &parm[0]); + parm[0].generic.in.file.path = gen_fname_open(instance); GEN_COPY_PARM; @@ -2764,9 +2762,8 @@ static bool handler_smb2_sfileinfo(int instance) union smb_setfileinfo parm[NSERVERS]; NTSTATUS status[NSERVERS]; - parm[0].generic.in.file.fnum = gen_fnum(instance); - gen_setfileinfo(instance, &parm[0]); + parm[0].generic.in.file.fnum = gen_fnum(instance); GEN_COPY_PARM; GEN_SET_FNUM_SMB2(generic.in.file.handle); -- cgit From 9a50009430e2da70d3753c36d66e4168c27029d9 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:18:29 -0700 Subject: check error code for zero desired_access in SMB2 create --- source4/torture/smb2/create.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 4d1b4a7ed0..124e244151 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -256,6 +256,13 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre status = smb2_getinfo_file(tree, tmp_ctx, &q); CHECK_STATUS(status, NT_STATUS_OK); CHECK_EQUAL(q.access_information.out.access_flags, io.in.desired_access); + + io.in.file_attributes = 0; + io.in.desired_access = 0; + io.in.query_maximal_access = false; + io.in.share_access = 0; + status = smb2_create(tree, tmp_ctx, &io); + CHECK_STATUS(status, NT_STATUS_ACCESS_DENIED); talloc_free(tmp_ctx); -- cgit From 38e70dc47aae6b3bd7ddbcda61e0989f8d659f2b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:19:36 -0700 Subject: be friendlier in smb2_deltree to some of the SMB2 implementations that don't handle SEC_FLAG_MAXIMUM_ALLOWED --- source4/libcli/smb2/util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c index b149b3d6ce..a360d8fbdf 100644 --- a/source4/libcli/smb2/util.c +++ b/source4/libcli/smb2/util.c @@ -138,7 +138,7 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname) } ZERO_STRUCT(create_parm); - create_parm.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; + create_parm.in.desired_access = SEC_FILE_READ_DATA; create_parm.in.share_access = NTCREATEX_SHARE_ACCESS_READ| NTCREATEX_SHARE_ACCESS_WRITE; -- cgit From 9cf3d82d6366e11d1ffee89d405083b7a577c6d6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:20:28 -0700 Subject: added the structure for LINK_INFORMATION setfileinfo call --- source4/libcli/raw/interfaces.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h index 20ed441435..c2269cbbc2 100644 --- a/source4/libcli/raw/interfaces.h +++ b/source4/libcli/raw/interfaces.h @@ -904,6 +904,7 @@ enum smb_setfileinfo_level { RAW_SFILEINFO_UNIX_HLINK = SMB_SFILEINFO_UNIX_HLINK, RAW_SFILEINFO_BASIC_INFORMATION = SMB_SFILEINFO_BASIC_INFORMATION, RAW_SFILEINFO_RENAME_INFORMATION = SMB_SFILEINFO_RENAME_INFORMATION, + RAW_SFILEINFO_LINK_INFORMATION = SMB_SFILEINFO_LINK_INFORMATION, RAW_SFILEINFO_DISPOSITION_INFORMATION = SMB_SFILEINFO_DISPOSITION_INFORMATION, RAW_SFILEINFO_POSITION_INFORMATION = SMB_SFILEINFO_POSITION_INFORMATION, RAW_SFILEINFO_FULL_EA_INFORMATION = SMB_SFILEINFO_FULL_EA_INFORMATION, @@ -984,6 +985,7 @@ union smb_setfileinfo { NTTIME write_time; NTTIME change_time; uint32_t attrib; + uint32_t reserved; } in; } basic_info; @@ -1029,6 +1031,17 @@ union smb_setfileinfo { } in; } rename_information; + /* RAW_SFILEINFO_LINK_INFORMATION interface */ + struct { + enum smb_setfileinfo_level level; + struct { + union smb_handle_or_path file; + uint8_t overwrite; + uint64_t root_fid; + const char *new_name; + } in; + } link_information; + /* RAW_SFILEINFO_POSITION_INFORMATION interface */ struct { enum smb_setfileinfo_level level; -- cgit From b1f17b23fe58acba924ce11bb8ec700cd2a1bd7e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:26:42 -0700 Subject: - use the current dialect first, for servers that only look at the first dialect - allow override of SMB2 port in client code --- source4/libcli/smb2/connect.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 43151943d3..e0b75a2542 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -27,6 +27,7 @@ #include "libcli/composite/composite.h" #include "libcli/resolve/resolve.h" #include "param/param.h" +#include "lib/cmdline/popt_common.h" struct smb2_connect_state { struct cli_credentials *credentials; @@ -184,8 +185,8 @@ static void continue_socket(struct composite_context *creq) } state->negprot.in.capabilities = 0; unix_to_nt_time(&state->negprot.in.start_time, time(NULL)); - dialects[0] = 0; - dialects[1] = SMB2_DIALECT_REVISION; + dialects[0] = SMB2_DIALECT_REVISION; + dialects[1] = 0; state->negprot.in.dialects = dialects; req = smb2_negprot_send(transport, &state->negprot); @@ -206,7 +207,13 @@ static void continue_resolve(struct composite_context *creq) struct smb2_connect_state *state = talloc_get_type(c->private_data, struct smb2_connect_state); const char *addr; - const char *ports[2] = { "445", NULL }; + const char **ports; + const char *default_ports[] = { "445", NULL }; + + ports = lp_parm_string_list(state, cmdline_lp_ctx, NULL, "smb2", "ports", NULL); + if (ports == NULL) { + ports = default_ports; + } c->status = resolve_name_recv(creq, state, &addr); if (!composite_is_ok(c)) return; -- cgit From 4904882fed1e3b72ba45052323c95c0fda301d64 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:28:58 -0700 Subject: - SMB2 uses INVALID_PARAMETER not BUFFER_TOO_SMALL for buffer size errors - added a s32o16 buffer function --- source4/libcli/smb2/request.c | 54 +++++++++++++++++++++++++++++++------------ 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/source4/libcli/smb2/request.c b/source4/libcli/smb2/request.c index 64d427f889..137e2f2f12 100644 --- a/source4/libcli/smb2/request.c +++ b/source4/libcli/smb2/request.c @@ -279,7 +279,7 @@ NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint16_t ofs, size; if (smb2_oob(buf, ptr, 4)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = SVAL(ptr, 2); @@ -288,7 +288,7 @@ NTSTATUS smb2_pull_o16s16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -315,12 +315,12 @@ NTSTATUS smb2_push_o16s16_blob(struct smb2_request_buffer *buf, /* we have only 16 bit for the size */ if (blob.length > 0xFFFF) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 4)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -376,7 +376,7 @@ NTSTATUS smb2_push_o16s32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 6)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -432,7 +432,7 @@ NTSTATUS smb2_push_o32s32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -488,7 +488,7 @@ NTSTATUS smb2_push_s32o32_blob(struct smb2_request_buffer *buf, /* check if there're enough room for ofs and size */ if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } if (blob.data == NULL) { @@ -533,7 +533,7 @@ NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ uint32_t size; if (smb2_oob(buf, ptr, 6)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = IVAL(ptr, 2); @@ -542,7 +542,7 @@ NTSTATUS smb2_pull_o16s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -557,7 +557,7 @@ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = IVAL(ptr, 0); size = IVAL(ptr, 4); @@ -566,7 +566,7 @@ NTSTATUS smb2_pull_o32s32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -584,7 +584,7 @@ NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } ofs = SVAL(ptr, 0); size = IVAL(ptr, 4); @@ -593,7 +593,7 @@ NTSTATUS smb2_pull_o16As32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); @@ -608,7 +608,7 @@ NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ { uint32_t ofs, size; if (smb2_oob(buf, ptr, 8)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; } size = IVAL(ptr, 0); ofs = IVAL(ptr, 4); @@ -617,7 +617,31 @@ NTSTATUS smb2_pull_s32o32_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ return NT_STATUS_OK; } if (smb2_oob(buf, buf->hdr + ofs, size)) { - return NT_STATUS_BUFFER_TOO_SMALL; + return NT_STATUS_INVALID_PARAMETER; + } + *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); + NT_STATUS_HAVE_NO_MEMORY(blob->data); + return NT_STATUS_OK; +} + +/* + pull a uint32_t length/ uint16_t ofs/blob triple from a data blob + the ptr points to the start of the offset/length pair +*/ +NTSTATUS smb2_pull_s32o16_blob(struct smb2_request_buffer *buf, TALLOC_CTX *mem_ctx, uint8_t *ptr, DATA_BLOB *blob) +{ + uint32_t ofs, size; + if (smb2_oob(buf, ptr, 8)) { + return NT_STATUS_INVALID_PARAMETER; + } + size = IVAL(ptr, 0); + ofs = SVAL(ptr, 4); + if (ofs == 0) { + *blob = data_blob(NULL, 0); + return NT_STATUS_OK; + } + if (smb2_oob(buf, buf->hdr + ofs, size)) { + return NT_STATUS_INVALID_PARAMETER; } *blob = data_blob_talloc(mem_ctx, buf->hdr + ofs, size); NT_STATUS_HAVE_NO_MEMORY(blob->data); -- cgit From d3c6c71ff2d5499be152785a49ad128641330b40 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:31:57 -0700 Subject: zero access mask should give ACCESS_DENIED --- source4/ntvfs/posix/pvfs_acl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 57a463aba6..06a4e69004 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -511,6 +511,10 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; + if (*access_mask == 0) { + return NT_STATUS_ACCESS_DENIED; + } + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } -- cgit From 7e57626d1d5a4497ecf5b4c741b8486e7ab97733 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:32:47 -0700 Subject: the offset is 16 bits in SMB2 fileinfo --- source4/smb_server/smb2/fileinfo.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/smb_server/smb2/fileinfo.c b/source4/smb_server/smb2/fileinfo.c index 6c4b8f33d5..82b006c4a1 100644 --- a/source4/smb_server/smb2/fileinfo.c +++ b/source4/smb_server/smb2/fileinfo.c @@ -369,7 +369,7 @@ void smb2srv_setinfo_recv(struct smb2srv_request *req) SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_setinfo_send, NTVFS_ASYNC_STATE_MAY_ASYNC); info->in.level = SVAL(req->in.body, 0x02); - SMB2SRV_CHECK(smb2_pull_s32o32_blob(&req->in, info, req->in.body+0x04, &info->in.blob)); + SMB2SRV_CHECK(smb2_pull_s32o16_blob(&req->in, info, req->in.body+0x04, &info->in.blob)); info->in.flags = IVAL(req->in.body, 0x0C); info->in.file.ntvfs = smb2srv_pull_handle(req, req->in.body, 0x10); -- cgit From a3536c4c06d9725b2e96b9a3ddc1ab14e47f472c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:33:15 -0700 Subject: check for a 0 byte in the buffer in SMB2 read --- source4/smb_server/smb2/fileio.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source4/smb_server/smb2/fileio.c b/source4/smb_server/smb2/fileio.c index 2c322ea587..4f4402ba33 100644 --- a/source4/smb_server/smb2/fileio.c +++ b/source4/smb_server/smb2/fileio.c @@ -254,6 +254,12 @@ void smb2srv_read_recv(struct smb2srv_request *req) union smb_read *io; SMB2SRV_CHECK_BODY_SIZE(req, 0x30, true); + + /* MS-SMB2 2.2.19 read must have a single byte of zero */ + if (req->in.body_size - req->in.body_fixed < 1) { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + return; + } SMB2SRV_TALLOC_IO_PTR(io, union smb_read); SMB2SRV_SETUP_NTVFS_REQUEST(smb2srv_read_send, NTVFS_ASYNC_STATE_MAY_ASYNC); -- cgit From 49c80cea0bc00a88336fc9bd4bb332a7a399afd5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:04 -0700 Subject: cope with body_size zero in SMB2 receive --- source4/smb_server/smb2/smb2_server.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/smb_server/smb2/smb2_server.h b/source4/smb_server/smb2/smb2_server.h index d45e0861af..431add4ed9 100644 --- a/source4/smb_server/smb2/smb2_server.h +++ b/source4/smb_server/smb2/smb2_server.h @@ -75,7 +75,7 @@ struct smbsrv_request; /* useful way of catching field size errors with file and line number */ #define SMB2SRV_CHECK_BODY_SIZE(req, size, dynamic) do { \ size_t is_size = req->in.body_size; \ - uint16_t field_size = SVAL(req->in.body, 0); \ + uint16_t field_size; \ uint16_t want_size = ((dynamic)?(size)+1:(size)); \ if (is_size < (size)) { \ DEBUG(0,("%s: buffer too small 0x%x. Expected 0x%x\n", \ @@ -83,6 +83,7 @@ struct smbsrv_request; smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); \ return; \ }\ + field_size = SVAL(req->in.body, 0); \ if (field_size != want_size) { \ DEBUG(0,("%s: unexpected fixed body size 0x%x. Expected 0x%x\n", \ __location__, (unsigned)field_size, (unsigned)want_size)); \ -- cgit From 59847fd6b6c208377f8b1bcb32347d7c4ab16911 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:35 -0700 Subject: log stream termination --- source4/smbd/service_stream.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index f27560f6ee..48eda46dc7 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -61,6 +61,8 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char if (!reason) reason = "unknown reason"; + DEBUG(3,("Terminating connection - '%s'\n", reason)); + srv_conn->terminate = reason; if (srv_conn->processing) { -- cgit From 63685c7d02f2364344fd8d4a3307ee36716e4a66 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:34:58 -0700 Subject: record highest seq number in SMB2 to check for seqnum going backwards --- source4/smb_server/smb_server.h | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/smb_server/smb_server.h b/source4/smb_server/smb_server.h index 4676fc3e9c..b3c3122765 100644 --- a/source4/smb_server/smb_server.h +++ b/source4/smb_server/smb_server.h @@ -386,6 +386,8 @@ struct smbsrv_connection { struct loadparm_context *lp_ctx; bool smb2_signing_required; + + uint64_t highest_smb2_seqnum; }; struct model_ops; -- cgit From 742a99e046313760a281da67eb3ba6e7fcfa8fa6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:36:24 -0700 Subject: - add reserved field in basic_information level - use INVALID_PARAMETER for info length mismatch to match windows behaviour - added parsing of LINK_INFORMATION level --- source4/smb_server/blob.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/source4/smb_server/blob.c b/source4/smb_server/blob.c index 368b81d18e..4f018a5143 100644 --- a/source4/smb_server/blob.c +++ b/source4/smb_server/blob.c @@ -35,7 +35,7 @@ #define BLOB_CHECK_MIN_SIZE(blob, size) do { \ if ((blob)->length < (size)) { \ - return NT_STATUS_INFO_LENGTH_MISMATCH; \ + return NT_STATUS_INVALID_PARAMETER; \ } \ } while (0) @@ -530,13 +530,14 @@ NTSTATUS smbsrv_pull_passthru_sfileinfo(TALLOC_CTX *mem_ctx, switch (level) { case SMB_SFILEINFO_BASIC_INFORMATION: - BLOB_CHECK_MIN_SIZE(blob, 36); + BLOB_CHECK_MIN_SIZE(blob, 40); st->basic_info.in.create_time = pull_nttime(blob->data, 0); st->basic_info.in.access_time = pull_nttime(blob->data, 8); st->basic_info.in.write_time = pull_nttime(blob->data, 16); st->basic_info.in.change_time = pull_nttime(blob->data, 24); - st->basic_info.in.attrib = IVAL(blob->data, 32); + st->basic_info.in.attrib = IVAL(blob->data, 32); + st->basic_info.in.reserved = IVAL(blob->data, 36); return NT_STATUS_OK; @@ -581,6 +582,27 @@ NTSTATUS smbsrv_pull_passthru_sfileinfo(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; + + case RAW_SFILEINFO_LINK_INFORMATION: + if (!bufinfo) { + return NT_STATUS_INTERNAL_ERROR; + } + BLOB_CHECK_MIN_SIZE(blob, 20); + st->link_information.in.overwrite = CVAL(blob->data, 0); + st->link_information.in.root_fid = IVAL(blob->data, 8); + len = IVAL(blob->data, 16); + ofs = 20; + str_blob = *blob; + str_blob.length = MIN(str_blob.length, ofs+len); + smbsrv_blob_pull_string(bufinfo, &str_blob, ofs, + &st->link_information.in.new_name, + STR_UNICODE); + if (st->link_information.in.new_name == NULL) { + return NT_STATUS_FOOBAR; + } + + return NT_STATUS_OK; + case RAW_SFILEINFO_RENAME_INFORMATION_SMB2: /* SMB2 uses a different format for rename information */ if (!bufinfo) { -- cgit From 5a5e2df5694c5dc1be2692e8547370bcdfc58ad0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:41:36 -0700 Subject: for use in python we need to use global_loadparm --- source4/libcli/smb2/connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index e0b75a2542..db2f97bb94 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -210,7 +210,7 @@ static void continue_resolve(struct composite_context *creq) const char **ports; const char *default_ports[] = { "445", NULL }; - ports = lp_parm_string_list(state, cmdline_lp_ctx, NULL, "smb2", "ports", NULL); + ports = lp_parm_string_list(state, global_loadparm, NULL, "smb2", "ports", NULL); if (ports == NULL) { ports = default_ports; } -- cgit From eb5b3f50d17dfca198304d636033ad93410d570f Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:45:48 -0700 Subject: we should terminate the connection on a bad negprot packet size --- source4/smb_server/smb2/negprot.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/smb_server/smb2/negprot.c b/source4/smb_server/smb2/negprot.c index d64b36d659..49a2d12ef4 100644 --- a/source4/smb_server/smb2/negprot.c +++ b/source4/smb_server/smb2/negprot.c @@ -192,7 +192,7 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) enum ndr_err_code ndr_err; if (req->in.body_size < 0x26) { - smb2srv_send_error(req, NT_STATUS_FOOBAR); + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); return; } @@ -209,7 +209,7 @@ void smb2srv_negprot_recv(struct smb2srv_request *req) io->in.capabilities = IVAL(req->in.body, 0x08); ndr_err = smbcli_pull_guid(req->in.body, 0xC, &io->in.client_guid); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - smbsrv_terminate_connection(req->smb_conn, nt_errstr(NT_STATUS_FOOBAR)); + smbsrv_terminate_connection(req->smb_conn, "Bad GUID in SMB2 negprot"); talloc_free(req); return; } -- cgit From d2bdb8fb1685d7ab2f23a4c4169bcc2e5c97f675 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 17:58:15 -0700 Subject: empty access mask is only denied on SMB2 --- source4/ntvfs/posix/pvfs_acl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 06a4e69004..d479f1e2ee 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -511,7 +511,9 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - if (*access_mask == 0) { + /* on SMB2 a blank access mask is always denied */ + if (pvfs->ntvfs->ctx->protocol == PROTOCOL_SMB2 && + *access_mask == 0) { return NT_STATUS_ACCESS_DENIED; } -- cgit From bda97661ffd230a9b58527faebdc79f37bb8352b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 18:28:58 -0700 Subject: fixed expansion of $USERNAME in signing tests --- source4/selftest/samba4_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 36d52fff5a..667b21975f 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -326,7 +326,7 @@ for mech in \ "-k no --option=gensec:spengo=no"; do signoptions="$mech --signing=off" name="smb.signing on with $signoptions" - plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME\\\\\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" + plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" done plantest "--signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" plantest "--signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" -- cgit From 0cf717512659469a9b293685ba2a6db4742dcff7 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 24 Sep 2008 18:58:38 -0700 Subject: we need different error handling for truncated packets in NETPROT and other SMB2 operations. --- source4/libcli/smb2/smb2.h | 1 + source4/smb_server/smb2/receive.c | 41 +++++++++++++++++++++++++++++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index f00107de60..9d63a4a95f 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -178,6 +178,7 @@ struct smb2_request { #define SMB2_MIN_SIZE 0x42 +#define SMB2_MIN_SIZE_NO_BODY 0x40 /* offsets into header elements for a sync SMB2 request */ #define SMB2_HDR_PROTOCOL_ID 0x00 diff --git a/source4/smb_server/smb2/receive.c b/source4/smb_server/smb2/receive.c index 1fe6f0b877..c3607f0a33 100644 --- a/source4/smb_server/smb2/receive.c +++ b/source4/smb_server/smb2/receive.c @@ -153,7 +153,7 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req) chain_offset = p_req->chain_offset; p_req->chain_offset = 0; - if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE)) { + if (p_req->in.size < (NBT_HDR_SIZE + chain_offset + SMB2_MIN_SIZE_NO_BODY)) { DEBUG(2,("Invalid SMB2 chained packet at offset 0x%X\n", chain_offset)); smbsrv_terminate_connection(p_req->smb_conn, "Invalid SMB2 chained packet"); @@ -184,6 +184,19 @@ static void smb2srv_chain_reply(struct smb2srv_request *p_req) req->in.body_size = req->in.size - (NBT_HDR_SIZE+ chain_offset + SMB2_HDR_BODY); req->in.dynamic = NULL; + req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); + + if (req->in.body_size < 2) { + /* error handling for this is different for negprot to + other packet types */ + uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); + if (opcode == SMB2_OP_NEGPROT) { + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); + } else { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + } + } + buffer_code = SVAL(req->in.body, 0); req->in.body_fixed = (buffer_code & ~1); dynamic_size = req->in.body_size - req->in.body_fixed; @@ -290,6 +303,10 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) uint64_t uid; uint32_t flags; + if (SVAL(req->in.hdr, SMB2_HDR_LENGTH) != SMB2_HDR_BODY) { + smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 header length"); + return NT_STATUS_INVALID_PARAMETER; + } opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); req->chain_offset = IVAL(req->in.hdr, SMB2_HDR_NEXT_COMMAND); req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); @@ -297,6 +314,13 @@ static NTSTATUS smb2srv_reply(struct smb2srv_request *req) uid = BVAL(req->in.hdr, SMB2_HDR_SESSION_ID); flags = IVAL(req->in.hdr, SMB2_HDR_FLAGS); + if (req->smb_conn->highest_smb2_seqnum != 0 && + req->seqnum <= req->smb_conn->highest_smb2_seqnum) { + smbsrv_terminate_connection(req->smb_conn, "Invalid SMB2 sequence number"); + return NT_STATUS_INVALID_PARAMETER; + } + req->smb_conn->highest_smb2_seqnum = req->seqnum; + req->session = smbsrv_session_find(req->smb_conn, uid, req->request_time); req->tcon = smbsrv_smb2_tcon_find(req->session, tid, req->request_time); @@ -443,7 +467,7 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob) return NT_STATUS_OK; } - if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE)) { + if (blob.length < (NBT_HDR_SIZE + SMB2_MIN_SIZE_NO_BODY)) { DEBUG(2,("Invalid SMB2 packet length count %ld\n", (long)blob.length)); smbsrv_terminate_connection(smb_conn, "Invalid SMB2 packet"); return NT_STATUS_OK; @@ -470,6 +494,19 @@ NTSTATUS smbsrv_recv_smb2_request(void *private, DATA_BLOB blob) req->in.body_size = req->in.size - (SMB2_HDR_BODY+NBT_HDR_SIZE); req->in.dynamic = NULL; + req->seqnum = BVAL(req->in.hdr, SMB2_HDR_MESSAGE_ID); + + if (req->in.body_size < 2) { + /* error handling for this is different for negprot to + other packet types */ + uint16_t opcode = SVAL(req->in.hdr, SMB2_HDR_OPCODE); + if (opcode == SMB2_OP_NEGPROT) { + smbsrv_terminate_connection(req->smb_conn, "Bad body size in SMB2 negprot"); + } else { + smb2srv_send_error(req, NT_STATUS_INVALID_PARAMETER); + } + } + buffer_code = SVAL(req->in.body, 0); req->in.body_fixed = (buffer_code & ~1); dynamic_size = req->in.body_size - req->in.body_fixed; -- cgit From f27774729e8c88615b9d3d25a85cae0a1fc35c4f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Sep 2008 18:52:04 -0700 Subject: s3:lib/ldb: Don't return already freed pointer on error. metze Signed-off-by: Karolin Seeger --- source3/lib/ldb/common/ldb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/lib/ldb/common/ldb.c b/source3/lib/ldb/common/ldb.c index 743711b967..c8aa6afdfc 100644 --- a/source3/lib/ldb/common/ldb.c +++ b/source3/lib/ldb/common/ldb.c @@ -787,6 +787,7 @@ int ldb_search(struct ldb_context *ldb, done: if (ret != LDB_SUCCESS) { talloc_free(res); + res = NULL; } *_res = res; -- cgit From 73769e136e85fd1f6d39dad89bd84cdb7d758764 Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 23 Sep 2008 11:40:28 -0700 Subject: Document how to enable the name aliasing support in Winbind. (cherry picked from commit 6dc81eb85b11851794619a1f2769d68cd9a54fb6) --- .../smbdotconf/winbind/winbindnormalizenames.xml | 27 +++++++++++++++------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml index 28826cf5f3..5b68bca912 100644 --- a/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml +++ b/docs-xml/smbdotconf/winbind/winbindnormalizenames.xml @@ -5,14 +5,25 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> This parameter controls whether winbindd will replace - whitespace in user and group names with an underscore (_) character. - For example, whether the name "Space Kadet" should be - replaced with the string "space_kadet". - Frequently Unix shell scripts will have difficulty with usernames - contains whitespace due to the default field separator in the shell. - Do not enable this option if the underscore character is used in - account names within your domain - + whitespace in user and group names with an underscore (_) character. + For example, whether the name "Space Kadet" should be + replaced with the string "space_kadet". + Frequently Unix shell scripts will have difficulty with usernames + contains whitespace due to the default field separator in the shell. + If your domain possesses names containing the underscore character, + this option may cause problems unless the name aliasing feature + is supported by your nss_info plugin. + + + This feature also enables the name aliasing API which can + be used to make domain user and group names to a non-qlaified + version. Please refer to the manpage for the configured + idmap and nss_info plugin for the specifics on how to configure + name aliasing for a specific configuration. Name aliasing takes + precendence (and is mutually exclusive) over the whitespace + replacement mechanism discussed previsouly. + + no -- cgit From a089b3bb99a226e8f99884867a677672cc028f1c Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Tue, 23 Sep 2008 11:43:05 -0700 Subject: Document the new hash and adex idmap/nss_info plugins. (cherry picked from commit 77bc0be0536bcd6a3ce8283a708828bebbbffee3) --- docs-xml/manpages-3/idmap_adex.8.xml | 89 ++++++++++++++++++++++++++++++++++++ docs-xml/manpages-3/idmap_hash.8.xml | 76 ++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+) create mode 100644 docs-xml/manpages-3/idmap_adex.8.xml create mode 100644 docs-xml/manpages-3/idmap_hash.8.xml diff --git a/docs-xml/manpages-3/idmap_adex.8.xml b/docs-xml/manpages-3/idmap_adex.8.xml new file mode 100644 index 0000000000..9eb2ff7d46 --- /dev/null +++ b/docs-xml/manpages-3/idmap_adex.8.xml @@ -0,0 +1,89 @@ + + + + + + idmap_adex + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_adex + Samba's idmap_adex Backend for Winbind + + + + DESCRIPTION + + The idmap_adex plugin provides a way for Winbind to read + id mappings from an AD server that uses RFC2307 schema + extensions. This module implements both the idmap and nss_info + APIs and supports domain trustes as well as two-way cross + forest trusts. It is a read-only plugin requiring that the + administrator provide mappings in advance by adding the + POSIX attribute information to the users and groups objects + in AD. The most common means of doing this is using "Identity + Services for Unix" support on Windows 2003 R2 and later. + + + + Note that you must add the uidNumber, gidNumber, and uid + attributes to the partial attribute set of the forest global + catalog servers. This can be done using the Active Directory Schema + Management MMC plugin (schmmgmt.dll). + + + + + NSS_INFO + + The nss_info plugin supports reading the unixHomeDirectory, + gidNumber, loginShell, and uidNumber attributes from the user + object and the gidNumber attribute from the group object to + fill in information required by the libc getpwnam() and + getgrnam() family of functions. Group membership is filled in + according to the Windows group membership and not the + msSFU30PosixMember attribute. + + + + Username aliases are implement by setting the uid attribute + on the user object. While group name aliases are implemented + by reading the displayname attribute from the group object. + + + + + EXAMPLES + + The following example shows how to retrieve idmappings and NSS data + from our principal and trusted AD domains. + + + + [global] + idmap backend = adex + idmap uid = 1000-4000000000 + idmap gid = 1000-4000000000 + + winbind nss info = adex + winbind normalize names = yes + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + diff --git a/docs-xml/manpages-3/idmap_hash.8.xml b/docs-xml/manpages-3/idmap_hash.8.xml new file mode 100644 index 0000000000..8e452b3c89 --- /dev/null +++ b/docs-xml/manpages-3/idmap_hash.8.xml @@ -0,0 +1,76 @@ + + + + + + idmap_hash + 8 + Samba + System Administration tools + 3.2 + + + + + idmap_hash + Samba's idmap_hash Backend for Winbind + + + + DESCRIPTION + The idmap_hash plugin implements a hashing algorithm used + map SIDs for domain users and groups to a 31-bit uid and gid. + This plugin also implements the nss_info API and can be used + to support a local name mapping files if enabled via the + "winbind normlaize names" and "winbind nss info" + parameters in smb.conf. + + + + + IDMAP OPTIONS + + + + name_map + + Specifies the absolute path to the name mapping + file used by the nss_info API. Entries in the file + are of the form "unix name + = qualified domain name"e;. + Mapping of both user and group names is supported. + + + + + + + EXAMPLES + The following example utilizes the idmap_hash plugin for + the idmap and nss_info information. + + + + [global] + idmap backend = hash + idmap uid = 1000-4000000000 + idmap gid = 1000-4000000000 + + winbind nss info = hash + winbind normalize names = yes + idmap_hash:name_map = /etc/samba/name_map.cfg + + + + + AUTHOR + + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + + + -- cgit From 571f23c03cc443e88029be3a020faa499f1e10cb Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 25 Sep 2008 09:14:58 -0700 Subject: idmap_adex: Fix the nss_info install link. --- source3/Makefile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index e541fb32e1..8f9bd80da8 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2538,6 +2538,7 @@ installmodules:: modules installdirs @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) domain.@SHLIBEXT@ trustdomain.@SHLIBEXT@ ntdomain.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin.@SHLIBEXT@ guest.@SHLIBEXT@ fixed_challenge.@SHLIBEXT@ name_to_ntstatus.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ sfu20.@SHLIBEXT@ + @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/adex.@SHLIBEXT@ adex.@SHLIBEXT@ installscripts:: installdirs @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS) -- cgit From e9e0e9a401f581286ed8d3f1f9f277e134478ade Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 25 Sep 2008 09:41:49 -0700 Subject: idmap_hash: Fix the nss_info link during "make install" --- source3/Makefile.in | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index 8f9bd80da8..18b1d9ad30 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2539,6 +2539,7 @@ installmodules:: modules installdirs @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(AUTHLIBDIR) builtin.@SHLIBEXT@ guest.@SHLIBEXT@ fixed_challenge.@SHLIBEXT@ name_to_ntstatus.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/ad.@SHLIBEXT@ rfc2307.@SHLIBEXT@ sfu.@SHLIBEXT@ sfu20.@SHLIBEXT@ @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/adex.@SHLIBEXT@ adex.@SHLIBEXT@ + @$(SHELL) $(srcdir)/script/linkmodules.sh $(DESTDIR)$(NSSINFOLIBDIR) ../idmap/hash.@SHLIBEXT@ hash.@SHLIBEXT@ installscripts:: installdirs @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS_BIN) $(DESTDIR)$(BINDIR) $(SCRIPTS) -- cgit From 7e38942431697d9d9f245aa8f596189815b7586f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Sep 2008 10:06:11 -0700 Subject: Remove these no longer used include files. Jeremy. --- source3/include/libmsrpc.h | 3045 ----------------------------------- source3/include/libmsrpc_internal.h | 73 - 2 files changed, 3118 deletions(-) delete mode 100644 source3/include/libmsrpc.h delete mode 100644 source3/include/libmsrpc_internal.h diff --git a/source3/include/libmsrpc.h b/source3/include/libmsrpc.h deleted file mode 100644 index 3f2a7260ca..0000000000 --- a/source3/include/libmsrpc.h +++ /dev/null @@ -1,3045 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * MS-RPC client library API definitions/prototypes - * - * Copyright (C) Chris Nicholls 2005. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef LIBMSRPC_H -#define LIBMSRPC_H - - -#include "includes.h" -#include "libsmbclient.h" -#include "libsmb_internal.h" - -/*server capability levels*/ -#define SRV_WIN_NT4 1 -#define SRV_WIN_2K 2 -#define SRV_WIN_2K_SP3 3 -#define SRV_WIN_2K3 4 - -/**@defgroup handle Server Handle*/ -/**@defgroup Library_Functions Library/Utility Functions*/ -/**@defgroup lsa_defs LSA Definitions*/ -/**@defgroup LSA_Functions LSA Functions*/ -/**@defgroup reg_defs Registry Definitions*/ -/**@defgroup Reg_Functions Registry Functions*/ -/**@defgroup sam_defs SAM Definitions*/ -/**@defgroup SAM_Functions SAM Functions*/ -/**@defgroup svc_defs Service Control Definitions*/ -/**@defgroup SCM_Functions Service Control Functions*/ - -/**Operation was unsuccessful*/ -#define CAC_FAILURE 0 -/**Operation was successful*/ -#define CAC_SUCCESS 1 -/**Operation was only partially successful - * an example of this is if you try to lookup a list of accounts to SIDs and not all accounts can be resolved*/ -#define CAC_PARTIAL_SUCCESS 2 - -/**@ingroup CAC_errors Use this to see if the last operation failed - useful for enumeration functions that use multiple calls*/ -#define CAC_OP_FAILED(status) !NT_STATUS_IS_OK(status) && \ - NT_STATUS_V(status) != NT_STATUS_V(STATUS_SOME_UNMAPPED) && \ - NT_STATUS_V(status) != NT_STATUS_V(STATUS_NO_MORE_FILES) && \ - NT_STATUS_V(status) != NT_STATUS_V(NT_STATUS_NO_MORE_ENTRIES) && \ - NT_STATUS_V(status) != NT_STATUS_V(NT_STATUS_NONE_MAPPED) && \ - NT_STATUS_V(status) != NT_STATUS_V(NT_STATUS_GUIDS_EXHAUSTED) - - -/**Privilege string constants*/ -#define CAC_SE_CREATE_TOKEN "SeCreateTokenPrivilege" -#define CAC_SE_ASSIGN_PRIMARY_TOKEN "SeAssignPrimaryTokenPrivilege" -#define CAC_SE_LOCK_MEMORY "SeLockMemoryPrivilege" -#define CAC_SE_INCREASE_QUOTA "SeIncreaseQuotaPrivilege" -#define CAC_SE_MACHINE_ACCOUNT "SeMachineAccountPrivilege" -#define CAC_SE_TCB "SeTcbPrivilege" -#define CAC_SE_SECURITY "SeSecurityPrivilege" -#define CAC_SE_TAKE_OWNERSHIP "SeTakeOwnershipPrivilege" -#define CAC_SE_LOAD_DRIVER "SeLoadDriverPrivilege" -#define CAC_SE_SYSTEM_PROFILE "SeSystemProfilePrivilege" -#define CAC_SE_SYSTEM_TIME "SeSystemtimePrivilege" -#define CAC_SE_PROFILE_SINGLE_PROC "SeProfileSingleProcessPrivilege" -#define CAC_SE_INCREASE_BASE_PRIORITY "SeIncreaseBasePriorityPrivilege" -#define CAC_SE_CREATE_PAGEFILE "SeCreatePagefilePrivilege" -#define CAC_SE_CREATE_PERMANENT "SeCreatePermanentPrivilege" -#define CAC_SE_BACKUP "SeBackupPrivilege" -#define CAC_SE_RESTORE "SeRestorePrivilege" -#define CAC_SE_SHUTDOWN "SeShutdownPrivilege" -#define CAC_SE_DEBUG "SeDebugPrivilege" -#define CAC_SE_AUDIT "SeAuditPrivilege" -#define CAC_SE_SYSTEM_ENV "SeSystemEnvironmentPrivilege" -#define CAC_SE_CHANGE_NOTIFY "SeChangeNotifyPrivilege" -#define CAC_SE_REMOTE_SHUTDOWN "SeRemoteShutdownPrivilege" -#define CAC_SE_UNDOCK "SeUndockPrivilege" -#define CAC_SE_SYNC_AGENT "SeSyncAgentPrivilege" -#define CAC_SE_ENABLE_DELEGATION "SeEnableDelegationPrivilege" -#define CAC_SE_MANAGE_VOLUME "SeManageVolumePrivilege" -#define CAC_SE_IMPERSONATE "SeImpersonatePrivilege" -#define CAC_SE_CREATE_GLOBAL "SeCreateGlobalPrivilege" -#define CAC_SE_PRINT_OPERATOR "SePrintOperatorPrivilege" -#define CAC_SE_NETWORK_LOGON "SeNetworkLogonRight" -#define CAC_SE_INTERACTIVE_LOGON "SeInteractiveLogonRight" -#define CAC_SE_BATCH_LOGON "SeBatchLogonRight" -#define CAC_SE_SERVICE_LOGON "SeServiceLogonRight" -#define CAC_SE_ADD_USERS "SeAddUsersPrivilege" -#define CAC_SE_DISK_OPERATOR "SeDiskOperatorPrivilege" - -/** - * @addtogroup lsa_defs - * @{ - */ -/**used to specify what data to retrieve using cac_LsaQueryTrustedDomainInformation*/ -#define CAC_INFO_TRUSTED_DOMAIN_NAME 0x1 -#define CAC_INFO_TRUSTED_DOMAIN_POSIX_OFFSET 0x3 -#define CAC_INFO_TRUSTED_DOMAIN_PASSWORD 0x4 - -/**Used when requesting machine domain information*/ -#define CAC_DOMAIN_INFO 0x0003 - -/**Used when requesting machine local information*/ -#define CAC_LOCAL_INFO 0x0005 - -/**Stores information about a SID*/ -typedef struct _CACSIDINFO { - /**The actual SID*/ - DOM_SID sid; - - /**The name of the object which maps to this SID*/ - char *name; - - /**The domain the SID belongs to*/ - char *domain; -} CacSidInfo; -/* @} */ - -/** - * @addtogroup reg_defs - * @{ - */ -/**Null terminated string*/ -typedef char* REG_SZ_DATA; - -/**Null terminated string with windows environment variables that should be expanded*/ -typedef char* REG_EXPAND_SZ_DATA; - -/**Binary data of some kind*/ -typedef struct _REGBINARYDATA { - uint32 data_length; - uint8 * data; -} REG_BINARY_DATA; - -/**32-bit (little endian) number*/ -typedef uint32 REG_DWORD_DATA; - -/**32-bit big endian number*/ -typedef uint32 REG_DWORD_BE_DATA; - -/**array of strings*/ -typedef struct _REGMULTISZDATA { - uint32 num_strings; - - char **strings; -} REG_MULTI_SZ_DATA; - -typedef union _REGVALUEDATA { - REG_SZ_DATA reg_sz; - REG_EXPAND_SZ_DATA reg_expand_sz; - REG_BINARY_DATA reg_binary; - REG_DWORD_DATA reg_dword; - REG_DWORD_BE_DATA reg_dword_be; - REG_MULTI_SZ_DATA reg_multi_sz; -} REG_VALUE_DATA; -/**@}*/ - -/** - * @addtogroup sam_defs - * @{ - */ - -#define CAC_USER_RID 0x1 -#define CAC_GROUP_RID 0x2 - -typedef struct _CACLOOKUPRIDSRECORD { - char *name; - uint32 rid; - - /**If found, this will be one of: - * - CAC_USER_RID - * - CAC_GROUP_RID - */ - uint32 type; - - /*if the name or RID was looked up, then found = True*/ - bool found; -} CacLookupRidsRecord; - -typedef struct _CACUSERINFO { - /**Last logon time*/ - time_t logon_time; - - /**Last logoff time*/ - time_t logoff_time; - - /**Last kickoff time*/ - time_t kickoff_time; - - /**Last password set time*/ - time_t pass_last_set_time; - - /**Time password can change*/ - time_t pass_can_change_time; - - /**Time password must change*/ - time_t pass_must_change_time; - - /**LM user password*/ - uint8 lm_password[8]; - - /**NT user password*/ - uint8 nt_password[8]; - - /**User's RID*/ - uint32 rid; - - /**RID of primary group*/ - uint32 group_rid; - - /**User's ACB mask*/ - uint32 acb_mask; - - /**Bad password count*/ - uint16 bad_passwd_count; - - /**Number of logons*/ - uint16 logon_count; - - /**Change password at next logon?*/ - bool pass_must_change; - - /**Username*/ - char *username; - - /**User's full name*/ - char *full_name; - - /**User's home directory*/ - char *home_dir; - - /**Home directory drive*/ - char *home_drive; - - /**Logon script*/ - char *logon_script; - - /**Path to profile*/ - char *profile_path; - - /**Account description*/ - char *description; - - /**Login from workstations*/ - char *workstations; - - char *dial; - - /**Possible logon hours*/ - LOGON_HRS *logon_hours; - -} CacUserInfo; - -typedef struct _CACGROUPINFO { - /**Group name*/ - char *name; - - /**Description*/ - char *description; - - /**Number of members*/ - uint32 num_members; -} CacGroupInfo, CacAliasInfo; - -/**Represents a period (duration) of time*/ -typedef struct _CACTIME { - /**Number of days*/ - uint32 days; - - /**Number of hours*/ - uint32 hours; - - /**Number of minutes*/ - uint32 minutes; - - /**number of seconds*/ - uint32 seconds; -} CacTime; - - -typedef struct _CACDOMINFO { - /**The server role. Should be one of: - * ROLE_STANDALONE - * ROLE_DOMAIN_MEMBER - * ROLE_DOMAIN_BDC - * ROLE_DOMAIN_PDC - * see include/smb.h - */ - uint32 server_role; - - /**Number of domain users*/ - uint32 num_users; - - /**Number of domain groups*/ - uint32 num_domain_groups; - - /**Number of local groups*/ - uint32 num_local_groups; - - /**Comment*/ - char *comment; - - /**Domain name*/ - char *domain_name; - - /**Server name*/ - char *server_name; - - /**Minimum password length*/ - uint16 min_pass_length; - - /**How many previous passwords to remember - ie, password cannot be the same as N previous passwords*/ - uint16 pass_history; - - /**How long (from now) before passwords expire*/ - CacTime expire; - - /**How long (from now) before passwords can be changed*/ - CacTime min_pass_age; - - /**How long users are locked out for too many bad password attempts*/ - CacTime lockout_duration; - - /**How long before lockouts are reset*/ - CacTime lockout_reset; - - /**How many bad password attempts before lockout occurs*/ - uint16 num_bad_attempts; -} CacDomainInfo; - -/**@}*/ /*sam_defs*/ - -/**@addtogroup svc_defs - * @{ - */ -typedef struct _CACSERVICE { - /**The service name*/ - char *service_name; - - /**The display name of the service*/ - char *display_name; - - /**Current status of the service - see include/rpc_svcctl.h for SERVICE_STATUS definition*/ - SERVICE_STATUS status; -} CacService; - -typedef struct __CACSERVICECONFIG { - /**The service type*/ - uint32 type; - - /**The start type. Should be one of: - * - SVCCTL_BOOT_START - * - SVCCTL_SYSTEM_START - * - SVCCTL_AUTO_START - * - SVCCTL_DEMAND_START - */ - uint32 start_type; - - uint32 error_control; - - /**Path to executable*/ - char *exe_path; - - /***/ - char *load_order_group; - - uint32 tag_id; - - /**Any dependencies for the service*/ - char *dependencies; - - /**Run as...*/ - char *start_name; - - /**Service display name*/ - char *display_name; - -} CacServiceConfig; -/**@}*/ /*svc_defs*/ - -#include "libmsrpc_internal.h" - -/** - * @addtogroup handle - * @{ - */ - -/** - * Server handle used to keep track of client/server/pipe information. Use cac_NewServerHandle() to allocate. - * Initiliaze as many values as possible before calling cac_Connect(). - * - * @note When allocating memory for the fields, use SMB_MALLOC() (or equivalent) instead of talloc() (or equivalent) - - * If memory is not allocated for a field, cac_Connect will allocate sizeof(fstring) bytes for it. - * - * @note It may be wise to allocate large buffers for these fields and strcpy data into them. - * - * @see cac_NewServerHandle() - * @see cac_FreeHandle() - */ -typedef struct _CACSERVERHANDLE { - /** debug level - */ - int debug; - - /** netbios name used to make connections - */ - char *netbios_name; - - /** domain name used to make connections - */ - char *domain; - - /** username used to make connections - */ - char *username; - - /** user's password plain text string - */ - char *password; - - /** name or IP address of server we are currently working with - */ - char *server; - - /**stores the latest NTSTATUS code - */ - NTSTATUS status; - - /** internal. do not modify! - */ - struct CacServerHandleInternal _internal; - -} CacServerHandle; - -/*@}*/ - -/**internal function. do not call this function*/ -SMBCSRV *cac_GetServer(CacServerHandle *hnd); - - -/** @addtogroup Library_Functions - * @{ - */ -/** - * Initializes the library - do not need to call this function. Open's smb.conf as well as initializes logging. - * @param debug Debug level for library to use - */ - -void cac_Init(int debug); - -/** - * Creates an un-initialized CacServerHandle - * @param allocate_fields If True, the function will allocate sizeof(fstring) bytes for all char * fields in the handle - * @return - un-initialized server handle - * - NULL if no memory could be allocated - */ -CacServerHandle * cac_NewServerHandle(bool allocate_fields); - -/** - * Specifies the smbc_get_auth_data_fn to use if you do not want to use the default. - * @param hnd non-NULL server handle - * @param auth_fn auth_data_fn to set in server handle - */ - -void cac_SetAuthDataFn(CacServerHandle *hnd, smbc_get_auth_data_fn auth_fn); - -/** Use your own libsmbclient context - not necessary. - * @note You must still call cac_Connect() after specifying your own libsmbclient context - * @param hnd Initialized, but not connected CacServerHandle - * @param ctx The libsmbclient context you would like to use. - */ -void cac_SetSmbcContext(CacServerHandle *hnd, SMBCCTX *ctx); - -/** Connects to a specified server. If there is already a connection to a different server, - * it will be cleaned up before connecting to the new server. - * @param hnd Pre-initialized CacServerHandle - * @param srv (Optional) Name or IP of the server to connect to. If NULL, server from the CacServerHandle will be used. - * - * @return CAC_FAILURE if the operation could not be completed successfully (hnd->status will also be set with a NTSTATUS code) - * @return CAC_SUCCESS if the operation succeeded - */ -int cac_Connect(CacServerHandle *hnd, const char *srv); - - -/** - * Cleans up any data used by the CacServerHandle. If the libsmbclient context was set using cac_SetSmbcContext(), it will not be free'd. - * @param hnd the CacServerHandle to destroy - */ -void cac_FreeHandle(CacServerHandle * hnd); - -/** - * Initializes a CacTime structure based on an NTTIME structure - * If the function fails, then the CacTime structure will be zero'd out - */ -void cac_InitCacTime(CacTime *cactime, NTTIME nttime); - -/** - * Called by cac_NewServerHandle() if allocate_fields = True. You can call this if you want to, allocates sizeof(fstring) char's for every char * field - * @param hnd Uninitialized server handle - * @return CAC_FAILURE Memory could not be allocated - * @return CAC_SUCCESS Memory was allocated - */ -int cac_InitHandleMem(CacServerHandle *hnd); - -/** - * Default smbc_get_auth_data_fn for libmsrpc. This function is called when libmsrpc needs to get more information about the - * client (username/password, workgroup). - * This function provides simple prompts to the user to enter the information. This description his here so you know how to re-define this function. - * @see cac_SetAuthDataFn() - * @param pServer Name/IP of the server to connect to. - * @param pShare Share name to connect to - * @param pWorkgroup libmsrpc passes in the workgroup/domain name from hnd->domain. It can be modified in the function. - * @param maxLenWorkgroup The maximum length of a string pWogroup can hold. - * @param pUsername libmsrpc passes in the username from hnd->username. It can be modified in the function. - * @param maxLenUsername The maximum length of a string pUsername can hold. - * @param pPassword libmsrpc pass in the password from hnd->password. It can be modified in the function. - * @param maxLenPassword The maximum length of a string pPassword can hold. - */ -void cac_GetAuthDataFn(const char * pServer, - const char * pShare, - char * pWorkgroup, - int maxLenWorkgroup, - char * pUsername, - int maxLenUsername, - char * pPassword, - int maxLenPassword); - - -/**@}*/ - -/***************** - * LSA Functions * - *****************/ - -/** @addtogroup LSA_Functions - * @{ - */ - -struct LsaOpenPolicy { - /**Inputs*/ - struct { - /**Access Mask. Refer to Security Access Masks in include/rpc_secdes.h*/ - uint32 access; - - /**Use security quality of service? (True/False)*/ - bool security_qos; - } in; - - /**Outputs*/ - struct { - /**Handle to the open policy (needed for all other operations)*/ - POLICY_HND *pol; - } out; -}; - -/** - * Opens a policy handle on a remote machine. - * @param hnd fully initialized CacServerHandle for remote machine - * @param mem_ctx Talloc context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE if the policy could not be opened. hnd->status set with appropriate NTSTATUS - * @return CAC_SUCCESS if the policy could be opened, the policy handle can be found - */ -int cac_LsaOpenPolicy(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenPolicy *op); - - -/** - * Closes an LSA policy handle (Retrieved using cac_LsaOpenPolicy). - * If successful, the handle will be closed on the server, and memory for pol will be freed - * @param hnd - An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param pol - the policy handle to close - * @return CAC_FAILURE could not close the policy handle, hnd->status is set to the appropriate NTSTATUS error code - * @return CAC_SUCCESS the policy handle was closed - */ -int cac_LsaClosePolicy(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *pol); - - -struct LsaGetNamesFromSids { - struct { - /**handle to and open LSA policy*/ - POLICY_HND *pol; - - /**the number of SIDs to lookup*/ - uint32 num_sids; - - /**array of SIDs to lookup*/ - DOM_SID *sids; - } in; - - struct { - /**The number of names returned (in case of CAC_PARTIAL_SUCCESS)*/ - uint32 num_found; - - /**array of SID info each index is one sid */ - CacSidInfo *sids; - - /**in case of partial success, an array of SIDs that could not be looked up (NULL if all sids were looked up)*/ - DOM_SID *unknown; - } out; -}; - -/** - * Looks up the names for a list of SIDS - * @param hnd initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op input and output parameters - * @return CAC_FAILURE none of the SIDs could be looked up hnd->status is set with appropriate NTSTATUS error code - * @return CAC_SUCCESS all of the SIDs were translated and a list of names has been output - * @return CAC_PARTIAL_SUCCESS not all of the SIDs were translated, as a result the number of returned names is less than the original list of SIDs - */ -int cac_LsaGetNamesFromSids(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetNamesFromSids *op); - -struct LsaGetSidsFromNames { - struct { - /**handle to an open LSA policy*/ - POLICY_HND *pol; - - /**number of SIDs to lookup*/ - uint32 num_names; - - /**array of strings listing the names*/ - char **names; - } in; - - struct { - /**The number of SIDs returned (in case of partial success*/ - uint32 num_found; - - /**array of SID info for the looked up names*/ - CacSidInfo *sids; - - /**in case of partial success, the names that were not looked up*/ - char **unknown; - } out; -}; - -/** - * Looks up the SIDs for a list of names - * @param hnd initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op input and output parameters - * @return CAC_FAILURE none of the SIDs could be looked up hnd->status is set with appropriate NTSTATUS error code - * @return CAC_SUCCESS all of the SIDs were translated and a list of names has been output - * @return CAC_PARTIAL_SUCCESS not all of the SIDs were translated, as a result the number of returned names is less than the original list of SIDs - */ -int cac_LsaGetSidsFromNames(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetSidsFromNames *op); - -struct LsaFetchSid { - struct { - /**handle to an open LSA policy*/ - POLICY_HND *pol; - - /**can be CAC_LOCAL_INFO, CAC_DOMAIN_INFO, or (CAC_LOCAL_INFO | CAC_DOMAIN_INFO)*/ - uint16 info_class; - } in; - - struct { - /**the machine's local SID and domain name (NULL if not asked for)*/ - CacSidInfo *local_sid; - - /**the machine's domain SID and name (NULL if not asked for)*/ - CacSidInfo *domain_sid; - - } out; -}; - -/** - * Looks up the domain or local sid of a machine with an open LSA policy handle - * @param hnd initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op input and output parameters - * @return CAC_FAILURE if the SID could not be fetched - * @return CAC_SUCCESS if the SID was fetched - * @return CAC_PARTIAL_SUCCESS if you asked for both local and domain sids but only one was returned - */ -int cac_LsaFetchSid(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaFetchSid *op); - -struct LsaQueryInfoPolicy { - struct { - /**Open LSA policy handle on remote server*/ - POLICY_HND *pol; - } in; - - struct { - /**remote server's domain name*/ - char *domain_name; - - /**remote server's dns name*/ - char *dns_name; - - /**remote server's forest name*/ - char *forest_name; - - /**remote server's domain guid*/ - struct GUID *domain_guid; - - /**remote server's domain SID*/ - DOM_SID *domain_sid; - } out; -}; - -/** - * Retrieves information about the LSA machine/domain - * @param hnd initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op input and output parameters - * Note: for pre-Windows 2000 machines, only op->out.SID and op->out.domain will be set. @see cac_LsaFetchSid - * @return - CAC_FAILURE if the operation was not successful. hnd->status will be set with an accurate NT_STATUS code - * @return CAC_SUCCESS the operation was successful. - */ -int cac_LsaQueryInfoPolicy(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryInfoPolicy *op); - -struct LsaEnumSids { - struct { - /**Open LSA Policy handle*/ - POLICY_HND *pol; - - /**The prefered maximum number of SIDs returned per call*/ - uint32 pref_max_sids; - } in; - - struct { - /**used to keep track of how many sids have been retrieved over multiple calls - * should be set to zero via ZERO_STRUCT() befrore the first call. Use the same struct LsaEnumSids for multiple calls*/ - uint32 resume_idx; - - /**The number of sids returned this call*/ - uint32 num_sids; - - /**Array of sids returned*/ - DOM_SID *sids; - - } out; -}; - -/** - * Enumerates the SIDs in the LSA. Can be enumerated in blocks by calling the function multiple times. - * Example: while(cac_LsaEnumSids(hnd, mem_ctx, op) { ... } - * @param hnd - An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE there was an error during operations OR there are no more results - * @return CAC_SUCCESS the operation completed and results were returned - */ -int cac_LsaEnumSids(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumSids *op); - -struct LsaEnumAccountRights { - struct { - /**Open LSA Policy handle*/ - POLICY_HND *pol; - - /**(Optional) SID of the account - must supply either sid or name*/ - DOM_SID *sid; - - /**(Optional) name of the account - must supply either sid or name*/ - char *name; - } in; - - struct { - /**Count of rights for this account*/ - uint32 num_privs; - - /**array of privilege names*/ - char **priv_names; - } out; -}; - -/** - * Enumerates rights assigned to a given account. Takes a SID instead of account handle as input - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE the rights could not be retrieved. hnd->status is set with NT_STATUS code - * @return CAC_SUCCESS the operation was successful. - */ - -int cac_LsaEnumAccountRights(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumAccountRights *op); - -struct LsaEnumTrustedDomains { - struct { - /**Open LSA policy handle*/ - POLICY_HND *pol; - } in; - - struct { - /**used to keep track of how many domains have been retrieved over multiple calls - * should be set to zero via ZERO_STRUCT() before the first call. Use the same struct LsaEnumSids for multiple calls*/ - uint32 resume_idx; - - /**The number of domains returned by the remote server this call*/ - uint32 num_domains; - - /**array of trusted domain names returned by the remote server*/ - char **domain_names; - - /**array of trusted domain sids returned by the remote server*/ - DOM_SID *domain_sids; - } out; -}; - -/** - * Enumerates the trusted domains in the LSA. - * @param hnd - An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op - initialized parameters - * @return CAC_FAILURE there was an error during operations OR there are no more results - * @return CAC_SUCCESS the operation completed and results were returned - */ -int cac_LsaEnumTrustedDomains(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumTrustedDomains *op); - -struct LsaOpenTrustedDomain { - struct { - /**an open LSA policy handle*/ - POLICY_HND *pol; - - /**SID of the trusted domain to open*/ - DOM_SID *domain_sid; - - /**Desired access on the open domain*/ - uint32 access; - } in; - - struct { - /**A handle to the policy that is opened*/ - POLICY_HND *domain_pol; - } out; -}; - -/** - * Opens a trusted domain by SID. - * @param hnd An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op initialized I/O parameters - * @return CAC_FAILURE a handle to the domain could not be opened. hnd->status is set with approriate NT_STATUS code - * @return CAC_SUCCESS the domain was opened successfully - */ -int cac_LsaOpenTrustedDomain(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenTrustedDomain *op); - -struct LsaQueryTrustedDomainInfo { - struct { - /**Open LSA policy handle*/ - POLICY_HND *pol; - - /**Info class of returned data*/ - uint16 info_class; - - /**(Optional)SID of trusted domain to query (must specify either SID or name of trusted domain)*/ - DOM_SID *domain_sid; - - /**(Optional)Name of trusted domain to query (must specify either SID or name of trusted domain)*/ - char *domain_name; - } in; - - struct { - /**information about the trusted domain*/ - LSA_TRUSTED_DOMAIN_INFO *info; - } out; -}; - -/** - * Retrieves information a trusted domain. - * @param hnd An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op initialized I/O parameters - * @return CAC_FAILURE a handle to the domain could not be opened. hnd->status is set with approriate NT_STATUS code - * @return CAC_SUCCESS the domain was opened successfully - */ - -int cac_LsaQueryTrustedDomainInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaQueryTrustedDomainInfo *op); - -struct LsaEnumPrivileges { - struct { - /**An open LSA policy handle*/ - POLICY_HND *pol; - - /**The _preferred_ maxinum number of privileges returned per call*/ - uint32 pref_max_privs; - } in; - - struct { - /**Used to keep track of how many privileges have been retrieved over multiple calls. Do not modify this value between calls*/ - uint32 resume_idx; - - /**The number of privileges returned this call*/ - uint32 num_privs; - - /**Array of privilege names*/ - char **priv_names; - - /**Array of high bits for privilege LUID*/ - uint32 *high_bits; - - /**Array of low bits for privilege LUID*/ - uint32 *low_bits; - } out; -}; - -/** - * Enumerates the Privileges supported by the LSA. Can be enumerated in blocks by calling the function multiple times. - * Example: while(cac_LsaEnumPrivileges(hnd, mem_ctx, op) { ... } - * @param hnd An initialized and connected server handle - * @param mem_ctx Talloc context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE there was an error during operations OR there are no more results - * @return CAC_SUCCESS the operation completed and results were returned - * @see CAC_OP_FAILED() - */ -int cac_LsaEnumPrivileges(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaEnumPrivileges *op); - -struct LsaOpenAccount { - struct { - /**An open LSA policy handle*/ - POLICY_HND *pol; - - /**(Optional) account SID - must supply either sid or name*/ - DOM_SID *sid; - - /**(Optional) account name - must supply either sid or name*/ - char *name; - - /**desired access for the handle*/ - uint32 access; - } in; - - struct { - /**A handle to the opened user*/ - POLICY_HND *user; - } out; -}; - -/** - * Opens a handle to an account in the LSA - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE the account could not be opened. hnd->status has appropriate NT_STATUS code - * @return CAC_SUCCESS the account was opened - */ -int cac_LsaOpenAccount(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaOpenAccount *op); - -struct LsaAddPrivileges { - struct { - /**An open LSA policy handle*/ - POLICY_HND *pol; - - /**(Optional) The user's SID (must specify at least sid or name)*/ - DOM_SID *sid; - - /**(Optional) The user's name (must specify at least sid or name)*/ - char *name; - - /**The privilege names of the privileges to add for the account*/ - char **priv_names; - - /**The number of privileges in the priv_names array*/ - uint32 num_privs; - - } in; -}; - -/** - * Adds Privileges an account. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE the privileges could not be set. hnd->status has appropriate NT_STATUS code - * @return CAC_SUCCESS the privileges were set. - */ -int cac_LsaAddPrivileges(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaAddPrivileges *op); - -struct LsaRemovePrivileges { - struct { - /**An open handle to the LSA*/ - POLICY_HND *pol; - - /**(Optional) The account SID (must specify at least sid or name)*/ - DOM_SID *sid; - - /**(Optional) The account name (must specify at least sid or name)*/ - char *name; - - /**The privilege names of the privileges to remove from the account*/ - char **priv_names; - - /**The number of privileges in the priv_names array*/ - uint32 num_privs; - - } in; - -}; - -/** - * Removes a _specific_ set of privileges from an account - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE the privileges could not be removed. hnd->status is set with NT_STATUS code - * @return CAC_SUCCESS the privileges were removed - */ -int cac_LsaRemovePrivileges(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaRemovePrivileges *op); - -struct LsaClearPrivileges { - struct { - /**An open handle to the LSA*/ - POLICY_HND *pol; - - /**(Optional) The user's SID (must specify at least sid or name)*/ - DOM_SID *sid; - - /**(Optional) The user's name (must specify at least sid or name)*/ - char *name; - } in; - -}; - -/** - * Removes ALL privileges from an account - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE the operation was not successful, hnd->status set with NT_STATUS code - * @return CAC_SUCCESS the opeartion was successful. - */ -int cac_LsaClearPrivileges(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaClearPrivileges *op); - -/** - * Sets an accounts priviliges. Removes all privileges and then adds specified privileges. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE The operation could not complete successfully - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_LsaSetPrivileges(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaAddPrivileges *op); - -struct LsaGetSecurityObject { - struct { - /**Open LSA policy handle*/ - POLICY_HND *pol; - } in; - - struct { - /**Returned security descriptor information*/ - SEC_DESC_BUF *sec; - } out; -}; - -/** - * Retrieves Security Descriptor information about the LSA - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE The operation could not complete successfully - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_LsaGetSecurityObject(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct LsaGetSecurityObject *op); - - -/**@}*/ /*LSA_Functions*/ - -/********************** - * Registry Functions * - *********************/ - -/**@addtogroup Reg_Functions - * @{ - */ - -struct RegConnect { - struct { - /** must be one of : - * HKEY_CLASSES_ROOT, - * HKEY_LOCAL_MACHINE, - * HKEY_USERS, - * HKEY_PERFORMANCE_DATA, - */ - int root; - - /**desired access on the root key - * combination of: - * REG_KEY_READ, - * REG_KEY_WRITE, - * REG_KEY_EXECUTE, - * REG_KEY_ALL, - * found in include/rpc_secdes.h*/ - uint32 access; - } in; - - struct { - POLICY_HND *key; - } out; -}; - -/** - * Opens a handle to the registry on the server - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegConnect(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegConnect *op); - -/** - * Closes an open registry handle - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param key The Key/Handle to close - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegClose(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *key); - -struct RegOpenKey { - struct { - /**(Optional)parent key. - * If this is NULL, then cac_RegOpenKey() will attempt to connect to the registry, name MUST start with something like:
- * HKEY_LOCAL_MACHINE\ or an abbreviation like HKCR\ - * - * supported root names: - * - HKEY_LOCAL_MACHINE\ or HKLM\ - * - HKEY_CLASSES_ROOT\ or HKCR\ - * - HKEY_USERS\ or HKU\ - * - HKEY_PERFORMANCE_DATA or HKPD\ - */ - POLICY_HND *parent_key; - - /**name/path of key*/ - char *name; - - /**desired access on this key*/ - uint32 access; - } in; - - struct { - POLICY_HND *key; - } out; -}; - -/** - * Opens a registry key - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegOpenKey(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegOpenKey *op); - -struct RegEnumKeys { - struct { - /**enumerate subkeys of this key*/ - POLICY_HND *key; - - /**maximum number of keys to enumerate each call*/ - uint32 max_keys; - } in; - - struct { - /**keeps track of the index to resume enumerating*/ - uint32 resume_idx; - - /**the number of keys returned this call*/ - uint32 num_keys; - - /**array of key names*/ - char **key_names; - - /**class names of the keys*/ - char **class_names; - - /**last modification time of the key*/ - time_t *mod_times; - } out; -}; - -/** - * Enumerates Subkeys of a given key. Can be run in a loop. Example: while(cac_RegEnumKeys(hnd, mem_ctx, op)) { ... } - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @see CAC_OP_FAILED() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegEnumKeys(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegEnumKeys *op); - - -struct RegCreateKey { - struct { - /**create a subkey of parent_key*/ - POLICY_HND *parent_key; - - /**name of the key to create*/ - char *key_name; - - /**class of the key*/ - char *class_name; - - /**Access mask to open the key with. See REG_KEY_* in include/rpc_secdes.h*/ - uint32 access; - } in; - - struct { - /**Open handle to the key*/ - POLICY_HND *key; - } out; -}; - -/** - * Creates a registry key, if the key already exists, it will be opened __Creating keys is not currently working__. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parmeters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegCreateKey(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegCreateKey *op); - -struct RegDeleteKey { - struct { - /**handle to open registry key*/ - POLICY_HND *parent_key; - - /**name of the key to delete*/ - char *name; - - /**delete recursively. WARNING: this might not always work as planned*/ - bool recursive; - } in; - -}; - -/** - * Deletes a subkey of an open key. Note: if you run this with op->in.recursive == True, and the operation fails, it may leave the key in an inconsistent state. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegDeleteKey(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegDeleteKey *op); - -struct RegDeleteValue { - struct { - /**handle to open registry key*/ - POLICY_HND *parent_key; - - /**name of the value to delete*/ - char *name; - } in; -}; - -/** - * Deletes a registry value. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegDeleteValue(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegDeleteValue *op); - -struct RegQueryKeyInfo { - struct { - /**Open handle to the key to query*/ - POLICY_HND *key; - } in; - - struct { - /**name of the key class*/ - char *class_name; - - /**number of subkeys of the key*/ - uint32 num_subkeys; - - /**length (in characters) of the longest subkey name*/ - uint32 longest_subkey; - - /**length (in characters) of the longest class name*/ - uint32 longest_class; - - /**number of values in this key*/ - uint32 num_values; - - /**length (in characters) of the longest value name*/ - uint32 longest_value_name; - - /**length (in bytes) of the biggest value data*/ - uint32 longest_value_data; - - /**size (in bytes) of the security descriptor*/ - uint32 security_desc_size; - - /**time of the last write*/ - time_t last_write_time; - } out; -}; - -/** - * Retrieves information about an open key - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegQueryKeyInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegQueryKeyInfo *op); - -struct RegSaveKey { - struct { - /**Open key to be saved*/ - POLICY_HND *key; - - /**The path (on the remote computer) to save the file to*/ - char *filename; - } in; -}; - -/** - * Saves a key to a file on the remote machine __Not currently working__. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegSaveKey(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegSaveKey *op); - -struct RegQueryValue { - struct { - /**handle to open registry key*/ - POLICY_HND *key; - - /**name of the value to query*/ - char *val_name; - } in; - - struct { - /**Value type. - * One of: - * - REG_DWORD (equivalent to REG_DWORD_LE) - * - REG_DWORD_BE - * - REG_SZ - * - REG_EXPAND_SZ - * - REG_MULTI_SZ - * - REG_BINARY - */ - uint32 type; - - /**The value*/ - REG_VALUE_DATA *data; - } out; -}; - -/** - * Retrieves a value (type and data) _not currently working_. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegQueryValue(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegQueryValue *op); - -struct RegEnumValues { - struct { - /**handle to open key*/ - POLICY_HND *key; - - /**max number of values returned per call*/ - uint32 max_values; - - } in; - - struct { - /**keeps track of the index to resume from - used over multiple calls*/ - uint32 resume_idx; - - /**the number of values that were returned this call*/ - uint32 num_values; - - /**Array of value types. A type can be one of: - * - REG_DWORD (equivalent to REG_DWORD_LE) - * - REG_DWORD_BE - * - REG_SZ - * - REG_EXPAND_SZ - * - REG_MULTI_SZ - * - REG_BINARY - */ - uint32 *types; - - /**array of strings storing the names of the values*/ - char **value_names; - - /**array of pointers to the value data returned*/ - REG_VALUE_DATA **values; - } out; -}; - -/** - * Enumerates a number of Registry values in an open registry key. - * Can be run in a loop. Example: while(cac_RegEnumValues(hnd, mem_ctx, op)) { ... } - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @see CAC_OP_FAILED() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegEnumValues(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegEnumValues *op); - -struct RegSetValue { - struct { - /**Handle to open registry key*/ - POLICY_HND *key; - - /**Name of the value*/ - char *val_name; - - /**Value type. - * One of: - * - REG_DWORD (equivalent to REG_DWORD_LE) - * - REG_DWORD_BE - * - REG_SZ - * - REG_EXPAND_SZ - * - REG_MULTI_SZ - * - REG_BINARY - */ - uint32 type; - - /**the value*/ - REG_VALUE_DATA value; - } in; -}; - -/** - * Sets or creates value (type and data). - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegSetValue(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegSetValue *op); - -struct RegGetVersion { - struct { - /**open registry key*/ - POLICY_HND *key; - } in; - - struct { - /**version number*/ - uint32 version; - } out; -}; - -/** - * Retrieves the registry version number - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegGetVersion(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegGetVersion *op); - -struct RegGetKeySecurity { - struct { - /**Handle to key to query*/ - POLICY_HND *key; - - /**Info that you want. Should be a combination of (1 or more or'd): - * - OWNER_SECURITY_INFORMATION - * - GROUP_SECURITY_INFORMATION - * - DACL_SECURITY_INFORMATION - * - SACL_SECURITY_INFORMATION - * - UNPROTECTED_SACL_SECURITY_INFORMATION - * - UNPROTECTED_DACL_SECURITY_INFORMATION - * - PROTECTED_SACL_SECURITY_INFORMATION - * - PROTECTED_DACL_SECURITY_INFORMATION - * - * or use: - * - ALL_SECURITY_INFORMATION - * - * all definitions from include/rpc_secdes.h - */ - uint32 info_type; - } in; - - struct { - /**size of the data returned*/ - uint32 size; - - /**Security descriptor*/ - SEC_DESC *descriptor; - } out; -}; - -/** - * Retrieves a key security descriptor. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_RegGetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegGetKeySecurity *op); - -struct RegSetKeySecurity { - struct { - /**Handle to key to query*/ - POLICY_HND *key; - - /**Info that you want. Should be a combination of (1 or more or'd): - * - OWNER_SECURITY_INFORMATION - * - GROUP_SECURITY_INFORMATION - * - DACL_SECURITY_INFORMATION - * - SACL_SECURITY_INFORMATION - * - UNPROTECTED_SACL_SECURITY_INFORMATION - * - UNPROTECTED_DACL_SECURITY_INFORMATION - * - PROTECTED_SACL_SECURITY_INFORMATION - * - PROTECTED_DACL_SECURITY_INFORMATION - * - * or use: - * - ALL_SECURITY_INFORMATION - * - * all definitions from include/rpc_secdes.h - */ - uint32 info_type; - - /**size of the descriptor*/ - size_t size; - - /**Security descriptor*/ - SEC_DESC *descriptor; - } in; -}; - -/** - * Sets the key security descriptor. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_RegSetKeySecurity(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct RegSetKeySecurity *op); - -/**@}*/ /*Reg_Functions*/ - -struct Shutdown { - struct { - /**the message to display (can be NULL)*/ - char *message; - - /**timeout in seconds*/ - uint32 timeout; - - /**False = shutdown, True = reboot*/ - bool reboot; - - /**force the*/ - bool force; - - /*FIXME: make this useful*/ - uint32 reason; - } in; -}; - - -/** - * Shutdown the server _not currently working_. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_Shutdown(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct Shutdown *op); - -/** - * Attempt to abort initiated shutdown on the server _not currently working_. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_AbortShutdown(CacServerHandle *hnd, TALLOC_CTX *mem_ctx); - -/***************** - * SAM Functions * - *****************/ - -/**@addtogroup SAM_Functions - * @{ - */ -struct SamConnect { - struct { - /**Access mask to open with - * see generic access masks in include/smb.h*/ - uint32 access; - } in; - - struct { - POLICY_HND *sam; - } out; -}; - -/** - * Connects to the SAM. This can be skipped by just calling cac_SamOpenDomain() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamConnect(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamConnect *op); - - -/** - * Closes any (SAM, domain, user, group, etc.) SAM handle. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param sam Handle to close - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamClose(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *sam); - -struct SamOpenDomain { - struct { - /**The desired access. See generic access masks - include/smb.h*/ - uint32 access; - - /**(Optional) An open handle to the SAM. If it is NULL, the function will connect to the SAM with the access mask above*/ - POLICY_HND *sam; - - /**(Optional) The SID of the domain to open. - * If this this is NULL, the function will attempt to open the domain specified in hnd->domain */ - DOM_SID *sid; - } in; - - struct { - /**handle to the open domain*/ - POLICY_HND *dom_hnd; - - /**Handle to the open SAM*/ - POLICY_HND *sam; - } out; -}; - -/** - * Opens a handle to a domain. This must be called before any other SAM functions - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamOpenDomain(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamOpenDomain *op); - -struct SamCreateUser { - struct { - /**Open domain handle*/ - POLICY_HND *dom_hnd; - - /**Username*/ - char *name; - - /**See Allowable account control bits in include/smb.h*/ - uint32 acb_mask; - } in; - - struct { - /**handle to the user*/ - POLICY_HND *user_hnd; - - /**rid of the user*/ - uint32 rid; - } out; -}; - -/** - * Creates a new domain user, if the account already exists it will _not_ be opened and hnd->status will be NT_STATUS_USER_EXISTS - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamCreateUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamCreateUser *op); - -struct SamOpenUser { - struct { - /**Handle to open SAM connection*/ - POLICY_HND *dom_hnd; - - /**desired access - see generic access masks in include/smb.h*/ - uint32 access; - - /**RID of the user*/ - uint32 rid; - - /**(Optional) name of the user - must supply either RID or user name*/ - char *name; - } in; - - struct { - /**Handle to the user*/ - POLICY_HND *user_hnd; - } out; -}; - -/** - * Opens a domain user. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamOpenUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamOpenUser *op); - -/** - * Deletes a domain user. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param user_hnd Open handle to the user - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamDeleteUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *user_hnd); - - -struct SamEnumUsers { - struct { - /**Open handle to a domain*/ - POLICY_HND *dom_hnd; - - /**Enumerate users with specific ACB. If 0, all users will be enumerated*/ - uint32 acb_mask; - } in; - - struct { - /**where to resume from. Used over multiple calls*/ - uint32 resume_idx; - - /**the number of users returned this call*/ - uint32 num_users; - - /**Array storing the rids of the returned users*/ - uint32 *rids; - - /**Array storing the names of all the users returned*/ - char **names; - - bool done; - } out; -}; - -/** - * Enumerates domain users. Can be used as a loop condition. Example: while(cac_SamEnumUsers(hnd, mem_ctx, op)) { ... } - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamEnumUsers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamEnumUsers *op); - -struct SamGetNamesFromRids { - struct { - /**An open handle to the domain SAM from cac_SamOpenDomain()*/ - POLICY_HND *dom_hnd; - - /**Number of RIDs to resolve*/ - uint32 num_rids; - - /**Array of RIDs to resolve*/ - uint32 *rids; - } in; - - struct { - /**the number of names returned - if this is 0, the map is NULL*/ - uint32 num_names; - - /**array contiaing the Names and RIDs*/ - CacLookupRidsRecord *map; - } out; -}; - -/** - * Returns a list of names which map to a list of RIDs. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetNamesFromRids(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetNamesFromRids *op); - -struct SamGetRidsFromNames { - struct { - /**An open handle to the domain SAM from cac_SamOpenDomain()*/ - POLICY_HND *dom_hnd; - - /**Number of names to resolve*/ - uint32 num_names; - - /**Array of names to resolve*/ - char **names; - } in; - - struct { - /**the number of names returned - if this is 0, then map is NULL*/ - uint32 num_rids; - - /**array contiaing the Names and RIDs*/ - CacLookupRidsRecord *map; - } out; -}; - -/** - * Returns a list of RIDs which map to a list of names. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetRidsFromNames(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetRidsFromNames *op); - -struct SamGetGroupsForUser { - struct { - /**An open handle to the user*/ - POLICY_HND *user_hnd; - } in; - - struct { - /**The number of groups the user is a member of*/ - uint32 num_groups; - - /**The RIDs of the groups*/ - uint32 *rids; - - /**The attributes of the groups*/ - uint32 *attributes; - } out; -}; -/** - * Retrieves a list of groups that a user is a member of. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetGroupsForUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetGroupsForUser *op); - -struct SamOpenGroup { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - - /**Desired access to open the group with. See Generic access masks in include/smb.h*/ - uint32 access; - - /**rid of the group*/ - uint32 rid; - } in; - - struct { - /**Handle to the group*/ - POLICY_HND *group_hnd; - } out; -}; - -/** - * Opens a domain group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamOpenGroup(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamOpenGroup *op); - -struct SamCreateGroup { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - - /**Desired access to open the group with. See Generic access masks in include/smb.h*/ - uint32 access; - - /**The name of the group*/ - char *name; - } in; - - struct { - /**Handle to the group*/ - POLICY_HND *group_hnd; - } out; -}; - -/** - * Creates a group. If the group already exists it will not be opened. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamCreateGroup(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamCreateGroup *op); - -/** - * Deletes a domain group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param group_hnd Open handle to the group. - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamDeleteGroup(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *group_hnd); - -struct SamGetGroupMembers { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - } in; - - struct { - /**The number of members in the group*/ - uint32 num_members; - - /**An array storing the RIDs of the users*/ - uint32 *rids; - - /**The attributes*/ - uint32 *attributes; - } out; -}; - -/** - * Retrives a list of users in a group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetGroupMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetGroupMembers *op); - -struct SamAddGroupMember { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - - /**RID of new member*/ - uint32 rid; - } in; -}; - -/** - * Adds a user to a group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamAddGroupMember(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamAddGroupMember *op); - -struct SamRemoveGroupMember { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - - /**RID of member to remove*/ - uint32 rid; - } in; -}; - -/** - * Removes a user from a group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamRemoveGroupMember(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamRemoveGroupMember *op); - -/** - * Removes all the members of a group - warning: if this function fails is is possible that some but not all members were removed - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param group_hnd Open handle to the group to clear - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamClearGroupMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *group_hnd); - -struct SamSetGroupMembers { - struct { - /**Open handle to the group*/ - POLICY_HND *group_hnd; - - /**Number of members in the group - if this is 0, all members of the group will be removed*/ - uint32 num_members; - - /**The RIDs of the users to add*/ - uint32 *rids; - } in; -}; - -/** - * Clears the members of a group and adds a list of members to the group - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamSetGroupMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetGroupMembers *op); - -struct SamEnumGroups { - struct { - /**Open handle to a domain*/ - POLICY_HND *dom_hnd; - } in; - - struct { - /**Where to resume from _do not_ modify this value. Used over multiple calls.*/ - uint32 resume_idx; - - /**the number of users returned this call*/ - uint32 num_groups; - - /**Array storing the rids of the returned groups*/ - uint32 *rids; - - /**Array storing the names of all the groups returned*/ - char **names; - - /**Array storing the descriptions of all the groups returned*/ - char **descriptions; - - bool done; - } out; -}; - -/** - * Enumerates domain groups. Can be used as a loop condition. Example: while(cac_SamEnumGroups(hnd, mem_ctx, op)) { ... } - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamEnumGroups(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamEnumGroups *op); - -struct SamEnumAliases { - struct { - /**Open handle to a domain*/ - POLICY_HND *dom_hnd; - } in; - - struct { - /**where to resume from. Used over multiple calls*/ - uint32 resume_idx; - - /**the number of users returned this call*/ - uint32 num_aliases; - - /**Array storing the rids of the returned groups*/ - uint32 *rids; - - /**Array storing the names of all the groups returned*/ - char **names; - - /**Array storing the descriptions of all the groups returned*/ - char **descriptions; - - bool done; - } out; -}; - -/** - * Enumerates domain aliases. Can be used as a loop condition. Example: while(cac_SamEnumAliases(hnd, mem_ctx, op)) { ... } - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamEnumAliases(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamEnumAliases *op); - -struct SamCreateAlias { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - - /**The name of the alias*/ - char *name; - } in; - - struct { - /**Handle to the group*/ - POLICY_HND *alias_hnd; - } out; -}; - -/** - * Creates an alias. If the alias already exists it will not be opened. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamCreateAlias(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamCreateAlias *op); - -struct SamOpenAlias { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - - /**Desired access to open the group with. See Generic access masks in include/smb.h*/ - uint32 access; - - /**rid of the alias*/ - uint32 rid; - } in; - - struct { - /**Handle to the alias*/ - POLICY_HND *alias_hnd; - } out; -}; - -/** - * Opens a handle to an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamOpenAlias(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamOpenAlias *op); - -/** - * Deletes an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param alias_hnd Open handle to the alias - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamDeleteAlias(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *alias_hnd); - -struct SamAddAliasMember { - struct { - /**Open handle to a alias*/ - POLICY_HND *alias_hnd; - - /**SID of new member*/ - DOM_SID *sid; - } in; -}; - -/** - * Adds an account to an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamAddAliasMember(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamAddAliasMember *op); - -struct SamRemoveAliasMember { - struct { - /**Open handle to the alias*/ - POLICY_HND *alias_hnd; - - /**The SID of the member*/ - DOM_SID *sid; - } in; -}; - -/** - * Removes an account from an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamRemoveAliasMember(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamRemoveAliasMember *op); - -struct SamGetAliasMembers { - struct { - /**Open handle to the alias*/ - POLICY_HND *alias_hnd; - } in; - - struct { - /**The number of members*/ - uint32 num_members; - - /**An array storing the SIDs of the accounts*/ - DOM_SID *sids; - } out; -}; - -/** - * Retrieves a list of all accounts in an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetAliasMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetAliasMembers *op); - -/** - * Removes all the members of an alias - warning: if this function fails is is possible that some but not all members were removed - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param alias_hnd Handle to the alias to clear - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamClearAliasMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *alias_hnd); - -struct SamSetAliasMembers { - struct { - /**Open handle to the group*/ - POLICY_HND *alias_hnd; - - /**Number of members in the group - if this is 0, all members of the group will be removed*/ - uint32 num_members; - - /**The SIDs of the accounts to add*/ - DOM_SID *sids; - } in; -}; - -/** - * Clears the members of an alias and adds a list of members to the alias - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamSetAliasMembers(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetAliasMembers *op); - - -struct SamUserChangePasswd { - struct { - /**The username*/ - char *username; - - /**The current password*/ - char *password; - - /**The new password*/ - char *new_password; - } in; -}; -/**Used by a user to change their password*/ -int cac_SamUserChangePasswd(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamUserChangePasswd *op); - -/** - * Enables a user - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param user_hnd Open handle to the user to enable - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamEnableUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *user_hnd); - -/** - * Disables a user - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param user_hnd Open handle to the user to disables - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamDisableUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *user_hnd); - -struct SamSetPassword { - struct { - /**Open handle to a user*/ - POLICY_HND *user_hnd; - - /**The new password*/ - char *password; - } in; -}; - -/** - * Sets a user's password - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamSetPassword(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetPassword *op); - -struct SamGetUserInfo { - struct { - /**Open Handle to a user*/ - POLICY_HND *user_hnd; - } in; - - struct { - CacUserInfo *info; - } out; -}; - -/** - * Retrieves user information using a CacUserInfo structure. If you would like to use a SAM_USERINFO_CTR directly, use cac_SamGetUserInfoCtr() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see cac_SamGetUserInfoCtr() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetUserInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetUserInfo *op); - -struct SamSetUserInfo { - struct { - /**Open handle to a user*/ - POLICY_HND *user_hnd; - - /**Structure containing the data you would like to set*/ - CacUserInfo *info; - } in; -}; - -/** - * Sets the user info using a CacUserInfo structure. If you would like to use a SAM_USERINFO_CTR directly use cac_SamSetUserInfoCtr(). - * @note All fields in the CacUserInfo structure will be set. Best to call cac_GetUserInfo() modify fields that you want, and then call cac_SetUserInfo(). - * @note When calling this, you _must_ set the user's password. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see cac_SamSetUserInfoCtr() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamSetUserInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetUserInfo *op); - -struct SamGetUserInfoCtr { - struct { - /**Open handle to a user*/ - POLICY_HND *user_hnd; - - /**What USER_INFO structure you want. See include/rpc_samr.h*/ - uint16 info_class; - } in; - - struct { - /**returned user info*/ - SAM_USERINFO_CTR *ctr; - } out; -}; - -/** - * Retrieves user information using a SAM_USERINFO_CTR structure. If you don't want to use this structure, user SamGetUserInfo() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see cac_SamGetUserInfo() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetUserInfoCtr(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetUserInfoCtr *op); - -struct SamSetUserInfoCtr { - struct { - /**Open handle to a user*/ - POLICY_HND *user_hnd; - - /**user info - make sure ctr->switch_value is set properly*/ - SAM_USERINFO_CTR *ctr; - } in; -}; - -/** - * Sets the user info using a SAM_USERINFO_CTR structure. If you don't want to use this structure, use cac_SamSetUserInfo() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see cac_SamSetUserInfo() - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamSetUserInfoCtr(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetUserInfoCtr *op); - -struct SamRenameUser { - struct { - /**Open handle to user*/ - POLICY_HND *user_hnd; - - /**New user name*/ - char *new_name; - } in; -}; - -/** - * Changes the name of a user. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamRenameUser(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamRenameUser *op); - -struct SamGetGroupInfo { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - } in; - - struct { - /**Returned info about the group*/ - CacGroupInfo *info; - } out; -}; - -/** - * Retrieves information about a group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetGroupInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetGroupInfo *op); - -struct SamSetGroupInfo { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - - /**group info*/ - CacGroupInfo *info; - } in; -}; - -/** - * Sets information about a group. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamSetGroupInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetGroupInfo *op); - -struct SamRenameGroup { - struct { - /**Open handle to a group*/ - POLICY_HND *group_hnd; - - /**New name*/ - char *new_name; - } in; -}; - -/** - * Changes the name of a group - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ - -int cac_SamRenameGroup(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamRenameGroup *op); - -struct SamGetAliasInfo { - struct { - /**Open handle to an alias*/ - POLICY_HND *alias_hnd; - } in; - - struct { - /**Returned alias info*/ - CacAliasInfo *info; - } out; -}; - -/** - * Retrieves information about an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamGetAliasInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetAliasInfo *op); - -struct SamSetAliasInfo { - struct { - /**Open handle to an alias*/ - POLICY_HND *alias_hnd; - - /**Returned alias info*/ - CacAliasInfo *info; - } in; -}; - -/** - * Sets information about an alias. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE The operation could not complete successfully. hnd->status is set with appropriate NTSTATUS code - * @return CAC_SUCCESS The operation completed successfully - */ -int cac_SamSetAliasInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamSetAliasInfo *op); - -struct SamGetDomainInfo { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - } in; - - struct { - /**Returned domain info*/ - CacDomainInfo *info; - } out; -}; - -/** - * Gets domain information in the form of a CacDomainInfo structure. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see SamGetDomainInfoCtr() - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - * @return CAC_PARTIAL_SUCCESS - This function makes 3 rpc calls, if one or two fail and the rest succeed, - * not all fields in the CacDomainInfo structure will be filled - */ -int cac_SamGetDomainInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetDomainInfo *op); - -struct SamGetDomainInfoCtr { - struct { - /**Open handle to domain*/ - POLICY_HND *dom_hnd; - - /**What info level you want*/ - uint16 info_class; - } in; - - struct { - SAM_UNK_CTR *info; - } out; -}; - -/** - * Gets domain information in the form of a SAM_UNK_CTR structure. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @see SamGetDomainInfo() - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SamGetDomainInfoCtr(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetDomainInfoCtr *op); - -struct SamGetDisplayInfo { - struct { - /**Open handle to domain*/ - POLICY_HND *dom_hnd; - - /**What type of data*/ - uint16 info_class; - - /**(Optional)If 0, max_entries and max_size will be filled in by the function*/ - uint32 max_entries; - - /**(Optional)If 0, max_entries and max_size will be filled in by the function*/ - uint32 max_size; - } in; - - struct { - /**Do not modify this value, use the same value between multiple calls (ie in while loop)*/ - uint32 resume_idx; - - /**Number of entries returned*/ - uint32 num_entries; - - /**Returned display info*/ - SAM_DISPINFO_CTR ctr; - - /**Internal value. Do not modify.*/ - uint32 loop_count; - - bool done; - } out; -}; - -/** - * Gets dislpay information using a SAM_DISPINFO_CTR. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SamGetDisplayInfo(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetDisplayInfo *op); - -struct SamLookupDomain { - struct { - /**Open handle to the sam (opened with cac_SamConnect() or cac_SamOpenDomain()*/ - POLICY_HND *sam; - - /**Name of the domain to lookup*/ - char *name; - } in; - - struct { - /**SID of the domain*/ - DOM_SID *sid; - } out; -}; - -/** - * Looks up a Domain SID given it's name. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SamLookupDomain(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamLookupDomain *op); - -struct SamGetSecurityObject { - struct { - /**An open handle (SAM, domain or user)*/ - POLICY_HND *pol; - } in; - - struct { - SEC_DESC_BUF *sec; - } out; -}; - -/** - * Retrievies Security descriptor information for a SAM/Domain/user - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SamGetSecurityObject(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamGetSecurityObject *op); - -struct SamFlush { - struct { - /**Open handle to the domain SAM*/ - POLICY_HND *dom_hnd; - - /**(Optional)Domain SID. If NULL, the domain in hnd->domain will be opened*/ - DOM_SID *sid; - - /**(Optional)Desired access to re-open the domain with. If 0, MAXIMUM_ALLOWED_ACCESS is used.*/ - uint32 access; - } in; -}; - -/** - * Closes the domain handle, then re-opens it - effectively flushing any changes made. - * WARNING: if this fails you will no longer have an open handle to the domain SAM. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SamFlush(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SamFlush *op); - -/**@}*/ /*SAM_Functions*/ - -/**@addtogroup SCM_Functions - * @{ - */ - -struct SvcOpenScm { - struct { - /**Desired access to open the Handle with. See SC_RIGHT_MGR_* or SC_MANAGER_* in include/rpc_secdes.h*/ - uint32 access; - } in; - - struct { - /**Handle to the SCM*/ - POLICY_HND *scm_hnd; - } out; -}; - -/** - * Opens a handle to the SCM on the remote machine. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcOpenScm(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcOpenScm *op); - -/** - * Closes an Svc handle (SCM or Service) - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param scm_hnd The handle to close - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcClose(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, POLICY_HND *scm_hnd); - -struct SvcEnumServices { - struct { - /**Open handle to the SCM*/ - POLICY_HND *scm_hnd; - - /**(Optional)Type of service to enumerate. Possible values: - * - SVCCTL_TYPE_WIN32 - * - SVCCTL_TYPE_DRIVER - * If this is 0, (SVCCTL_TYPE_DRIVER | SVCCTL_TYPE_WIN32) is assumed. - */ - uint32 type; - - /**(Optional)State of service to enumerate. Possible values: - * - SVCCTL_STATE_ACTIVE - * - SVCCTL_STATE_INACTIVE - * - SVCCTL_STATE_ALL - * If this is 0, SVCCTL_STATE_ALL is assumed. - */ - uint32 state; - } in; - - struct { - /**Number of services returned*/ - uint32 num_services; - - /**Array of service structures*/ - CacService *services; - } out; -}; - -/** - * Enumerates services on the remote machine. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcEnumServices(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcEnumServices *op); - -struct SvcOpenService { - struct { - /**Handle to the Service Control Manager*/ - POLICY_HND *scm_hnd; - - /**Access mask to open service with see SERVICE_* or SC_RIGHT_SVC_* in include/rpc_secdes.h*/ - uint32 access; - - /**The name of the service. _not_ the display name*/ - char *name; - } in; - - struct { - /**Handle to the open service*/ - POLICY_HND *svc_hnd; - } out; -}; - -/** - * Opens a handle to a service. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ - -int cac_SvcOpenService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcOpenService *op); - -struct SvcGetStatus { - struct { - /**Open handle to the service to query*/ - POLICY_HND *svc_hnd; - } in; - - struct { - /**The status of the service. See include/rpc_svcctl.h for SERVICE_STATUS definition.*/ - SERVICE_STATUS status; - } out; -}; - -/** - * Retrieves the status of a service. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcGetStatus(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcGetStatus *op); - -struct SvcStartService { - struct { - /**open handle to the service*/ - POLICY_HND *svc_hnd; - - /**Array of parameters to start the service with. Can be NULL if num_parms is 0*/ - char **parms; - - /**Number of parameters in the parms array*/ - uint32 num_parms; - - /**Number of seconds to wait for the service to actually start. If this is 0, then the status will not be checked after the initial call*/ - uint32 timeout; - } in; -}; - -/** - * Attempts to start a service. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ - -int cac_SvcStartService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcStartService *op); - -struct SvcControlService { - struct { - /**Open handle to the service to control*/ - POLICY_HND *svc_hnd; - - /**The control operation to perform. Possible values (from include/rpc_svcctl.h): - * - SVCCTL_CONTROL_STOP - * - SVCCTL_CONTROL_PAUSE - * - SVCCTL_CONTROL_CONTINUE - * - SVCCTL_CONTROL_SHUTDOWN - */ - uint32 control; - } in; - - struct { - /**The returned status of the service, _immediately_ after the call*/ - SERVICE_STATUS *status; - } out; -}; - -/** - * Performs a control operation on a service and _immediately_ returns. - * @see cac_SvcStopService() - * @see cac_SvcPauseService() - * @see cac_SvcContinueService() - * @see cac_SvcShutdownService() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcControlService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcControlService *op); - -struct SvcStopService { - struct { - /**Open handle to the service*/ - POLICY_HND *svc_hnd; - - /**Number of seconds to wait for the service to actually start. - * If this is 0, then the status will not be checked after the initial call and CAC_SUCCESS might be returned if the status isn't actually started - */ - uint32 timeout; - } in; - - struct { - /**Status of the service after the operation*/ - SERVICE_STATUS status; - } out; -}; - -/** - * Attempts to stop a service. - * @see cacSvcControlService() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful. If hnd->status is NT_STATUS_OK, then a timeout occured. - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcStopService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcStopService *op); - -struct SvcPauseService { - struct { - /**Open handle to the service*/ - POLICY_HND *svc_hnd; - - /**Number of seconds to wait for the service to actually start. - * If this is 0, then the status will not be checked after the initial call and CAC_SUCCESS might be returned if the status isn't actually started - */ - uint32 timeout; - } in; - - struct { - /**Status of the service after the operation*/ - SERVICE_STATUS status; - } out; -}; - -/** - * Attempts to pause a service. - * @see cacSvcControlService() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful. If hnd->status is NT_STATUS_OK, then a timeout occured. - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcPauseService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcPauseService *op); - -struct SvcContinueService { - struct { - /**Open handle to the service*/ - POLICY_HND *svc_hnd; - - /**Number of seconds to wait for the service to actually start. - * If this is 0, then the status will not be checked after the initial call and CAC_SUCCESS might be returned if the status isn't actually started - */ - uint32 timeout; - } in; - - struct { - /**Status of the service after the operation*/ - SERVICE_STATUS status; - } out; -}; - -/** - * Attempts to continue a paused service. - * @see cacSvcControlService() - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful. If hnd->status is NT_STATUS_OK, then a timeout occured. - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcContinueService(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcContinueService *op); - -struct SvcGetDisplayName { - struct { - /**Open handle to the service*/ - POLICY_HND *svc_hnd; - } in; - - struct { - /**The returned display name of the service*/ - char *display_name; - } out; -}; - -/** - * Retrieves the display name of a service _not currently working_ - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcGetDisplayName(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcGetDisplayName *op); - -struct SvcGetServiceConfig { - struct { - /**Open handle to the service*/ - POLICY_HND *svc_hnd; - } in; - - struct { - /**Returned Configuration information*/ - CacServiceConfig config; - } out; -}; - -/** - * Retrieves configuration information about a service. - * @param hnd Initialized and connected server handle - * @param mem_ctx Context for memory allocation - * @param op Initialized Parameters - * @return CAC_FAILURE - the operation was not successful hnd->status is set appropriately - * @return CAC_SUCCESS - the operation was successful - */ -int cac_SvcGetServiceConfig(CacServerHandle *hnd, TALLOC_CTX *mem_ctx, struct SvcGetServiceConfig *op); - -/**@}*/ /*SCM_Functions*/ - -struct rpc_pipe_client *cac_GetPipe(CacServerHandle *hnd, int pi_idx); - -#endif /* LIBMSRPC_H */ - - diff --git a/source3/include/libmsrpc_internal.h b/source3/include/libmsrpc_internal.h deleted file mode 100644 index 623c43f9c3..0000000000 --- a/source3/include/libmsrpc_internal.h +++ /dev/null @@ -1,73 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * MS-RPC client internal definitions - * Copyright (C) Chris Nicholls 2005. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef LIBMSRPC_INTERNAL_H -#define LIBMSRPC_INTERNAL_H - -#include "libmsrpc.h" - -/*definitions*/ - -struct CacServerHandleInternal { - /*stores the os type of the server*/ - uint16 srv_level; - - /*stores the initialized/active pipes*/ - bool pipes[PI_MAX_PIPES]; - - /*underlying smbc context*/ - SMBCCTX *ctx; - - /*did the user supply this SMBCCTX?*/ - bool user_supplied_ctx; -}; - -/*used to get a struct rpc_pipe_client* to be passed into rpccli* calls*/ - -/*nessecary prototypes*/ -bool rid_in_list(uint32 rid, uint32 *list, uint32 list_len); - -int cac_ParseRegPath(char *path, uint32 *reg_type, char **key_name); - -REG_VALUE_DATA *cac_MakeRegValueData(TALLOC_CTX *mem_ctx, uint32 data_type, REGVAL_BUFFER buf); - -RPC_DATA_BLOB *cac_MakeRpcDataBlob(TALLOC_CTX *mem_ctx, uint32 data_type, REG_VALUE_DATA data); - -SAM_USERINFO_CTR *cac_MakeUserInfoCtr(TALLOC_CTX *mem_ctx, CacUserInfo *info); - -CacUserInfo *cac_MakeUserInfo(TALLOC_CTX *mem_ctx, SAM_USERINFO_CTR *ctr); -CacGroupInfo *cac_MakeGroupInfo(TALLOC_CTX *mem_ctx, GROUP_INFO_CTR *ctr); -GROUP_INFO_CTR *cac_MakeGroupInfoCtr(TALLOC_CTX *mem_ctx, CacGroupInfo *info); -CacAliasInfo *cac_MakeAliasInfo(TALLOC_CTX *mem_ctx, ALIAS_INFO_CTR ctr); -ALIAS_INFO_CTR *cac_MakeAliasInfoCtr(TALLOC_CTX *mem_ctx, CacAliasInfo *info); -CacDomainInfo *cac_MakeDomainInfo(TALLOC_CTX *mem_ctx, SAM_UNK_INFO_1 *info1, SAM_UNK_INFO_2 *info2, SAM_UNK_INFO_12 *info12); -CacService *cac_MakeServiceArray(TALLOC_CTX *mem_ctx, ENUM_SERVICES_STATUS *svc, uint32 num_services); -int cac_InitCacServiceConfig(TALLOC_CTX *mem_ctx, SERVICE_CONFIG *src, CacServiceConfig *dest); - -/*moved to libmsrpc.h*/ -/*struct rpc_pipe_client *cac_GetPipe(CacServerHandle *hnd, int pi_idx);*/ - -SMBCSRV *smbc_attr_server(SMBCCTX *context, - const char *server, const char *share, - fstring workgroup, - fstring username, fstring password, - POLICY_HND *pol); - - -#endif /* LIBMSRPC_INTERNAL_H */ -- cgit From 6f46002ff6b153730635bfd4a8380792a815ce6b Mon Sep 17 00:00:00 2001 From: "Gerald W. Carter" Date: Thu, 25 Sep 2008 10:43:56 -0700 Subject: idmap: Fix typo is gid2sid() that was caching using idmap_cache_set_sid2uid() --- source3/winbindd/idmap_util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index b10a1a4ba9..9f876618be 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -121,7 +121,7 @@ backend: return NT_STATUS_NONE_MAPPED; } - idmap_cache_set_sid2uid(sid, gid); + idmap_cache_set_sid2gid(sid, gid); return NT_STATUS_OK; } -- cgit From 81fde585516957b6a7742e0168c68df33572ed74 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 24 Sep 2008 09:05:37 +0200 Subject: s3-nbt: remove double nbt netlogon opcodes. Guenther --- source3/include/nameserv.h | 11 ----------- source3/nmbd/nmbd_processlogon.c | 30 +++++++++++++++--------------- source3/utils/net_ads.c | 8 ++++---- 3 files changed, 19 insertions(+), 30 deletions(-) diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h index 4377e3330a..a7d46e72d8 100644 --- a/source3/include/nameserv.h +++ b/source3/include/nameserv.h @@ -539,17 +539,6 @@ struct packet_struct } packet; }; -/* NETLOGON opcodes */ - -#define QUERYFORPDC 7 /* Query for PDC. */ -#define SAM_UAS_CHANGE 10 /* Announce change to UAS or SAM. */ -#define QUERYFORPDC_R 12 /* Response to Query for PDC. */ -#define SAMLOGON 18 -#define SAMLOGON_R 19 -#define SAMLOGON_UNK_R 21 -#define SAMLOGON_AD_UNK_R 23 -#define SAMLOGON_AD_R 25 - /* Ids for netbios packet types. */ #define ANN_HostAnnouncement 1 diff --git a/source3/nmbd/nmbd_processlogon.c b/source3/nmbd/nmbd_processlogon.c index 474ae1ca18..814eaf7ca8 100644 --- a/source3/nmbd/nmbd_processlogon.c +++ b/source3/nmbd/nmbd_processlogon.c @@ -178,7 +178,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); break; } - case QUERYFORPDC: + case LOGON_PRIMARY_QUERY: { fstring mach_str, getdc_str; fstring source_name; @@ -253,7 +253,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); /* Construct reply. */ q = outbuf; - SSVAL(q, 0, QUERYFORPDC_R); + SSVAL(q, 0, NETLOGON_RESPONSE_FROM_PDC); q += 2; fstrcpy(reply_name,my_name); @@ -292,7 +292,7 @@ logons are not enabled.\n", inet_ntoa(p->ip) )); DEBUG(5,("process_logon_packet: GETDC request from %s at IP %s, \ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", mach_str,inet_ntoa(p->ip), reply_name, lp_workgroup(), - QUERYFORPDC_R, (uint32)ntversion, (uint32)lmnttoken, + NETLOGON_RESPONSE_FROM_PDC, (uint32)ntversion, (uint32)lmnttoken, (uint32)lm20token )); dump_data(4, (uint8 *)outbuf, PTR_DIFF(q, outbuf)); @@ -309,7 +309,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", return; } - case SAMLOGON: + case LOGON_SAM_LOGON_REQUEST: { fstring getdc_str; @@ -351,7 +351,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", domainsidsize = IVAL(q, 0); q += 4; - DEBUG(5,("process_logon_packet: SAMLOGON sidsize %d, len = %d\n", domainsidsize, len)); + DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize %d, len = %d\n", domainsidsize, len)); if (domainsidsize < (len - PTR_DIFF(q, buf)) && (domainsidsize != 0)) { q += domainsidsize; @@ -383,7 +383,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", lm20token = SVAL(q, 6); q += 8; - DEBUG(3,("process_logon_packet: SAMLOGON sidsize %d ntv %d\n", domainsidsize, ntversion)); + DEBUG(3,("process_logon_packet: LOGON_SAM_LOGON_REQUEST sidsize %d ntv %d\n", domainsidsize, ntversion)); /* * we respond regadless of whether the machine is in our password @@ -392,14 +392,14 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", */ pull_ucs2_fstring(ascuser, uniuser); pull_ucs2_fstring(asccomp, unicomp); - DEBUG(5,("process_logon_packet: SAMLOGON user %s\n", ascuser)); + DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST user %s\n", ascuser)); fstrcpy(reply_name, "\\\\"); /* Here it wants \\LOGONSERVER. */ fstrcat(reply_name, my_name); - DEBUG(5,("process_logon_packet: SAMLOGON request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n", + DEBUG(5,("process_logon_packet: LOGON_SAM_LOGON_REQUEST request from %s(%s) for %s, returning logon svr %s domain %s code %x token=%x\n", asccomp,inet_ntoa(p->ip), ascuser, reply_name, lp_workgroup(), - SAMLOGON_R ,lmnttoken)); + LOGON_SAM_LOGON_RESPONSE ,lmnttoken)); /* Construct reply. */ @@ -408,9 +408,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", /* never, at least for now */ if ((ntversion < 11) || (SEC_ADS != lp_security()) || (ROLE_DOMAIN_PDC != lp_server_role())) { if (SVAL(uniuser, 0) == 0) { - SSVAL(q, 0, SAMLOGON_UNK_R); /* user unknown */ + SSVAL(q, 0, LOGON_SAM_LOGON_USER_UNKNOWN); /* user unknown */ } else { - SSVAL(q, 0, SAMLOGON_R); + SSVAL(q, 0, LOGON_SAM_LOGON_RESPONSE); } q += 2; @@ -453,9 +453,9 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", return; } if (SVAL(uniuser, 0) == 0) { - SIVAL(q, 0, SAMLOGON_AD_UNK_R); /* user unknown */ + SIVAL(q, 0, LOGON_SAM_LOGON_USER_UNKNOWN_EX); /* user unknown */ } else { - SIVAL(q, 0, SAMLOGON_AD_R); + SIVAL(q, 0, LOGON_SAM_LOGON_RESPONSE_EX); } q += 4; @@ -684,8 +684,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", /* Announce change to UAS or SAM. Send by the domain controller when a replication event is required. */ - case SAM_UAS_CHANGE: - DEBUG(5, ("Got SAM_UAS_CHANGE\n")); + case NETLOGON_ANNOUNCE_UAS: + DEBUG(5, ("Got NETLOGON_ANNOUNCE_UAS\n")); break; default: diff --git a/source3/utils/net_ads.c b/source3/utils/net_ads.c index 1ef4c152a3..627374cb96 100644 --- a/source3/utils/net_ads.c +++ b/source3/utils/net_ads.c @@ -56,11 +56,11 @@ static int net_ads_cldap_netlogon(struct net_context *c, ADS_STRUCT *ads) d_printf("Response Type: "); switch (reply.command) { - case SAMLOGON_AD_UNK_R: - d_printf("SAMLOGON\n"); + case LOGON_SAM_LOGON_USER_UNKNOWN_EX: + d_printf("LOGON_SAM_LOGON_USER_UNKNOWN_EX\n"); break; - case SAMLOGON_AD_R: - d_printf("SAMLOGON_USER\n"); + case LOGON_SAM_LOGON_RESPONSE_EX: + d_printf("LOGON_SAM_LOGON_RESPONSE_EX\n"); break; default: d_printf("0x%x\n", reply.command); -- cgit From da955d7193af4c5bf76f91cf8219e051de59ce7f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 24 Sep 2008 11:06:39 +0200 Subject: s3-nbt: further cleanup of dsgetdcname(). Guenther --- source3/libsmb/dsgetdcname.c | 188 ++++++------------------------------------- 1 file changed, 25 insertions(+), 163 deletions(-) diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index a543e073bc..89769d8a76 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -35,7 +35,7 @@ struct ip_service_name { static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx, uint32_t flags, struct sockaddr_storage *ss, - struct netlogon_samlogon_response *r, + struct NETLOGON_SAM_LOGON_RESPONSE_EX *r, struct netr_DsRGetDCNameInfo **info); /**************************************************************** @@ -358,7 +358,6 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx, DATA_BLOB blob; enum ndr_err_code ndr_err; struct netr_DsRGetDCNameInfo *info; - struct netlogon_samlogon_response p; struct NETLOGON_SAM_LOGON_RESPONSE_EX r; NTSTATUS status; @@ -389,10 +388,8 @@ static NTSTATUS dsgetdcname_cache_fetch(TALLOC_CTX *mem_ctx, return ndr_map_error2ntstatus(ndr_err); } - p.nt5_ex = r; - status = make_dc_info_from_cldap_reply(mem_ctx, flags, NULL, - &p, &info); + &r, &info); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -787,7 +784,7 @@ static void map_dc_and_domain_names(uint32_t flags, static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx, uint32_t flags, struct sockaddr_storage *ss, - struct netlogon_samlogon_response *r, + struct NETLOGON_SAM_LOGON_RESPONSE_EX *r, struct netr_DsRGetDCNameInfo **info) { const char *dc_hostname = NULL; @@ -808,163 +805,28 @@ static NTSTATUS make_dc_info_from_cldap_reply(TALLOC_CTX *mem_ctx, dc_address_type = DS_ADDRESS_TYPE_INET; } - switch (r->ntver & 0x0000001f) { - case 0: - case 1: - case 16: - case 17: - if (!ss) { - dc_address = r->nt4.server; - dc_address_type = DS_ADDRESS_TYPE_NETBIOS; - } - - map_dc_and_domain_names(flags, - r->nt4.server, - r->nt4.domain, - NULL, - NULL, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - if (flags & DS_PDC_REQUIRED) { - dc_flags = NBT_SERVER_WRITABLE | NBT_SERVER_PDC; - } - break; - case 2: - case 3: - case 18: - case 19: - if (!ss) { - dc_address = r->nt5.pdc_ip; - dc_address_type = DS_ADDRESS_TYPE_INET; - } - - map_dc_and_domain_names(flags, - r->nt5.pdc_name, - r->nt5.domain_name, - r->nt5.pdc_dns_name, - r->nt5.dns_domain, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - dc_flags |= r->nt5.server_type; - dc_forest = r->nt5.forest; - dc_domain_guid = &r->nt5.domain_uuid; - - break; - case 4: - case 5: - case 6: - case 7: - if (!ss) { - dc_address = r->nt5_ex.pdc_name; - dc_address_type = DS_ADDRESS_TYPE_NETBIOS; - } - - map_dc_and_domain_names(flags, - r->nt5_ex.pdc_name, - r->nt5_ex.domain, - r->nt5_ex.pdc_dns_name, - r->nt5_ex.dns_domain, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - dc_flags |= r->nt5_ex.server_type; - dc_forest = r->nt5_ex.forest; - dc_domain_guid = &r->nt5_ex.domain_uuid; - dc_server_site = r->nt5_ex.server_site; - dc_client_site = r->nt5_ex.client_site; - - break; - case 8: - case 9: - case 10: - case 11: - case 12: - case 13: - case 14: - case 15: - if (!ss) { - dc_address = r->nt5_ex.sockaddr.pdc_ip; - dc_address_type = DS_ADDRESS_TYPE_INET; - } - - map_dc_and_domain_names(flags, - r->nt5_ex.pdc_name, - r->nt5_ex.domain, - r->nt5_ex.pdc_dns_name, - r->nt5_ex.dns_domain, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - dc_flags |= r->nt5_ex.server_type; - dc_forest = r->nt5_ex.forest; - dc_domain_guid = &r->nt5_ex.domain_uuid; - dc_server_site = r->nt5_ex.server_site; - dc_client_site = r->nt5_ex.client_site; - - break; - case 20: - case 21: - case 22: - case 23: - case 24: - case 25: - case 26: - case 27: - case 28: - if (!ss) { - dc_address = r->nt5_ex.pdc_name; - dc_address_type = DS_ADDRESS_TYPE_NETBIOS; - } + if (!ss && r->sockaddr.pdc_ip) { + dc_address = r->sockaddr.pdc_ip; + dc_address_type = DS_ADDRESS_TYPE_INET; + } else { + dc_address = r->pdc_name; + dc_address_type = DS_ADDRESS_TYPE_NETBIOS; + } - map_dc_and_domain_names(flags, - r->nt5_ex.pdc_name, - r->nt5_ex.domain, - r->nt5_ex.pdc_dns_name, - r->nt5_ex.dns_domain, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - dc_flags |= r->nt5_ex.server_type; - dc_forest = r->nt5_ex.forest; - dc_domain_guid = &r->nt5_ex.domain_uuid; - dc_server_site = r->nt5_ex.server_site; - dc_client_site = r->nt5_ex.client_site; - - break; - case 29: - case 30: - case 31: - if (!ss) { - dc_address = r->nt5_ex.sockaddr.pdc_ip; - dc_address_type = DS_ADDRESS_TYPE_INET; - } + map_dc_and_domain_names(flags, + r->pdc_name, + r->domain, + r->pdc_dns_name, + r->dns_domain, + &dc_flags, + &dc_hostname, + &dc_domain_name); - map_dc_and_domain_names(flags, - r->nt5_ex.pdc_name, - r->nt5_ex.domain, - r->nt5_ex.pdc_dns_name, - r->nt5_ex.dns_domain, - &dc_flags, - &dc_hostname, - &dc_domain_name); - - dc_flags |= r->nt5_ex.server_type; - dc_forest = r->nt5_ex.forest; - dc_domain_guid = &r->nt5_ex.domain_uuid; - dc_server_site = r->nt5_ex.server_site; - dc_client_site = r->nt5_ex.client_site; - - break; - default: - return NT_STATUS_INVALID_PARAMETER; - } + dc_flags |= r->server_type; + dc_forest = r->forest; + dc_domain_guid = &r->domain_uuid; + dc_server_site = r->server_site; + dc_client_site = r->client_site; return make_domain_controller_info(mem_ctx, dc_hostname, @@ -1051,7 +913,7 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx, } status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss, - r, info); + &r->nt5_ex, info); if (NT_STATUS_IS_OK(status)) { return store_cldap_reply(mem_ctx, flags, &dclist[i].ss, nt_version, &r->nt5_ex); @@ -1187,7 +1049,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, make_reply: status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss, - r, info); + &r->nt5_ex, info); if (NT_STATUS_IS_OK(status) && store_cache) { return store_cldap_reply(mem_ctx, flags, &dclist[i].ss, nt_version, &r->nt5_ex); -- cgit From 917b141e7dd3e57045c76909b577570fc685fc9b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 16 Sep 2008 17:53:06 +0200 Subject: netapi: start supporting NetUserSetInfo level 3. Guenther --- source3/lib/netapi/user.c | 53 ++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/source3/lib/netapi/user.c b/source3/lib/netapi/user.c index 7d0c47f331..fcb87b77be 100644 --- a/source3/lib/netapi/user.c +++ b/source3/lib/netapi/user.c @@ -108,18 +108,18 @@ static void convert_USER_INFO_X_to_samr_user_info21(struct USER_INFO_X *infoX, infoX->usriX_workstations, infoX->usriX_usr_comment, &zero_parameters, - 0, + infoX->usriX_user_id, infoX->usriX_primary_group_id, infoX->usriX_flags, fields_present, zero_logon_hours, - 0, - 0, + infoX->usriX_bad_pw_count, + infoX->usriX_num_logons, infoX->usriX_country_code, + infoX->usriX_code_page, 0, 0, - 0, - 0); + infoX->usriX_password_expired); } /**************************************************************** @@ -132,6 +132,7 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, struct USER_INFO_0 *u0 = NULL; struct USER_INFO_1 *u1 = NULL; struct USER_INFO_2 *u2 = NULL; + struct USER_INFO_3 *u3 = NULL; struct USER_INFO_1003 *u1003 = NULL; struct USER_INFO_1006 *u1006 = NULL; struct USER_INFO_1007 *u1007 = NULL; @@ -193,6 +194,37 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, uX->usriX_country_code = u2->usri2_country_code; uX->usriX_code_page = u2->usri2_code_page; break; + case 3: + u3 = (struct USER_INFO_3 *)buffer; + uX->usriX_name = u3->usri3_name; + uX->usriX_password_age = u3->usri3_password_age; + uX->usriX_priv = u3->usri3_priv; + uX->usriX_home_dir = u3->usri3_home_dir; + uX->usriX_comment = u3->usri3_comment; + uX->usriX_flags = u3->usri3_flags; + uX->usriX_script_path = u3->usri3_script_path; + uX->usriX_auth_flags = u3->usri3_auth_flags; + uX->usriX_full_name = u3->usri3_full_name; + uX->usriX_usr_comment = u3->usri3_usr_comment; + uX->usriX_parms = u3->usri3_parms; + uX->usriX_workstations = u3->usri3_workstations; + uX->usriX_last_logon = u3->usri3_last_logon; + uX->usriX_last_logoff = u3->usri3_last_logoff; + uX->usriX_acct_expires = u3->usri3_acct_expires; + uX->usriX_max_storage = u3->usri3_max_storage; + uX->usriX_units_per_week= u3->usri3_units_per_week; + uX->usriX_logon_hours = u3->usri3_logon_hours; + uX->usriX_bad_pw_count = u3->usri3_bad_pw_count; + uX->usriX_num_logons = u3->usri3_num_logons; + uX->usriX_logon_server = u3->usri3_logon_server; + uX->usriX_country_code = u3->usri3_country_code; + uX->usriX_code_page = u3->usri3_code_page; + uX->usriX_user_id = u3->usri3_user_id; + uX->usriX_primary_group_id = u3->usri3_primary_group_id; + uX->usriX_profile = u3->usri3_profile; + uX->usriX_home_dir_drive = u3->usri3_home_dir_drive; + uX->usriX_password_expired = u3->usri3_password_expired; + break; case 1003: u1003 = (struct USER_INFO_1003 *)buffer; uX->usriX_password = u1003->usri1003_password; @@ -237,7 +269,6 @@ static NTSTATUS construct_USER_INFO_X(uint32_t level, u1053 = (struct USER_INFO_1053 *)buffer; uX->usriX_home_dir_drive = u1053->usri1053_home_dir_drive; break; - case 3: case 4: default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1753,9 +1784,17 @@ WERROR NetUserSetInfo_r(struct libnetapi_ctx *ctx, user_mask = SAMR_USER_ACCESS_SET_ATTRIBUTES | SAMR_USER_ACCESS_GET_GROUPS; break; + case 3: + user_mask = STD_RIGHT_READ_CONTROL_ACCESS | + STD_RIGHT_WRITE_DAC_ACCESS | + SAMR_USER_ACCESS_GET_GROUPS | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_SET_ATTRIBUTES | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_LOC_COM; + break; case 1: case 2: - case 3: case 4: case 21: case 22: -- cgit From da6c7aa2a1ff658777d522077430f9bf410d58d3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 25 Sep 2008 12:02:22 -0700 Subject: Use IPv4/v6 independent calls. Change safe_strcpy/cat to strlcpy/cat (this needs changing to talloc_sprintf) and fix file descriptor resource leaks in error paths. Jim and Holger please check ! Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 181 ++++++++++++++++------------- 1 file changed, 97 insertions(+), 84 deletions(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 237859182b..9e4cf81638 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -19,11 +19,6 @@ */ #include "includes.h" -#include "safe_string.h" -#include -#include -#include - /* abstraction for the send_over_network function */ #define UNIX_DOMAIN_SOCKET 1 @@ -127,84 +122,99 @@ static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) } - - /* Send data over a internet socket */ static void smb_traffic_analyzer_send_data_inet_socket( char *String, vfs_handle_struct *handle, const char *file_name, bool Write) { - /* Create a streaming Socket */ - const char *Hostname; - int sockfd, result; - int port; - struct sockaddr_in their_addr; - struct hostent *hp; - char Sender[200]; - char TimeStamp[200]; - int yes = 1; - connection_struct *conn; + /* Create a streaming Socket */ + const char *Hostname; + int sockfd = -1; + uint16_t port; + struct addrinfo hints; + struct addrinfo *ailist = NULL; + struct addrinfo *res = NULL; + char Sender[200]; + char TimeStamp[200]; + connection_struct *conn = handle->conn; + int ret; - if ((sockfd=socket(AF_INET, SOCK_STREAM,0)) == -1) { - DEBUG(1, ("unable to create socket, error is %s", - strerror(errno))); - return; - } - if (setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR, &yes, \ - sizeof(int)) == -1) { - DEBUG(1, ("unable to set socket options, error is %s", - strerror(errno))); - return; - } /* get port number, target system from the config parameters */ - conn=handle->conn; - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", - "host", "localhost"); + "host", "localhost"); + + ZERO_STRUCT(hints); + /* By default make sure it supports TCP. */ + hints.ai_socktype = SOCK_STREAM; + hints.ai_flags = AI_ADDRCONFIG; + + ret = getaddrinfo(Hostname, + NULL, + &hints, + &ailist); + + if (ret) { + DEBUG(3,("smb_traffic_analyzer_send_data_inet_socket: " + "getaddrinfo failed for name %s [%s]\n", + Hostname, + gai_strerror(ret) )); + return; + } port = atoi( lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "port", "9430")); - hp = gethostbyname(Hostname); - if (hp == NULL) { - DEBUG(1, ("smb_traffic_analyzer: Unkown Hostname of" - "target system!\n")); - } DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," "Port: %i\n", Hostname, port)); - their_addr.sin_family = AF_INET; - their_addr.sin_port = htons(port); - their_addr.sin_addr.s_addr = INADDR_ANY; - memset(their_addr.sin_zero, '\0', sizeof(their_addr.sin_zero)); - memcpy(hp->h_addr, &their_addr.sin_addr, hp->h_length); - their_addr.sin_port=htons(port); - result=connect( sockfd, &their_addr, sizeof( struct sockaddr_in)); - if ( result < 0 ) { - DEBUG(1, ("smb_traffic_analyzer: Couldn't connect to inet" - "socket!\n")); + for (res = ailist; res; res = res->ai_next) { + struct sockaddr_storage ss; + + if (!res->ai_addr || res->ai_addrlen == 0) { + continue; + } + + ZERO_STRUCT(ss); + memcpy(&ss, res->ai_addr, res->ai_addrlen); + + sockfd = open_socket_out(SOCK_STREAM, &ss, port, 10000); + if (sockfd != -1) { + break; + } + } + + if (ailist) { + freeaddrinfo(ailist); + } + + if (sockfd == -1) { + DEBUG(1, ("smb_traffic_analyzer: unable to create socket, error is %s", + strerror(errno))); + return; } - safe_strcpy(Sender, String, sizeof(Sender) - 1); - safe_strcat(Sender, ",\"", sizeof(Sender) - 1); - safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + + strlcpy(Sender, String, sizeof(Sender)); + strlcat(Sender, ",\"", sizeof(Sender)); + strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) - safe_strcat(Sender, "W", sizeof(Sender) - 1); + strlcat(Sender, "W", sizeof(Sender)); else - safe_strcat(Sender, "R", sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, file_name, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, "R", sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, file_name, sizeof(Sender) - 1); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); get_timestamp(TimeStamp); - safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); - safe_strcat(Sender, "\");", sizeof(Sender) - 1); + strlcat(Sender, TimeStamp, sizeof(Sender) - 1); + strlcat(Sender, "\");", sizeof(Sender) - 1); DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); + close(sockfd); return ; } @@ -224,49 +234,53 @@ static void smb_traffic_analyzer_send_data_unix_socket( char *String , struct sockaddr_un remote; char Sender[200]; char TimeStamp[200]; + DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " "/var/tmp/stadsocket\n")); + if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - safe_strcpy(remote.sun_path, "/var/tmp/stadsocket", - sizeof(remote.sun_path) - 1); + strlcpy(remote.sun_path, "/var/tmp/stadsocket", + sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: Could not connect to" "socket, make sure\nstad is running!\n")); + close(sock); + return; } - safe_strcpy(Sender, String, sizeof(Sender) - 1); - safe_strcat(Sender, ",\"", sizeof(Sender) - 1); - safe_strcat(Sender, get_current_username(), sizeof(Sender) - 1); - safe_strcat(Sender,"\",\"",sizeof(Sender) - 1); - safe_strcat(Sender, current_user_info.domain, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcpy(Sender, String, sizeof(Sender)); + strlcat(Sender, ",\"", sizeof(Sender)); + strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender,"\",\"",sizeof(Sender)); + strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) - safe_strcat(Sender, "W", sizeof(Sender) - 1); + strlcat(Sender, "W", sizeof(Sender)); else - safe_strcat(Sender, "R", sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, handle->conn->connectpath, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); - safe_strcat(Sender, file_name, sizeof(Sender) - 1); - safe_strcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, "R", sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); + strlcat(Sender, file_name, sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); get_timestamp(TimeStamp); - safe_strcat(Sender, TimeStamp, sizeof(Sender) - 1); - safe_strcat(Sender, "\");", sizeof(Sender) - 1); + strlcat(Sender, TimeStamp, sizeof(Sender)); + strlcat(Sender, "\");", sizeof(Sender)); DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { DEBUG(1, ("smb_traffic_analyzer: error sending data to" "socket!\n")); + close(sock); return; } /* one operation, close the socket */ close(sock); - return; } @@ -291,7 +305,7 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); @@ -307,7 +321,7 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); @@ -323,7 +337,7 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); @@ -339,7 +353,7 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - char Buffer[100]; + fstring Buffer; result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); @@ -349,4 +363,3 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); return result; } - -- cgit From f50ebbe29ff13d43ae8544c273247173ff12d45a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 26 Sep 2008 01:32:16 +0200 Subject: s3-srvsvc: fix _srvsvc_NetShareAdd segfault. parm_err is not a ref pointer. Guenther --- source3/rpc_server/srv_srvsvc_nt.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index bb9c3687fb..fb7478653d 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -1700,7 +1700,9 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__)); - *r->out.parm_error = 0; + if (r->out.parm_error) { + *r->out.parm_error = 0; + } get_current_user(&user,p); -- cgit From 694786b23c30e0a3449c7222433e3fdc7ef7c0e1 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Wed, 24 Sep 2008 23:23:01 +0200 Subject: net: Make share type lookup a function. --- source3/utils/net_proto.h | 2 ++ source3/utils/net_rap.c | 11 ++--------- source3/utils/net_rpc.c | 4 +--- source3/utils/net_util.c | 12 ++++++++++++ 4 files changed, 17 insertions(+), 12 deletions(-) diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 1e355e54a3..ee4388f157 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -471,6 +471,8 @@ int net_run_function(struct net_context *c, int argc, const char **argv, const char *whoami, struct functable *table); void net_display_usage_from_functable(struct functable *table); +const char *net_share_type_str(int num_type); + /* The following definitions come from utils/netlookup.c */ NTSTATUS net_lookup_name_from_sid(struct net_context *c, diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c index 883524dc2d..32f4dd31b4 100644 --- a/source3/utils/net_rap.c +++ b/source3/utils/net_rap.c @@ -34,13 +34,6 @@ #define ERRMSG_BOTH_SERVER_IPADDRESS "\nTarget server and IP address both "\ "specified. Do not set both at the same time. The target IP address was used\n" -const char *share_type[] = { - "Disk", - "Print", - "Dev", - "IPC" -}; - static int errmsg_not_implemented(void) { d_printf("\nNot implemented\n"); @@ -201,7 +194,7 @@ static void long_share_fn(const char *share_name, uint32 type, const char *comment, void *state) { d_printf("%-12s %-8.8s %-50s\n", - share_name, share_type[type], comment); + share_name, net_share_type_str(type), comment); } static void share_fn(const char *share_name, uint32 type, @@ -388,7 +381,7 @@ static void display_conns_func(uint16 conn_id, uint16 conn_type, uint16 opens, const char *username, const char *netname) { d_printf("%-14.14s %-8.8s %5d\n", - netname, share_type[conn_type], opens); + netname, net_share_type_str(conn_type), opens); } static int rap_session_info(struct net_context *c, int argc, const char **argv) diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index a849ec4c10..0e91144d33 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -26,8 +26,6 @@ static int net_mode_share; static bool sync_files(struct copy_clistate *cp_clistate, const char *mask); -extern const char *share_type[]; - /** * @file net_rpc.c * @@ -2876,7 +2874,7 @@ static void display_share_info_1(struct net_context *c, if (c->opt_long_list_entries) { d_printf("%-12s %-8.8s %-50s\n", r->shi1_netname, - share_type[r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)], + net_share_type_str(r->shi1_type & ~(STYPE_TEMPORARY|STYPE_HIDDEN)), r->shi1_remark); } else { d_printf("%s\n", r->shi1_netname); diff --git a/source3/utils/net_util.c b/source3/utils/net_util.c index 88850d29df..fbb3c24b03 100644 --- a/source3/utils/net_util.c +++ b/source3/utils/net_util.c @@ -2,6 +2,7 @@ * Unix SMB/CIFS implementation. * Helper routines for net * Copyright (C) Volker Lendecke 2006 + * Copyright (C) Kai Blin 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -595,3 +596,14 @@ void net_display_usage_from_functable(struct functable *table) d_printf("%s\n", table[i].usage); } } + +const char *net_share_type_str(int num_type) +{ + switch(num_type) { + case 0: return "Disk"; + case 1: return "Print"; + case 2: return "Dev"; + case 3: return "IPC"; + default: return "Unknown"; + } +} -- cgit From cd49586b29d754e497d10ed18be5d9b27e8c4a3d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 26 Sep 2008 23:39:32 +0200 Subject: libgpo: fix invalid cast in scripts CSE. Guenther --- source3/libgpo/gpext/scripts.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libgpo/gpext/scripts.c b/source3/libgpo/gpext/scripts.c index c07407c3f0..02c3abaa1e 100644 --- a/source3/libgpo/gpext/scripts.c +++ b/source3/libgpo/gpext/scripts.c @@ -93,7 +93,7 @@ static NTSTATUS generate_gp_registry_entry(TALLOC_CTX *mem_ctx, data->type = data_type; switch (data->type) { case REG_QWORD: - data->v.qword = (uint64_t)data_p; + data->v.qword = *(uint64_t *)data_p; break; case REG_SZ: data->v.sz.str = talloc_strdup(mem_ctx, (char *)data_p); -- cgit From da8bebaa646db4c298038ba0013b47e88840977e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2008 15:17:14 -0700 Subject: Fix bug #5797 - Moving readonly files fails. Reported by infomail@lordb.de. We don't need to deny a DELETE open on a readonly file (I'm also adding a s4 torture test for this), the set_file_disposition call will return NT_STATUS_CANNOT_DELETE if the delete-on-close bit is set on a readonly file (and we already do this). Jeremy. --- source3/smbd/open.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 71191475b3..ad024a58ef 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2608,9 +2608,7 @@ NTSTATUS create_file_unixpath(connection_struct *conn, && (create_disposition != FILE_CREATE) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS) - && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY) - && !lp_delete_readonly(SNUM(conn))) - || !can_delete_file_in_directory(conn, fname))) { + && (!can_delete_file_in_directory(conn, fname))) { status = NT_STATUS_ACCESS_DENIED; goto fail; } -- cgit From 857609732fa92a70ce35d85d775d03362056a6c2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2008 15:20:27 -0700 Subject: Add test to show you can open for delete a readonly file. Jeremy. --- source4/torture/raw/open.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c index f3494ea3d0..dd5ef0d0b9 100644 --- a/source4/torture/raw/open.c +++ b/source4/torture/raw/open.c @@ -1545,6 +1545,64 @@ static bool test_raw_open_multi(struct torture_context *tctx) return ret; } +/* + test opening for delete on a read-only attribute file. +*/ +static bool test_open_for_delete(struct smbcli_state *cli, struct torture_context *tctx) +{ + union smb_open io; + union smb_fileinfo finfo; + const char *fname = BASEDIR "\\torture_open_for_delete.txt"; + NTSTATUS status; + int fnum = -1; + bool ret = true; + + printf("Checking RAW_NTCREATEX for delete on a readonly file.\n"); + + /* reasonable default parameters */ + io.generic.level = RAW_OPEN_NTCREATEX; + io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED; + io.ntcreatex.in.root_fid = 0; + io.ntcreatex.in.alloc_size = 0; + io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL; + io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_READONLY; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE; + io.ntcreatex.in.create_options = 0; + io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS; + io.ntcreatex.in.security_flags = 0; + io.ntcreatex.in.fname = fname; + + /* Create the readonly file. */ + + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + fnum = io.ntcreatex.out.file.fnum; + + CHECK_VAL(io.ntcreatex.out.oplock_level, 0); + io.ntcreatex.in.create_options = 0; + CHECK_VAL(io.ntcreatex.out.create_action, NTCREATEX_ACTION_CREATED); + CHECK_ALL_INFO(io.ntcreatex.out.attrib, attrib); + smbcli_close(cli->tree, fnum); + + /* Now try and open for delete only - should succeed. */ + io.ntcreatex.in.access_mask = SEC_STD_DELETE; + io.ntcreatex.in.file_attr = 0; + io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_READ | NTCREATEX_SHARE_ACCESS_WRITE | NTCREATEX_SHARE_ACCESS_DELETE; + io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN; + status = smb_raw_open(cli->tree, tctx, &io); + CHECK_STATUS(status, NT_STATUS_OK); + + smbcli_unlink(cli->tree, fname); + +done: + smbcli_close(cli->tree, fnum); + smbcli_unlink(cli->tree, fname); + + return ret; +} + + /* basic testing of all RAW_OPEN_* calls */ bool torture_raw_open(struct torture_context *torture, struct smbcli_state *cli) @@ -1567,6 +1625,7 @@ bool torture_raw_open(struct torture_context *torture, struct smbcli_state *cli) ret &= test_ctemp(cli, torture); ret &= test_chained(cli, torture); ret &= test_no_leading_slash(cli, torture); + ret &= test_open_for_delete(cli, torture); smb_raw_exit(cli->session); smbcli_deltree(cli->tree, BASEDIR); -- cgit From 0cb55e74eff6e0123cc8a7fe8dc81ad181f81a61 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 00:36:45 +0200 Subject: libgpo: add security CSE skeleton. Guenther --- source3/Makefile.in | 6 + source3/libgpo/gpext/security.c | 267 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 273 insertions(+) create mode 100644 source3/libgpo/gpext/security.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 18b1d9ad30..c8ee9be00f 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1139,6 +1139,8 @@ pam_smbpass: SHOWFLAGS bin/pam_smbpass.@SHLIBEXT@ pam_winbind: SHOWFLAGS bin/pam_winbind.@SHLIBEXT@ +gpext_modules:: $(GPEXT_MODULES) + torture:: SHOWFLAGS $(TORTURE_PROGS) smbtorture : SHOWFLAGS bin/smbtorture@EXEEXT@ @@ -2416,6 +2418,10 @@ bin/scripts.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/scripts.o @echo "Building plugin $@" @$(SHLD_MODULE) libgpo/gpext/scripts.o +bin/security.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/security.o + @echo "Building plugin $@" + @$(SHLD_MODULE) libgpo/gpext/security.o + ######################################################### ## IdMap NSS plugins diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c new file mode 100644 index 0000000000..61a25790a8 --- /dev/null +++ b/source3/libgpo/gpext/security.c @@ -0,0 +1,267 @@ +/* + * Unix SMB/CIFS implementation. + * Group Policy Support + * Copyright (C) Guenther Deschner 2005-2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" +#include "libgpo/gpo_ini.h" + +#define GP_EXT_NAME "security" + +#define GPTTMPL_UNIX_PATH "Microsoft/Windows NT/SecEdit/GptTmpl.inf" + +#define GPTTMPL_SECTION_UNICODE "Unicode" +#define GPTTMPL_SECTION_VERSION "Version" + +#define GPTTMPL_SECTION_REGISTRY_VALUES "Registry Values" +#define GPTTMPL_SECTION_SYSTEM_ACCESS "System Access" +#define GPTTMPL_SECTION_KERBEROS_POLICY "Kerberos Policy" +#define GPTTMPL_SECTION_EVENT_AUDIT "Event Audit" +#define GPTTMPL_SECTION_PRIVILEGE_RIGHTS "Privilege Rights" +#define GPTTMPL_SECTION_APPLICATION_LOG "Application Log" +#define GPTTMPL_SECTION_SECURITY_LOG "Security Log" +#define GPTTMPL_SECTION_SYSTEM_LOG "System Log" +#define GPTTMPL_SECTION_GROUP_MEMBERSHIP "Group Membership" +#define GPTTMPL_SECTION_FILE_SECURITY "File Security" +#define GPTTMPL_SECTION_SERVICE_GENERAL_SETTING "Service General Setting" + +static TALLOC_CTX *ctx = NULL; + +struct gpttmpl_table { + const char *section; + const char *parameter; + enum winreg_Type type; +}; + +/**************************************************************** + parse the Version section from gpttmpl file +****************************************************************/ + +#define GPTTMPL_PARAMETER_REVISION "Revision" +#define GPTTMPL_PARAMETER_SIGNATURE "signature" +#define GPTTMPL_VALUE_CHICAGO "$CHICAGO$" /* whatever this is good for... */ +#define GPTTMPL_PARAMETER_UNICODE "Unicode" + +static NTSTATUS gpttmpl_parse_header(dictionary *dict, + uint32_t *version_out) +{ + const char *signature = NULL; + uint32_t version; + + if (!dict) { + return NT_STATUS_INVALID_PARAMETER; + } + + if ((signature = iniparser_getstring(dict, GPTTMPL_SECTION_VERSION + ":"GPTTMPL_PARAMETER_SIGNATURE, NULL)) == NULL) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (!strequal(signature, GPTTMPL_VALUE_CHICAGO)) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if ((version = iniparser_getint(dict, GPTTMPL_SECTION_VERSION + ":"GPTTMPL_PARAMETER_REVISION, Undefined)) == Undefined) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + if (version_out) { + *version_out = version; + } + + /* treat that as boolean */ + if ((!iniparser_getboolean(dict, GPTTMPL_SECTION_UNICODE + ":"GPTTMPL_PARAMETER_UNICODE, Undefined)) == Undefined) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS gpttmpl_init_context(TALLOC_CTX *mem_ctx, + uint32_t flags, + const char *unix_path, + struct gp_inifile_context **ini_ctx) +{ + NTSTATUS status; + uint32_t version; + struct gp_inifile_context *tmp_ctx = NULL; + + status = gp_inifile_init_context(mem_ctx, flags, unix_path, + GPTTMPL_UNIX_PATH, &tmp_ctx); + NT_STATUS_NOT_OK_RETURN(status); + + status = gpttmpl_parse_header(tmp_ctx->dict, &version); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(1,("gpttmpl_init_context: failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(tmp_ctx); + return status; + } + + *ini_ctx = tmp_ctx; + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS gpttmpl_process(struct gp_inifile_context *ini_ctx, + struct registry_key *root_key, + uint32_t flags) +{ + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS security_process_group_policy(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + uint32_t flags, + struct registry_key *root_key, + const struct nt_user_token *token, + struct GROUP_POLICY_OBJECT *gpo, + const char *extension_guid, + const char *snapin_guid) +{ + NTSTATUS status; + char *unix_path = NULL; + struct gp_inifile_context *ini_ctx = NULL; + + debug_gpext_header(0, "security_process_group_policy", flags, gpo, + extension_guid, snapin_guid); + + /* this handler processes the gpttmpl files and merge output to the + * registry */ + + status = gpo_get_unix_path(mem_ctx, gpo, &unix_path); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = gpttmpl_init_context(mem_ctx, flags, unix_path, &ini_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = gpttmpl_process(ini_ctx, root_key, flags); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + out: + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("security_process_group_policy: %s\n", + nt_errstr(status))); + } + TALLOC_FREE(ini_ctx); + + return status; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS security_get_reg_config(TALLOC_CTX *mem_ctx, + struct gp_extension_reg_info **reg_info) +{ + NTSTATUS status; + struct gp_extension_reg_info *info = NULL; + + struct gp_extension_reg_table table[] = { + /* FIXME: how can we store the "(Default)" value ??? */ + /* { "", REG_SZ, "Security" }, */ + { "ProcessGroupPolicy", REG_SZ, "security_process_group_policy" }, + { "NoUserPolicy", REG_DWORD, "1" }, + { "ExtensionDebugLevel", REG_DWORD, "1" }, + { NULL, REG_NONE, NULL } + }; + + info = TALLOC_ZERO_P(mem_ctx, struct gp_extension_reg_info); + NT_STATUS_HAVE_NO_MEMORY(info); + + status = gp_ext_info_add_entry(mem_ctx, GP_EXT_NAME, + GP_EXT_GUID_SECURITY, + table, info); + NT_STATUS_NOT_OK_RETURN(status); + + *reg_info = info; + + return NT_STATUS_OK; +} + + +/**************************************************************** +****************************************************************/ + +static NTSTATUS security_initialize(TALLOC_CTX *mem_ctx) +{ + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS security_shutdown(void) +{ + NTSTATUS status; + + status = unregister_gp_extension(GP_EXT_NAME); + if (NT_STATUS_IS_OK(status)) { + return status; + } + + TALLOC_FREE(ctx); + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static struct gp_extension_methods security_methods = { + .initialize = security_initialize, + .process_group_policy = security_process_group_policy, + .get_reg_config = security_get_reg_config, + .shutdown = security_shutdown +}; + +/**************************************************************** +****************************************************************/ + +static NTSTATUS gpext_security_init(void) +{ + NTSTATUS status; + + ctx = talloc_init("gpext_security_init"); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + status = register_gp_extension(ctx, SMB_GPEXT_INTERFACE_VERSION, + GP_EXT_NAME, GP_EXT_GUID_SECURITY, + &security_methods); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(ctx); + } + + return status; +} -- cgit From 9c1b5f27e40b1a30b20ffd674111fdfb709b0917 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 00:38:26 +0200 Subject: libgpo: fix copyright. Guenther --- source3/libgpo/gpext/security.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libgpo/gpext/security.c b/source3/libgpo/gpext/security.c index 61a25790a8..1d746da37f 100644 --- a/source3/libgpo/gpext/security.c +++ b/source3/libgpo/gpext/security.c @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * Group Policy Support - * Copyright (C) Guenther Deschner 2005-2007 + * Copyright (C) Guenther Deschner 2005-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by -- cgit From c12c69c6ee637075573350aa6f1d4b1abf84ad0b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 00:55:42 +0200 Subject: libgpo: add gpext_security module build to configure. Guenther --- source3/configure.in | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/configure.in b/source3/configure.in index 8332b1e34a..f04ddbeaa5 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6122,6 +6122,7 @@ SMB_SUBSYSTEM(VFS,smbd/vfs.o) SMB_MODULE(gpext_registry, libgpo/gpext/registry.o, "bin/registry.$SHLIBEXT", GPEXT) SMB_MODULE(gpext_scripts, libgpo/gpext/scripts.o, "bin/scripts.$SHLIBEXT", GPEXT) +SMB_MODULE(gpext_security, libgpo/gpext/security.o, "bin/security.$SHLIBEXT", GPEXT) SMB_SUBSYSTEM(GPEXT, libgpo/gpext/gpext.o) AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) -- cgit From ce46f65f1703c23bad0544e14f8db464a93dbb1e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 01:15:07 +0200 Subject: libwbclient: fix doxygen warnings. Guenther --- source3/nsswitch/libwbclient/wbc_idmap.c | 2 +- source3/nsswitch/libwbclient/wbc_pwd.c | 2 +- source3/nsswitch/libwbclient/wbc_sid.c | 6 +++--- source3/nsswitch/libwbclient/wbc_util.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index e32d66cd71..1615fd33ee 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -394,7 +394,7 @@ wbcErr wbcSetUidHwm(uid_t uid_hwm) /** @brief Set the highwater mark for allocated gids. * - * @param uid_hwm The new gid highwater mark value + * @param gid_hwm The new gid highwater mark value * * @return #wbcErr **/ diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index b5f167369c..0d17b312ef 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -380,7 +380,7 @@ wbcErr wbcGetgrent(struct group **grp) * * @param *account The given user name * @param *num_groups Number of elements returned in the groups array - * @param **groups Pointer to resulting gid_t array. + * @param **_groups Pointer to resulting gid_t array. * * @return #wbcErr **/ diff --git a/source3/nsswitch/libwbclient/wbc_sid.c b/source3/nsswitch/libwbclient/wbc_sid.c index f4ffa4e5ca..4cfdd792b5 100644 --- a/source3/nsswitch/libwbclient/wbc_sid.c +++ b/source3/nsswitch/libwbclient/wbc_sid.c @@ -223,9 +223,9 @@ wbcErr wbcLookupName(const char *domain, /** @brief Convert a SID to a domain and name * * @param *sid Pointer to the domain SID to be resolved - * @param domain Resolved Domain name (possibly "") - * @param name Resolved User or group name - * @param *name_type Pointet to the resolved SID type + * @param pdomain Resolved Domain name (possibly "") + * @param pname Resolved User or group name + * @param *pname_type Pointet to the resolved SID type * * @return #wbcErr * diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 24568f9101..8e01e6e719 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -496,7 +496,7 @@ wbcErr wbcListTrusts(struct wbcDomainInfo **domains, size_t *num_domains) /** @brief Enumerate the domain trusts known by Winbind * * @param domain Name of the domain to query for a DC - * @flags Bit flags used to control the domain location query + * @param flags Bit flags used to control the domain location query * @param *dc_info Pointer to the returned domain controller information * * @return #wbcErr -- cgit From fae2fce47e28ccfe5f43744200ce2ae68da3a9aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 01:49:22 +0200 Subject: s4:provision: don't do the full provision in the become_dc metze --- source4/scripting/python/samba/provision.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py index 68f61532ad..427ca975b3 100644 --- a/source4/scripting/python/samba/provision.py +++ b/source4/scripting/python/samba/provision.py @@ -744,6 +744,8 @@ def setup_samdb(path, setup_path, session_info, credentials, lp, samdb = SamDB(path, session_info=session_info, credentials=credentials, lp=lp) + if fill == FILL_DRS: + return samdb message("Pre-loading the Samba 4 and AD schema") samdb.set_domain_sid(domainsid) -- cgit From 3b02b9e40ee5b1c4dbdf503fdeb0351832a1e9c9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2008 18:39:03 -0700 Subject: Second part of the fix for bug #5790 - samba returns STATUS_OBJECT_NAME_NOT_FOUND on set file disposition call. This was my fault. I use a singleton cache (positive and negative) to speed up pathname based qfileinfo/setfileinfo lookups for alternate fsp's open on the same path. I only invalidated the negative cache on adding a new file fsp, as I incorrectly imagined the new fsp was put at the *end* of the open files list. DLIST_ADD puts it at the start, meaning any subsequent open wasn't seen once the cache was set. Doh ! Jeremy. --- source3/smbd/files.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 777f8e1e23..8d06e20f81 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -122,10 +122,12 @@ NTSTATUS file_new(connection_struct *conn, files_struct **result) chain_fsp = fsp; - /* A new fsp invalidates a negative fsp_fi_cache. */ - if (fsp_fi_cache.fsp == NULL) { - ZERO_STRUCT(fsp_fi_cache); - } + /* A new fsp invalidates the positive and + negative fsp_fi_cache as the new fsp is pushed + at the start of the list and we search from + a cache hit to the *end* of the list. */ + + ZERO_STRUCT(fsp_fi_cache); *result = fsp; return NT_STATUS_OK; -- cgit From 21c4061414f0e1af9106c50958dd5653a6f5368d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:06:27 +0200 Subject: [s3]loadparm: add a command test_lp_load to test the lp_load function. This is not like testparm, just a simple tool that runs lp_load_with_registry_shares the requested number of times. Michael --- source3/param/test_lp_load.c | 88 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 source3/param/test_lp_load.c diff --git a/source3/param/test_lp_load.c b/source3/param/test_lp_load.c new file mode 100644 index 0000000000..db1bad4726 --- /dev/null +++ b/source3/param/test_lp_load.c @@ -0,0 +1,88 @@ +/* + * Unix SMB/CIFS implementation. + * Test for lp_load() + * Copyright (C) Michael Adam 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +#include "includes.h" + +extern bool AllowDebugChange; + +int main(int argc, const char **argv) +{ + const char *config_file = get_dyn_CONFIGFILE(); + int ret = 0; + poptContext pc; + char *count_str = NULL; + int i, count = 1; + + struct poptOption long_options[] = { + POPT_AUTOHELP + {"count", 'c', POPT_ARG_STRING, &count_str, 1, + "Load config number of times"}, + POPT_COMMON_DEBUGLEVEL + POPT_TABLEEND + }; + + TALLOC_CTX *frame = talloc_stackframe(); + + load_case_tables(); + DEBUGLEVEL_CLASS[DBGC_ALL] = 0; + + pc = poptGetContext(NULL, argc, argv, long_options, + POPT_CONTEXT_KEEP_FIRST); + poptSetOtherOptionHelp(pc, "[OPTION...] "); + + while(poptGetNextOpt(pc) != -1); + + setup_logging(poptGetArg(pc), True); + + if (poptPeekArg(pc)) { + config_file = poptGetArg(pc); + } + + poptFreeContext(pc); + + if (count_str != NULL) { + count = atoi(count_str); + } + + dbf = x_stderr; + /* Don't let the debuglevel be changed by smb.conf. */ + AllowDebugChange = False; + + for (i=0; i < count; i++) { + printf("call lp_load() #%d: ", i+1); + if (!lp_load_with_registry_shares(config_file, + False, /* global only */ + True, /* save defaults */ + False, /*add_ipc */ + True)) /*init globals */ + { + printf("ERROR.\n"); + ret = 1; + goto done; + } + printf("ok.\n"); + } + + +done: + TALLOC_FREE(frame); + gfree_loadparm(); + return ret; +} + -- cgit From 6bfd63e0104d3f8d57e20492e27fc280695bcbb1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:08:02 +0200 Subject: [s3]build: build the new test_lp_load command. Michael --- source3/Makefile.in | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index c8ee9be00f..61e946e7cd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -739,6 +739,10 @@ TESTPARM_OBJ = utils/testparm.o \ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \ $(LIBSAMBA_OBJ) +TEST_LP_LOAD_OBJ = param/test_lp_load.o \ + $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \ + $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ) + PASSWD_UTIL_OBJ = utils/passwd_util.o SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \ @@ -2494,6 +2498,13 @@ bin/rpc_open_tcp@EXEEXT@: $(BINARY_PREREQS) $(RPC_OPEN_TCP_OBJ) @LIBTALLOC_SHARE $(LIBS) $(LIBTALLOC_LIBS) @LIBTDB_SHARED@ $(WINBIND_LIBS) \ $(LDAP_LIBS) $(KRB5LIBS) $(NSCD_LIBS) +bin/test_lp_load@EXEEXT@: $(BINARY_PREREQS) $(TEST_LP_LOAD_OBJ) @BUILD_POPT@ @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ + @echo "Linking $@" + @$(CC) $(FLAGS) -o $@ $(TEST_LP_LOAD_OBJ) \ + $(LDFLAGS) $(DYNEEXP) $(LIBS) \ + $(LDAP_LIBS) \ + $(POPT_LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) + install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \ installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \ @INSTALL_PAM_MODULES@ installlibs -- cgit From 628ee436a1104655616ea1b25f920a2d2d24099a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:10:05 +0200 Subject: [s3]testparm: free the popt context when it is no longer used. Michael --- source3/utils/testparm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c index 527db2d805..ccbb2dd391 100644 --- a/source3/utils/testparm.c +++ b/source3/utils/testparm.c @@ -329,6 +329,8 @@ rameter is ignored when using CUPS libraries.\n", cname = poptGetArg(pc); caddr = poptGetArg(pc); + poptFreeContext(pc); + if ( cname && ! caddr ) { printf ( "ERROR: You must specify both a machine name and an IP address.\n" ); return(1); -- cgit From 39f7ec3f7468d8b044f4d1d403aa60a306451d20 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:10:44 +0200 Subject: [s3]testparm: give testparm one common exit point and call gfree_loadparm(). Michael --- source3/utils/testparm.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/source3/utils/testparm.c b/source3/utils/testparm.c index ccbb2dd391..4370d49523 100644 --- a/source3/utils/testparm.c +++ b/source3/utils/testparm.c @@ -333,7 +333,8 @@ rameter is ignored when using CUPS libraries.\n", if ( cname && ! caddr ) { printf ( "ERROR: You must specify both a machine name and an IP address.\n" ); - return(1); + ret = 1; + goto done; } if (new_local_machine) { @@ -348,7 +349,8 @@ rameter is ignored when using CUPS libraries.\n", if (!lp_load_with_registry_shares(config_file,False,True,False,True)) { fprintf(stderr,"Error loading services.\n"); - return(1); + ret = 1; + goto done; } fprintf(stderr,"Loaded services file OK.\n"); @@ -395,13 +397,15 @@ rameter is ignored when using CUPS libraries.\n", (s=lp_servicenumber(section_name)) == -1) { fprintf(stderr,"Unknown section %s\n", section_name); - return(1); + ret = 1; + goto done; } if (parameter_name) { if (!dump_a_parameter( s, parameter_name, stdout, isGlobal)) { fprintf(stderr,"Parameter %s unknown for section %s\n", parameter_name, section_name); - return(1); + ret = 1; + goto done; } } else { if (isGlobal == True) @@ -409,7 +413,7 @@ rameter is ignored when using CUPS libraries.\n", else lp_dump_one(stdout, show_defaults, s); } - return(ret); + goto done; } lp_dump(stdout, show_defaults, lp_numservices()); @@ -430,7 +434,10 @@ rameter is ignored when using CUPS libraries.\n", } } } + +done: TALLOC_FREE(frame); - return(ret); + gfree_loadparm(); + return ret; } -- cgit From b38ed2674b42c27ec4183a84b6e73dfa1387b398 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 24 Sep 2008 20:31:39 +0200 Subject: [s3]loadparm: rename process_registry_service() to process_smbconf_service(). There is nothing registry-specific in that function. Michael --- source3/param/loadparm.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 87af7a3411..a879859e75 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6560,7 +6560,7 @@ static struct smbconf_ctx *lp_smbconf_ctx(void) return conf_ctx; } -static bool process_registry_service(struct smbconf_service *service) +static bool process_smbconf_service(struct smbconf_service *service) { uint32_t count; bool ret; @@ -6616,7 +6616,7 @@ static bool process_registry_globals(void) goto done; } - ret = process_registry_service(service); + ret = process_smbconf_service(service); if (!ret) { goto done; } @@ -6654,7 +6654,7 @@ static bool process_registry_shares(void) if (strequal(service[count]->name, GLOBAL_NAME)) { continue; } - ret = process_registry_service(service[count]); + ret = process_smbconf_service(service[count]); if (!ret) { goto done; } -- cgit From 612aa3915f92a4309d24f9ba7f33f26c275fab48 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 24 Sep 2008 21:59:34 +0200 Subject: [s3]loadparm: refactor freeing of parametric options into free_param_opts(). This code was there in three places. Michael --- source3/param/loadparm.c | 75 ++++++++++++++++++++++-------------------------- 1 file changed, 34 insertions(+), 41 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index a879859e75..74dff837c0 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -5390,6 +5390,7 @@ static bool do_section(const char *pszSectionName, void *userdata); static void init_copymap(struct service *pservice); static bool hash_a_service(const char *name, int number); static void free_service_byindex(int iService); +static void free_param_opts(struct param_opt_struct **popts); static char * canonicalize_servicename(const char *name); static void show_parameter(int parmIndex); static bool is_synonym_of(int parm1, int parm2, bool *inverse); @@ -5644,6 +5645,35 @@ static void init_service(struct service *pservice) copy_service(pservice, &sDefault, NULL); } +/** + * free a param_opts structure. + * param_opts handling should be moved to talloc; + * then this whole functions reduces to a TALLOC_FREE(). + */ + +static void free_param_opts(struct param_opt_struct **popts) +{ + struct param_opt_struct *opt, *next_opt; + + if (popts == NULL) { + return; + } + + if (*popts != NULL) { + DEBUG(5, ("Freeing parametrics:\n")); + } + opt = *popts; + while (opt != NULL) { + string_free(&opt->key); + string_free(&opt->value); + TALLOC_FREE(opt->list); + next_opt = opt->next; + SAFE_FREE(opt); + opt = next_opt; + } + *popts = NULL; +} + /*************************************************************************** Free the dynamically allocated parts of a service struct. ***************************************************************************/ @@ -5651,7 +5681,6 @@ static void init_service(struct service *pservice) static void free_service(struct service *pservice) { int i; - struct param_opt_struct *data, *pdata; if (!pservice) return; @@ -5677,18 +5706,7 @@ static void free_service(struct service *pservice) &sDefault)))); } - data = pservice->param_opt; - if (data) - DEBUG(5,("Freeing parametrics:\n")); - while (data) { - DEBUG(5,("[%s = %s]\n", data->key, data->value)); - string_free(&data->key); - string_free(&data->value); - TALLOC_FREE(data->list); - pdata = data->next; - SAFE_FREE(data); - data = pdata; - } + free_param_opts(&pservice->param_opt); ZERO_STRUCTP(pservice); } @@ -5730,7 +5748,6 @@ static int add_a_service(const struct service *pservice, const char *name) int i; struct service tservice; int num_to_alloc = iNumServices + 1; - struct param_opt_struct *data, *pdata; tservice = *pservice; @@ -5740,16 +5757,7 @@ static int add_a_service(const struct service *pservice, const char *name) if (i >= 0) { /* Clean all parametric options for service */ /* They will be added during parsing again */ - data = ServicePtrs[i]->param_opt; - while (data) { - string_free(&data->key); - string_free(&data->value); - TALLOC_FREE(data->list); - pdata = data->next; - SAFE_FREE(data); - data = pdata; - } - ServicePtrs[i]->param_opt = NULL; + free_param_opts(&ServicePtrs[i]->param_opt); return (i); } } @@ -8765,9 +8773,6 @@ bool lp_is_in_client(void) return in_client; } - - - /*************************************************************************** Load the services array from the services file. Return True on success, False on failure. @@ -8783,7 +8788,6 @@ bool lp_load_ex(const char *pszFname, { char *n2 = NULL; bool bRetval; - struct param_opt_struct *data, *pdata; bRetval = False; @@ -8801,22 +8805,11 @@ bool lp_load_ex(const char *pszFname, lp_save_defaults(); } + free_param_opts(&Globals.param_opt); + /* We get sections first, so have to start 'behind' to make up */ iServiceIndex = -1; - if (Globals.param_opt != NULL) { - data = Globals.param_opt; - while (data) { - string_free(&data->key); - string_free(&data->value); - TALLOC_FREE(data->list); - pdata = data->next; - SAFE_FREE(data); - data = pdata; - } - Globals.param_opt = NULL; - } - if (lp_config_backend_is_file()) { n2 = alloc_sub_basic(get_current_username(), current_user_info.domain, -- cgit From 33d18c76f1bf5e10b52e873af5b29fabd1db7f3c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 24 Sep 2008 22:19:26 +0200 Subject: [s3]loadparm: fix memory error - free the right param_opt->list in copy_service. Michael --- source3/param/loadparm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 74dff837c0..dbfd5853f5 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6487,7 +6487,7 @@ static void copy_service(struct service *pserviceDest, struct service *pserviceS /* If we already have same option, override it */ if (strwicmp(pdata->key, data->key) == 0) { string_free(&pdata->value); - TALLOC_FREE(data->list); + TALLOC_FREE(pdata->list); pdata->value = SMB_STRDUP(data->value); not_added = False; break; -- cgit From aa388a20053dc1809e8fcf12dbc6eddcec23d77e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 25 Sep 2008 00:52:11 +0200 Subject: [s3]loadparm: refactor setting parametric options in list out into new function set_param_opt(). This unifies and clarifies two instances of the code. Michael --- source3/param/loadparm.c | 97 ++++++++++++++++++++++-------------------------- 1 file changed, 45 insertions(+), 52 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dbfd5853f5..fda086cacf 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -6416,13 +6416,51 @@ static int getservicebyname(const char *pszServiceName, struct service *pservice If pcopymapDest is NULL then copy all fields ***************************************************************************/ +/** + * Add a parametric option to a param_opt_struct, + * replacing old value, if already present. + */ +static void set_param_opt(struct param_opt_struct **opt_list, + const char *opt_name, + const char *opt_value) +{ + struct param_opt_struct *new_opt, *opt; + bool not_added; + + if (opt_list == NULL) { + return; + } + + opt = *opt_list; + not_added = true; + + /* Traverse destination */ + while (opt) { + /* If we already have same option, override it */ + if (strwicmp(opt->key, opt_name) == 0) { + string_free(&opt->value); + TALLOC_FREE(opt->list); + opt->value = SMB_STRDUP(opt_value); + not_added = false; + break; + } + opt = opt->next; + } + if (not_added) { + new_opt = SMB_XMALLOC_P(struct param_opt_struct); + new_opt->key = SMB_STRDUP(opt_name); + new_opt->value = SMB_STRDUP(opt_value); + new_opt->list = NULL; + DLIST_ADD(*opt_list, new_opt); + } +} + static void copy_service(struct service *pserviceDest, struct service *pserviceSource, struct bitmap *pcopymapDest) { int i; bool bcopyall = (pcopymapDest == NULL); - struct param_opt_struct *data, *pdata, *paramo; - bool not_added; + struct param_opt_struct *data; for (i = 0; parm_table[i].label; i++) if (parm_table[i].ptr && parm_table[i].p_class == P_LOCAL && @@ -6480,27 +6518,7 @@ static void copy_service(struct service *pserviceDest, struct service *pserviceS data = pserviceSource->param_opt; while (data) { - not_added = True; - pdata = pserviceDest->param_opt; - /* Traverse destination */ - while (pdata) { - /* If we already have same option, override it */ - if (strwicmp(pdata->key, data->key) == 0) { - string_free(&pdata->value); - TALLOC_FREE(pdata->list); - pdata->value = SMB_STRDUP(data->value); - not_added = False; - break; - } - pdata = pdata->next; - } - if (not_added) { - paramo = SMB_XMALLOC_P(struct param_opt_struct); - paramo->key = SMB_STRDUP(data->key); - paramo->value = SMB_STRDUP(data->value); - paramo->list = NULL; - DLIST_ADD(pserviceDest->param_opt, paramo); - } + set_param_opt(&pserviceDest->param_opt, data->key, data->value); data = data->next; } } @@ -7165,8 +7183,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue int parmnum, i; void *parm_ptr = NULL; /* where we are going to store the result */ void *def_ptr = NULL; - struct param_opt_struct *paramo, *data; - bool not_added; + struct param_opt_struct **opt_list; parmnum = map_parameter(pszParmName); @@ -7185,33 +7202,9 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue frame = talloc_stackframe(); - not_added = True; - data = (snum < 0) - ? Globals.param_opt : ServicePtrs[snum]->param_opt; - /* Traverse destination */ - while (data) { - /* If we already have same option, override it */ - if (strwicmp(data->key, pszParmName) == 0) { - string_free(&data->value); - TALLOC_FREE(data->list); - data->value = SMB_STRDUP(pszParmValue); - not_added = False; - break; - } - data = data->next; - } - if (not_added) { - paramo = SMB_XMALLOC_P(struct param_opt_struct); - paramo->key = SMB_STRDUP(pszParmName); - paramo->value = SMB_STRDUP(pszParmValue); - paramo->list = NULL; - if (snum < 0) { - DLIST_ADD(Globals.param_opt, paramo); - } else { - DLIST_ADD(ServicePtrs[snum]->param_opt, - paramo); - } - } + opt_list = (snum < 0) + ? &Globals.param_opt : &ServicePtrs[snum]->param_opt; + set_param_opt(opt_list, pszParmName, pszParmValue); TALLOC_FREE(frame); return (True); -- cgit From 1578610aefe28be1b121f3a957787e98a5536b85 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 25 Sep 2008 00:54:45 +0200 Subject: [s3]loadparm: remove superfluous talloc context / talloc_stackframe call. Michael --- source3/param/loadparm.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index fda086cacf..dc7026268b 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -7188,8 +7188,6 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue parmnum = map_parameter(pszParmName); if (parmnum < 0) { - TALLOC_CTX *frame; - if (strchr(pszParmName, ':') == NULL) { DEBUG(0, ("Ignoring unknown parameter \"%s\"\n", pszParmName)); @@ -7200,13 +7198,10 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue * We've got a parametric option */ - frame = talloc_stackframe(); - opt_list = (snum < 0) ? &Globals.param_opt : &ServicePtrs[snum]->param_opt; set_param_opt(opt_list, pszParmName, pszParmValue); - TALLOC_FREE(frame); return (True); } -- cgit From e56c89b5e85f565e03818abc4fa5354bdf473dee Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:13:17 +0200 Subject: [s3]loadparm: in lp_do_parameter() use function lp_local_ptr() instead of hard coded calculation. Michael --- source3/param/loadparm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index dc7026268b..025e3e92ad 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -7222,9 +7222,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue pszParmName)); return (True); } - parm_ptr = - ((char *)ServicePtrs[snum]) + PTR_DIFF(def_ptr, - &sDefault); + parm_ptr = lp_local_ptr(snum, def_ptr); } if (snum >= 0) { -- cgit From 3358a139d2dc77eb4c842d41722b1acc24bd2cb2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 27 Sep 2008 22:19:56 +0200 Subject: [s3]loadparm: refactor freeing of parameter data out and reduce memleak. Add new functions free_parameter(), free_parameters() and free_global_parameters() and use these in the appropriate places, reducing code duplication. Also, always TALLOC_FREE data of type P_LIST, thus reducing mem-leaks: This had not been done in init_globals before. Michael --- source3/param/loadparm.c | 88 +++++++++++++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 35 deletions(-) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 025e3e92ad..94660317f8 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4572,6 +4572,54 @@ static void init_printer_values(struct service *pService) } } +/** + * Free the allocated data for one parameter for a given share. + */ +static void free_parameter(int snum, struct parm_struct parm) +{ + void *parm_ptr; + + if (parm.ptr == NULL); { + return; + } + + if (snum < 0) { + parm_ptr = parm.ptr; + } else if (parm.p_class != P_LOCAL) { + return; + } else { + parm_ptr = lp_local_ptr(snum, parm.ptr); + } + + if ((parm.type == P_STRING) || + (parm.type == P_USTRING)) + { + string_free((char**)parm_ptr); + } else if (parm.type == P_LIST) { + TALLOC_FREE(*((char***)parm_ptr)); + } +} + +/** + * Free the allocated parameter data for a share. + */ +static void free_parameters(int snum) +{ + uint32_t i; + + for (i=0; parm_table[i].label; i++) { + free_parameter(snum, parm_table[i]); + } +} + +/** + * Free the allocated global parameters. + */ +static void free_global_parameters(void) +{ + free_parameters(GLOBAL_SECTION_SNUM); +} + /*************************************************************************** Initialise the global parameter structure. ***************************************************************************/ @@ -4596,14 +4644,7 @@ static void init_globals(bool first_time_only) } done_init = True; } else { - for (i = 0; parm_table[i].label; i++) { - if ((parm_table[i].type == P_STRING || - parm_table[i].type == P_USTRING) && - parm_table[i].ptr) - { - string_free((char **)parm_table[i].ptr); - } - } + free_global_parameters(); } memset((void *)&Globals, '\0', sizeof(Globals)); @@ -5645,6 +5686,7 @@ static void init_service(struct service *pservice) copy_service(pservice, &sDefault, NULL); } + /** * free a param_opts structure. * param_opts handling should be moved to talloc; @@ -5680,7 +5722,6 @@ static void free_param_opts(struct param_opt_struct **popts) static void free_service(struct service *pservice) { - int i; if (!pservice) return; @@ -5688,24 +5729,11 @@ static void free_service(struct service *pservice) DEBUG(5, ("free_service: Freeing service %s\n", pservice->szService)); + free_parameters(getservicebyname(pservice->szService, NULL)); + string_free(&pservice->szService); bitmap_free(pservice->copymap); - for (i = 0; parm_table[i].label; i++) { - if ((parm_table[i].type == P_STRING || - parm_table[i].type == P_USTRING) && - parm_table[i].p_class == P_LOCAL) - string_free((char **) - (((char *)pservice) + - PTR_DIFF(parm_table[i].ptr, &sDefault))); - else if (parm_table[i].type == P_LIST && - parm_table[i].p_class == P_LOCAL) - TALLOC_FREE(*((char ***) - (((char *)pservice) + - PTR_DIFF(parm_table[i].ptr, - &sDefault)))); - } - free_param_opts(&pservice->param_opt); ZERO_STRUCTP(pservice); @@ -8728,17 +8756,7 @@ void gfree_loadparm(void) /* Now release all resources allocated to global parameters and the default service */ - for (i = 0; parm_table[i].label; i++) - { - if ( parm_table[i].type == P_STRING - || parm_table[i].type == P_USTRING ) - { - string_free( (char**)parm_table[i].ptr ); - } - else if (parm_table[i].type == P_LIST) { - TALLOC_FREE( *((char***)parm_table[i].ptr) ); - } - } + free_global_parameters(); } -- cgit From a9a59f5f3d7f82a8065424310d3b32d796a43e75 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 29 Sep 2008 03:14:20 +0200 Subject: Fix async_connect --- source3/lib/async_sock.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/lib/async_sock.c b/source3/lib/async_sock.c index 1a4c27ba20..ffba6de832 100644 --- a/source3/lib/async_sock.c +++ b/source3/lib/async_sock.c @@ -658,12 +658,13 @@ struct async_req *async_connect(TALLOC_CTX *mem_ctx, struct event_context *ev, state->fde = event_add_fd(ev, state, fd, EVENT_FD_READ | EVENT_FD_WRITE, - async_connect_callback, state); + async_connect_callback, result); if (state->fde == NULL) { sys_fcntl_long(fd, F_SETFL, p->old_sockflags); TALLOC_FREE(result); return NULL; } + result->private_data = state; state->param.param_connect.fd = fd; state->param.param_connect.address = address; -- cgit From ee2bcfacdf32b0c55c6a78ae1ad7b55699611d1b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 02:27:54 +0200 Subject: s4:dsdb: passdown DSDB_CONTROL_REPLICATED_UPDATE_OID for replicated updates We need to make sure replicated updates are handled differently in some situations, e.g. we should bypass the schema checks. metze --- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 27 ++++++++++++++++++++++--- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 10 +++++++++ source4/dsdb/samdb/samdb.h | 3 +++ source4/setup/schema_samba4.ldif | 2 ++ 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index dd5faf837a..fbaf461a3f 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -58,6 +58,9 @@ struct replmd_replicated_request { struct dsdb_extended_replicated_objects *objs; + /* the controls we pass down */ + struct ldb_control **controls; + uint32_t index_current; struct { @@ -700,7 +703,7 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_apply_add_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -951,7 +954,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_apply_merge_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -1379,7 +1382,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a ar->module->ldb, ar->sub.mem_ctx, msg, - NULL, + ar->controls, ar, replmd_replicated_uptodate_modify_callback); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); @@ -1491,6 +1494,8 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct { struct dsdb_extended_replicated_objects *objs; struct replmd_replicated_request *ar; + struct ldb_control **ctrls; + int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_extended_replicated_objects\n"); @@ -1511,6 +1516,22 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct return LDB_ERR_OPERATIONS_ERROR; } + ctrls = req->controls; + + if (req->controls) { + req->controls = talloc_memdup(ar, req->controls, + talloc_get_size(req->controls)); + if (!req->controls) return replmd_replicated_request_werror(ar, WERR_NOMEM); + } + + ret = ldb_request_add_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID, false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + + ar->controls = req->controls; + req->controls = ctrls; + #ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return replmd_replicated_apply_next(ar); #else diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 968b19c038..4b6e9e1d47 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -152,6 +152,16 @@ static int schema_fsmo_add(struct ldb_module *module, struct ldb_request *req) uint32_t id32; WERROR status; + /* special objects should always go through */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + /* replicated update should always go through */ + if (ldb_request_get_control(req, DSDB_CONTROL_REPLICATED_UPDATE_OID)) { + return ldb_next_request(module, req); + } + schema = dsdb_get_schema(module->ldb); if (!schema) { return ldb_next_request(module, req); diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h index f24a75fd8f..93068d66ef 100644 --- a/source4/dsdb/samdb/samdb.h +++ b/source4/dsdb/samdb/samdb.h @@ -56,6 +56,9 @@ struct dsdb_control_current_partition { struct ldb_module *module; }; +#define DSDB_CONTROL_REPLICATED_UPDATE_OID "1.3.6.1.4.1.7165.4.3.3" +/* DSDB_CONTROL_REPLICATED_UPDATE_OID has NULL data */ + #define DSDB_EXTENDED_REPLICATED_OBJECTS_OID "1.3.6.1.4.1.7165.4.4.1" struct dsdb_extended_replicated_object { struct ldb_message *msg; diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif index 3e129e4f6b..2c007395fb 100644 --- a/source4/setup/schema_samba4.ldif +++ b/source4/setup/schema_samba4.ldif @@ -174,6 +174,8 @@ oMSyntax: 20 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2 +#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3 + #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1 -- cgit From 8b7199e7b22ac727ebc65308bf08360dc9f4b0c0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 20:35:52 +0200 Subject: lib/tdb: increase the version number after some critial changes The tdb_transaction/traverse interaction fixes are critical. metze --- lib/tdb/configure.ac | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/tdb/configure.ac b/lib/tdb/configure.ac index 4bf2e98e8f..2feaa6f5f5 100644 --- a/lib/tdb/configure.ac +++ b/lib/tdb/configure.ac @@ -2,7 +2,7 @@ AC_PREREQ(2.50) AC_DEFUN([SMB_MODULE_DEFAULT], [echo -n ""]) AC_DEFUN([SMB_LIBRARY_ENABLE], [echo -n ""]) AC_DEFUN([SMB_ENABLE], [echo -n ""]) -AC_INIT(tdb, 1.1.2) +AC_INIT(tdb, 1.1.3) AC_CONFIG_SRCDIR([common/tdb.c]) AC_CONFIG_HEADER(include/config.h) AC_LIBREPLACE_ALL_CHECKS -- cgit From eb935e08d388aab7e02f8ec0ce58b0a62808de5c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 20:37:27 +0200 Subject: s4:configure: require tdb >= 1.1.3 from the system metze --- source3/samba4.m4 | 2 +- source4/configure.ac | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/samba4.m4 b/source3/samba4.m4 index 728fd2d45d..81f1809210 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -35,7 +35,7 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc >= 1.2.0, ] ) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.0, +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.3, [], [ m4_include(../lib/tdb/libtdb.m4) diff --git a/source4/configure.ac b/source4/configure.ac index fa2d8d9950..611b8dd104 100644 --- a/source4/configure.ac +++ b/source4/configure.ac @@ -46,7 +46,7 @@ SMB_EXT_LIB_FROM_PKGCONFIG(LIBTALLOC, talloc >= 1.2.0, ] ) -SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.0, +SMB_EXT_LIB_FROM_PKGCONFIG(LIBTDB, tdb >= 1.1.3, [], [ m4_include(../lib/tdb/libtdb.m4) -- cgit From 82153740911b16871cae043b6842810499b5cb55 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:33:16 -0400 Subject: LDB ASYNC: Core files --- source4/lib/ldb/common/ldb.c | 304 +++++++++++++++++++++++----------- source4/lib/ldb/common/ldb_modules.c | 141 +++++++++++++++- source4/lib/ldb/include/ldb.h | 105 ++++++++---- source4/lib/ldb/include/ldb_private.h | 98 ++++++----- source4/lib/ldb/ldb.i | 5 +- 5 files changed, 489 insertions(+), 164 deletions(-) diff --git a/source4/lib/ldb/common/ldb.c b/source4/lib/ldb/common/ldb.c index 3b73947b76..75c8109042 100644 --- a/source4/lib/ldb/common/ldb.c +++ b/source4/lib/ldb/common/ldb.c @@ -193,9 +193,6 @@ int ldb_connect(struct ldb_context *ldb, const char *url, return LDB_ERR_OTHER; } - /* TODO: get timeout from options if available there */ - ldb->default_timeout = 300; /* set default to 5 minutes */ - /* set the default base dn */ ldb_set_default_dns(ldb); @@ -396,24 +393,44 @@ static int ldb_autotransaction_request(struct ldb_context *ldb, int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type) { - int ret; + struct event_context *ev; + if (!handle) { - return LDB_SUCCESS; + return LDB_ERR_UNAVAILABLE; } - ret = handle->module->ops->wait(handle, type); - if (!ldb_errstring(handle->module->ldb)) { - /* Set a default error string, to place the blame somewhere */ - ldb_asprintf_errstring(handle->module->ldb, - "error waiting on module %s: %s (%d)", - handle->module->ops->name, - ldb_strerror(ret), ret); + if (handle->state == LDB_ASYNC_DONE) { + return handle->status; } - return ret; + + ev = ldb_get_event_context(handle->ldb); + if (NULL == ev) { + return LDB_ERR_OPERATIONS_ERROR; + } + + switch (type) { + case LDB_WAIT_NONE: + event_loop_once(ev); + if (handle->state == LDB_ASYNC_DONE || + handle->status != LDB_SUCCESS) { + return handle->status; + } + break; + + case LDB_WAIT_ALL: + while (handle->state != LDB_ASYNC_DONE) { + event_loop_once(ev); + if (handle->status != LDB_SUCCESS) { + return handle->status; + } + } + return handle->status; + } + + return LDB_SUCCESS; } /* set the specified timeout or, if timeout is 0 set the default timeout */ -/* timeout == -1 means no timeout */ int ldb_set_timeout(struct ldb_context *ldb, struct ldb_request *req, int timeout) @@ -435,20 +452,14 @@ int ldb_set_timeout_from_prev_req(struct ldb_context *ldb, struct ldb_request *oldreq, struct ldb_request *newreq) { - time_t now; - if (newreq == NULL) return LDB_ERR_OPERATIONS_ERROR; - now = time(NULL); - - if (oldreq == NULL) + if (oldreq == NULL) { return ldb_set_timeout(ldb, newreq, 0); - - if ((now - oldreq->starttime) > oldreq->timeout) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; } + newreq->starttime = oldreq->starttime; - newreq->timeout = oldreq->timeout - (now - oldreq->starttime); + newreq->timeout = oldreq->timeout; return LDB_SUCCESS; } @@ -483,6 +494,11 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) struct ldb_module *module; int ret; + if (req->callback == NULL) { + ldb_set_errstring(ldb, "Requests MUST define callbacks"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + ldb_reset_err_string(ldb); /* call the first module in the chain */ @@ -524,6 +540,13 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) return ret; } +int ldb_request_done(struct ldb_request *req, int status) +{ + req->handle->state = LDB_ASYNC_DONE; + req->handle->status = status; + return status; +} + /* search the database given a LDAP-like search expression @@ -532,32 +555,27 @@ int ldb_request(struct ldb_context *ldb, struct ldb_request *req) Use talloc_free to free the ldb_message returned in 'res', if successful */ -int ldb_search_default_callback(struct ldb_context *ldb, - void *context, +int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_result *res; int n; - if (!context) { - ldb_set_errstring(ldb, "NULL Context in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } + res = talloc_get_type(req->context, struct ldb_result); - res = talloc_get_type(context, struct ldb_result); - - if (!res || !ares) { - ldb_set_errstring(ldb, "NULL res or ares in callback"); - goto error; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); } switch (ares->type) { case LDB_REPLY_ENTRY: res->msgs = talloc_realloc(res, res->msgs, - struct ldb_message *, - res->count + 2); + struct ldb_message *, res->count + 2); if (! res->msgs) { - goto error; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } res->msgs[res->count + 1] = NULL; @@ -565,6 +583,7 @@ int ldb_search_default_callback(struct ldb_context *ldb, res->msgs[res->count] = talloc_move(res->msgs, &ares->message); res->count++; break; + case LDB_REPLY_REFERRAL: if (res->refs) { for (n = 0; res->refs[n]; n++) /*noop*/ ; @@ -574,37 +593,63 @@ int ldb_search_default_callback(struct ldb_context *ldb, res->refs = talloc_realloc(res, res->refs, char *, n + 2); if (! res->refs) { - goto error; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } res->refs[n] = talloc_move(res->refs, &ares->referral); res->refs[n + 1] = NULL; break; - case LDB_REPLY_EXTENDED: + case LDB_REPLY_DONE: /* TODO: we should really support controls on entries * and referrals too! */ res->controls = talloc_move(res, &ares->controls); - break; + + /* this is the last message, and means the request is done */ + /* we have to signal and eventual ldb_wait() waiting that the + * async request operation was completed */ + return ldb_request_done(req, LDB_SUCCESS); } + talloc_free(ares); return LDB_SUCCESS; +} + +int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + int ret; + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + + if (ares->error != LDB_SUCCESS) { + ret = ares->error; + talloc_free(ares); + return ldb_request_done(req, ret); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_SUCCESS); } -int ldb_build_search_req(struct ldb_request **ret_req, +int ldb_build_search_req_ex(struct ldb_request **ret_req, struct ldb_context *ldb, void *mem_ctx, struct ldb_dn *base, enum ldb_scope scope, - const char *expression, + struct ldb_parse_tree *tree, const char * const *attrs, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -612,7 +657,7 @@ int ldb_build_search_req(struct ldb_request **ret_req, req = talloc(mem_ctx, struct ldb_request); if (req == NULL) { - ldb_set_errstring(ldb, "Out of Memory"); + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -624,9 +669,9 @@ int ldb_build_search_req(struct ldb_request **ret_req, } req->op.search.scope = scope; - req->op.search.tree = ldb_parse_tree(req, expression); + req->op.search.tree = tree; if (req->op.search.tree == NULL) { - ldb_set_errstring(ldb, "Unable to parse search expression"); + ldb_set_errstring(ldb, "'tree' can't be NULL"); talloc_free(req); return LDB_ERR_OPERATIONS_ERROR; } @@ -636,17 +681,56 @@ int ldb_build_search_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; } +int ldb_build_search_req(struct ldb_request **ret_req, + struct ldb_context *ldb, + void *mem_ctx, + struct ldb_dn *base, + enum ldb_scope scope, + const char *expression, + const char * const *attrs, + struct ldb_control **controls, + void *context, + ldb_request_callback_t callback, + struct ldb_request *parent) +{ + struct ldb_parse_tree *tree; + int ret; + + tree = ldb_parse_tree(mem_ctx, expression); + if (tree == NULL) { + ldb_set_errstring(ldb, "Unable to parse search expression"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req_ex(ret_req, ldb, mem_ctx, base, + scope, tree, attrs, controls, + context, callback, parent); + if (ret == LDB_SUCCESS) { + talloc_steal(*ret_req, tree); + } + return ret; +} + int ldb_build_add_req(struct ldb_request **ret_req, struct ldb_context *ldb, void *mem_ctx, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -664,6 +748,14 @@ int ldb_build_add_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -675,7 +767,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -693,6 +786,14 @@ int ldb_build_mod_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -704,7 +805,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, struct ldb_dn *dn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -722,6 +824,14 @@ int ldb_build_del_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -734,7 +844,8 @@ int ldb_build_rename_req(struct ldb_request **ret_req, struct ldb_dn *newdn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -753,47 +864,46 @@ int ldb_build_rename_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; } -int ldb_extended_default_callback(struct ldb_context *ldb, - void *context, +int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ldb_result *res; - if (!context) { - ldb_set_errstring(ldb, "NULL Context in callback"); - return LDB_ERR_OPERATIONS_ERROR; - } + res = talloc_get_type(req->context, struct ldb_result); - res = talloc_get_type(context, struct ldb_result); - if (!res || !ares) { - ldb_set_errstring(ldb, "NULL res or ares in callback"); - goto error; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); } - switch (ares->type) { - case LDB_REPLY_ENTRY: - case LDB_REPLY_REFERRAL: - case LDB_REPLY_DONE: - ldb_set_errstring(ldb, "invalid ares type in callback"); - goto error; - case LDB_REPLY_EXTENDED: - /* TODO: we should really support controls on entries and - * referrals too! */ + if (ares->type == LDB_REPLY_DONE) { + + /* TODO: we should really support controls on entries and referrals too! */ res->extended = talloc_move(res, &ares->response); res->controls = talloc_move(res, &ares->controls); - break; + + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); } - talloc_free(ares); - return LDB_SUCCESS; -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } int ldb_build_extended_req(struct ldb_request **ret_req, @@ -803,7 +913,8 @@ int ldb_build_extended_req(struct ldb_request **ret_req, void *data, struct ldb_control **controls, void *context, - ldb_request_callback_t callback) + ldb_request_callback_t callback, + struct ldb_request *parent) { struct ldb_request *req; @@ -822,6 +933,14 @@ int ldb_build_extended_req(struct ldb_request **ret_req, req->context = context; req->callback = callback; + ldb_set_timeout_from_prev_req(ldb, parent, req); + + req->handle = ldb_handle_new(req, ldb); + if (req->handle == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + *ret_req = req; return LDB_SUCCESS; @@ -845,7 +964,8 @@ int ldb_extended(struct ldb_context *ldb, ret = ldb_build_extended_req(&req, ldb, ldb, oid, data, NULL, - res, ldb_extended_default_callback); + res, ldb_extended_default_callback, + NULL); if (ret != LDB_SUCCESS) goto done; ldb_set_timeout(ldb, req, 0); /* use default timeout */ @@ -909,12 +1029,11 @@ int ldb_search(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, attrs, NULL, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != LDB_SUCCESS) goto done; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - ret = ldb_request(ldb, req); if (ret == LDB_SUCCESS) { @@ -935,8 +1054,8 @@ done: } /* - add a record to the database. Will fail if a record with the - given class and key already exists + add a record to the database. Will fail if a record with the given class + and key already exists */ int ldb_add(struct ldb_context *ldb, const struct ldb_message *message) @@ -953,12 +1072,11 @@ int ldb_add(struct ldb_context *ldb, message, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -984,12 +1102,11 @@ int ldb_modify(struct ldb_context *ldb, message, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1010,12 +1127,11 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn) dn, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1037,12 +1153,11 @@ int ldb_rename(struct ldb_context *ldb, newdn, NULL, NULL, + ldb_op_default_callback, NULL); if (ret != LDB_SUCCESS) return ret; - ldb_set_timeout(ldb, req, 0); /* use default timeout */ - /* do request and autostart a transaction */ ret = ldb_autotransaction_request(ldb, req); @@ -1055,13 +1170,12 @@ int ldb_rename(struct ldb_context *ldb, return the global sequence number */ int ldb_sequence_number(struct ldb_context *ldb, - enum ldb_sequence_type type, - uint64_t *seq_num) + enum ldb_sequence_type type, uint64_t *seq_num) { struct ldb_request *req; int ret; - req = talloc(ldb, struct ldb_request); + req = talloc_zero(ldb, struct ldb_request); if (req == NULL) { ldb_set_errstring(ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; @@ -1070,7 +1184,7 @@ int ldb_sequence_number(struct ldb_context *ldb, req->operation = LDB_SEQUENCE_NUMBER; req->controls = NULL; req->context = NULL; - req->callback = NULL; + req->callback = ldb_op_default_callback; ldb_set_timeout(ldb, req, 0); /* use default timeout */ req->op.seq_num.type = type; diff --git a/source4/lib/ldb/common/ldb_modules.c b/source4/lib/ldb/common/ldb_modules.c index c0cd616a76..5cc8de29b4 100644 --- a/source4/lib/ldb/common/ldb_modules.c +++ b/source4/lib/ldb/common/ldb_modules.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004 + Copyright (C) Simo Sorce 2004-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -486,6 +486,12 @@ int ldb_load_modules(struct ldb_context *ldb, const char *options[]) int ldb_next_request(struct ldb_module *module, struct ldb_request *request) { int ret; + + if (request->callback == NULL) { + ldb_set_errstring(module->ldb, "Requests MUST define callbacks"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + switch (request->operation) { case LDB_SEARCH: FIND_OP(module, search); @@ -555,6 +561,139 @@ int ldb_next_del_trans(struct ldb_module *module) return module->ops->del_transaction(module); } +struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb) +{ + struct ldb_handle *h; + + h = talloc_zero(mem_ctx, struct ldb_handle); + if (h == NULL) { + ldb_set_errstring(ldb, "Out of Memory"); + return NULL; + } + + h->status = LDB_SUCCESS; + h->state = LDB_ASYNC_INIT; + h->ldb = ldb; + + return h; +} + +/* calls the request callback to send an entry + * + * params: + * req: the original request passed to your module + * msg: reply message (must be a talloc pointer, and it will be stolen + * on the ldb_reply that is sent to the callback) + */ + +int ldb_module_send_entry(struct ldb_request *req, + struct ldb_message *msg) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_ENTRY; + ares->message = talloc_steal(ares, msg); + ares->error = LDB_SUCCESS; + + return req->callback(req, ares); +} + +/* calls the request callback to send an referrals + * + * params: + * req: the original request passed to your module + * ref: referral string (must be a talloc pointeri, steal) + */ + +int ldb_module_send_referral(struct ldb_request *req, + char *ref) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_REFERRAL; + ares->referral = talloc_steal(ares, ref); + ares->error = LDB_SUCCESS; + + return req->callback(req, ares); +} + +/* calls the original request callback + * + * params: + * req: the original request passed to your module + * ctrls: controls to send in the reply (must be a talloc pointer, steal) + * response: results for extended request (steal) + * error: LDB_SUCCESS for a succesful return + * any other ldb error otherwise + */ +int ldb_module_done(struct ldb_request *req, + struct ldb_control **ctrls, + struct ldb_extended *response, + int error) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return LDB_ERR_OPERATIONS_ERROR; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->response = talloc_steal(ares, response); + ares->error = error; + + req->callback(req, ares); + return error; +} + +/* to be used *only* in modules init functions. + * this function i synchronous and will register + * the requested OID in the rootdse module if present + * otherwise it will return an error */ +int ldb_mod_register_control(struct ldb_module *module, const char *oid) +{ + struct ldb_request *req; + int ret; + + req = talloc_zero(module, struct ldb_request); + if (req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + req->operation = LDB_REQ_REGISTER_CONTROL; + req->op.reg_control.oid = oid; + req->callback = ldb_op_default_callback; + + ldb_set_timeout(module->ldb, req, 0); + + req->handle = ldb_handle_new(req, module->ldb); + if (req->handle == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_request(module->ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + talloc_free(req); + + return ret; +} + #ifndef STATIC_LIBLDB_MODULES #ifdef HAVE_LDB_LDAP diff --git a/source4/lib/ldb/include/ldb.h b/source4/lib/ldb/include/ldb.h index 645d7866c5..b1ce3ef70b 100644 --- a/source4/lib/ldb/include/ldb.h +++ b/source4/lib/ldb/include/ldb.h @@ -181,6 +181,7 @@ enum ldb_scope {LDB_SCOPE_DEFAULT=-1, LDB_SCOPE_SUBTREE=2}; struct ldb_context; +struct event_context; /* debugging uses one of the following levels */ enum ldb_debug_level {LDB_DEBUG_FATAL, LDB_DEBUG_ERROR, @@ -659,7 +660,6 @@ enum ldb_request_type { enum ldb_reply_type { LDB_REPLY_ENTRY, LDB_REPLY_REFERRAL, - LDB_REPLY_EXTENDED, LDB_REPLY_DONE }; @@ -693,14 +693,11 @@ struct ldb_reply { struct ldb_extended *response; char *referral; struct ldb_control **controls; + int error; }; -struct ldb_handle { - int status; - enum ldb_state state; - void *private_data; - struct ldb_module *module; -}; +struct ldb_request; +struct ldb_handle; struct ldb_search { struct ldb_dn *base; @@ -747,7 +744,8 @@ struct ldb_sequence_number { uint32_t flags; }; -typedef int (*ldb_request_callback_t)(struct ldb_context *, void *, struct ldb_reply *); +typedef int (*ldb_request_callback_t)(struct ldb_request *, struct ldb_reply *); + struct ldb_request { enum ldb_request_type operation; @@ -775,7 +773,10 @@ struct ldb_request { }; int ldb_request(struct ldb_context *ldb, struct ldb_request *request); +int ldb_request_done(struct ldb_request *req, int status); +bool ldb_request_is_done(struct ldb_request *req); +int ldb_modules_wait(struct ldb_handle *handle); int ldb_wait(struct ldb_handle *handle, enum ldb_wait_type type); int ldb_set_timeout(struct ldb_context *ldb, struct ldb_request *req, int timeout); @@ -831,6 +832,19 @@ struct ldb_context *ldb_init(TALLOC_CTX *mem_ctx, struct event_context *ev_ctx); (that is, with LDB_FLG_RDONLY). However in read-write mode, the database will be created if it does not exist. */ + +typedef void (*ldb_async_timeout_fn) (void *); +typedef bool (*ldb_async_callback_fn) (void *); +typedef int (*ldb_async_ctx_add_op_fn)(void *, time_t, void *, ldb_async_timeout_fn, ldb_async_callback_fn); +typedef int (*ldb_async_ctx_wait_op_fn)(void *); + +void ldb_async_ctx_set_private_data(struct ldb_context *ldb, + void *private_data); +void ldb_async_ctx_set_add_op(struct ldb_context *ldb, + ldb_async_ctx_add_op_fn add_op); +void ldb_async_ctx_set_wait_op(struct ldb_context *ldb, + ldb_async_ctx_wait_op_fn wait_op); + int ldb_connect(struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[]); /* @@ -860,13 +874,12 @@ struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb); /** The default async search callback function - \param ldb the context associated with the database (from ldb_init()) - \param context the callback context (struct ldb_result *) + \param req the request we are callback of \param ares a single reply from the async core \return result code (LDB_SUCCESS on success, or a failure code) - \note this function expects the context to always be an struct ldb_result pointer + \note this function expects req->context to always be an struct ldb_result pointer AND a talloc context, this function will steal on the context each message from the ares reply passed on by the async core so that in the end all the messages will be in the context (ldb_result) memory tree. @@ -875,7 +888,18 @@ struct ldb_dn *ldb_get_default_basedn(struct ldb_context *ldb); request that can be freed as sson as the search request is finished) */ -int ldb_search_default_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); +int ldb_search_default_callback(struct ldb_request *req, struct ldb_reply *ares); + +/** + The default async extended operation callback function + + \param req the request we are callback of + \param ares a single reply from the async core + + \return result code (LDB_SUCCESS on success, or a failure code) +*/ +int ldb_op_default_callback(struct ldb_request *req, struct ldb_reply *ares); + /** Helper function to build a search request @@ -889,7 +913,8 @@ int ldb_search_default_callback(struct ldb_context *ldb, void *context, struct l \param attrs the search attributes for the query (pass NULL if none required) \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -903,7 +928,20 @@ int ldb_build_search_req(struct ldb_request **ret_req, const char * const *attrs, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); + +int ldb_build_search_req_ex(struct ldb_request **ret_req, + struct ldb_context *ldb, + TALLOC_CTX *mem_ctx, + struct ldb_dn *base, + enum ldb_scope scope, + struct ldb_parse_tree *tree, + const char * const *attrs, + struct ldb_control **controls, + void *context, + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build an add request @@ -914,7 +952,8 @@ int ldb_build_search_req(struct ldb_request **ret_req, \param message contains the entry to be added \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -925,7 +964,8 @@ int ldb_build_add_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a modify request @@ -936,7 +976,8 @@ int ldb_build_add_req(struct ldb_request **ret_req, \param message contains the entry to be modified \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -947,7 +988,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, const struct ldb_message *message, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a delete request @@ -958,7 +1000,8 @@ int ldb_build_mod_req(struct ldb_request **ret_req, \param dn the DN to be deleted \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -969,7 +1012,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, struct ldb_dn *dn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Helper function to build a rename request @@ -981,7 +1025,8 @@ int ldb_build_del_req(struct ldb_request **ret_req, \param newdn the new DN \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -993,7 +1038,8 @@ int ldb_build_rename_req(struct ldb_request **ret_req, struct ldb_dn *newdn, struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** Add a ldb_control to a ldb_request @@ -1103,13 +1149,12 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn); /** The default async extended operation callback function - \param ldb the context associated with the database (from ldb_init()) - \param context the callback context (struct ldb_result *) + \param req the request we are callback of \param ares a single reply from the async core \return result code (LDB_SUCCESS on success, or a failure code) - \note this function expects the context to always be an struct ldb_result pointer + \note this function expects req->context to always be an struct ldb_result pointer AND a talloc context, this function will steal on the context each message from the ares reply passed on by the async core so that in the end all the messages will be in the context (ldb_result) memory tree. @@ -1117,7 +1162,9 @@ int ldb_delete(struct ldb_context *ldb, struct ldb_dn *dn); (the request need to be freed separately and the result doe not depend on the request that can be freed as sson as the search request is finished) */ -int ldb_extended_default_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); + +int ldb_extended_default_callback(struct ldb_request *req, struct ldb_reply *ares); + /** Helper function to build a extended request @@ -1130,7 +1177,8 @@ int ldb_extended_default_callback(struct ldb_context *ldb, void *context, struct it needs to be NULL or a valid talloc pointer! talloc_get_type() will be used on it \param controls an array of controls \param context the callback function context - \param callback the callback function to handle the async replies + \param the callback function to handle the async replies + \param the parent request if any \return result code (LDB_SUCCESS on success, or a failure code) */ @@ -1141,7 +1189,8 @@ int ldb_build_extended_req(struct ldb_request **ret_req, void *data,/* NULL or a valid talloc pointer! talloc_get_type() will be used on it */ struct ldb_control **controls, void *context, - ldb_request_callback_t callback); + ldb_request_callback_t callback, + struct ldb_request *parent); /** call an extended operation diff --git a/source4/lib/ldb/include/ldb_private.h b/source4/lib/ldb/include/ldb_private.h index 30adadcfdc..a92549d9ce 100644 --- a/source4/lib/ldb/include/ldb_private.h +++ b/source4/lib/ldb/include/ldb_private.h @@ -43,6 +43,12 @@ struct ldb_module_ops; struct ldb_backend_ops; +struct ldb_handle { + int status; + enum ldb_state state; + struct ldb_context *ldb; +}; + /* basic module structure */ struct ldb_module { struct ldb_module *prev, *next; @@ -51,9 +57,8 @@ struct ldb_module { const struct ldb_module_ops *ops; }; -/* - these function pointers define the operations that a ldb module must perform - they correspond exactly to the ldb_*() interface +/* + these function pointers define the operations that a ldb module can intercept */ struct ldb_module_ops { const char *name; @@ -68,23 +73,10 @@ struct ldb_module_ops { int (*start_transaction)(struct ldb_module *); int (*end_transaction)(struct ldb_module *); int (*del_transaction)(struct ldb_module *); - int (*wait)(struct ldb_handle *, enum ldb_wait_type); int (*sequence_number)(struct ldb_module *, struct ldb_request *); void *private_data; }; - -typedef int (*ldb_connect_fn) (struct ldb_context *ldb, const char *url, unsigned int flags, const char *options[], - struct ldb_module **module); - - -struct ldb_backend_ops { - const char *name; - ldb_connect_fn connect_fn; -}; - -const char *ldb_default_modules_dir(void); - /* schema related information needed for matching rules */ @@ -146,27 +138,6 @@ int ldb_connect_backend(struct ldb_context *ldb, const char *url, const char *op struct ldb_module **backend_module); void ldb_set_default_dns(struct ldb_context *ldb); -/* The following definitions come from lib/ldb/common/ldb_modules.c */ - -const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string); -int ldb_load_modules_list(struct ldb_context *ldb, const char **module_list, struct ldb_module *backend, struct ldb_module **out); -int ldb_load_modules(struct ldb_context *ldb, const char *options[]); -int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module *module); -int ldb_next_request(struct ldb_module *module, struct ldb_request *request); -int ldb_next_start_trans(struct ldb_module *module); -int ldb_next_end_trans(struct ldb_module *module); -int ldb_next_del_trans(struct ldb_module *module); -int ldb_next_init(struct ldb_module *module); - -void ldb_set_errstring(struct ldb_context *ldb, const char *err_string); -void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3); -void ldb_reset_err_string(struct ldb_context *ldb); - -int ldb_register_module(const struct ldb_module_ops *); -int ldb_register_backend(const char *url_prefix, ldb_connect_fn); -void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, - const char *symbol); - /* The following definitions come from lib/ldb/common/ldb_debug.c */ void ldb_debug(struct ldb_context *ldb, enum ldb_debug_level level, const char *fmt, ...) PRINTF_ATTRIBUTE(3, 4); void ldb_debug_set(struct ldb_context *ldb, enum ldb_debug_level level, @@ -249,4 +220,57 @@ int ldb_sequence_number(struct ldb_context *ldb, enum ldb_sequence_type type, ui #define LDB_SEQ_TIMESTAMP_SEQUENCE 0x02 +/* MODULES specific headers -- SSS */ + +/* The following definitions come from lib/ldb/common/ldb_modules.c */ + +const char **ldb_modules_list_from_string(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, const char *string); +int ldb_load_modules_list(struct ldb_context *ldb, const char **module_list, struct ldb_module *backend, struct ldb_module **out); +int ldb_load_modules(struct ldb_context *ldb, const char *options[]); +int ldb_init_module_chain(struct ldb_context *ldb, struct ldb_module *module); +int ldb_next_request(struct ldb_module *module, struct ldb_request *request); +int ldb_next_start_trans(struct ldb_module *module); +int ldb_next_end_trans(struct ldb_module *module); +int ldb_next_del_trans(struct ldb_module *module); +int ldb_next_init(struct ldb_module *module); + +void ldb_set_errstring(struct ldb_context *ldb, const char *err_string); +void ldb_asprintf_errstring(struct ldb_context *ldb, const char *format, ...) PRINTF_ATTRIBUTE(2,3); +void ldb_reset_err_string(struct ldb_context *ldb); + +const char *ldb_default_modules_dir(void); + +int ldb_register_module(const struct ldb_module_ops *); + +typedef int (*ldb_connect_fn)(struct ldb_context *ldb, const char *url, + unsigned int flags, const char *options[], + struct ldb_module **module); + +struct ldb_backend_ops { + const char *name; + ldb_connect_fn connect_fn; +}; + +const char *ldb_default_modules_dir(void); + +int ldb_register_backend(const char *url_prefix, ldb_connect_fn); + +void *ldb_dso_load_symbol(struct ldb_context *ldb, const char *name, + const char *symbol); + +struct ldb_handle *ldb_handle_new(TALLOC_CTX *mem_ctx, struct ldb_context *ldb); + +int ldb_module_send_entry(struct ldb_request *req, + struct ldb_message *msg); + +int ldb_module_send_referral(struct ldb_request *req, + char *ref); + +int ldb_module_done(struct ldb_request *req, + struct ldb_control **ctrls, + struct ldb_extended *response, + int error); + +int ldb_mod_register_control(struct ldb_module *module, const char *oid); + #endif diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 45978251f7..1e3a3169c8 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -737,15 +737,14 @@ typedef struct ldb_context { attrs, controls, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != LDB_SUCCESS) { talloc_free(res); return ret; } - ldb_set_timeout($self, req, 0); /* use default timeout */ - ret = ldb_request($self, req); if (ret == LDB_SUCCESS) { -- cgit From 0aeade2007ef789f5970efe2b69ff7fb83a12b83 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:34:11 -0400 Subject: LDB ASYNC: ldb_tdb backend --- source4/lib/ldb/ldb_tdb/ldb_index.c | 61 +++--- source4/lib/ldb/ldb_tdb/ldb_search.c | 129 +++++-------- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 353 +++++++++++++++++------------------ source4/lib/ldb/ldb_tdb/ldb_tdb.h | 14 +- 4 files changed, 242 insertions(+), 315 deletions(-) diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c index 269305a468..65711d9f4b 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_index.c +++ b/source4/lib/ldb/ldb_tdb/ldb_index.c @@ -667,74 +667,58 @@ static int ltdb_index_dn(struct ldb_module *module, extracting just the given attributes */ static int ltdb_index_filter(const struct dn_list *dn_list, - struct ldb_handle *handle) + struct ltdb_context *ac) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ldb_reply *ares = NULL; + struct ldb_message *msg; unsigned int i; for (i = 0; i < dn_list->count; i++) { struct ldb_dn *dn; int ret; - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + msg = ldb_msg_new(ac); + if (!msg) { return LDB_ERR_OPERATIONS_ERROR; } - - dn = ldb_dn_new(ares->message, ac->module->ldb, dn_list->dn[i]); + dn = ldb_dn_new(msg, ac->module->ldb, dn_list->dn[i]); if (dn == NULL) { - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - ret = ltdb_search_dn1(ac->module, dn, ares->message); + ret = ltdb_search_dn1(ac->module, dn, msg); talloc_free(dn); if (ret == LDB_ERR_NO_SUCH_OBJECT) { /* the record has disappeared? yes, this can happen */ - talloc_free(ares); + talloc_free(msg); continue; } if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { /* an internal error */ - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, ac->base, ac->scope)) { - talloc_free(ares); + if (!ldb_match_msg(ac->module->ldb, msg, + ac->tree, ac->base, ac->scope)) { + talloc_free(msg); continue; } /* filter the attributes that the user wants */ - ret = ltdb_filter_attrs(ares->message, ac->attrs); + ret = ltdb_filter_attrs(msg, ac->attrs); if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } - ares->type = LDB_REPLY_ENTRY; - handle->state = LDB_ASYNC_PENDING; - handle->status = ac->callback(ac->module->ldb, ac->context, ares); - - if (handle->status != LDB_SUCCESS) { - handle->state = LDB_ASYNC_DONE; - return handle->status; + ret = ldb_module_send_entry(ac->req, msg); + if (ret != LDB_SUCCESS) { + ac->callback_failed = true; + return ret; } } @@ -746,9 +730,8 @@ static int ltdb_index_filter(const struct dn_list *dn_list, returns -1 if an indexed search is not possible, in which case the caller should call ltdb_search_full() */ -int ltdb_search_indexed(struct ldb_handle *handle) +int ltdb_search_indexed(struct ltdb_context *ac) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); struct ltdb_private *ltdb = talloc_get_type(ac->module->private_data, struct ltdb_private); struct dn_list *dn_list; int ret, idxattr, idxone; @@ -773,7 +756,7 @@ int ltdb_search_indexed(struct ldb_handle *handle) ret = LDB_ERR_OPERATIONS_ERROR; - dn_list = talloc_zero(handle, struct dn_list); + dn_list = talloc_zero(ac, struct dn_list); if (dn_list == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -810,9 +793,7 @@ int ltdb_search_indexed(struct ldb_handle *handle) if (ret == LDB_SUCCESS) { /* we've got a candidate list - now filter by the full tree and extract the needed attributes */ - ret = ltdb_index_filter(dn_list, handle); - handle->status = ret; - handle->state = LDB_ASYNC_DONE; + ret = ltdb_index_filter(dn_list, ac); } talloc_free(dn_list); diff --git a/source4/lib/ldb/ldb_tdb/ldb_search.c b/source4/lib/ldb/ldb_tdb/ldb_search.c index da899c361e..a220b4a628 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_search.c +++ b/source4/lib/ldb/ldb_tdb/ldb_search.c @@ -395,71 +395,57 @@ int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs) */ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state) { - struct ldb_handle *handle = talloc_get_type(state, struct ldb_handle); - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ldb_reply *ares = NULL; + struct ltdb_context *ac; + struct ldb_message *msg; int ret; + ac = talloc_get_type(state, struct ltdb_context); + if (key.dsize < 4 || strncmp((char *)key.dptr, "DN=", 3) != 0) { return 0; } - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - return -1; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + msg = ldb_msg_new(ac); + if (!msg) { return -1; } /* unpack the record */ - ret = ltdb_unpack_data(ac->module, &data, ares->message); + ret = ltdb_unpack_data(ac->module, &data, msg); if (ret == -1) { - talloc_free(ares); + talloc_free(msg); return -1; } - if (!ares->message->dn) { - ares->message->dn = ldb_dn_new(ares->message, ac->module->ldb, (char *)key.dptr + 3); - if (ares->message->dn == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + if (!msg->dn) { + msg->dn = ldb_dn_new(msg, ac->module->ldb, + (char *)key.dptr + 3); + if (msg->dn == NULL) { + talloc_free(msg); return -1; } } /* see if it matches the given expression */ - if (!ldb_match_msg(ac->module->ldb, ares->message, ac->tree, - ac->base, ac->scope)) { - talloc_free(ares); + if (!ldb_match_msg(ac->module->ldb, msg, + ac->tree, ac->base, ac->scope)) { + talloc_free(msg); return 0; } /* filter the attributes that the user wants */ - ret = ltdb_filter_attrs(ares->message, ac->attrs); + ret = ltdb_filter_attrs(msg, ac->attrs); if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - handle->state = LDB_ASYNC_DONE; - talloc_free(ares); + talloc_free(msg); return -1; } - ares->type = LDB_REPLY_ENTRY; - handle->state = LDB_ASYNC_PENDING; - handle->status = ac->callback(ac->module->ldb, ac->context, ares); - - if (handle->status != LDB_SUCCESS) { - /* don't try to free ares here, the callback is in charge of that */ + ret = ldb_module_send_entry(ac->req, msg); + if (ret != LDB_SUCCESS) { + ac->callback_failed = true; + /* the callback failed, abort the operation */ return -1; } @@ -471,23 +457,21 @@ static int search_func(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, voi search the database with a LDAP-like expression. this is the "full search" non-indexed variant */ -static int ltdb_search_full(struct ldb_handle *handle) +static int ltdb_search_full(struct ltdb_context *ctx) { - struct ltdb_context *ac = talloc_get_type(handle->private_data, struct ltdb_context); - struct ltdb_private *ltdb = talloc_get_type(ac->module->private_data, struct ltdb_private); + struct ltdb_private *ltdb = talloc_get_type(ctx->module->private_data, struct ltdb_private); int ret; if (ltdb->in_transaction != 0) { - ret = tdb_traverse(ltdb->tdb, search_func, handle); + ret = tdb_traverse(ltdb->tdb, search_func, ctx); } else { - ret = tdb_traverse_read(ltdb->tdb, search_func, handle); + ret = tdb_traverse_read(ltdb->tdb, search_func, ctx); } if (ret == -1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; + return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_DONE; return LDB_SUCCESS; } @@ -495,13 +479,15 @@ static int ltdb_search_full(struct ldb_handle *handle) search the database with a LDAP-like expression. choses a search method */ -int ltdb_search(struct ldb_module *module, struct ldb_request *req) +int ltdb_search(struct ltdb_context *ctx) { + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; struct ltdb_private *ltdb = talloc_get_type(module->private_data, struct ltdb_private); - struct ltdb_context *ltdb_ac; - struct ldb_reply *ares; int ret; + req->handle->state = LDB_ASYNC_PENDING; + if (ltdb_lock_read(module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } @@ -516,12 +502,6 @@ int ltdb_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - ltdb_unlock_read(module); - return LDB_ERR_OPERATIONS_ERROR; - } - if ((req->op.search.base == NULL) || (ldb_dn_is_null(req->op.search.base) == true)) { /* Check what we should do with a NULL dn */ @@ -564,53 +544,32 @@ int ltdb_search(struct ldb_module *module, struct ldb_request *req) ret = LDB_SUCCESS; } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - - ltdb_ac->tree = req->op.search.tree; - ltdb_ac->scope = req->op.search.scope; - ltdb_ac->base = req->op.search.base; - ltdb_ac->attrs = req->op.search.attrs; - + ctx->tree = req->op.search.tree; + ctx->scope = req->op.search.scope; + ctx->base = req->op.search.base; + ctx->attrs = req->op.search.attrs; if (ret == LDB_SUCCESS) { - ret = ltdb_search_indexed(req->handle); + ret = ltdb_search_indexed(ctx); if (ret == LDB_ERR_NO_SUCH_OBJECT) { /* Not in the index, therefore OK! */ ret = LDB_SUCCESS; - } else if (ret == LDB_ERR_OPERATIONS_ERROR) { + } + /* Check if we got just a normal error. + * In that case proceed to a full search unless we got a + * callback error */ + if ( ! ctx->callback_failed && ret != LDB_SUCCESS) { /* Not indexed, so we need to do a full scan */ - ret = ltdb_search_full(req->handle); + ret = ltdb_search_full(ctx); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, "Indexed and full searches both failed!\n"); } } } - if (ret != LDB_SUCCESS) { - req->handle->state = LDB_ASYNC_DONE; - req->handle->status = ret; - } - - /* Finally send an LDB_REPLY_DONE packet when searching is finished */ - - ares = talloc_zero(req, struct ldb_reply); - if (!ares) { - ltdb_unlock_read(module); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->handle->state = LDB_ASYNC_DONE; - - if (ret == LDB_SUCCESS) { - ares->type = LDB_REPLY_DONE; - - ret = req->callback(module->ldb, req->context, ares); - req->handle->status = ret; - } - ltdb_unlock_read(module); - return LDB_SUCCESS; + return ret; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 01d570c89a..0087f6c44d 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -3,7 +3,7 @@ Copyright (C) Andrew Tridgell 2004 Copyright (C) Stefan Metzmacher 2004 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb @@ -39,6 +39,10 @@ * - description: make the module use asyncronous calls * date: Feb 2006 * Author: Simo Sorce + * + * - description: make it possible to use event contexts + * date: Jan 2008 + * Author: Simo Sorce */ #include "ldb_includes.h" @@ -76,40 +80,6 @@ static int ltdb_err_map(enum TDB_ERROR tdb_code) } -struct ldb_handle *init_ltdb_handle(struct ltdb_private *ltdb, - struct ldb_module *module, - struct ldb_request *req) -{ - struct ltdb_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ltdb_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->context = req->context; - ac->callback = req->callback; - - return h; -} - /* form a TDB_DATA for a record key caller frees @@ -296,36 +266,20 @@ static int ltdb_add_internal(struct ldb_module *module, /* add a record to the database */ -static int ltdb_add(struct ldb_module *module, struct ldb_request *req) +static int ltdb_add(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); + req->handle->state = LDB_ASYNC_PENDING; tret = ltdb_add_internal(module, req->op.add.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* @@ -402,42 +356,24 @@ done: /* delete a record from the database */ -static int ltdb_delete(struct ldb_module *module, struct ldb_request *req) +static int ltdb_delete(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = NULL; + req->handle->state = LDB_ASYNC_PENDING; if (ltdb_cache_load(module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - tret = ltdb_delete_internal(module, req->op.del.dn); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* @@ -784,83 +720,50 @@ failed: /* modify a record */ -static int ltdb_modify(struct ldb_module *module, struct ldb_request *req) +static int ltdb_modify(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - req->handle = NULL; + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; + int tret; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); + req->handle->state = LDB_ASYNC_PENDING; tret = ltdb_check_special_dn(module, req->op.mod.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } if (ltdb_cache_load(module) != 0) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } tret = ltdb_modify_internal(module, req->op.mod.message); if (tret != LDB_SUCCESS) { - req->handle->status = tret; - goto done; + return tret; } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } /* rename a record */ -static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) +static int ltdb_rename(struct ltdb_context *ctx) { - struct ltdb_private *ltdb; - struct ltdb_context *ltdb_ac; + struct ldb_module *module = ctx->module; + struct ldb_request *req = ctx->req; struct ldb_message *msg; - int tret, ret = LDB_SUCCESS; - - ltdb = talloc_get_type(module->private_data, struct ltdb_private); - - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - req->handle = NULL; + int tret; - if (ltdb_cache_load(module) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; - req->handle = init_ltdb_handle(ltdb, module, req); - if (req->handle == NULL) { + if (ltdb_cache_load(ctx->module) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - ltdb_ac = talloc_get_type(req->handle->private_data, struct ltdb_context); - msg = talloc(ltdb_ac, struct ldb_message); + msg = talloc(ctx, struct ldb_message); if (msg == NULL) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } /* in case any attribute of the message was indexed, we need @@ -868,14 +771,12 @@ static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) tret = ltdb_search_dn1(module, req->op.rename.olddn, msg); if (tret != LDB_SUCCESS) { /* not finding the old record is an error */ - req->handle->status = tret; - goto done; + return tret; } msg->dn = ldb_dn_copy(msg, req->op.rename.newdn); if (!msg->dn) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } if (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) == 0) { @@ -886,38 +787,32 @@ static int ltdb_rename(struct ldb_module *module, struct ldb_request *req) The only drawback to this is that if the delete succeeds but the add fails, we rely on the transaction to roll this all back. */ - ret = ltdb_delete_internal(module, req->op.rename.olddn); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_delete_internal(module, req->op.rename.olddn); + if (tret != LDB_SUCCESS) { + return tret; } - ret = ltdb_add_internal(module, msg); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_add_internal(module, msg); + if (tret != LDB_SUCCESS) { + return tret; } } else { /* The rename operation is changing DNs. Try to add the new DN first to avoid clobbering another DN not related to this rename operation. */ - ret = ltdb_add_internal(module, msg); - if (ret != LDB_SUCCESS) { - goto done; + tret = ltdb_add_internal(module, msg); + if (tret != LDB_SUCCESS) { + return tret; } tret = ltdb_delete_internal(module, req->op.rename.olddn); if (tret != LDB_SUCCESS) { ltdb_delete_internal(module, req->op.rename.newdn); - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + return LDB_ERR_OPERATIONS_ERROR; } } - if (ltdb_ac->callback) { - ret = ltdb_ac->callback(module->ldb, ltdb_ac->context, NULL); - } -done: - req->handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_SUCCESS; } static int ltdb_start_trans(struct ldb_module *module) @@ -962,24 +857,6 @@ static int ltdb_del_trans(struct ldb_module *module) return LDB_SUCCESS; } -static int ltdb_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - return handle->status; -} - -static int ltdb_request(struct ldb_module *module, struct ldb_request *req) -{ - /* check for oustanding critical controls - * and return an error if found */ - if (check_critical_controls(req->controls)) { - return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - } - - /* search, add, modify, delete, rename are handled by their own, - * no other op supported */ - return LDB_ERR_OPERATIONS_ERROR; -} - /* return sequenceNumber from @BASEINFO */ @@ -1013,7 +890,7 @@ static int ltdb_sequence_number(struct ldb_module *module, talloc_free(tmp_ctx); /* zero is as good as anything when we don't know */ req->op.seq_num.seq_num = 0; - return LDB_SUCCESS; + return tret; } switch (req->op.seq_num.type) { @@ -1034,22 +911,136 @@ static int ltdb_sequence_number(struct ldb_module *module, } break; } + talloc_free(tmp_ctx); + + return LDB_SUCCESS; +} + +void ltdb_request_done(struct ldb_request *req, int error) +{ + struct ldb_reply *ares; + + /* if we already returned an error just return */ + if (req->handle->status != LDB_SUCCESS) { + return; + } + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->error = error; + + req->callback(req, ares); +} + +static void ltdb_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ltdb_context *ctx; + ctx = talloc_get_type(private_data, struct ltdb_context); + + ltdb_request_done(ctx->req, LDB_ERR_TIME_LIMIT_EXCEEDED); +} + +static void ltdb_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ltdb_context *ctx; + int ret; + + ctx = talloc_get_type(private_data, struct ltdb_context); + + switch (ctx->req->operation) { + case LDB_SEARCH: + ret = ltdb_search(ctx); + break; + case LDB_ADD: + ret = ltdb_add(ctx); + break; + case LDB_MODIFY: + ret = ltdb_modify(ctx); + break; + case LDB_DELETE: + ret = ltdb_delete(ctx); + break; + case LDB_RENAME: + ret = ltdb_rename(ctx); + break; + default: + /* no other op supported */ + ret = LDB_ERR_UNWILLING_TO_PERFORM; + } + + if (!ctx->callback_failed) { + ltdb_request_done(ctx->req, ret); + } +} + +static int ltdb_handle_request(struct ldb_module *module, + struct ldb_request *req) +{ + struct event_context *ev; + struct ltdb_context *ac; + struct timed_event *te; + struct timeval tv; + + if (check_critical_controls(req->controls)) { + return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; + } + + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; + } + + ev = ldb_get_event_context(module->ldb); + + ac = talloc_zero(req, struct ltdb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, ltdb_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } + + + tv.tv_sec = req->starttime + req->timeout; + te = event_add_timed(ev, ac, tv, ltdb_timeout, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } + return LDB_SUCCESS; } static const struct ldb_module_ops ltdb_ops = { .name = "tdb", - .search = ltdb_search, - .add = ltdb_add, - .modify = ltdb_modify, - .del = ltdb_delete, - .rename = ltdb_rename, - .request = ltdb_request, + .search = ltdb_handle_request, + .add = ltdb_handle_request, + .modify = ltdb_handle_request, + .del = ltdb_handle_request, + .rename = ltdb_handle_request, +/* .request = ltdb_handle_request, */ .start_transaction = ltdb_start_trans, .end_transaction = ltdb_end_trans, .del_transaction = ltdb_del_trans, - .wait = ltdb_wait, .sequence_number = ltdb_sequence_number }; @@ -1114,7 +1105,7 @@ static int ltdb_connect(struct ldb_context *ldb, const char *url, ltdb->sequence_number = 0; *module = talloc(ldb, struct ldb_module); - if (!module) { + if ((*module) == NULL) { ldb_oom(ldb); talloc_free(ltdb); return -1; diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h index 4beced30eb..223181ca0b 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h @@ -41,16 +41,15 @@ struct ltdb_private { */ struct ltdb_context { struct ldb_module *module; + struct ldb_request *req; + + bool callback_failed; /* search stuff */ const struct ldb_parse_tree *tree; struct ldb_dn *base; enum ldb_scope scope; const char * const *attrs; - - /* async stuff */ - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; /* special record types */ @@ -80,7 +79,7 @@ int ltdb_check_at_attributes_values(const struct ldb_val *value); struct ldb_parse_tree; -int ltdb_search_indexed(struct ldb_handle *handle); +int ltdb_search_indexed(struct ltdb_context *ctx); int ltdb_index_add(struct ldb_module *module, const struct ldb_message *msg); int ltdb_index_del(struct ldb_module *module, const struct ldb_message *msg); int ltdb_index_one(struct ldb_module *module, const struct ldb_message *msg, int add); @@ -110,11 +109,9 @@ int ltdb_add_attr_results(struct ldb_module *module, unsigned int *count, struct ldb_message ***res); int ltdb_filter_attrs(struct ldb_message *msg, const char * const *attrs); -int ltdb_search(struct ldb_module *module, struct ldb_request *req); +int ltdb_search(struct ltdb_context *ctx); /* The following definitions come from lib/ldb/ldb_tdb/ldb_tdb.c */ -struct ldb_handle *init_ltdb_handle(struct ltdb_private *ltdb, struct ldb_module *module, - struct ldb_request *req); struct TDB_DATA ltdb_key(struct ldb_module *module, struct ldb_dn *dn); int ltdb_store(struct ldb_module *module, const struct ldb_message *msg, int flgs); int ltdb_delete_noindex(struct ldb_module *module, struct ldb_dn *dn); @@ -127,4 +124,3 @@ struct tdb_context *ltdb_wrap_open(TALLOC_CTX *mem_ctx, const char *path, int hash_size, int tdb_flags, int open_flags, mode_t mode, struct ldb_context *ldb); - -- cgit From 9f7c2548d9da848397b4730f02c7c47f23e259dc Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:34:56 -0400 Subject: LDB ASYNC: other backends --- source4/lib/ldb/ldb_ildap/ldb_ildap.c | 483 ++++++++++++------------ source4/lib/ldb/ldb_ldap/ldb_ldap.c | 588 ++++++++++++++++-------------- source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c | 130 ++++--- 3 files changed, 619 insertions(+), 582 deletions(-) diff --git a/source4/lib/ldb/ldb_ildap/ldb_ildap.c b/source4/lib/ldb/ldb_ildap/ldb_ildap.c index 5ad671ea2e..4aa71e6036 100644 --- a/source4/lib/ldb/ldb_ildap/ldb_ildap.c +++ b/source4/lib/ldb/ldb_ildap/ldb_ildap.c @@ -53,17 +53,57 @@ struct ildb_private { struct ldap_connection *ldap; - struct ldb_module *module; + struct event_context *event_ctx; }; struct ildb_context { + struct ldb_module *module; + struct ldb_request *req; + struct ildb_private *ildb; - struct ldb_handle *handle; - struct ldap_request *req; - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldap_request *ireq; + + bool done; + + struct ildb_destructor_ctx *dc; }; +static void ildb_request_done(struct ildb_context *ctx, + struct ldb_control **ctrls, int error) +{ + struct ldb_reply *ares; + + ctx->done = true; + + if (ctx->req == NULL) { + /* if the req has been freed already just return */ + return; + } + + ares = talloc_zero(ctx->req, struct ldb_reply); + if (!ares) { + ldb_oom(ctx->req->handle->ldb); + ctx->req->callback(ctx->req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->error = error; + + ctx->req->callback(ctx->req, ares); +} + +static void ildb_auto_done_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct ildb_context *ac; + + ac = talloc_get_type(private_data, struct ildb_context); + ildb_request_done(ac, NULL, LDB_SUCCESS); +} + /* convert a ldb_message structure to a list of ldap_mod structures ready for ildap_add() or ildap_modify() @@ -122,17 +162,19 @@ failed: /* map an ildap NTSTATUS to a ldb error code */ -static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status) +static int ildb_map_error(struct ldb_module *module, NTSTATUS status) { + struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + TALLOC_CTX *mem_ctx = talloc_new(ildb); if (NT_STATUS_IS_OK(status)) { return LDB_SUCCESS; } if (!mem_ctx) { - ldb_oom(ildb->module->ldb); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ldb_set_errstring(ildb->module->ldb, + ldb_set_errstring(module->ldb, ldap_errstr(ildb->ldap, mem_ctx, status)); talloc_free(mem_ctx); if (NT_STATUS_IS_LDAP(status)) { @@ -141,47 +183,46 @@ static int ildb_map_error(struct ildb_private *ildb, NTSTATUS status) return LDB_ERR_OPERATIONS_ERROR; } -static void ildb_request_timeout(struct event_context *ev, - struct timed_event *te, +static void ildb_request_timeout(struct event_context *ev, struct timed_event *te, struct timeval t, void *private_data) { - struct ildb_context *ac; - struct ldb_handle *handle; - - ac = talloc_get_type(private_data, struct ildb_context); - handle = ac->handle; - - ac = talloc_get_type(private_data, struct ildb_context); + struct ildb_context *ac = talloc_get_type(private_data, struct ildb_context); - if (ac->req->state == LDAP_REQUEST_PENDING) { - DLIST_REMOVE(ac->req->conn->pending, ac->req); + if (ac->ireq->state == LDAP_REQUEST_PENDING) { + DLIST_REMOVE(ac->ireq->conn->pending, ac->ireq); } - handle->status = LDB_ERR_TIME_LIMIT_EXCEEDED; - - return; + ildb_request_done(ac, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED); } static void ildb_callback(struct ldap_request *req) { struct ildb_context *ac; - struct ldb_handle *handle; - struct ildb_private *ildb; NTSTATUS status; + struct ldap_SearchResEntry *search; + struct ldap_message *msg; + struct ldb_control **controls; + struct ldb_message *ldbmsg; + char *referral; + bool callback_failed; + bool request_done; + int ret; int i; ac = talloc_get_type(req->async.private_data, struct ildb_context); - ildb = ac->ildb; - handle = ac->handle; - handle->status = LDB_SUCCESS; + callback_failed = false; + request_done = false; + controls = NULL; if (!NT_STATUS_IS_OK(req->status)) { - handle->status = ildb_map_error(ildb, req->status); + ret = ildb_map_error(ac->module, req->status); + ildb_request_done(ac, NULL, ret); return; } if (req->num_replies < 1) { - handle->status = LDB_ERR_OPERATIONS_ERROR; + ret = LDB_ERR_OPERATIONS_ERROR; + ildb_request_done(ac, NULL, ret); return; } @@ -189,140 +230,112 @@ static void ildb_callback(struct ldap_request *req) case LDAP_TAG_ModifyRequest: if (req->replies[0]->type != LDAP_TAG_ModifyResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_AddRequest: if (req->replies[0]->type != LDAP_TAG_AddResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_DelRequest: if (req->replies[0]->type != LDAP_TAG_DelResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_ModifyDNRequest: if (req->replies[0]->type != LDAP_TAG_ModifyDNResponse) { - handle->status = LDB_ERR_PROTOCOL_ERROR; + ret = LDB_ERR_PROTOCOL_ERROR; return; } - status = ldap_check_response(req->conn, &req->replies[0]->r.GeneralResult); - handle->status = ildb_map_error(ildb, status); - if (ac->callback && handle->status == LDB_SUCCESS) { - /* FIXME: build a corresponding ares to pass on */ - handle->status = ac->callback(ac->ildb->module->ldb, ac->context, NULL); - } - handle->state = LDB_ASYNC_DONE; + status = ldap_check_response(ac->ireq->conn, &req->replies[0]->r.GeneralResult); + ret = ildb_map_error(ac->module, status); + request_done = true; break; case LDAP_TAG_SearchRequest: /* loop over all messages */ for (i = 0; i < req->num_replies; i++) { - struct ldap_SearchResEntry *search; - struct ldb_reply *ares = NULL; - struct ldap_message *msg; - int ret; - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; - } msg = req->replies[i]; switch (msg->type) { case LDAP_TAG_SearchResultDone: - status = ldap_check_response(req->conn, &msg->r.GeneralResult); + status = ldap_check_response(ac->ireq->conn, &msg->r.GeneralResult); if (!NT_STATUS_IS_OK(status)) { - handle->status = ildb_map_error(ildb, status); - return; + ret = ildb_map_error(ac->module, status); + break; } - ares->controls = talloc_move(ares, &msg->controls); + controls = talloc_steal(ac, msg->controls); if (msg->r.SearchResultDone.resultcode) { if (msg->r.SearchResultDone.errormessage) { - ldb_set_errstring(ac->ildb->module->ldb, msg->r.SearchResultDone.errormessage); + ldb_set_errstring(ac->module->ldb, msg->r.SearchResultDone.errormessage); } } - handle->status = msg->r.SearchResultDone.resultcode; - handle->state = LDB_ASYNC_DONE; - ares->type = LDB_REPLY_DONE; + ret = msg->r.SearchResultDone.resultcode; + request_done = true; break; case LDAP_TAG_SearchResultEntry: - - ares->message = ldb_msg_new(ares); - if (!ares->message) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; + ldbmsg = ldb_msg_new(ac); + if (!ldbmsg) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; } search = &(msg->r.SearchResultEntry); - ares->message->dn = ldb_dn_new(ares->message, ac->ildb->module->ldb, search->dn); - if ( ! ldb_dn_validate(ares->message->dn)) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return; + ldbmsg->dn = ldb_dn_new(ldbmsg, ac->module->ldb, search->dn); + if ( ! ldb_dn_validate(ldbmsg->dn)) { + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - ares->message->num_elements = search->num_attributes; - ares->message->elements = talloc_move(ares->message, - &search->attributes); + ldbmsg->num_elements = search->num_attributes; + ldbmsg->elements = talloc_move(ldbmsg, &search->attributes); - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_PENDING; - ares->type = LDB_REPLY_ENTRY; + ret = ldb_module_send_entry(ac->req, ldbmsg); + if (ret != LDB_SUCCESS) { + callback_failed = true; + } break; case LDAP_TAG_SearchResultReference: - ares->referral = talloc_strdup(ares, msg->r.SearchResultReference.referral); + referral = talloc_strdup(ac, msg->r.SearchResultReference.referral); - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_PENDING; - ares->type = LDB_REPLY_REFERRAL; + ret = ldb_module_send_referral(ac->req, referral); + if (ret != LDB_SUCCESS) { + callback_failed = true; + } break; default: /* TAG not handled, fail ! */ - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - ret = ac->callback(ac->ildb->module->ldb, ac->context, ares); - if (ret) { - handle->status = ret; + if (ret != LDB_SUCCESS) { + break; } } @@ -333,121 +346,81 @@ static void ildb_callback(struct ldap_request *req) break; default: - handle->status = LDB_ERR_PROTOCOL_ERROR; - return; + ret = LDB_ERR_PROTOCOL_ERROR; + break; } -} -static struct ildb_context *init_ildb_handle(struct ildb_private *ildb, - struct ldb_request *req) -{ - struct ildb_context *ildb_ac; - struct ldb_handle *h; + if (ret != LDB_SUCCESS) { - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(ildb->module->ldb, "Out of Memory"); - return NULL; + /* if the callback failed the caller will have freed the + * request. Just return and don't try to use it */ + if ( ! callback_failed) { + request_done = true; + } } - h->module = ildb->module; - - ildb_ac = talloc(h, struct ildb_context); - if (ildb_ac == NULL) { - ldb_set_errstring(ildb->module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + if (request_done) { + ildb_request_done(ac, controls, ret); } - - h->private_data = ildb_ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ildb_ac->ildb = ildb; - ildb_ac->handle = h; - ildb_ac->context = req->context; - ildb_ac->callback = req->callback; - - req->handle = h; - return ildb_ac; + return; } -static int ildb_request_send(struct ildb_private *ildb, struct ldap_message *msg, struct ldb_request *r) +static int ildb_request_send(struct ildb_context *ac, struct ldap_message *msg) { - struct ildb_context *ildb_ac = init_ildb_handle(ildb, r); struct ldap_request *req; - if (!ildb_ac) { + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - req = ldap_request_send(ildb->ldap, msg); + req = ldap_request_send(ac->ildb->ldap, msg); if (req == NULL) { - ldb_set_errstring(ildb->module->ldb, "async send request failed"); + ldb_set_errstring(ac->module->ldb, "async send request failed"); return LDB_ERR_OPERATIONS_ERROR; } - ildb_ac->req = talloc_steal(ildb_ac, req); + ac->ireq = talloc_steal(ac, req); - if (!req->conn) { - ldb_set_errstring(ildb->module->ldb, "connection to remote LDAP server dropped?"); + if (!ac->ireq->conn) { + ldb_set_errstring(ac->module->ldb, "connection to remote LDAP server dropped?"); return LDB_ERR_OPERATIONS_ERROR; } talloc_free(req->time_event); req->time_event = NULL; - if (r->timeout) { - req->time_event = event_add_timed(req->conn->event.event_ctx, ildb_ac, - timeval_current_ofs(r->timeout, 0), - ildb_request_timeout, ildb_ac); + if (ac->req->timeout) { + req->time_event = event_add_timed(ac->ildb->event_ctx, ac, + timeval_current_ofs(ac->req->timeout, 0), + ildb_request_timeout, ac); } req->async.fn = ildb_callback; - req->async.private_data = ildb_ac; + req->async.private_data = ac; return LDB_SUCCESS; } -static int ildb_request_noop(struct ildb_private *ildb, struct ldb_request *req) -{ - struct ildb_context *ildb_ac = init_ildb_handle(ildb, req); - int ret = LDB_SUCCESS; - - if (!ildb_ac) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (ildb_ac->callback) { - ret = ildb_ac->callback(ildb->module->ldb, ildb_ac->context, NULL); - } - ildb_ac->handle->state = LDB_ASYNC_DONE; - return ret; -} - /* search for matching records using an asynchronous function */ -static int ildb_search(struct ldb_module *module, struct ldb_request *req) +static int ildb_search(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; int n; - req->handle = NULL; - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, "Async interface called with NULL callback function or NULL context"); + ldb_set_errstring(ac->module->ldb, "Async interface called with NULL callback function or NULL context"); return LDB_ERR_OPERATIONS_ERROR; } if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Invalid expression parse tree"); + ldb_set_errstring(ac->module->ldb, "Invalid expression parse tree"); return LDB_ERR_OPERATIONS_ERROR; } msg = new_ldap_message(req); if (msg == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + ldb_set_errstring(ac->module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } @@ -459,7 +432,7 @@ static int ildb_search(struct ldb_module *module, struct ldb_request *req) msg->r.SearchRequest.basedn = ldb_dn_alloc_linearized(msg, req->op.search.base); } if (msg->r.SearchRequest.basedn == NULL) { - ldb_set_errstring(module->ldb, "Unable to determine baseDN"); + ldb_set_errstring(ac->module->ldb, "Unable to determine baseDN"); talloc_free(msg); return LDB_ERR_OPERATIONS_ERROR; } @@ -481,26 +454,19 @@ static int ildb_search(struct ldb_module *module, struct ldb_request *req) msg->r.SearchRequest.attributes = discard_const(req->op.search.attrs); msg->controls = req->controls; - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* add a record */ -static int ildb_add(struct ldb_module *module, struct ldb_request *req) +static int ildb_add(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; struct ldap_mod **mods; int i,n; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -531,26 +497,19 @@ static int ildb_add(struct ldb_module *module, struct ldb_request *req) msg->r.AddRequest.attributes[i] = mods[i]->attrib; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* modify a record */ -static int ildb_modify(struct ldb_module *module, struct ldb_request *req) +static int ildb_modify(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; struct ldap_mod **mods; int i,n; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.mod.message->dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -581,24 +540,17 @@ static int ildb_modify(struct ldb_module *module, struct ldb_request *req) msg->r.ModifyRequest.mods[i] = *mods[i]; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* delete a record */ -static int ildb_delete(struct ldb_module *module, struct ldb_request *req) +static int ildb_delete(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.del.dn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -612,24 +564,17 @@ static int ildb_delete(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_INVALID_DN_SYNTAX; } - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } /* rename a record */ -static int ildb_rename(struct ldb_module *module, struct ldb_request *req) +static int ildb_rename(struct ildb_context *ac) { - struct ildb_private *ildb = talloc_get_type(module->private_data, struct ildb_private); + struct ldb_request *req = ac->req; struct ldap_message *msg; - req->handle = NULL; - - /* ignore ltdb specials */ - if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) { - return ildb_request_noop(ildb, req); - } - msg = new_ldap_message(req); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; @@ -660,7 +605,7 @@ static int ildb_rename(struct ldb_module *module, struct ldb_request *req) msg->r.ModifyDNRequest.deleteolddn = true; - return ildb_request_send(ildb, msg, req); + return ildb_request_send(ac, msg); } static int ildb_start_trans(struct ldb_module *module) @@ -684,57 +629,105 @@ static int ildb_del_trans(struct ldb_module *module) return LDB_SUCCESS; } -static int ildb_request(struct ldb_module *module, struct ldb_request *req) +static bool ildb_dn_is_special(struct ldb_request *req) { - return LDB_ERR_OPERATIONS_ERROR; + struct ldb_dn *dn = NULL; + + switch (req->operation) { + case LDB_ADD: + dn = req->op.add.message->dn; + break; + case LDB_MODIFY: + dn = req->op.mod.message->dn; + break; + case LDB_DELETE: + dn = req->op.del.dn; + break; + case LDB_RENAME: + dn = req->op.rename.olddn; + break; + default: + break; + } + + if (dn && ldb_dn_is_special(dn)) { + return true; + } + return false; } -static int ildb_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int ildb_handle_request(struct ldb_module *module, struct ldb_request *req) { - struct ildb_context *ac = talloc_get_type(handle->private_data, struct ildb_context); + struct ildb_private *ildb; + struct ildb_context *ac; + struct timed_event *te; + int ret; + + ildb = talloc_get_type(module->private_data, struct ildb_private); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; } - if (!ac) { + ac = talloc_zero(req, struct ildb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_INIT; + ac->module = module; + ac->req = req; + ac->ildb = ildb; + + if (ildb_dn_is_special(req)) { - switch(type) { - case LDB_WAIT_NONE: - if (event_loop_once(ac->req->conn->event.event_ctx) != 0) { - return LDB_ERR_OTHER; + te = event_add_timed(ac->ildb->event_ctx, + ac, timeval_zero(), + ildb_auto_done_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; } + + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = ildb_search(ac); break; - case LDB_WAIT_ALL: - while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) { - if (event_loop_once(ac->req->conn->event.event_ctx) != 0) { - return LDB_ERR_OTHER; - } - } + case LDB_ADD: + ret = ildb_add(ac); + break; + case LDB_MODIFY: + ret = ildb_modify(ac); + break; + case LDB_DELETE: + ret = ildb_delete(ac); + break; + case LDB_RENAME: + ret = ildb_rename(ac); break; default: - return LDB_ERR_OPERATIONS_ERROR; + /* no other op supported */ + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - return handle->status; + return ret; } static const struct ldb_module_ops ildb_ops = { .name = "ldap", - .search = ildb_search, - .add = ildb_add, - .modify = ildb_modify, - .del = ildb_delete, - .rename = ildb_rename, - .request = ildb_request, + .search = ildb_handle_request, + .add = ildb_handle_request, + .modify = ildb_handle_request, + .del = ildb_handle_request, + .rename = ildb_handle_request, +/* .request = ildb_handle_request, */ .start_transaction = ildb_start_trans, .end_transaction = ildb_end_trans, .del_transaction = ildb_del_trans, - .wait = ildb_wait }; /* @@ -748,7 +741,6 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, struct ildb_private *ildb; NTSTATUS status; struct cli_credentials *creds; - struct event_context *event_ctx; module = talloc(ldb, struct ldb_module); if (!module) { @@ -758,7 +750,6 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, talloc_set_name_const(module, "ldb_ildap backend"); module->ldb = ldb; module->prev = module->next = NULL; - module->private_data = NULL; module->ops = &ildb_ops; ildb = talloc(module, struct ildb_private); @@ -767,12 +758,12 @@ static int ildb_connect(struct ldb_context *ldb, const char *url, goto failed; } module->private_data = ildb; - ildb->module = module; - event_ctx = ldb_get_event_context(ldb); + ildb->event_ctx = ldb_get_event_context(ldb); + ildb->ldap = ldap4_new_connection(ildb, ldb_get_opaque(ldb, "loadparm"), - event_ctx); + ildb->event_ctx); if (!ildb->ldap) { ldb_oom(ldb); goto failed; diff --git a/source4/lib/ldb/ldb_ldap/ldb_ldap.c b/source4/lib/ldb/ldb_ldap/ldb_ldap.c index a4534c549a..7caee10b47 100644 --- a/source4/lib/ldb/ldb_ldap/ldb_ldap.c +++ b/source4/lib/ldb/ldb_ldap/ldb_ldap.c @@ -45,17 +45,16 @@ struct lldb_private { LDAP *ldap; - struct ldb_module *module; }; struct lldb_context { + struct ldb_module *module; + struct ldb_request *req; + struct lldb_private *lldb; - struct ldb_handle *handle; + + struct ldb_control **controls; int msgid; - int timeout; - time_t starttime; - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; static int lldb_ldap_to_ldb(int err) { @@ -63,42 +62,6 @@ static int lldb_ldap_to_ldb(int err) { return err; } -static struct lldb_context *init_lldb_handle(struct lldb_private *lldb, struct ldb_request *req) -{ - struct lldb_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(lldb->module->ldb, "Out of Memory"); - return NULL; - } - - h->module = lldb->module; - - ac = talloc(h, struct lldb_context); - if (ac == NULL) { - ldb_set_errstring(lldb->module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->lldb = lldb; - ac->handle = h; - ac->context = req->context; - ac->callback = req->callback; - ac->timeout = req->timeout; - ac->starttime = req->starttime; - ac->msgid = 0; - - req->handle = h; - return ac; -} /* convert a ldb_message structure to a list of LDAPMod structures ready for ldap_add() or ldap_modify() @@ -230,10 +193,11 @@ static int lldb_add_msg_attr(struct ldb_context *ldb, /* search for matching records */ -static int lldb_search(struct ldb_module *module, struct ldb_request *req) +static int lldb_search(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; struct timeval tv; int ldap_scope; char *search_base; @@ -254,10 +218,7 @@ static int lldb_search(struct ldb_module *module, struct ldb_request *req) ldb_debug(module->ldb, LDB_DEBUG_WARNING, "Controls are not yet supported by ldb_ldap backend!\n"); } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; search_base = ldb_dn_alloc_linearized(lldb_ac, req->op.search.base); if (req->op.search.base == NULL) { @@ -307,23 +268,16 @@ static int lldb_search(struct ldb_module *module, struct ldb_request *req) /* add a record */ -static int lldb_add(struct ldb_module *module, struct ldb_request *req) +static int lldb_add(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; LDAPMod **mods; char *dn; int ret; - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.add.message->dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; mods = lldb_msg_to_mods(lldb_ac, req->op.add.message, 0); if (mods == NULL) { @@ -350,23 +304,16 @@ static int lldb_add(struct ldb_module *module, struct ldb_request *req) /* modify a record */ -static int lldb_modify(struct ldb_module *module, struct ldb_request *req) +static int lldb_modify(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; LDAPMod **mods; char *dn; int ret; - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.mod.message->dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - - lldb_ac = init_lldb_handle(lldb, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; mods = lldb_msg_to_mods(lldb_ac, req->op.mod.message, 1); if (mods == NULL) { @@ -393,22 +340,15 @@ static int lldb_modify(struct ldb_module *module, struct ldb_request *req) /* delete a record */ -static int lldb_delete(struct ldb_module *module, struct ldb_request *req) +static int lldb_delete(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; char *dnstr; int ret; - - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.del.dn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; dnstr = ldb_dn_alloc_linearized(lldb_ac, req->op.del.dn); @@ -427,24 +367,17 @@ static int lldb_delete(struct ldb_module *module, struct ldb_request *req) /* rename a record */ -static int lldb_rename(struct ldb_module *module, struct ldb_request *req) +static int lldb_rename(struct lldb_context *lldb_ac) { - struct lldb_private *lldb = talloc_get_type(module->private_data, struct lldb_private); - struct lldb_context *lldb_ac; + struct lldb_private *lldb = lldb_ac->lldb; + struct ldb_module *module = lldb_ac->module; + struct ldb_request *req = lldb_ac->req; char *old_dn; char *newrdn; char *parentdn; int ret; - - /* ltdb specials should not reach this point */ - if (ldb_dn_is_special(req->op.rename.olddn) || ldb_dn_is_special(req->op.rename.newdn)) { - return LDB_ERR_INVALID_DN_SYNTAX; - } - lldb_ac = init_lldb_handle(lldb, req); - if (lldb_ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + req->handle->state = LDB_ASYNC_PENDING; old_dn = ldb_dn_alloc_linearized(lldb_ac, req->op.rename.olddn); if (old_dn == NULL) { @@ -474,57 +407,99 @@ static int lldb_rename(struct ldb_module *module, struct ldb_request *req) return lldb_ldap_to_ldb(ret); } -static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) +static int lldb_start_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +static int lldb_end_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +static int lldb_del_trans(struct ldb_module *module) +{ + /* TODO implement a local transaction mechanism here */ + + return LDB_SUCCESS; +} + +void lldb_request_done(struct ldb_request *req, + struct ldb_control **ctrls, int error) +{ + struct ldb_reply *ares; + + ares = talloc_zero(req, struct ldb_reply); + if (!ares) { + ldb_oom(req->handle->ldb); + req->callback(req, NULL); + return; + } + ares->type = LDB_REPLY_DONE; + ares->controls = talloc_steal(ares, ctrls); + ares->error = error; + + req->callback(req, ares); +} + +/* return false if the request is still in progress + * return true if the request is completed + */ +static bool lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) { - struct ldb_handle *handle = ac->handle; struct lldb_private *lldb = ac->lldb; - struct ldb_reply *ares = NULL; - LDAPMessage *msg; - int type; + LDAPControl **serverctrlsp = NULL; + char **referralsp = NULL; char *matcheddnp = NULL; char *errmsgp = NULL; - char **referralsp = NULL; - LDAPControl **serverctrlsp = NULL; - int ret = LDB_SUCCESS; - - type = ldap_msgtype(result); + LDAPMessage *msg; + int type; + struct ldb_message *ldbmsg; + char *referral; + bool callback_failed; + bool request_done; + bool lret; + int ret; + int i; - handle->status = 0; + type = ldap_msgtype(result); + callback_failed = false; + request_done = false; switch (type) { - case LDAP_RES_SEARCH_ENTRY: + msg = ldap_first_entry(lldb->ldap, result); if (msg != NULL) { BerElement *berptr = NULL; char *attr, *dn; - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - - ares->message = ldb_msg_new(ares); - if (!ares->message) { + ldbmsg = ldb_msg_new(ac); + if (!ldbmsg) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } dn = ldap_get_dn(lldb->ldap, msg); if (!dn) { + talloc_free(ldbmsg); ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } - ares->message->dn = ldb_dn_new(ares->message, ac->lldb->module->ldb, dn); - if ( ! ldb_dn_validate(ares->message->dn)) { + ldbmsg->dn = ldb_dn_new(ldbmsg, ac->module->ldb, dn); + if ( ! ldb_dn_validate(ldbmsg->dn)) { + talloc_free(ldbmsg); ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + break; } ldap_memfree(dn); - ares->message->num_elements = 0; - ares->message->elements = NULL; + ldbmsg->num_elements = 0; + ldbmsg->elements = NULL; /* loop over all attributes */ for (attr=ldap_first_attribute(lldb->ldap, msg, &berptr); @@ -534,97 +509,104 @@ static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) bval = ldap_get_values_len(lldb->ldap, msg, attr); if (bval) { - lldb_add_msg_attr(ac->lldb->module->ldb, ares->message, attr, bval); + lldb_add_msg_attr(ac->module->ldb, ldbmsg, attr, bval); ldap_value_free_len(bval); - } + } } if (berptr) ber_free(berptr, 0); + ret = ldb_module_send_entry(ac->req, ldbmsg); + if (ret != LDB_SUCCESS) { - ares->type = LDB_REPLY_ENTRY; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); + callback_failed = true; + } } else { - handle->status = LDB_ERR_PROTOCOL_ERROR; - handle->state = LDB_ASYNC_DONE; + ret = LDB_ERR_OPERATIONS_ERROR; } break; case LDAP_RES_SEARCH_REFERENCE: - if (ldap_parse_result(lldb->ldap, result, &handle->status, + + if (ldap_parse_result(lldb->ldap, result, &ret, &matcheddnp, &errmsgp, &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; } - if (referralsp == NULL) { - handle->status = LDB_ERR_PROTOCOL_ERROR; - goto error; + if (ret != LDB_SUCCESS) { + break; } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + if (referralsp == NULL) { + ret = LDB_ERR_PROTOCOL_ERROR; + break; } - ares->referral = talloc_strdup(ares, *referralsp); - ares->type = LDB_REPLY_REFERRAL; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); + for (i = 0; referralsp[i]; i++) { + referral = talloc_strdup(ac, referralsp[i]); + ret = ldb_module_send_referral(ac->req, referral); + if (ret != LDB_SUCCESS) { + callback_failed = true; + break; + } + } break; case LDAP_RES_SEARCH_RESULT: - if (ldap_parse_result(lldb->ldap, result, &handle->status, + case LDAP_RES_MODIFY: + case LDAP_RES_ADD: + case LDAP_RES_DELETE: + case LDAP_RES_MODDN: + + if (ldap_parse_result(lldb->ldap, result, &ret, &matcheddnp, &errmsgp, &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { ret = LDB_ERR_OPERATIONS_ERROR; - goto error; + } + if (ret != LDB_SUCCESS) { + break; } if (serverctrlsp != NULL) { /* FIXME: transform the LDAPControl list into an ldb_control one */ - ares->controls = NULL; + ac->controls = NULL; } - - ares->type = LDB_REPLY_DONE; - handle->state = LDB_ASYNC_DONE; - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); - - break; - case LDAP_RES_MODIFY: - case LDAP_RES_ADD: - case LDAP_RES_DELETE: - case LDAP_RES_MODDN: - if (ldap_parse_result(lldb->ldap, result, &handle->status, - &matcheddnp, &errmsgp, - &referralsp, &serverctrlsp, 0) != LDAP_SUCCESS) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - goto error; - } - if (ac->callback && handle->status == LDB_SUCCESS) { - ares = NULL; /* FIXME: build a corresponding ares to pass on */ - ret = ac->callback(ac->lldb->module->ldb, ac->context, ares); - } - handle->state = LDB_ASYNC_DONE; + request_done = true; break; default: ret = LDB_ERR_PROTOCOL_ERROR; - goto error; + break; } + if (ret != LDB_SUCCESS) { + + /* if the callback failed the caller will have freed the + * request. Just return and don't try to use it */ + if (callback_failed) { + + /* tell lldb_wait to remove the request from the + * queue */ + lret = true; + goto free_and_return; + } + + request_done = true; + } + + if (request_done) { + lldb_request_done(ac->req, ac->controls, ret); + lret = true; + goto free_and_return; + } + + lret = false; + +free_and_return: + if (matcheddnp) ldap_memfree(matcheddnp); if (errmsgp && *errmsgp) { - ldb_set_errstring(ac->lldb->module->ldb, errmsgp); - } else if (handle->status) { - ldb_set_errstring(ac->lldb->module->ldb, ldap_err2string(handle->status)); + ldb_set_errstring(ac->module->ldb, errmsgp); } if (errmsgp) { ldap_memfree(errmsgp); @@ -633,131 +615,203 @@ static int lldb_parse_result(struct lldb_context *ac, LDAPMessage *result) if (serverctrlsp) ldap_controls_free(serverctrlsp); ldap_msgfree(result); - return lldb_ldap_to_ldb(handle->status); -error: - handle->state = LDB_ASYNC_DONE; - ldap_msgfree(result); - return ret; + return lret; } -static int lldb_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static void lldb_timeout(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) { - struct lldb_context *ac = talloc_get_type(handle->private_data, struct lldb_context); - struct lldb_private *lldb = ac->lldb; - struct timeval timeout; + struct lldb_context *ac; + ac = talloc_get_type(private_data, struct lldb_context); + + lldb_request_done(ac->req, NULL, LDB_ERR_TIME_LIMIT_EXCEEDED); +} + +static void lldb_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct lldb_context *ac; + struct timed_event *lte; + struct timeval tv; LDAPMessage *result; - int ret, lret; + int lret; + + ac = talloc_get_type(private_data, struct lldb_context); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (!ac->msgid) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + return; } - if (!ac || !ac->msgid) { - return LDB_ERR_OPERATIONS_ERROR; + tv.tv_sec = 0; + tv.tv_usec = 0; + lret = ldap_result(ac->lldb->ldap, ac->msgid, 0, &tv, &result); + if (lret == 0) { + goto respin; + } + if (lret == -1) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + return; } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; + if ( ! lldb_parse_result(ac, result)) { + goto respin; + } - switch(type) { - case LDB_WAIT_NONE: + return; - if ((ac->timeout != -1) && - ((ac->starttime + ac->timeout) > time(NULL))) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; - } +respin: + tv.tv_sec = 0; + tv.tv_usec = 100; + lte = event_add_timed(ev, ac, tv, lldb_callback, ac); + if (NULL == lte) { + lldb_request_done(ac->req, NULL, LDB_ERR_OPERATIONS_ERROR); + } +} - timeout.tv_sec = 0; - timeout.tv_usec = 0; +static bool lldb_dn_is_special(struct ldb_request *req) +{ + struct ldb_dn *dn = NULL; - lret = ldap_result(lldb->ldap, ac->msgid, 0, &timeout, &result); - if (lret == -1) { - return LDB_ERR_OPERATIONS_ERROR; - } - if (lret == 0) { - ret = LDB_SUCCESS; - goto done; - } + switch (req->operation) { + case LDB_ADD: + dn = req->op.add.message->dn; + break; + case LDB_MODIFY: + dn = req->op.mod.message->dn; + break; + case LDB_DELETE: + dn = req->op.del.dn; + break; + case LDB_RENAME: + dn = req->op.rename.olddn; + break; + default: + break; + } - return lldb_parse_result(ac, result); + if (dn && ldb_dn_is_special(dn)) { + return true; + } + return false; +} - case LDB_WAIT_ALL: - timeout.tv_usec = 0; - ret = LDB_ERR_OPERATIONS_ERROR; +static void lldb_auto_done_callback(struct event_context *ev, + struct timed_event *te, + struct timeval t, + void *private_data) +{ + struct lldb_context *ac; - while (handle->status == LDB_SUCCESS && handle->state != LDB_ASYNC_DONE) { + ac = talloc_get_type(private_data, struct lldb_context); + lldb_request_done(ac->req, NULL, LDB_SUCCESS); +} - if (ac->timeout == -1) { - lret = ldap_result(lldb->ldap, ac->msgid, 0, NULL, &result); - } else { - timeout.tv_sec = ac->timeout - (time(NULL) - ac->starttime); - if (timeout.tv_sec <= 0) - return LDB_ERR_TIME_LIMIT_EXCEEDED; - lret = ldap_result(lldb->ldap, ac->msgid, 0, &timeout, &result); - } - if (lret == -1) { - return LDB_ERR_OPERATIONS_ERROR; - } - if (lret == 0) { - return LDB_ERR_TIME_LIMIT_EXCEEDED; - } +static int lldb_handle_request(struct ldb_module *module, struct ldb_request *req) +{ + struct lldb_private *lldb; + struct lldb_context *ac; + struct event_context *ev; + struct timed_event *te; + struct timeval tv; + int ret; - ret = lldb_parse_result(ac, result); - if (ret != LDB_SUCCESS) { - return ret; - } + lldb = talloc_get_type(module->private_data, struct lldb_private); + + if (req->starttime == 0 || req->timeout == 0) { + ldb_set_errstring(module->ldb, "Invalid timeout settings"); + return LDB_ERR_TIME_LIMIT_EXCEEDED; + } + + ev = ldb_get_event_context(module->ldb); + if (NULL == ev) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = talloc_zero(module->ldb, struct lldb_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + ac->lldb = lldb; + ac->msgid = 0; + + if (lldb_dn_is_special(req)) { + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, + lldb_auto_done_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; } + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = lldb_search(ac); + break; + case LDB_ADD: + ret = lldb_add(ac); + break; + case LDB_MODIFY: + ret = lldb_modify(ac); + break; + case LDB_DELETE: + ret = lldb_delete(ac); + break; + case LDB_RENAME: + ret = lldb_rename(ac); break; - default: - handle->state = LDB_ASYNC_DONE; + /* no other op supported */ ret = LDB_ERR_OPERATIONS_ERROR; + break; } -done: - return ret; -} - -static int lldb_start_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ - - return LDB_SUCCESS; -} + if (ret != LDB_SUCCESS) { + lldb_request_done(req, NULL, ret); + return ret; + } -static int lldb_end_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ + tv.tv_sec = 0; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, lldb_callback, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } - return LDB_SUCCESS; -} -static int lldb_del_trans(struct ldb_module *module) -{ - /* TODO implement a local transaction mechanism here */ + tv.tv_sec = req->starttime + req->timeout; + tv.tv_usec = 0; + te = event_add_timed(ev, ac, tv, lldb_timeout, ac); + if (NULL == te) { + return LDB_ERR_OPERATIONS_ERROR; + } return LDB_SUCCESS; } -static int lldb_request(struct ldb_module *module, struct ldb_request *req) -{ - return LDB_ERR_OPERATIONS_ERROR; -} - static const struct ldb_module_ops lldb_ops = { .name = "ldap", - .search = lldb_search, - .add = lldb_add, - .modify = lldb_modify, - .del = lldb_delete, - .rename = lldb_rename, - .request = lldb_request, + .search = lldb_handle_request, + .add = lldb_handle_request, + .modify = lldb_handle_request, + .del = lldb_handle_request, + .rename = lldb_handle_request, + .request = lldb_handle_request, .start_transaction = lldb_start_trans, .end_transaction = lldb_end_trans, .del_transaction = lldb_del_trans, - .wait = lldb_wait }; @@ -771,8 +825,8 @@ static int lldb_destructor(struct lldb_private *lldb) connect to the database */ static int lldb_connect(struct ldb_context *ldb, - const char *url, - unsigned int flags, + const char *url, + unsigned int flags, const char *options[], struct ldb_module **_module) { @@ -790,7 +844,6 @@ static int lldb_connect(struct ldb_context *ldb, talloc_set_name_const(module, "ldb_ldap backend"); module->ldb = ldb; module->prev = module->next = NULL; - module->private_data = NULL; module->ops = &lldb_ops; lldb = talloc(module, struct lldb_private); @@ -799,7 +852,6 @@ static int lldb_connect(struct ldb_context *ldb, goto failed; } module->private_data = lldb; - lldb->module = module; lldb->ldap = NULL; ret = ldap_initialize(&lldb->ldap, url); diff --git a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c index a0e63c8da1..be99c29d1e 100644 --- a/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c +++ b/source4/lib/ldb/ldb_sqlite3/ldb_sqlite3.c @@ -44,51 +44,14 @@ struct lsqlite3_private { struct lsql_context { struct ldb_module *module; + struct ldb_request *req; /* search stuff */ long long current_eid; const char * const * attrs; struct ldb_reply *ares; - - /* async stuff */ - void *context; - int (*callback)(struct ldb_context *, void *, struct ldb_reply *); }; -static struct ldb_handle *init_handle(struct lsqlite3_private *lsqlite3, - struct ldb_module *module, - struct ldb_request *req) -{ - struct lsql_context *ac; - struct ldb_handle *h; - - h = talloc_zero(lsqlite3, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc(h, struct lsql_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->context = req->context; - ac->callback = req->callback; - - return h; -} - /* * Macros used throughout */ @@ -835,11 +798,6 @@ int lsql_search(struct ldb_module *module, struct ldb_request *req) char *query = NULL; int ret; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); if ((( ! ldb_dn_is_valid(req->op.search.base)) || ldb_dn_is_null(req->op.search.base)) && @@ -1013,10 +971,6 @@ static int lsql_add(struct ldb_module *module, struct ldb_request *req) int i; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1143,10 +1097,6 @@ static int lsql_modify(struct ldb_module *module, struct ldb_request *req) int i; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1329,10 +1279,6 @@ static int lsql_delete(struct ldb_module *module, struct ldb_request *req) int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1382,10 +1328,6 @@ static int lsql_rename(struct ldb_module *module, struct ldb_request *req) char *query; int ret = LDB_SUCCESS; - req->handle = init_handle(lsqlite3, module, req); - if (req->handle == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } lsql_ac = talloc_get_type(req->handle->private_data, struct lsql_context); req->handle->state = LDB_ASYNC_DONE; req->handle->status = LDB_SUCCESS; @@ -1501,9 +1443,61 @@ static int lsql_request(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } -static int lsql_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int lsql_run_request(struct ldb_module *module, struct ldb_request *req) +{ + switch (req->operation) { + case LDB_SEARCH: + return lsql_search(module, req); + break; + case LDB_ADD: + return lsql_add(module, req); + break; + case LDB_MODIFY: + return lsql_modify(module, req); + break; + case LDB_DELETE: + return lsql_delete(module, req); + break; + case LDB_RENAME: + return lsql_rename(module, req); + break; +/* TODO: + case LDB_SEQUENCE_NUMBER: + return lsql_sequence_number(module, req); + break; + */ + default: + return lsql_request(module, req); + break; + } + + return LDB_ERR_OPERATIONS_ERROR; +} + +static int lsql_handle_request(struct ldb_module *module, struct ldb_request *req) { - return handle->status; + struct lsql_context *ac; + + if (check_critical_controls(req->controls)) { + return LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; + } + + ac = talloc_zero(req, struct lsql_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->module = module; + ac->req = req; + + req->handle = ldb_handle_new(req, lsql_run_request, ac); + if (req->handle == NULL) { + talloc_free(ac); + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; } /* @@ -1511,16 +1505,16 @@ static int lsql_wait(struct ldb_handle *handle, enum ldb_wait_type type) */ static const struct ldb_module_ops lsqlite3_ops = { .name = "sqlite", - .search = lsql_search, - .add = lsql_add, - .modify = lsql_modify, - .del = lsql_delete, - .rename = lsql_rename, - .request = lsql_request, + .search = lsql_handle_request, + .add = lsql_handle_request, + .modify = lsql_handle_request, + .del = lsql_handle_request, + .rename = lsql_handle_request, + .request = lsql_handle_request, .start_transaction = lsql_start_trans, .end_transaction = lsql_end_trans, .del_transaction = lsql_del_trans, - .wait = lsql_wait, + /* TODO: .sequence_number = lsql_handle_request */ }; /* -- cgit From 4f40ee2b86007f7dc631e93e59f24f970bc25ea2 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:35:38 -0400 Subject: LDB ASYNC: core modules --- source4/lib/ldb/ldb_map/ldb_map.c | 355 ++------------ source4/lib/ldb/ldb_map/ldb_map.h | 4 +- source4/lib/ldb/ldb_map/ldb_map_inbound.c | 754 ++++++++++++++++------------- source4/lib/ldb/ldb_map/ldb_map_outbound.c | 443 ++++++++++------- source4/lib/ldb/ldb_map/ldb_map_private.h | 88 ++-- source4/lib/ldb/modules/asq.c | 419 +++++++--------- source4/lib/ldb/modules/operational.c | 102 ++-- source4/lib/ldb/modules/paged_results.c | 493 +++++++------------ source4/lib/ldb/modules/paged_searches.c | 359 ++++++-------- source4/lib/ldb/modules/rdn_name.c | 300 ++++++------ source4/lib/ldb/modules/sort.c | 369 +++++--------- 11 files changed, 1534 insertions(+), 2152 deletions(-) diff --git a/source4/lib/ldb/ldb_map/ldb_map.c b/source4/lib/ldb/ldb_map/ldb_map.c index e9129c812b..fafbb63b0a 100644 --- a/source4/lib/ldb/ldb_map/ldb_map.c +++ b/source4/lib/ldb/ldb_map/ldb_map.c @@ -3,6 +3,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -106,69 +107,23 @@ const struct ldb_map_context *map_get_context(struct ldb_module *module) } /* Create a generic request context. */ -static struct map_context *map_init_context(struct ldb_handle *h, struct ldb_request *req) +struct map_context *map_init_context(struct ldb_module *module, + struct ldb_request *req) { struct map_context *ac; - ac = talloc_zero(h, struct map_context); + ac = talloc_zero(req, struct map_context); if (ac == NULL) { - map_oom(h->module); + ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } - ac->module = h->module; - ac->orig_req = req; + ac->module = module; + ac->req = req; return ac; } -/* Create a search request context. */ -struct map_search_context *map_init_search_context(struct map_context *ac, struct ldb_reply *ares) -{ - struct map_search_context *sc; - - sc = talloc_zero(ac, struct map_search_context); - if (sc == NULL) { - map_oom(ac->module); - return NULL; - } - - sc->ac = ac; - sc->local_res = NULL; - sc->remote_res = ares; - - return sc; -} - -/* Create a request context and handle. */ -struct ldb_handle *map_init_handle(struct ldb_request *req, struct ldb_module *module) -{ - struct map_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - map_oom(module); - return NULL; - } - - h->module = module; - - ac = map_init_context(h, req); - if (ac == NULL) { - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - return h; -} - - /* Dealing with DNs for different partitions * ========================================= */ @@ -888,113 +843,52 @@ static int map_objectclass_convert_operator(struct ldb_module *module, void *mem /* Auxiliary request construction * ============================== */ -/* Store the DN of a single search result in context. */ -static int map_search_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_context *ac; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "NULL Context or Result in callback")); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(context, struct map_context); - - /* We are interested only in the single reply */ - if (ares->type != LDB_REPLY_ENTRY) { - talloc_free(ares); - return LDB_SUCCESS; - } - - /* We have already found a remote DN */ - if (ac->local_dn) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "Too many results to base search")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Store local DN */ - ac->local_dn = ares->message->dn; - - return LDB_SUCCESS; -} - /* Build a request to search a record by its DN. */ -struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_search_callback callback) +struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_map_callback_t callback) { + const struct ldb_parse_tree *search_tree; struct ldb_request *req; - - req = talloc_zero(ac, struct ldb_request); - if (req == NULL) { - map_oom(ac->module); - return NULL; - } - - req->operation = LDB_SEARCH; - req->op.search.base = dn; - req->op.search.scope = LDB_SCOPE_BASE; - req->op.search.attrs = attrs; + int ret; if (tree) { - req->op.search.tree = tree; + search_tree = tree; } else { - req->op.search.tree = ldb_parse_tree(req, NULL); - if (req->op.search.tree == NULL) { - talloc_free(req); + search_tree = ldb_parse_tree(ac, NULL); + if (search_tree == NULL) { return NULL; } } - req->controls = NULL; - req->context = context; - req->callback = callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); - - return req; -} - -/* Build a request to search the local record by its DN. */ -struct ldb_request *map_search_self_req(struct map_context *ac, struct ldb_dn *dn) -{ - /* attrs[] is returned from this function in - * ac->search_req->op.search.attrs, so it must be static, as - * otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { IS_MAPPED, NULL }; - struct ldb_parse_tree *tree; - - /* Limit search to records with 'IS_MAPPED' present */ - /* TODO: `tree = ldb_parse_tree(ac, IS_MAPPED);' won't do. */ - tree = talloc_zero(ac, struct ldb_parse_tree); - if (tree == NULL) { - map_oom(ac->module); + ret = ldb_build_search_req_ex(&req, ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + search_tree, attrs, + NULL, + context, callback, + ac->req); + if (ret != LDB_SUCCESS) { return NULL; } - tree->operation = LDB_OP_PRESENT; - tree->u.present.attr = talloc_strdup(tree, IS_MAPPED); - - return map_search_base_req(ac, dn, attrs, tree, ac, map_search_self_callback); + return req; } /* Build a request to update the 'IS_MAPPED' attribute */ -struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *olddn, struct ldb_dn *newdn) +struct ldb_request *map_build_fixup_req(struct map_context *ac, + struct ldb_dn *olddn, + struct ldb_dn *newdn, + void *context, + ldb_map_callback_t callback) { struct ldb_request *req; struct ldb_message *msg; const char *dn; - - /* Prepare request */ - req = talloc_zero(ac, struct ldb_request); - if (req == NULL) { - map_oom(ac->module); - return NULL; - } + int ret; /* Prepare message */ - msg = ldb_msg_new(req); + msg = ldb_msg_new(ac); if (msg == NULL) { map_oom(ac->module); - goto failed; + return NULL; } /* Update local 'IS_MAPPED' to the new remote DN */ @@ -1010,193 +904,22 @@ struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *o goto failed; } - req->operation = LDB_MODIFY; - req->op.mod.message = msg; - req->controls = NULL; - req->handle = NULL; - req->context = NULL; - req->callback = NULL; + /* Prepare request */ + ret = ldb_build_mod_req(&req, ac->module->ldb, + ac, msg, NULL, + context, callback, + ac->req); + if (ret != LDB_SUCCESS) { + goto failed; + } + talloc_steal(req, msg); return req; - failed: - talloc_free(req); + talloc_free(msg); return NULL; } - -/* Asynchronous call structure - * =========================== */ - -/* Figure out which request is currently pending. */ -static struct ldb_request *map_get_req(struct map_context *ac) -{ - switch (ac->step) { - case MAP_SEARCH_SELF_MODIFY: - case MAP_SEARCH_SELF_DELETE: - case MAP_SEARCH_SELF_RENAME: - return ac->search_req; - - case MAP_ADD_REMOTE: - case MAP_MODIFY_REMOTE: - case MAP_DELETE_REMOTE: - case MAP_RENAME_REMOTE: - return ac->remote_req; - - case MAP_RENAME_FIXUP: - return ac->down_req; - - case MAP_ADD_LOCAL: - case MAP_MODIFY_LOCAL: - case MAP_DELETE_LOCAL: - case MAP_RENAME_LOCAL: - return ac->local_req; - - case MAP_SEARCH_REMOTE: - /* Can't happen */ - break; - } - - return NULL; /* unreachable; silences a warning */ -} - -typedef int (*map_next_function)(struct ldb_handle *handle); - -/* Figure out the next request to run. */ -static map_next_function map_get_next(struct map_context *ac) -{ - switch (ac->step) { - case MAP_SEARCH_REMOTE: - return NULL; - - case MAP_ADD_LOCAL: - return map_add_do_remote; - case MAP_ADD_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_MODIFY: - return map_modify_do_local; - case MAP_MODIFY_LOCAL: - return map_modify_do_remote; - case MAP_MODIFY_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_DELETE: - return map_delete_do_local; - case MAP_DELETE_LOCAL: - return map_delete_do_remote; - case MAP_DELETE_REMOTE: - return NULL; - - case MAP_SEARCH_SELF_RENAME: - return map_rename_do_local; - case MAP_RENAME_LOCAL: - return map_rename_do_fixup; - case MAP_RENAME_FIXUP: - return map_rename_do_remote; - case MAP_RENAME_REMOTE: - return NULL; - } - - return NULL; /* unreachable; silences a warning */ -} - -/* Wait for the current pending request to finish and continue with the next. */ -static int map_wait_next(struct ldb_handle *handle) -{ - struct map_context *ac; - struct ldb_request *req; - map_next_function next; - int ret; - - if (handle == NULL || handle->private_data == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct map_context); - - if (ac->step == MAP_SEARCH_REMOTE) { - int i; - for (i = 0; i < ac->num_searches; i++) { - req = ac->search_reqs[i]; - ret = ldb_wait(req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (req->handle->status != LDB_SUCCESS) { - handle->status = req->handle->status; - goto done; - } - if (req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - } else { - - req = map_get_req(ac); - - ret = ldb_wait(req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (req->handle->status != LDB_SUCCESS) { - handle->status = req->handle->status; - goto done; - } - if (req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - next = map_get_next(ac); - if (next) { - return next(handle); - } - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -/* Wait for all current pending requests to finish. */ -static int map_wait_all(struct ldb_handle *handle) -{ - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = map_wait_next(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -/* Wait for pending requests to finish. */ -int map_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return map_wait_all(handle); - } else { - return map_wait_next(handle); - } -} - - /* Module initialization * ===================== */ diff --git a/source4/lib/ldb/ldb_map/ldb_map.h b/source4/lib/ldb/ldb_map/ldb_map.h index e40bb9cd7e..7f92c15b98 100644 --- a/source4/lib/ldb/ldb_map/ldb_map.h +++ b/source4/lib/ldb/ldb_map/ldb_map.h @@ -160,14 +160,12 @@ int map_search(struct ldb_module *module, struct ldb_request *req); int map_rename(struct ldb_module *module, struct ldb_request *req); int map_delete(struct ldb_module *module, struct ldb_request *req); int map_modify(struct ldb_module *module, struct ldb_request *req); -int map_wait(struct ldb_handle *handle, enum ldb_wait_type type); #define LDB_MAP_OPS \ .add = map_add, \ .modify = map_modify, \ .del = map_delete, \ .rename = map_rename, \ - .search = map_search, \ - .wait = map_wait, + .search = map_search, #endif /* __LDB_MAP_H__ */ diff --git a/source4/lib/ldb/ldb_map/ldb_map_inbound.c b/source4/lib/ldb/ldb_map/ldb_map_inbound.c index 7fc3ac4ed5..96605f23eb 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_inbound.c +++ b/source4/lib/ldb/ldb_map/ldb_map_inbound.c @@ -3,6 +3,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -178,51 +179,181 @@ static int ldb_msg_partition(struct ldb_module *module, struct ldb_message *loca } -/* Inbound requests: add, modify, rename, delete - * ============================================= */ +static int map_add_do_local(struct map_context *ac); +static int map_modify_do_local(struct map_context *ac); +static int map_delete_do_local(struct map_context *ac); +static int map_rename_do_local(struct map_context *ac); +static int map_rename_do_fixup(struct map_context *ac); +static int map_rename_local_callback(struct ldb_request *req, + struct ldb_reply *ares); -/* Add the remote record. */ -int map_add_do_remote(struct ldb_handle *handle) + +/***************************************************************************** + * COMMON INBOUND functions +*****************************************************************************/ + +/* Store the DN of a single search result in context. */ +static int map_search_self_callback(struct ldb_request *req, struct ldb_reply *ares) { struct map_context *ac; + int ret; - ac = talloc_get_type(handle->private_data, struct map_context); + ac = talloc_get_type(req->context, struct map_context); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = MAP_ADD_REMOTE; + /* We are interested only in the single reply */ + switch(ares->type) { + case LDB_REPLY_ENTRY: + /* We have already found a remote DN */ + if (ac->local_dn) { + ldb_set_errstring(ac->module->ldb, + "Too many results!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Store local DN */ + ac->local_dn = talloc_steal(ac, ares->message->dn); + break; - return ldb_next_remote_request(ac->module, ac->remote_req); + case LDB_REPLY_DONE: + + switch (ac->req->operation) { + case LDB_MODIFY: + ret = map_modify_do_local(ac); + break; + case LDB_DELETE: + ret = map_delete_do_local(ac); + break; + case LDB_RENAME: + ret = map_rename_do_local(ac); + break; + default: + /* if we get here we have definitely a problem */ + ret = LDB_ERR_OPERATIONS_ERROR; + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + default: + /* ignore referrals */ + break; + } + + talloc_free(ares); + return LDB_SUCCESS; } -/* Add the local record. */ -int map_add_do_local(struct ldb_handle *handle) +/* Build a request to search the local record by its DN. */ +static int map_search_self_req(struct ldb_request **req, + struct map_context *ac, + struct ldb_dn *dn) +{ + /* attrs[] is returned from this function in + * ac->search_req->op.search.attrs, so it must be static, as + * otherwise the compiler can put it on the stack */ + static const char * const attrs[] = { IS_MAPPED, NULL }; + struct ldb_parse_tree *tree; + + /* Limit search to records with 'IS_MAPPED' present */ + tree = ldb_parse_tree(ac, "(" IS_MAPPED "=*)"); + if (tree == NULL) { + map_oom(ac->module); + return LDB_ERR_OPERATIONS_ERROR; + } + + *req = map_search_base_req(ac, dn, attrs, tree, + ac, map_search_self_callback); + if (*req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return LDB_SUCCESS; +} + +static int map_op_local_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct map_context *ac; + int ret; - ac = talloc_get_type(handle->private_data, struct map_context); + ac = talloc_get_type(req->context, struct map_context); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = MAP_ADD_LOCAL; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Do the remote request. */ + ret = ldb_next_remote_request(ac->module, ac->remote_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return ldb_next_request(ac->module, ac->local_req); + return LDB_SUCCESS; } +static int map_op_remote_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + + +/***************************************************************************** + * ADD operations +*****************************************************************************/ + + /* Add a record. */ int map_add(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.add.message; - struct ldb_handle *h; struct map_context *ac; - struct ldb_message *local, *remote; + struct ldb_message *remote_msg; const char *dn; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(msg->dn)) { @@ -240,141 +371,88 @@ int map_add(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - *(ac->local_req) = *req; /* copy the request */ - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; - } - - *(ac->remote_req) = *req; /* copy the request */ - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; /* Prepare the local message */ - local = ldb_msg_new(ac->local_req); - if (local == NULL) { - goto oom; + ac->local_msg = ldb_msg_new(ac); + if (ac->local_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - local->dn = msg->dn; + ac->local_msg->dn = msg->dn; /* Prepare the remote message */ - remote = ldb_msg_new(ac->remote_req); - if (remote == NULL) { - goto oom; + remote_msg = ldb_msg_new(ac); + if (remote_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - remote->dn = ldb_dn_map_local(ac->module, remote, msg->dn); + remote_msg->dn = ldb_dn_map_local(ac->module, remote_msg, msg->dn); /* Split local from remote message */ - ldb_msg_partition(module, local, remote, msg); - ac->local_req->op.add.message = local; - ac->remote_req->op.add.message = remote; + ldb_msg_partition(module, ac->local_msg, remote_msg, msg); + + /* Prepare the remote operation */ + ret = ldb_build_add_req(&ac->remote_req, module->ldb, + ac, remote_msg, + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - if ((local->num_elements == 0) || (!map_check_local_db(ac->module))) { + if ((ac->local_msg->num_elements == 0) || + ( ! map_check_local_db(ac->module))) { /* No local data or db, just run the remote request */ - talloc_free(ac->local_req); - req->handle = h; /* return our own handle to deal with this call */ - return map_add_do_remote(h); + return ldb_next_remote_request(ac->module, ac->remote_req); } /* Store remote DN in 'IS_MAPPED' */ /* TODO: use GUIDs here instead */ - dn = ldb_dn_alloc_linearized(local, remote->dn); - if (ldb_msg_add_string(local, IS_MAPPED, dn) != 0) { - goto failed; + dn = ldb_dn_alloc_linearized(ac->local_msg, remote_msg->dn); + if (ldb_msg_add_string(ac->local_msg, IS_MAPPED, dn) != 0) { + return LDB_ERR_OPERATIONS_ERROR; } - req->handle = h; /* return our own handle to deal with this call */ - return map_add_do_local(h); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; -} - -/* Modify the remote record. */ -int map_modify_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_MODIFY_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); + return map_add_do_local(ac); } -/* Modify the local record. */ -int map_modify_do_local(struct ldb_handle *handle) +/* Add the local record. */ +static int map_add_do_local(struct map_context *ac) { - struct map_context *ac; - struct ldb_message *msg; - char *dn; - - ac = talloc_get_type(handle->private_data, struct map_context); - - if (ac->local_dn == NULL) { - /* No local record present, add it instead */ - msg = discard_const_p(struct ldb_message, ac->local_req->op.mod.message); - - /* Add local 'IS_MAPPED' */ - /* TODO: use GUIDs here instead */ - if (ldb_msg_add_empty(msg, IS_MAPPED, LDB_FLAG_MOD_ADD, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } - dn = ldb_dn_alloc_linearized(msg, ac->remote_req->op.mod.message->dn); - if (ldb_msg_add_string(msg, IS_MAPPED, dn) != 0) { - return LDB_ERR_OPERATIONS_ERROR; - } + struct ldb_request *local_req; + int ret; - /* Turn request into 'add' */ - ac->local_req->operation = LDB_ADD; - ac->local_req->op.add.message = msg; - /* TODO: Could I just leave msg in there? I think so, - * but it looks clearer this way. */ + /* Prepare the local operation */ + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_MODIFY_LOCAL; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->local_req); + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * MODIFY operations +*****************************************************************************/ + /* Modify a record. */ int map_modify(struct ldb_module *module, struct ldb_request *req) { const struct ldb_message *msg = req->op.mod.message; - struct ldb_handle *h; + struct ldb_request *search_req; + struct ldb_message *remote_msg; struct map_context *ac; - struct ldb_message *local, *remote; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(msg->dn)) { @@ -395,257 +473,200 @@ int map_modify(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - - *(ac->local_req) = *req; /* copy the request */ - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; - } - - *(ac->remote_req) = *req; /* copy the request */ - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; /* Prepare the local message */ - local = ldb_msg_new(ac->local_req); - if (local == NULL) { - goto oom; + ac->local_msg = ldb_msg_new(ac); + if (ac->local_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - local->dn = msg->dn; + ac->local_msg->dn = msg->dn; /* Prepare the remote message */ - remote = ldb_msg_new(ac->remote_req); - if (remote == NULL) { - goto oom; + remote_msg = ldb_msg_new(ac->remote_req); + if (remote_msg == NULL) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - remote->dn = ldb_dn_map_local(ac->module, remote, msg->dn); + remote_msg->dn = ldb_dn_map_local(ac->module, remote_msg, msg->dn); /* Split local from remote message */ - ldb_msg_partition(module, local, remote, msg); - ac->local_req->op.mod.message = local; - ac->remote_req->op.mod.message = remote; + ldb_msg_partition(module, ac->local_msg, remote_msg, msg); + + /* Prepare the remote operation */ + ret = ldb_build_mod_req(&ac->remote_req, module->ldb, + ac, remote_msg, + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - if ((local->num_elements == 0) || (!map_check_local_db(ac->module))) { + if ((ac->local_msg->num_elements == 0) || + ( ! map_check_local_db(ac->module))) { /* No local data or db, just run the remote request */ - talloc_free(ac->local_req); - req->handle = h; /* return our own handle to deal with this call */ - return map_modify_do_remote(h); + return ldb_next_remote_request(ac->module, ac->remote_req); } /* prepare the search operation */ - ac->search_req = map_search_self_req(ac, msg->dn); - if (ac->search_req == NULL) { - goto failed; + ret = map_search_self_req(&search_req, ac, msg->dn); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->step = MAP_SEARCH_SELF_MODIFY; - - req->handle = h; /* return our own handle to deal with this call */ - return ldb_next_request(module, ac->search_req); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; -} - -/* Delete the remote record. */ -int map_delete_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_DELETE_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); + return ldb_next_request(module, search_req); } -/* Delete the local record. */ -int map_delete_do_local(struct ldb_handle *handle) +/* Modify the local record. */ +static int map_modify_do_local(struct map_context *ac) { - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); + struct ldb_request *local_req; + char *dn; + int ret; - /* No local record, continue remotely */ if (ac->local_dn == NULL) { - return map_delete_do_remote(handle); - } - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_DELETE_LOCAL; + /* No local record present, add it instead */ + /* Add local 'IS_MAPPED' */ + /* TODO: use GUIDs here instead */ + if (ldb_msg_add_empty(ac->local_msg, IS_MAPPED, + LDB_FLAG_MOD_ADD, NULL) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } + dn = ldb_dn_alloc_linearized(ac->local_msg, + ac->remote_req->op.mod.message->dn); + if (ldb_msg_add_string(ac->local_msg, IS_MAPPED, dn) != 0) { + return LDB_ERR_OPERATIONS_ERROR; + } - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; + /* Prepare the local operation */ + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } else { + /* Prepare the local operation */ + ret = ldb_build_mod_req(&local_req, ac->module->ldb, ac, + ac->local_msg, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + } - return ldb_next_request(ac->module, ac->local_req); + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * DELETE operations +*****************************************************************************/ + /* Delete a record. */ int map_delete(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *search_req; struct map_context *ac; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(req->op.del.dn)) { return ldb_next_request(module, req); } - /* No mapping requested (perhaps no DN mapping specified), skip to next module */ + /* No mapping requested (perhaps no DN mapping specified). + * Skip to next module */ if (!ldb_dn_check_local(module, req->op.del.dn)) { return ldb_next_request(module, req); } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; - } - - *(ac->local_req) = *req; /* copy the request */ - ac->local_req->op.del.dn = req->op.del.dn; - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; + ret = ldb_build_del_req(&ac->remote_req, module->ldb, ac, + ldb_dn_map_local(module, ac, req->op.del.dn), + req->controls, + ac, + map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - *(ac->remote_req) = *req; /* copy the request */ - ac->remote_req->op.del.dn = ldb_dn_map_local(module, ac->remote_req, req->op.del.dn); - /* No local db, just run the remote request */ if (!map_check_local_db(ac->module)) { - req->handle = h; /* return our own handle to deal with this call */ - return map_delete_do_remote(h); + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - /* Prepare the search operation */ - ac->search_req = map_search_self_req(ac, req->op.del.dn); - if (ac->search_req == NULL) { - goto failed; + ret = map_search_self_req(&search_req, ac, req->op.del.dn); + if (ret != LDB_SUCCESS) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; } - req->handle = h; /* return our own handle to deal with this call */ - - ac->step = MAP_SEARCH_SELF_DELETE; - - return ldb_next_request(module, ac->search_req); - -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_next_request(module, search_req); } -/* Rename the remote record. */ -int map_rename_do_remote(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->remote_req); - - ac->step = MAP_RENAME_REMOTE; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_remote_request(ac->module, ac->remote_req); -} - -/* Update the local 'IS_MAPPED' attribute. */ -int map_rename_do_fixup(struct ldb_handle *handle) -{ - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->down_req); - - ac->step = MAP_RENAME_FIXUP; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->down_req); -} - -/* Rename the local record. */ -int map_rename_do_local(struct ldb_handle *handle) +/* Delete the local record. */ +static int map_delete_do_local(struct map_context *ac) { - struct map_context *ac; - - ac = talloc_get_type(handle->private_data, struct map_context); + struct ldb_request *local_req; + int ret; /* No local record, continue remotely */ if (ac->local_dn == NULL) { - return map_rename_do_remote(handle); + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); - - ac->step = MAP_RENAME_LOCAL; - - handle->state = LDB_ASYNC_INIT; - handle->status = LDB_SUCCESS; - - return ldb_next_request(ac->module, ac->local_req); + /* Prepare the local operation */ + ret = ldb_build_del_req(&local_req, ac->module->ldb, ac, + ac->req->op.del.dn, + ac->req->controls, + ac, + map_op_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + return ldb_next_request(ac->module, local_req); } +/***************************************************************************** + * RENAME operations +*****************************************************************************/ + /* Rename a record. */ int map_rename(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *search_req; struct map_context *ac; + int ret; /* Do not manipulate our control entries */ if (ldb_dn_is_special(req->op.rename.olddn)) { return ldb_next_request(module, req); } - /* No mapping requested (perhaps no DN mapping specified), skip to next module */ + /* No mapping requested (perhaps no DN mapping specified). + * Skip to next module */ if ((!ldb_dn_check_local(module, req->op.rename.olddn)) && (!ldb_dn_check_local(module, req->op.rename.newdn))) { return ldb_next_request(module, req); @@ -658,66 +679,113 @@ int map_rename(struct ldb_module *module, struct ldb_request *req) } /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct map_context); - /* Prepare the local operation */ - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - goto oom; + /* Prepare the remote operation */ + ret = ldb_build_rename_req(&ac->remote_req, module->ldb, ac, + ldb_dn_map_local(module, ac, req->op.rename.olddn), + ldb_dn_map_local(module, ac, req->op.rename.newdn), + req->controls, + ac, map_op_remote_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - *(ac->local_req) = *req; /* copy the request */ - ac->local_req->op.rename.olddn = req->op.rename.olddn; - ac->local_req->op.rename.newdn = req->op.rename.newdn; + /* No local db, just run the remote request */ + if (!map_check_local_db(ac->module)) { + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); + } - ac->local_req->context = NULL; - ac->local_req->callback = NULL; + /* Prepare the search operation */ + ret = map_search_self_req(&search_req, ac, req->op.rename.olddn); + if (ret != LDB_SUCCESS) { + map_oom(module); + return LDB_ERR_OPERATIONS_ERROR; + } - /* Prepare the remote operation */ - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - goto oom; + return ldb_next_request(module, search_req); +} + +/* Rename the local record. */ +static int map_rename_do_local(struct map_context *ac) +{ + struct ldb_request *local_req; + int ret; + + /* No local record, continue remotely */ + if (ac->local_dn == NULL) { + /* Do the remote request. */ + return ldb_next_remote_request(ac->module, ac->remote_req); } - *(ac->remote_req) = *req; /* copy the request */ - ac->remote_req->op.rename.olddn = ldb_dn_map_local(module, ac->remote_req, req->op.rename.olddn); - ac->remote_req->op.rename.newdn = ldb_dn_map_local(module, ac->remote_req, req->op.rename.newdn); + /* Prepare the local operation */ + ret = ldb_build_rename_req(&local_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, + map_rename_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; + return ldb_next_request(ac->module, local_req); +} - /* No local db, just run the remote request */ - if (!map_check_local_db(ac->module)) { - req->handle = h; /* return our own handle to deal with this call */ - return map_rename_do_remote(h); +static int map_rename_local_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* Prepare the fixup operation */ - /* TODO: use GUIDs here instead -- or skip it when GUIDs are used. */ - ac->down_req = map_build_fixup_req(ac, req->op.rename.newdn, ac->remote_req->op.rename.newdn); - if (ac->down_req == NULL) { - goto failed; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - /* Prepare the search operation */ - ac->search_req = map_search_self_req(ac, req->op.rename.olddn); - if (ac->search_req == NULL) { - goto failed; + /* proceed with next step */ + ret = map_rename_do_fixup(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - req->handle = h; /* return our own handle to deal with this call */ + return LDB_SUCCESS; +} - ac->step = MAP_SEARCH_SELF_RENAME; +/* Update the local 'IS_MAPPED' attribute. */ +static int map_rename_do_fixup(struct map_context *ac) +{ + struct ldb_request *local_req; - return ldb_next_request(module, ac->search_req); + /* Prepare the fixup operation */ + /* TODO: use GUIDs here instead -- or skip it when GUIDs are used. */ + local_req = map_build_fixup_req(ac, + ac->req->op.rename.newdn, + ac->remote_req->op.rename.newdn, + ac, + map_op_local_callback); + if (local_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_next_request(ac->module, local_req); } diff --git a/source4/lib/ldb/ldb_map/ldb_map_outbound.c b/source4/lib/ldb/ldb_map/ldb_map_outbound.c index fbc097f313..5f524a8be3 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_outbound.c +++ b/source4/lib/ldb/ldb_map/ldb_map_outbound.c @@ -4,6 +4,7 @@ Copyright (C) Jelmer Vernooij 2005 Copyright (C) Martin Kuehl 2006 Copyright (C) Andrew Bartlett 2006 + Copyright (C) Simo Sorce 2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -905,7 +906,11 @@ static int map_subtree_collect_remote(struct ldb_module *module, void *mem_ctx, /* Split subtrees that query attributes in the local partition from * those that query the remote partition. */ -static int ldb_parse_tree_partition(struct ldb_module *module, void *local_ctx, void *remote_ctx, struct ldb_parse_tree **local_tree, struct ldb_parse_tree **remote_tree, const struct ldb_parse_tree *tree) +static int ldb_parse_tree_partition(struct ldb_module *module, + void *mem_ctx, + struct ldb_parse_tree **local_tree, + struct ldb_parse_tree **remote_tree, + const struct ldb_parse_tree *tree) { int ret; @@ -918,13 +923,13 @@ static int ldb_parse_tree_partition(struct ldb_module *module, void *local_ctx, } /* Generate local tree */ - ret = map_subtree_select_local(module, local_ctx, local_tree, tree); + ret = map_subtree_select_local(module, mem_ctx, local_tree, tree); if (ret) { return ret; } /* Generate remote tree */ - ret = map_subtree_collect_remote(module, remote_ctx, remote_tree, tree); + ret = map_subtree_collect_remote(module, mem_ctx, remote_tree, tree); if (ret) { talloc_free(*local_tree); return ret; @@ -1008,24 +1013,46 @@ oom: /* Outbound requests: search * ========================= */ -/* Pass a merged search result up the callback chain. */ -int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, struct ldb_reply *ares) +static int map_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int map_local_merge_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int map_search_local(struct map_context *ac); + +static int map_save_entry(struct map_context *ac, struct ldb_reply *ares) { - int i; + struct map_reply *mr; - /* No callback registered, stop */ - if (req->callback == NULL) { - return LDB_SUCCESS; + mr = talloc_zero(ac, struct map_reply); + if (mr == NULL) { + map_oom(ac->module); + return LDB_ERR_OPERATIONS_ERROR; } - - /* Only records need special treatment */ - if (ares->type != LDB_REPLY_ENTRY) { - return req->callback(ldb, req->context, ares); + mr->remote = talloc_steal(mr, ares); + if (ac->r_current) { + ac->r_current->next = mr; + } else { + /* first entry */ + ac->r_list = mr; } + ac->r_current = mr; + + return LDB_SUCCESS; +} + +/* Pass a merged search result up the callback chain. */ +int map_return_entry(struct map_context *ac, struct ldb_reply *ares) +{ + struct ldb_message_element *el; + const char * const *attrs; + int i; /* Merged result doesn't match original query, skip */ - if (!ldb_match_msg(ldb, ares->message, req->op.search.tree, req->op.search.base, req->op.search.scope)) { - ldb_debug(ldb, LDB_DEBUG_TRACE, "ldb_map: " + if (!ldb_match_msg(ac->module->ldb, ares->message, + ac->req->op.search.tree, + ac->req->op.search.base, + ac->req->op.search.scope)) { + ldb_debug(ac->module->ldb, LDB_DEBUG_TRACE, "ldb_map: " "Skipping record '%s': " "doesn't match original search\n", ldb_dn_get_linearized(ares->message->dn)); @@ -1033,10 +1060,16 @@ int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, stru } /* Limit result to requested attrs */ - if ((req->op.search.attrs) && (!ldb_attr_in_list(req->op.search.attrs, "*"))) { - for (i = 0; i < ares->message->num_elements; ) { - struct ldb_message_element *el = &ares->message->elements[i]; - if (!ldb_attr_in_list(req->op.search.attrs, el->name)) { + if (ac->req->op.search.attrs && + (! ldb_attr_in_list(ac->req->op.search.attrs, "*"))) { + + attrs = ac->req->op.search.attrs; + i = 0; + + while (i < ares->message->num_elements) { + + el = &ares->message->elements[i]; + if ( ! ldb_attr_in_list(attrs, el->name)) { ldb_msg_remove_element(ares->message, el); } else { i++; @@ -1044,129 +1077,16 @@ int map_up_callback(struct ldb_context *ldb, const struct ldb_request *req, stru } } - return req->callback(ldb, req->context, ares); -} - -/* Merge the remote and local parts of a search result. */ -int map_local_merge_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_search_context *sc; - int ret; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "NULL Context or Result in `map_local_merge_callback`")); - return LDB_ERR_OPERATIONS_ERROR; - } - - sc = talloc_get_type(context, struct map_search_context); - - switch (ares->type) { - case LDB_REPLY_ENTRY: - /* We have already found a local record */ - if (sc->local_res) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "Too many results to base search for local entry")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Store local result */ - sc->local_res = ares; - - /* Merge remote into local message */ - ret = ldb_msg_merge_local(sc->ac->module, ares->message, sc->remote_res->message); - if (ret) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - return map_up_callback(ldb, sc->ac->orig_req, ares); - - case LDB_REPLY_DONE: - /* No local record found, continue with remote record */ - if (sc->local_res == NULL) { - return map_up_callback(ldb, sc->ac->orig_req, sc->remote_res); - } - return LDB_SUCCESS; - - default: - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "Unexpected result type in base search for local entry")); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } -} - -/* Search the local part of a remote search result. */ -int map_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct map_context *ac; - struct map_search_context *sc; - struct ldb_request *req; - int ret; - - if (context == NULL || ares == NULL) { - ldb_set_errstring(ldb, talloc_asprintf(ldb, "ldb_map: " - "NULL Context or Result in `map_remote_search_callback`")); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(context, struct map_context); - - /* It's not a record, stop searching */ - if (ares->type != LDB_REPLY_ENTRY) { - return map_up_callback(ldb, ac->orig_req, ares); - } - - /* Map result record into a local message */ - ret = map_reply_remote(ac, ares); - if (ret) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* There is no local db, stop searching */ - if (!map_check_local_db(ac->module)) { - return map_up_callback(ldb, ac->orig_req, ares); - } - - /* Prepare local search context */ - sc = map_init_search_context(ac, ares); - if (sc == NULL) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* Prepare local search request */ - /* TODO: use GUIDs here instead? */ - - ac->search_reqs = talloc_realloc(ac, ac->search_reqs, struct ldb_request *, ac->num_searches + 2); - if (ac->search_reqs == NULL) { - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->search_reqs[ac->num_searches] - = req = map_search_base_req(ac, ares->message->dn, - NULL, NULL, sc, map_local_merge_callback); - if (req == NULL) { - talloc_free(sc); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_searches++; - ac->search_reqs[ac->num_searches] = NULL; - - return ldb_next_request(ac->module, req); + return ldb_module_send_entry(ac->req, ares->message); } /* Search a record. */ int map_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_parse_tree *remote_tree; + struct ldb_parse_tree *local_tree; + struct ldb_request *remote_req; struct map_context *ac; - struct ldb_parse_tree *local_tree, *remote_tree; int ret; const char *wildcard[] = { "*", NULL }; @@ -1176,8 +1096,9 @@ int map_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); /* Do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.search.base)) + if (ldb_dn_is_special(req->op.search.base)) { return ldb_next_request(module, req); + } /* No mapping requested, skip to next module */ if ((req->op.search.base) && (!ldb_dn_check_local(module, req->op.search.base))) { @@ -1188,32 +1109,10 @@ int map_search(struct ldb_module *module, struct ldb_request *req) * targetting when there is no search base? */ /* Prepare context and handle */ - h = map_init_handle(req, module); - if (h == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(h->private_data, struct map_context); - - ac->search_reqs = talloc_array(ac, struct ldb_request *, 2); - if (ac->search_reqs == NULL) { - talloc_free(h); + ac = map_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->num_searches = 1; - ac->search_reqs[1] = NULL; - - /* Prepare the remote operation */ - ac->search_reqs[0] = talloc(ac, struct ldb_request); - if (ac->search_reqs[0] == NULL) { - goto oom; - } - - *(ac->search_reqs[0]) = *req; /* copy the request */ - - ac->search_reqs[0]->handle = h; /* return our own handle to deal with this call */ - - ac->search_reqs[0]->context = ac; - ac->search_reqs[0]->callback = map_remote_search_callback; /* It is easier to deal with the two different ways of * expressing the wildcard in the same codepath */ @@ -1226,17 +1125,15 @@ int map_search(struct ldb_module *module, struct ldb_request *req) ret = map_attrs_collect_and_partition(module, ac, attrs, req->op.search.tree); if (ret) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } - ac->search_reqs[0]->op.search.attrs = ac->remote_attrs; - /* Split local from remote tree */ - ret = ldb_parse_tree_partition(module, ac, ac->search_reqs[0], - &local_tree, &remote_tree, + ret = ldb_parse_tree_partition(module, ac, + &local_tree, &remote_tree, req->op.search.tree); if (ret) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } if (((local_tree != NULL) && (remote_tree != NULL)) && @@ -1251,7 +1148,7 @@ int map_search(struct ldb_module *module, struct ldb_request *req) local_tree = talloc_zero(ac, struct ldb_parse_tree); if (local_tree == NULL) { map_oom(ac->module); - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } local_tree->operation = LDB_OP_PRESENT; @@ -1259,31 +1156,209 @@ int map_search(struct ldb_module *module, struct ldb_request *req) } if (remote_tree == NULL) { /* Construct default remote parse tree */ - remote_tree = ldb_parse_tree(ac->search_reqs[0], NULL); + remote_tree = ldb_parse_tree(ac, NULL); if (remote_tree == NULL) { - goto failed; + return LDB_ERR_OPERATIONS_ERROR; } } ac->local_tree = local_tree; - ac->search_reqs[0]->op.search.tree = remote_tree; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->search_reqs[0]); + /* Prepare the remote operation */ + ret = ldb_build_search_req_ex(&remote_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + remote_tree, + ac->remote_attrs, + req->controls, + ac, map_remote_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + return ldb_next_remote_request(module, remote_req); +} + +/* Now, search the local part of a remote search result. */ +static int map_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; - ac->step = MAP_SEARCH_REMOTE; + ac = talloc_get_type(req->context, struct map_context); - ret = ldb_next_remote_request(module, ac->search_reqs[0]); - if (ret == LDB_SUCCESS) { - req->handle = h; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - return ret; -oom: - map_oom(module); -failed: - talloc_free(h); - return LDB_ERR_OPERATIONS_ERROR; + switch (ares->type) { + case LDB_REPLY_REFERRAL: + + /* ignore referrals */ + talloc_free(ares); + return LDB_SUCCESS; + + case LDB_REPLY_ENTRY: + + /* Map result record into a local message */ + ret = map_reply_remote(ac, ares); + if (ret) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* if we have no local db, then we can just return the reply to + * the upper layer, otherwise we must save it and process it + * when all replies ahve been gathered */ + if ( ! map_check_local_db(ac->module)) { + ret = map_return_entry(ac, ares); + } else { + ret = map_save_entry(ac,ares); + } + + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + break; + + case LDB_REPLY_DONE: + + if ( ! map_check_local_db(ac->module)) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + talloc_free(ares); + + /* reset the pointer to the start of the list */ + ac->r_current = ac->r_list; + + /* no entry just return */ + if (ac->r_current == NULL) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + ret = map_search_local(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + + return LDB_SUCCESS; +} + +static int map_search_local(struct map_context *ac) +{ + struct ldb_request *search_req; + + if (ac->r_current == NULL || ac->r_current->remote == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* Prepare local search request */ + /* TODO: use GUIDs here instead? */ + search_req = map_search_base_req(ac, + ac->r_current->remote->message->dn, + NULL, NULL, + ac, map_local_merge_callback); + if (search_req == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(ac->module, search_req); +} + +/* Merge the remote and local parts of a search result. */ +int map_local_merge_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct map_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct map_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* We have already found a local record */ + if (ac->r_current->local) { + talloc_free(ares); + ldb_set_errstring(ac->module->ldb, "ldb_map: Too many results!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* Store local result */ + ac->r_current->local = talloc_steal(ac->r_current, ares); + + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + talloc_free(ares); + + /* No local record found, map and send remote record */ + if (ac->r_current->local != NULL) { + /* Merge remote into local message */ + ret = ldb_msg_merge_local(ac->module, + ac->r_current->local->message, + ac->r_current->remote->message); + if (ret == LDB_SUCCESS) { + ret = map_return_entry(ac, ac->r_current->local); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } else { + ret = map_return_entry(ac, ac->r_current->remote); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } + + if (ac->r_current->next != NULL) { + ac->r_current = ac->r_current->next; + if (ac->r_current->remote->type == LDB_REPLY_ENTRY) { + ret = map_search_local(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + break; + } + } + + /* ok we are done with all search, finally it is time to + * finish operations for this module */ + return ldb_module_done(ac->req, + ac->r_current->remote->controls, + ac->r_current->remote->response, + ac->r_current->remote->error); + } + + return LDB_SUCCESS; } diff --git a/source4/lib/ldb/ldb_map/ldb_map_private.h b/source4/lib/ldb/ldb_map/ldb_map_private.h index 58a9f2704e..5522125344 100644 --- a/source4/lib/ldb/ldb_map/ldb_map_private.h +++ b/source4/lib/ldb/ldb_map/ldb_map_private.h @@ -3,7 +3,7 @@ #define map_oom(module) ldb_set_errstring(module->ldb, talloc_asprintf(module, "Out of Memory")); /* The type of search callback functions */ -typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct ldb_reply *); +typedef int (*ldb_map_callback_t)(struct ldb_request *, struct ldb_reply *); /* The special DN from which the local and remote base DNs are fetched */ #define MAP_DN_NAME "@MAP" @@ -13,25 +13,17 @@ typedef int (*ldb_search_callback)(struct ldb_context *, void *, struct ldb_repl /* Private data structures * ======================= */ +struct map_reply { + struct map_reply *next; + struct ldb_reply *remote; + struct ldb_reply *local; +}; + /* Context data for mapped requests */ struct map_context { - enum map_step { - MAP_SEARCH_REMOTE, - MAP_ADD_REMOTE, - MAP_ADD_LOCAL, - MAP_SEARCH_SELF_MODIFY, - MAP_MODIFY_REMOTE, - MAP_MODIFY_LOCAL, - MAP_SEARCH_SELF_DELETE, - MAP_DELETE_REMOTE, - MAP_DELETE_LOCAL, - MAP_SEARCH_SELF_RENAME, - MAP_RENAME_REMOTE, - MAP_RENAME_FIXUP, - MAP_RENAME_LOCAL - } step; struct ldb_module *module; + struct ldb_request *req; struct ldb_dn *local_dn; const struct ldb_parse_tree *local_tree; @@ -39,32 +31,20 @@ struct map_context { const char * const *remote_attrs; const char * const *all_attrs; - struct ldb_request *orig_req; - struct ldb_request *local_req; + struct ldb_message *local_msg; struct ldb_request *remote_req; - struct ldb_request *down_req; - struct ldb_request *search_req; - - /* for search, we may have a lot of contexts */ - int num_searches; - struct ldb_request **search_reqs; -}; -/* Context data for mapped search requests */ -struct map_search_context { - struct map_context *ac; - struct ldb_reply *local_res; - struct ldb_reply *remote_res; + struct map_reply *r_list; + struct map_reply *r_current; }; - /* Common operations * ================= */ /* The following definitions come from lib/ldb/modules/ldb_map.c */ const struct ldb_map_context *map_get_context(struct ldb_module *module); -struct map_search_context *map_init_search_context(struct map_context *ac, struct ldb_reply *ares); -struct ldb_handle *map_init_handle(struct ldb_request *req, struct ldb_module *module); +struct map_context *map_init_context(struct ldb_module *module, + struct ldb_request *req); int ldb_next_remote_request(struct ldb_module *module, struct ldb_request *request); @@ -86,25 +66,23 @@ struct ldb_dn *ldb_dn_map_local(struct ldb_module *module, void *mem_ctx, struct struct ldb_dn *ldb_dn_map_remote(struct ldb_module *module, void *mem_ctx, struct ldb_dn *dn); struct ldb_dn *ldb_dn_map_rebase_remote(struct ldb_module *module, void *mem_ctx, struct ldb_dn *dn); -struct ldb_request *map_search_base_req(struct map_context *ac, struct ldb_dn *dn, const char * const *attrs, const struct ldb_parse_tree *tree, void *context, ldb_search_callback callback); -struct ldb_request *map_search_self_req(struct map_context *ac, struct ldb_dn *dn); -struct ldb_request *map_build_fixup_req(struct map_context *ac, struct ldb_dn *olddn, struct ldb_dn *newdn); - -int map_subtree_collect_remote_simple(struct ldb_module *module, void *mem_ctx, struct ldb_parse_tree **new, const struct ldb_parse_tree *tree, const struct ldb_map_attribute *map); - -/* LDB Requests - * ============ */ - -/* The following definitions come from lib/ldb/modules/ldb_map_inbound.c */ -int map_add_do_remote(struct ldb_handle *handle); -int map_add_do_local(struct ldb_handle *handle); - -int map_modify_do_remote(struct ldb_handle *handle); -int map_modify_do_local(struct ldb_handle *handle); - -int map_delete_do_remote(struct ldb_handle *handle); -int map_delete_do_local(struct ldb_handle *handle); - -int map_rename_do_remote(struct ldb_handle *handle); -int map_rename_do_fixup(struct ldb_handle *handle); -int map_rename_do_local(struct ldb_handle *handle); +struct ldb_request *map_search_base_req(struct map_context *ac, + struct ldb_dn *dn, + const char * const *attrs, + const struct ldb_parse_tree *tree, + void *context, + ldb_map_callback_t callback); +struct ldb_request *map_build_fixup_req(struct map_context *ac, + struct ldb_dn *olddn, + struct ldb_dn *newdn, + void *context, + ldb_map_callback_t callback); +int map_subtree_collect_remote_simple(struct ldb_module *module, void *mem_ctx, + struct ldb_parse_tree **new, + const struct ldb_parse_tree *tree, + const struct ldb_map_attribute *map); +int map_return_fatal_error(struct ldb_request *req, + struct ldb_reply *ares); +int map_return_normal_error(struct ldb_request *req, + struct ldb_reply *ares, + int error); diff --git a/source4/lib/ldb/modules/asq.c b/source4/lib/ldb/modules/asq.c index eb27263b16..17896a006a 100644 --- a/source4/lib/ldb/modules/asq.c +++ b/source4/lib/ldb/modules/asq.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -36,10 +36,10 @@ struct asq_context { - enum {ASQ_INIT, ASQ_SEARCH_BASE, ASQ_SEARCH_MULTI} step; + enum {ASQ_SEARCH_BASE, ASQ_SEARCH_MULTI} step; struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; struct ldb_asq_control *asq_ctrl; @@ -52,7 +52,6 @@ struct asq_context { ASQ_CTRL_AFFECTS_MULTIPLE_DSA = 71 } asq_ret; - struct ldb_request *base_req; struct ldb_reply *base_res; struct ldb_request **reqs; @@ -62,192 +61,200 @@ struct asq_context { struct ldb_control **controls; }; -static struct ldb_handle *init_handle(struct ldb_request *req, struct ldb_module *module) +static struct asq_context *asq_context_init(struct ldb_module *module, struct ldb_request *req) { struct asq_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - h->module = module; - - ac = talloc_zero(h, struct asq_context); + ac = talloc_zero(req, struct asq_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ldb_oom(module->ldb); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = ASQ_INIT; ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } -static int asq_terminate(struct ldb_handle *handle) +static int asq_search_continue(struct asq_context *ac); + +static int asq_search_terminate(struct asq_context *ac) { - struct asq_context *ac; - struct ldb_reply *ares; struct ldb_asq_control *asq; int i; - ac = talloc_get_type(handle->private_data, struct asq_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - handle->status = LDB_SUCCESS; - handle->state = LDB_ASYNC_DONE; - - ares = talloc_zero(ac, struct ldb_reply); - if (ares == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - ares->type = LDB_REPLY_DONE; - if (ac->controls) { - for (i = 0; ac->controls[i]; i++); - ares->controls = talloc_move(ares, &ac->controls); + for (i = 0; ac->controls[i]; i++) /* count em */ ; } else { i = 0; } - ares->controls = talloc_realloc(ares, ares->controls, struct ldb_control *, i + 2); - - if (ares->controls == NULL) + ac->controls = talloc_realloc(ac, ac->controls, struct ldb_control *, i + 2); + + if (ac->controls == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ares->controls[i] = talloc(ares->controls, struct ldb_control); - if (ares->controls[i] == NULL) + ac->controls[i] = talloc(ac->controls, struct ldb_control); + if (ac->controls[i] == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ares->controls[i]->oid = LDB_CONTROL_ASQ_OID; - ares->controls[i]->critical = 0; + ac->controls[i]->oid = LDB_CONTROL_ASQ_OID; + ac->controls[i]->critical = 0; - asq = talloc_zero(ares->controls[i], struct ldb_asq_control); + asq = talloc_zero(ac->controls[i], struct ldb_asq_control); if (asq == NULL) return LDB_ERR_OPERATIONS_ERROR; asq->result = ac->asq_ret; - - ares->controls[i]->data = asq; - ares->controls[i + 1] = NULL; + ac->controls[i]->data = asq; - ac->orig_req->callback(ac->module->ldb, ac->orig_req->context, ares); + ac->controls[i + 1] = NULL; - return LDB_SUCCESS; + return ldb_module_done(ac->req, ac->controls, NULL, LDB_SUCCESS); } -static int asq_base_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int asq_base_callback(struct ldb_request *req, struct ldb_reply *ares) { struct asq_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct asq_context); - ac = talloc_get_type(context, struct asq_context); - if (ac == NULL) { - goto error; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: ac->base_res = talloc_move(ac, &ares); - } else { + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ talloc_free(ares); - } + break; + case LDB_REPLY_DONE: + + talloc_free(ares); + + /* next step */ + ret = asq_search_continue(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; + + } return LDB_SUCCESS; -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } -static int asq_reqs_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int asq_reqs_callback(struct ldb_request *req, struct ldb_reply *ares) { struct asq_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct asq_context); - ac = talloc_get_type(context, struct asq_context); - if (ac == NULL) { - goto error; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - + switch (ares->type) { + case LDB_REPLY_ENTRY: /* pass the message up to the original callback as we * do not have to elaborate on it any further */ - return ac->orig_req->callback(ac->module->ldb, ac->orig_req->context, ares); - - } else { /* ignore any REFERRAL or DONE reply */ + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_free(ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + talloc_free(ares); + + ret = asq_search_continue(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } return LDB_SUCCESS; -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } -static int asq_build_first_request(struct asq_context *ac) +static int asq_build_first_request(struct asq_context *ac, struct ldb_request **base_req) { - char **base_attrs; + const char **base_attrs; + int ret; - ac->base_req = talloc_zero(ac, struct ldb_request); - if (ac->base_req == NULL) return LDB_ERR_OPERATIONS_ERROR; + ac->req_attrs = ac->req->op.search.attrs; + ac->req_attribute = talloc_strdup(ac, ac->asq_ctrl->source_attribute); + if (ac->req_attribute == NULL) + return LDB_ERR_OPERATIONS_ERROR; - ac->base_req->operation = ac->orig_req->operation; - ac->base_req->op.search.base = ac->orig_req->op.search.base; - ac->base_req->op.search.scope = LDB_SCOPE_BASE; - ac->base_req->op.search.tree = ac->orig_req->op.search.tree; - base_attrs = talloc_array(ac->base_req, char *, 2); + base_attrs = talloc_array(ac, const char *, 2); if (base_attrs == NULL) return LDB_ERR_OPERATIONS_ERROR; base_attrs[0] = talloc_strdup(base_attrs, ac->asq_ctrl->source_attribute); if (base_attrs[0] == NULL) return LDB_ERR_OPERATIONS_ERROR; base_attrs[1] = NULL; - ac->base_req->op.search.attrs = (const char * const *)base_attrs; - ac->base_req->context = ac; - ac->base_req->callback = asq_base_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->base_req); + ret = ldb_build_search_req_ex(base_req, ac->module->ldb, ac, + ac->req->op.search.base, + LDB_SCOPE_BASE, + ac->req->op.search.tree, + (const char * const *)base_attrs, + NULL, + ac, asq_base_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } return LDB_SUCCESS; } -static int asq_build_multiple_requests(struct asq_context *ac, struct ldb_handle *handle) +static int asq_build_multiple_requests(struct asq_context *ac, bool *terminated) { + struct ldb_control **saved_controls; + struct ldb_control *control; + struct ldb_dn *dn; struct ldb_message_element *el; - int i; + int ret, i; - /* look up the DNs */ if (ac->base_res == NULL) { return LDB_ERR_NO_SUCH_OBJECT; } + el = ldb_msg_find_element(ac->base_res->message, ac->req_attribute); /* no values found */ if (el == NULL) { ac->asq_ret = ASQ_CTRL_SUCCESS; - return asq_terminate(handle); + *terminated = true; + return asq_search_terminate(ac); } ac->num_reqs = el->num_values; @@ -259,144 +266,75 @@ static int asq_build_multiple_requests(struct asq_context *ac, struct ldb_handle for (i = 0; i < el->num_values; i++) { - ac->reqs[i] = talloc_zero(ac->reqs, struct ldb_request); - if (ac->reqs[i] == NULL) - return LDB_ERR_OPERATIONS_ERROR; - ac->reqs[i]->operation = LDB_SEARCH; - ac->reqs[i]->op.search.base = ldb_dn_new(ac->reqs[i], ac->module->ldb, (const char *)el->values[i].data); - if ( ! ldb_dn_validate(ac->reqs[i]->op.search.base)) { + dn = ldb_dn_new(ac, ac->module->ldb, + (const char *)el->values[i].data); + if ( ! ldb_dn_validate(dn)) { ac->asq_ret = ASQ_CTRL_INVALID_ATTRIBUTE_SYNTAX; - return asq_terminate(handle); + *terminated = true; + return asq_search_terminate(ac); + } + + ret = ldb_build_search_req_ex(&ac->reqs[i], + ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + ac->req->op.search.tree, + ac->req_attrs, + ac->req->controls, + ac, asq_reqs_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->reqs[i]->op.search.scope = LDB_SCOPE_BASE; - ac->reqs[i]->op.search.tree = ac->base_req->op.search.tree; - ac->reqs[i]->op.search.attrs = ac->req_attrs; - ac->reqs[i]->context = ac; - ac->reqs[i]->callback = asq_reqs_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->base_req, ac->reqs[i]); + /* remove the ASQ control itself */ + control = ldb_request_get_control(ac->req, LDB_CONTROL_ASQ_OID); + if (!save_controls(control, ac->reqs[i], &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } } return LDB_SUCCESS; } -static int asq_search_continue(struct ldb_handle *handle) +static int asq_search_continue(struct asq_context *ac) { - struct asq_context *ac; + bool terminated = false; int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - ac = talloc_get_type(handle->private_data, struct asq_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } switch (ac->step) { - case ASQ_INIT: - /* check the search is well formed */ - if (ac->orig_req->op.search.scope != LDB_SCOPE_BASE) { - ac->asq_ret = ASQ_CTRL_UNWILLING_TO_PERFORM; - return asq_terminate(handle); - } - - ac->req_attrs = ac->orig_req->op.search.attrs; - ac->req_attribute = talloc_strdup(ac, ac->asq_ctrl->source_attribute); - if (ac->req_attribute == NULL) - return LDB_ERR_OPERATIONS_ERROR; - - /* get the object to retrieve the DNs to search */ - ret = asq_build_first_request(ac); - if (ret != LDB_SUCCESS) { - return ret; - } - - ac->step = ASQ_SEARCH_BASE; - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - return ldb_request(ac->module->ldb, ac->base_req); - case ASQ_SEARCH_BASE: - ret = ldb_wait(ac->base_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - if (ac->base_req->handle->status != LDB_SUCCESS) { - handle->status = ac->base_req->handle->status; - goto done; + /* build up the requests call chain */ + ret = asq_build_multiple_requests(ac, &terminated); + if (ret != LDB_SUCCESS || terminated) { + return ret; } - if (ac->base_req->handle->state == LDB_ASYNC_DONE) { + ac->step = ASQ_SEARCH_MULTI; - /* build up the requests call chain */ - ret = asq_build_multiple_requests(ac, handle); - if (ret != LDB_SUCCESS) { - return ret; - } - if (handle->state == LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - ac->step = ASQ_SEARCH_MULTI; - - return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); - } - - /* request still pending, return to cycle again */ - return LDB_SUCCESS; + return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); case ASQ_SEARCH_MULTI: - ret = ldb_wait(ac->reqs[ac->cur_req]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->reqs[ac->cur_req]->handle->status != LDB_SUCCESS) { - handle->status = ac->reqs[ac->cur_req]->handle->status; - } - - if (ac->reqs[ac->cur_req]->handle->state == LDB_ASYNC_DONE) { - ac->cur_req++; + ac->cur_req++; - if (ac->cur_req < ac->num_reqs) { - return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); - } - - return asq_terminate(handle); + if (ac->cur_req == ac->num_reqs) { + /* done */ + return asq_search_terminate(ac); } - /* request still pending, return to cycle again */ - return LDB_SUCCESS; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - break; + return ldb_request(ac->module->ldb, ac->reqs[ac->cur_req]); } -done: - handle->state = LDB_ASYNC_DONE; - return ret; + return LDB_ERR_OPERATIONS_ERROR; } static int asq_search(struct ldb_module *module, struct ldb_request *req) { + struct ldb_request *base_req; struct ldb_control *control; struct asq_context *ac; - struct ldb_handle *h; + int ret; /* check if there's a paged request control */ control = ldb_request_get_control(req, LDB_CONTROL_ASQ_OID); @@ -405,67 +343,37 @@ static int asq_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); + ac = asq_context_init(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - h = init_handle(req, module); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; + /* check the search is well formed */ + if (req->op.search.scope != LDB_SCOPE_BASE) { + ac->asq_ret = ASQ_CTRL_UNWILLING_TO_PERFORM; + return asq_search_terminate(ac); } - ac = talloc_get_type(h->private_data, struct asq_context); ac->asq_ctrl = talloc_get_type(control->data, struct ldb_asq_control); if (!ac->asq_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } - req->handle = h; - - return asq_search_continue(h); -} - -static int asq_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; + ret = asq_build_first_request(ac, &base_req); + if (ret != LDB_SUCCESS) { + return ret; } - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = asq_search_continue(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } + ac->step = ASQ_SEARCH_BASE; - return asq_search_continue(handle); + return ldb_request(module->ldb, base_req); } static int asq_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc_zero(module, struct ldb_request); - if (req == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "asq: Out of memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_ASQ_OID; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_ASQ_OID); if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_WARNING, "asq: Unable to register control with rootdse!\n"); } @@ -476,6 +384,5 @@ static int asq_init(struct ldb_module *module) const struct ldb_module_ops ldb_asq_module_ops = { .name = "asq", .search = asq_search, - .wait = asq_wait, .init_context = asq_init }; diff --git a/source4/lib/ldb/modules/operational.c b/source4/lib/ldb/modules/operational.c index a59e81becd..abb1d4ca1a 100644 --- a/source4/lib/ldb/modules/operational.c +++ b/source4/lib/ldb/modules/operational.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Tridgell 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -173,38 +173,53 @@ failed: */ struct operational_context { - struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; const char * const *attrs; }; -static int operational_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int operational_callback(struct ldb_request *req, struct ldb_reply *ares) { struct operational_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct operational_context); - ac = talloc_get_type(context, struct operational_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: /* for each record returned post-process to add any derived attributes that have been asked for */ - if (operational_search_post_process(ac->module, ares->message, ac->attrs) != 0) { - goto error; + ret = operational_search_post_process(ac->module, + ares->message, + ac->attrs); + if (ret != 0) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - } + return ldb_module_send_entry(ac->req, ares->message); - return ac->up_callback(ldb, ac->up_context, ares); + case LDB_REPLY_REFERRAL: + /* ignore referrals */ + break; + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } static int operational_search(struct ldb_module *module, struct ldb_request *req) @@ -212,9 +227,8 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req struct operational_context *ac; struct ldb_request *down_req; const char **search_attrs = NULL; - int i, a, ret; - - req->handle = NULL; + int i, a; + int ret; ac = talloc(req, struct operational_context); if (ac == NULL) { @@ -222,21 +236,10 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req } ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; + ac->req = req; ac->attrs = req->op.search.attrs; - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - - /* FIXME: I hink we should copy the tree and keep the original + /* FIXME: We must copy the tree and keep the original * unmodified. SSS */ /* replace any attributes in the parse tree that are searchable, but are stored using a different name in the @@ -264,27 +267,26 @@ static int operational_search(struct ldb_module *module, struct ldb_request *req } } } - - /* use new set of attrs if any */ - if (search_attrs) down_req->op.search.attrs = search_attrs; - else down_req->op.search.attrs = req->op.search.attrs; - - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = operational_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - /* perform the search */ - ret = ldb_next_request(module, down_req); + /* use new set of attrs if any */ + if (search_attrs == NULL) { + search_attrs = req->op.search.attrs; + } - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + (const char * const *)search_attrs, + req->controls, + ac, operational_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } static int operational_init(struct ldb_module *ctx) diff --git a/source4/lib/ldb/modules/paged_results.c b/source4/lib/ldb/modules/paged_results.c index b62b1f92cb..d3bb83bbcd 100644 --- a/source4/lib/ldb/modules/paged_results.c +++ b/source4/lib/ldb/modules/paged_results.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005-2006 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -51,9 +51,8 @@ struct results_store { char *cookie; time_t timestamp; - struct results_store *prev; struct results_store *next; - + struct message_store *first; struct message_store *last; int num_entries; @@ -62,8 +61,6 @@ struct results_store { struct message_store *last_ref; struct ldb_control **controls; - - struct ldb_request *req; }; struct private_data { @@ -73,20 +70,25 @@ struct private_data { }; -int store_destructor(struct results_store *store) +int store_destructor(struct results_store *del) { - if (store->prev) { - store->prev->next = store->next; - } - if (store->next) { - store->next->prev = store->prev; + struct private_data *priv = del->priv; + struct results_store *loop; + + if (priv->store == del) { + priv->store = del->next; + return 0; } - if (store == store->priv->store) { - store->priv->store = NULL; + for (loop = priv->store; loop; loop = loop->next) { + if (loop->next == del) { + loop->next = del->next; + return 0; + } } - return 0; + /* is not in list ? */ + return -1; } static struct results_store *new_store(struct private_data *priv) @@ -116,10 +118,7 @@ static struct results_store *new_store(struct private_data *priv) newr->first_ref = NULL; newr->controls = NULL; - /* put this entry as first */ - newr->prev = NULL; newr->next = priv->store; - if (priv->store != NULL) priv->store->prev = newr; priv->store = newr; talloc_set_destructor(newr, store_destructor); @@ -129,101 +128,164 @@ static struct results_store *new_store(struct private_data *priv) struct paged_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - int size; + struct ldb_request *req; struct results_store *store; + int size; + struct ldb_control **controls; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) +static int paged_results(struct paged_context *ac) { - struct paged_context *ac; - struct ldb_handle *h; + struct ldb_paged_control *paged; + struct message_store *msg; + int i, num_ctrls, ret; - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; + if (ac->store == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - h->module = module; + while (ac->store->num_entries > 0 && ac->size > 0) { + msg = ac->store->first; + ret = ldb_module_send_entry(ac->req, msg->r->message); + if (ret != LDB_SUCCESS) { + return ret; + } - ac = talloc_zero(h, struct paged_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + ac->store->first = msg->next; + talloc_free(msg); + ac->store->num_entries--; + ac->size--; } - h->private_data = (void *)ac; + while (ac->store->first_ref != NULL) { + msg = ac->store->first_ref; + ret = ldb_module_send_referral(ac->req, msg->r->referral); + if (ret != LDB_SUCCESS) { + return ret; + } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + ac->store->first_ref = msg->next; + talloc_free(msg); + } - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; + /* return result done */ + num_ctrls = 1; + i = 0; + + if (ac->store->controls != NULL) { + while (ac->store->controls[i]) i++; /* counting */ + + num_ctrls += i; + } + + ac->controls = talloc_array(ac, struct ldb_control *, num_ctrls +1); + if (ac->controls == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac->controls[num_ctrls] = NULL; + + for (i = 0; i < (num_ctrls -1); i++) { + ac->controls[i] = talloc_reference(ac->controls, ac->store->controls[i]); + } + + ac->controls[i] = talloc(ac->controls, struct ldb_control); + if (ac->controls[i] == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } - return h; + ac->controls[i]->oid = talloc_strdup(ac->controls[i], + LDB_CONTROL_PAGED_RESULTS_OID); + if (ac->controls[i]->oid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->controls[i]->critical = 0; + + paged = talloc(ac->controls[i], struct ldb_paged_control); + if (paged == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->controls[i]->data = paged; + + if (ac->size > 0) { + paged->size = 0; + paged->cookie = NULL; + paged->cookie_len = 0; + } else { + paged->size = ac->store->num_entries; + paged->cookie = talloc_strdup(paged, ac->store->cookie); + paged->cookie_len = strlen(paged->cookie) + 1; + } + + return LDB_SUCCESS; } -static int paged_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int paged_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct paged_context *ac = NULL; + struct paged_context *ac ; + struct message_store *msg_store; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; + ac = talloc_get_type(req->context, struct paged_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - ac = talloc_get_type(context, struct paged_context); + switch (ares->type) { + case LDB_REPLY_ENTRY: + msg_store = talloc(ac->store, struct message_store); + if (msg_store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + msg_store->next = NULL; + msg_store->r = talloc_steal(msg_store, ares); - if (ares->type == LDB_REPLY_ENTRY) { if (ac->store->first == NULL) { - ac->store->first = ac->store->last = talloc(ac->store, struct message_store); + ac->store->first = msg_store; } else { - ac->store->last->next = talloc(ac->store, struct message_store); - ac->store->last = ac->store->last->next; - } - if (ac->store->last == NULL) { - goto error; + ac->store->last->next = msg_store; } + ac->store->last = msg_store; ac->store->num_entries++; - ac->store->last->r = talloc_steal(ac->store->last, ares); - ac->store->last->next = NULL; - } + break; + + case LDB_REPLY_REFERRAL: + msg_store = talloc(ac->store, struct message_store); + if (msg_store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + msg_store->next = NULL; + msg_store->r = talloc_steal(msg_store, ares); - if (ares->type == LDB_REPLY_REFERRAL) { if (ac->store->first_ref == NULL) { - ac->store->first_ref = ac->store->last_ref = talloc(ac->store, struct message_store); + ac->store->first_ref = msg_store; } else { - ac->store->last_ref->next = talloc(ac->store, struct message_store); - ac->store->last_ref = ac->store->last_ref->next; - } - if (ac->store->last_ref == NULL) { - goto error; + ac->store->last_ref->next = msg_store; } + ac->store->last_ref = msg_store; - ac->store->last_ref->r = talloc_steal(ac->store->last, ares); - ac->store->last_ref->next = NULL; - } + break; - if (ares->type == LDB_REPLY_DONE) { + case LDB_REPLY_DONE: ac->store->controls = talloc_move(ac->store, &ares->controls); - talloc_free(ares); + ret = paged_results(ac); + return ldb_module_done(ac->req, ac->controls, + ares->response, ret); } return LDB_SUCCESS; - -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int paged_search(struct ldb_module *module, struct ldb_request *req) @@ -232,8 +294,8 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) struct private_data *private_data; struct ldb_paged_control *paged_ctrl; struct ldb_control **saved_controls; + struct ldb_request *search_req; struct paged_context *ac; - struct ldb_handle *h; int ret; /* check if there's a paged request control */ @@ -243,65 +305,57 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - private_data = talloc_get_type(module->private_data, struct private_data); - - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - paged_ctrl = talloc_get_type(control->data, struct ldb_paged_control); if (!paged_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } - h = init_handle(req, module, req->context, req->callback); - if (!h) { + private_data = talloc_get_type(module->private_data, struct private_data); + + ac = talloc_zero(req, struct paged_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct paged_context); + ac->module = module; + ac->req = req; ac->size = paged_ctrl->size; /* check if it is a continuation search the store */ if (paged_ctrl->cookie_len == 0) { - - ac->store = new_store(private_data); - if (ac->store == NULL) { - talloc_free(h); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (paged_ctrl->size == 0) { + return LDB_ERR_OPERATIONS_ERROR; } - ac->store->req = talloc(ac->store, struct ldb_request); - if (!ac->store->req) + ac->store = new_store(private_data); + if (ac->store == NULL) { return LDB_ERR_OPERATIONS_ERROR; + } - ac->store->req->operation = req->operation; - ac->store->req->op.search.base = req->op.search.base; - ac->store->req->op.search.scope = req->op.search.scope; - ac->store->req->op.search.tree = req->op.search.tree; - ac->store->req->op.search.attrs = req->op.search.attrs; - ac->store->req->controls = req->controls; + ret = ldb_build_search_req_ex(&search_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, + paged_search_callback, + req); /* save it locally and remove it from the list */ /* we do not need to replace them later as we * are keeping the original req intact */ - if (!save_controls(control, ac->store->req, &saved_controls)) { + if (!save_controls(control, search_req, &saved_controls)) { return LDB_ERR_OPERATIONS_ERROR; } - ac->store->req->context = ac; - ac->store->req->callback = paged_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->store->req); - - ret = ldb_next_request(module, ac->store->req); + return ldb_next_request(module, search_req); } else { struct results_store *current = NULL; + /* TODO: age out old outstanding requests */ for (current = private_data->store; current; current = current->next) { if (strcmp(current->cookie, paged_ctrl->cookie) == 0) { current->timestamp = time(NULL); @@ -309,249 +363,52 @@ static int paged_search(struct ldb_module *module, struct ldb_request *req) } } if (current == NULL) { - talloc_free(h); return LDB_ERR_UNWILLING_TO_PERFORM; } ac->store = current; - ret = LDB_SUCCESS; - } - - req->handle = h; - - /* check if it is an abandon */ - if (ac->size == 0) { - talloc_free(ac->store); - h->status = LDB_SUCCESS; - h->state = LDB_ASYNC_DONE; - return LDB_SUCCESS; - } - - /* TODO: age out old outstanding requests */ - - return ret; - -} - -static int paged_results(struct ldb_handle *handle) -{ - struct paged_context *ac; - struct ldb_paged_control *paged; - struct ldb_reply *ares; - struct message_store *msg; - int i, num_ctrls, ret; - - ac = talloc_get_type(handle->private_data, struct paged_context); - - if (ac->store == NULL) - return LDB_ERR_OPERATIONS_ERROR; - while (ac->store->num_entries > 0 && ac->size > 0) { - msg = ac->store->first; - ret = ac->up_callback(ac->module->ldb, ac->up_context, msg->r); - if (ret != LDB_SUCCESS) { - handle->status = ret; - handle->state = LDB_ASYNC_DONE; - return ret; + /* check if it is an abandon */ + if (ac->size == 0) { + return ldb_module_done(req, NULL, NULL, + LDB_SUCCESS); } - ac->store->first = msg->next; - talloc_free(msg); - ac->store->num_entries--; - ac->size--; - } - - handle->state = LDB_ASYNC_DONE; - - while (ac->store->first_ref != NULL) { - msg = ac->store->first_ref; - ret = ac->up_callback(ac->module->ldb, ac->up_context, msg->r); + ret = paged_results(ac); if (ret != LDB_SUCCESS) { - handle->status = ret; - handle->state = LDB_ASYNC_DONE; - return ret; + return ldb_module_done(req, NULL, NULL, ret); } - - ac->store->first_ref = msg->next; - talloc_free(msg); - } - - ares = talloc_zero(ac->store, struct ldb_reply); - if (ares == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - num_ctrls = 2; - i = 0; - - if (ac->store->controls != NULL) { - ares->controls = ac->store->controls; - while (ares->controls[i]) i++; /* counting */ - - ares->controls = talloc_move(ares, &ac->store->controls); - num_ctrls += i; - } - - ares->controls = talloc_realloc(ares, ares->controls, struct ldb_control *, num_ctrls); - if (ares->controls == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; + return ldb_module_done(req, ac->controls, NULL, + LDB_SUCCESS); } - - ares->controls[i] = talloc(ares->controls, struct ldb_control); - if (ares->controls[i] == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->oid = talloc_strdup(ares->controls[i], LDB_CONTROL_PAGED_RESULTS_OID); - if (ares->controls[i]->oid == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->critical = 0; - ares->controls[i + 1] = NULL; - - paged = talloc(ares->controls[i], struct ldb_paged_control); - if (paged == NULL) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->controls[i]->data = paged; - - if (ac->size > 0) { - paged->size = 0; - paged->cookie = NULL; - paged->cookie_len = 0; - } else { - paged->size = ac->store->num_entries; - paged->cookie = talloc_strdup(paged, ac->store->cookie); - paged->cookie_len = strlen(paged->cookie) + 1; - } - - ares->type = LDB_REPLY_DONE; - - ret = ac->up_callback(ac->module->ldb, ac->up_context, ares); - - handle->status = ret; - - return ret; -} - -static int paged_wait_once(struct ldb_handle *handle) { - struct paged_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - - ac = talloc_get_type(handle->private_data, struct paged_context); - - if (ac->store->req->handle->state == LDB_ASYNC_DONE) { - /* if lower level is finished we do not need to call it anymore */ - /* return all we have until size == 0 or we empty storage */ - ret = paged_results(handle); - - /* we are done, if num_entries is zero free the storage - * as that mean we delivered the last batch */ - if (ac->store->num_entries == 0) { - talloc_free(ac->store); - } - - return ret; - } - - ret = ldb_wait(ac->store->req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->state = LDB_ASYNC_DONE; - handle->status = ret; - return ret; - } - - handle->status = ret; - - if (ac->store->num_entries >= ac->size || - ac->store->req->handle->state == LDB_ASYNC_DONE) { - - ret = paged_results(handle); - - /* we are done, if num_entries is zero free the storage - * as that mean we delivered the last batch */ - if (ac->store->num_entries == 0) { - talloc_free(ac->store); - } - } - - return ret; -} - -static int paged_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = paged_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } - - return paged_wait_once(handle); } static int paged_request_init(struct ldb_module *module) { struct private_data *data; - struct ldb_request *req; int ret; data = talloc(module, struct private_data); if (data == NULL) { return LDB_ERR_OTHER; } - + data->next_free_id = 1; data->store = NULL; module->private_data = data; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_PAGED_RESULTS_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_PAGED_RESULTS_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "paged_request: Unable to register control with rootdse!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "paged_request:" + "Unable to register control with rootdse!\n"); } - talloc_free(req); return ldb_next_init(module); } const struct ldb_module_ops ldb_paged_results_module_ops = { .name = "paged_results", .search = paged_search, - .wait = paged_wait, .init_context = paged_request_init }; diff --git a/source4/lib/ldb/modules/paged_searches.c b/source4/lib/ldb/modules/paged_searches.c index 40e87f70d6..7a728e3bb0 100644 --- a/source4/lib/ldb/modules/paged_searches.c +++ b/source4/lib/ldb/modules/paged_searches.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005-2006 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -46,12 +46,7 @@ struct private_data { struct ps_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - struct ldb_request *orig_req; - - struct ldb_request *new_req; + struct ldb_request *req; bool pending; @@ -59,51 +54,13 @@ struct ps_context { int num_referrals; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) +static int check_ps_continuation(struct ldb_request *req, struct ldb_reply *ares) { struct ps_context *ac; - struct ldb_handle *h; - - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ps_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; - - ac->pending = false; - - - - ac->saved_referrals = NULL; - ac->num_referrals = 0; - - return h; -} - -static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) -{ struct ldb_paged_control *rep_control, *req_control; + ac = talloc_get_type(req->context, struct ps_context); + /* look up our paged control */ if (!ares->controls || strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ares->controls[0]->oid) != 0) { /* something wrong here */ @@ -122,12 +79,12 @@ static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) /* if there's a reply control we must find a request * control matching it */ - if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ac->new_req->controls[0]->oid) != 0) { + if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, req->controls[0]->oid) != 0) { /* something wrong here */ return LDB_ERR_OPERATIONS_ERROR; } - req_control = talloc_get_type(ac->new_req->controls[0]->data, struct ldb_paged_control); + req_control = talloc_get_type(req->controls[0]->data, struct ldb_paged_control); if (req_control->cookie) { talloc_free(req_control->cookie); @@ -142,7 +99,7 @@ static int check_ps_continuation(struct ldb_reply *ares, struct ps_context *ac) return LDB_SUCCESS; } -static int store_referral(char *referral, struct ps_context *ac) +static int store_referral(struct ps_context *ac, char *referral) { ac->saved_referrals = talloc_realloc(ac, ac->saved_referrals, char *, ac->num_referrals + 2); if (!ac->saved_referrals) { @@ -160,13 +117,14 @@ static int store_referral(char *referral, struct ps_context *ac) return LDB_SUCCESS; } -static int send_referrals(struct ldb_context *ldb, struct ps_context *ac) +static int send_referrals(struct ps_context *ac) { struct ldb_reply *ares; + int ret; int i; for (i = 0; i < ac->num_referrals; i++) { - ares = talloc_zero(ac, struct ldb_reply); + ares = talloc_zero(ac->req, struct ldb_reply); if (!ares) { return LDB_ERR_OPERATIONS_ERROR; } @@ -174,69 +132,87 @@ static int send_referrals(struct ldb_context *ldb, struct ps_context *ac) ares->type = LDB_REPLY_REFERRAL; ares->referral = ac->saved_referrals[i]; - ac->up_callback(ldb, ac->up_context, ares); + ret = ldb_module_send_referral(ac->req, ares->referral); + if (ret != LDB_SUCCESS) { + return ret; + } } return LDB_SUCCESS; } -static int ps_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ps_next_request(struct ps_context *ac); + +static int ps_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct ps_context *ac = NULL; - int ret = LDB_ERR_OPERATIONS_ERROR; + struct ps_context *ac; + int ret; - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + ac = talloc_get_type(req->context, struct ps_context); - ac = talloc_get_type(context, struct ps_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ac->up_callback(ldb, ac->up_context, ares); + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } break; case LDB_REPLY_REFERRAL: - ret = store_referral(ares->referral, ac); + ret = store_referral(ac, ares->referral); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, NULL, NULL, ret); } break; case LDB_REPLY_DONE: - ret = check_ps_continuation(ares, ac); + + ret = check_ps_continuation(req, ares); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, NULL, NULL, ret); } - if (!ac->pending) { + + if (ac->pending) { + + ret = ps_next_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + + } else { + /* send referrals */ - ret = send_referrals(ldb, ac); + ret = send_referrals(ac); if (ret != LDB_SUCCESS) { - goto error; + return ldb_module_done(ac->req, + NULL, NULL, ret); } /* send REPLY_DONE */ - ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); } break; - default: - goto error; } - return LDB_SUCCESS; - -error: talloc_free(ares); - return ret; + return LDB_SUCCESS; } static int ps_search(struct ldb_module *module, struct ldb_request *req) { struct private_data *private_data; - struct ldb_paged_control *control; struct ps_context *ac; - struct ldb_handle *h; private_data = talloc_get_type(module->private_data, struct private_data); @@ -248,216 +224,151 @@ static int ps_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - - h = init_handle(req, module, req->context, req->callback); - if (!h) { + ac = talloc_zero(req, struct ps_context); + if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ps_context); - - ac->new_req = talloc(ac, struct ldb_request); - if (!ac->new_req) return LDB_ERR_OPERATIONS_ERROR; - - ac->new_req->controls = talloc_array(ac->new_req, struct ldb_control *, 2); - if (!ac->new_req->controls) return LDB_ERR_OPERATIONS_ERROR; - - ac->new_req->controls[0] = talloc(ac->new_req->controls, struct ldb_control); - if (!ac->new_req->controls[0]) return LDB_ERR_OPERATIONS_ERROR; - - control = talloc(ac->new_req->controls[0], struct ldb_paged_control); - if (!control) return LDB_ERR_OPERATIONS_ERROR; - - control->size = PS_DEFAULT_PAGE_SIZE; - control->cookie = NULL; - control->cookie_len = 0; - - ac->new_req->controls[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; - ac->new_req->controls[0]->critical = 1; - ac->new_req->controls[0]->data = control; - - ac->new_req->controls[1] = NULL; - ac->new_req->operation = req->operation; - ac->new_req->op.search.base = req->op.search.base; - ac->new_req->op.search.scope = req->op.search.scope; - ac->new_req->op.search.tree = req->op.search.tree; - ac->new_req->op.search.attrs = req->op.search.attrs; - ac->new_req->context = ac; - ac->new_req->callback = ps_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->new_req); - - req->handle = h; + ac->module = module; + ac->req = req; + ac->pending = false; + ac->saved_referrals = NULL; + ac->num_referrals = 0; - return ldb_next_request(module, ac->new_req); + return ps_next_request(ac); } -static int ps_continuation(struct ldb_handle *handle) -{ - struct ps_context *ac; +static int ps_next_request(struct ps_context *ac) { - if (!handle || !handle->private_data) { + struct ldb_paged_control *control; + struct ldb_control **controls; + struct ldb_request *new_req; + int ret; + + controls = talloc_array(ac, struct ldb_control *, 2); + if (!controls) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(handle->private_data, struct ps_context); - - /* reset the requests handle */ - ac->new_req->handle = NULL; - - return ldb_next_request(handle->module, ac->new_req); -} - -static int ps_wait_once(struct ldb_handle *handle) -{ - struct ps_context *ac; - int ret; - - if (!handle || !handle->private_data) { + controls[0] = talloc(controls, struct ldb_control); + if (!controls[0]) { return LDB_ERR_OPERATIONS_ERROR; } - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + control = talloc(controls[0], struct ldb_paged_control); + if (!control) { + return LDB_ERR_OPERATIONS_ERROR; } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct ps_context); - - ret = ldb_wait(ac->new_req->handle, LDB_WAIT_NONE); + control->size = PS_DEFAULT_PAGE_SIZE; + control->cookie = NULL; + control->cookie_len = 0; + controls[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; + controls[0]->critical = 1; + controls[0]->data = control; + controls[1] = NULL; + + ret = ldb_build_search_req_ex(&new_req, ac->module->ldb, ac, + ac->req->op.search.base, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->req->op.search.attrs, + controls, + ac, + ps_callback, + ac->req); if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - if (ac->new_req->handle->status != LDB_SUCCESS) { - handle->status = ac->new_req->handle->status; - goto done; - } - - if (ac->new_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* see if we need to send another request for the next batch */ - if (ac->pending) { - ret = ps_continuation(handle); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - - /* continue the search with the next request */ - return LDB_SUCCESS; + return ret; } + talloc_steal(new_req, controls); - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; + return ldb_next_request(ac->module, new_req); } -static int ps_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int check_supported_paged(struct ldb_request *req, + struct ldb_reply *ares) { - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } + struct private_data *data; - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = ps_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } + data = talloc_get_type(req->context, struct private_data); - return handle->status; + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } - return ps_wait_once(handle); -} -static int check_supported_paged(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) -{ - struct private_data *data; - data = talloc_get_type(context, - struct private_data); - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: if (ldb_msg_check_string_attribute(ares->message, "supportedControl", LDB_CONTROL_PAGED_RESULTS_OID)) { data->paged_supported = true; } + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + return ldb_request_done(req, LDB_SUCCESS); } + + talloc_free(ares); return LDB_SUCCESS; } - static int ps_init(struct ldb_module *module) { static const char *attrs[] = { "supportedControl", NULL }; struct private_data *data; + struct ldb_dn *base; int ret; struct ldb_request *req; data = talloc(module, struct private_data); if (data == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OTHER; + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } module->private_data = data; data->paged_supported = false; - req = talloc(module, struct ldb_request); - if (req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + base = ldb_dn_new(module, module->ldb, ""); + if (base == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, module->ldb, ""); - req->op.search.scope = LDB_SCOPE_BASE; - - req->op.search.tree = ldb_parse_tree(req, "objectClass=*"); - if (req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(req); - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_search_req(&req, module->ldb, module, + base, LDB_SCOPE_BASE, + "(objectClass=*)", + attrs, NULL, + data, check_supported_paged, + NULL); + if (ret != LDB_SUCCESS) { + return ret; } - req->op.search.attrs = attrs; - req->controls = NULL; - req->context = data; - req->callback = check_supported_paged; - ldb_set_timeout(module->ldb, req, 0); /* use default timeout */ - ret = ldb_next_request(module, req); - if (ret == LDB_SUCCESS) { ret = ldb_wait(req->handle, LDB_WAIT_ALL); } - - talloc_free(req); if (ret != LDB_SUCCESS) { return ret; } + talloc_free(base); + talloc_free(req); + return ldb_next_init(module); } _PUBLIC_ const struct ldb_module_ops ldb_paged_searches_module_ops = { .name = "paged_searches", .search = ps_search, - .wait = ps_wait, .init_context = ps_init }; diff --git a/source4/lib/ldb/modules/rdn_name.c b/source4/lib/ldb/modules/rdn_name.c index 65c044c0f4..62b8ce5112 100644 --- a/source4/lib/ldb/modules/rdn_name.c +++ b/source4/lib/ldb/modules/rdn_name.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Bartlet 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -38,6 +38,14 @@ #include "ldb_includes.h" +struct rename_context { + + struct ldb_module *module; + struct ldb_request *req; + + struct ldb_reply *ares; +}; + static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_message *msg, const char *name) { int i; @@ -51,11 +59,38 @@ static struct ldb_message_element *rdn_name_find_attribute(const struct ldb_mess return NULL; } +static int rdn_name_add_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct rename_context *ac; + + ac = talloc_get_type(req->context, struct rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); +} + static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; + struct rename_context *ac; struct ldb_message *msg; struct ldb_message_element *attribute; + const struct ldb_schema_attribute *a; const char *rdn_name; struct ldb_val rdn_val; int i, ret; @@ -67,21 +102,22 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; + ac->module = module; + ac->req = req; - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(req, req->op.add.message); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } rdn_name = ldb_dn_get_rdn_name(msg->dn); if (rdn_name == NULL) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -93,7 +129,7 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -101,14 +137,16 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) if (!attribute) { if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } else { - const struct ldb_schema_attribute *a = ldb_schema_attribute_by_name(module->ldb, rdn_name); + a = ldb_schema_attribute_by_name(module->ldb, rdn_name); for (i = 0; i < attribute->num_values; i++) { - if (a->syntax->comparison_fn(module->ldb, msg, &rdn_val, &attribute->values[i]) == 0) { + ret = a->syntax->comparison_fn(module->ldb, msg, + &rdn_val, &attribute->values[i]); + if (ret == 0) { /* overwrite so it matches in case */ attribute->values[i] = rdn_val; break; @@ -118,218 +156,166 @@ static int rdn_name_add(struct ldb_module *module, struct ldb_request *req) ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "RDN mismatch on %s: %s (%s)", ldb_dn_get_linearized(msg->dn), rdn_name, rdn_val.data); - talloc_free(down_req); + talloc_free(ac); /* Match AD's error here */ return LDB_ERR_INVALID_DN_SYNTAX; } } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, req, + msg, + req->controls, + ac, rdn_name_add_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; -} - -struct rename_context { + talloc_steal(down_req, msg); - enum {RENAME_RENAME, RENAME_MODIFY} step; - struct ldb_request *orig_req; - struct ldb_request *down_req; - struct ldb_request *mod_req; -}; + /* go on with the call chain */ + return ldb_next_request(module, down_req); +} -static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) +static int rdn_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct ldb_handle *h; struct rename_context *ac; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_rename\n"); + ac = talloc_get_type(req->context, struct rename_context); - /* do not manipulate our control entries */ - if (ldb_dn_is_special(req->op.rename.newdn)) { - return ldb_next_request(module, req); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - h->module = module; - - ac = talloc_zero(h, struct rename_context); - if (ac == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->orig_req = req; - ac->down_req = talloc(req, struct ldb_request); - if (ac->down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *req; - - ac->step = RENAME_RENAME; - - req->handle = h; - - /* rename first, modify "name" if rename is ok */ - return ldb_next_request(module, ac->down_req); + /* send saved controls eventually */ + return ldb_module_done(ac->req, ac->ares->controls, + ac->ares->response, LDB_SUCCESS); } -static int rdn_name_rename_do_mod(struct ldb_handle *h) { - +static int rdn_rename_callback(struct ldb_request *req, struct ldb_reply *ares) +{ struct rename_context *ac; + struct ldb_request *mod_req; const char *rdn_name; struct ldb_val rdn_val; struct ldb_message *msg; + int ret; - ac = talloc_get_type(h->private_data, struct rename_context); + ac = talloc_get_type(req->context, struct rename_context); - ac->mod_req = talloc_zero(ac, struct ldb_request); + if (!ares) { + goto error; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->mod_req->operation = LDB_MODIFY; - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); - if (msg == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + /* the only supported reply right now is a LDB_REPLY_DONE */ + if (ares->type != LDB_REPLY_DONE) { + goto error; } - msg->dn = ldb_dn_copy(msg, ac->orig_req->op.rename.newdn); + /* save reply for caller */ + ac->ares = talloc_steal(ac, ares); + + msg = ldb_msg_new(ac); + if (msg == NULL) { + goto error; + } + msg->dn = ldb_dn_copy(msg, ac->req->op.rename.newdn); if (msg->dn == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - - rdn_name = ldb_dn_get_rdn_name(ac->orig_req->op.rename.newdn); + rdn_name = ldb_dn_get_rdn_name(ac->req->op.rename.newdn); if (rdn_name == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->orig_req->op.rename.newdn)); + rdn_val = ldb_val_dup(msg, ldb_dn_get_rdn_val(ac->req->op.rename.newdn)); if (ldb_msg_add_empty(msg, rdn_name, LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_value(msg, rdn_name, &rdn_val, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_REPLACE, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } if (ldb_msg_add_value(msg, "name", &rdn_val, NULL) != 0) { - return LDB_ERR_OPERATIONS_ERROR; + goto error; } - ldb_set_timeout_from_prev_req(h->module->ldb, ac->orig_req, ac->mod_req); - - ac->step = RENAME_MODIFY; + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, + ac, msg, NULL, + ac, rdn_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_steal(mod_req, msg); /* do the mod call */ - return ldb_request(h->module->ldb, ac->mod_req); + return ldb_request(ac->module->ldb, mod_req); + +error: + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } -static int rdn_name_wait_once(struct ldb_handle *handle) +static int rdn_name_rename(struct ldb_module *module, struct ldb_request *req) { struct rename_context *ac; + struct ldb_request *down_req; int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct rename_context); - - switch(ac->step) { - case RENAME_RENAME: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* rename operation done */ - return rdn_name_rename_do_mod(handle); - - case RENAME_MODIFY: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "rdn_name_rename\n"); - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.rename.newdn)) { + return ldb_next_request(module, req); } - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int rdn_name_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { + ac = talloc_zero(req, struct rename_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = rdn_name_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } + ac->module = module; + ac->req = req; - return handle->status; + ret = ldb_build_rename_req(&down_req, + module->ldb, + ac, + req->op.rename.olddn, + req->op.rename.newdn, + req->controls, + ac, + rdn_rename_callback, + req); + + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return rdn_name_wait_once(handle); + /* rename first, modify "name" if rename is ok */ + return ldb_next_request(module, down_req); } const struct ldb_module_ops ldb_rdn_name_module_ops = { .name = "rdn_name", .add = rdn_name_add, .rename = rdn_name_rename, - .wait = rdn_name_wait }; diff --git a/source4/lib/ldb/modules/sort.c b/source4/lib/ldb/modules/sort.c index 746befa559..64d60f370c 100644 --- a/source4/lib/ldb/modules/sort.c +++ b/source4/lib/ldb/modules/sort.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -43,8 +43,6 @@ struct opaque { struct sort_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); char *attributeName; char *orderingRule; @@ -53,7 +51,6 @@ struct sort_context { struct ldb_request *req; struct ldb_message **msgs; char **referrals; - struct ldb_control **controls; int num_msgs; int num_refs; @@ -61,40 +58,6 @@ struct sort_context { int sort_result; }; -static struct ldb_handle *init_handle(void *mem_ctx, struct ldb_module *module, - void *context, - int (*callback)(struct ldb_context *, void *, struct ldb_reply *)) -{ - struct sort_context *ac; - struct ldb_handle *h; - - h = talloc_zero(mem_ctx, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct sort_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } - - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->module = module; - ac->up_context = context; - ac->up_callback = callback; - - return h; -} - static int build_response(void *mem_ctx, struct ldb_control ***ctrls, int result, const char *desc) { struct ldb_control **controls; @@ -142,7 +105,7 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo struct sort_context *ac = talloc_get_type(opaque, struct sort_context); struct ldb_message_element *el1, *el2; - if (ac->sort_result != 0) { + if (!ac || ac->sort_result != 0) { /* an error occurred previously, * let's exit the sorting by returning always 0 */ return 0; @@ -154,7 +117,7 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo if (!el1 || !el2) { /* the attribute was not found return and * set an error */ - ac->sort_result = 53; + ac->sort_result = LDB_ERR_UNWILLING_TO_PERFORM; return 0; } @@ -164,51 +127,111 @@ static int sort_compare(struct ldb_message **msg1, struct ldb_message **msg2, vo return ac->a->syntax->comparison_fn(ac->module->ldb, ac, &el1->values[0], &el2->values[0]); } -static int server_sort_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int server_sort_results(struct sort_context *ac) { - struct sort_context *ac = NULL; - - if (!context || !ares) { - ldb_set_errstring(ldb, "NULL Context or Result in callback"); - goto error; - } + struct ldb_reply *ares; + int i, ret; + + ac->a = ldb_schema_attribute_by_name(ac->module->ldb, ac->attributeName); + ac->sort_result = 0; + + ldb_qsort(ac->msgs, ac->num_msgs, + sizeof(struct ldb_message *), + ac, (ldb_qsort_cmp_fn_t)sort_compare); + + if (ac->sort_result != LDB_SUCCESS) { + return ac->sort_result; + } + + for (i = 0; i < ac->num_msgs; i++) { + ares = talloc_zero(ac, struct ldb_reply); + if (!ares) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ares->type = LDB_REPLY_ENTRY; + ares->message = talloc_move(ares, &ac->msgs[i]); + + ret = ldb_module_send_entry(ac->req, ares->message); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + for (i = 0; i < ac->num_refs; i++) { + ares = talloc_zero(ac, struct ldb_reply); + if (!ares) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ares->type = LDB_REPLY_REFERRAL; + ares->referral = talloc_move(ares, &ac->referrals[i]); + + ret = ldb_module_send_referral(ac->req, ares->referral); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} + +static int server_sort_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct sort_context *ac; + int ret; - ac = talloc_get_type(context, struct sort_context); + ac = talloc_get_type(req->context, struct sort_context); - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: ac->msgs = talloc_realloc(ac, ac->msgs, struct ldb_message *, ac->num_msgs + 2); if (! ac->msgs) { - goto error; + talloc_free(ares); + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->msgs[ac->num_msgs + 1] = NULL; - - ac->msgs[ac->num_msgs] = talloc_move(ac->msgs, &ares->message); + ac->msgs[ac->num_msgs] = talloc_steal(ac->msgs, ares->message); ac->num_msgs++; - } + ac->msgs[ac->num_msgs] = NULL; - if (ares->type == LDB_REPLY_REFERRAL) { + break; + + case LDB_REPLY_REFERRAL: ac->referrals = talloc_realloc(ac, ac->referrals, char *, ac->num_refs + 2); if (! ac->referrals) { - goto error; + talloc_free(ares); + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->referrals[ac->num_refs + 1] = NULL; - ac->referrals[ac->num_refs] = talloc_move(ac->referrals, &ares->referral); - + ac->referrals[ac->num_refs] = talloc_steal(ac->referrals, ares->referral); ac->num_refs++; - } + ac->referrals[ac->num_refs] = NULL; - if (ares->type == LDB_REPLY_DONE) { - ac->controls = talloc_move(ac, &ares->controls); + break; + + case LDB_REPLY_DONE: + + ret = server_sort_results(ac); + return ldb_module_done(ac->req, ares->controls, + ares->response, ret); } talloc_free(ares); return LDB_SUCCESS; - -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; } static int server_sort_search(struct ldb_module *module, struct ldb_request *req) @@ -216,8 +239,9 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req struct ldb_control *control; struct ldb_server_sort_control **sort_ctrls; struct ldb_control **saved_controls; + struct ldb_control **controls; + struct ldb_request *down_req; struct sort_context *ac; - struct ldb_handle *h; int ret; /* check if there's a paged request control */ @@ -227,19 +251,14 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req return ldb_next_request(module, req); } - req->handle = NULL; - - if (!req->callback || !req->context) { - ldb_set_errstring(module->ldb, - "Async interface called with NULL callback function or NULL context"); - return LDB_ERR_OPERATIONS_ERROR; - } - - h = init_handle(req, module, req->context, req->callback); - if (!h) { + ac = talloc_zero(req, struct sort_context); + if (ac == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct sort_context); + + ac->module = module; + ac->req = req; sort_ctrls = talloc_get_type(control->data, struct ldb_server_sort_control *); if (!sort_ctrls) { @@ -251,26 +270,20 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req if (sort_ctrls[1] != NULL) { if (control->critical) { - struct ldb_reply *ares; - - ares = talloc_zero(req, struct ldb_reply); - if (!ares) - return LDB_ERR_OPERATIONS_ERROR; - /* 53 = unwilling to perform */ - ares->type = LDB_REPLY_DONE; - if ((ret = build_response(ares, &ares->controls, 53, "sort control is not complete yet")) != LDB_SUCCESS) { - return ret; + /* callback immediately */ + ret = build_response(req, &controls, + LDB_ERR_UNWILLING_TO_PERFORM, + "sort control is not complete yet"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->status = LDB_ERR_UNSUPPORTED_CRITICAL_EXTENSION; - h->state = LDB_ASYNC_DONE; - ret = ac->up_callback(module->ldb, ac->up_context, ares); - - return ret; + return ldb_module_done(req, controls, NULL, ret); } else { /* just pass the call down and don't do any sorting */ - ldb_next_request(module, req); + return ldb_next_request(module, req); } } @@ -278,181 +291,45 @@ static int server_sort_search(struct ldb_module *module, struct ldb_request *req ac->orderingRule = sort_ctrls[0]->orderingRule; ac->reverse = sort_ctrls[0]->reverse; - ac->req = talloc(req, struct ldb_request); - if (!ac->req) + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, + server_sort_search_callback, + req); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; - - ac->req->operation = req->operation; - ac->req->op.search.base = req->op.search.base; - ac->req->op.search.scope = req->op.search.scope; - ac->req->op.search.tree = req->op.search.tree; - ac->req->op.search.attrs = req->op.search.attrs; - ac->req->controls = req->controls; + } /* save it locally and remove it from the list */ /* we do not need to replace them later as we * are keeping the original req intact */ - if (!save_controls(control, ac->req, &saved_controls)) { + if (!save_controls(control, down_req, &saved_controls)) { return LDB_ERR_OPERATIONS_ERROR; } - ac->req->context = ac; - ac->req->callback = server_sort_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->req); - - req->handle = h; - - return ldb_next_request(module, ac->req); -} - -static int server_sort_results(struct ldb_handle *handle) -{ - struct sort_context *ac; - struct ldb_reply *ares; - int i, ret; - - ac = talloc_get_type(handle->private_data, struct sort_context); - - ac->a = ldb_schema_attribute_by_name(ac->module->ldb, ac->attributeName); - ac->sort_result = 0; - - ldb_qsort(ac->msgs, ac->num_msgs, - sizeof(struct ldb_message *), - ac, (ldb_qsort_cmp_fn_t)sort_compare); - - for (i = 0; i < ac->num_msgs; i++) { - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_ENTRY; - ares->message = talloc_move(ares, &ac->msgs[i]); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - } - - for (i = 0; i < ac->num_refs; i++) { - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_REFERRAL; - ares->referral = talloc_move(ares, &ac->referrals[i]); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - } - - ares = talloc_zero(ac, struct ldb_reply); - if (!ares) { - handle->status = LDB_ERR_OPERATIONS_ERROR; - return handle->status; - } - - ares->type = LDB_REPLY_DONE; - ares->controls = talloc_move(ares, &ac->controls); - - handle->status = ac->up_callback(ac->module->ldb, ac->up_context, ares); - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - - if ((ret = build_response(ac, &ac->controls, ac->sort_result, "sort control is not complete yet")) != LDB_SUCCESS) { - return ret; - } - - return LDB_SUCCESS; -} - -static int server_sort_wait_once(struct ldb_handle *handle) -{ - struct sort_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(handle->private_data, struct sort_context); - - ret = ldb_wait(ac->req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - return ret; - } - - handle->state = ac->req->handle->state; - handle->status = ac->req->handle->status; - - if (handle->status != LDB_SUCCESS) { - return handle->status; - } - - if (handle->state == LDB_ASYNC_DONE) { - ret = server_sort_results(handle); - } - - return ret; -} - -static int server_sort_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (type == LDB_WAIT_ALL) { - while (handle->state != LDB_ASYNC_DONE) { - ret = server_sort_wait_once(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; - } - - return server_sort_wait_once(handle); + return ldb_next_request(module, down_req); } static int server_sort_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_SERVER_SORT_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_SERVER_SORT_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_WARNING, "server_sort: Unable to register control with rootdse!\n"); + ldb_debug(module->ldb, LDB_DEBUG_WARNING, + "server_sort:" + "Unable to register control with rootdse!\n"); } - talloc_free(req); return ldb_next_init(module); } const struct ldb_module_ops ldb_server_sort_module_ops = { .name = "server_sort", .search = server_sort_search, - .wait = server_sort_wait, .init_context = server_sort_init }; -- cgit From 51baa8deec00244cc0a6e3d29c53932427800610 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:36:28 -0400 Subject: LDB ASYNC: samba4 modules --- source4/dsdb/samdb/ldb_modules/anr.c | 176 ++- source4/dsdb/samdb/ldb_modules/extended_dn.c | 143 +- source4/dsdb/samdb/ldb_modules/instancetype.c | 66 +- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 206 +-- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 1315 ++++++++-------- source4/dsdb/samdb/ldb_modules/local_password.c | 1124 ++++++++------ source4/dsdb/samdb/ldb_modules/normalise.c | 150 +- source4/dsdb/samdb/ldb_modules/objectclass.c | 752 ++++----- source4/dsdb/samdb/ldb_modules/objectguid.c | 101 +- source4/dsdb/samdb/ldb_modules/partition.c | 595 +++---- source4/dsdb/samdb/ldb_modules/password_hash.c | 731 ++++----- source4/dsdb/samdb/ldb_modules/proxy.c | 136 +- source4/dsdb/samdb/ldb_modules/ranged_results.c | 165 +- source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 736 ++++----- source4/dsdb/samdb/ldb_modules/rootdse.c | 122 +- source4/dsdb/samdb/ldb_modules/samldb.c | 1633 +++++++++++++------- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 100 +- source4/dsdb/samdb/ldb_modules/show_deleted.c | 166 +- source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 53 +- source4/dsdb/samdb/ldb_modules/subtree_delete.c | 232 +-- source4/dsdb/samdb/ldb_modules/subtree_rename.c | 332 ++-- source4/dsdb/samdb/ldb_modules/update_keytab.c | 245 ++- 22 files changed, 4946 insertions(+), 4333 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/anr.c b/source4/dsdb/samdb/ldb_modules/anr.c index 4e2c527fe9..028df588d6 100644 --- a/source4/dsdb/samdb/ldb_modules/anr.c +++ b/source4/dsdb/samdb/ldb_modules/anr.c @@ -1,7 +1,8 @@ /* ldb database library - Copyright (C) Amdrew Bartlett 2007 + Copyright (C) Andrew Bartlett 2007 + Copyright (C) Simo Sorce 2008 Copyright (C) Andrew Tridgell 2004 This program is free software; you can redistribute it and/or modify @@ -99,6 +100,7 @@ struct ldb_parse_tree *make_match_tree(struct ldb_module *module, struct anr_context { bool found_anr; struct ldb_module *module; + struct ldb_request *req; }; /** @@ -106,39 +108,35 @@ struct anr_context { * parse tree with an 'or' of all the anr attributes in the schema. */ -typedef struct ldb_parse_tree *(*anr_parse_tree_callback_t)(TALLOC_CTX *mem_ctx, - const struct ldb_val *match, - void *context); - - /** - * Callback function to do the heavy lifting for the for the parse tree walker + * Callback function to do the heavy lifting for the parse tree walker */ -struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, - const struct ldb_val *match, - void *context) +static int anr_replace_value(struct anr_context *ac, + TALLOC_CTX *mem_ctx, + const struct ldb_val *match, + struct ldb_parse_tree **ntree) { struct ldb_parse_tree *tree = NULL; - struct anr_context *anr_context = talloc_get_type(context, struct anr_context); - struct ldb_module *module = anr_context->module; + struct ldb_module *module = ac->module; struct ldb_parse_tree *match_tree; - uint8_t *p; - enum ldb_parse_op op; struct dsdb_attribute *cur; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + uint8_t *p; + enum ldb_parse_op op; + if (!schema) { ldb_asprintf_errstring(module->ldb, "no schema with which to construct anr filter"); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } - anr_context->found_anr = true; + ac->found_anr = true; if (match->length > 1 && match->data[0] == '=') { - DATA_BLOB *match2 = talloc(tree, DATA_BLOB); + DATA_BLOB *match2 = talloc(mem_ctx, DATA_BLOB); *match2 = data_blob_const(match->data+1, match->length - 1); if (match2 == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } match = match2; op = LDB_OP_EQUALITY; @@ -154,7 +152,7 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, tree = make_parse_list(module, mem_ctx, LDB_OP_OR, tree, match_tree); if (tree == NULL) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } } else { tree = match_tree; @@ -173,7 +171,7 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, DATA_BLOB *second_match = talloc(tree, DATA_BLOB); if (!first_match || !second_match) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } *first_match = data_blob_const(match->data, p-match->data); *second_match = data_blob_const(p+1, match->length - (p-match->data) - 1); @@ -183,26 +181,26 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, match_tree_1 = make_match_tree(module, mem_ctx, op, "givenName", first_match); match_tree_2 = make_match_tree(module, mem_ctx, op, "sn", second_match); - first_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + first_split_filter = make_parse_list(module, ac, LDB_OP_AND, match_tree_1, match_tree_2); if (first_split_filter == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } match_tree_1 = make_match_tree(module, mem_ctx, op, "sn", first_match); match_tree_2 = make_match_tree(module, mem_ctx, op, "givenName", second_match); - second_split_filter = make_parse_list(module, context, LDB_OP_AND, match_tree_1, match_tree_2); + second_split_filter = make_parse_list(module, ac, LDB_OP_AND, match_tree_1, match_tree_2); if (second_split_filter == NULL){ ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } split_filters = make_parse_list(module, mem_ctx, LDB_OP_OR, first_split_filter, second_split_filter); if (split_filters == NULL) { ldb_oom(module->ldb); - return NULL; + return LDB_ERR_OPERATIONS_ERROR; } if (tree) { @@ -212,38 +210,46 @@ struct ldb_parse_tree *anr_replace_callback(TALLOC_CTX *mem_ctx, tree = split_filters; } } - return tree; + *ntree = tree; + return LDB_SUCCESS; } /* replace any occurances of an attribute with a new, generated attribute tree */ -struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, - const char *attr, - anr_parse_tree_callback_t callback, - void *context) +static int anr_replace_subtrees(struct anr_context *ac, + struct ldb_parse_tree *tree, + const char *attr, + struct ldb_parse_tree **ntree) { + int ret; int i; - struct ldb_parse_tree *tmp; switch (tree->operation) { case LDB_OP_AND: case LDB_OP_OR: for (i=0;iu.list.num_elements;i++) { - tmp = anr_replace_subtrees(tree->u.list.elements[i], - attr, callback, context); - if (tmp) tree->u.list.elements[i] = tmp; + ret = anr_replace_subtrees(ac, tree->u.list.elements[i], + attr, &tree->u.list.elements[i]); + if (ret != LDB_SUCCESS) { + return ret; + } + *ntree = tree; } break; case LDB_OP_NOT: - tmp = anr_replace_subtrees(tree->u.isnot.child, attr, callback, context); - if (tmp) tree->u.isnot.child = tmp; + ret = anr_replace_subtrees(ac, tree->u.isnot.child, attr, &tree->u.isnot.child); + if (ret != LDB_SUCCESS) { + return ret; + } + *ntree = tree; break; case LDB_OP_EQUALITY: if (ldb_attr_cmp(tree->u.equality.attr, attr) == 0) { - tmp = callback(tree, &tree->u.equality.value, - context); - if (tmp) tree = tmp; + ret = anr_replace_value(ac, tree, &tree->u.equality.value, ntree); + if (ret != LDB_SUCCESS) { + return ret; + } } break; case LDB_OP_SUBSTRING: @@ -252,53 +258,97 @@ struct ldb_parse_tree *anr_replace_subtrees(struct ldb_parse_tree *tree, tree->u.substring.end_with_wildcard == 1 && tree->u.substring.chunks[0] != NULL && tree->u.substring.chunks[1] == NULL) { - tmp = callback(tree, tree->u.substring.chunks[0], context); - if (tmp) tree = tmp; + ret = anr_replace_value(ac, tree, tree->u.substring.chunks[0], ntree); + if (ret != LDB_SUCCESS) { + return ret; + } } } break; + default: + break; + } + + return LDB_SUCCESS; +} + +static int anr_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct anr_context *ac; + + ac = talloc_get_type(req->context, struct anr_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } - return tree; + return LDB_SUCCESS; } /* search */ static int anr_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_parse_tree *anr_tree; - struct anr_context *context = talloc(req, struct anr_context); - if (!context) { + struct ldb_request *down_req; + struct anr_context *ac; + int ret; + + ac = talloc(req, struct anr_context); + if (!ac) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - context->module = module; - context->found_anr = false; + ac->module = module; + ac->req = req; + ac->found_anr = false; #if 0 printf("oldanr : %s\n", ldb_filter_from_tree (0, req->op.search.tree)); #endif - /* Yes, this is a problem with req->op.search.tree being const... */ - anr_tree = anr_replace_subtrees(req->op.search.tree, "anr", anr_replace_callback, context); - if (!anr_tree) { - talloc_free(context); + ret = anr_replace_subtrees(ac, req->op.search.tree, "anr", &anr_tree); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (context->found_anr) { - /* The above function modifies the tree if it finds "anr", so no - * point just setting this on the down_req */ -#if 0 - printf("newtree: %s\n", ldb_filter_from_tree (0, anr_tree)); -#endif - req->op.search.tree = talloc_steal(req, anr_tree); - } else { - if (anr_tree != req->op.search.tree) { - talloc_free(anr_tree); - } - talloc_free(context); + if (!ac->found_anr) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ldb_next_request(module, req); + + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + anr_tree, + req->op.search.attrs, + req->controls, + ac, anr_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_steal(down_req, anr_tree); + + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_anr_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 84bf5e4843..e40190e86f 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -95,7 +95,7 @@ static bool add_attrs(void *mem_ctx, char ***attrs, const char *attr) return true; } -static bool inject_extended_dn(struct ldb_message *msg, +static int inject_extended_dn(struct ldb_message *msg, struct ldb_context *ldb, int type, bool remove_guid, @@ -113,8 +113,9 @@ static bool inject_extended_dn(struct ldb_message *msg, guid_blob = ldb_msg_find_ldb_val(msg, "objectGUID"); sid_blob = ldb_msg_find_ldb_val(msg, "objectSID"); - if (!guid_blob) - return false; + if (!guid_blob) { + return LDB_ERR_OPERATIONS_ERROR; + } switch (type) { case 0: @@ -123,7 +124,7 @@ static bool inject_extended_dn(struct ldb_message *msg, const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); const char *lower_sid_hex = strlower_talloc(msg, data_blob_hex_string(msg, sid_blob)); if (!lower_guid_hex || !lower_sid_hex) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } new_dn = talloc_asprintf(msg, ";;%s", lower_guid_hex, @@ -132,7 +133,7 @@ static bool inject_extended_dn(struct ldb_message *msg, } else { const char *lower_guid_hex = strlower_talloc(msg, data_blob_hex_string(msg, guid_blob)); if (!lower_guid_hex) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } new_dn = talloc_asprintf(msg, ";%s", lower_guid_hex, @@ -151,8 +152,8 @@ static bool inject_extended_dn(struct ldb_message *msg, if (sid) { object_sid = dom_sid_string(msg, sid); if (!object_sid) - return false; - + return LDB_ERR_OPERATIONS_ERROR; + } /* Normal, sane format */ @@ -167,11 +168,11 @@ static bool inject_extended_dn(struct ldb_message *msg, } break; default: - return false; + return LDB_ERR_OPERATIONS_ERROR; } if (!new_dn) { - return false; + return LDB_ERR_OPERATIONS_ERROR; } if (remove_guid) { @@ -184,52 +185,70 @@ static bool inject_extended_dn(struct ldb_message *msg, msg->dn = ldb_dn_new(msg, ldb, new_dn); if (! ldb_dn_validate(msg->dn)) - return false; + return LDB_ERR_OPERATIONS_ERROR; val = ldb_msg_find_ldb_val(msg, "distinguishedName"); if (val) { ldb_msg_remove_attr(msg, "distinguishedName"); if (ldb_msg_add_steal_string(msg, "distinguishedName", new_dn)) - return false; + return LDB_ERR_OPERATIONS_ERROR; } - return true; + return LDB_SUCCESS; } /* search */ struct extended_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; - const char * const *attrs; bool remove_guid; bool remove_sid; int extended_type; }; -static int extended_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int extended_callback(struct ldb_request *req, struct ldb_reply *ares) { struct extended_context *ac; + int ret; - ac = talloc_get_type(context, struct extended_context); + ac = talloc_get_type(req->context, struct extended_context); - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: /* for each record returned post-process to add any derived attributes that have been asked for */ - if (!inject_extended_dn(ares->message, ldb, ac->extended_type, ac->remove_guid, ac->remove_sid)) { - goto error; + ret = inject_extended_dn(ares->message, ac->module->ldb, + ac->extended_type, ac->remove_guid, + ac->remove_sid); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - } - return ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_send_entry(ac->req, ares->message); -error: - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + + } + return LDB_SUCCESS; } + static int extended_search(struct ldb_module *module, struct ldb_request *req) { struct ldb_control *control; @@ -237,6 +256,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) struct ldb_control **saved_controls; struct extended_context *ac; struct ldb_request *down_req; + const char * const *cast_attrs = NULL; char **new_attrs; int ret; @@ -261,9 +281,7 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) } ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; - ac->attrs = req->op.search.attrs; + ac->req = req; ac->remove_guid = false; ac->remove_sid = false; if (extended_ctrl) { @@ -272,17 +290,6 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->extended_type = 0; } - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - /* check if attrs only is specified, in that case check wether we need to modify them */ if (req->op.search.attrs) { if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { @@ -292,26 +299,38 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->remove_sid = true; } if (ac->remove_guid || ac->remove_sid) { - new_attrs = copy_attrs(down_req, req->op.search.attrs); + new_attrs = copy_attrs(ac, req->op.search.attrs); if (new_attrs == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } if (ac->remove_guid) { - if (!add_attrs(down_req, &new_attrs, "objectGUID")) + if (!add_attrs(ac, &new_attrs, "objectGUID")) return LDB_ERR_OPERATIONS_ERROR; } if (ac->remove_sid) { - if (!add_attrs(down_req, &new_attrs, "objectSID")) + if (!add_attrs(ac, &new_attrs, "objectSID")) return LDB_ERR_OPERATIONS_ERROR; } - - down_req->op.search.attrs = (const char * const *)new_attrs; + cast_attrs = (const char * const *)new_attrs; + } else { + cast_attrs = req->op.search.attrs; } } - down_req->controls = req->controls; + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + cast_attrs, + req->controls, + ac, extended_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } /* save it locally and remove it from the list */ /* we do not need to replace them later as we @@ -320,45 +339,21 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - down_req->context = ac; - down_req->callback = extended_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; - } - - return ret; + return ldb_next_request(module, down_req); } static int extended_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_EXTENDED_DN_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_EXTENDED_DN_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "extended_dn: Unable to register control with rootdse!\n"); - talloc_free(req); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "extended_dn: Unable to register control with rootdse!\n"); return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(req); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c index fd5aa5e18a..492ef1c92b 100644 --- a/source4/dsdb/samdb/ldb_modules/instancetype.c +++ b/source4/dsdb/samdb/ldb_modules/instancetype.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 Copyright (C) Stefan Metzmacher 2007 @@ -41,11 +41,43 @@ #include "dsdb/samdb/samdb.h" #include "dsdb/common/flags.h" +struct it_context { + struct ldb_module *module; + struct ldb_request *req; +}; + +static int it_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct it_context *ac; + + ac = talloc_get_type(req->context, struct it_context); + + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(req->handle->ldb, "Invalid reply type!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* add_record: add instancetype attribute */ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) { struct ldb_request *down_req; struct ldb_message *msg; + struct it_context *ac; uint32_t instance_type; int ret; const struct ldb_control *partition_ctrl; @@ -70,18 +102,16 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) struct dsdb_control_current_partition); SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + ac = talloc(req, struct it_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -99,23 +129,21 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req) ret = ldb_msg_add_fmt(msg, "instanceType", "%u", instance_type); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, it_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_instancetype_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 6836f95873..24527c36c9 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -2,7 +2,7 @@ ldb database library Copyright (C) Andrew Bartlett 2005 - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -74,15 +74,14 @@ static const char *user_name(TALLOC_CTX *mem_ctx, struct ldb_module *module) struct kludge_acl_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); + struct ldb_request *req; enum security_user_level user_type; bool allowedAttributes; bool allowedAttributesEffective; bool allowedChildClasses; bool allowedChildClassesEffective; - const char **attrs; + const char * const *attrs; }; /* read all objectClasses */ @@ -191,6 +190,7 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * (comparison_fn_t)data_blob_cmp); for (i=1 ; i < allowedClasses->num_values; i++) { + struct ldb_val *val1 = &allowedClasses->values[i-1]; struct ldb_val *val2 = &allowedClasses->values[i]; if (data_blob_cmp(val1, val2) == 0) { @@ -207,80 +207,111 @@ static int kludge_acl_childClasses(struct ldb_context *ldb, struct ldb_message * /* find all attributes allowed by all these objectClasses */ -static int kludge_acl_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int kludge_acl_callback(struct ldb_request *req, struct ldb_reply *ares) { struct kludge_acl_context *ac; struct kludge_private_data *data; int i, ret; - ac = talloc_get_type(context, struct kludge_acl_context); + ac = talloc_get_type(req->context, struct kludge_acl_context); data = talloc_get_type(ac->module->private_data, struct kludge_private_data); - if (ares->type != LDB_REPLY_ENTRY) { - return ac->up_callback(ldb, ac->up_context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - if (ac->allowedAttributes) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributes"); - if (ret != LDB_SUCCESS) { - return ret; - + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->allowedAttributes) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, + ares->message, + "allowedAttributes"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClasses) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClasses"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClasses) { + ret = kludge_acl_childClasses(ac->module->ldb, + ares->message, + "allowedChildClasses"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (data && data->password_attrs) /* if we are not initialized just get through */ - { - switch (ac->user_type) { - case SECURITY_SYSTEM: - if (ac->allowedAttributesEffective) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (data && data->password_attrs) /* if we are not initialized just get through */ + { + switch (ac->user_type) { + case SECURITY_SYSTEM: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message, + "allowedClassesAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClassesEffective) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ac->module->ldb, ares->message, + "allowedClassesChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - break; - case SECURITY_ADMINISTRATOR: - if (ac->allowedAttributesEffective) { - ret = kludge_acl_allowedAttributes(ldb, ares->message, "allowedAttributesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + break; + + case SECURITY_ADMINISTRATOR: + if (ac->allowedAttributesEffective) { + ret = kludge_acl_allowedAttributes(ac->module->ldb, ares->message, + "allowedClassesAttributesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } - } - if (ac->allowedChildClassesEffective) { - ret = kludge_acl_childClasses(ldb, ares->message, "allowedChildClassesEffective"); - if (ret != LDB_SUCCESS) { - return ret; + if (ac->allowedChildClassesEffective) { + ret = kludge_acl_childClasses(ac->module->ldb, ares->message, + "allowedClassesChildClassesEffective"); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + /* fall through */ + default: + /* remove password attributes */ + for (i = 0; data->password_attrs[i]; i++) { + ldb_msg_remove_attr(ares->message, data->password_attrs[i]); } } - /* fall though */ - default: - /* remove password attributes */ - for (i = 0; data->password_attrs[i]; i++) { - ldb_msg_remove_attr(ares->message, data->password_attrs[i]); + } + + if (ac->allowedAttributes || + ac->allowedAttributesEffective || + ac->allowedChildClasses || + ac->allowedChildClassesEffective) { + + if (!ldb_attr_in_list(ac->attrs, "objectClass") && + !ldb_attr_in_list(ac->attrs, "*")) { + + ldb_msg_remove_attr(ares->message, + "objectClass"); } } - } - if ((ac->allowedAttributes || ac->allowedAttributesEffective - || ac->allowedChildClasses || ac->allowedChildClassesEffective) && - (!ldb_attr_in_list(ac->attrs, "objectClass") && - !ldb_attr_in_list(ac->attrs, "*"))) { - ldb_msg_remove_attr(ares->message, "objectClass"); - } + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ac->req, ares->referral); - return ac->up_callback(ldb, ac->up_context, ares); + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + + } + return LDB_SUCCESS; } static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) @@ -288,10 +319,9 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) struct kludge_acl_context *ac; struct ldb_request *down_req; struct kludge_private_data *data; + const char * const *attrs; int ret, i; - req->handle = NULL; - ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { ldb_oom(module->ldb); @@ -301,23 +331,10 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) data = talloc_get_type(module->private_data, struct kludge_private_data); ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; + ac->req = req; ac->user_type = what_is_user(module); ac->attrs = req->op.search.attrs; - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; - down_req->op.search.base = req->op.search.base; - down_req->op.search.scope = req->op.search.scope; - down_req->op.search.tree = req->op.search.tree; - down_req->op.search.attrs = req->op.search.attrs; - ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes"); ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective"); @@ -327,12 +344,11 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) ac->allowedChildClassesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedChildClassesEffective"); if (ac->allowedAttributes || ac->allowedAttributesEffective || ac->allowedChildClasses || ac->allowedChildClassesEffective) { - down_req->op.search.attrs - = ldb_attr_list_copy_add(down_req, down_req->op.search.attrs, "objectClass"); + attrs = ldb_attr_list_copy_add(ac, req->op.search.attrs, "objectClass"); + } else { + attrs = req->op.search.attrs; } - /* FIXME: I hink we should copy the tree and keep the original - * unmodified. SSS */ /* replace any attributes in the parse tree that are private, so we don't allow a search for 'userPassword=penguin', just as we would not allow that attribute to be returned */ @@ -340,30 +356,34 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) case SECURITY_SYSTEM: break; default: + /* FIXME: We should copy the tree and keep the original unmodified. */ /* remove password attributes */ - for (i = 0; data && data->password_attrs && data->password_attrs[i]; i++) { - ldb_parse_tree_attr_replace(down_req->op.search.tree, + + if (!data || !data->password_attrs) { + break; + } + for (i = 0; data->password_attrs[i]; i++) { + ldb_parse_tree_attr_replace(req->op.search.tree, data->password_attrs[i], "kludgeACLredactedattribute"); } } - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = kludge_acl_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, + module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + attrs, + req->controls, + ac, kludge_acl_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } /* ANY change type */ diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index e64472432d..3b389afffb 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -2,6 +2,7 @@ ldb database library Copyright (C) Andrew Bartlett 2007 + Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -33,234 +34,176 @@ #include "ldb/include/ldb_private.h" #include "dsdb/samdb/samdb.h" -struct linked_attributes_context { - enum la_step {LA_SEARCH, LA_DO_OPS, LA_DO_ORIG} step; - struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request *search_req; - struct ldb_request **down_req; - struct ldb_request *orig_down_req; - - int num_requests; - int finished_requests; - - const char **linked_attrs; +struct la_op_store { + struct la_op_store *next; + enum la_op {LA_OP_ADD, LA_OP_DEL} op; + struct ldb_dn *dn; + char *name; + char *value; }; struct replace_context { - struct linked_attributes_context *ac; + struct la_context *ac; + unsigned int num_elements; struct ldb_message_element *el; }; -static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares); - -static struct linked_attributes_context *linked_attributes_init_handle(struct ldb_request *req, - struct ldb_module *module) -{ - struct linked_attributes_context *ac; - struct ldb_handle *h; +struct la_context { + const struct dsdb_schema *schema; + struct ldb_module *module; + struct ldb_request *req; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } + struct replace_context *rc; + struct la_op_store *ops; + struct la_op_store *cur; +}; - h->module = module; +static struct la_context *linked_attributes_init(struct ldb_module *module, + struct ldb_request *req) +{ + struct la_context *ac; - ac = talloc_zero(h, struct linked_attributes_context); + ac = talloc_zero(req, struct la_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = ac; - + ac->schema = dsdb_get_schema(module->ldb); ac->module = module; - ac->handle = h; - ac->orig_req = req; - - ac->orig_down_req = talloc(ac, struct ldb_request); - if (!ac->orig_down_req) { - ldb_oom(ac->module->ldb); - return NULL; - } - - *ac->orig_down_req = *req; - - req->handle = h; + ac->req = req; return ac; } /* Common routine to handle reading the attributes and creating a * series of modify requests */ - -static int setup_modifies(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct linked_attributes_context *ac, - const struct ldb_message *msg, - struct ldb_dn *olddn, struct ldb_dn *newdn) +static int la_store_op(struct la_context *ac, + enum la_op op, char *dn, + const char *name, const char *value) { - int i, j, ret = LDB_SUCCESS; - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - /* Look up each of the returned attributes */ - /* Find their schema */ - /* And it is an actual entry: now create a series of modify requests */ - for (i=0; i < msg->num_elements; i++) { - int otherid; - const struct dsdb_attribute *target_attr; - const struct ldb_message_element *el = &msg->elements[i]; - const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); - if (!schema_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s is not a valid attribute in schema", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - /* We have a valid attribute, but if it's not linked they maybe we just got an extra return on our search... */ - if (schema_attr->linkID == 0) { - continue; - } - - /* Depending on which direction this link is in, we need to find it's partner */ - if ((schema_attr->linkID & 1) == 1) { - otherid = schema_attr->linkID - 1; - } else { - otherid = schema_attr->linkID + 1; - } - - /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, otherid); - if (!target_attr) { - ldb_asprintf_errstring(ldb, - "attribute %s does not have valid link target", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; - } - - /* For each value being moded, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - struct ldb_message_element *ret_el; - struct ldb_request *new_req; - struct ldb_message *new_msg; - - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + struct la_op_store *os, *tmp; + struct ldb_dn *op_dn; - /* Create the modify request */ - new_msg = ldb_msg_new(ac->down_req); - if (!new_msg) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_from_ldb_val(new_msg, ldb, &el->values[j]); - if (!new_msg->dn) { - ldb_asprintf_errstring(ldb, - "attribute %s value %s was not a valid DN", msg->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } - - if (olddn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_DELETE, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(olddn)); - ret_el->num_values = 1; - } - - if (newdn) { - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - LDB_FLAG_MOD_ADD, &ret_el); - if (ret != LDB_SUCCESS) { - return ret; - } - ret_el->values = talloc_array(new_msg, struct ldb_val, 1); - if (!ret_el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + op_dn = ldb_dn_new(ac, ac->module->ldb, dn); + if (!op_dn) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* optimize out del - add operations that would end up + * with no changes */ + if (ac->ops && op == LA_OP_DEL) { + /* do a linear search to find out if there is + * an equivalent add */ + os = ac->ops; + while (os->next) { + + tmp = os->next; + if (tmp->op == LA_OP_ADD) { + + if ((strcmp(name, tmp->name) == 0) && + (strcmp(value, tmp->value) == 0) && + (ldb_dn_compare(op_dn, tmp->dn) == 0)) { + + break; } - ret_el->values[0] = data_blob_string_const(ldb_dn_get_linearized(newdn)); - ret_el->num_values = 1; } + os = os->next; + } + if (os->next) { + /* pair found, remove it and return */ + os->next = tmp->next; + talloc_free(tmp); + talloc_free(op_dn); + return LDB_SUCCESS; + } + } - ret = ldb_build_mod_req(&new_req, ldb, ac->down_req, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ldb_set_timeout_from_prev_req(ldb, ac->orig_req, new_req); - - ac->down_req[ac->num_requests] = new_req; - ac->num_requests++; - - - /* Run the new request */ - ret = ldb_next_request(ac->module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } + os = talloc_zero(ac, struct la_op_store); + if (!os) { + return LDB_ERR_OPERATIONS_ERROR; + } + + os->op = op; + + os->dn = talloc_steal(os, op_dn); + if (!os->dn) { + return LDB_ERR_OPERATIONS_ERROR; + } + + os->name = talloc_strdup(os, name); + if (!os->name) { + return LDB_ERR_OPERATIONS_ERROR; + } + + if ((op != LA_OP_DEL) && (value == NULL)) { + return LDB_ERR_OPERATIONS_ERROR; + } + if (value) { + os->value = talloc_strdup(os, value); + if (!os->value) { + return LDB_ERR_OPERATIONS_ERROR; } } - return ret; + + if (ac->ops) { + ac->cur->next = os; + } else { + ac->ops = os; + } + ac->cur = os; + + return LDB_SUCCESS; } +static int la_op_search_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int la_do_mod_request(struct la_context *ac); +static int la_mod_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int la_down_req(struct la_context *ac); +static int la_down_callback(struct ldb_request *req, + struct ldb_reply *ares); + + + /* add */ static int linked_attributes_add(struct ldb_module *module, struct ldb_request *req) { - int i; - struct linked_attributes_context *ac; - - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } + const struct dsdb_attribute *target_attr; + struct la_context *ac; + const char *attr_name; + const char *attr_val; + int ret; + int i, j; if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - - ac = linked_attributes_init_handle(req, module); + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - ac->step = LA_DO_OPS; - + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + talloc_free(ac); + return ldb_next_request(module, req); + } + /* Need to ensure we only have forward links being specified */ for (i=0; i < req->op.add.message->num_elements; i++) { const struct ldb_message_element *el = &req->op.add.message->elements[i]; const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); if (!schema_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s is not a valid attribute in schema", req->op.add.message->elements[i].name); + "attribute %s is not a valid attribute in schema", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* We have a valid attribute, not find out if it is linked */ + /* We have a valid attribute, now find out if it is linked */ if (schema_attr->linkID == 0) { continue; } @@ -268,160 +211,134 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * if ((schema_attr->linkID & 1) == 1) { /* Odd is for the target. Illigal to modify */ ldb_asprintf_errstring(module->ldb, - "attribute %s must not be modified directly, it is a linked attribute", req->op.add.message->elements[i].name); + "attribute %s must not be modified directly, it is a linked attribute", el->name); return LDB_ERR_UNWILLING_TO_PERFORM; } /* Even link IDs are for the originating attribute */ + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + attr_val = ldb_dn_get_linearized(ac->req->op.add.message->dn); + + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } + } } - /* Now call the common routine to setup the modifies across all the attributes */ - return setup_modifies(module->ldb, ac, ac, req->op.add.message, NULL, req->op.add.message->dn); -} - -struct merge { - struct ldb_dn *dn; - bool add; - bool ignore; -}; - -static int merge_cmp(struct merge *merge1, struct merge *merge2) { - int ret; - ret = ldb_dn_compare(merge1->dn, merge2->dn); - if (ret == 0) { - if (merge1->add == merge2->add) { - return 0; - } - if (merge1->add == true) { - return 1; - } - return -1; + /* if no linked attributes are present continue */ + if (ac->ops == NULL) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ret; + + /* start with the first one */ + return la_do_mod_request(ac); } -static int linked_attributes_mod_replace_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replace_context *ac2 = talloc_get_type(context, struct replace_context); - struct linked_attributes_context *ac = ac2->ac; - - /* OK, we have one search result here: */ + const struct dsdb_attribute *schema_attr; + const struct dsdb_attribute *target_attr; + struct ldb_message_element *search_el; + struct replace_context *rc; + struct la_context *ac; + const char *attr_name; + const char *dn; + int i, j; + int ret = LDB_SUCCESS; - /* Only entries are interesting, and we only want the olddn */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.mod.message->dn) == 0) { - /* only bother at all if there were some linked attributes found */ - struct ldb_message_element *search_el - = ldb_msg_find_element(ares->message, - ac2->el->name); - - /* See if this element already exists */ - if (search_el) { + ac = talloc_get_type(req->context, struct la_context); + rc = ac->rc; - struct merge *merged_list = NULL; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - int ret, size = 0, i; - struct ldb_message *msg = ldb_msg_new(ac); - if (!msg) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, ac->req->op.mod.message->dn) != 0) { + /* Guh? We only asked for this DN */ + ldb_oom(ac->module->ldb); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - /* Add all the existing elements, marking as 'proposed for delete' by setting .add = false */ - for (i=0; i < search_el->num_values; i++) { - merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &search_el->values[i]); - merged_list[size].add = false; - merged_list[size].ignore = false; - size++; - } + dn = ldb_dn_get_linearized(ac->req->op.add.message->dn); - /* Add all the new replacement elements, marking as 'proposed for add' by setting .add = true */ - for (i=0; i < ac2->el->num_values; i++) { - merged_list = talloc_realloc(ares, merged_list, struct merge, size + 1); - merged_list[size].dn = ldb_dn_from_ldb_val(merged_list, ldb, &ac2->el->values[i]); - merged_list[size].add = true; - merged_list[size].ignore = false; - size++; - } + for (i = 0; i < rc->num_elements; i++) { - /* Sort the list, so we can pick out an add and delete for the same DN, and eliminate them */ - qsort(merged_list, size, - sizeof(*merged_list), - (comparison_fn_t)merge_cmp); - - /* Now things are sorted, it is trivial to mark pairs of DNs as 'ignore' */ - for (i=0; i + 1 < size; i++) { - if (ldb_dn_compare(merged_list[i].dn, - merged_list[i+1].dn) == 0 - /* Fortunetly the sort also sorts 'add == false' first */ - && merged_list[i].add == false - && merged_list[i+1].add == true) { - - /* Mark as ignore, so we include neither in the actual operations */ - merged_list[i].ignore = true; - merged_list[i+1].ignore = true; - } + schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, rc->el[i].name); + if (!schema_attr) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute %s is not a valid attribute in schema", + rc->el[i].name); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); } - /* Arrange to delete anything the search found that we don't re-add */ - for (i=0; i < size; i++) { - if (merged_list[i].ignore == false - && merged_list[i].add == false) { - ldb_msg_add_steal_string(msg, search_el->name, - ldb_dn_get_linearized(merged_list[i].dn)); - } - } + search_el = ldb_msg_find_element(ares->message, + rc->el[i].name); - /* The DN to set on the linked attributes is the original DN of the modify message */ - msg->dn = ac->orig_req->op.mod.message->dn; - - ret = setup_modifies(ac->module->ldb, ac2, ac, msg, ares->message->dn, NULL); - if (ret != LDB_SUCCESS) { - return ret; + /* See if this element already exists */ + /* otherwise just ignore as + * the add has already been scheduled */ + if ( ! search_el) { + continue; } - /* Now add links for all the actually new elements */ - for (i=0; i < size; i++) { - if (merged_list[i].ignore == false && merged_list[i].add == true) { - ldb_msg_add_steal_string(msg, search_el->name, - ldb_dn_get_linearized(merged_list[i].dn)); + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + + /* make sure we manage each value */ + for (j = 0; j < search_el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)search_el->values[j].data, + attr_name, dn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); } } + } - ret = setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ares->message->dn); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_free(merged_list); + break; - } else { - /* Looks like it doesn't exist, process like an 'add' */ - struct ldb_message *msg = ldb_msg_new(ac); - if (!msg) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - msg->num_elements = 1; - msg->elements = ac2->el; - msg->dn = ac->orig_req->op.mod.message->dn; + case LDB_REPLY_REFERRAL: + /* ignore */ + break; - return setup_modifies(ac->module->ldb, ac2, ac, msg, NULL, ac->orig_req->op.mod.message->dn); - } - talloc_free(ares); - return LDB_SUCCESS; - } else if (ares->type == LDB_REPLY_ENTRY) { - /* Guh? We only asked for this DN */ - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_DONE: - } else { talloc_free(ares); + + /* All mods set up, start with the first one */ + ret = la_do_mod_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } return LDB_SUCCESS; } - - + + talloc_free(ares); + return ret; } + + /* modify */ static int linked_attributes_modify(struct ldb_module *module, struct ldb_request *req) { @@ -431,523 +348,545 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques /* Apply the modify to the linked entry */ int i, j; - struct linked_attributes_context *ac; - - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } + struct la_context *ac; + struct ldb_request *search_req; + int ret; if (ldb_dn_is_special(req->op.mod.message->dn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - - ac = linked_attributes_init_handle(req, module); + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - /* prepare the first operation */ - ac->step = LA_DO_OPS; + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + ac->rc = NULL; for (i=0; i < req->op.mod.message->num_elements; i++) { - int ret; - struct ldb_request *new_req; + bool store_el = false; + const char *attr_name; + const char *attr_val; const struct dsdb_attribute *target_attr; const struct ldb_message_element *el = &req->op.mod.message->elements[i]; const struct dsdb_attribute *schema_attr - = dsdb_attribute_by_lDAPDisplayName(schema, el->name); + = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); if (!schema_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s is not a valid attribute in schema", req->op.mod.message->elements[i].name); + "attribute %s is not a valid attribute in schema", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* We have a valid attribute, not find out if it is linked */ + /* We have a valid attribute, now find out if it is linked */ if (schema_attr->linkID == 0) { continue; } if ((schema_attr->linkID & 1) == 1) { - /* Odd is for the target. Illigal to modify */ + /* Odd is for the target. Illegal to modify */ ldb_asprintf_errstring(module->ldb, - "attribute %s must not be modified directly, it is a linked attribute", req->op.mod.message->elements[i].name); + "attribute %s must not be modified directly, it is a linked attribute", el->name); return LDB_ERR_UNWILLING_TO_PERFORM; } /* Even link IDs are for the originating attribute */ /* Now find the target attribute */ - target_attr = dsdb_attribute_by_linkID(schema, schema_attr->linkID + 1); + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); if (!target_attr) { ldb_asprintf_errstring(module->ldb, - "attribute %s does not have valid link target", req->op.mod.message->elements[i].name); + "attribute %s does not have valid link target", el->name); return LDB_ERR_OBJECT_CLASS_VIOLATION; } - /* Replace with new set of values */ - if (((el->flags & LDB_FLAG_MOD_MASK) == LDB_FLAG_MOD_REPLACE) - && el->num_values > 0) { - struct replace_context *ac2 = talloc(ac, struct replace_context); - const char **attrs = talloc_array(ac, const char *, 2); - if (!attrs || !ac2) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - attrs[0] = el->name; - attrs[1] = NULL; - - ac2->ac = ac; - ac2->el = el; - - /* We need to setup a search, compare with the list, and then setup add/del as required */ - - /* The callback does all the hard work here */ - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.mod.message->dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac2, - linked_attributes_mod_replace_search_callback); - - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } + attr_name = target_attr->lDAPDisplayName; + attr_val = ldb_dn_get_linearized(ac->req->op.mod.message->dn); - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + switch (el->flags & LDB_FLAG_MOD_MASK) { + case LDB_FLAG_MOD_REPLACE: + /* treat as just a normal add the delete part is handled by the callback */ + store_el = true; - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; + /* break intentionally missing */ - ret = ldb_next_request(module, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - continue; + case LDB_FLAG_MOD_ADD: - /* Delete all values case */ - } else if (((el->flags & LDB_FLAG_MOD_MASK) & (LDB_FLAG_MOD_DELETE|LDB_FLAG_MOD_REPLACE)) - && el->num_values == 0) { - const char **attrs = talloc_array(ac, const char *, 2); - if (!attrs) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + /* For each value being added, we need to setup the adds */ + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } } - attrs[0] = el->name; - attrs[1] = NULL; - - /* We need to setup a search, and then setup del as required */ - - /* The callback does all the hard work here, acting identically to if we had delted the whole entry */ - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.mod.message->dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + break; - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } + case LDB_FLAG_MOD_DELETE: - /* Create a spot in the list for the requests */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (el->num_values) { + /* For each value being deleted, we need to setup the delete */ + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)el->values[j].data, + attr_name, attr_val); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } else { + store_el = true; } - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; - - ret = ldb_next_request(module, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - continue; + break; } - /* Prepare the modify (mod element) on the targets, for a normal modify request */ - - /* For each value being moded, we need to setup the modify */ - for (j=0; j < el->num_values; j++) { - /* Create the modify request */ - struct ldb_message *new_msg = ldb_msg_new(ac); - if (!new_msg) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_msg->dn = ldb_dn_from_ldb_val(new_msg, module->ldb, &el->values[j]); - if (!new_msg->dn) { - ldb_asprintf_errstring(module->ldb, - "attribute %s value %s was not a valid DN", req->op.mod.message->elements[i].name, - el->values[j].data); - return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX; - } + if (store_el) { + struct ldb_message_element *search_el; - ret = ldb_msg_add_empty(new_msg, target_attr->lDAPDisplayName, - el->flags & LDB_FLAG_MOD_MASK, NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_msg_add_string(new_msg, target_attr->lDAPDisplayName, - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); - if (ret != LDB_SUCCESS) { - return ret; + if (!ac->rc) { + ac->rc = talloc_zero(ac, struct replace_context); + if (!ac->rc) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } } - ret = ldb_build_mod_req(&new_req, module->ldb, ac, - new_msg, - NULL, - NULL, - NULL); - if (ret != LDB_SUCCESS) { - return ret; - } - - talloc_steal(new_req, new_msg); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - /* Now add it to the list */ - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); + search_el = talloc_realloc(ac->rc, ac->rc->el, + struct ldb_message_element, + ac->rc->num_elements +1); + if (!search_el) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ac->down_req[ac->num_requests] = talloc_steal(ac->down_req, new_req); - ac->num_requests++; + ac->rc->el = search_el; - /* Run the new request */ - ret = ldb_next_request(module, new_req); - if (ret != LDB_SUCCESS) { - return ret; - } + ac->rc->el[ac->rc->num_elements] = *el; + ac->rc->num_elements++; } } - return LDB_SUCCESS; -} -static int linked_attributes_rename_del_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct linked_attributes_context *ac = talloc_get_type(context, struct linked_attributes_context); - struct ldb_dn *olddn, *newdn; - - switch (ac->orig_req->operation) { - case LDB_DELETE: - { - olddn = ac->orig_req->op.del.dn; - newdn = NULL; - break; - } - /* This isn't the general modify case, just the modify when we are asked to delete all values */ - case LDB_MODIFY: - { - olddn = ac->orig_req->op.mod.message->dn; - newdn = NULL; - break; - } - case LDB_RENAME: - { - olddn = ac->orig_req->op.rename.olddn; - newdn = ac->orig_req->op.rename.newdn; - break; - } - default: - return LDB_ERR_OPERATIONS_ERROR; - } - + /* both replace and delete without values are handled in the callback + * after the search on the entry to be modified is performed */ + if (ac->rc) { + const char **attrs; + + attrs = talloc_array(ac->rc, const char *, ac->rc->num_elements +1); + if (!attrs) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + for (i = 0; i < ac->rc->num_elements; i++) { + attrs[i] = ac->rc->el[i].name; + } + attrs[i] = NULL; - /* OK, we have one search result here: */ + /* The callback does all the hard work here */ + ret = ldb_build_search_req(&search_req, module->ldb, ac, + req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectClass=*)", attrs, + NULL, + ac, la_mod_search_callback, + req); - /* Only entries are interesting, and we only want the olddn */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, olddn) == 0) { - /* only bother at all if there were some linked attributes found */ - if (ares->message->num_elements > 0) { - return setup_modifies(ldb, ac, ac, - ares->message, olddn, newdn); + if (ret == LDB_SUCCESS) { + talloc_steal(search_req, attrs); + + ret = ldb_next_request(module, search_req); } - talloc_free(ares); - return LDB_SUCCESS; - } else if (ares->type == LDB_REPLY_ENTRY) { - /* Guh? We only asked for this DN */ - return LDB_ERR_OPERATIONS_ERROR; } else { - talloc_free(ares); - return LDB_SUCCESS; + if (ac->ops) { + /* start the mod requests chain */ + ret = la_do_mod_request(ac); + } else { + /* nothing to do for this module, proceed */ + talloc_free(ac); + ret = ldb_next_request(module, req); + } } - - + + return ret; } -/* rename */ -static int linked_attributes_rename(struct ldb_module *module, struct ldb_request *req) + +/* delete, rename */ +static int linked_attributes_op(struct ldb_module *module, struct ldb_request *req) { - /* Look up list of linked attributes */ + struct ldb_request *search_req; + struct ldb_dn *base_dn; + struct la_context *ac; const char **attrs; WERROR werr; int ret; - struct linked_attributes_context *ac; - struct ldb_request *new_req; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } /* This gets complex: We need to: - - Do a search for the entry + - Do a search for the entry - Wait for these result to appear - - In the callback for the result, issue a modify request based on the linked attributes found + - In the callback for the result, issue a modify + request based on the linked attributes found - Wait for each modify result - - Regain our sainity + - Regain our sainity */ - ac = linked_attributes_init_handle(req, module); + switch (req->operation) { + case LDB_RENAME: + base_dn = req->op.rename.olddn; + break; + case LDB_DELETE: + base_dn = req->op.del.dn; + break; + default: + return LDB_ERR_OPERATIONS_ERROR; + } + + ac = linked_attributes_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - - werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); + + if (!ac->schema) { + /* without schema, this doesn't make any sense */ + return ldb_next_request(module, req); + } + + werr = dsdb_linked_attribute_lDAPDisplayName_list(ac->schema, ac, &attrs); if (!W_ERROR_IS_OK(werr)) { return LDB_ERR_OPERATIONS_ERROR; } - - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.rename.olddn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + + ret = ldb_build_search_req(&search_req, module->ldb, req, + base_dn, LDB_SCOPE_BASE, + "(objectClass=*)", attrs, + NULL, + ac, la_op_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(new_req, attrs); + talloc_steal(search_req, attrs); + + return ldb_next_request(module, search_req); +} - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); +static int la_op_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct la_context *ac; + const struct dsdb_attribute *schema_attr; + const struct dsdb_attribute *target_attr; + const struct ldb_message_element *el; + const char *attr_name; + const char *deldn; + const char *adddn; + int i, j; + int ret; - if (ret != LDB_SUCCESS) { - return ret; + ac = talloc_get_type(req->context, struct la_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + ret = ldb_dn_compare(ares->message->dn, req->op.search.base); + if (ret != 0) { + /* Guh? We only asked for this DN */ + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->message->num_elements == 0) { + /* only bother at all if there were some + * linked attributes found */ + talloc_free(ares); + return LDB_SUCCESS; + } + + switch (ac->req->operation) { + case LDB_DELETE: + deldn = ldb_dn_get_linearized(ac->req->op.del.dn); + adddn = NULL; + break; + case LDB_RENAME: + deldn = ldb_dn_get_linearized(ac->req->op.rename.olddn); + adddn = ldb_dn_get_linearized(ac->req->op.rename.newdn); + break; + default: + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + for (i = 0; i < ares->message->num_elements; i++) { + el = &ares->message->elements[i]; + + schema_attr = dsdb_attribute_by_lDAPDisplayName(ac->schema, el->name); + if (!schema_attr) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute %s is not a valid attribute" + " in schema", el->name); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + /* Valid attribute, now find out if it is linked */ + if (schema_attr->linkID == 0) { + /* Not a linked attribute, skip */ + continue; + } + + if ((schema_attr->linkID & 1) == 0) { + /* Odd is for the target. */ + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + attr_name = target_attr->lDAPDisplayName; + } else { + target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID - 1); + attr_name = target_attr->lDAPDisplayName; + } + for (j = 0; j < el->num_values; j++) { + ret = la_store_op(ac, LA_OP_DEL, + (char *)el->values[j].data, + attr_name, deldn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + if (!adddn) continue; + ret = la_store_op(ac, LA_OP_ADD, + (char *)el->values[j].data, + attr_name, adddn); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } + } + + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + + talloc_free(ares); + + if (ac->ops) { + /* start the mod requests chain */ + ret = la_do_mod_request(ac); + } else { + ret = la_down_req(ac); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } - ac->search_req = new_req; - ac->step = LA_SEARCH; - return ldb_next_request(module, new_req); + talloc_free(ares); + return LDB_SUCCESS; } -/* delete */ -static int linked_attributes_delete(struct ldb_module *module, struct ldb_request *req) +/* do a linked attributes modify request */ +static int la_do_mod_request(struct la_context *ac) { - /* Look up list of linked attributes */ - const char **attrs; - WERROR werr; + struct ldb_message_element *ret_el; + struct ldb_request *mod_req; + struct ldb_message *new_msg; + struct ldb_context *ldb; int ret; - struct ldb_request *new_req; - struct linked_attributes_context *ac; - const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); - if (!schema) { - /* without schema, this doesn't make any sense */ - return ldb_next_request(module, req); - } - /* This gets complex: We need to: - - Do a search for the entry - - Wait for these result to appear - - In the callback for the result, issue a modify request based on the linked attributes found - - Wait for each modify result - - Regain our sainity - */ + ldb = ac->module->ldb; - ac = linked_attributes_init_handle(req, module); - if (!ac) { + /* Create the modify request */ + new_msg = ldb_msg_new(ac); + if (!new_msg) { + ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } - - werr = dsdb_linked_attribute_lDAPDisplayName_list(schema, ac, &attrs); - if (!W_ERROR_IS_OK(werr)) { + new_msg->dn = ldb_dn_copy(new_msg, ac->ops->dn); + if (!new_msg->dn) { return LDB_ERR_OPERATIONS_ERROR; - }; - - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.del.dn, - LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, - NULL, - ac, - linked_attributes_rename_del_search_callback); + } + if (ac->ops->op == LA_OP_ADD) { + ret = ldb_msg_add_empty(new_msg, ac->ops->name, + LDB_FLAG_MOD_ADD, &ret_el); + } else { + ret = ldb_msg_add_empty(new_msg, ac->ops->name, + LDB_FLAG_MOD_DELETE, &ret_el); + } if (ret != LDB_SUCCESS) { return ret; } - - talloc_steal(new_req, attrs); - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - + ret_el->values = talloc_array(new_msg, struct ldb_val, 1); + if (!ret_el->values) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret_el->values[0] = data_blob_string_const(ac->ops->value); + ret_el->num_values = 1; + + /* use ac->ops as the mem_ctx so that the request will be freed + * in the callback as soon as completed */ + ret = ldb_build_mod_req(&mod_req, ldb, ac->ops, + new_msg, + NULL, + ac, la_mod_callback, + ac->req); if (ret != LDB_SUCCESS) { return ret; } + talloc_steal(mod_req, new_msg); - ac->search_req = new_req; - ac->step = LA_SEARCH; - return ldb_next_request(module, new_req); + /* Run the new request */ + return ldb_next_request(ac->module, mod_req); } +static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct la_context *ac; + struct la_op_store *os; + int ret; -static int linked_attributes_wait_none(struct ldb_handle *handle) { - struct linked_attributes_context *ac; - int i, ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } + ac = talloc_get_type(req->context, struct la_context); - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct linked_attributes_context); - - switch (ac->step) { - case LA_SEARCH: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - ac->step = LA_DO_OPS; - return LDB_SUCCESS; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - case LA_DO_OPS: - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } + talloc_free(ares); - /* Now run the original request */ - ac->step = LA_DO_ORIG; - return ldb_next_request(ac->module, ac->orig_down_req); + if (ac->ops) { + os = ac->ops; + ac->ops = os->next; - case LA_DO_ORIG: - ret = ldb_wait(ac->orig_down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->orig_down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->orig_down_req->handle->status; - goto done; - } - - if (ac->orig_down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - ret = LDB_SUCCESS; + /* this frees the request too + * DO NOT access 'req' after this point */ + talloc_free(os); } -done: - handle->state = LDB_ASYNC_DONE; - return ret; + /* as last op run the original request */ + if (ac->ops) { + ret = la_do_mod_request(ac); + } else { + ret = la_down_req(ac); + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int linked_attributes_wait_all(struct ldb_handle *handle) { - +static int la_down_req(struct la_context *ac) +{ + struct ldb_request *down_req; int ret; - while (handle->state != LDB_ASYNC_DONE) { - ret = linked_attributes_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + switch (ac->req->operation) { + case LDB_ADD: + ret = ldb_build_add_req(&down_req, ac->module->ldb, ac, + ac->req->op.add.message, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_MODIFY: + ret = ldb_build_mod_req(&down_req, ac->module->ldb, ac, + ac->req->op.mod.message, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_DELETE: + ret = ldb_build_del_req(&down_req, ac->module->ldb, ac, + ac->req->op.del.dn, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + case LDB_RENAME: + ret = ldb_build_rename_req(&down_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, la_down_callback, + ac->req); + break; + default: + ret = LDB_ERR_OPERATIONS_ERROR; + } + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; + return ldb_next_request(ac->module, down_req); } -static int linked_attributes_wait(struct ldb_handle *handle, enum ldb_wait_type type) +static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares) { - if (type == LDB_WAIT_ALL) { - return linked_attributes_wait_all(handle); - } else { - return linked_attributes_wait_none(handle); + struct la_context *ac; + + ac = talloc_get_type(req->context, struct la_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } _PUBLIC_ const struct ldb_module_ops ldb_linked_attributes_module_ops = { .name = "linked_attributes", .add = linked_attributes_add, .modify = linked_attributes_modify, - .del = linked_attributes_delete, - .rename = linked_attributes_rename, - .wait = linked_attributes_wait, + .del = linked_attributes_op, + .rename = linked_attributes_op, }; diff --git a/source4/dsdb/samdb/ldb_modules/local_password.c b/source4/dsdb/samdb/ldb_modules/local_password.c index a411c01513..622e444166 100644 --- a/source4/dsdb/samdb/ldb_modules/local_password.c +++ b/source4/dsdb/samdb/ldb_modules/local_password.c @@ -1,7 +1,7 @@ /* ldb database module - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 @@ -44,7 +44,7 @@ This allows the password database to be syncronised in a multi-master fashion, seperate to the more difficult concerns of the main database. (With passwords, the last writer always wins) - + Each incoming add/modify is split into a remote, and a local request, done in that order. We maintain a list of attributes that are kept locally: @@ -62,73 +62,89 @@ static const char * const password_attrs[] = { /* And we merge them back into search requests when asked to do so */ -struct lpdb_context { +struct lpdb_reply { + struct lpdb_reply *next; + struct ldb_reply *remote; + struct ldb_dn *local_dn; +}; - enum lpdb_type {LPDB_ADD, LPDB_MOD, LPDB_SEARCH} type; - enum lpdb_step {LPDB_ADD_REMOTE, LPDB_MOD_REMOTE, LPDB_MOD_SEARCH_SELF, LPDB_LOCAL, LPDB_SEARCH_REMOTE} step; +struct lpdb_context { struct ldb_module *module; - struct ldb_request *orig_req; - struct ldb_request *remote_req; - struct ldb_request *search_req; - struct ldb_request *local_req; + struct ldb_request *req; struct ldb_message *local_message; + struct lpdb_reply *list; + struct lpdb_reply *current; + struct ldb_reply *remote_done; + struct ldb_reply *remote; + bool added_objectGUID; bool added_objectClass; - struct ldb_reply *search_res; -}; - -struct lpdb_local_search_context { - struct lpdb_context *ac; - struct ldb_reply *remote_res; - struct ldb_reply *local_res; }; -static struct ldb_handle *lpdb_init_handle(struct ldb_request *req, struct ldb_module *module, enum lpdb_type type) +static struct lpdb_context *lpdb_init_context(struct ldb_module *module, + struct ldb_request *req) { struct lpdb_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { + ac = talloc_zero(req, struct lpdb_context); + if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); return NULL; } - h->module = module; + ac->module = module; + ac->req = req; - ac = talloc_zero(h, struct lpdb_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; - } + return ac; +} - h->private_data = (void *)ac; +static int lpdb_local_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct lpdb_context *ac; - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + ac = talloc_get_type(req->context, struct lpdb_context); - ac->type = type; - ac->module = module; - ac->orig_req = req; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return h; + talloc_free(ares); + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); } -/* Add a record, splitting password attributes from the user's main - * record */ +/***************************************************************************** + * ADD + ****************************************************************************/ + +static int lpdb_add_callback(struct ldb_request *req, + struct ldb_reply *ares); static int local_password_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; - struct lpdb_context *ac; struct ldb_message *remote_message; - struct ldb_message *local_message; + struct ldb_request *remote_req; + struct lpdb_context *ac; struct GUID objectGUID; + int ret; int i; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_add\n"); @@ -163,22 +179,12 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req } /* From here, we assume we have password attributes to split off */ - h = lpdb_init_handle(req, module, LPDB_ADD); - if (!h) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_context); - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->remote_req) = *(ac->orig_req); - - remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.add.message); + remote_message = ldb_msg_copy_shallow(remote_req, req->op.add.message); if (remote_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -188,81 +194,113 @@ static int local_password_add(struct ldb_module *module, struct ldb_request *req ldb_msg_remove_attr(remote_message, password_attrs[i]); } - ac->remote_req->op.add.message = remote_message; - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } + /* Find the objectGUID to use as the key */ + objectGUID = samdb_result_guid(ac->req->op.add.message, "objectGUID"); - *(ac->local_req) = *(ac->orig_req); - local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.add.message); - if (local_message == NULL) { + ac->local_message = ldb_msg_copy_shallow(ac, req->op.add.message); + if (ac->local_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Remove anything seen in the remote message from the local * message (leaving only password attributes) */ - for (i=0;iremote_req->op.add.message->num_elements;i++) { - ldb_msg_remove_attr(local_message, ac->remote_req->op.add.message->elements[i].name); + for (i=0; i < remote_message->num_elements; i++) { + ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name); } /* We must have an objectGUID already, or we don't know where * to add the password. This may be changed to an 'add and * search', to allow the directory to create the objectGUID */ - if (ldb_msg_find_ldb_val(ac->orig_req->op.add.message, "objectGUID") == NULL) { - ldb_set_errstring(module->ldb, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); + if (ldb_msg_find_ldb_val(req->op.add.message, "objectGUID") == NULL) { + ldb_set_errstring(module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "onfigured below objectGUID module!\n"); return LDB_ERR_CONSTRAINT_VIOLATION; } - /* Find the objectGUID to use as the key */ - objectGUID = samdb_result_guid(ac->orig_req->op.add.message, "objectGUID"); - - local_message->dn = ldb_dn_new(local_message, module->ldb, LOCAL_BASE); - ldb_dn_add_child_fmt(local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(local_message, &objectGUID)); - - ac->local_req->op.add.message = local_message; - - ac->local_req->context = NULL; - ac->local_req->callback = NULL; - - ac->step = LPDB_ADD_REMOTE; + ac->local_message->dn = ldb_dn_new(ac->local_message, + module->ldb, LOCAL_BASE); + if ((ac->local_message->dn == NULL) || + ( ! ldb_dn_add_child_fmt(ac->local_message->dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac->local_message, + &objectGUID)))) { + return LDB_ERR_OPERATIONS_ERROR; + } - /* Return our own handle do deal with this call */ - req->handle = h; + ret = ldb_build_add_req(&remote_req, module->ldb, ac, + remote_message, + req->controls, + ac, lpdb_add_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - return ldb_next_request(module, ac->remote_req); + return ldb_next_request(module, remote_req); } -/* After adding the remote entry, add the local one */ -static int local_password_add_local(struct ldb_handle *h) { - +/* Add a record, splitting password attributes from the user's main + * record */ +static int lpdb_add_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct ldb_request *local_req; struct lpdb_context *ac; - ac = talloc_get_type(h->private_data, struct lpdb_context); + int ret; + + ac = talloc_get_type(req->context, struct lpdb_context); - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->step = LPDB_LOCAL; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + ac->remote_done = talloc_steal(ac, ares); - /* perform the local add */ - return ldb_next_request(ac->module, ac->local_req); + ret = ldb_build_add_req(&local_req, ac->module->ldb, ac, + ac->local_message, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int local_password_mod_search_self(struct ldb_handle *h); +/***************************************************************************** + * MODIFY + ****************************************************************************/ + +static int lpdb_modify_callabck(struct ldb_request *req, + struct ldb_reply *ares); +static int lpdb_mod_search_callback(struct ldb_request *req, + struct ldb_reply *ares); static int local_password_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct lpdb_context *ac; struct ldb_message *remote_message; - struct ldb_message *local_message; + struct ldb_request *remote_req; + int ret; int i; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_modify\n"); @@ -289,243 +327,565 @@ static int local_password_modify(struct ldb_module *module, struct ldb_request * } /* From here, we assume we have password attributes to split off */ - h = lpdb_init_handle(req, module, LPDB_MOD); - if (!h) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct lpdb_context); - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->remote_req) = *(ac->orig_req); - remote_message = ldb_msg_copy_shallow(ac->remote_req, ac->orig_req->op.mod.message); + remote_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message); if (remote_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - + /* Remove any password attributes from the remote message */ for (i=0; i < ARRAY_SIZE(password_attrs); i++) { ldb_msg_remove_attr(remote_message, password_attrs[i]); } - ac->remote_req->op.mod.message = remote_message; - - ac->remote_req->context = NULL; - ac->remote_req->callback = NULL; - - ac->local_req = talloc(ac, struct ldb_request); - if (ac->local_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->local_req) = *(ac->orig_req); - local_message = ldb_msg_copy_shallow(ac->local_req, ac->orig_req->op.mod.message); - if (local_message == NULL) { + ac->local_message = ldb_msg_copy_shallow(ac, ac->req->op.mod.message); + if (ac->local_message == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Remove anything seen in the remote message from the local * message (leaving only password attributes) */ - for (i=0;iremote_req->op.mod.message->num_elements;i++) { - ldb_msg_remove_attr(local_message, ac->remote_req->op.mod.message->elements[i].name); + for (i=0; i < remote_message->num_elements;i++) { + ldb_msg_remove_attr(ac->local_message, remote_message->elements[i].name); } - ac->local_req->op.mod.message = local_message; - ac->local_message = local_message; + ret = ldb_build_mod_req(&remote_req, module->ldb, ac, + remote_message, + req->controls, + ac, lpdb_modify_callabck, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - ac->local_req->context = NULL; - ac->local_req->callback = NULL; + return ldb_next_request(module, remote_req); +} - ac->step = LPDB_MOD_REMOTE; +/* On a modify, we don't have the objectGUID handy, so we need to + * search our DN for it */ +static int lpdb_modify_callabck(struct ldb_request *req, + struct ldb_reply *ares) +{ + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + struct ldb_request *search_req; + struct lpdb_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote_done = talloc_steal(ac, ares); - /* Return our own handle do deal with this call */ - req->handle = h; + /* prepare the search operation */ + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, LDB_SCOPE_BASE, + "(objectclass=*)", attrs, + NULL, + ac, lpdb_mod_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return ldb_next_request(module, ac->remote_req); + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return LDB_SUCCESS; } -/* Called when we search for our oen entry. Stores the one entry we +/* Called when we search for our own entry. Stores the one entry we * expect (as it is a base search) on the context pointer */ -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int lpdb_mod_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { + struct ldb_request *local_req; struct lpdb_context *ac; + struct ldb_dn *local_dn; + struct GUID objectGUID; + int ret = LDB_SUCCESS; - ac = talloc_get_type(context, struct lpdb_context); + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->remote != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->search_res = talloc_steal(ac, ares); - } else { + ac->remote = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: + + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + /* After we find out the objectGUID for the entry, modify the local + * password database as required */ + talloc_free(ares); + + /* if it is not an entry of type person this is an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (ac->remote == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "entry just modified (%s) not found!", + ldb_dn_get_linearized(req->op.search.base)); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (!ldb_msg_check_string_attribute(ac->remote->message, + "objectClass", "person")) { + /* Not relevent to us */ + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + + if (ldb_msg_find_ldb_val(ac->remote->message, + "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "configured below objectGUID " + "module!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + objectGUID = samdb_result_guid(ac->remote->message, + "objectGUID"); + + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + ( ! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + ac->local_message->dn = local_dn; + + ret = ldb_build_mod_req(&local_req, ac->module->ldb, ac, + ac->local_message, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + /* perform the local update */ + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } return LDB_SUCCESS; } -/* On a modify, we don't have the objectGUID handy, so we need to - * search our DN for it */ -static int local_password_mod_search_self(struct ldb_handle *h) { +/***************************************************************************** + * DELETE + ****************************************************************************/ +static int lpdb_delete_callabck(struct ldb_request *req, + struct ldb_reply *ares); +static int lpdb_del_search_callback(struct ldb_request *req, + struct ldb_reply *ares); + +static int local_password_delete(struct ldb_module *module, + struct ldb_request *req) +{ + struct ldb_request *remote_req; struct lpdb_context *ac; - static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + int ret; - ac = talloc_get_type(h->private_data, struct lpdb_context); + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "local_password_delete\n"); - /* prepare the search operation */ - ac->search_req = talloc_zero(ac, struct ldb_request); - if (ac->search_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + /* If the caller is manipulating the local passwords directly, + * let them pass */ + if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), + req->op.del.dn) == 0) { + return ldb_next_request(module, req); } - ac->search_req->operation = LDB_SEARCH; - ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; - ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->orig_req, NULL); - if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); + /* From here, we assume we have password attributes to split off */ + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac->search_req->op.search.attrs = attrs; - ac->search_req->controls = NULL; - ac->search_req->context = ac; - ac->search_req->callback = get_self_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - ac->step = LPDB_MOD_SEARCH_SELF; + ret = ldb_build_del_req(&remote_req, module->ldb, ac, + req->op.del.dn, + req->controls, + ac, lpdb_delete_callabck, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(module, remote_req); } -/* After we find out the objectGUID for the entry, modify the local - * password database as required */ -static int local_password_mod_local(struct ldb_handle *h) { +/* On a modify, we don't have the objectGUID handy, so we need to + * search our DN for it */ +static int lpdb_delete_callabck(struct ldb_request *req, + struct ldb_reply *ares) +{ + static const char * const attrs[] = { "objectGUID", "objectClass", NULL }; + struct ldb_request *search_req; + struct lpdb_context *ac; + int ret; + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Unexpected reply type"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote_done = talloc_steal(ac, ares); + + /* prepare the search operation */ + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.del.dn, LDB_SCOPE_BASE, + "(objectclass=*)", attrs, + NULL, + ac, lpdb_del_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return LDB_SUCCESS; +} + +/* Called when we search for our own entry. Stores the one entry we + * expect (as it is a base search) on the context pointer */ +static int lpdb_del_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct ldb_request *local_req; struct lpdb_context *ac; + struct ldb_dn *local_dn; struct GUID objectGUID; - ac = talloc_get_type(h->private_data, struct lpdb_context); - - /* if it is not an entry of type person this is an error */ - /* TODO: remove this when these things are checked in the schema */ - if (!ac->search_res) { - ldb_asprintf_errstring(ac->module->ldb, - "entry just modified (%s) not found!", - ldb_dn_get_linearized(ac->remote_req->op.mod.message->dn)); - return LDB_ERR_OPERATIONS_ERROR; - } - if (!ldb_msg_check_string_attribute(ac->search_res->message, "objectClass", "person")) { - /* Not relevent to us */ - return LDB_SUCCESS; + int ret = LDB_SUCCESS; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - if (ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID") == NULL) { - ldb_set_errstring(ac->module->ldb, - "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - - objectGUID = samdb_result_guid(ac->search_res->message, "objectGUID"); - ac->local_message->dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); - ldb_dn_add_child_fmt(ac->local_message->dn, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID)); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->remote != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ac->remote = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; + /* ignore */ + talloc_free(ares); + break; - ac->step = LPDB_LOCAL; + case LDB_REPLY_DONE: + /* After we find out the objectGUID for the entry, modify the local + * password database as required */ - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->local_req); + talloc_free(ares); + + /* if it is not an entry of type person this is NOT an error */ + /* TODO: remove this when sambaPassword will be in schema */ + if (ac->remote == NULL) { + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + if (!ldb_msg_check_string_attribute(ac->remote->message, + "objectClass", "person")) { + /* Not relevent to us */ + return ldb_module_done(ac->req, + ac->remote_done->controls, + ac->remote_done->response, + ac->remote_done->error); + } + + if (ldb_msg_find_ldb_val(ac->remote->message, + "objectGUID") == NULL) { + ldb_set_errstring(ac->module->ldb, + "no objectGUID found in search: " + "local_password module must be " + "configured below objectGUID " + "module!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); + } + + objectGUID = samdb_result_guid(ac->remote->message, + "objectGUID"); + + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + ( ! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_build_del_req(&local_req, ac->module->ldb, ac, + local_dn, + NULL, + ac, lpdb_local_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } - /* perform the local update */ - return ldb_next_request(ac->module, ac->local_req); + /* perform the local update */ + ret = ldb_next_request(ac->module, local_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + } + + return LDB_SUCCESS; } -static int lpdb_local_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +/***************************************************************************** + * SEARCH + ****************************************************************************/ + +static int lpdb_local_search_callback(struct ldb_request *req, + struct ldb_reply *ares); + +static int lpdb_local_search(struct lpdb_context *ac) +{ + struct ldb_request *local_req; + int ret; + + ret = ldb_build_search_req(&local_req, ac->module->ldb, ac, + ac->current->local_dn, + LDB_SCOPE_BASE, + "(objectclass=*)", + ac->req->op.search.attrs, + NULL, + ac, lpdb_local_search_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(ac->module, local_req); +} + +static int lpdb_local_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { - struct lpdb_local_search_context *local_context; + struct lpdb_context *ac; + struct ldb_reply *merge; + struct lpdb_reply *lr; + int ret; + int i; + + ac = talloc_get_type(req->context, struct lpdb_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - local_context = talloc_get_type(context, struct lpdb_local_search_context); + lr = ac->current; - /* we are interested only in the single reply (base search) we receive here */ + /* we are interested only in a single reply (base search) */ switch (ares->type) { case LDB_REPLY_ENTRY: - { - int i; - if (local_context->local_res != NULL) { - ldb_set_errstring(ldb, "Too many results to base search for password entry!"); + + if (lr->remote == NULL) { + ldb_set_errstring(ac->module->ldb, + "Too many results for password entry search!"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - local_context->local_res = ares; - /* Make sure never to return the internal key attribute to the caller */ + merge = lr->remote; + lr->remote = NULL; + + /* steal the local results on the remote results to be + * returned all together */ + talloc_steal(merge, ares->message->elements); + + /* Make sure never to return the internal key attribute */ ldb_msg_remove_attr(ares->message, PASSWORD_GUID_ATTR); - talloc_steal(local_context->remote_res->message->elements, ares->message->elements); for (i=0; i < ares->message->num_elements; i++) { struct ldb_message_element *el; - el = ldb_msg_find_element(local_context->remote_res->message, + el = ldb_msg_find_element(merge->message, ares->message->elements[i].name); if (!el) { - if (ldb_msg_add_empty(local_context->remote_res->message, - ares->message->elements[i].name, 0, &el) != LDB_SUCCESS) { + ret = ldb_msg_add_empty(merge->message, + ares->message->elements[i].name, + 0, &el); + if (ret != LDB_SUCCESS) { talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, + NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } *el = ares->message->elements[i]; } } - return local_context->ac->orig_req->callback(ldb, - local_context->ac->orig_req->context, - local_context->remote_res); - } - case LDB_REPLY_DONE: - { - /* Fire off the callback if there was no local entry, so we get the rest returned */ - if (local_context->local_res == NULL) { - return local_context->ac->orig_req->callback(ldb, - local_context->ac->orig_req->context, - local_context->remote_res); - } - return LDB_SUCCESS; + + /* free the rest */ + talloc_free(ares); + + return ldb_module_send_entry(ac->req, merge->message); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); break; - } - default: - { + + case LDB_REPLY_DONE: + talloc_free(ares); - ldb_set_errstring(ldb, "Unexpected result type in base search for password entry!"); - return LDB_ERR_OPERATIONS_ERROR; - } + + /* if this entry was not returned yet, return it now */ + if (lr->remote) { + ret = ldb_module_send_entry(ac->req, ac->remote->message); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + lr->remote = NULL; + } + + if (lr->next->remote->type == LDB_REPLY_DONE) { + /* this was the last one */ + return ldb_module_done(ac->req, + lr->next->remote->controls, + lr->next->remote->response, + lr->next->remote->error); + } else { + /* next one */ + ac->current = lr->next; + talloc_free(lr); + + ret = lpdb_local_search(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + } } + + return LDB_SUCCESS; } /* For each entry returned in a remote search, do a local base search, * based on the objectGUID we asked for as an additional attribute */ -static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int lpdb_remote_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct lpdb_context *ac; + struct ldb_dn *local_dn; + struct GUID objectGUID; + struct lpdb_reply *lr; + int ret; - ac = talloc_get_type(context, struct lpdb_context); + ac = talloc_get_type(req->context, struct lpdb_context); - if (ares->type == LDB_REPLY_ENTRY) { - struct ldb_request *req; - struct lpdb_local_search_context *local_context; - struct GUID objectGUID; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + switch (ares->type) { + case LDB_REPLY_ENTRY: /* No point searching further if it's not a 'person' entry */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { @@ -538,13 +898,14 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s ldb_msg_remove_attr(ares->message, "objectClass"); } - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + return ldb_module_send_entry(ac->req, ares->message); } if (ldb_msg_find_ldb_val(ares->message, "objectGUID") == NULL) { ldb_set_errstring(ac->module->ldb, "no objectGUID found in search: local_password module must be configured below objectGUID module!\n"); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } objectGUID = samdb_result_guid(ares->message, "objectGUID"); @@ -557,44 +918,63 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s ldb_msg_remove_attr(ares->message, "objectClass"); } - req = talloc_zero(ac, struct ldb_request); - if (!req) { - return LDB_ERR_OPERATIONS_ERROR; + local_dn = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); + if ((local_dn == NULL) || + (! ldb_dn_add_child_fmt(local_dn, + PASSWORD_GUID_ATTR "=%s", + GUID_string(ac, &objectGUID)))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + lr = talloc_zero(ac, struct lpdb_reply); + if (lr == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + lr->local_dn = talloc_steal(lr, local_dn); + lr->remote = talloc_steal(lr, ares); - local_context = talloc(ac, struct lpdb_local_search_context); - if (!local_context) { - return LDB_ERR_OPERATIONS_ERROR; + if (ac->list) { + ac->current->next = lr; + } else { + ac->list = lr; } - local_context->ac = ac; - local_context->remote_res = ares; - local_context->local_res = NULL; + ac->current= lr; + + break; - req->op.search.base = ldb_dn_new(ac, ac->module->ldb, LOCAL_BASE); - if ( ! ldb_dn_add_child_fmt(req->op.search.base, PASSWORD_GUID_ATTR "=%s", GUID_string(ac, &objectGUID))) { - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + if (ac->list == NULL) { + /* found nothing */ + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - req->operation = LDB_SEARCH; - req->op.search.scope = LDB_SCOPE_BASE; - req->op.search.tree = ldb_parse_tree(req, NULL); - if (req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; + + lr = talloc_zero(ac, struct lpdb_reply); + if (lr == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - req->op.search.attrs = ac->orig_req->op.search.attrs; - req->controls = NULL; - req->context = ac; - req->callback = get_self_callback; + lr->remote = talloc_steal(lr, ares); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, req); - - req->context = local_context; - req->callback = lpdb_local_search_callback; + ac->current->next = lr; - return ldb_next_request(ac->module, req); - } else { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + /* rewind current and start local searches */ + ac->current= ac->list; + + ret = lpdb_local_search(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } } + + return LDB_SUCCESS; } /* Search for passwords and other attributes. The passwords are @@ -603,7 +983,7 @@ static int lpdb_remote_search_callback(struct ldb_context *ldb, void *context, s static int local_password_search(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; + struct ldb_request *remote_req; struct lpdb_context *ac; int i; int ret; @@ -615,6 +995,8 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * return ldb_next_request(module, req); } + search_attrs = NULL; + /* If the caller is searching for the local passwords directly, let them pass */ if (ldb_dn_compare_base(ldb_dn_new(req, module->ldb, LOCAL_BASE), req->op.search.base) == 0) { @@ -634,32 +1016,15 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * } } - h = lpdb_init_handle(req, module, LPDB_SEARCH); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac = talloc_get_type(h->private_data, struct lpdb_context); - - ac->orig_req = req; - - ac->remote_req = talloc(ac, struct ldb_request); - if (ac->remote_req == NULL) { + ac = lpdb_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } /* Remote search is for all attributes: if the remote LDAP server has these attributes, then it overrides the local database */ - *(ac->remote_req) = *(ac->orig_req); - - /* Return our own handle do deal with this call */ - ac->remote_req->handle = h; - - ac->remote_req->context = ac; - ac->remote_req->callback = lpdb_remote_search_callback; - if (req->op.search.attrs && !ldb_attr_in_list(req->op.search.attrs, "*")) { if (!ldb_attr_in_list(req->op.search.attrs, "objectGUID")) { - search_attrs = ldb_attr_list_copy_add(req, req->op.search.attrs, "objectGUID"); + search_attrs = ldb_attr_list_copy_add(ac, req->op.search.attrs, "objectGUID"); ac->added_objectGUID = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; @@ -668,7 +1033,7 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * search_attrs = req->op.search.attrs; } if (!ldb_attr_in_list(search_attrs, "objectClass")) { - search_attrs = ldb_attr_list_copy_add(req, search_attrs, "objectClass"); + search_attrs = ldb_attr_list_copy_add(ac, search_attrs, "objectClass"); ac->added_objectClass = true; if (!search_attrs) { return LDB_ERR_OPERATIONS_ERROR; @@ -678,175 +1043,26 @@ static int local_password_search(struct ldb_module *module, struct ldb_request * search_attrs = req->op.search.attrs; } - ac->remote_req->op.search.attrs = search_attrs; - - ldb_set_timeout_from_prev_req(module->ldb, ac->orig_req, ac->remote_req); - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = LPDB_SEARCH_REMOTE; - - /* perform the search */ - ret = ldb_next_request(module, ac->remote_req); - - if (ret == LDB_SUCCESS) { - req->handle = ac->remote_req->handle; - } - - return ret; -} - -static int lpdb_wait(struct ldb_handle *handle) { - struct lpdb_context *ac; - int ret; - - if (!handle || !handle->private_data) { + ret = ldb_build_search_req_ex(&remote_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + search_attrs, + req->controls, + ac, lpdb_remote_search_callback, + req); + if (ret != LDB_SUCCESS) { return LDB_ERR_OPERATIONS_ERROR; } - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct lpdb_context); - - switch (ac->step) { - case LPDB_ADD_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_add_local(handle); - - case LPDB_MOD_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_mod_search_self(handle); - - case LPDB_MOD_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* original request done, go on */ - return local_password_mod_local(handle); - - case LPDB_LOCAL: - ret = ldb_wait(ac->local_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->local_req->handle->status != LDB_SUCCESS) { - handle->status = ac->local_req->handle->status; - goto done; - } - - if (ac->local_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case LPDB_SEARCH_REMOTE: - ret = ldb_wait(ac->remote_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->remote_req->handle->status != LDB_SUCCESS) { - handle->status = ac->remote_req->handle->status; - goto done; - } - - if (ac->remote_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int lpdb_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = lpdb_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int local_password_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return lpdb_wait_all(handle); - } else { - return lpdb_wait(handle); - } + /* perform the search */ + return ldb_next_request(module, remote_req); } _PUBLIC_ const struct ldb_module_ops ldb_local_password_module_ops = { .name = "local_password", .add = local_password_add, .modify = local_password_modify, - .search = local_password_search, - .wait = local_password_wait + .del = local_password_delete, + .search = local_password_search }; diff --git a/source4/dsdb/samdb/ldb_modules/normalise.c b/source4/dsdb/samdb/ldb_modules/normalise.c index 3306fd3c33..70513bd644 100644 --- a/source4/dsdb/samdb/ldb_modules/normalise.c +++ b/source4/dsdb/samdb/ldb_modules/normalise.c @@ -45,6 +45,14 @@ CN=Admins,CN=Users,DC=samba,DC=example,DC=com */ + +struct norm_context { + struct ldb_module *module; + struct ldb_request *req; + + const struct dsdb_schema *schema; +}; + static int fix_dn(struct ldb_dn *dn) { int i, ret; @@ -69,93 +77,117 @@ static int fix_dn(struct ldb_dn *dn) return LDB_SUCCESS; } -static int normalise_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int normalize_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - struct ldb_request *orig_req = talloc_get_type(context, struct ldb_request); - TALLOC_CTX *mem_ctx; + struct ldb_message *msg; + struct norm_context *ac; int i, j, ret; - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type != LDB_REPLY_ENTRY) { - return orig_req->callback(ldb, orig_req->context, ares); - } + ac = talloc_get_type(req->context, struct norm_context); - if (!schema) { - return orig_req->callback(ldb, orig_req->context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - mem_ctx = talloc_new(ares); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* OK, we have one of *many* search results passing by here, - * but we should get them one at a time */ + /* Only entries are interesting, and we handle the case of the parent seperatly */ - ret = fix_dn(ares->message->dn); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } + switch (ares->type) { + case LDB_REPLY_ENTRY: - for (i = 0; i < ares->message->num_elements; i++) { - const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(schema, ares->message->elements[i].name); - if (!attribute) { - continue; - } - /* Look to see if this attributeSyntax is a DN */ - if (!((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") == 0) || - (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") == 0))) { - continue; + /* OK, we have one of *many* search results passing by here, + * but we should get them one at a time */ + msg = ares->message; + + ret = fix_dn(msg->dn); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - for (j = 0; j < ares->message->elements[i].num_values; j++) { - const char *dn_str; - struct ldb_dn *dn = ldb_dn_from_ldb_val(mem_ctx, ldb, &ares->message->elements[i].values[j]); - if (!dn) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + + for (i = 0; i < msg->num_elements; i++) { + const struct dsdb_attribute *attribute = dsdb_attribute_by_lDAPDisplayName(ac->schema, msg->elements[i].name); + if (!attribute) { + continue; } - ret = fix_dn(dn); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; + /* Look to see if this attributeSyntax is a DN */ + if (!((strcmp(attribute->attributeSyntax_oid, "2.5.5.1") == 0) || + (strcmp(attribute->attributeSyntax_oid, "2.5.5.7") == 0))) { + continue; + } + for (j = 0; j < msg->elements[i].num_values; j++) { + const char *dn_str; + struct ldb_dn *dn = ldb_dn_new(ac, ac->module->ldb, (const char *)msg->elements[i].values[j].data); + if (!dn) { + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); + } + ret = fix_dn(dn); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + dn_str = talloc_steal(msg->elements[i].values, ldb_dn_get_linearized(dn)); + msg->elements[i].values[j] = data_blob_string_const(dn_str); + talloc_free(dn); } - dn_str = talloc_steal(ares->message->elements[i].values, ldb_dn_get_linearized(dn)); - ares->message->elements[i].values[j] = data_blob_string_const(dn_str); - talloc_free(dn); } + + return ldb_module_send_entry(ac->req, msg); + + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + + return LDB_SUCCESS; } /* search */ static int normalise_search(struct ldb_module *module, struct ldb_request *req) { + struct ldb_request *down_req; + struct norm_context *ac; int ret; - struct ldb_request *down_req = talloc(req, struct ldb_request); - if (!down_req) { - ldb_oom(module->ldb); + + ac = talloc(req, struct norm_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; - down_req->context = req; - down_req->callback = normalise_search_callback; - ret = ldb_next_request(module, down_req); + ac->module = module; + ac->req = req; - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + /* if schema not yet present just skip over */ + ac->schema = dsdb_get_schema(ac->module->ldb); + if (ac->schema == NULL) { + talloc_free(ac); + return ldb_next_request(module, req); } - return ret; + + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ac, normalize_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_next_request(module, down_req); } + _PUBLIC_ const struct ldb_module_ops ldb_normalise_module_ops = { .name = "normalise", .search = normalise_search, diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index b048a8d8e1..2c242d47c6 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2006 + Copyright (C) Simo Sorce 2006-2008 Copyright (C) Andrew Bartlett 2005-2007 This program is free software; you can redistribute it and/or modify @@ -47,21 +47,12 @@ struct oc_context { - enum oc_step {OC_DO_REQ, OC_SEARCH_SELF, OC_DO_MOD, - OC_SEARCH_ADD_PARENT, OC_DO_ADD, - OC_SEARCH_RENAME_PARENT, OC_DO_RENAME} step; - struct ldb_module *module; - struct ldb_request *orig_req; - - struct ldb_request *down_req; + struct ldb_request *req; - struct ldb_request *search_req; struct ldb_reply *search_res; - struct ldb_request *add_req; - struct ldb_request *mod_req; - struct ldb_request *rename_req; + int (*step_fn)(struct oc_context *); }; struct class_list { @@ -69,46 +60,31 @@ struct class_list { const struct dsdb_class *objectclass; }; -static int objectclass_do_add(struct ldb_handle *h); - -static struct ldb_handle *oc_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct oc_context *oc_init_context(struct ldb_module *module, + struct ldb_request *req) { struct oc_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct oc_context); + ac = talloc_zero(req, struct oc_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } +static int objectclass_do_add(struct oc_context *ac); + /* Sort objectClasses into correct order, and validate that all * objectClasses specified actually exist in the schema */ static int objectclass_sort(struct ldb_module *module, const struct dsdb_schema *schema, - struct ldb_message *msg, /* so that when we create new elements, we put it on the right parent */ TALLOC_CTX *mem_ctx, struct ldb_message_element *objectclass_element, struct class_list **sorted_out) @@ -117,6 +93,7 @@ static int objectclass_sort(struct ldb_module *module, int layer; struct class_list *sorted = NULL, *parent_class = NULL, *subclass = NULL, *unsorted = NULL, *current, *poss_subclass, *poss_parent, *new_parent; + /* DESIGN: * * We work on 4 different 'bins' (implemented here as linked lists): @@ -150,8 +127,7 @@ static int objectclass_sort(struct ldb_module *module, for (i=0; i < objectclass_element->num_values; i++) { current = talloc(mem_ctx, struct class_list); if (!current) { - ldb_set_errstring(module->ldb, "objectclass: out of memory allocating objectclass list"); - talloc_free(mem_ctx); + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } current->objectclass = dsdb_class_by_lDAPDisplayName(schema, (const char *)objectclass_element->values[i].data); @@ -258,7 +234,7 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct auth_session_info *session_info = ldb_get_opaque(module->ldb, "sessionInfo"); struct security_descriptor *sd; - struct dom_sid *domain_sid = samdb_domain_sid(module->ldb); + const struct dom_sid *domain_sid = samdb_domain_sid(module->ldb); if (!objectclass->defaultSecurityDescriptor || !domain_sid) { return NULL; @@ -292,28 +268,77 @@ static DATA_BLOB *get_sd(struct ldb_module *module, TALLOC_CTX *mem_ctx, } -static int get_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int get_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct oc_context *ac; + int ret; - ac = talloc_get_type(context, struct oc_context); + ac = talloc_get_type(req->context, struct oc_context); - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->search_res = talloc_move(ac, &ares); - } else { + ac->search_res = talloc_steal(ac, ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: talloc_free(ares); + ret = ac->step_fn(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } return LDB_SUCCESS; } +static int oc_op_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct oc_context *ac; + + ac = talloc_get_type(req->context, struct oc_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN This should mean that if the parent is: @@ -367,12 +392,11 @@ static int fix_attributes(struct ldb_context *ldb, const struct dsdb_schema *sch return LDB_SUCCESS; } +static int objectclass_do_add(struct oc_context *ac); + static int objectclass_add(struct ldb_module *module, struct ldb_request *req) { - - static const char * const attrs[] = { NULL }; - - struct ldb_handle *h; + struct ldb_request *search_req; struct oc_context *ac; struct ldb_dn *parent_dn; int ret; @@ -384,61 +408,56 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* Need to object to this, but cn=rootdse doesn't hae an objectClass... */ + /* Need to object to this, but cn=rootdse doesn't have an objectClass... */ if (ldb_msg_find_element(req->op.add.message, "objectClass") == NULL) { return ldb_next_request(module, req); } - h = oc_init_handle(req, module); - if (!h) { + ac = oc_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; /* If there isn't a parent, just go on to the add processing */ - if (ldb_dn_get_comp_num(ac->orig_req->op.add.message->dn) == 1) { - return objectclass_do_add(h); + if (ldb_dn_get_comp_num(ac->req->op.add.message->dn) == 1) { + return objectclass_do_add(ac); } - parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.add.message->dn); + /* get copy of parent DN */ + parent_dn = ldb_dn_get_parent(ac, ac->req->op.add.message->dn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&ac->search_req, module->ldb, + ret = ldb_build_search_req(&search_req, module->ldb, ac, parent_dn, LDB_SCOPE_BASE, - "(objectClass=*)", - attrs, NULL, - ac, get_search_callback); + "(objectClass=*)", NULL, + NULL, + ac, get_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } + talloc_steal(search_req, parent_dn); - talloc_steal(ac->search_req, parent_dn); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); + ac->step_fn = objectclass_do_add; - ac->step = OC_SEARCH_ADD_PARENT; - - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(ac->module, search_req); } -static int objectclass_do_add(struct ldb_handle *h) +static int objectclass_do_add(struct oc_context *ac) { const struct dsdb_schema *schema; - struct oc_context *ac; + struct ldb_request *add_req; + char *value; struct ldb_message_element *objectclass_element; struct ldb_message *msg; TALLOC_CTX *mem_ctx; struct class_list *sorted, *current; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); + schema = dsdb_get_schema(ac->module->ldb); mem_ctx = talloc_new(ac); @@ -446,41 +465,34 @@ static int objectclass_do_add(struct ldb_handle *h) return LDB_ERR_OPERATIONS_ERROR; } - ac->add_req = talloc(ac, struct ldb_request); - if (ac->add_req == NULL) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } + msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message); - *ac->add_req = *ac->orig_req; - - ac->add_req->op.add.message = msg = ldb_msg_copy_shallow(ac->add_req, ac->orig_req->op.add.message); - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->add_req); - /* Check we have a valid parent */ if (ac->search_res == NULL) { - if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), ac->orig_req->op.add.message->dn) == 0) { + if (ldb_dn_compare(ldb_get_root_basedn(ac->module->ldb), + msg->dn) == 0) { /* Allow the tree to be started */ /* but don't keep any error string, it's meaningless */ ldb_set_errstring(ac->module->ldb, NULL); } else { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot add %s, parent does not exist!", - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + ldb_dn_get_linearized(msg->dn)); + talloc_free(mem_ctx); return LDB_ERR_UNWILLING_TO_PERFORM; } } else { /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ ret = fix_dn(msg, - ac->orig_req->op.add.message->dn, + ac->req->op.add.message->dn, ac->search_res->message->dn, &msg->dn); if (ret != LDB_SUCCESS) { ldb_asprintf_errstring(ac->module->ldb, "Could not munge DN %s into normal form", - ldb_dn_get_linearized(ac->orig_req->op.add.message->dn)); + ldb_dn_get_linearized(ac->req->op.add.message->dn)); + talloc_free(mem_ctx); return ret; } @@ -505,7 +517,7 @@ static int objectclass_do_add(struct ldb_handle *h) talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; @@ -524,7 +536,13 @@ static int objectclass_do_add(struct ldb_handle *h) /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + value = talloc_strdup(msg, current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(ac->module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted " @@ -537,8 +555,13 @@ static int objectclass_do_add(struct ldb_handle *h) struct ldb_message_element *el; int32_t systemFlags = 0; if (!ldb_msg_find_element(msg, "objectCategory")) { - ldb_msg_add_string(msg, "objectCategory", - current->objectclass->defaultObjectCategory); + value = talloc_strdup(msg, current->objectclass->defaultObjectCategory); + if (value == NULL) { + ldb_oom(ac->module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ldb_msg_add_string(msg, "objectCategory", value); } if (!ldb_msg_find_element(msg, "showInAdvancedViewOnly") && (current->objectclass->defaultHidingValue == true)) { ldb_msg_add_string(msg, "showInAdvancedViewOnly", @@ -597,20 +620,33 @@ static int objectclass_do_add(struct ldb_handle *h) return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_ADD; + ret = ldb_build_add_req(&add_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } /* perform the add */ - return ldb_next_request(ac->module, ac->add_req); + return ldb_next_request(ac->module, add_req); } +static int oc_modify_callback(struct ldb_request *req, + struct ldb_reply *ares); +static int objectclass_do_mod(struct oc_context *ac); + static int objectclass_modify(struct ldb_module *module, struct ldb_request *req) { struct ldb_message_element *objectclass_element; struct ldb_message *msg; const struct dsdb_schema *schema = dsdb_get_schema(module->ldb); + struct class_list *sorted, *current; + struct ldb_request *down_req; + struct oc_context *ac; + TALLOC_CTX *mem_ctx; + char *value; int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_modify\n"); @@ -626,23 +662,19 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req } objectclass_element = ldb_msg_find_element(req->op.mod.message, "objectClass"); + ac = oc_init_context(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* If no part of this touches the objectClass, then we don't * need to make any changes. */ /* If the only operation is the deletion of the objectClass * then go on with just fixing the attribute case */ if (!objectclass_element) { - struct ldb_request *down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); - return LDB_ERR_OPERATIONS_ERROR; - } - - *down_req = *req; /* copy the request */ - - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); - - if (down_req->op.mod.message == NULL) { + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } @@ -651,15 +683,17 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return ret; } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + + /* go on with the call chain */ + return ldb_next_request(module, down_req); } switch (objectclass_element->flags & LDB_FLAG_MOD_MASK) { @@ -668,41 +702,28 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req return LDB_ERR_OBJECT_CLASS_MODS_PROHIBITED; } break; + case LDB_FLAG_MOD_REPLACE: - { - struct ldb_request *down_req; - struct class_list *sorted, *current; - TALLOC_CTX *mem_ctx; - mem_ctx = talloc_new(req); + mem_ctx = talloc_new(ac); if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* prepare the first operation */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; /* copy the request */ - - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); - - if (down_req->op.mod.message == NULL) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; - } - + ret = fix_attributes(module->ldb, schema, msg); if (ret != LDB_SUCCESS) { talloc_free(mem_ctx); return ret; } - ret = objectclass_sort(module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); return ret; } @@ -719,9 +740,21 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + /* copy the value as this string is on the schema + * context and we can't rely on it not changing + * before the operation is over */ + value = talloc_strdup(msg, + current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(module->ldb); + talloc_free(mem_ctx); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { - ldb_set_errstring(module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); + ldb_set_errstring(module->ldb, + "objectclass: could not re-add sorted " + "objectclass to modify msg"); talloc_free(mem_ctx); return ret; } @@ -731,130 +764,121 @@ static int objectclass_modify(struct ldb_module *module, struct ldb_request *req ret = ldb_msg_sanity_check(module->ldb, msg); if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); return ret; } - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; - } + + /* go on with the call chain */ + return ldb_next_request(module, down_req); } /* This isn't the default branch of the switch, but a 'in any * other case'. When a delete isn't for all objectClasses for * example */ - { - struct ldb_handle *h; - struct oc_context *ac; - - h = oc_init_handle(req, module); - if (!h) { - return LDB_ERR_OPERATIONS_ERROR; - } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; - - /* prepare the first operation */ - ac->down_req = talloc(ac, struct ldb_request); - if (ac->down_req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *req; /* copy the request */ - - ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); - - if (ac->down_req->op.mod.message == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = fix_attributes(ac->module->ldb, schema, msg); - if (ret != LDB_SUCCESS) { - ldb_oom(ac->module->ldb); - return ret; - } - ac->down_req->context = NULL; - ac->down_req->callback = NULL; - ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); - - ac->step = OC_DO_REQ; + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } - return ldb_next_request(module, ac->down_req); + ret = fix_attributes(module->ldb, schema, msg); + if (ret != LDB_SUCCESS) { + ldb_oom(ac->module->ldb); + return ret; + } + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, oc_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } + + return ldb_next_request(module, down_req); } -static int objectclass_search_self(struct ldb_handle *h) +static int oc_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { - int ret; - struct oc_context *ac; static const char * const attrs[] = { "objectClass", NULL }; + struct ldb_request *search_req; + struct oc_context *ac; + int ret; - ac = talloc_get_type(h->private_data, struct oc_context); + ac = talloc_get_type(req->context, struct oc_context); - ret = ldb_build_search_req(&ac->search_req, ac->module->ldb, - ac, ac->orig_req->op.mod.message->dn, LDB_SCOPE_BASE, + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, - ac, get_search_callback); - + ac, get_search_callback, + ac->req); if (ret != LDB_SUCCESS) { - return ret; + return ldb_module_done(ac->req, NULL, NULL, ret); } - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - - ac->step = OC_SEARCH_SELF; + ac->step_fn = objectclass_do_mod; - return ldb_next_request(ac->module, ac->search_req); + ret = ldb_next_request(ac->module, search_req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + return LDB_SUCCESS; } -static int objectclass_do_mod(struct ldb_handle *h) { +static int objectclass_do_mod(struct oc_context *ac) +{ const struct dsdb_schema *schema; - struct oc_context *ac; + struct ldb_request *mod_req; + char *value; struct ldb_message_element *objectclass_element; struct ldb_message *msg; TALLOC_CTX *mem_ctx; struct class_list *sorted, *current; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); - schema = dsdb_get_schema(ac->module->ldb); - mem_ctx = talloc_new(ac); - if (mem_ctx == NULL) { + if (ac->search_res == NULL) { return LDB_ERR_OPERATIONS_ERROR; } + schema = dsdb_get_schema(ac->module->ldb); - ac->mod_req = talloc(ac, struct ldb_request); - if (ac->mod_req == NULL) { - talloc_free(mem_ctx); + mem_ctx = talloc_new(ac); + if (mem_ctx == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->mod_req->operation = LDB_MODIFY; - ac->mod_req->controls = NULL; - ac->mod_req->context = ac; - ac->mod_req->callback = NULL; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); - /* use a new message structure */ - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + msg = ldb_msg_new(ac); if (msg == NULL) { - ldb_set_errstring(ac->module->ldb, "objectclass: could not create new modify msg"); + ldb_set_errstring(ac->module->ldb, + "objectclass: could not create new modify msg"); talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } @@ -869,9 +893,9 @@ static int objectclass_do_mod(struct ldb_handle *h) { } /* modify dn */ - msg->dn = ac->orig_req->op.mod.message->dn; + msg->dn = ac->req->op.mod.message->dn; - ret = objectclass_sort(ac->module, schema, msg, mem_ctx, objectclass_element, &sorted); + ret = objectclass_sort(ac->module, schema, mem_ctx, objectclass_element, &sorted); if (ret != LDB_SUCCESS) { return ret; } @@ -889,7 +913,12 @@ static int objectclass_do_mod(struct ldb_handle *h) { /* Move from the linked list back into an ldb msg */ for (current = sorted; current; current = current->next) { - ret = ldb_msg_add_string(msg, "objectClass", current->objectclass->lDAPDisplayName); + value = talloc_strdup(msg, current->objectclass->lDAPDisplayName); + if (value == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "objectClass", value); if (ret != LDB_SUCCESS) { ldb_set_errstring(ac->module->ldb, "objectclass: could not re-add sorted objectclass to modify msg"); talloc_free(mem_ctx); @@ -903,33 +932,38 @@ static int objectclass_do_mod(struct ldb_handle *h) { return ret; } - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_MOD; + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + talloc_free(mem_ctx); + return ret; + } talloc_free(mem_ctx); - /* perform the search */ - return ldb_next_request(ac->module, ac->mod_req); + /* perform the modify */ + return ldb_next_request(ac->module, mod_req); } +static int objectclass_do_rename(struct oc_context *ac); + static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) { - static const char * const attrs[] = { NULL }; - struct ldb_handle *h; + struct ldb_request *search_req; struct oc_context *ac; struct ldb_dn *parent_dn; int ret; - + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectclass_rename\n"); if (ldb_dn_is_special(req->op.rename.newdn)) { /* do not manipulate our control entries */ return ldb_next_request(module, req); } - + /* Firstly ensure we are not trying to rename it to be a child of itself */ if ((ldb_dn_compare_base(req->op.rename.olddn, req->op.rename.newdn) == 0) && (ldb_dn_compare(req->op.rename.olddn, req->op.rename.newdn) != 0)) { @@ -938,65 +972,50 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req return LDB_ERR_UNWILLING_TO_PERFORM; } - h = oc_init_handle(req, module); - if (!h) { + ac = oc_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct oc_context); - - /* return or own handle to deal with this call */ - req->handle = h; - parent_dn = ldb_dn_get_parent(ac, ac->orig_req->op.rename.newdn); + parent_dn = ldb_dn_get_parent(ac, req->op.rename.newdn); if (parent_dn == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&ac->search_req, module->ldb, + ret = ldb_build_search_req(&search_req, module->ldb, ac, parent_dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, - ac, get_search_callback); + ac, get_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(ac->search_req, parent_dn); - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - ac->step = OC_SEARCH_RENAME_PARENT; + ac->step_fn = objectclass_do_rename; - return ldb_next_request(ac->module, ac->search_req); + return ldb_next_request(ac->module, search_req); } -static int objectclass_do_rename(struct ldb_handle *h) +static int objectclass_do_rename(struct oc_context *ac) { - struct oc_context *ac; + struct ldb_request *rename_req; + struct ldb_dn *fixed_dn; int ret; - - ac = talloc_get_type(h->private_data, struct oc_context); - ac->rename_req = talloc(ac, struct ldb_request); - if (ac->rename_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *ac->rename_req = *ac->orig_req; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->rename_req); - /* Check we have a valid parent */ if (ac->search_res == NULL) { ldb_asprintf_errstring(ac->module->ldb, "objectclass: Cannot rename %s, parent does not exist!", - ldb_dn_get_linearized(ac->orig_req->op.rename.newdn)); + ldb_dn_get_linearized(ac->req->op.rename.newdn)); return LDB_ERR_UNWILLING_TO_PERFORM; } - /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ - ret = fix_dn(ac->rename_req, - ac->orig_req->op.rename.newdn, - ac->search_res->message->dn, - &ac->rename_req->op.rename.newdn); - + /* Fix up the DN to be in the standard form, + * taking particular care to match the parent DN */ + ret = fix_dn(ac, + ac->req->op.rename.newdn, + ac->search_res->message->dn, + &fixed_dn); if (ret != LDB_SUCCESS) { return ret; } @@ -1005,197 +1024,17 @@ static int objectclass_do_rename(struct ldb_handle *h) * by reading the allowedChildClasses and * allowedChildClasssesEffective attributes */ - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = OC_DO_RENAME; - - /* perform the rename */ - return ldb_next_request(ac->module, ac->rename_req); -} - -static int oc_wait(struct ldb_handle *handle) { - struct oc_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct oc_context); - - switch (ac->step) { - case OC_DO_REQ: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* mods done, go on */ - return objectclass_search_self(handle); - - case OC_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* self search done, go on */ - return objectclass_do_mod(handle); - - case OC_DO_MOD: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case OC_SEARCH_ADD_PARENT: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS - && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* parent search done, go on */ - return objectclass_do_add(handle); - - case OC_DO_ADD: - ret = ldb_wait(ac->add_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->add_req->handle->status != LDB_SUCCESS) { - handle->status = ac->add_req->handle->status; - goto done; - } - - if (ac->add_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case OC_SEARCH_RENAME_PARENT: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* parent search done, go on */ - return objectclass_do_rename(handle); - - case OC_DO_RENAME: - ret = ldb_wait(ac->rename_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->rename_req->handle->status != LDB_SUCCESS) { - handle->status = ac->rename_req->handle->status; - goto done; - } - - if (ac->rename_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int oc_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = oc_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + ret = ldb_build_rename_req(&rename_req, ac->module->ldb, ac, + ac->req->op.rename.olddn, fixed_dn, + ac->req->controls, + ac, oc_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; -} - -static int objectclass_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return oc_wait_all(handle); - } else { - return oc_wait(handle); - } + /* perform the rename */ + return ldb_next_request(ac->module, rename_req); } _PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { @@ -1203,5 +1042,4 @@ _PUBLIC_ const struct ldb_module_ops ldb_objectclass_module_ops = { .add = objectclass_add, .modify = objectclass_modify, .rename = objectclass_rename, - .wait = objectclass_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/objectguid.c b/source4/dsdb/samdb/ldb_modules/objectguid.c index f62839389d..054905992d 100644 --- a/source4/dsdb/samdb/ldb_modules/objectguid.c +++ b/source4/dsdb/samdb/ldb_modules/objectguid.c @@ -1,9 +1,9 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 + Copyright (C) Simo Sorce 2004-2008 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -103,6 +103,36 @@ static int add_uint64_element(struct ldb_message *msg, const char *attr, uint64_ return 0; } +struct og_context { + struct ldb_module *module; + struct ldb_request *req; +}; + +static int og_op_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct og_context *ac; + + ac = talloc_get_type(req->context, struct og_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +} + /* add_record: add objectGUID attribute */ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) { @@ -115,6 +145,7 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) enum ndr_err_code ndr_err; int ret; time_t t = time(NULL); + struct og_context *ac; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -127,15 +158,15 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc(req, struct og_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; @@ -149,44 +180,41 @@ static int objectguid_add(struct ldb_module *module, struct ldb_request *req) &guid, (ndr_push_flags_fn_t)ndr_push_GUID); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_value(msg, "objectGUID", &v, NULL); if (ret) { - talloc_free(down_req); return ret; } if (add_time_element(msg, "whenCreated", t) != 0 || add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } /* Get a sequence number from the backend */ + /* FIXME: ldb_sequence_number is still SYNC now, when this changes, + * make sure this function is split and a callback is used */ ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNCreated", seq_num) != 0 || add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, og_op_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } /* modify_record: update timestamps */ @@ -197,6 +225,7 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) int ret; time_t t = time(NULL); uint64_t seq_num; + struct og_context *ac; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "objectguid_add_record\n"); @@ -205,22 +234,20 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = talloc(req, struct og_context); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - - *down_req = *req; + ac->module = module; + ac->req = req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); if (msg == NULL) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } if (add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -228,23 +255,21 @@ static int objectguid_modify(struct ldb_module *module, struct ldb_request *req) ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, og_op_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* go on with the call chain */ + return ldb_next_request(module, down_req); } _PUBLIC_ const struct ldb_module_ops ldb_objectguid_module_ops = { diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 0cd0baf625..ad2901c308 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1,4 +1,3 @@ - /* Partitions ldb module @@ -43,61 +42,98 @@ struct partition_private_data { struct ldb_dn **replicate; }; +struct part_request { + struct ldb_module *module; + struct ldb_request *req; +}; + struct partition_context { struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; - struct ldb_request **down_req; + struct part_request *part_req; int num_requests; int finished_requests; }; -static struct partition_context *partition_init_handle(struct ldb_request *req, struct ldb_module *module) +static struct partition_context *partition_init_ctx(struct ldb_module *module, struct ldb_request *req) { struct partition_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct partition_context); + ac = talloc_zero(req, struct partition_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = ac; - ac->module = module; - ac->orig_req = req; - - req->handle = h; + ac->req = req; return ac; } -static struct ldb_module *make_module_for_next_request(TALLOC_CTX *mem_ctx, - struct ldb_context *ldb, - struct ldb_module *module) +#define PARTITION_FIND_OP(module, op) do { \ + struct ldb_context *ldbctx = module->ldb; \ + while (module && module->ops->op == NULL) module = module->next; \ + if (module == NULL) { \ + ldb_asprintf_errstring(ldbctx, \ + "Unable to find backend operation for " #op ); \ + return LDB_ERR_OPERATIONS_ERROR; \ + } \ +} while (0) + +/* + * helper functions to call the next module in chain + * */ + +int partition_request(struct ldb_module *module, struct ldb_request *request) { - struct ldb_module *current; - static const struct ldb_module_ops ops; /* zero */ - current = talloc_zero(mem_ctx, struct ldb_module); - if (current == NULL) { - return module; + int ret; + switch (request->operation) { + case LDB_SEARCH: + PARTITION_FIND_OP(module, search); + ret = module->ops->search(module, request); + break; + case LDB_ADD: + PARTITION_FIND_OP(module, add); + ret = module->ops->add(module, request); + break; + case LDB_MODIFY: + PARTITION_FIND_OP(module, modify); + ret = module->ops->modify(module, request); + break; + case LDB_DELETE: + PARTITION_FIND_OP(module, del); + ret = module->ops->del(module, request); + break; + case LDB_RENAME: + PARTITION_FIND_OP(module, rename); + ret = module->ops->rename(module, request); + break; + case LDB_EXTENDED: + PARTITION_FIND_OP(module, extended); + ret = module->ops->extended(module, request); + break; + case LDB_SEQUENCE_NUMBER: + PARTITION_FIND_OP(module, sequence_number); + ret = module->ops->sequence_number(module, request); + break; + default: + PARTITION_FIND_OP(module, request); + ret = module->ops->request(module, request); + break; } - - current->ldb = ldb; - current->ops = &ops; - current->prev = NULL; - current->next = module; - return current; + if (ret == LDB_SUCCESS) { + return ret; + } + if (!ldb_errstring(module->ldb)) { + /* Set a default error string, to place the blame somewhere */ + ldb_asprintf_errstring(module->ldb, + "error in module %s: %s (%d)", + module->ops->name, + ldb_strerror(ret), ret); + } + return ret; } static struct dsdb_control_current_partition *find_partition(struct partition_private_data *data, @@ -120,127 +156,201 @@ static struct dsdb_control_current_partition *find_partition(struct partition_pr /** * fire the caller's callback for every entry, but only send 'done' once. */ -static int partition_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int partition_req_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct partition_context *ac; + struct ldb_module *module; + struct ldb_request *nreq; + int ret; - ac = talloc_get_type(context, struct partition_context); + ac = talloc_get_type(req->context, struct partition_context); - if (ares->type == LDB_REPLY_ENTRY) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); - } else { - ac->finished_requests++; - if (ac->finished_requests == ac->num_requests) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); - } else { - talloc_free(ares); - return LDB_SUCCESS; - } + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } -} - -/** - * only fire the 'last' callback, and only for START-TLS for now - */ -static int partition_other_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct partition_context *ac; - ac = talloc_get_type(context, struct partition_context); + switch (ares->type) { + case LDB_REPLY_REFERRAL: + /* ignore referrals for now */ + break; - if (!ac->orig_req->callback) { - talloc_free(ares); - return LDB_SUCCESS; - } + case LDB_REPLY_ENTRY: + if (ac->req->operation != LDB_SEARCH) { + ldb_set_errstring(ac->module->ldb, + "partition_req_callback:" + " Unsupported reply type for this request"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_DONE: + if (ac->req->operation == LDB_EXTENDED) { + /* FIXME: check for ares->response, replmd does not fill it ! */ + if (ares->response) { + if (strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID) != 0) { + ldb_set_errstring(ac->module->ldb, + "partition_req_callback:" + " Unknown extended reply, " + "only supports START_TLS"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + } - if (!ares - || (ares->type == LDB_REPLY_EXTENDED - && strcmp(ares->response->oid, LDB_EXTENDED_START_TLS_OID))) { ac->finished_requests++; if (ac->finished_requests == ac->num_requests) { - return ac->orig_req->callback(ldb, ac->orig_req->context, ares); + /* this was the last one, call callback */ + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(ares); - return LDB_SUCCESS; + + /* not the last, now call the next one */ + module = ac->part_req[ac->finished_requests].module; + nreq = ac->part_req[ac->finished_requests].req; + + ret = partition_request(module, nreq); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + break; } - ldb_set_errstring(ldb, "partition_other_callback: Unknown reply type, only supports START_TLS"); + talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } - -static int partition_send_request(struct partition_context *ac, +static int partition_prep_request(struct partition_context *ac, struct dsdb_control_current_partition *partition) { int ret; - struct ldb_module *backend; struct ldb_request *req; - if (partition) { - backend = make_module_for_next_request(ac, ac->module->ldb, partition->module); - } else { - backend = ac->module; - } - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { + ac->part_req = talloc_realloc(ac, ac->part_req, + struct part_request, + ac->num_requests + 1); + if (ac->part_req == NULL) { ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - req = ac->down_req[ac->num_requests] = talloc(ac, struct ldb_request); - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + switch (ac->req->operation) { + case LDB_SEARCH: + ret = ldb_build_search_req_ex(&req, ac->module->ldb, + ac->part_req, + ac->req->op.search.base, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->req->op.search.attrs, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_ADD: + ret = ldb_build_add_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.add.message, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_MODIFY: + ret = ldb_build_mod_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.mod.message, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_DELETE: + ret = ldb_build_del_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.del.dn, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_RENAME: + ret = ldb_build_rename_req(&req, ac->module->ldb, ac->part_req, + ac->req->op.rename.olddn, + ac->req->op.rename.newdn, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + case LDB_EXTENDED: + ret = ldb_build_extended_req(&req, ac->module->ldb, + ac->part_req, + ac->req->op.extended.oid, + ac->req->op.extended.data, + ac->req->controls, + ac, partition_req_callback, + ac->req); + break; + default: + ldb_set_errstring(ac->module->ldb, + "Unsupported request type!"); + ret = LDB_ERR_UNWILLING_TO_PERFORM; } - - *req = *ac->orig_req; /* copy the request */ - if (req->controls) { - req->controls - = talloc_memdup(req, - ac->orig_req->controls, talloc_get_size(ac->orig_req->controls)); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->part_req[ac->num_requests].req = req; + + if (ac->req->controls) { + req->controls = talloc_memdup(req, ac->req->controls, + talloc_get_size(ac->req->controls)); if (req->controls == NULL) { ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } } - if (req->operation == LDB_SEARCH) { - /* If the search is for 'more' than this partition, - * then change the basedn, so a remote LDAP server - * doesn't object */ - if (partition) { - if (ldb_dn_compare_base(partition->dn, req->op.search.base) != 0) { - req->op.search.base = partition->dn; - } - } else { - req->op.search.base = NULL; - } - req->callback = partition_search_callback; - req->context = ac; - } else { - req->callback = partition_other_callback; - req->context = ac; - } - if (partition) { - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + ac->part_req[ac->num_requests].module = partition->module; + + ret = ldb_request_add_control(req, + DSDB_CONTROL_CURRENT_PARTITION_OID, + false, partition); if (ret != LDB_SUCCESS) { return ret; } - } - /* Spray off search requests the backend */ - ret = ldb_next_request(backend, req); - if (ret != LDB_SUCCESS) { - return ret; + if (req->operation == LDB_SEARCH) { + /* If the search is for 'more' than this partition, + * then change the basedn, so a remote LDAP server + * doesn't object */ + if (ldb_dn_compare_base(partition->dn, + req->op.search.base) != 0) { + req->op.search.base = partition->dn; + } + } + + } else { + /* make sure you put the NEXT module here, or + * partition_request() will simply loop forever on itself */ + ac->part_req[ac->num_requests].module = ac->module->next; } ac->num_requests++; + return LDB_SUCCESS; } +static int partition_call_first(struct partition_context *ac) +{ + return partition_request(ac->part_req[0].module, ac->part_req[0].req); +} + /** * Send a request down to all the partitions */ @@ -251,17 +361,19 @@ static int partition_send_all(struct ldb_module *module, int i; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - int ret = partition_send_request(ac, NULL); + int ret = partition_prep_request(ac, NULL); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } } - return LDB_SUCCESS; + + /* fire the first one */ + return partition_call_first(ac); } /** @@ -270,21 +382,23 @@ static int partition_send_all(struct ldb_module *module, */ static int partition_replicate(struct ldb_module *module, struct ldb_request *req, struct ldb_dn *dn) { + struct partition_context *ac; unsigned i; int ret; struct dsdb_control_current_partition *partition; - struct ldb_module *backend; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); + if (!data || !data->partitions) { + return ldb_next_request(module, req); + } if (req->operation != LDB_SEARCH) { /* Is this a special DN, we need to replicate to every backend? */ for (i=0; data->replicate && data->replicate[i]; i++) { if (ldb_dn_compare(data->replicate[i], dn) == 0) { - struct partition_context *ac; - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } @@ -310,18 +424,19 @@ static int partition_replicate(struct ldb_module *module, struct ldb_request *re return ldb_next_request(module, req); } - backend = make_module_for_next_request(req, module->ldb, partition->module); - if (!backend) { + ac = partition_init_ctx(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + /* we need to add a control but we never touch the original request */ + ret = partition_prep_request(ac, partition); if (ret != LDB_SUCCESS) { return ret; } - /* issue request */ - return ldb_next_request(backend, req); + /* fire the first one */ + return partition_call_first(ac); } /* search */ @@ -336,6 +451,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) /* (later) consider if we should be searching multiple * partitions (for 'invisible' partition behaviour */ + struct ldb_control *search_control = ldb_request_get_control(req, LDB_CONTROL_SEARCH_OPTIONS_OID); struct ldb_control *domain_scope_control = ldb_request_get_control(req, LDB_CONTROL_DOMAIN_SCOPE_OID); @@ -366,7 +482,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } } - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } @@ -378,7 +494,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { - ret = partition_send_request(ac, data->partitions[i]); + ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } @@ -390,8 +506,10 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) talloc_free(ac); return ldb_next_request(module, req); } - - return LDB_SUCCESS; + + /* fire the first one */ + return partition_call_first(ac); + } else { /* Handle this like all other requests */ if (search_control && (search_options->search_options & ~LDB_SEARCH_OPTION_PHANTOM_ROOT) == 0) { @@ -436,7 +554,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); - /* Skip the lot if 'data' isn't here yet (initialistion) */ + /* Skip the lot if 'data' isn't here yet (initialization) */ if (!data) { return LDB_ERR_OPERATIONS_ERROR; } @@ -486,24 +604,26 @@ static int partition_start_trans(struct ldb_module *module) struct partition_private_data); /* Look at base DN */ /* Figure out which partition it is under */ - /* Skip the lot if 'data' isn't here yet (initialistion) */ + /* Skip the lot if 'data' isn't here yet (initialization) */ ret = ldb_next_start_trans(module); if (ret != LDB_SUCCESS) { return ret; } for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, start_transaction); - ret = ldb_next_start_trans(next); - talloc_free(next); + ret = next->ops->start_transaction(next); if (ret != LDB_SUCCESS) { /* Back it out, if it fails on one */ for (i--; i >= 0; i--) { - next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - ldb_next_del_trans(next); - talloc_free(next); + next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); + + next->ops->del_transaction(next); } + ldb_next_del_trans(module); return ret; } } @@ -513,7 +633,7 @@ static int partition_start_trans(struct ldb_module *module) /* end a transaction */ static int partition_end_trans(struct ldb_module *module) { - int i, ret, ret2 = LDB_SUCCESS; + int i, ret; struct partition_private_data *data = talloc_get_type(module->private_data, struct partition_private_data); ret = ldb_next_end_trans(module); @@ -525,24 +645,24 @@ static int partition_end_trans(struct ldb_module *module) /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - - ret = ldb_next_end_trans(next); - talloc_free(next); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, end_transaction); + + ret = next->ops->end_transaction(next); if (ret != LDB_SUCCESS) { - ret2 = ret; - } - } + /* Back it out, if it fails on one */ + for (i--; i >= 0; i--) { + next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); - if (ret != LDB_SUCCESS) { - /* Back it out, if it fails on one */ - for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - ldb_next_del_trans(next); - talloc_free(next); + next->ops->del_transaction(next); + } + ldb_next_del_trans(module); + return ret; } } - return ret; + + return LDB_SUCCESS; } /* delete a transaction */ @@ -560,10 +680,10 @@ static int partition_del_trans(struct ldb_module *module) /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(module, module->ldb, data->partitions[i]->module); - - ret = ldb_next_del_trans(next); - talloc_free(next); + struct ldb_module *next = data->partitions[i]->module; + PARTITION_FIND_OP(next, del_transaction); + + ret = next->ops->del_transaction(next); if (ret != LDB_SUCCESS) { ret2 = ret; } @@ -571,6 +691,9 @@ static int partition_del_trans(struct ldb_module *module) return ret2; } +/* NOTE: ldb_sequence_number is still a completely SYNCHRONOUS call + * implemented only in ldb_rdb. It does not require ldb_wait() to be + * called after a request is made */ static int partition_sequence_number(struct ldb_module *module, struct ldb_request *req) { int i, ret; @@ -593,19 +716,29 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque seq_number = seq_number + req->op.seq_num.seq_num; } + /* gross hack part1 */ + ret = ldb_request_add_control(req, + DSDB_CONTROL_CURRENT_PARTITION_OID, + false, NULL); + if (ret != LDB_SUCCESS) { + return ret; + } + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); - - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, data->partitions[i]); - if (ret != LDB_SUCCESS) { - return ret; + + /* gross hack part2 */ + int j; + for (j=0; req->controls[j]; j++) { + if (strcmp(req->controls[j]->oid, DSDB_CONTROL_CURRENT_PARTITION_OID) == 0) { + req->controls[j]->data = data->partitions[i]; + break; + } } - ret = ldb_next_request(next, req); - talloc_free(next); + ret = partition_request(data->partitions[i]->module, req); if (ret != LDB_SUCCESS) { return ret; } @@ -630,15 +763,13 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque return ret; } timestamp = date_req->op.seq_num.seq_num; - + /* Look at base DN */ /* Figure out which partition it is under */ /* Skip the lot if 'data' isn't here yet (initialistion) */ for (i=0; data && data->partitions && data->partitions[i]; i++) { - struct ldb_module *next = make_module_for_next_request(req, module->ldb, data->partitions[i]->module); - - ret = ldb_next_request(next, date_req); - talloc_free(next); + + ret = partition_request(data->partitions[i]->module, req); if (ret != LDB_SUCCESS) { return ret; } @@ -651,7 +782,7 @@ static int partition_sequence_number(struct ldb_module *module, struct ldb_reque switch (req->op.seq_num.flags) { case LDB_SEQ_NEXT: case LDB_SEQ_HIGHEST_SEQ: - + req->op.seq_num.flags = 0; /* Has someone above set a timebase sequence? */ @@ -705,7 +836,6 @@ static int partition_extended_schema_update_now(struct ldb_module *module, struc struct partition_private_data *data; struct ldb_dn *schema_dn; struct partition_context *ac; - struct ldb_module *backend; int ret; schema_dn = talloc_get_type(req->op.extended.data, struct ldb_dn); @@ -724,30 +854,33 @@ static int partition_extended_schema_update_now(struct ldb_module *module, struc return ldb_next_request(module, req); } - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - backend = make_module_for_next_request(req, module->ldb, partition->module); - if (!backend) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ret = ldb_request_add_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID, false, partition); + /* we need to add a control but we never touch the original request */ + ret = partition_prep_request(ac, partition); if (ret != LDB_SUCCESS) { return ret; } - return ldb_next_request(backend, req); + /* fire the first one */ + return partition_call_first(ac); } /* extended */ static int partition_extended(struct ldb_module *module, struct ldb_request *req) { + struct partition_private_data *data; struct partition_context *ac; + data = talloc_get_type(module->private_data, struct partition_private_data); + if (!data || !data->partitions) { + return ldb_next_request(module, req); + } + if (strcmp(req->op.extended.oid, DSDB_EXTENDED_REPLICATED_OBJECTS_OID) == 0) { return partition_extended_replicated_objects(module, req); } @@ -762,27 +895,23 @@ static int partition_extended(struct ldb_module *module, struct ldb_request *req * we need to send it to all partitions */ - ac = partition_init_handle(req, module); + ac = partition_init_ctx(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - + return partition_send_all(module, ac, req); } -static int sort_compare(void *void1, - void *void2, void *opaque) +static int partition_sort_compare(const void *v1, const void *v2) { - struct dsdb_control_current_partition **pp1 = - (struct dsdb_control_current_partition **)void1; - struct dsdb_control_current_partition **pp2 = - (struct dsdb_control_current_partition **)void2; - struct dsdb_control_current_partition *partition1 = talloc_get_type(*pp1, - struct dsdb_control_current_partition); - struct dsdb_control_current_partition *partition2 = talloc_get_type(*pp2, - struct dsdb_control_current_partition); - - return ldb_dn_compare(partition1->dn, partition2->dn); + struct dsdb_control_current_partition *p1; + struct dsdb_control_current_partition *p2; + + p1 = *((struct dsdb_control_current_partition **)v1); + p2 = *((struct dsdb_control_current_partition **)v2); + + return ldb_dn_compare(p1->dn, p2->dn); } static int partition_init(struct ldb_module *module) @@ -888,8 +1017,8 @@ static int partition_init(struct ldb_module *module) data->partitions[i] = NULL; /* sort these into order, most to least specific */ - ldb_qsort(data->partitions, partition_attributes->num_values, sizeof(*data->partitions), - module->ldb, sort_compare); + qsort(data->partitions, partition_attributes->num_values, + sizeof(*data->partitions), partition_sort_compare); for (i=0; data->partitions[i]; i++) { struct ldb_request *req; @@ -902,8 +1031,19 @@ static int partition_init(struct ldb_module *module) req->operation = LDB_REQ_REGISTER_PARTITION; req->op.reg_partition.dn = data->partitions[i]->dn; + req->callback = ldb_op_default_callback; + + ldb_set_timeout(module->ldb, req, 0); + + req->handle = ldb_handle_new(req, module->ldb); + if (req->handle == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } ret = ldb_request(module->ldb, req); + if (ret == LDB_SUCCESS) { + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + } if (ret != LDB_SUCCESS) { ldb_debug(module->ldb, LDB_DEBUG_ERROR, "partition: Unable to register partition with rootdse!\n"); talloc_free(mem_ctx); @@ -921,7 +1061,7 @@ static int partition_init(struct ldb_module *module) talloc_free(mem_ctx); return LDB_ERR_OPERATIONS_ERROR; } - + for (i=0; i < replicate_attributes->num_values; i++) { data->replicate[i] = ldb_dn_from_ldb_val(data->replicate, module->ldb, &replicate_attributes->values[i]); if (!ldb_dn_validate(data->replicate[i])) { @@ -1016,72 +1156,6 @@ static int partition_init(struct ldb_module *module) return ldb_next_init(module); } -static int partition_wait_none(struct ldb_handle *handle) { - struct partition_context *ac; - int ret; - int i; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct partition_context); - - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - - -static int partition_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = partition_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int partition_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return partition_wait_all(handle); - } else { - return partition_wait_none(handle); - } -} - _PUBLIC_ const struct ldb_module_ops ldb_partition_module_ops = { .name = "partition", .init_context = partition_init, @@ -1095,5 +1169,4 @@ _PUBLIC_ const struct ldb_module_ops ldb_partition_module_ops = { .start_transaction = partition_start_trans, .end_transaction = partition_end_trans, .del_transaction = partition_del_trans, - .wait = partition_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 6faef63c3d..e36de3c5c4 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1,7 +1,7 @@ /* ldb database module - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005-2006 Copyright (C) Andrew Tridgell 2004 Copyright (C) Stefan Metzmacher 2007 @@ -73,23 +73,16 @@ struct ph_context { - enum ph_type {PH_ADD, PH_MOD} type; - enum ph_step {PH_ADD_SEARCH_DOM, PH_ADD_DO_ADD, PH_MOD_DO_REQ, PH_MOD_SEARCH_SELF, PH_MOD_SEARCH_DOM, PH_MOD_DO_MOD} step; - struct ldb_module *module; - struct ldb_request *orig_req; + struct ldb_request *req; struct ldb_request *dom_req; struct ldb_reply *dom_res; - struct ldb_request *down_req; - - struct ldb_request *search_req; struct ldb_reply *search_res; - struct ldb_request *mod_req; - struct dom_sid *domain_sid; + struct domain_data *domain; }; struct domain_data { @@ -1378,168 +1371,193 @@ static int setup_password_fields(struct setup_password_fields_io *io) return LDB_SUCCESS; } -static struct ldb_handle *ph_init_handle(struct ldb_request *req, struct ldb_module *module, enum ph_type type) +static struct ph_context *ph_init_context(struct ldb_module *module, + struct ldb_request *req) { struct ph_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - - ac = talloc_zero(h, struct ph_context); + ac = talloc_zero(req, struct ph_context); if (ac == NULL) { ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); return NULL; } - h->private_data = (void *)ac; - - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->type = type; ac->module = module; - ac->orig_req = req; + ac->req = req; - return h; + return ac; } -static int get_domain_data_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ph_op_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ph_context *ac; - ac = talloc_get_type(context, struct ph_context); + ac = talloc_get_type(req->context, struct ph_context); - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { - if (ac->dom_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); - talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->dom_res = talloc_steal(ac, ares); - } else { - talloc_free(ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - return LDB_SUCCESS; -} - -static int build_domain_data_request(struct ph_context *ac) -{ - /* attrs[] is returned from this function in - ac->dom_req->op.search.attrs, so it must be static, as - otherwise the compiler can put it on the stack */ - static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; - char *filter; - - ac->dom_req = talloc_zero(ac, struct ldb_request); - if (ac->dom_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - ac->dom_req->operation = LDB_SEARCH; - ac->dom_req->op.search.base = ldb_get_default_basedn(ac->module->ldb); - ac->dom_req->op.search.scope = LDB_SCOPE_SUBTREE; - filter = talloc_asprintf(ac->dom_req, - "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", - ldap_encode_ndr_dom_sid(ac->dom_req, ac->domain_sid)); - if (filter == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - talloc_free(ac->dom_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->dom_req->op.search.tree = ldb_parse_tree(ac->dom_req, filter); - if (ac->dom_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); - talloc_free(ac->dom_req); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ac->dom_req->op.search.attrs = attrs; - ac->dom_req->controls = NULL; - ac->dom_req->context = ac; - ac->dom_req->callback = get_domain_data_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->dom_req); - return LDB_SUCCESS; + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } -static struct domain_data *get_domain_data(struct ldb_module *module, void *ctx, struct ldb_reply *res) +static int password_hash_add_do_add(struct ph_context *ac); +static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares); +static int password_hash_mod_search_self(struct ph_context *ac); +static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares); +static int password_hash_mod_do_mod(struct ph_context *ac); + +static int get_domain_data_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct domain_data *data; - const char *tmp; struct ph_context *ac; + int ret; + char *tmp; char *p; - ac = talloc_get_type(ctx, struct ph_context); + ac = talloc_get_type(req->context, struct ph_context); - data = talloc_zero(ac, struct domain_data); - if (data == NULL) { - return NULL; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - if (res == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Could not find this user's domain: %s!\n", dom_sid_string(data, ac->domain_sid)); - talloc_free(data); - return NULL; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - data->pwdProperties= samdb_result_uint(res->message, "pwdProperties", 0); - data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT; - data->pwdHistoryLength = samdb_result_uint(res->message, "pwdHistoryLength", 0); + switch (ares->type) { + case LDB_REPLY_ENTRY: + if (ac->domain != NULL) { + ldb_set_errstring(ac->module->ldb, "Too many results"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - /* For a domain DN, this puts things in dotted notation */ - /* For builtin domains, this will give details for the host, - * but that doesn't really matter, as it's just used for salt - * and kerberos principals, which don't exist here */ + data = talloc_zero(ac, struct domain_data); + if (data == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - tmp = ldb_dn_canonical_string(ctx, res->message->dn); - if (!tmp) { - return NULL; - } - - /* But it puts a trailing (or just before 'builtin') / on things, so kill that */ - p = strchr(tmp, '/'); - if (p) { - p[0] = '\0'; - } + data->pwdProperties = samdb_result_uint(ares->message, "pwdProperties", 0); + data->store_cleartext = data->pwdProperties & DOMAIN_PASSWORD_STORE_CLEARTEXT; + data->pwdHistoryLength = samdb_result_uint(ares->message, "pwdHistoryLength", 0); + + /* For a domain DN, this puts things in dotted notation */ + /* For builtin domains, this will give details for the host, + * but that doesn't really matter, as it's just used for salt + * and kerberos principals, which don't exist here */ + + tmp = ldb_dn_canonical_string(data, ares->message->dn); + if (!tmp) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* But it puts a trailing (or just before 'builtin') / on things, so kill that */ + p = strchr(tmp, '/'); + if (p) { + p[0] = '\0'; + } - if (tmp != NULL) { data->dns_domain = strlower_talloc(data, tmp); if (data->dns_domain == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } data->realm = strupper_talloc(data, tmp); if (data->realm == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + /* FIXME: NetbIOS name is *always* the first domain component ?? -SSS */ p = strchr(tmp, '.'); if (p) { p[0] = '\0'; } data->netbios_domain = strupper_talloc(data, tmp); if (data->netbios_domain == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "Out of memory!\n"); - return NULL; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + talloc_free(tmp); + ac->domain = data; + break; + + case LDB_REPLY_DONE: + + /* call the next step */ + switch (ac->req->operation) { + case LDB_ADD: + ret = password_hash_add_do_add(ac); + break; + + case LDB_MODIFY: + ret = password_hash_mod_do_mod(ac); + break; + + default: + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; } - return data; + talloc_free(ares); + return LDB_SUCCESS; +} + +static int build_domain_data_request(struct ph_context *ac) +{ + /* attrs[] is returned from this function in + ac->dom_req->op.search.attrs, so it must be static, as + otherwise the compiler can put it on the stack */ + static const char * const attrs[] = { "pwdProperties", "pwdHistoryLength", NULL }; + char *filter; + + filter = talloc_asprintf(ac, + "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + return ldb_build_search_req(&ac->dom_req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, get_domain_data_callback, + ac->req); } static int password_hash_add(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; @@ -1558,7 +1576,7 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* nobody must touch this fields */ + /* nobody must touch these fields */ if (ldb_msg_find_element(req->op.add.message, "ntPwdHistory")) { return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -1617,16 +1635,16 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_CONSTRAINT_VIOLATION; } - h = ph_init_handle(req, module, PH_ADD); - if (!h) { + ac = ph_init_context(module, req); + if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_context); /* get user domain data */ ac->domain_sid = samdb_result_sid_prefix(ac, req->op.add.message, "objectSid"); if (ac->domain_sid == NULL) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "can't handle entry with missing objectSid!\n"); return LDB_ERR_OPERATIONS_ERROR; } @@ -1635,51 +1653,33 @@ static int password_hash_add(struct ldb_module *module, struct ldb_request *req) return ret; } - ac->step = PH_ADD_SEARCH_DOM; - - req->handle = h; - return ldb_next_request(module, ac->dom_req); } -static int password_hash_add_do_add(struct ldb_handle *h) { +static int password_hash_add_do_add(struct ph_context *ac) { - struct ph_context *ac; - struct domain_data *domain; + struct ldb_request *down_req; struct smb_krb5_context *smb_krb5_context; struct ldb_message *msg; struct setup_password_fields_io io; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); - - domain = get_domain_data(ac->module, ac, ac->dom_res); - if (domain == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->down_req = talloc(ac, struct ldb_request); - if (ac->down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->down_req) = *(ac->orig_req); - ac->down_req->op.add.message = msg = ldb_msg_copy_shallow(ac->down_req, ac->orig_req->op.add.message); - if (ac->down_req->op.add.message == NULL) { + msg = ldb_msg_copy_shallow(ac, ac->req->op.add.message); + if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->down_req, - ldb_get_opaque(h->module->ldb, "EventContext"), - (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), + if (smb_krb5_init_context(ac, + ldb_get_event_context(ac->module->ldb), + (struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } ZERO_STRUCT(io); io.ac = ac; - io.domain = domain; + io.domain = ac->domain; io.smb_krb5_context = smb_krb5_context; io.u.user_account_control = samdb_result_uint(msg, "userAccountControl", 0); @@ -1756,27 +1756,27 @@ static int password_hash_add_do_add(struct ldb_handle *h) { return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = PH_ADD_DO_ADD; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->down_req); + ret = ldb_build_add_req(&down_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, ph_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } - /* perform the operation */ - return ldb_next_request(ac->module, ac->down_req); + return ldb_next_request(ac->module, down_req); } -static int password_hash_mod_search_self(struct ldb_handle *h); - static int password_hash_modify(struct ldb_module *module, struct ldb_request *req) { - struct ldb_handle *h; struct ph_context *ac; struct ldb_message_element *sambaAttr; struct ldb_message_element *ntAttr; struct ldb_message_element *lmAttr; struct ldb_message *msg; + struct ldb_request *down_req; + int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "password_hash_modify\n"); @@ -1824,83 +1824,143 @@ static int password_hash_modify(struct ldb_module *module, struct ldb_request *r return LDB_ERR_CONSTRAINT_VIOLATION; } - h = ph_init_handle(req, module, PH_MOD); - if (!h) { + ac = ph_init_context(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ac = talloc_get_type(h->private_data, struct ph_context); - /* return or own handle to deal with this call */ - req->handle = h; - - /* prepare the first operation */ - ac->down_req = talloc_zero(ac, struct ldb_request); - if (ac->down_req == NULL) { - ldb_set_errstring(module->ldb, "Out of memory!"); + /* use a new message structure so that we can modify it */ + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); + if (msg == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - *(ac->down_req) = *req; /* copy the request */ - - /* use a new message structure so that we can modify it */ - ac->down_req->op.mod.message = msg = ldb_msg_copy_shallow(ac->down_req, req->op.mod.message); - - /* - remove any imodification to the password from the first commit + /* - remove any modification to the password from the first commit * we will make the real modification later */ if (sambaAttr) ldb_msg_remove_attr(msg, "userPassword"); if (ntAttr) ldb_msg_remove_attr(msg, "unicodePwd"); if (lmAttr) ldb_msg_remove_attr(msg, "dBCSPwd"); - /* if there was nothing else to be modify skip to next step */ + /* if there was nothing else to be modified skip to next step */ if (msg->num_elements == 0) { - talloc_free(ac->down_req); - ac->down_req = NULL; - return password_hash_mod_search_self(h); + return password_hash_mod_search_self(ac); } - - ac->down_req->context = NULL; - ac->down_req->callback = NULL; - ac->step = PH_MOD_DO_REQ; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, ph_modify_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; + } - ldb_set_timeout_from_prev_req(module->ldb, req, ac->down_req); + return ldb_next_request(module, down_req); +} - return ldb_next_request(module, ac->down_req); +static int ph_modify_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ph_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct ph_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + ret = password_hash_mod_search_self(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + talloc_free(ares); + return LDB_SUCCESS; } -static int get_self_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int ph_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ph_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct ph_context); - ac = talloc_get_type(context, struct ph_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* we are interested only in the single reply (base search) */ + switch (ares->type) { + case LDB_REPLY_ENTRY: - /* we are interested only in the single reply (base search) we receive here */ - if (ares->type == LDB_REPLY_ENTRY) { if (ac->search_res != NULL) { - ldb_set_errstring(ldb, "Too many results"); + ldb_set_errstring(ac->module->ldb, "Too many results"); talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } /* if it is not an entry of type person this is an error */ - /* TODO: remove this when userPassword will be in schema */ + /* TODO: remove this when sambaPassword will be in schema */ if (!ldb_msg_check_string_attribute(ares->message, "objectClass", "person")) { - ldb_set_errstring(ldb, "Object class violation"); + ldb_set_errstring(ac->module->ldb, "Object class violation"); talloc_free(ares); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OBJECT_CLASS_VIOLATION); } ac->search_res = talloc_steal(ac, ares); - } else { - talloc_free(ares); + return LDB_SUCCESS; + + case LDB_REPLY_DONE: + + /* get object domain sid */ + ac->domain_sid = samdb_result_sid_prefix(ac, + ac->search_res->message, + "objectSid"); + if (ac->domain_sid == NULL) { + ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, + "can't handle entry without objectSid!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* get user domain data */ + ret = build_domain_data_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL,ret); + } + + return ldb_next_request(ac->module, ac->dom_req); + + case LDB_REPLY_REFERRAL: + /*ignore anything else for now */ + break; } + talloc_free(ares); return LDB_SUCCESS; } -static int password_hash_mod_search_self(struct ldb_handle *h) { +static int password_hash_mod_search_self(struct ph_context *ac) { - struct ph_context *ac; static const char * const attrs[] = { "userAccountControl", "lmPwdHistory", "ntPwdHistory", "objectSid", "msDS-KeyVersionNumber", @@ -1909,64 +1969,28 @@ static int password_hash_mod_search_self(struct ldb_handle *h) { "dBCSPwd", "unicodePwd", "supplementalCredentials", NULL }; - - ac = talloc_get_type(h->private_data, struct ph_context); - - /* prepare the search operation */ - ac->search_req = talloc_zero(ac, struct ldb_request); - if (ac->search_req == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "Out of Memory!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->search_req->operation = LDB_SEARCH; - ac->search_req->op.search.base = ac->orig_req->op.mod.message->dn; - ac->search_req->op.search.scope = LDB_SCOPE_BASE; - ac->search_req->op.search.tree = ldb_parse_tree(ac->search_req, NULL); - if (ac->search_req->op.search.tree == NULL) { - ldb_set_errstring(ac->module->ldb, "Invalid search filter"); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->search_req->op.search.attrs = attrs; - ac->search_req->controls = NULL; - ac->search_req->context = ac; - ac->search_req->callback = get_self_callback; - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->search_req); - - ac->step = PH_MOD_SEARCH_SELF; - - return ldb_next_request(ac->module, ac->search_req); -} - -static int password_hash_mod_search_dom(struct ldb_handle *h) { - - struct ph_context *ac; + struct ldb_request *search_req; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->req->op.mod.message->dn, + LDB_SCOPE_BASE, + "(objectclass=*)", + attrs, + NULL, + ac, ph_mod_search_callback, + ac->req); - /* get object domain sid */ - ac->domain_sid = samdb_result_sid_prefix(ac, ac->search_res->message, "objectSid"); - if (ac->domain_sid == NULL) { - ldb_debug(ac->module->ldb, LDB_DEBUG_ERROR, "can't handle entry with missing objectSid!\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* get user domain data */ - ret = build_domain_data_request(ac); if (ret != LDB_SUCCESS) { return ret; } - ac->step = PH_MOD_SEARCH_DOM; - - return ldb_next_request(ac->module, ac->dom_req); + return ldb_next_request(ac->module, search_req); } -static int password_hash_mod_do_mod(struct ldb_handle *h) { +static int password_hash_mod_do_mod(struct ph_context *ac) { - struct ph_context *ac; - struct domain_data *domain; + struct ldb_request *mod_req; struct smb_krb5_context *smb_krb5_context; struct ldb_message *msg; struct ldb_message *orig_msg; @@ -1974,43 +1998,29 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { struct setup_password_fields_io io; int ret; - ac = talloc_get_type(h->private_data, struct ph_context); - - domain = get_domain_data(ac->module, ac, ac->dom_res); - if (domain == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ac->mod_req = talloc(ac, struct ldb_request); - if (ac->mod_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - *(ac->mod_req) = *(ac->orig_req); - /* use a new message structure so that we can modify it */ - ac->mod_req->op.mod.message = msg = ldb_msg_new(ac->mod_req); + msg = ldb_msg_new(ac); if (msg == NULL) { return LDB_ERR_OPERATIONS_ERROR; } /* modify dn */ - msg->dn = ac->orig_req->op.mod.message->dn; + msg->dn = ac->req->op.mod.message->dn; /* Some operations below require kerberos contexts */ - if (smb_krb5_init_context(ac->mod_req, - ldb_get_opaque(h->module->ldb, "EventContext"), - (struct loadparm_context *)ldb_get_opaque(h->module->ldb, "loadparm"), + if (smb_krb5_init_context(ac, + ldb_get_event_context(ac->module->ldb), + (struct loadparm_context *)ldb_get_opaque(ac->module->ldb, "loadparm"), &smb_krb5_context) != 0) { return LDB_ERR_OPERATIONS_ERROR; } - orig_msg = discard_const(ac->orig_req->op.mod.message); + orig_msg = discard_const(ac->req->op.mod.message); searched_msg = ac->search_res->message; ZERO_STRUCT(io); io.ac = ac; - io.domain = domain; + io.domain = ac->domain; io.smb_krb5_context = smb_krb5_context; io.u.user_account_control = samdb_result_uint(searched_msg, "userAccountControl", 0); @@ -2093,189 +2103,20 @@ static int password_hash_mod_do_mod(struct ldb_handle *h) { return ret; } - h->state = LDB_ASYNC_INIT; - h->status = LDB_SUCCESS; - - ac->step = PH_MOD_DO_MOD; - - ldb_set_timeout_from_prev_req(ac->module->ldb, ac->orig_req, ac->mod_req); - - /* perform the search */ - return ldb_next_request(ac->module, ac->mod_req); -} - -static int ph_wait(struct ldb_handle *handle) { - struct ph_context *ac; - int ret; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct ph_context); - - switch (ac->step) { - case PH_ADD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->dom_req->handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->handle->status; - goto done; - } - - if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* domain search done, go on */ - return password_hash_add_do_add(handle); - - case PH_ADD_DO_ADD: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - case PH_MOD_DO_REQ: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* non-password mods done, go on */ - return password_hash_mod_search_self(handle); - - case PH_MOD_SEARCH_SELF: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS) { - handle->status = ac->search_req->handle->status; - goto done; - } - - if (ac->search_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - if (ac->search_res == NULL) { - return LDB_ERR_NO_SUCH_OBJECT; - } - - /* self search done, go on */ - return password_hash_mod_search_dom(handle); - - case PH_MOD_SEARCH_DOM: - ret = ldb_wait(ac->dom_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->dom_req->handle->status != LDB_SUCCESS) { - handle->status = ac->dom_req->handle->status; - goto done; - } - - if (ac->dom_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - /* domain search done, go on */ - return password_hash_mod_do_mod(handle); - - case PH_MOD_DO_MOD: - ret = ldb_wait(ac->mod_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->mod_req->handle->status != LDB_SUCCESS) { - handle->status = ac->mod_req->handle->status; - goto done; - } - - if (ac->mod_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - - default: - ret = LDB_ERR_OPERATIONS_ERROR; - goto done; - } - - ret = LDB_SUCCESS; - -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int ph_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = ph_wait(handle); - if (ret != LDB_SUCCESS) { - return ret; - } + ret = ldb_build_mod_req(&mod_req, ac->module->ldb, ac, + msg, + ac->req->controls, + ac, ph_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; } - return handle->status; -} - -static int password_hash_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return ph_wait_all(handle); - } else { - return ph_wait(handle); - } + return ldb_next_request(ac->module, mod_req); } _PUBLIC_ const struct ldb_module_ops ldb_password_hash_module_ops = { .name = "password_hash", .add = password_hash_add, .modify = password_hash_modify, - .wait = password_hash_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index d0a315e45a..171832bbb4 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -50,6 +50,14 @@ struct proxy_data { const char **newstr; }; +struct proxy_ctx { + struct ldb_module *module; + struct ldb_request *req; + +#ifdef DEBUG_PROXY + int count; +#endif +}; /* load the @PROXYINFO record @@ -62,7 +70,6 @@ static int load_proxy_info(struct ldb_module *module) int ret; const char *olddn, *newdn, *url, *username, *password, *oldstr, *newstr; struct cli_credentials *creds; - /* see if we have already loaded it */ if (proxy->upstream != NULL) { @@ -105,7 +112,7 @@ static int load_proxy_info(struct ldb_module *module) goto failed; } - proxy->upstream = ldb_init(proxy); + proxy->upstream = ldb_init(proxy, ldb_get_event_context(ldb)); if (proxy->upstream == NULL) { ldb_oom(module->ldb); goto failed; @@ -180,10 +187,10 @@ static void proxy_convert_blob(TALLOC_CTX *mem_ctx, struct ldb_val *v, /* convert a returned value */ -static void proxy_convert_value(struct ldb_module *module, struct ldb_message *msg, struct ldb_val *v) +static void proxy_convert_value(struct proxy_data *proxy, struct ldb_message *msg, struct ldb_val *v) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int i; + for (i=0;proxy->oldstr[i];i++) { char *p = strcasestr((char *)v->data, proxy->oldstr[i]); if (p == NULL) continue; @@ -195,20 +202,21 @@ static void proxy_convert_value(struct ldb_module *module, struct ldb_message *m /* convert a returned value */ -static struct ldb_parse_tree *proxy_convert_tree(struct ldb_module *module, +static struct ldb_parse_tree *proxy_convert_tree(TALLOC_CTX *mem_ctx, + struct proxy_data *proxy, struct ldb_parse_tree *tree) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int i; - char *expression = ldb_filter_from_tree(module, tree); + char *expression = ldb_filter_from_tree(mem_ctx, tree); + for (i=0;proxy->newstr[i];i++) { struct ldb_val v; char *p = strcasestr(expression, proxy->newstr[i]); if (p == NULL) continue; v.data = (uint8_t *)expression; v.length = strlen(expression)+1; - proxy_convert_blob(module, &v, proxy->newstr[i], proxy->oldstr[i]); - return ldb_parse_tree(module, (const char *)v.data); + proxy_convert_blob(mem_ctx, &v, proxy->newstr[i], proxy->oldstr[i]); + return ldb_parse_tree(mem_ctx, (const char *)v.data); } return tree; } @@ -218,13 +226,14 @@ static struct ldb_parse_tree *proxy_convert_tree(struct ldb_module *module, /* convert a returned record */ -static void proxy_convert_record(struct ldb_module *module, struct ldb_message *msg) +static void proxy_convert_record(struct ldb_context *ldb, + struct proxy_data *proxy, + struct ldb_message *msg) { - struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); int attr, v; - + /* fix the message DN */ - if (ldb_dn_compare_base(module->ldb, proxy->olddn, msg->dn) == 0) { + if (ldb_dn_compare_base(ldb, proxy->olddn, msg->dn) == 0) { ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn)); ldb_dn_add_base(msg->dn, proxy->newdn); } @@ -232,21 +241,71 @@ static void proxy_convert_record(struct ldb_module *module, struct ldb_message * /* fix any attributes */ for (attr=0;attrnum_elements;attr++) { for (v=0;velements[attr].num_values;v++) { - proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]); } } /* fix any DN components */ for (attr=0;attrnum_elements;attr++) { for (v=0;velements[attr].num_values;v++) { - proxy_convert_value(module, msg, &msg->elements[attr].values[v]); + proxy_convert_value(proxy, msg, &msg->elements[attr].values[v]); } } } +static int proxy_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct proxy_data *proxy; + struct proxy_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct proxy_ctx); + proxy = talloc_get_type(ac->module->private_data, struct proxy_data); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* Only entries are interesting, and we only want the olddn */ + switch (ares->type) { + case LDB_REPLY_ENTRY: + +#ifdef DEBUG_PROXY + ac->count++; +#endif + proxy_convert_record(ac->module->ldb, proxy, ares->message); + ret = ldb_module_send_entry(ac->req, ares->message); + break; + + case LDB_REPLY_REFERRAL: + + /* ignore remote referrals */ + break; + + case LDB_REPLY_DONE: + +#ifdef DEBUG_PROXY + printf("# record %d\n", ac->count+1); +#endif + + return ldb_module_done(ac->req, NULL, NULL, LDB_SUCCESS); + } + + talloc_free(ares); + return ret; +} + /* search */ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *req) { + struct proxy_ctx *ac; + struct ldb_parse_tree *newtree; struct proxy_data *proxy = talloc_get_type(module->private_data, struct proxy_data); struct ldb_request *newreq; struct ldb_dn *base; @@ -259,7 +318,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } if (load_proxy_info(module) != 0) { - return -1; + return LDB_ERR_OPERATIONS_ERROR; } /* see if the dn is within olddn */ @@ -267,47 +326,50 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re goto passthru; } - newreq = talloc(module, struct ldb_request); - if (newreq == NULL) { - return -1; + ac = talloc(req, struct proxy_ctx); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - newreq->op.search.tree = proxy_convert_tree(module, req->op.search.tree); + ac->module = module; + ac->req = req; +#ifdef DEBUG_PROXY + ac->count = 0; +#endif + + newtree = proxy_convert_tree(ac, proxy, req->op.search.tree); /* convert the basedn of this search */ - base = ldb_dn_copy(proxy, req->op.search.base); + base = ldb_dn_copy(ac, req->op.search.base); if (base == NULL) { - talloc_free(newreq); goto failed; } ldb_dn_remove_base_components(base, ldb_dn_get_comp_num(proxy->newdn)); ldb_dn_add_base(base, proxy->olddn); ldb_debug(module->ldb, LDB_DEBUG_FATAL, "proxying: '%s' with dn '%s' \n", - ldb_filter_from_tree(proxy, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); + ldb_filter_from_tree(ac, newreq->op.search.tree), ldb_dn_get_linearized(newreq->op.search.base)); for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { ldb_debug(module->ldb, LDB_DEBUG_FATAL, "attr: '%s'\n", req->op.search.attrs[i]); } - newreq->op.search.base = base; - newreq->op.search.scope = req->op.search.scope; - newreq->op.search.attrs = req->op.search.attrs; - newreq->op.search.res = req->op.search.res; - newreq->controls = req->controls; + ret = ldb_build_search_req_ex(&newreq, module->ldb, ac, + base, req->op.search.scope, + newtree, req->op.search.attrs, + req->controls, + ac, proxy_search_callback, + req); + + /* FIXME: warning, need a real event system hooked up for this to work properly, + * for now this makes the module *not* ASYNC */ ret = ldb_request(proxy->upstream, newreq); if (ret != LDB_SUCCESS) { ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); - talloc_free(newreq); - return -1; } - - for (i = 0; i < newreq->op.search.res->count; i++) { - printf("# record %d\n", i+1); - - proxy_convert_record(module, newreq->op.search.res->msgs[i]); + ret = ldb_wait(newreq->handle, LDB_WAIT_ALL); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(module->ldb, ldb_errstring(proxy->upstream)); } - - talloc_free(newreq); return ret; failed: diff --git a/source4/dsdb/samdb/ldb_modules/ranged_results.c b/source4/dsdb/samdb/ldb_modules/ranged_results.c index c6ebea1044..b8e43a7e88 100644 --- a/source4/dsdb/samdb/ldb_modules/ranged_results.c +++ b/source4/dsdb/samdb/ldb_modules/ranged_results.c @@ -32,57 +32,89 @@ #include "ldb_includes.h" struct rr_context { - struct ldb_request *orig_req; - struct ldb_request *down_req; + struct ldb_module *module; + struct ldb_request *req; }; -static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static struct rr_context *rr_init_context(struct ldb_module *module, + struct ldb_request *req) { - struct rr_context *rr_context = talloc_get_type(context, struct rr_context); - struct ldb_request *orig_req = rr_context->orig_req; + struct rr_context *ac; + + ac = talloc_zero(req, struct rr_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +static int rr_search_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct rr_context *ac; int i, j; - - if (ares->type != LDB_REPLY_ENTRY) { - return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); + + ac = talloc_get_type(req->context, struct rr_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type == LDB_REPLY_REFERRAL) { + return ldb_module_send_referral(ac->req, ares->referral); } + if (ares->type == LDB_REPLY_DONE) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + /* LDB_REPLY_ENTRY */ + /* Find those that are range requests from the attribute list */ - for (i = 0; orig_req->op.search.attrs[i]; i++) { + for (i = 0; ac->req->op.search.attrs[i]; i++) { char *p, *new_attr; const char *end_str; unsigned int start, end, orig_num_values; struct ldb_message_element *el; struct ldb_val *orig_values; - p = strchr(orig_req->op.search.attrs[i], ';'); + p = strchr(ac->req->op.search.attrs[i], ';'); if (!p) { continue; } if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { - } else if (sscanf(p, ";range=%u-*", &start) == 1) { - end = (unsigned int)-1; - } else { - continue; + if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + if (sscanf(p, ";range=%u-*", &start) == 1) { + end = (unsigned int)-1; + } else { + continue; + } } - new_attr = talloc_strndup(orig_req, - orig_req->op.search.attrs[i], - (unsigned int)(p-orig_req->op.search.attrs[i])); + new_attr = talloc_strndup(ac->req, + ac->req->op.search.attrs[i], + (size_t)(p - ac->req->op.search.attrs[i])); if (!new_attr) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } el = ldb_msg_find_element(ares->message, new_attr); talloc_free(new_attr); if (!el) { continue; } - if (start > end) { - ldb_asprintf_errstring(ldb, "range request error: start must not be greater than end"); - return LDB_ERR_UNWILLING_TO_PERFORM; - } if (end >= (el->num_values - 1)) { /* Need to leave the requested attribute in * there (so add an empty one to match) */ @@ -91,11 +123,12 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb } else { end_str = talloc_asprintf(el, "%u", end); if (!end_str) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } } - /* If start is greater then where we noe find the end to be */ + /* If start is greater then where we are find the end to be */ if (start > end) { el->num_values = 0; el->values = NULL; @@ -104,16 +137,19 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb orig_num_values = el->num_values; if ((start + end < start) || (start + end < end)) { - ldb_asprintf_errstring(ldb, "range request error: start or end would overflow!"); - return LDB_ERR_UNWILLING_TO_PERFORM; + ldb_asprintf_errstring(ac->module->ldb, + "range request error: start or end would overflow!"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_UNWILLING_TO_PERFORM); } el->num_values = 0; el->values = talloc_array(el, struct ldb_val, (end - start) + 1); if (!el->values) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } for (j=start; j <= end; j++) { el->values[el->num_values] = orig_values[j]; @@ -122,13 +158,13 @@ static int rr_search_callback(struct ldb_context *ldb, void *context, struct ldb } el->name = talloc_asprintf(el, "%s;range=%u-%s", el->name, start, end_str); if (!el->name) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } } - return rr_context->orig_req->callback(ldb, rr_context->orig_req->context, ares); - + return ldb_module_send_entry(ac->req, ares->message); } /* search */ @@ -137,8 +173,10 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) int i; unsigned int start, end; const char **new_attrs = NULL; - struct rr_context *context; bool found_rr = false; + struct ldb_request *down_req; + struct rr_context *ac; + int ret; /* Strip the range request from the attribute */ for (i = 0; req->op.search.attrs && req->op.search.attrs[i]; i++) { @@ -146,19 +184,21 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) new_attrs = talloc_realloc(req, new_attrs, const char *, i+2); new_attrs[i] = req->op.search.attrs[i]; new_attrs[i+1] = NULL; - p = strchr(req->op.search.attrs[i], ';'); + p = strchr(new_attrs[i], ';'); if (!p) { continue; } if (strncasecmp(p, ";range=", strlen(";range=")) != 0) { continue; } - if (sscanf(p, ";range=%u-%u", &start, &end) == 2) { - } else if (sscanf(p, ";range=%u-*", &start) == 1) { - end = (unsigned int)-1; - } else { - ldb_asprintf_errstring(module->ldb, "range request error: range requst malformed"); - return LDB_ERR_UNWILLING_TO_PERFORM; + end = (unsigned int)-1; + if (sscanf(p, ";range=%u-*", &start) != 1) { + if (sscanf(p, ";range=%u-%u", &start, &end) != 2) { + ldb_asprintf_errstring(module->ldb, + "range request error: " + "range request malformed"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } } if (start > end) { ldb_asprintf_errstring(module->ldb, "range request error: start must not be greater than end"); @@ -166,9 +206,8 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) } found_rr = true; - new_attrs[i] = talloc_strndup(new_attrs, - req->op.search.attrs[i], - (unsigned int)(p-req->op.search.attrs[i])); + new_attrs[i] = talloc_strndup(new_attrs, new_attrs[i], + (size_t)(p - new_attrs[i])); if (!new_attrs[i]) { ldb_oom(module->ldb); @@ -177,27 +216,27 @@ static int rr_search(struct ldb_module *module, struct ldb_request *req) } if (found_rr) { - int ret; - context = talloc(req, struct rr_context); - context->orig_req = req; - context->down_req = talloc(context, struct ldb_request); - *context->down_req = *req; - - context->down_req->op.search.attrs = new_attrs; - - context->down_req->callback = rr_search_callback; - context->down_req->context = context; - - ret = ldb_next_request(module, context->down_req); - - /* We don't need to implement our own 'wait' function, so pass the handle along */ - if (ret == LDB_SUCCESS) { - req->handle = context->down_req->handle; + ac = rr_init_context(module, req); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + new_attrs, + req->controls, + ac, rr_search_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + return ldb_next_request(module, down_req); } /* No change, just run the original request as if we were never here */ + talloc_free(new_attrs); return ldb_next_request(module, req); } diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c index fbaf461a3f..13a979b6f8 100644 --- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c +++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c @@ -1,7 +1,7 @@ /* ldb database library - Copyright (C) Simo Sorce 2004-2006 + Copyright (C) Simo Sorce 2004-2008 Copyright (C) Andrew Bartlett 2005 Copyright (C) Andrew Tridgell 2005 Copyright (C) Stefan Metzmacher 2007 @@ -51,8 +51,7 @@ struct replmd_replicated_request { struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; + struct ldb_request *req; const struct dsdb_schema *schema; @@ -63,59 +62,23 @@ struct replmd_replicated_request { uint32_t index_current; - struct { - TALLOC_CTX *mem_ctx; - struct ldb_request *search_req; - struct ldb_message *search_msg; - int search_ret; - struct ldb_request *change_req; - int change_ret; - } sub; + struct ldb_message *search_msg; }; -static struct replmd_replicated_request *replmd_replicated_init_handle(struct ldb_module *module, - struct ldb_request *req, - struct dsdb_extended_replicated_objects *objs) +static struct replmd_replicated_request *replmd_ctx_init(struct ldb_module *module, + struct ldb_request *req) { - struct replmd_replicated_request *ar; - struct ldb_handle *h; - const struct dsdb_schema *schema; - - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "replmd_replicated_init_handle: no loaded schema found\n"); - return NULL; - } + struct replmd_replicated_request *ac; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - h->state = LDB_ASYNC_PENDING; - h->status = LDB_SUCCESS; - - ar = talloc_zero(h, struct replmd_replicated_request); - if (ar == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ac = talloc_zero(req, struct replmd_replicated_request); + if (ac == NULL) { + ldb_oom(module->ldb); return NULL; } - h->private_data = ar; - - ar->module = module; - ar->handle = h; - ar->orig_req = req; - ar->schema = schema; - ar->objs = objs; - - req->handle = h; - - return ar; + ac->module = module; + ac->req = req; + return ac; } /* @@ -239,34 +202,37 @@ static void replmd_ldb_message_sort(struct ldb_message *msg, discard_const_p(void, schema), (ldb_qsort_cmp_fn_t)replmd_ldb_message_element_attid_sort); } -static int replmd_prepare_originating(struct ldb_module *module, struct ldb_request *req, - struct ldb_dn *dn, const char *fn_name, - int (*fn)(struct ldb_module *, - struct ldb_request *, - const struct dsdb_schema *)) +static int replmd_op_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema; - - /* do not manipulate our control entries */ - if (ldb_dn_is_special(dn)) { - return ldb_next_request(module, req); + struct replmd_replicated_request *ac; + + ac = talloc_get_type(req->context, struct replmd_replicated_request); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - schema = dsdb_get_schema(module->ldb); - if (!schema) { - ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "%s: no dsdb_schema loaded", - fn_name); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "invalid ldb_reply_type in callback"); + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - return fn(module, req, schema); + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); } -static int replmd_add_originating(struct ldb_module *module, - struct ldb_request *req, - const struct dsdb_schema *schema) +static int replmd_add(struct ldb_module *module, struct ldb_request *req) { + struct replmd_replicated_request *ac; + const struct dsdb_schema *schema; enum ndr_err_code ndr_err; struct ldb_request *down_req; struct ldb_message *msg; @@ -283,11 +249,30 @@ static int replmd_add_originating(struct ldb_module *module, int ret; uint32_t i, ni=0; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add_originating\n"); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { + return ldb_next_request(module, req); + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_add\n"); + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + + ac = replmd_ctx_init(module, req); + if (!ac) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->schema = schema; if (ldb_msg_find_element(req->op.add.message, "objectGUID")) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: it's not allowed to add an object with objectGUID\n"); + "replmd_add: it's not allowed to add an object with objectGUID\n"); return LDB_ERR_UNWILLING_TO_PERFORM; } @@ -304,22 +289,13 @@ static int replmd_add_originating(struct ldb_module *module, our_invocation_id = samdb_ntds_invocation_id(module->ldb); if (!our_invocation_id) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: unable to find invocationId\n"); - return LDB_ERR_OPERATIONS_ERROR; - } - - /* create a copy of the request */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + "replmd_add: unable to find invocationId\n"); return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; /* we have to copy the message as the caller might have it as a const */ - down_req->op.add.message = msg = ldb_msg_copy_shallow(down_req, req->op.add.message); + msg = ldb_msg_copy_shallow(ac, req->op.add.message); if (msg == NULL) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -328,7 +304,6 @@ static int replmd_add_originating(struct ldb_module *module, unix_to_nt_time(&now, t); time_str = ldb_timestring(msg, t); if (!time_str) { - talloc_free(down_req); return LDB_ERR_OPERATIONS_ERROR; } @@ -346,7 +321,6 @@ static int replmd_add_originating(struct ldb_module *module, */ ret = ldb_msg_add_string(msg, "whenCreated", time_str); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -359,7 +333,6 @@ static int replmd_add_originating(struct ldb_module *module, struct replPropertyMetaData1, nmd.ctr.ctr1.count); if (!nmd.ctr.ctr1.array) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -374,9 +347,8 @@ static int replmd_add_originating(struct ldb_module *module, sa = dsdb_attribute_by_lDAPDisplayName(schema, e->name); if (!sa) { ldb_debug_set(module->ldb, LDB_DEBUG_ERROR, - "replmd_add_originating: attribute '%s' not defined in schema\n", + "replmd_add: attribute '%s' not defined in schema\n", e->name); - talloc_free(down_req); return LDB_ERR_NO_SUCH_ATTRIBUTE; } @@ -422,7 +394,6 @@ static int replmd_add_originating(struct ldb_module *module, &nmd, (ndr_push_flags_fn_t)ndr_push_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -432,31 +403,26 @@ static int replmd_add_originating(struct ldb_module *module, */ ret = ldb_msg_add_value(msg, "objectGUID", &guid_value, NULL); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_string(msg, "whenChanged", time_str); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNCreated", seq_num); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = samdb_msg_add_uint64(module->ldb, msg, msg, "uSNChanged", seq_num); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } ret = ldb_msg_add_value(msg, "replPropertyMetaData", &nmd_value, NULL); if (ret != LDB_SUCCESS) { - talloc_free(down_req); ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } @@ -466,49 +432,54 @@ static int replmd_add_originating(struct ldb_module *module, */ replmd_ldb_message_sort(msg, schema); - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_add_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, replmd_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; -} - -static int replmd_add(struct ldb_module *module, struct ldb_request *req) -{ - return replmd_prepare_originating(module, req, req->op.add.message->dn, - "replmd_add", replmd_add_originating); + /* go on with the call chain */ + return ldb_next_request(module, down_req); } -static int replmd_modify_originating(struct ldb_module *module, - struct ldb_request *req, - const struct dsdb_schema *schema) +static int replmd_modify(struct ldb_module *module, struct ldb_request *req) { + struct replmd_replicated_request *ac; + const struct dsdb_schema *schema; struct ldb_request *down_req; struct ldb_message *msg; int ret; time_t t = time(NULL); uint64_t seq_num; - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify_originating\n"); + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.mod.message->dn)) { + return ldb_next_request(module, req); + } + + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "replmd_modify\n"); + + schema = dsdb_get_schema(module->ldb); + if (!schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, + "replmd_modify: no dsdb_schema loaded"); + return LDB_ERR_CONSTRAINT_VIOLATION; + } - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { + ac = replmd_ctx_init(module, req); + if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - *down_req = *req; + ac->schema = schema; /* we have to copy the message as the caller might have it as a const */ - down_req->op.mod.message = msg = ldb_msg_copy_shallow(down_req, req->op.mod.message); + msg = ldb_msg_copy_shallow(ac, req->op.mod.message); if (msg == NULL) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -525,7 +496,7 @@ static int replmd_modify_originating(struct ldb_module *module, */ if (add_time_element(msg, "whenChanged", t) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } @@ -533,7 +504,7 @@ static int replmd_modify_originating(struct ldb_module *module, ret = ldb_sequence_number(module->ldb, LDB_SEQ_NEXT, &seq_num); if (ret == LDB_SUCCESS) { if (add_uint64_element(msg, "uSNChanged", seq_num) != 0) { - talloc_free(down_req); + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } @@ -543,96 +514,71 @@ static int replmd_modify_originating(struct ldb_module *module, * - replace the old object with the newly constructed one */ - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; - } - - return ret; -} - -static int replmd_modify(struct ldb_module *module, struct ldb_request *req) -{ - return replmd_prepare_originating(module, req, req->op.mod.message->dn, - "replmd_modify", replmd_modify_originating); -} - -static int replmd_replicated_request_reply_helper(struct replmd_replicated_request *ar, int ret) -{ - struct ldb_reply *ares = NULL; - - ar->handle->status = ret; - ar->handle->state = LDB_ASYNC_DONE; - - if (!ar->orig_req->callback) { - return LDB_SUCCESS; - } - - /* we're done and need to report the success to the caller */ - ares = talloc_zero(ar, struct ldb_reply); - if (!ares) { - ar->handle->status = LDB_ERR_OPERATIONS_ERROR; - ar->handle->state = LDB_ASYNC_DONE; - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + msg, + req->controls, + ac, replmd_op_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } + talloc_steal(down_req, msg); - ares->type = LDB_REPLY_EXTENDED; - ares->response = NULL; - - return ar->orig_req->callback(ar->module->ldb, ar->orig_req->context, ares); -} - -static int replmd_replicated_request_done(struct replmd_replicated_request *ar) -{ - return replmd_replicated_request_reply_helper(ar, LDB_SUCCESS); + /* go on with the call chain */ + return ldb_next_request(module, down_req); } static int replmd_replicated_request_error(struct replmd_replicated_request *ar, int ret) { - return replmd_replicated_request_reply_helper(ar, ret); + return ret; } static int replmd_replicated_request_werror(struct replmd_replicated_request *ar, WERROR status) { int ret = LDB_ERR_OTHER; /* TODO: do some error mapping */ - return replmd_replicated_request_reply_helper(ar, ret); + return ret; } static int replmd_replicated_apply_next(struct replmd_replicated_request *ar); -static int replmd_replicated_apply_add_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_add_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); + int ret; - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + talloc_free(ares); ar->index_current++; - return replmd_replicated_apply_next(ar); -#else + ret = replmd_replicated_apply_next(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); + } + return LDB_SUCCESS; -#endif } static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *md; @@ -699,39 +645,17 @@ static int replmd_replicated_apply_add(struct replmd_replicated_request *ar) replmd_ldb_message_sort(msg, ar->schema); - ret = ldb_build_add_req(&ar->sub.change_req, + ret = ldb_build_add_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_apply_add_callback); + replmd_replicated_apply_add_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ar->module->ldb, "Failed to add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), - ldb_errstring(ar->module->ldb)); - return replmd_replicated_request_error(ar, ret); - } - - ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - ldb_asprintf_errstring(ar->module->ldb, "Failed while waiting on add replicated object %s: %s", ldb_dn_get_linearized(ar->sub.change_req->op.add.message->dn), - ldb_errstring(ar->module->ldb)); - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - ar->index_current++; - - return LDB_SUCCESS; -#endif + return ldb_next_request(ar->module, change_req); } static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMetaData1 *m1, @@ -755,35 +679,42 @@ static int replmd_replPropertyMetaData1_conflict_compare(struct replPropertyMeta return m1->originating_usn - m2->originating_usn; } -static int replmd_replicated_apply_merge_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_merge_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); + int ret; - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + talloc_free(ares); ar->index_current++; + ret = replmd_replicated_apply_next(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); + } + return LDB_SUCCESS; -#else - return LDB_SUCCESS; -#endif } static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replPropertyMetaDataBlob *rmd; @@ -804,11 +735,11 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) /* * TODO: add rename conflict handling */ - if (ldb_dn_compare(msg->dn, ar->sub.search_msg->dn) != 0) { + if (ldb_dn_compare(msg->dn, ar->search_msg->dn) != 0) { ldb_debug_set(ar->module->ldb, LDB_DEBUG_FATAL, "replmd_replicated_apply_merge[%u]: rename not supported", ar->index_current); ldb_debug(ar->module->ldb, LDB_DEBUG_FATAL, "%s => %s\n", - ldb_dn_get_linearized(ar->sub.search_msg->dn), + ldb_dn_get_linearized(ar->search_msg->dn), ldb_dn_get_linearized(msg->dn)); return replmd_replicated_request_werror(ar, WERR_NOT_SUPPORTED); } @@ -819,9 +750,9 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) } /* find existing meta data */ - omd_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replPropertyMetaData"); + omd_value = ldb_msg_find_ldb_val(ar->search_msg, "replPropertyMetaData"); if (omd_value) { - ndr_err = ndr_pull_struct_blob(omd_value, ar->sub.mem_ctx, + ndr_err = ndr_pull_struct_blob(omd_value, ar, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &omd, (ndr_pull_flags_fn_t)ndr_pull_replPropertyMetaDataBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -837,7 +768,7 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) ZERO_STRUCT(nmd); nmd.version = 1; nmd.ctr.ctr1.count = omd.ctr.ctr1.count + rmd->ctr.ctr1.count; - nmd.ctr.ctr1.array = talloc_array(ar->sub.mem_ctx, + nmd.ctr.ctr1.array = talloc_array(ar, struct replPropertyMetaData1, nmd.ctr.ctr1.count); if (!nmd.ctr.ctr1.array) return replmd_replicated_request_werror(ar, WERR_NOMEM); @@ -920,14 +851,16 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) if (msg->num_elements == 0) { ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: skip replace\n", ar->index_current); - goto next_object; + + ar->index_current++; + return replmd_replicated_apply_next(ar); } ldb_debug(ar->module->ldb, LDB_DEBUG_TRACE, "replmd_replicated_apply_merge[%u]: replace %u attributes\n", ar->index_current, msg->num_elements); /* - * when we now that we'll modify the record, add the whenChanged, uSNChanged + * when we know that we'll modify the record, add the whenChanged, uSNChanged * and replPopertyMetaData attributes */ ret = ldb_msg_add_string(msg, "whenChanged", ar->objs->objects[ar->index_current].when_changed); @@ -950,150 +883,123 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar) msg->elements[i].flags = LDB_FLAG_MOD_REPLACE; } - ret = ldb_build_mod_req(&ar->sub.change_req, + ret = ldb_build_mod_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_apply_merge_callback); + replmd_replicated_apply_merge_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.change_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - -next_object: - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - ar->index_current++; - - return LDB_SUCCESS; -#endif + return ldb_next_request(ar->module, change_req); } -static int replmd_replicated_apply_search_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_apply_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - bool is_done = false; + int ret; + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + ar->search_msg = talloc_steal(ar, ares->message); break; + case LDB_REPLY_REFERRAL: /* we ignore referrals */ break; - case LDB_REPLY_EXTENDED: - case LDB_REPLY_DONE: - is_done = true; - } - talloc_free(ares); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (is_done) { - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); + case LDB_REPLY_DONE: + if (ar->search_msg != NULL) { + ret = replmd_replicated_apply_merge(ar); + } else { + ret = replmd_replicated_apply_add(ar); } - if (ar->sub.search_msg) { - return replmd_replicated_apply_merge(ar); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); } - return replmd_replicated_apply_add(ar); } -#endif + + talloc_free(ares); return LDB_SUCCESS; } -static int replmd_replicated_apply_search(struct replmd_replicated_request *ar) +static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar); + +static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) { int ret; char *tmp_str; char *filter; + struct ldb_request *search_req; - tmp_str = ldb_binary_encode(ar->sub.mem_ctx, ar->objs->objects[ar->index_current].guid_value); + if (ar->index_current >= ar->objs->num_objects) { + /* done with it, go to the last op */ + return replmd_replicated_uptodate_vector(ar); + } + + ar->search_msg = NULL; + + tmp_str = ldb_binary_encode(ar, ar->objs->objects[ar->index_current].guid_value); if (!tmp_str) return replmd_replicated_request_werror(ar, WERR_NOMEM); - filter = talloc_asprintf(ar->sub.mem_ctx, "(objectGUID=%s)", tmp_str); + filter = talloc_asprintf(ar, "(objectGUID=%s)", tmp_str); if (!filter) return replmd_replicated_request_werror(ar, WERR_NOMEM); talloc_free(tmp_str); - ret = ldb_build_search_req(&ar->sub.search_req, + ret = ldb_build_search_req(&search_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, ar->objs->partition_dn, LDB_SCOPE_SUBTREE, filter, NULL, NULL, ar, - replmd_replicated_apply_search_callback); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.search_req); -#else - ret = ldb_next_request(ar->module, ar->sub.search_req); + replmd_replicated_apply_search_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS && ar->sub.search_ret != LDB_ERR_NO_SUCH_OBJECT) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); - } - if (ar->sub.search_msg) { - return replmd_replicated_apply_merge(ar); - } - - return replmd_replicated_apply_add(ar); -#endif + return ldb_next_request(ar->module, search_req); } -static int replmd_replicated_apply_next(struct replmd_replicated_request *ar) -{ -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (ar->index_current >= ar->objs->num_objects) { - return replmd_replicated_uptodate_vector(ar); - } -#endif - - ar->sub.mem_ctx = talloc_new(ar); - if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); - - return replmd_replicated_apply_search(ar); -} - -static int replmd_replicated_uptodate_modify_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_uptodate_modify_callback(struct ldb_request *req, struct ldb_reply *ares) { -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); } - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ar->module->ldb, "Invalid reply type\n!"); + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - return replmd_replicated_request_done(ar); -#else - return LDB_SUCCESS; -#endif + talloc_free(ares); + + return ldb_module_done(ar->req, NULL, NULL, LDB_SUCCESS); } static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1, @@ -1104,6 +1010,7 @@ static int replmd_drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplic static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *ar) { + struct ldb_request *change_req; enum ndr_err_code ndr_err; struct ldb_message *msg; struct replUpToDateVectorBlob ouv; @@ -1145,9 +1052,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* * first create the new replUpToDateVector */ - ouv_value = ldb_msg_find_ldb_val(ar->sub.search_msg, "replUpToDateVector"); + ouv_value = ldb_msg_find_ldb_val(ar->search_msg, "replUpToDateVector"); if (ouv_value) { - ndr_err = ndr_pull_struct_blob(ouv_value, ar->sub.mem_ctx, + ndr_err = ndr_pull_struct_blob(ouv_value, ar, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), &ouv, (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -1168,7 +1075,7 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a */ nuv.ctr.ctr2.count = 1 + ouv.ctr.ctr2.count; if (ruv) nuv.ctr.ctr2.count += ruv->count; - nuv.ctr.ctr2.cursors = talloc_array(ar->sub.mem_ctx, + nuv.ctr.ctr2.cursors = talloc_array(ar, struct drsuapi_DsReplicaCursor2, nuv.ctr.ctr2.count); if (!nuv.ctr.ctr2.cursors) return replmd_replicated_request_werror(ar, WERR_NOMEM); @@ -1269,9 +1176,9 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a /* * create the change ldb_message */ - msg = ldb_msg_new(ar->sub.mem_ctx); + msg = ldb_msg_new(ar); if (!msg) return replmd_replicated_request_werror(ar, WERR_NOMEM); - msg->dn = ar->sub.search_msg->dn; + msg->dn = ar->search_msg->dn; ndr_err = ndr_push_struct_blob(&nuv_value, msg, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), @@ -1304,12 +1211,12 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a * first see if we already have a repsFrom value for the current source dsa * if so we'll later replace this value */ - orf_el = ldb_msg_find_element(ar->sub.search_msg, "repsFrom"); + orf_el = ldb_msg_find_element(ar->search_msg, "repsFrom"); if (orf_el) { for (i=0; i < orf_el->num_values; i++) { struct repsFromToBlob *trf; - trf = talloc(ar->sub.mem_ctx, struct repsFromToBlob); + trf = talloc(ar, struct repsFromToBlob); if (!trf) return replmd_replicated_request_werror(ar, WERR_NOMEM); ndr_err = ndr_pull_struct_blob(&orf_el->values[i], trf, lp_iconv_convenience(ldb_get_opaque(ar->module->ldb, "loadparm")), trf, @@ -1378,72 +1285,62 @@ static int replmd_replicated_uptodate_modify(struct replmd_replicated_request *a nrf_el->flags = LDB_FLAG_MOD_REPLACE; /* prepare the ldb_modify() request */ - ret = ldb_build_mod_req(&ar->sub.change_req, + ret = ldb_build_mod_req(&change_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, msg, ar->controls, ar, - replmd_replicated_uptodate_modify_callback); + replmd_replicated_uptodate_modify_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.change_req); -#else - ret = ldb_next_request(ar->module, ar->sub.change_req); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - - ar->sub.change_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.change_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.change_ret); - } - - talloc_free(ar->sub.mem_ctx); - ZERO_STRUCT(ar->sub); - - return replmd_replicated_request_done(ar); -#endif + return ldb_next_request(ar->module, change_req); } -static int replmd_replicated_uptodate_search_callback(struct ldb_context *ldb, - void *private_data, +static int replmd_replicated_uptodate_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct replmd_replicated_request *ar = talloc_get_type(private_data, + struct replmd_replicated_request *ar = talloc_get_type(req->context, struct replmd_replicated_request); - bool is_done = false; + int ret; + + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS && + ares->error != LDB_ERR_NO_SUCH_OBJECT) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } switch (ares->type) { case LDB_REPLY_ENTRY: - ar->sub.search_msg = talloc_steal(ar->sub.mem_ctx, ares->message); + ar->search_msg = talloc_steal(ar, ares->message); break; + case LDB_REPLY_REFERRAL: /* we ignore referrals */ break; - case LDB_REPLY_EXTENDED: - case LDB_REPLY_DONE: - is_done = true; - } - - talloc_free(ares); -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - if (is_done) { - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); + case LDB_REPLY_DONE: + if (ar->search_msg == NULL) { + ret = replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + } else { + ret = replmd_replicated_uptodate_modify(ar); } - if (!ar->sub.search_msg) { - return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ar->req, NULL, NULL, ret); } - - return replmd_replicated_uptodate_modify(ar); } -#endif + + talloc_free(ares); return LDB_SUCCESS; } -static int replmd_replicated_uptodate_search(struct replmd_replicated_request *ar) + +static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar) { int ret; static const char *attrs[] = { @@ -1451,43 +1348,24 @@ static int replmd_replicated_uptodate_search(struct replmd_replicated_request *a "repsFrom", NULL }; + struct ldb_request *search_req; + + ar->search_msg = NULL; - ret = ldb_build_search_req(&ar->sub.search_req, + ret = ldb_build_search_req(&search_req, ar->module->ldb, - ar->sub.mem_ctx, + ar, ar->objs->partition_dn, LDB_SCOPE_BASE, "(objectClass=*)", attrs, NULL, ar, - replmd_replicated_uptodate_search_callback); - if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ - return ldb_next_request(ar->module, ar->sub.search_req); -#else - ret = ldb_next_request(ar->module, ar->sub.search_req); + replmd_replicated_uptodate_search_callback, + ar->req); if (ret != LDB_SUCCESS) return replmd_replicated_request_error(ar, ret); - ar->sub.search_ret = ldb_wait(ar->sub.search_req->handle, LDB_WAIT_ALL); - if (ar->sub.search_ret != LDB_SUCCESS) { - return replmd_replicated_request_error(ar, ar->sub.search_ret); - } - if (!ar->sub.search_msg) { - return replmd_replicated_request_werror(ar, WERR_DS_DRA_INTERNAL_ERROR); - } - - return replmd_replicated_uptodate_modify(ar); -#endif -} - -static int replmd_replicated_uptodate_vector(struct replmd_replicated_request *ar) -{ - ar->sub.mem_ctx = talloc_new(ar); - if (!ar->sub.mem_ctx) return replmd_replicated_request_werror(ar, WERR_NOMEM); - - return replmd_replicated_uptodate_search(ar); + return ldb_next_request(ar->module, search_req); } static int replmd_extended_replicated_objects(struct ldb_module *module, struct ldb_request *req) @@ -1511,9 +1389,16 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct return LDB_ERR_PROTOCOL_ERROR; } - ar = replmd_replicated_init_handle(module, req, objs); - if (!ar) { + ar = replmd_ctx_init(module, req); + if (!ar) return LDB_ERR_OPERATIONS_ERROR; + + ar->objs = objs; + ar->schema = dsdb_get_schema(module->ldb); + if (!ar->schema) { + ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, "replmd_ctx_init: no loaded schema found\n"); + talloc_free(ar); + return LDB_ERR_CONSTRAINT_VIOLATION; } ctrls = req->controls; @@ -1532,20 +1417,7 @@ static int replmd_extended_replicated_objects(struct ldb_module *module, struct ar->controls = req->controls; req->controls = ctrls; -#ifdef REPLMD_FULL_ASYNC /* TODO: activate this code when ldb support full async code */ return replmd_replicated_apply_next(ar); -#else - while (ar->index_current < ar->objs->num_objects && - req->handle->state != LDB_ASYNC_DONE) { - replmd_replicated_apply_next(ar); - } - - if (req->handle->state != LDB_ASYNC_DONE) { - replmd_replicated_uptodate_vector(ar); - } - - return LDB_SUCCESS; -#endif } static int replmd_extended(struct ldb_module *module, struct ldb_request *req) @@ -1557,53 +1429,9 @@ static int replmd_extended(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } -static int replmd_wait_none(struct ldb_handle *handle) { - struct replmd_replicated_request *ar; - - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - ar = talloc_get_type(handle->private_data, struct replmd_replicated_request); - if (!ar) { - return LDB_ERR_OPERATIONS_ERROR; - } - - /* we do only sync calls */ - if (handle->state != LDB_ASYNC_DONE) { - return LDB_ERR_OPERATIONS_ERROR; - } - - return handle->status; -} - -static int replmd_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = replmd_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int replmd_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return replmd_wait_all(handle); - } else { - return replmd_wait_none(handle); - } -} - _PUBLIC_ const struct ldb_module_ops ldb_repl_meta_data_module_ops = { .name = "repl_meta_data", .add = replmd_add, .modify = replmd_modify, .extended = replmd_extended, - .wait = replmd_wait }; diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index ebc90d4cf3..0d14a54464 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -4,7 +4,7 @@ rootDSE ldb module Copyright (C) Andrew Tridgell 2005 - Copyright (C) Simo Sorce 2005 + Copyright (C) Simo Sorce 2005-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -221,40 +221,77 @@ failed: struct rootdse_context { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - const char * const * attrs; + struct ldb_request *req; }; -static int rootdse_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static struct rootdse_context *rootdse_init_context(struct ldb_module *module, + struct ldb_request *req) +{ + struct rootdse_context *ac; + + ac = talloc_zero(req, struct rootdse_context); + if (ac == NULL) { + ldb_set_errstring(module->ldb, "Out of Memory"); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +static int rootdse_callback(struct ldb_request *req, struct ldb_reply *ares) { struct rootdse_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct rootdse_context); - ac = talloc_get_type(context, struct rootdse_context); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - if (ares->type == LDB_REPLY_ENTRY) { + switch (ares->type) { + case LDB_REPLY_ENTRY: /* * if the client explicit asks for the 'netlogon' attribute * the reply_entry needs to be skipped */ - if (ac->attrs && ldb_attr_in_list(ac->attrs, "netlogon")) { + if (ac->req->op.search.attrs && + ldb_attr_in_list(ac->req->op.search.attrs, "netlogon")) { talloc_free(ares); return LDB_SUCCESS; } /* for each record returned post-process to add any dynamic attributes that have been asked for */ - if (rootdse_add_dynamic(ac->module, ares->message, ac->attrs) != LDB_SUCCESS) { - goto error; + ret = rootdse_add_dynamic(ac->module, ares->message, + ac->req->op.search.attrs); + if (ret != LDB_SUCCESS) { + talloc_free(ares); + return ldb_module_done(ac->req, NULL, NULL, ret); } - } - return ac->up_callback(ldb, ac->up_context, ares); + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + /* should we allow the backend to return referrals in this case + * ?? */ + break; + + case LDB_REPLY_DONE: + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } -error: talloc_free(ares); - return LDB_ERR_OPERATIONS_ERROR; + return LDB_SUCCESS; } static int rootdse_search(struct ldb_module *module, struct ldb_request *req) @@ -270,48 +307,25 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - ac = talloc(req, struct rootdse_context); + ac = rootdse_init_context(module, req); if (ac == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ac->module = module; - ac->up_context = req->context; - ac->up_callback = req->callback; - ac->attrs = req->op.search.attrs; - - down_req = talloc_zero(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - down_req->operation = req->operation; /* in our db we store the rootDSE with a DN of @ROOTDSE */ - down_req->op.search.base = ldb_dn_new(down_req, module->ldb, "@ROOTDSE"); - down_req->op.search.scope = LDB_SCOPE_BASE; - down_req->op.search.tree = ldb_parse_tree(down_req, NULL); - if (down_req->op.search.base == NULL || down_req->op.search.tree == NULL) { - ldb_oom(module->ldb); - talloc_free(down_req); - return LDB_ERR_OPERATIONS_ERROR; - } - down_req->op.search.attrs = req->op.search.attrs; - down_req->controls = req->controls; - - down_req->context = ac; - down_req->callback = rootdse_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req(&down_req, module->ldb, ac, + ldb_dn_new(ac, module->ldb, "@ROOTDSE"), + LDB_SCOPE_BASE, + NULL, + req->op.search.attrs, + req->controls, + ac, rootdse_callback, + req); + if (ret != LDB_SUCCESS) { + return ret; } - return ret; + return ldb_next_request(module, down_req); } static int rootdse_register_control(struct ldb_module *module, struct ldb_request *req) @@ -332,9 +346,9 @@ static int rootdse_register_control(struct ldb_module *module, struct ldb_reques priv->num_controls += 1; priv->controls = list; - return LDB_SUCCESS; + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); } - + static int rootdse_register_partition(struct ldb_module *module, struct ldb_request *req) { struct private_data *priv = talloc_get_type(module->private_data, struct private_data); @@ -353,9 +367,9 @@ static int rootdse_register_partition(struct ldb_module *module, struct ldb_requ priv->num_partitions += 1; priv->partitions = list; - return LDB_SUCCESS; + return ldb_module_done(req, NULL, NULL, LDB_SUCCESS); } - + static int rootdse_request(struct ldb_module *module, struct ldb_request *req) { diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index cf720669b9..e4fc4908a4 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -1,8 +1,8 @@ -/* +/* SAM ldb module - Copyright (C) Simo Sorce 2004 Copyright (C) Andrew Bartlett 2005 + Copyright (C) Simo Sorce 2004-2008 * NOTICE: this module is NOT released under the GNU LGPL license as * other ldb code. This module is release under the GNU GPL v3 or @@ -12,12 +12,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -37,728 +37,1305 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_private.h" +#include "lib/events/events.h" #include "dsdb/samdb/samdb.h" #include "libcli/security/security.h" #include "librpc/gen_ndr/ndr_security.h" #include "util/util_ldb.h" +#include "ldb_wrap.h" + +struct samldb_ctx; + +typedef int (*samldb_step_fn_t)(struct samldb_ctx *); + +struct samldb_step { + struct samldb_step *next; + samldb_step_fn_t fn; +}; + +struct samldb_ctx { + struct ldb_module *module; + struct ldb_request *req; -int samldb_notice_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct dom_sid *sid); + /* the resulting message */ + struct ldb_message *msg; + + /* used to apply templates */ + const char *type; + + /* used to find parent domain */ + struct ldb_dn *check_dn; + struct ldb_dn *domain_dn; + struct dom_sid *domain_sid; + uint32_t next_rid; + + /* generic storage, remember to zero it before use */ + struct ldb_reply *ares; + + /* holds the entry SID */ + struct dom_sid *sid; + + /* all the async steps necessary to complete the operation */ + struct samldb_step *steps; + struct samldb_step *curstep; +}; -static bool samldb_msg_add_sid(struct ldb_module *module, struct ldb_message *msg, const char *name, const struct dom_sid *sid) +struct samldb_ctx *samldb_ctx_init(struct ldb_module *module, + struct ldb_request *req) { - struct ldb_val v; - enum ndr_err_code ndr_err; + struct samldb_ctx *ac; - ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, - (ndr_push_flags_fn_t)ndr_push_dom_sid); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return false; + ac = talloc_zero(req, struct samldb_ctx); + if (ac == NULL) { + ldb_oom(module->ldb); + return NULL; } - return (ldb_msg_add_value(msg, name, &v, NULL) == 0); + + ac->module = module; + ac->req = req; + + return ac; } -/* - allocate a new id, attempting to do it atomically - return 0 on failure, the id on success -*/ -static int samldb_set_next_rid(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, uint32_t old_id, uint32_t new_id) +static int samldb_add_step(struct samldb_ctx *ac, samldb_step_fn_t fn) { - struct ldb_message msg; - int ret; - struct ldb_val vals[2]; - struct ldb_message_element els[2]; + struct samldb_step *step; - if (new_id == 0) { - /* out of IDs ! */ - ldb_set_errstring(ldb, "Are we out of valid IDs ?\n"); + step = talloc_zero(ac, struct samldb_step); + if (step == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* we do a delete and add as a single operation. That prevents - a race, in case we are not actually on a transaction db */ - ZERO_STRUCT(msg); - msg.dn = ldb_dn_copy(mem_ctx, dn); - if (!msg.dn) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ac->steps == NULL) { + ac->steps = step; + ac->curstep = step; + } else { + ac->curstep->next = step; + ac->curstep = step; } - msg.num_elements = 2; - msg.elements = els; - els[0].num_values = 1; - els[0].values = &vals[0]; - els[0].flags = LDB_FLAG_MOD_DELETE; - els[0].name = talloc_strdup(mem_ctx, "nextRid"); - if (!els[0].name) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; - } + step->fn = fn; - els[1].num_values = 1; - els[1].values = &vals[1]; - els[1].flags = LDB_FLAG_MOD_ADD; - els[1].name = els[0].name; + return LDB_SUCCESS; +} - vals[0].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", old_id); - if (!vals[0].data) { - ldb_oom(ldb); +static int samldb_first_step(struct samldb_ctx *ac) +{ + if (ac->steps == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - vals[0].length = strlen((char *)vals[0].data); - vals[1].data = (uint8_t *)talloc_asprintf(mem_ctx, "%u", new_id); - if (!vals[1].data) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + ac->curstep = ac->steps; + return ac->curstep->fn(ac); +} + +static int samldb_next_step(struct samldb_ctx *ac) +{ + if (ac->curstep->next) { + ac->curstep = ac->curstep->next; + return ac->curstep->fn(ac); } - vals[1].length = strlen((char *)vals[1].data); - ret = ldb_modify(ldb, &msg); - return ret; + /* it is an error if the last step does not properly + * return to the upper module by itself */ + return LDB_ERR_OPERATIONS_ERROR; } -/* - allocate a new id, attempting to do it atomically - return 0 on failure, the id on success -*/ -static int samldb_find_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, uint32_t *old_rid) +static int samldb_search_template_callback(struct ldb_request *req, + struct ldb_reply *ares) { - const char * const attrs[2] = { "nextRid", NULL }; - struct ldb_result *res = NULL; + struct samldb_ctx *ac; int ret; - const char *str; - ret = ldb_search(module->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE, attrs, "nextRid=*"); - if (ret != LDB_SUCCESS) { - return ret; + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - if (res->count != 1) { - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); +#else + return ldb_request_done(req, ares->error); +#endif } - str = ldb_msg_find_attr_as_string(res->msgs[0], "nextRid", NULL); - if (str == NULL) { - ldb_asprintf_errstring(module->ldb, - "attribute nextRid not found in %s\n", - ldb_dn_get_linearized(dn)); - talloc_free(res); - return LDB_ERR_OPERATIONS_ERROR; + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->ares != NULL) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for template objects"); + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + + ac->ares = talloc_steal(ac, ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + talloc_free(ares); +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + ret = samldb_next_step(ac); +#else + return ldb_request_done(req, LDB_SUCCESS); +#endif + break; + } + +done: + if (ret != LDB_SUCCESS) { +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_module_done(ac->req, NULL, NULL, ret); +#else + return ldb_request_done(req, ret); +#endif } - *old_rid = strtol(str, NULL, 0); - talloc_free(res); return LDB_SUCCESS; } -static int samldb_allocate_next_rid(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dn, const struct dom_sid *dom_sid, - struct dom_sid **new_sid) +static int samldb_search_template(struct samldb_ctx *ac) { - struct dom_sid *obj_sid; - uint32_t old_rid; + struct event_context *ev; + struct loadparm_context *lparm_ctx; + struct ldb_context *templates_ldb; + char *templates_ldb_path; + struct ldb_request *req; + struct ldb_dn *basedn; + void *opaque; int ret; - - ret = samldb_find_next_rid(module, mem_ctx, dn, &old_rid); - if (ret) { - return ret; + + opaque = ldb_get_opaque(ac->module->ldb, "loadparm"); + lparm_ctx = talloc_get_type(opaque, struct loadparm_context); + if (lparm_ctx == NULL) { + ldb_set_errstring(ac->module->ldb, + "Unable to find loadparm context\n"); + return LDB_ERR_OPERATIONS_ERROR; } - - /* return the new object sid */ - obj_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid); - - *new_sid = dom_sid_add_rid(mem_ctx, dom_sid, old_rid + 1); - if (!*new_sid) { + + opaque = ldb_get_opaque(ac->module->ldb, "templates_ldb"); + templates_ldb = talloc_get_type(opaque, struct ldb_context); + + /* make sure we have the templates ldb */ + if (!templates_ldb) { + templates_ldb_path = samdb_relative_path(ac->module->ldb, ac, + "templates.ldb"); + if (!templates_ldb_path) { + ldb_set_errstring(ac->module->ldb, + "samldb_init_template: ERROR: Failed " + "to contruct path for template db"); + return LDB_ERR_OPERATIONS_ERROR; + } + + /* NOTE: this is a request on a different database! + * + * Therefore we need to do a bloody sync call + * otherwise the fake event queue will never call it + * as it runs on the main ldb context and knows + * nothing about the templates_ldb one */ +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + ev = ldb_get_event_context(ac->module->ldb); +#else + ev = event_context_init(NULL); +#endif + if (!talloc_reference(templates_ldb, ev)) { + return LDB_ERR_OPERATIONS_ERROR; + } + + templates_ldb = ldb_wrap_connect(ac->module->ldb, ev, + lparm_ctx, templates_ldb_path, + NULL, NULL, 0, NULL); + talloc_free(templates_ldb_path); + + if (!templates_ldb) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_set_opaque(ac->module->ldb, + "templates_ldb", templates_ldb); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + /* search template */ + basedn = ldb_dn_new_fmt(ac, templates_ldb, + "cn=Template%s,cn=Templates", ac->type); + if (basedn == NULL) { + ldb_set_errstring(ac->module->ldb, + "samldb_init_template: ERROR: Failed " + "to contruct DN for template"); return LDB_ERR_OPERATIONS_ERROR; } - ret = samldb_notice_sid(module, mem_ctx, *new_sid); - if (ret != 0) { - /* gah, there are conflicting sids. - * This is a critical situation it means that someone messed up with - * the DB and nextRid is not returning free RIDs, report an error - * and refuse to create any user until the problem is fixed */ - ldb_asprintf_errstring(module->ldb, - "Critical Error: unconsistent DB, unable to retireve an unique RID to generate a new SID: %s", - ldb_errstring(module->ldb)); + /* pull the template record */ + ret = ldb_build_search_req(&req, templates_ldb, ac, + basedn, LDB_SCOPE_BASE, + "(distinguishedName=*)", NULL, + NULL, + ac, samldb_search_template_callback, + ac->req); + if (ret != LDB_SUCCESS) { return ret; } - return ret; + + talloc_steal(req, basedn); + ac->ares = NULL; + + /* NOTE: this is a request on a different database! + * Therefore we need to do a bloody sync call + * otherwise the fake event queue will never call it + * as it runs on the main ldb context and knows + * nothing about the templates_ldb one */ +#ifdef REAL_EVENT_SYSTEM_HOOKED_UP + return ldb_request(templates_ldb, req); +#else + ret = ldb_request(templates_ldb, req); + if (ret != LDB_SUCCESS) { + return ret; + } + ret = ldb_wait(req->handle, LDB_WAIT_ALL); + if (ret != LDB_SUCCESS) { + return ret; + } + + return samldb_next_step(ac); +#endif } -/* search the domain related to the provided dn - allocate a new RID for the domain - return the new sid string -*/ -static int samldb_get_new_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, struct ldb_dn *obj_dn, - struct ldb_dn *dom_dn, - struct dom_sid **sid) +static int samldb_apply_template(struct samldb_ctx *ac) +{ + struct ldb_message_element *el; + struct ldb_message *msg; + int i, j; + int ret; + + msg = ac->ares->message; + + for (i = 0; i < msg->num_elements; i++) { + el = &msg->elements[i]; + /* some elements should not be copied */ + if (ldb_attr_cmp(el->name, "cn") == 0 || + ldb_attr_cmp(el->name, "name") == 0 || + ldb_attr_cmp(el->name, "objectClass") == 0 || + ldb_attr_cmp(el->name, "sAMAccountName") == 0 || + ldb_attr_cmp(el->name, "sAMAccountName") == 0 || + ldb_attr_cmp(el->name, "distinguishedName") == 0 || + ldb_attr_cmp(el->name, "objectGUID") == 0) { + continue; + } + for (j = 0; j < el->num_values; j++) { + ret = samdb_find_or_add_attribute( + ac->module->ldb, ac->msg, el->name, + (char *)el->values[j].data); + if (ret != LDB_SUCCESS) { + ldb_set_errstring(ac->module->ldb, + "Failed adding template attribute\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + } + } + + return samldb_next_step(ac); +} + +static int samldb_get_parent_domain(struct samldb_ctx *ac); + +static int samldb_get_parent_domain_callback(struct ldb_request *req, + struct ldb_reply *ares) { - const char * const attrs[2] = { "objectSid", NULL }; - struct ldb_result *res = NULL; + struct samldb_ctx *ac; + const char *nextRid; int ret; - struct dom_sid *dom_sid; - /* get the domain component part of the provided dn */ + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->domain_dn != NULL) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break;; + } + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_sid = samdb_result_dom_sid(ac, ares->message, + "objectSid"); + if (ac->domain_sid == NULL) { + ldb_set_errstring(ac->module->ldb, + "error retrieving parent domain domain sid!\n"); + ret = LDB_ERR_CONSTRAINT_VIOLATION; + break; + } + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: - /* find the domain sid */ + talloc_free(ares); + if (ac->domain_dn == NULL) { + /* search again */ + ret = samldb_get_parent_domain(ac); + } else { + /* found, go on */ + ret = samldb_next_step(ac); + } + break; + } - ret = ldb_search(module->ldb, mem_ctx, &res, dom_dn, LDB_SCOPE_BASE, attrs, "objectSid=*"); +done: if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_get_new_sid: error retrieving domain sid from %s: %s!\n", - ldb_dn_get_linearized(dom_dn), - ldb_errstring(module->ldb)); - talloc_free(res); - return ret; + return ldb_module_done(ac->req, NULL, NULL, ret); } - if (res->count != 1) { - ldb_asprintf_errstring(module->ldb, - "samldb_get_new_sid: error retrieving domain sid from %s: not found!\n", - ldb_dn_get_linearized(dom_dn)); - talloc_free(res); - return LDB_ERR_CONSTRAINT_VIOLATION; + return LDB_SUCCESS; +} + +/* Find a domain object in the parents of a particular DN. */ +static int samldb_get_parent_domain(struct samldb_ctx *ac) +{ + static const char * const attrs[3] = { "objectSid", "nextRid", NULL }; + struct ldb_request *req; + struct ldb_dn *dn; + int ret; + + if (ac->check_dn == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - dom_sid = samdb_result_dom_sid(res, res->msgs[0], "objectSid"); - if (dom_sid == NULL) { - ldb_set_errstring(module->ldb, "samldb_get_new_sid: error parsing domain sid!\n"); - talloc_free(res); + dn = ldb_dn_get_parent(ac, ac->check_dn); + if (dn == NULL) { + ldb_set_errstring(ac->module->ldb, + "Unable to find parent domain object"); return LDB_ERR_CONSTRAINT_VIOLATION; } - /* allocate a new Rid for the domain */ - ret = samldb_allocate_next_rid(module, mem_ctx, dom_dn, dom_sid, sid); - if (ret != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "Failed to increment nextRid of %s: %s\n", ldb_dn_get_linearized(dom_dn), ldb_errstring(module->ldb)); - talloc_free(res); + ac->check_dn = dn; + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + dn, LDB_SCOPE_BASE, + "(|(objectClass=domain)" + "(objectClass=builtinDomain)" + "(objectClass=samba4LocalDomain))", + attrs, + NULL, + ac, samldb_get_parent_domain_callback, + ac->req); + + if (ret != LDB_SUCCESS) { return ret; } - talloc_free(res); + return ldb_next_request(ac->module, req); +} - return ret; +static int samldb_generate_samAccountName(struct ldb_message *msg) +{ + char *name; + + /* Format: $000000-000000000000 */ + + name = talloc_asprintf(msg, "$%.6X-%.6X%.6X", + (unsigned int)generate_random(), + (unsigned int)generate_random(), + (unsigned int)generate_random()); + if (name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + return ldb_msg_add_steal_string(msg, "samAccountName", name); } -/* If we are adding new users/groups, we need to update the nextRid - * attribute to be 'above' all incoming users RIDs. This tries to - * avoid clashes in future */ +static int samldb_check_samAccountName_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + /* if we get an entry it means this samAccountName + * already exists */ + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_ENTRY_ALREADY_EXISTS); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + /* not found, go on */ + talloc_free(ares); + ret = samldb_next_step(ac); + break; + } + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } -int samldb_notice_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, const struct dom_sid *sid) + return LDB_SUCCESS; +} + +static int samldb_check_samAccountName(struct samldb_ctx *ac) { + struct ldb_request *req; + const char *name; + char *filter; int ret; - struct ldb_dn *dom_dn; - struct dom_sid *dom_sid; - const char *attrs[] = { NULL }; - struct ldb_result *dom_res; - struct ldb_result *res; - uint32_t old_rid; - - /* find if this SID already exists */ - ret = ldb_search(module->ldb, mem_ctx, &res, - NULL, LDB_SCOPE_SUBTREE, attrs, - "(objectSid=%s)", ldap_encode_ndr_dom_sid(mem_ctx, sid)); - if (ret == LDB_SUCCESS) { - if (res->count > 0) { - talloc_free(res); - ldb_asprintf_errstring(module->ldb, - "Attempt to add record with SID %s rejected," - " because this SID is already in the database", - dom_sid_string(mem_ctx, sid)); - /* We have a duplicate SID, we must reject the add */ - return LDB_ERR_CONSTRAINT_VIOLATION; + + if (ldb_msg_find_element(ac->msg, "samAccountName") == NULL) { + ret = samldb_generate_samAccountName(ac->msg); + if (ret != LDB_SUCCESS) { + return ret; } - talloc_free(res); - } else { - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error searching to see if sid %s is in use: %s\n", - dom_sid_string(mem_ctx, sid), - ldb_errstring(module->ldb)); - return ret; } - dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { + name = ldb_msg_find_attr_as_string(ac->msg, "samAccountName", NULL); + if (name == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + filter = talloc_asprintf(ac, "samAccountName=%s", name); + if (filter == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* get the domain component part of the provided SID */ - dom_sid->num_auths--; - - /* find the domain DN */ - ret = ldb_search(module->ldb, mem_ctx, &dom_res, - NULL, LDB_SCOPE_SUBTREE, attrs, - "(&(objectSid=%s)(|(|(objectClass=domain)(objectClass=builtinDomain))(objectClass=samba4LocalDomain)))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret == LDB_SUCCESS) { - if (dom_res->count == 0) { - talloc_free(dom_res); - /* This isn't an operation on a domain we know about, so nothing to update */ - return LDB_SUCCESS; - } - if (dom_res->count > 1) { - talloc_free(dom_res); - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error retrieving domain from sid: duplicate (found %d) domain: %s!\n", - dom_res->count, dom_sid_string(dom_res, dom_sid)); - return LDB_ERR_OPERATIONS_ERROR; - } - } else { - ldb_asprintf_errstring(module->ldb, - "samldb_notice_sid: error retrieving domain from sid: %s: %s\n", - dom_sid_string(dom_res, dom_sid), - ldb_errstring(module->ldb)); + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ac->domain_dn, LDB_SCOPE_SUBTREE, + filter, NULL, + NULL, + ac, samldb_check_samAccountName_callback, + ac->req); + talloc_free(filter); + if (ret != LDB_SUCCESS) { return ret; } + ac->ares = NULL; + return ldb_next_request(ac->module, req); +} - dom_dn = dom_res->msgs[0]->dn; +static int samldb_check_samAccountType(struct samldb_ctx *ac) +{ + unsigned int account_type; + unsigned int group_type; + unsigned int uac; + int ret; - ret = samldb_find_next_rid(module, mem_ctx, - dom_dn, &old_rid); - if (ret) { - talloc_free(dom_res); - return ret; + /* make sure sAMAccountType is not specified */ + if (ldb_msg_find_element(ac->msg, "sAMAccountType") != NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "sAMAccountType must not be specified"); + return LDB_ERR_UNWILLING_TO_PERFORM; } - if (old_rid <= sid->sub_auths[sid->num_auths - 1]) { - ret = samldb_set_next_rid(module->ldb, mem_ctx, dom_dn, old_rid, - sid->sub_auths[sid->num_auths - 1] + 1); + if (strcmp("user", ac->type) == 0) { + uac = samdb_result_uint(ac->msg, "userAccountControl", 0); + if (uac == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "userAccountControl invalid"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + account_type = samdb_uf2atype(uac); + ret = samdb_msg_add_uint(ac->module->ldb, + ac->msg, ac->msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } + } else + if (strcmp("group", ac->type) == 0) { + + group_type = samdb_result_uint(ac->msg, "groupType", 0); + if (group_type == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "groupType invalid"); + return LDB_ERR_UNWILLING_TO_PERFORM; + } else { + account_type = samdb_gtype2atype(group_type); + ret = samdb_msg_add_uint(ac->module->ldb, + ac->msg, ac->msg, + "sAMAccountType", + account_type); + if (ret != LDB_SUCCESS) { + return ret; + } + } } - talloc_free(dom_res); - return ret; + + return samldb_next_step(ac); } -static int samldb_handle_sid(struct ldb_module *module, - TALLOC_CTX *mem_ctx, struct ldb_message *msg2, - struct ldb_dn *parent_dn) +static int samldb_get_sid_domain_callback(struct ldb_request *req, + struct ldb_reply *ares) { + struct samldb_ctx *ac; + const char *nextRid; int ret; - - struct dom_sid *sid = samdb_result_dom_sid(mem_ctx, msg2, "objectSid"); - if (sid == NULL) { - ret = samldb_get_new_sid(module, msg2, msg2->dn, parent_dn, &sid); - if (ret != 0) { - return ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->next_rid != 0) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return LDB_ERR_OPERATIONS_ERROR; + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break; } - talloc_free(sid); + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + talloc_free(ares); ret = LDB_SUCCESS; - } else { - ret = samldb_notice_sid(module, msg2, sid); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + ret = LDB_SUCCESS; + break; + + case LDB_REPLY_DONE: + + if (ac->next_rid == 0) { + ldb_asprintf_errstring(ac->module->ldb, + "Unable to get nextRid from domain entry\n"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + /* found, go on */ + ret = samldb_next_step(ac); + break; + } + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - return ret; + + return LDB_SUCCESS; } -static int samldb_generate_samAccountName(struct ldb_module *module, TALLOC_CTX *mem_ctx, - struct ldb_dn *dom_dn, char **name) +/* Find a domain object in the parents of a particular DN. */ +static int samldb_get_sid_domain(struct samldb_ctx *ac) { - const char *attrs[] = { NULL }; - struct ldb_result *res; + static const char * const attrs[2] = { "nextRid", NULL }; + struct ldb_request *req; + char *filter; int ret; - - /* Format: $000000-000000000000 */ - - do { - *name = talloc_asprintf(mem_ctx, "$%.6X-%.6X%.6X", (unsigned int)generate_random(), (unsigned int)generate_random(), (unsigned int)generate_random()); - /* TODO: Figure out exactly what this is meant to conflict with */ - ret = ldb_search(module->ldb, - mem_ctx, &res, dom_dn, LDB_SCOPE_SUBTREE, attrs, - "samAccountName=%s", - ldb_binary_encode_string(mem_ctx, *name)); - if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, "samldb: Failure searching to determine if samAccountName %s is unique: %s", - *name, ldb_errstring(module->ldb)); - return ret; - } - if (res->count == 0) { - talloc_free(res); - /* Great. There are no conflicting users/groups/etc */ - return LDB_SUCCESS; - } else { - talloc_free(*name); - /* gah, there is a conflicting name, lets move around the loop again... */ - } - } while (1); + if (ac->sid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->domain_sid = dom_sid_dup(ac, ac->sid); + if (!ac->domain_sid) { + return LDB_ERR_OPERATIONS_ERROR; + } + /* get the domain component part of the provided SID */ + ac->domain_sid->num_auths--; + + filter = talloc_asprintf(ac, "(&(objectSid=%s)" + "(|(objectClass=domain)" + "(objectClass=builtinDomain)" + "(objectClass=samba4LocalDomain)))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_get_sid_domain_callback, + ac->req); + + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->next_rid = 0; + return ldb_next_request(ac->module, req); } -static int samldb_fill_group_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) +static bool samldb_msg_add_sid(struct ldb_message *msg, + const char *name, + const struct dom_sid *sid) { - int ret; - unsigned int group_type; - char *name; - struct ldb_message *msg2; - struct ldb_dn *dom_dn; - const char *rdn_name; - TALLOC_CTX *mem_ctx = talloc_new(msg); - const char *errstr; - if (!mem_ctx) { + struct ldb_val v; + enum ndr_err_code ndr_err; + + ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid, + (ndr_push_flags_fn_t)ndr_push_dom_sid); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return false; + } + return (ldb_msg_add_value(msg, name, &v, NULL) == 0); +} + +static int samldb_new_sid(struct samldb_ctx *ac) +{ + + if (ac->domain_sid == NULL || ac->next_rid == 0) { return LDB_ERR_OPERATIONS_ERROR; } - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + ac->sid = dom_sid_add_rid(ac, ac->domain_sid, ac->next_rid + 1); + if (ac->sid == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, - "group", - &errstr); - if (ret != 0) { - - talloc_free(mem_ctx); - return ret; + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { + return LDB_ERR_OPERATIONS_ERROR; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + return samldb_next_step(ac); +} - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_group_object: Bad RDN (%s) for group!\n", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; +static int samldb_check_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + /* if we get an entry it means an object with the + * requested sid exists */ + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_CONSTRAINT_VIOLATION); + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + + /* not found, go on */ + talloc_free(ares); + ret = samldb_next_step(ac); + break; } - ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; +} + +static int samldb_check_sid(struct samldb_ctx *ac) +{ + const char *const attrs[2] = { "objectSid", NULL }; + struct ldb_request *req; + char *filter; + int ret; + + if (ac->sid == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + filter = talloc_asprintf(ac, "(objectSid=%s)", + ldap_encode_ndr_dom_sid(ac, ac->sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_check_sid_callback, + ac->req); + if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_group_object: %s", errstr); return ret; } - /* Generate a random name, if no samAccountName was supplied */ - if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); - if (ret) { - talloc_free(mem_ctx); - return ret; - } + return ldb_next_request(ac->module, req); +} + +static int samldb_notice_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - - if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { - ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - group_type = samdb_result_uint(msg2, "groupType", 0); - if (group_type == 0) { - ldb_asprintf_errstring(module->ldb, "groupType invalid"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } else { - unsigned int account_type = samdb_gtype2atype(group_type); - ret = samdb_msg_add_uint(module->ldb, msg2, msg2, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; - } + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "Invalid reply type!\n"); + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); + ret = samldb_next_step(ac); - if (ret == LDB_SUCCESS) { - talloc_steal(msg, msg2); - *ret_msg = msg2; +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); } - talloc_free(mem_ctx); - return ret; + + return LDB_SUCCESS; } -static int samldb_fill_user_or_computer_object(struct ldb_module *module, const struct ldb_message *msg, struct ldb_message **ret_msg) +/* If we are adding new users/groups, we need to update the nextRid + * attribute to be 'above' the new/incoming RID. Attempt to do it + *atomically. */ +static int samldb_notice_sid(struct samldb_ctx *ac) { + uint32_t old_id, new_id; + struct ldb_request *req; + struct ldb_message *msg; + struct ldb_message_element *els; + struct ldb_val *vals; int ret; - char *name; - struct ldb_message *msg2; - struct ldb_dn *dom_dn; - const char *rdn_name; - TALLOC_CTX *mem_ctx = talloc_new(msg); - const char *errstr; - unsigned int user_account_control; - if (!mem_ctx) { + + old_id = ac->next_rid; + new_id = ac->sid->sub_auths[ac->sid->num_auths - 1]; + + if (old_id >= new_id) { + /* no need to update the domain nextRid attribute */ + return samldb_next_step(ac); + } + + /* we do a delete and add as a single operation. That prevents + a race, in case we are not actually on a transaction db */ + msg = talloc_zero(ac, struct ldb_message); + if (msg == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + els = talloc_array(msg, struct ldb_message_element, 2); + if (els == NULL) { + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } + vals = talloc_array(msg, struct ldb_val, 2); + if (vals == NULL) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + msg->dn = ac->domain_dn; + msg->num_elements = 2; + msg->elements = els; - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_user_or_computer_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + els[0].num_values = 1; + els[0].values = &vals[0]; + els[0].flags = LDB_FLAG_MOD_DELETE; + els[0].name = talloc_strdup(msg, "nextRid"); + if (!els[0].name) { + ldb_oom(ac->module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - ret = samdb_copy_template(module->ldb, msg2, - "user", - &errstr); - if (ret) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: Error copying user template: %s\n", - errstr); - talloc_free(mem_ctx); + els[1].num_values = 1; + els[1].values = &vals[1]; + els[1].flags = LDB_FLAG_MOD_ADD; + els[1].name = els[0].name; + + vals[0].data = (uint8_t *)talloc_asprintf(vals, "%u", old_id); + if (!vals[0].data) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + vals[0].length = strlen((char *)vals[0].data); + + vals[1].data = (uint8_t *)talloc_asprintf(vals, "%u", new_id); + if (!vals[1].data) { + ldb_oom(ac->module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + vals[1].length = strlen((char *)vals[1].data); + + ret = ldb_build_mod_req(&req, ac->module->ldb, ac, + msg, NULL, + ac, samldb_notice_sid_callback, + ac->req); + if (ret != LDB_SUCCESS) { return ret; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + return ldb_next_request(ac->module, req); +} - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for user/computer, should be CN=!\n", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; +static int samldb_add_entry_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, + "Invalid reply type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + /* we exit the samldb module here */ + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); +} - ret = samdb_search_for_parent_domain(module->ldb, mem_ctx, msg2->dn, &dom_dn, &errstr); +static int samldb_add_entry(struct samldb_ctx *ac) +{ + struct ldb_request *req; + int ret; + + ret = ldb_build_add_req(&req, ac->module->ldb, ac, + ac->msg, + ac->req->controls, + ac, samldb_add_entry_callback, + ac->req); if (ret != LDB_SUCCESS) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_user_or_computer_object: %s", errstr); return ret; } - if (ldb_msg_find_element(msg2, "samAccountName") == NULL) { - ret = samldb_generate_samAccountName(module, mem_ctx, dom_dn, &name); - if (ret != LDB_SUCCESS) { - talloc_free(mem_ctx); - return ret; - } - ret = samdb_find_or_add_attribute(module->ldb, msg2, "sAMAccountName", name); - if (ret) { - talloc_free(mem_ctx); - return ret; - } + return ldb_next_request(ac->module, req); +} + +static int samldb_fill_object(struct samldb_ctx *ac, const char *type) +{ + int ret; + + /* first look for the template */ + ac->type = type; + ret = samldb_add_step(ac, samldb_search_template); + if (ret != LDB_SUCCESS) return ret; + + /* then apply it */ + ret = samldb_add_step(ac, samldb_apply_template); + if (ret != LDB_SUCCESS) return ret; + + /* search for a parent domain objet */ + ac->check_dn = ac->req->op.add.message->dn; + ret = samldb_add_step(ac, samldb_get_parent_domain); + if (ret != LDB_SUCCESS) return ret; + + /* check if we have a valid samAccountName */ + ret = samldb_add_step(ac, samldb_check_samAccountName); + if (ret != LDB_SUCCESS) return ret; + + /* check account_type/group_type */ + ret = samldb_add_step(ac, samldb_check_samAccountType); + if (ret != LDB_SUCCESS) return ret; + + /* check if we have a valid SID */ + ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid"); + if ( ! ac->sid) { + ret = samldb_add_step(ac, samldb_new_sid); + if (ret != LDB_SUCCESS) return ret; + } else { + ret = samldb_add_step(ac, samldb_get_sid_domain); + if (ret != LDB_SUCCESS) return ret; } - if (ldb_msg_find_element(msg2, "sAMAccountType") != NULL) { - ldb_asprintf_errstring(module->ldb, "sAMAccountType must not be specified"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; + ret = samldb_add_step(ac, samldb_check_sid); + if (ret != LDB_SUCCESS) return ret; + + ret = samldb_add_step(ac, samldb_notice_sid); + if (ret != LDB_SUCCESS) return ret; + + /* finally proceed with adding the entry */ + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + + return samldb_first_step(ac); + + /* TODO: userAccountControl, badPwdCount, codePage, + * countryCode, badPasswordTime, lastLogoff, lastLogon, + * pwdLastSet, primaryGroupID, accountExpires, logonCount */ + +} + +static int samldb_foreign_notice_sid_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct samldb_ctx *ac; + const char *nextRid; + const char *name; + int ret; + + ac = talloc_get_type(req->context, struct samldb_ctx); + + if (!ares) { + ret = LDB_ERR_OPERATIONS_ERROR; + goto done; } - user_account_control = samdb_result_uint(msg2, "userAccountControl", 0); - if (user_account_control == 0) { - ldb_asprintf_errstring(module->ldb, "userAccountControl invalid"); - talloc_free(mem_ctx); - return LDB_ERR_UNWILLING_TO_PERFORM; - } else { - unsigned int account_type = samdb_uf2atype(user_account_control); - ret = samdb_msg_add_uint(module->ldb, msg2, msg2, - "sAMAccountType", - account_type); - if (ret != LDB_SUCCESS) { - return ret; - } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* Manage SID allocation, conflicts etc */ - ret = samldb_handle_sid(module, mem_ctx, msg2, dom_dn); + switch (ares->type) { + case LDB_REPLY_ENTRY: + /* save entry */ + if (ac->next_rid != 0) { + /* one too many! */ + ldb_set_errstring(ac->module->ldb, + "Invalid number of results while searching " + "for domain object"); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + nextRid = ldb_msg_find_attr_as_string(ares->message, + "nextRid", NULL); + if (nextRid == NULL) { + ldb_asprintf_errstring(ac->module->ldb, + "attribute nextRid not found in %s\n", + ldb_dn_get_linearized(ares->message->dn)); + ret = LDB_ERR_OPERATIONS_ERROR; + break; + } + + ac->next_rid = strtol(nextRid, NULL, 0); + + ac->domain_dn = talloc_steal(ac, ares->message->dn); + + name = samdb_result_string(ares->message, "name", NULL); + ldb_debug(ac->module->ldb, LDB_DEBUG_TRACE, + "NOTE (strange but valid): Adding foreign SID " + "record with SID %s, but this domain (%s) is " + "not foreign in the database", + dom_sid_string(ares, ac->sid), name); + + talloc_free(ares); + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + talloc_free(ares); + break; - /* TODO: userAccountControl, badPwdCount, codePage, countryCode, badPasswordTime, lastLogoff, lastLogon, pwdLastSet, primaryGroupID, accountExpires, logonCount */ + case LDB_REPLY_DONE: - if (ret == 0) { - *ret_msg = msg2; - talloc_steal(msg, msg2); + /* if this is a fake foreign SID, notice the SID */ + if (ac->domain_dn) { + ret = samldb_notice_sid(ac); + break; + } + + /* found, go on */ + ret = samldb_next_step(ac); + break; } - talloc_free(mem_ctx); - return ret; + +done: + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; } - -static int samldb_fill_foreignSecurityPrincipal_object(struct ldb_module *module, const struct ldb_message *msg, - struct ldb_message **ret_msg) + +/* Find a domain object in the parents of a particular DN. */ +static int samldb_foreign_notice_sid(struct samldb_ctx *ac) { - struct ldb_message *msg2; - const char *rdn_name; - struct dom_sid *dom_sid; - struct dom_sid *sid; - const char *dom_attrs[] = { "name", NULL }; - struct ldb_message **dom_msgs; - const char *errstr; + static const char * const attrs[3] = { "nextRid", "name", NULL }; + struct ldb_request *req; + char *filter; int ret; - TALLOC_CTX *mem_ctx = talloc_new(msg); - if (!mem_ctx) { + if (ac->sid == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* build the new msg */ - msg2 = ldb_msg_copy(mem_ctx, msg); - if (!msg2) { - ldb_debug(module->ldb, LDB_DEBUG_FATAL, "samldb_fill_foreignSecurityPrincipal_object: ldb_msg_copy failed!\n"); - talloc_free(mem_ctx); + ac->domain_sid = dom_sid_dup(ac, ac->sid); + if (!ac->domain_sid) { return LDB_ERR_OPERATIONS_ERROR; } + /* get the domain component part of the provided SID */ + ac->domain_sid->num_auths--; - ret = samdb_copy_template(module->ldb, msg2, - "ForeignSecurityPrincipal", - &errstr); - if (ret != 0) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_foreignSecurityPrincipal_object: " - "Error copying template: %s", - errstr); - talloc_free(mem_ctx); - return ret; + filter = talloc_asprintf(ac, "(&(objectSid=%s)(objectclass=domain))", + ldap_encode_ndr_dom_sid(ac, ac->domain_sid)); + if (filter == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - rdn_name = ldb_dn_get_rdn_name(msg2->dn); + ret = ldb_build_search_req(&req, ac->module->ldb, ac, + ldb_get_default_basedn(ac->module->ldb), + LDB_SCOPE_SUBTREE, + filter, attrs, + NULL, + ac, samldb_foreign_notice_sid_callback, + ac->req); - if (strcasecmp(rdn_name, "cn") != 0) { - ldb_asprintf_errstring(module->ldb, "Bad RDN (%s=) for ForeignSecurityPrincipal, should be CN=!", rdn_name); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; + if (ret != LDB_SUCCESS) { + return ret; } - sid = samdb_result_dom_sid(msg2, msg, "objectSid"); - if (!sid) { - /* Slightly different for the foreign sids. We don't want - * domain SIDs ending up there, it would cause all sorts of - * pain */ - - sid = dom_sid_parse_talloc(msg2, (const char *)ldb_dn_get_rdn_val(msg2->dn)->data); - if (!sid) { - ldb_set_errstring(module->ldb, "No valid found SID in ForeignSecurityPrincipal CN!"); - talloc_free(mem_ctx); - return LDB_ERR_CONSTRAINT_VIOLATION; - } + ac->next_rid = 0; + return ldb_next_request(ac->module, req); +} - if ( ! samldb_msg_add_sid(module, msg2, "objectSid", sid)) { - talloc_free(sid); - return LDB_ERR_OPERATIONS_ERROR; - } +static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac) +{ + int ret; - dom_sid = dom_sid_dup(mem_ctx, sid); - if (!dom_sid) { - talloc_free(mem_ctx); - return LDB_ERR_OPERATIONS_ERROR; + ac->sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid"); + if (ac->sid == NULL) { + ac->sid = dom_sid_parse_talloc(ac->msg, + (const char *)ldb_dn_get_rdn_val(ac->msg->dn)->data); + if (!ac->sid) { + ldb_set_errstring(ac->module->ldb, + "No valid found SID in " + "ForeignSecurityPrincipal CN!"); + talloc_free(ac); + return LDB_ERR_CONSTRAINT_VIOLATION; } - /* get the domain component part of the provided SID */ - dom_sid->num_auths--; - - /* find the domain DN */ - - ret = gendb_search(module->ldb, - mem_ctx, NULL, &dom_msgs, dom_attrs, - "(&(objectSid=%s)(objectclass=domain))", - ldap_encode_ndr_dom_sid(mem_ctx, dom_sid)); - if (ret >= 1) { - /* We don't really like the idea of foreign sids that are not foreign, but it happens */ - const char *name = samdb_result_string(dom_msgs[0], "name", NULL); - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "NOTE (strange but valid): Adding foreign SID record with SID %s, but this domian (%s) is already in the database", - dom_sid_string(mem_ctx, sid), name); - } else if (ret == -1) { - ldb_asprintf_errstring(module->ldb, - "samldb_fill_foreignSecurityPrincipal_object: error searching for a domain with this sid: %s\n", - dom_sid_string(mem_ctx, dom_sid)); - talloc_free(dom_msgs); + if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) { + talloc_free(ac); return LDB_ERR_OPERATIONS_ERROR; } } - /* This isn't an operation on a domain we know about, so just - * check for the SID, looking for duplicates via the common - * code */ - ret = samldb_notice_sid(module, msg2, sid); - if (ret == 0) { - talloc_steal(msg, msg2); - *ret_msg = msg2; - } - - return ret; + /* first look for the template */ + ac->type = "foreignSecurityPrincipal"; + ret = samldb_add_step(ac, samldb_search_template); + if (ret != LDB_SUCCESS) return ret; + + /* then apply it */ + ret = samldb_add_step(ac, samldb_apply_template); + if (ret != LDB_SUCCESS) return ret; + + /* check we do not already have this SID */ + ret = samldb_add_step(ac, samldb_check_sid); + if (ret != LDB_SUCCESS) return ret; + + /* check if we need to notice this SID */ + ret = samldb_add_step(ac, samldb_foreign_notice_sid); + if (ret != LDB_SUCCESS) return ret; + + /* finally proceed with adding the entry */ + ret = samldb_add_step(ac, samldb_add_entry); + if (ret != LDB_SUCCESS) return ret; + + return samldb_first_step(ac); } -/* add_record */ +static int samldb_check_rdn(struct ldb_module *module, struct ldb_dn *dn) +{ + const char *rdn_name; -/* - * FIXME - * - * Actually this module is not async at all as it does a number of sync searches - * in the process. It still to be decided how to deal with it properly so it is - * left SYNC for now until we think of a good solution. - */ + rdn_name = ldb_dn_get_rdn_name(dn); + + if (strcasecmp(rdn_name, "cn") != 0) { + ldb_asprintf_errstring(module->ldb, + "Bad RDN (%s=) for samldb object, " + "should be CN=!\n", rdn_name); + return LDB_ERR_CONSTRAINT_VIOLATION; + } + return LDB_SUCCESS; +} + +/* add_record */ static int samldb_add(struct ldb_module *module, struct ldb_request *req) { - const struct ldb_message *msg = req->op.add.message; - struct ldb_message *msg2 = NULL; - struct ldb_request *down_req; + struct samldb_ctx *ac; int ret; ldb_debug(module->ldb, LDB_DEBUG_TRACE, "samldb_add_record\n"); - if (ldb_dn_is_special(msg->dn)) { /* do not manipulate our control entries */ + /* do not manipulate our control entries */ + if (ldb_dn_is_special(req->op.add.message->dn)) { return ldb_next_request(module, req); } - /* is user or computer? */ - if ((samdb_find_attribute(module->ldb, msg, "objectclass", "user") != NULL) || - (samdb_find_attribute(module->ldb, msg, "objectclass", "computer") != NULL)) { - /* add all relevant missing objects */ - ret = samldb_fill_user_or_computer_object(module, msg, &msg2); - if (ret) { - return ret; - } + ac = samldb_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - /* is group? add all relevant missing objects */ - if ( ! msg2 ) { - if (samdb_find_attribute(module->ldb, msg, "objectclass", "group") != NULL) { - ret = samldb_fill_group_object(module, msg, &msg2); - if (ret) { - return ret; - } - } + /* build the new msg */ + ac->msg = ldb_msg_copy(ac, ac->req->op.add.message); + if (!ac->msg) { + talloc_free(ac); + ldb_debug(ac->module->ldb, LDB_DEBUG_FATAL, + "samldb_add: ldb_msg_copy failed!\n"); + return LDB_ERR_OPERATIONS_ERROR; } - /* perhaps a foreignSecurityPrincipal? */ - if ( ! msg2 ) { - if (samdb_find_attribute(module->ldb, msg, "objectclass", "foreignSecurityPrincipal") != NULL) { - ret = samldb_fill_foreignSecurityPrincipal_object(module, msg, &msg2); - if (ret) { - return ret; - } + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "computer") != NULL) { + + /* make sure the computer object also has the 'user' + * objectclass so it will be handled by the next call */ + ret = samdb_find_or_add_value(module->ldb, ac->msg, + "objectclass", "user"); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; } } - if (msg2 == NULL) { - return ldb_next_request(module, req); - } + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "user") != NULL) { - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } + + return samldb_fill_object(ac, "user"); } - *down_req = *req; - - down_req->op.add.message = talloc_steal(down_req, msg2); + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", "group") != NULL) { + + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); + return samldb_fill_object(ac, "group"); + } - /* go on with the call chain */ - ret = ldb_next_request(module, down_req); + /* perhaps a foreignSecurityPrincipal? */ + if (samdb_find_attribute(module->ldb, ac->msg, + "objectclass", + "foreignSecurityPrincipal") != NULL) { - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = samldb_check_rdn(module, ac->req->op.add.message->dn); + if (ret != LDB_SUCCESS) { + talloc_free(ac); + return ret; + } + + return samldb_fill_foreignSecurityPrincipal_object(ac); } - return ret; + talloc_free(ac); + + /* nothing matched, go on */ + return ldb_next_request(module, req); } /* modify */ @@ -777,6 +1354,8 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_UNWILLING_TO_PERFORM; } + /* TODO: do not modify original request, create a new one */ + el = ldb_msg_find_element(req->op.mod.message, "groupType"); if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) { req->op.mod.message = msg = ldb_msg_copy_shallow(req, req->op.mod.message); diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 4b6e9e1d47..56d24a2962 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -62,8 +62,10 @@ struct schema_fsmo_private_data { }; struct schema_fsmo_search_data { - struct schema_fsmo_private_data *module_context; - struct ldb_request *orig_req; + struct ldb_module *module; + struct ldb_request *req; + + const struct dsdb_schema *schema; }; static int schema_fsmo_init(struct ldb_module *module) @@ -325,41 +327,54 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message /* Add objectClasses, attributeTypes and dITContentRules from the schema object (they are not stored in the database) */ -static int schema_fsmo_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int schema_fsmo_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - const struct dsdb_schema *schema = dsdb_get_schema(ldb); - struct schema_fsmo_search_data *search_data = talloc_get_type(context, struct schema_fsmo_search_data); - struct ldb_request *orig_req = search_data->orig_req; - TALLOC_CTX *mem_ctx; + struct schema_fsmo_search_data *ac; + struct schema_fsmo_private_data *mc; int i, ret; - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type != LDB_REPLY_ENTRY) { - return orig_req->callback(ldb, orig_req->context, ares); - } + ac = talloc_get_type(req->context, struct schema_fsmo_search_data); + mc = talloc_get_type(ac->module->private_data, struct schema_fsmo_private_data); - if (ldb_dn_compare(ares->message->dn, search_data->module_context->aggregate_dn) != 0) { - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - - mem_ctx = talloc_new(ares); - if (!mem_ctx) { - ldb_oom(ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } + /* Only entries are interesting, and we handle the case of the parent seperatly */ - for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { - if (ldb_attr_in_list(orig_req->op.search.attrs, generated_attrs[i].attr)) { - ret = generated_attrs[i].fn(ldb, ares->message, schema); - if (ret != LDB_SUCCESS) { - return ret; + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, mc->aggregate_dn) != 0) { + return ldb_module_send_entry(ac->req, ares->message); + } + + for (i=0; i < ARRAY_SIZE(generated_attrs); i++) { + if (ldb_attr_in_list(ac->req->op.search.attrs, generated_attrs[i].attr)) { + ret = generated_attrs[i].fn(ac->module->ldb, ares->message, ac->schema); + if (ret != LDB_SUCCESS) { + return ret; + } } } + + return ldb_module_send_entry(ac->req, ares->message); + + case LDB_REPLY_REFERRAL: + + return ldb_module_send_referral(ac->req, ares->referral); + + case LDB_REPLY_DONE: + + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - talloc_free(mem_ctx); - return orig_req->callback(ldb, orig_req->context, ares); + return LDB_SUCCESS; } /* search */ @@ -390,27 +405,24 @@ static int schema_fsmo_search(struct ldb_module *module, struct ldb_request *req ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - down_req = talloc(req, struct ldb_request); - if (!down_req) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - *down_req = *req; - search_context->orig_req = req; - search_context->module_context = talloc_get_type(module->private_data, struct schema_fsmo_private_data); - down_req->context = search_context; - - down_req->callback = schema_fsmo_search_callback; - ret = ldb_next_request(module, down_req); + search_context->module = module; + search_context->req = req; + search_context->schema = schema; - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + ret = ldb_build_search_req_ex(&down_req, module->ldb, search_context, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + search_context, schema_fsmo_search_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + + return ldb_next_request(module, down_req); } diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c index 361cf226dc..0e3b46debe 100644 --- a/source4/dsdb/samdb/ldb_modules/show_deleted.c +++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c @@ -27,7 +27,7 @@ * * Component: ldb deleted objects control module * - * Description: this module hides deleted objects, and returns them if the control is there + * Description: this module hides deleted objects, and returns them if the right control is there * * Author: Stefan Metzmacher */ @@ -42,36 +42,38 @@ struct show_deleted_search_request { struct ldb_module *module; - void *up_context; - int (*up_callback)(struct ldb_context *, void *, struct ldb_reply *); - - bool remove_from_msg; + struct ldb_request *req; }; -static int show_deleted_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int show_deleted_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { struct show_deleted_search_request *ar; - ar = talloc_get_type(context, struct show_deleted_search_request); + ar = talloc_get_type(req->context, struct show_deleted_search_request); - if (ares->type == LDB_REPLY_ENTRY) { - bool isDeleted; + if (!ares) { + return ldb_module_done(ar->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ar->req, ares->controls, + ares->response, ares->error); + } - isDeleted = ldb_msg_find_attr_as_bool(ares->message, "isDeleted", false); + switch (ares->type) { + case LDB_REPLY_ENTRY: - if (isDeleted) { - goto skip_deleted; - } + return ldb_module_send_entry(ar->req, ares->message); - if (ar->remove_from_msg) { - ldb_msg_remove_attr(ares->message, "isDeleted"); - } - } + case LDB_REPLY_REFERRAL: + return ldb_module_send_referral(ar->req, ares->referral); - return ar->up_callback(ldb, ar->up_context, ares); + case LDB_REPLY_DONE: + return ldb_module_done(ar->req, ares->controls, + ares->response, LDB_SUCCESS); -skip_deleted: - talloc_free(ares); + } return LDB_SUCCESS; } @@ -81,116 +83,68 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re struct ldb_control **saved_controls; struct show_deleted_search_request *ar; struct ldb_request *down_req; - char **new_attrs; - uint32_t num_attrs = 0; - uint32_t i; + char *old_filter; + char *new_filter; int ret; - /* check if there's a show deleted control */ - control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - - /* copy the request for modification */ - down_req = talloc(req, struct ldb_request); - if (down_req == NULL) { - ldb_oom(module->ldb); + ar = talloc_zero(req, struct show_deleted_search_request); + if (ar == NULL) { return LDB_ERR_OPERATIONS_ERROR; } + ar->module = module; + ar->req = req; - /* copy the request */ - *down_req = *req; + /* check if there's a show deleted control */ + control = ldb_request_get_control(req, LDB_CONTROL_SHOW_DELETED_OID); - /* if a control is there remove if from the modified request */ - if (control && !save_controls(control, down_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; - } + if ( ! control) { + old_filter = ldb_filter_from_tree(ar, req->op.search.tree); + new_filter = talloc_asprintf(ar, "(&(!(isDeleted=TRUE))%s)", + old_filter); - /* if we had a control, then just go on to the next request as we have nothing to hide */ - if (control) { - goto next_request; - } + ret = ldb_build_search_req(&down_req, module->ldb, ar, + req->op.search.base, + req->op.search.scope, + new_filter, + req->op.search.attrs, + req->controls, + ar, show_deleted_search_callback, + req); - ar = talloc(down_req, struct show_deleted_search_request); - if (ar == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - - ar->module = module; - ar->up_context = req->context; - ar->up_callback = req->callback; - ar->remove_from_msg = true; - - /* check if attrs only is specified, in that case check wether we need to modify them */ - if (down_req->op.search.attrs) { - for (i=0; (down_req->op.search.attrs && down_req->op.search.attrs[i]); i++) { - num_attrs++; - if (strcasecmp(down_req->op.search.attrs[i], "*") == 0) { - ar->remove_from_msg = false; - } else if (strcasecmp(down_req->op.search.attrs[i], "isDeleted") == 0) { - ar->remove_from_msg = false; - } - } } else { - ar->remove_from_msg = false; + ret = ldb_build_search_req_ex(&down_req, module->ldb, ar, + req->op.search.base, + req->op.search.scope, + req->op.search.tree, + req->op.search.attrs, + req->controls, + ar, show_deleted_search_callback, + req); } - - if (ar->remove_from_msg) { - new_attrs = talloc_array(down_req, char *, num_attrs + 2); - if (!new_attrs) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - for (i=0; i < num_attrs; i++) { - new_attrs[i] = discard_const_p(char, down_req->op.search.attrs[i]); - } - new_attrs[i] = talloc_strdup(new_attrs, "isDeleted"); - if (!new_attrs[i]) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - new_attrs[i+1] = NULL; - down_req->op.search.attrs = (const char * const *)new_attrs; + if (ret != LDB_SUCCESS) { + return ret; } - down_req->context = ar; - down_req->callback = show_deleted_search_callback; - ldb_set_timeout_from_prev_req(module->ldb, req, down_req); - -next_request: - /* perform the search */ - ret = ldb_next_request(module, down_req); - - /* do not free down_req as the call results may be linked to it, - * it will be freed when the upper level request get freed */ - if (ret == LDB_SUCCESS) { - req->handle = down_req->handle; + /* if a control is there remove if from the modified request */ + if (control && !save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; } - return ret; + /* perform the search */ + return ldb_next_request(module, down_req); } static int show_deleted_init(struct ldb_module *module) { - struct ldb_request *req; int ret; - req = talloc(module, struct ldb_request); - if (req == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - req->operation = LDB_REQ_REGISTER_CONTROL; - req->op.reg_control.oid = LDB_CONTROL_SHOW_DELETED_OID; - req->controls = NULL; - - ret = ldb_request(module->ldb, req); + ret = ldb_mod_register_control(module, LDB_CONTROL_SHOW_DELETED_OID); if (ret != LDB_SUCCESS) { - ldb_debug(module->ldb, LDB_DEBUG_ERROR, "show_deleted: Unable to register control with rootdse!\n"); - talloc_free(req); + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "extended_dn: Unable to register control with rootdse!\n"); return LDB_ERR_OPERATIONS_ERROR; } - talloc_free(req); return ldb_next_init(module); } diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c index 8f92995145..d15e85ad41 100644 --- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c +++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c @@ -36,6 +36,11 @@ #include "librpc/ndr/libndr.h" #include "dsdb/samdb/samdb.h" +struct entryuuid_private { + struct ldb_context *ldb; + struct ldb_dn **base_dns; +}; + static struct ldb_val encode_guid(struct ldb_module *module, TALLOC_CTX *ctx, const struct ldb_val *val) { struct GUID guid; @@ -598,10 +603,10 @@ static int nsuniqueid_init(struct ldb_module *module) return ldb_next_init(module); } -static int get_seq(struct ldb_context *ldb, void *context, - struct ldb_reply *ares) +static int get_seq(struct ldb_request *req, + struct ldb_reply *ares) { - unsigned long long *seq = (unsigned long long *)context; + unsigned long long *seq = (unsigned long long *)req->context; if (ares->type == LDB_REPLY_ENTRY) { struct ldb_message_element *el = ldb_msg_find_element(ares->message, "contextCSN"); if (el) { @@ -609,6 +614,10 @@ static int get_seq(struct ldb_context *ldb, void *context, } } + if (ares->type == LDB_REPLY_DONE) { + return ldb_request_done(req, LDB_SUCCESS); + } + return LDB_SUCCESS; } @@ -635,7 +644,7 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque partition_ctrl = ldb_request_get_control(req, DSDB_CONTROL_CURRENT_PARTITION_OID); if (!partition_ctrl) { ldb_debug_set(module->ldb, LDB_DEBUG_FATAL, - "instancetype_add: no current partition control found"); + "entryuuid_sequence_number: no current partition control found"); return LDB_ERR_CONSTRAINT_VIOLATION; } @@ -643,39 +652,21 @@ static int entryuuid_sequence_number(struct ldb_module *module, struct ldb_reque struct dsdb_control_current_partition); SMB_ASSERT(partition && partition->version == DSDB_CONTROL_CURRENT_PARTITION_VERSION); - search_req = talloc(req, struct ldb_request); - if (search_req == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return LDB_ERR_OPERATIONS_ERROR; + ret = ldb_build_search_req(&search_req, module->ldb, req, + partition->dn, LDB_SCOPE_BASE, + NULL, contextCSN_attr, NULL, + &seq, get_seq, + NULL); + if (ret != LDB_SUCCESS) { + return ret; } - - /* Finally, we have it. This saves searching over more - * partitions than we expose to the client, such as a cn=samba - * configuration partition */ - search_req->operation = LDB_SEARCH; - search_req->op.search.base = partition->dn; - search_req->op.search.scope = LDB_SCOPE_BASE; - - search_req->op.search.tree = ldb_parse_tree(search_req, "objectClass=*"); - if (search_req->op.search.tree == NULL) { - ldb_set_errstring(module->ldb, "Unable to parse search expression"); - talloc_free(search_req); - return LDB_ERR_OPERATIONS_ERROR; - } - - search_req->op.search.attrs = contextCSN_attr; - search_req->controls = NULL; - search_req->context = &seq; - search_req->callback = get_seq; - ldb_set_timeout(module->ldb, search_req, 0); /* use default timeout */ - ret = ldb_next_request(module, search_req); - + if (ret == LDB_SUCCESS) { ret = ldb_wait(search_req->handle, LDB_WAIT_ALL); } - + talloc_free(search_req); if (ret != LDB_SUCCESS) { return ret; diff --git a/source4/dsdb/samdb/ldb_modules/subtree_delete.c b/source4/dsdb/samdb/ldb_modules/subtree_delete.c index 9c332d2969..10e2dc25ce 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_delete.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_delete.c @@ -3,6 +3,7 @@ Copyright (C) Andrew Bartlett 2006-2007 Copyright (C) Stefan Metzmacher 2007 + Copyright (C) Simo Sorce 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -31,104 +32,88 @@ #include "ldb_includes.h" struct subtree_delete_context { - enum sd_step {SD_SEARCH, SD_DO_DEL} step; - struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request *search_req; - struct ldb_request *down_req; + struct ldb_request *req; int num_children; }; -static struct subtree_delete_context *subtree_delete_init_handle(struct ldb_request *req, - struct ldb_module *module) +static struct subtree_delete_context *subdel_ctx_init(struct ldb_module *module, + struct ldb_request *req) { struct subtree_delete_context *ac; - struct ldb_handle *h; - - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - return NULL; - } - - h->module = module; - ac = talloc_zero(h, struct subtree_delete_context); + ac = talloc_zero(req, struct subtree_delete_context); if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); + ldb_oom(module->ldb); return NULL; } - h->private_data = ac; - ac->module = module; - ac->handle = h; - ac->orig_req = req; - - req->handle = h; + ac->req = req; return ac; } -static int subtree_delete_check_for_children(struct subtree_delete_context *ac) +static int subtree_delete_search_callback(struct ldb_request *req, + struct ldb_reply *ares) { - if (ac->num_children > 0) { - ldb_asprintf_errstring(ac->module->ldb, "Cannot delete %s, not a leaf node (has %d children)\n", - ldb_dn_get_linearized(ac->orig_req->op.del.dn), ac->num_children); - return LDB_ERR_NOT_ALLOWED_ON_NON_LEAF; - } else { - struct ldb_request *req = talloc(ac, struct ldb_request); - if (!req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - *req = *ac->orig_req; - - /* Ensure any (io) errors during the search for - * children don't propgate back in the error string */ - ldb_set_errstring(ac->module->ldb, NULL); + struct subtree_delete_context *ac; + int ret; - ac->down_req = req; - ac->step = SD_DO_DEL; - return ldb_next_request(ac->module, req); - } -} + ac = talloc_get_type(req->context, struct subtree_delete_context); -static int subtree_delete_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) -{ - struct subtree_delete_context *ac = talloc_get_type(context, struct subtree_delete_context); - TALLOC_CTX *mem_ctx = talloc_new(ac); - - if (!mem_ctx) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } - /* OK, we have one of *many* search results here: - We should also get the entry we tried to rename. This - callback handles this and everything below it. - */ + switch (ares->type) { + case LDB_REPLY_ENTRY: - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.del.dn) != 0) { - /* And it is an actual entry: now object bitterly that we are not a leaf node */ + talloc_free(ares); ac->num_children++; + break; + + case LDB_REPLY_REFERRAL: + + /* ignore */ + talloc_free(ares); + break; + + case LDB_REPLY_DONE: + + if (ac->num_children > 0) { + talloc_free(ares); + ldb_asprintf_errstring(ac->module->ldb, + "Cannot delete %s, not a leaf node " + "(has %d children)\n", + ldb_dn_get_linearized(ac->req->op.del.dn), + ac->num_children); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NOT_ALLOWED_ON_NON_LEAF); + } + + /* ok no children, let the original request through */ + ret = ldb_next_request(ac->module, ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + /* free our own context we are not going to be called back */ + talloc_free(ac); } - talloc_free(ares); return LDB_SUCCESS; } -/* rename */ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) { - const char *attrs[] = { NULL }; - struct ldb_request *new_req; + static const char * const attrs[2] = { "distinguishedName", NULL }; + struct ldb_request *search_req; struct subtree_delete_context *ac; int ret; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ @@ -142,119 +127,28 @@ static int subtree_delete(struct ldb_module *module, struct ldb_request *req) - return an error if there are any */ - ac = subtree_delete_init_handle(req, module); + ac = subdel_ctx_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&new_req, module->ldb, req, - req->op.del.dn, - LDB_SCOPE_SUBTREE, - "(objectClass=*)", - attrs, + /* we do not really need to find all descendents, + * if there is even one single direct child, that's + * enough to bail out */ + ret = ldb_build_search_req(&search_req, module->ldb, ac, + req->op.del.dn, LDB_SCOPE_ONELEVEL, + "(objectClass=*)", attrs, req->controls, - ac, - subtree_delete_search_callback); - + ac, subtree_delete_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - - if (ret != LDB_SUCCESS) { - return ret; - } - - ac->search_req = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - return ldb_next_request(module, new_req); -} - - -static int subtree_delete_wait_none(struct ldb_handle *handle) { - struct subtree_delete_context *ac; - int ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct subtree_delete_context); - - switch (ac->step) { - case SD_SEARCH: - ret = ldb_wait(ac->search_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ret; - goto done; - } - if (ac->search_req->handle->status != LDB_SUCCESS - && ac->search_req->handle->status != LDB_ERR_NO_SUCH_OBJECT) { - handle->status = ac->search_req->handle->status; - goto done; - } - - return subtree_delete_check_for_children(ac); - - case SD_DO_DEL: - ret = ldb_wait(ac->down_req->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req->handle->status; - goto done; - } - - if (ac->down_req->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - - break; - } -done: - handle->state = LDB_ASYNC_DONE; - return ret; -} - -static int subtree_delete_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = subtree_delete_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int subtree_delete_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return subtree_delete_wait_all(handle); - } else { - return subtree_delete_wait_none(handle); - } + return ldb_next_request(module, search_req); } const struct ldb_module_ops ldb_subtree_delete_module_ops = { .name = "subtree_delete", .del = subtree_delete, - .wait = subtree_delete_wait, }; diff --git a/source4/dsdb/samdb/ldb_modules/subtree_rename.c b/source4/dsdb/samdb/ldb_modules/subtree_rename.c index fd1388d416..d3ceb8ad97 100644 --- a/source4/dsdb/samdb/ldb_modules/subtree_rename.c +++ b/source4/dsdb/samdb/ldb_modules/subtree_rename.c @@ -30,137 +30,182 @@ #include "ldb_includes.h" +struct subren_msg_store { + struct subren_msg_store *next; + struct ldb_dn *olddn; + struct ldb_dn *newdn; +}; + struct subtree_rename_context { struct ldb_module *module; - struct ldb_handle *handle; - struct ldb_request *orig_req; - - struct ldb_request **down_req; - int num_requests; - int finished_requests; + struct ldb_request *req; - int num_children; + struct subren_msg_store *list; + struct subren_msg_store *current; }; -static struct subtree_rename_context *subtree_rename_init_handle(struct ldb_request *req, - struct ldb_module *module) +static struct subtree_rename_context *subren_ctx_init(struct ldb_module *module, + struct ldb_request *req) { struct subtree_rename_context *ac; - struct ldb_handle *h; - h = talloc_zero(req, struct ldb_handle); - if (h == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); + ac = talloc_zero(req, struct subtree_rename_context); + if (ac == NULL) { + ldb_oom(module->ldb); return NULL; } - h->module = module; + ac->module = module; + ac->req = req; - ac = talloc_zero(h, struct subtree_rename_context); - if (ac == NULL) { - ldb_set_errstring(module->ldb, "Out of Memory"); - talloc_free(h); - return NULL; + return ac; +} + +static int subtree_rename_next_request(struct subtree_rename_context *ac); + +static int subtree_rename_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct subtree_rename_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct subtree_rename_context); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - h->private_data = ac; + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } - ac->module = module; - ac->handle = h; - ac->orig_req = req; + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Invalid reply type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } - req->handle = h; + if (ac->current == NULL) { + /* this was the last one */ + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } - return ac; -} + ret = subtree_rename_next_request(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + talloc_free(ares); + return LDB_SUCCESS; +} -static int subtree_rename_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int subtree_rename_next_request(struct subtree_rename_context *ac) { struct ldb_request *req; - struct subtree_rename_context *ac = talloc_get_type(context, struct subtree_rename_context); - TALLOC_CTX *mem_ctx = talloc_new(ac); - - if (!mem_ctx) { - ldb_oom(ac->module->ldb); + int ret; + + if (ac->current == NULL) { return LDB_ERR_OPERATIONS_ERROR; } - /* OK, we have one of *many* search results here: - - We should also get the entry we tried to rename. This - callback handles this and everything below it. - */ - - /* Only entries are interesting, and we handle the case of the parent seperatly */ - if (ares->type == LDB_REPLY_ENTRY - && ldb_dn_compare(ares->message->dn, ac->orig_req->op.rename.olddn) != 0) { - /* And it is an actual entry: now create a rename from it */ - int ret; - - struct ldb_dn *newdn = ldb_dn_copy(mem_ctx, ares->message->dn); - if (!newdn) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + ret = ldb_build_rename_req(&req, ac->module->ldb, ac->current, + ac->current->olddn, + ac->current->newdn, + ac->req->controls, + ac, subtree_rename_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + + ac->current = ac->current->next; + + return ldb_next_request(ac->module, req); +} + +static int subtree_rename_search_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct subren_msg_store *store; + struct subtree_rename_context *ac; + int ret; + + ac = talloc_get_type(req->context, struct subtree_rename_context); + + if (!ares || !ac->current) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + if (ldb_dn_compare(ares->message->dn, ac->list->olddn) == 0) { + /* this was already stored by the + * subtree_rename_search() */ + talloc_free(ares); + return LDB_SUCCESS; } - - ldb_dn_remove_base_components(newdn, ldb_dn_get_comp_num(ac->orig_req->op.rename.olddn)); - if (!ldb_dn_add_base(newdn, ac->orig_req->op.rename.newdn)) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + store = talloc_zero(ac, struct subren_msg_store); + if (store == NULL) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } + ac->current->next = store; + ac->current = store; - ret = ldb_build_rename_req(&req, ldb, mem_ctx, - ares->message->dn, - newdn, - NULL, - NULL, - NULL); - - if (ret != LDB_SUCCESS) { - return ret; + /* the first list element contains the base for the rename */ + store->olddn = talloc_steal(store, ares->message->dn); + store->newdn = ldb_dn_copy(store, store->olddn); + + if ( ! ldb_dn_remove_base_components(store->newdn, + ldb_dn_get_comp_num(ac->list->olddn))) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - ret = ldb_set_timeout_from_prev_req(ldb, ac->orig_req, req); - - if (ret != LDB_SUCCESS) { - return ret; + if ( ! ldb_dn_add_base(store->newdn, ac->list->newdn)) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); } - talloc_steal(req, newdn); + break; - talloc_steal(req, ares->message->dn); - - talloc_free(ares); - - } else if (ares->type == LDB_REPLY_DONE) { - req = talloc(mem_ctx, struct ldb_request); - *req = *ac->orig_req; - talloc_free(ares); + case LDB_REPLY_REFERRAL: + /* ignore */ + break; - } else { - talloc_free(ares); - return LDB_SUCCESS; - } - - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + case LDB_REPLY_DONE: + + /* rewind ac->current */ + ac->current = ac->list; + + /* All dns set up, start with the first one */ + ret = subtree_rename_next_request(ac); + + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + break; } - ac->down_req[ac->num_requests] = req; - ac->num_requests++; - - return ldb_next_request(ac->module, req); - + + talloc_free(ares); + return LDB_SUCCESS; } /* rename */ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) { - const char *attrs[] = { NULL }; - struct ldb_request *new_req; + static const char *attrs[2] = { "distinguishedName", NULL }; + struct ldb_request *search_req; struct subtree_rename_context *ac; int ret; if (ldb_dn_is_special(req->op.rename.olddn)) { /* do not manipulate our control entries */ @@ -176,110 +221,37 @@ static int subtree_rename(struct ldb_module *module, struct ldb_request *req) - Regain our sainity */ - ac = subtree_rename_init_handle(req, module); + ac = subren_ctx_init(module, req); if (!ac) { return LDB_ERR_OPERATIONS_ERROR; } - ret = ldb_build_search_req(&new_req, module->ldb, req, + /* add this entry as the first to do */ + ac->current = talloc_zero(ac, struct subren_msg_store); + if (ac->current == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + ac->current->olddn = req->op.rename.olddn; + ac->current->newdn = req->op.rename.newdn; + ac->list = ac->current; + + ret = ldb_build_search_req(&search_req, module->ldb, ac, req->op.rename.olddn, LDB_SCOPE_SUBTREE, "(objectClass=*)", attrs, - req->controls, + NULL, ac, - subtree_rename_search_callback); - - if (ret != LDB_SUCCESS) { - return ret; - } - - ret = ldb_set_timeout_from_prev_req(module->ldb, req, new_req); - + subtree_rename_search_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - ac->down_req = talloc_realloc(ac, ac->down_req, - struct ldb_request *, ac->num_requests + 1); - if (!ac->down_req) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->down_req[ac->num_requests] = new_req; - if (req == NULL) { - ldb_oom(ac->module->ldb); - return LDB_ERR_OPERATIONS_ERROR; - } - ac->num_requests++; - return ldb_next_request(module, new_req); -} - - -static int subtree_rename_wait_none(struct ldb_handle *handle) { - struct subtree_rename_context *ac; - int i, ret = LDB_ERR_OPERATIONS_ERROR; - if (!handle || !handle->private_data) { - return LDB_ERR_OPERATIONS_ERROR; - } - - if (handle->state == LDB_ASYNC_DONE) { - return handle->status; - } - - handle->state = LDB_ASYNC_PENDING; - handle->status = LDB_SUCCESS; - - ac = talloc_get_type(handle->private_data, struct subtree_rename_context); - - for (i=0; i < ac->num_requests; i++) { - ret = ldb_wait(ac->down_req[i]->handle, LDB_WAIT_NONE); - - if (ret != LDB_SUCCESS) { - handle->status = ret; - goto done; - } - if (ac->down_req[i]->handle->status != LDB_SUCCESS) { - handle->status = ac->down_req[i]->handle->status; - goto done; - } - - if (ac->down_req[i]->handle->state != LDB_ASYNC_DONE) { - return LDB_SUCCESS; - } - } - -done: - handle->state = LDB_ASYNC_DONE; - return ret; - -} - -static int subtree_rename_wait_all(struct ldb_handle *handle) { - - int ret; - - while (handle->state != LDB_ASYNC_DONE) { - ret = subtree_rename_wait_none(handle); - if (ret != LDB_SUCCESS) { - return ret; - } - } - - return handle->status; -} - -static int subtree_rename_wait(struct ldb_handle *handle, enum ldb_wait_type type) -{ - if (type == LDB_WAIT_ALL) { - return subtree_rename_wait_all(handle); - } else { - return subtree_rename_wait_none(handle); - } + return ldb_next_request(module, search_req); } const struct ldb_module_ops ldb_subtree_rename_module_ops = { .name = "subtree_rename", .rename = subtree_rename, - .wait = subtree_rename_wait, }; diff --git a/source4/dsdb/samdb/ldb_modules/update_keytab.c b/source4/dsdb/samdb/ldb_modules/update_keytab.c index 68973124eb..2c6cb102d9 100644 --- a/source4/dsdb/samdb/ldb_modules/update_keytab.c +++ b/source4/dsdb/samdb/ldb_modules/update_keytab.c @@ -43,6 +43,39 @@ struct update_kt_private { struct dn_list *changed_dns; }; +struct update_kt_ctx { + struct ldb_module *module; + struct ldb_request *req; + + struct ldb_dn *dn; + bool delete; + + struct ldb_reply *op_reply; + bool found; +}; + +struct update_kt_ctx *update_kt_ctx_init(struct ldb_module *module, + struct ldb_request *req) +{ + struct update_kt_ctx *ac; + + ac = talloc_zero(req, struct update_kt_ctx); + if (ac == NULL) { + ldb_oom(module->ldb); + return NULL; + } + + ac->module = module; + ac->req = req; + + return ac; +} + +/* FIXME: too many semi-async searches here for my taste, direct and indirect as + * cli_credentials_set_secrets() performs a sync ldb search. + * Just hope we are lucky and nothing breaks (using the tdb backend masks a lot + * of async issues). -SSS + */ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delete) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); struct dn_list *item; @@ -80,7 +113,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; } - + item->creds = cli_credentials_init(item); if (!item->creds) { DEBUG(1, ("cli_credentials_init failed!")); @@ -90,7 +123,7 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet } cli_credentials_set_conf(item->creds, ldb_get_opaque(module->ldb, "loadparm")); - status = cli_credentials_set_secrets(item->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); + status = cli_credentials_set_secrets(item->creds, ldb_get_event_context(module->ldb), ldb_get_opaque(module->ldb, "loadparm"), module->ldb, NULL, filter); talloc_free(filter); if (NT_STATUS_IS_OK(status)) { if (delete) { @@ -105,60 +138,237 @@ static int add_modified(struct ldb_module *module, struct ldb_dn *dn, bool delet return LDB_SUCCESS; } +static int ukt_search_modified(struct update_kt_ctx *ac); + +static int update_kt_op_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct update_kt_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct update_kt_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + if (ares->type != LDB_REPLY_DONE) { + ldb_set_errstring(ac->module->ldb, "Invalid request type!\n"); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (ac->delete) { + return ldb_module_done(ac->req, ares->controls, + ares->response, LDB_SUCCESS); + } + + ac->op_reply = talloc_steal(ac, ares); + + ret = ukt_search_modified(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, ret); + } + + return LDB_SUCCESS; +} + +static int ukt_del_op(struct update_kt_ctx *ac) +{ + struct ldb_request *down_req; + int ret; + + ret = ldb_build_del_req(&down_req, ac->module->ldb, ac, + ac->dn, + ac->req->controls, + ac, update_kt_op_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + return ldb_next_request(ac->module, down_req); +} + +static int ukt_search_modified_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct update_kt_ctx *ac; + int ret; + + ac = talloc_get_type(req->context, struct update_kt_ctx); + + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + + ac->found = true; + break; + + case LDB_REPLY_REFERRAL: + /* ignore */ + break; + + case LDB_REPLY_DONE: + + if (ac->found) { + /* do the dirty sync job here :/ */ + ret = add_modified(ac->module, ac->dn, ac->delete); + } + + if (ac->delete) { + ret = ukt_del_op(ac); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, + NULL, NULL, ret); + } + break; + } + + return ldb_module_done(ac->req, ac->op_reply->controls, + ac->op_reply->response, LDB_SUCCESS); + } + + talloc_free(ares); + return LDB_SUCCESS; +} + +static int ukt_search_modified(struct update_kt_ctx *ac) +{ + static const char * const attrs[] = { "distinguishedName", NULL }; + struct ldb_request *search_req; + int ret; + + ret = ldb_build_search_req(&search_req, ac->module->ldb, ac, + ac->dn, LDB_SCOPE_BASE, + "(&(objectClass=kerberosSecret)" + "(privateKeytab=*))", attrs, + NULL, + ac, ukt_search_modified_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ret; + } + return ldb_next_request(ac->module, search_req); +} + + /* add */ static int update_kt_add(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.add.message->dn; + + ret = ldb_build_add_req(&down_req, module->ldb, ac, + req->op.add.message, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.add.message->dn, false); + + return ldb_next_request(module, down_req); } /* modify */ static int update_kt_modify(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.mod.message->dn; + + ret = ldb_build_mod_req(&down_req, module->ldb, ac, + req->op.mod.message, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.mod.message->dn, false); + + return ldb_next_request(module, down_req); } /* delete */ static int update_kt_delete(struct ldb_module *module, struct ldb_request *req) { - int ret; - /* Before we delete it, record the details */ - ret = add_modified(module, req->op.del.dn, true); - if (ret != LDB_SUCCESS) { - return ret; + struct update_kt_ctx *ac; + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; } - return ldb_next_request(module, req); + + ac->dn = req->op.del.dn; + ac->delete = true; + + return ukt_search_modified(ac); } /* rename */ static int update_kt_rename(struct ldb_module *module, struct ldb_request *req) { + struct update_kt_ctx *ac; + struct ldb_request *down_req; int ret; - ret = ldb_next_request(module, req); + + ac = update_kt_ctx_init(module, req); + if (ac == NULL) { + return LDB_ERR_OPERATIONS_ERROR; + } + + ac->dn = req->op.rename.newdn; + + ret = ldb_build_rename_req(&down_req, module->ldb, ac, + req->op.rename.olddn, + req->op.rename.newdn, + req->controls, + ac, update_kt_op_callback, + req); if (ret != LDB_SUCCESS) { return ret; } - return add_modified(module, req->op.rename.newdn, false); + + return ldb_next_request(module, down_req); } /* end a transaction */ static int update_kt_end_trans(struct ldb_module *module) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - struct dn_list *p; + for (p=data->changed_dns; p; p = p->next) { int kret; - kret = cli_credentials_update_keytab(p->creds, ldb_get_opaque(module->ldb, "EventContext"), ldb_get_opaque(module->ldb, "loadparm")); + kret = cli_credentials_update_keytab(p->creds, ldb_get_event_context(module->ldb), ldb_get_opaque(module->ldb, "loadparm")); if (kret != 0) { talloc_free(data->changed_dns); data->changed_dns = NULL; @@ -169,6 +379,7 @@ static int update_kt_end_trans(struct ldb_module *module) talloc_free(data->changed_dns); data->changed_dns = NULL; + return ldb_next_end_trans(module); } @@ -176,7 +387,7 @@ static int update_kt_end_trans(struct ldb_module *module) static int update_kt_del_trans(struct ldb_module *module) { struct update_kt_private *data = talloc_get_type(module->private_data, struct update_kt_private); - + talloc_free(data->changed_dns); data->changed_dns = NULL; -- cgit From f14a2b3386e9f44111cee010f6864602e5b833cd Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Fri, 12 Sep 2008 13:27:15 -0400 Subject: LDB ASYNC: ldb misc changes --- source4/lib/ldb/ldb_wrap.c | 22 ++---------- source4/lib/ldb/tools/ldbsearch.c | 76 +++++++++++++++++++++------------------ 2 files changed, 44 insertions(+), 54 deletions(-) diff --git a/source4/lib/ldb/ldb_wrap.c b/source4/lib/ldb/ldb_wrap.c index c15fd2b9ae..cc8099f27f 100644 --- a/source4/lib/ldb/ldb_wrap.c +++ b/source4/lib/ldb/ldb_wrap.c @@ -3156,15 +3156,14 @@ SWIGINTERN ldb_error ldb_search_ex(ldb *self,TALLOC_CTX *mem_ctx,ldb_dn *base,en attrs, controls, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret != 0) { talloc_free(res); return ret; } - ldb_set_timeout(self, req, 0); /* use default timeout */ - ret = ldb_request(self, req); if (ret == 0) { @@ -3506,22 +3505,6 @@ int py_module_del_transaction(struct ldb_module *mod) return LDB_SUCCESS; } -int py_module_wait(struct ldb_handle *mod, enum ldb_wait_type wait_type) -{ - PyObject *py_ldb = mod->private_data; - PyObject *py_result; - - py_result = PyObject_CallMethod(py_ldb, "wait", "i", wait_type); - - if (py_result == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - Py_DECREF(py_result); - - return LDB_SUCCESS; -} - int py_module_sequence_number(struct ldb_module *mod, struct ldb_request *req) { PyObject *py_ldb = mod->private_data; @@ -6665,7 +6648,6 @@ SWIGINTERN PyObject *_wrap_register_module(PyObject *SWIGUNUSEDPARM(self), PyObj arg1->start_transaction = py_module_start_transaction; arg1->end_transaction = py_module_end_transaction; arg1->del_transaction = py_module_del_transaction; - arg1->wait = py_module_wait; arg1->sequence_number = py_module_sequence_number; result = ldb_register_module((struct ldb_module_ops const *)arg1); if (result != 0) { diff --git a/source4/lib/ldb/tools/ldbsearch.c b/source4/lib/ldb/tools/ldbsearch.c index b3d1f934a6..ceabd5cd78 100644 --- a/source4/lib/ldb/tools/ldbsearch.c +++ b/source4/lib/ldb/tools/ldbsearch.c @@ -56,6 +56,7 @@ static int do_compare_msg(struct ldb_message **el1, } struct search_context { + struct ldb_context *ldb; struct ldb_control **req_ctrls; int sort; @@ -101,7 +102,7 @@ static int store_referral(char *referral, struct search_context *sctx) { return 0; } -static int display_message(struct ldb_context *ldb, struct ldb_message *msg, struct search_context *sctx) { +static int display_message(struct ldb_message *msg, struct search_context *sctx) { struct ldb_ldif ldif; sctx->entries++; @@ -119,7 +120,7 @@ static int display_message(struct ldb_context *ldb, struct ldb_message *msg, str ldb_msg_sort_elements(ldif.msg); } - ldb_ldif_write_file(ldb, stdout, &ldif); + ldb_ldif_write_file(sctx->ldb, stdout, &ldif); return 0; } @@ -133,18 +134,26 @@ static int display_referral(char *referral, struct search_context *sctx) return 0; } -static int search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct search_context *sctx = talloc_get_type(context, struct search_context); + struct search_context *sctx; int ret; + + sctx = talloc_get_type(req->context, struct search_context); + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); + } switch (ares->type) { - case LDB_REPLY_ENTRY: if (sctx->sort) { ret = store_message(ares->message, sctx); } else { - ret = display_message(ldb, ares->message, sctx); + ret = display_message(ares->message, sctx); } break; @@ -154,6 +163,9 @@ static int search_callback(struct ldb_context *ldb, void *context, struct ldb_re } else { ret = display_referral(ares->referral, sctx); } + if (ret) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } break; case LDB_REPLY_DONE: @@ -161,22 +173,13 @@ static int search_callback(struct ldb_context *ldb, void *context, struct ldb_re if (handle_controls_reply(ares->controls, sctx->req_ctrls) == 1) sctx->pending = 1; } - ret = 0; - break; - - default: - fprintf(stderr, "unknown Reply Type\n"); - return LDB_ERR_OTHER; - } - - if (talloc_free(ares) == -1) { - fprintf(stderr, "talloc_free failed\n"); - sctx->pending = 0; - return LDB_ERR_OPERATIONS_ERROR; + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); } + talloc_free(ares); if (ret) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } return LDB_SUCCESS; @@ -192,12 +195,12 @@ static int do_search(struct ldb_context *ldb, struct search_context *sctx; int ret; - req = talloc(ldb, struct ldb_request); - if (!req) return -1; + req = NULL; - sctx = talloc(req, struct search_context); + sctx = talloc(ldb, struct search_context); if (!sctx) return -1; + sctx->ldb = ldb; sctx->sort = options->sorted; sctx->num_stored = 0; sctx->refs_stored = 0; @@ -214,18 +217,22 @@ static int do_search(struct ldb_context *ldb, basedn = ldb_get_default_basedn(ldb); } - req->operation = LDB_SEARCH; - req->op.search.base = basedn; - req->op.search.scope = options->scope; - req->op.search.tree = ldb_parse_tree(req, expression); - if (req->op.search.tree == NULL) return -1; - req->op.search.attrs = attrs; - req->controls = sctx->req_ctrls; - req->context = sctx; - req->callback = &search_callback; - ldb_set_timeout(ldb, req, 0); /* TODO: make this settable by command line */ - again: + /* free any previous requests */ + if (req) talloc_free(req); + + ret = ldb_build_search_req(&req, ldb, ldb, + basedn, options->scope, + expression, attrs, + sctx->req_ctrls, + sctx, search_callback, + NULL); + if (ret != LDB_SUCCESS) { + talloc_free(sctx); + printf("allocating request failed: %s\n", ldb_errstring(ldb)); + return -1; + } + sctx->pending = 0; ret = ldb_request(ldb, req); @@ -251,7 +258,7 @@ again: ldb, (ldb_qsort_cmp_fn_t)do_compare_msg); } for (i = 0; i < sctx->num_stored; i++) { - display_message(ldb, sctx->store[i], sctx); + display_message(sctx->store[i], sctx); } for (i = 0; i < sctx->refs_stored; i++) { @@ -262,6 +269,7 @@ again: printf("# returned %d records\n# %d entries\n# %d referrals\n", sctx->entries + sctx->refs, sctx->entries, sctx->refs); + talloc_free(sctx); talloc_free(req); return 0; -- cgit From b2901da479f5e711986de48df4910910460fe7db Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 11 Sep 2008 18:38:40 -0400 Subject: LDB ASYNC: misc changes --- source4/cldap_server/rootdse.c | 21 ++++++------- source4/dsdb/samdb/cracknames.c | 5 ++- source4/ldap_server/ldap_backend.c | 35 ++++++++++----------- source4/lib/ldb_wrap.c | 13 +------- source4/libcli/ldap/ldap_client.c | 2 +- source4/torture/ldap/schema.c | 64 ++++++++++++++++++++++---------------- 6 files changed, 67 insertions(+), 73 deletions(-) diff --git a/source4/cldap_server/rootdse.c b/source4/cldap_server/rootdse.c index 4ff71c0863..65786e6708 100644 --- a/source4/cldap_server/rootdse.c +++ b/source4/cldap_server/rootdse.c @@ -66,22 +66,19 @@ static void cldapd_rootdse_fill(struct cldapd_server *cldapd, attrs[i] = NULL; } - lreq = talloc(mem_ctx, struct ldb_request); - if (lreq == NULL) goto nomem; - res = talloc_zero(mem_ctx, struct ldb_result); if (res == NULL) goto nomem; - lreq->operation = LDB_SEARCH; - lreq->op.search.base = basedn; - lreq->op.search.scope = scope; - lreq->op.search.tree = search->tree; - lreq->op.search.attrs = attrs; - - lreq->controls = NULL; + ldb_ret = ldb_build_search_req_ex(&lreq, cldapd->samctx, mem_ctx, + basedn, scope, + search->tree, attrs, + NULL, + res, ldb_search_default_callback, + NULL); - lreq->context = res; - lreq->callback = ldb_search_default_callback; + if (ldb_ret != LDB_SUCCESS) { + goto reply; + } /* Copy the timeout from the incoming call */ ldb_set_timeout(cldapd->samctx, lreq, search->timelimit); diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index 7324d898a6..e02e8d81a6 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -797,7 +797,8 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ result_attrs, NULL, res, - ldb_search_default_callback); + ldb_search_default_callback, + NULL); if (ret == LDB_SUCCESS) { struct ldb_search_options_control *search_options; search_options = talloc(req, struct ldb_search_options_control); @@ -812,8 +813,6 @@ static WERROR DsCrackNameOneFilter(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ return WERR_OK; } - ldb_set_timeout(sam_ctx, req, 0); /* use default timeout */ - ret = ldb_request(sam_ctx, req); if (ret == LDB_SUCCESS) { diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index b954038b80..ffbef3d92f 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -158,6 +158,8 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) struct ldb_dn *basedn; struct ldb_result *res = NULL; struct ldb_request *lreq; + struct ldb_control *search_control; + struct ldb_search_options_control *search_options; enum ldb_scope scope = LDB_SCOPE_DEFAULT; const char **attrs = NULL; const char *scope_str, *errstr = NULL; @@ -216,21 +218,24 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) DEBUG(5,("ldb_request %s dn=%s filter=%s\n", scope_str, req->basedn, ldb_filter_from_tree(call, req->tree))); - lreq = talloc(local_ctx, struct ldb_request); - NT_STATUS_HAVE_NO_MEMORY(lreq); + res = talloc_zero(local_ctx, struct ldb_result); + NT_STATUS_HAVE_NO_MEMORY(res); - lreq->operation = LDB_SEARCH; - lreq->op.search.base = basedn; - lreq->op.search.scope = scope; - lreq->op.search.tree = req->tree; - lreq->op.search.attrs = attrs; + ldb_ret = ldb_build_search_req_ex(&lreq, samdb, local_ctx, + basedn, scope, + req->tree, attrs, + call->request->controls, + res, ldb_search_default_callback, + NULL); - lreq->controls = call->request->controls; + if (ldb_ret != LDB_SUCCESS) { + goto reply; + } if (call->conn->global_catalog) { - struct ldb_control *search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID); - - struct ldb_search_options_control *search_options = NULL; + search_control = ldb_request_get_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID); + + search_options = NULL; if (search_control) { search_options = talloc_get_type(search_control->data, struct ldb_search_options_control); search_options->search_options |= LDB_SEARCH_OPTION_PHANTOM_ROOT; @@ -241,14 +246,6 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) ldb_request_add_control(lreq, LDB_CONTROL_SEARCH_OPTIONS_OID, false, search_options); } } - - res = talloc_zero(lreq, struct ldb_result); - NT_STATUS_HAVE_NO_MEMORY(res); - - lreq->context = res; - lreq->callback = ldb_search_default_callback; - - /* Copy the timeout from the incoming call */ ldb_set_timeout(samdb, lreq, req->timelimit); ldb_ret = ldb_request(samdb, lreq); diff --git a/source4/lib/ldb_wrap.c b/source4/lib/ldb_wrap.c index 6c683a1e33..617371333f 100644 --- a/source4/lib/ldb_wrap.c +++ b/source4/lib/ldb_wrap.c @@ -71,6 +71,7 @@ static void ldb_wrap_debug(void *context, enum ldb_debug_level level, static int ldb_wrap_destructor(struct ldb_context *ldb) { size_t *startup_blocks = (size_t *)ldb_get_opaque(ldb, "startup_blocks"); + if (startup_blocks && talloc_total_blocks(ldb) > *startup_blocks + 400) { DEBUG(0,("WARNING: probable memory leak in ldb %s - %lu blocks (startup %lu) %lu bytes\n", @@ -124,15 +125,6 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, "%s/ldb", lp_modulesdir(lp_ctx))); -#if 0 - if (ev) { - ldb_event_sys_op_init(ldb, ev); - } else { - talloc_free(ldb); - return NULL; - } -#endif - if (ldb_set_opaque(ldb, "sessionInfo", session_info)) { talloc_free(ldb); return NULL; @@ -198,6 +190,3 @@ struct ldb_context *ldb_wrap_connect(TALLOC_CTX *mem_ctx, return ldb; } - - - diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c index d7960f901a..fc5863b671 100644 --- a/source4/libcli/ldap/ldap_client.c +++ b/source4/libcli/ldap/ldap_client.c @@ -435,7 +435,7 @@ static void ldap_connect_got_sock(struct composite_context *ctx, packet_set_error_handler(conn->packet, ldap_error_handler); packet_set_event_context(conn->packet, conn->event.event_ctx); packet_set_fde(conn->packet, conn->event.fde); - packet_set_serialise(conn->packet); +/* packet_set_serialise(conn->packet); */ composite_done(ctx); } diff --git a/source4/torture/ldap/schema.c b/source4/torture/ldap/schema.c index dd1d2de331..fdb4251c15 100644 --- a/source4/torture/ldap/schema.c +++ b/source4/torture/ldap/schema.c @@ -41,6 +41,8 @@ struct test_rootDSE { }; struct test_schema_ctx { + struct ldb_context *ldb; + struct ldb_paged_control *ctrl; uint32_t count; bool pending; @@ -82,15 +84,24 @@ static bool test_search_rootDSE(struct ldb_context *ldb, struct test_rootDSE *ro return true; } -static int test_schema_search_callback(struct ldb_context *ldb, void *context, struct ldb_reply *ares) +static int test_schema_search_callback(struct ldb_request *req, struct ldb_reply *ares) { - struct test_schema_ctx *actx = talloc_get_type(context, struct test_schema_ctx); + struct test_schema_ctx *actx; int ret = LDB_SUCCESS; + actx = talloc_get_type(req->context, struct test_schema_ctx); + + if (!ares) { + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_request_done(req, ares->error); + } + switch (ares->type) { case LDB_REPLY_ENTRY: actx->count++; - ret = actx->callback(actx->private_data, ldb, ares->message); + ret = actx->callback(actx->private_data, actx->ldb, ares->message); break; case LDB_REPLY_REFERRAL: @@ -118,21 +129,22 @@ static int test_schema_search_callback(struct ldb_context *ldb, void *context, s actx->pending = true; } } - break; - + talloc_free(ares); + return ldb_request_done(req, LDB_SUCCESS); + default: d_printf("%s: unknown Reply Type %u\n", __location__, ares->type); - return LDB_ERR_OTHER; + return ldb_request_done(req, LDB_ERR_OTHER); } if (talloc_free(ares) == -1) { d_printf("talloc_free failed\n"); actx->pending = 0; - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } if (ret) { - return LDB_ERR_OPERATIONS_ERROR; + return ldb_request_done(req, LDB_ERR_OPERATIONS_ERROR); } return LDB_SUCCESS; @@ -149,10 +161,12 @@ static bool test_create_schema_type(struct ldb_context *ldb, struct test_rootDSE int ret; struct test_schema_ctx *actx; - req = talloc(ldb, struct ldb_request); - actx = talloc(req, struct test_schema_ctx); + actx = talloc(ldb, struct test_schema_ctx); + actx->ldb = ldb; + actx->private_data = private_data; + actx->callback= callback; - ctrl = talloc_array(req, struct ldb_control *, 2); + ctrl = talloc_array(actx, struct ldb_control *, 2); ctrl[0] = talloc(ctrl, struct ldb_control); ctrl[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; ctrl[0]->critical = true; @@ -163,33 +177,30 @@ static bool test_create_schema_type(struct ldb_context *ldb, struct test_rootDSE ctrl[0]->data = control; ctrl[1] = NULL; - req->operation = LDB_SEARCH; - req->op.search.base = ldb_dn_new(req, ldb, root->schemadn); - req->op.search.scope = LDB_SCOPE_SUBTREE; - req->op.search.tree = ldb_parse_tree(req, filter); - if (req->op.search.tree == NULL) return -1; - req->op.search.attrs = NULL; - req->controls = ctrl; - req->context = actx; - req->callback = test_schema_search_callback; - ldb_set_timeout(ldb, req, 0); - - actx->count = 0; - actx->ctrl = control; - actx->callback = callback; - actx->private_data = private_data; + ret = ldb_build_search_req(&req, ldb, actx, + ldb_dn_new(actx, ldb, root->schemadn), + LDB_SCOPE_SUBTREE, + filter, NULL, + ctrl, + actx, test_schema_search_callback, + NULL); + + actx->ctrl = control; + actx->count = 0; again: actx->pending = false; ret = ldb_request(ldb, req); if (ret != LDB_SUCCESS) { d_printf("search failed - %s\n", ldb_errstring(ldb)); + talloc_free(actx); return false; } ret = ldb_wait(req->handle, LDB_WAIT_ALL); if (ret != LDB_SUCCESS) { d_printf("search error - %s\n", ldb_errstring(ldb)); + talloc_free(actx); return false; } @@ -197,6 +208,7 @@ again: goto again; d_printf("filter[%s] count[%u]\n", filter, actx->count); + talloc_free(actx); return true; } -- cgit From cd9f993ec45c6d95e83f759ffd6bccffd90250b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 27 Sep 2008 21:36:18 +0200 Subject: s4:lib/ldb: disable sqlite3 backend always as it doesn't compile anymore metze --- source4/lib/ldb/libldb.m4 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/lib/ldb/libldb.m4 b/source4/lib/ldb/libldb.m4 index 77ebcc5ff4..5653794a88 100644 --- a/source4/lib/ldb/libldb.m4 +++ b/source4/lib/ldb/libldb.m4 @@ -2,6 +2,6 @@ # disable ldb_sqlite3 by default SMB_ENABLE(ldb_sqlite3, NO) -if test x"$with_sqlite3_support" = x"yes"; then - SMB_ENABLE(ldb_sqlite3, YES) -fi +#if test x"$with_sqlite3_support" = x"yes"; then +# SMB_ENABLE(ldb_sqlite3, YES) +#fi -- cgit From 95940d75ec51d2f519a1b657e587a77304eaed08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 29 Sep 2008 07:43:50 +0200 Subject: s4:libcli/smb2: remove unused header This hopefully fixes the build with internal popt. metze --- source4/libcli/smb2/connect.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index db2f97bb94..bbfcf010ae 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -27,7 +27,6 @@ #include "libcli/composite/composite.h" #include "libcli/resolve/resolve.h" #include "param/param.h" -#include "lib/cmdline/popt_common.h" struct smb2_connect_state { struct cli_credentials *credentials; -- cgit From 59c3df814a4357d4358e6bcd3bd5d3ff6a18d995 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 29 Sep 2008 08:42:03 +0200 Subject: s4:samldb: use the code path with async ldb This removes the event_context leak that caused NT_STATUS_TOO_MANY_OPENED_FILES in the server, because of all the epool fds metze --- source4/dsdb/samdb/ldb_modules/samldb.c | 47 +++------------------------------ 1 file changed, 4 insertions(+), 43 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c index e4fc4908a4..a71ffff618 100644 --- a/source4/dsdb/samdb/ldb_modules/samldb.c +++ b/source4/dsdb/samdb/ldb_modules/samldb.c @@ -154,12 +154,8 @@ static int samldb_search_template_callback(struct ldb_request *req, goto done; } if (ares->error != LDB_SUCCESS) { -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); -#else - return ldb_request_done(req, ares->error); -#endif } switch (ares->type) { @@ -187,21 +183,13 @@ static int samldb_search_template_callback(struct ldb_request *req, case LDB_REPLY_DONE: talloc_free(ares); -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP ret = samldb_next_step(ac); -#else - return ldb_request_done(req, LDB_SUCCESS); -#endif break; } done: if (ret != LDB_SUCCESS) { -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_module_done(ac->req, NULL, NULL, ret); -#else - return ldb_request_done(req, ret); -#endif } return LDB_SUCCESS; @@ -240,20 +228,7 @@ static int samldb_search_template(struct samldb_ctx *ac) return LDB_ERR_OPERATIONS_ERROR; } - /* NOTE: this is a request on a different database! - * - * Therefore we need to do a bloody sync call - * otherwise the fake event queue will never call it - * as it runs on the main ldb context and knows - * nothing about the templates_ldb one */ -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP ev = ldb_get_event_context(ac->module->ldb); -#else - ev = event_context_init(NULL); -#endif - if (!talloc_reference(templates_ldb, ev)) { - return LDB_ERR_OPERATIONS_ERROR; - } templates_ldb = ldb_wrap_connect(ac->module->ldb, ev, lparm_ctx, templates_ldb_path, @@ -264,6 +239,10 @@ static int samldb_search_template(struct samldb_ctx *ac) return LDB_ERR_OPERATIONS_ERROR; } + if (!talloc_reference(templates_ldb, ev)) { + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_set_opaque(ac->module->ldb, "templates_ldb", templates_ldb); if (ret != LDB_SUCCESS) { @@ -295,25 +274,7 @@ static int samldb_search_template(struct samldb_ctx *ac) talloc_steal(req, basedn); ac->ares = NULL; - /* NOTE: this is a request on a different database! - * Therefore we need to do a bloody sync call - * otherwise the fake event queue will never call it - * as it runs on the main ldb context and knows - * nothing about the templates_ldb one */ -#ifdef REAL_EVENT_SYSTEM_HOOKED_UP return ldb_request(templates_ldb, req); -#else - ret = ldb_request(templates_ldb, req); - if (ret != LDB_SUCCESS) { - return ret; - } - ret = ldb_wait(req->handle, LDB_WAIT_ALL); - if (ret != LDB_SUCCESS) { - return ret; - } - - return samldb_next_step(ac); -#endif } static int samldb_apply_template(struct samldb_ctx *ac) -- cgit From 4fa4a524de0647644abc842f34a926b458388b09 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 29 Sep 2008 13:52:23 +0200 Subject: [s3]fix build --with-cluster-support after ndr_[pull|push]_struct blob changes. Michael --- source3/lib/ctdbd_conn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c index 1ae23bcf82..5075476e94 100644 --- a/source3/lib/ctdbd_conn.c +++ b/source3/lib/ctdbd_conn.c @@ -260,7 +260,7 @@ static struct messaging_rec *ctdb_pull_messaging_rec(TALLOC_CTX *mem_ctx, blob = data_blob_const(msg->data, msg->datalen); ndr_err = ndr_pull_struct_blob( - &blob, result, result, + &blob, result, NULL, result, (ndr_pull_flags_fn_t)ndr_pull_messaging_rec); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { @@ -636,7 +636,7 @@ NTSTATUS ctdbd_messaging_send(struct ctdbd_connection *conn, } ndr_err = ndr_push_struct_blob( - &blob, mem_ctx, msg, + &blob, mem_ctx, NULL, msg, (ndr_push_flags_fn_t)ndr_push_messaging_rec); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From b8c9daac6eb8a2bcdb14c71c1ddfbfeba4b9b54d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Sep 2008 16:15:40 +1000 Subject: fixed segv on startup with trusted domains With some setups, idmap_tdb2_allocate_id can be called before the allocate backend is initialised, leading to a segv. This change ensures that the db is opened in all paths that use it --- source3/winbindd/idmap_tdb2.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 3066db6f3b..911f80c6a3 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -187,6 +187,10 @@ static NTSTATUS idmap_tdb2_allocate_id(struct unixid *xid) uint32_t high_hwm; uint32_t hwm; int res; + NTSTATUS status; + + status = idmap_tdb2_open_db(); + NT_STATUS_NOT_OK_RETURN(status); /* Get current high water mark */ switch (xid->type) { @@ -264,6 +268,10 @@ static NTSTATUS idmap_tdb2_get_hwm(struct unixid *xid) const char *hwmtype; uint32_t hwm; uint32_t high_hwm; + NTSTATUS status; + + status = idmap_tdb2_open_db(); + NT_STATUS_NOT_OK_RETURN(status); /* Get current high water mark */ switch (xid->type) { @@ -451,6 +459,10 @@ static NTSTATUS idmap_tdb2_id_to_sid(struct idmap_tdb2_context *ctx, struct id_m NTSTATUS ret; TDB_DATA data; char *keystr; + NTSTATUS status; + + status = idmap_tdb2_open_db(); + NT_STATUS_NOT_OK_RETURN(status); if (!ctx || !map) { return NT_STATUS_INVALID_PARAMETER; @@ -546,6 +558,10 @@ static NTSTATUS idmap_tdb2_sid_to_id(struct idmap_tdb2_context *ctx, struct id_m TDB_DATA data; char *keystr; unsigned long rec_id = 0; + NTSTATUS status; + + status = idmap_tdb2_open_db(); + NT_STATUS_NOT_OK_RETURN(status); if ((keystr = sid_string_talloc(ctx, map->sid)) == NULL) { DEBUG(0, ("Out of memory!\n")); -- cgit From a93dc2c8589428e409fca5a6c21db50db001fe92 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Sep 2008 16:23:17 +1000 Subject: removed unused variables --- source3/winbindd/idmap_tdb2.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source3/winbindd/idmap_tdb2.c b/source3/winbindd/idmap_tdb2.c index 911f80c6a3..8bde963c60 100644 --- a/source3/winbindd/idmap_tdb2.c +++ b/source3/winbindd/idmap_tdb2.c @@ -94,12 +94,11 @@ static NTSTATUS idmap_tdb2_open_db(void) */ static NTSTATUS idmap_tdb2_alloc_load(void) { - const char *range; uid_t low_uid = 0; uid_t high_uid = 0; gid_t low_gid = 0; gid_t high_gid = 0; - uint32 low_id, high_id; + uint32 low_id; /* see if a idmap script is configured */ idmap_tdb2_state.idmap_script = lp_parm_const_string(-1, "idmap", -- cgit From acf5f2e5b049f20049cb6c549a00ba4b95322aa0 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Sep 2008 14:27:50 +1000 Subject: fixed a segfault on the ctdb destructor code --- source3/lib/dbwrap_ctdb.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c index 63a5ce4de6..cd37d9e917 100644 --- a/source3/lib/dbwrap_ctdb.c +++ b/source3/lib/dbwrap_ctdb.c @@ -405,8 +405,9 @@ static struct db_record *db_ctdb_fetch_locked_transaction(struct db_ctdb_ctx *ct return result; } -static int db_ctdb_record_destructor(struct db_record *rec) +static int db_ctdb_record_destructor(struct db_record **recp) { + struct db_record *rec = talloc_get_type_abort(*recp, struct db_record); struct db_ctdb_transaction_handle *h = talloc_get_type_abort( rec->private_data, struct db_ctdb_transaction_handle); int ret = h->ctx->db->transaction_commit(h->ctx->db); @@ -424,7 +425,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx TDB_DATA key) { int res; - struct db_record *rec; + struct db_record *rec, **recp; res = db_ctdb_transaction_start(ctx->db); if (res == -1) { @@ -438,7 +439,13 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx } /* destroy this transaction when we release the lock */ - talloc_set_destructor((struct db_record *)talloc_new(rec), db_ctdb_record_destructor); + recp = talloc(rec, struct db_record *); + if (recp == NULL) { + ctx->db->transaction_cancel(ctx->db); + return NULL; + } + *recp = rec; + talloc_set_destructor(recp, db_ctdb_record_destructor); return rec; } -- cgit From 7caa8c85acfb6d6f8e16e95788fa5e84c031e111 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 15 Sep 2008 14:51:35 +1000 Subject: fixed an (unlikely) memory leak --- source3/lib/dbwrap_ctdb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/lib/dbwrap_ctdb.c b/source3/lib/dbwrap_ctdb.c index cd37d9e917..2818634b14 100644 --- a/source3/lib/dbwrap_ctdb.c +++ b/source3/lib/dbwrap_ctdb.c @@ -442,6 +442,7 @@ static struct db_record *db_ctdb_fetch_locked_persistent(struct db_ctdb_ctx *ctx recp = talloc(rec, struct db_record *); if (recp == NULL) { ctx->db->transaction_cancel(ctx->db); + talloc_free(rec); return NULL; } *recp = rec; -- cgit From 86612b1163d2dae8f707b6a038ad1a361c975973 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 17 Sep 2008 15:37:54 +1000 Subject: re-added "winbind:ignore domains" patch This option really is essential, as we discover again and again at customer sites. Due to bugs in winbind some domains are toxic. When you are installing at a site and a particular domain in a complex setup causes winbind to segfault or hang then you need a way to disable that domain and continue. In an ideal world winbind could handle arbitrarily complex ADS domains, but we are nowhere near that yet. If we ever get to that stage then we won't need this option. --- source3/winbindd/winbindd_util.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index 5b5ca41a74..b8cb27c797 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -111,7 +111,16 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const const char *alternative_name = NULL; char *idmap_config_option; const char *param; + const char **ignored_domains, **dom; + ignored_domains = lp_parm_string_list(-1, "winbind", "ignore domains", NULL); + for (dom=ignored_domains; dom && *dom; dom++) { + if (gen_fnmatch(*dom, domain_name) == 0) { + DEBUG(2,("Ignoring domain '%s'\n", domain_name)); + return NULL; + } + } + /* ignore alt_name if we are not in an AD domain */ if ( (lp_security() == SEC_ADS) && alt_name && *alt_name) { @@ -436,6 +445,10 @@ static void rescan_forest_root_trusts( void ) &dom_list[i].sid ); } + if (d == NULL) { + continue; + } + DEBUG(10,("rescan_forest_root_trusts: Following trust path " "for domain tree root %s (%s)\n", d->name, d->alt_name )); @@ -500,6 +513,10 @@ static void rescan_forest_trusts( void ) &cache_methods, &dom_list[i].sid ); } + + if (d == NULL) { + continue; + } DEBUG(10,("Following trust path for domain %s (%s)\n", d->name, d->alt_name )); -- cgit From b9ccf0dc6f34fe3d63b8272f61f9e1fef7f5d885 Mon Sep 17 00:00:00 2001 From: Holger Hetterich Date: Mon, 29 Sep 2008 14:34:36 +0200 Subject: Add an initial version of a manpage for the vfs_smb_traffic_analyzer module. (cherry picked from commit 7857b783049b19d32a078927a46cb1070e863b45) --- docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml | 157 +++++++++++++++++++++ 1 file changed, 157 insertions(+) create mode 100644 docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml new file mode 100644 index 0000000000..c0b1ef89e0 --- /dev/null +++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml @@ -0,0 +1,157 @@ + + + + + + smb_traffic_analyzer + 8 + Samba + System Administration tools + 3.2 + + + + + vfs_smb_traffic_analyzer + log Samba VFS read and write operations through a socket + to a helper application + + + + + vfs objects = smb_traffic_analyzer + + + + + DESCRIPTION + + This VFS module is part of the + samba + 7 suite. + + The vfs_smb_traffic_analyzer VFS module logs + client write and read operations on a Samba server and sends this data + over a socket to a helper program, which feeds a SQL database. More + information on the helper programs can be obtained from the + homepage of the project at: + http://holger123.wordpress.com/smb-traffic-analyzer/ + + vfs_smb_traffic_analyzer currently is aware + of the following VFS operations: + + + write + pwrite + read + pread + + + vfs_smb_traffic_analyzer sends the following data + in a fixed format seperated by a comma through either an internet or a + unix domain socket: + + BYTES|USER|DOMAIN|READ/WRITE|SHARE|FILENAME|TIMESTAMP + + + Description of the records: + + + BYTES - the length in bytes of the VFS operation + USER - the user who initiated the operation + DOMAIN - the domain of the user + READ/WRITE - either "W" for a write operation or "R" for read + SHARE - the name of the share on which the VFS operation occured + FILENAME - the name of the file that was used by the VFS operation + TIMESTAMP - a timestamp, formatted as "yyyy-mm-dd hh-mm-ss.ms" indicating when the VFS operation occured + + + + + This module is stackable. + + + + + + OPTIONS + + + + + smb_traffic_analyzer:mode = STRING + + If STRING matches to "unix_domain_socket", the module will + use a unix domain socket located at /var/tmp/stadsocket, if + STRING contains an different string or is not defined, the module will + use an internet domain socket for data transfer. + + + + + + + smb_traffic_analyzer:host = STRING + + The module will send the data to the system named with + the hostname STRING. + + + + + + smb_traffic_analyzer:port = STRING + + The module will send the data using the TCP port given + in STRING + + + + + + + + + + + EXAMPLES + + The module running on share "example_share", using a unix domain socket + + + /data/example + smb_traffic_analyzer + unix_domain_socket + + + The module running on share "example_share", using an internet domain socket, + connecting to host "examplehost" on port 3491. + + + /data/example + smb_traffic_analyzer + examplehost + 3490 + + + + + + VERSION + This man page is correct for version 3.2.0 of the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original version of the VFS module and the + helper tools were created by Holger Hetterich. + + + -- cgit From ec63cd6a7f87ebbc969fa270fefdde47385217b4 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 29 Sep 2008 15:39:43 +0200 Subject: docs: Adapt version strings in man vfs_smb_traffic_analyzer. Karolin (cherry picked from commit 662eda8458a304b224b6bc502f8030a07030b7c2) --- docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml index c0b1ef89e0..28c8413231 100644 --- a/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml +++ b/docs-xml/manpages-3/vfs_smb_traffic_analyzer.8.xml @@ -7,7 +7,7 @@ 8 Samba System Administration tools - 3.2 + 3.3 @@ -138,7 +138,7 @@ VERSION - This man page is correct for version 3.2.0 of the Samba suite. + This man page is correct for version 3.3 of the Samba suite. -- cgit From 0ee4d20adb21d2e4491ca0cbfe3c031cb89fde92 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 18 Sep 2008 05:01:47 +0200 Subject: s3:mapping_tdb: fix the del_aliasmem() function We should not cancel the transaction, when we want to delete a key. metze --- source3/groupdb/mapping_tdb.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/groupdb/mapping_tdb.c b/source3/groupdb/mapping_tdb.c index 7cee53a968..29927eb592 100644 --- a/source3/groupdb/mapping_tdb.c +++ b/source3/groupdb/mapping_tdb.c @@ -666,8 +666,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) if (num == 0) { status = dbwrap_delete_bystring(db, key); - TALLOC_FREE(sids); - goto cancel; + goto commit; } member_string = talloc_strdup(sids, ""); @@ -693,7 +692,7 @@ static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) status = dbwrap_store_bystring( db, key, string_term_tdb_data(member_string), 0); - + commit: TALLOC_FREE(sids); if (!NT_STATUS_IS_OK(status)) { -- cgit From 55e201b0a1b24e328b718b78ab8fa926bcc9e90b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Sep 2008 19:09:53 +0200 Subject: Avoid freeing fsp twice when opening new_file fails. (Debian #431696) If opening new_file fails, fsp would still be set to the files_struct of old_file. --- source3/printing/nt_printing.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index ded985c260..a3b3a1021f 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1377,6 +1377,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr } } close_file(fsp, NORMAL_CLOSE); + fsp = NULL; /* Get file version info (if available) for new file */ filepath = driver_unix_convert(conn,new_file,&stat_buf); -- cgit From c383e8d760b64cb25c93550876280b3c9fc33e5c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 29 Sep 2008 10:57:22 -0700 Subject: Ensure we null out fsp after a close in all paths. Jeremy. --- source3/printing/nt_printing.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a3b3a1021f..19c44d1bbb 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1418,6 +1418,7 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr } } close_file(fsp, NORMAL_CLOSE); + fsp = NULL; if (use_version && (new_major != old_major || new_minor != old_minor)) { /* Compare versions and choose the larger version number */ -- cgit From f22f04f76beba755ed5fcc7385de7b366b71032c Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 29 Sep 2008 22:47:07 +0200 Subject: Stop creating symlinks to libraries without sonames. (caused recursive symlinks overwriting the original file). --- source4/script/installlib.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/script/installlib.sh b/source4/script/installlib.sh index 962c9562b1..cc9ff0b9ea 100755 --- a/source4/script/installlib.sh +++ b/source4/script/installlib.sh @@ -15,7 +15,9 @@ for p in $*; do mv $LIBDIR/$p2 $LIBDIR/$p2.old fi cp $p $LIBDIR/ - ln -sf $p2 $LIBDIR/$lnname + if [ $p2 != $lnname ]; then + ln -sf $p2 $LIBDIR/$lnname + fi done cat << EOF -- cgit From 744667b3a9bc9d4d48e842378612b40b3539840a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 29 Sep 2008 22:57:16 +0200 Subject: Consistently use lower case variable names for path variables. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Patch by Matthias Dieter Wallnöfer and me. --- source4/Makefile | 32 ++++++++++++++++---------------- source4/dynconfig/config.mk | 12 ++++++------ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/source4/Makefile b/source4/Makefile index 813f0cedd4..cb4aa0e916 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -10,11 +10,11 @@ include mkconfig.mk pidldir := $(srcdir)/../pidl -BASEDIR = $(prefix) -TORTUREDIR = $(libdir)/torture -SWATDIR = $(datadir)/swat -SETUPDIR = $(datadir)/setup -NCALRPCDIR = $(localstatedir)/ncalrpc +basedir = $(prefix) +torturedir = $(libdir)/torture +swatdir = $(datadir)/swat +setupdir = $(datadir)/setup +ncalrpcdir = $(localstatedir)/ncalrpc BNLD = $(LD) BNLD_FLAGS = $(LDFLAGS) $(SYS_LDFLAGS) @@ -133,7 +133,7 @@ include $(srcdir)/static_deps.mk endif clean:: - @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f + @find ../lib ../libcli -name '*.o' -o -name '*.hd' | xargs rm -f DEFAULT_HEADERS = $(srcdir)/lib/util/dlinklist.h \ $(srcdir)/version.h @@ -155,7 +155,7 @@ testsuite:: bin/smbclient bin/cifsdd bin/smbtorture bin/nmblookup showlayout:: @echo 'Samba will be installed into:' - @echo ' basedir: $(BASEDIR)' + @echo ' basedir: $(basedir)' @echo ' bindir: $(bindir)' @echo ' sbindir: $(sbindir)' @echo ' libdir: $(libdir)' @@ -166,10 +166,10 @@ showlayout:: @echo ' piddir: $(piddir)' @echo ' lockdir: $(lockdir)' @echo ' logfilebase: $(logfilebase)' - @echo ' setupdir: $(SETUPDIR)' - @echo ' swatdir: $(SWATDIR)' + @echo ' setupdir: $(setupdir)' + @echo ' swatdir: $(swatdir)' @echo ' mandir: $(mandir)' - @echo ' torturedir: $(TORTUREDIR)' + @echo ' torturedir: $(torturedir)' @echo ' datadir: $(datadir)' @echo ' winbindd_socket_dir: $(winbindd_socket_dir)' @echo ' ntp_signd_socket_dir: $(ntp_signd_socket_dir)' @@ -194,10 +194,10 @@ install:: showlayout everything installbin installsbin installdat installswat in installdirs:: @$(SHELL) $(srcdir)/script/installdirs.sh \ - $(DESTDIR)$(BASEDIR) \ + $(DESTDIR)$(basedir) \ $(DESTDIR)$(bindir) \ $(DESTDIR)$(sbindir) \ - $(DESTDIR)$(TORTUREDIR) \ + $(DESTDIR)$(torturedir) \ $(DESTDIR)$(libdir) \ $(DESTDIR)$(modulesdir) \ $(DESTDIR)$(mandir) \ @@ -211,7 +211,7 @@ installdirs:: $(DESTDIR)$(logfilebase) \ $(DESTDIR)$(privatedir)/tls \ $(DESTDIR)$(includedir) \ - $(DESTDIR)$(PKGCONFIGDIR) \ + $(DESTDIR)$(pkgconfigdir) \ $(DESTDIR)$(sysconfdir) installbin:: installdirs @@ -230,16 +230,16 @@ installdat:: installdirs installswat:: installdirs #SWAT has been disabled until further notice -# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir) +# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(swatdir) $(srcdir) installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) installmisc:: installdirs - @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(SETUPDIR) $(DESTDIR)$(bindir) + @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) installpc:: installdirs - @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(PKGCONFIGDIR) $(PC_FILES) + @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) uninstall:: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \ uninstallplugins diff --git a/source4/dynconfig/config.mk b/source4/dynconfig/config.mk index 699c30e764..f79cdb8e75 100644 --- a/source4/dynconfig/config.mk +++ b/source4/dynconfig/config.mk @@ -6,19 +6,19 @@ DYNCONFIG_OBJ_FILES = $(dynconfigsrcdir)/dynconfig.o # These can be overridden by command line switches (see samba(8)) # or in smb.conf (see smb.conf(5)) CONFIG4FILE = $(sysconfdir)/smb.conf -PKGCONFIGDIR = $(libdir)/pkgconfig +pkgconfigdir = $(libdir)/pkgconfig LMHOSTSFILE4 = $(sysconfdir)/lmhosts $(dynconfigsrcdir)/dynconfig.o: CFLAGS+=-DCONFIGFILE=\"$(CONFIG4FILE)\" -DBINDIR=\"$(bindir)\" \ -DLMHOSTSFILE=\"$(LMHOSTSFILE4)\" \ -DLOCKDIR=\"$(lockdir)\" -DPIDDIR=\"$(piddir)\" -DDATADIR=\"$(datadir)\" \ -DLOGFILEBASE=\"$(logfilebase)\" \ - -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(NCALRPCDIR)\" \ - -DSWATDIR=\"$(SWATDIR)\" \ + -DCONFIGDIR=\"$(sysconfdir)\" -DNCALRPCDIR=\"$(ncalrpcdir)\" \ + -DSWATDIR=\"$(swatdir)\" \ -DPRIVATE_DIR=\"$(privatedir)\" \ - -DMODULESDIR=\"$(modulesdir)\" -DJSDIR=\"$(JSDIR)\" \ - -DTORTUREDIR=\"$(TORTUREDIR)\" \ - -DSETUPDIR=\"$(SETUPDIR)\" \ + -DMODULESDIR=\"$(modulesdir)\" \ + -DTORTUREDIR=\"$(torturedir)\" \ + -DSETUPDIR=\"$(setupdir)\" \ -DWINBINDD_PRIVILEGED_SOCKET_DIR=\"$(winbindd_privileged_socket_dir)\" \ -DWINBINDD_SOCKET_DIR=\"$(winbindd_socket_dir)\" \ -DNTP_SIGND_SOCKET_DIR=\"$(ntp_signd_socket_dir)\" -- cgit From a270ddb6e3d5bd5b72558809877d27c3c344797d Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 14:04:48 -0700 Subject: make the schannel creentials persistent this makes testing with the WSPP test suite much easier over samba restarts --- source4/auth/gensec/schannel_state.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/auth/gensec/schannel_state.c b/source4/auth/gensec/schannel_state.c index 0388b3caf6..64c21d0c3e 100644 --- a/source4/auth/gensec/schannel_state.c +++ b/source4/auth/gensec/schannel_state.c @@ -44,7 +44,7 @@ struct ldb_context *schannel_db_connect(TALLOC_CTX *mem_ctx, struct event_contex "computerName: CASE_INSENSITIVE\n" \ "flatname: CASE_INSENSITIVE\n"; - path = smbd_tmp_path(mem_ctx, lp_ctx, "schannel.ldb"); + path = private_path(mem_ctx, lp_ctx, "schannel.ldb"); if (!path) { return NULL; } -- cgit From dd4d309cac42c353c118d50e2f47ed0d27f429fb Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Mon, 29 Sep 2008 23:34:05 +0200 Subject: Patch by Matthias that removes old SWAT support and fixes uninstall. --- source4/Makefile | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/source4/Makefile b/source4/Makefile index cb4aa0e916..8f31979f21 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -181,7 +181,7 @@ showflags:: # The permissions to give the executables INSTALLPERMS = 0755 -install:: showlayout everything installbin installsbin installdat installswat installmisc \ +install:: showlayout everything installbin installsbin installdat installmisc \ installlib installheader installpc installplugins # DESTDIR is used here to prevent packagers wasting their time @@ -228,10 +228,6 @@ installheader:: headers installdirs installdat:: installdirs @$(SHELL) $(srcdir)/script/installdat.sh $(DESTDIR)$(datadir) $(srcdir) -installswat:: installdirs -#SWAT has been disabled until further notice -# @$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(swatdir) $(srcdir) - installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) @@ -241,11 +237,12 @@ installmisc:: installdirs installpc:: installdirs @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) -uninstall:: uninstallbin uninstallman uninstallmisc uninstalllib uninstallheader \ - uninstallplugins +uninstall:: uninstallbin uninstallsbin uninstalldat uninstallmisc uninstalllib uninstallheader \ + uninstallman uninstallpc uninstallplugins uninstallmisc:: - #FIXME + @echo "Removing MISC files" + @cd $(DESTDIR)$(bindir); rm -f $(notdir $(miscbinfiles)) $(DESTDIR)$(bindir)/%: bin/% installdirs @mkdir -p $(@D) @@ -261,19 +258,27 @@ $(DESTDIR)$(sbindir)/%: bin/% installdirs @cp $< $@ @chmod $(INSTALLPERMS) $@ +uninstalldat:: + @echo "Removing DAT files" + @rm -fr $(DESTDIR)$(datadir)/* + uninstallbin:: uninstalllib:: + @echo "Removing libraries" @$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(SHARED_LIBS) - #@$(SHELL) $(srcdir)/script/uninstalllib.sh $(DESTDIR)$(libdir) $(STATIC_LIBS) uninstallheader:: - @$(SHELL) $(srcdir)/script/uninstallheader.sh $(DESTDIR)$(includedir) $(PUBLIC_HEADERS) + @echo "Removing headers" + @rm -fr $(DESTDIR)$(includedir)/* uninstallman:: + @echo "Removing manpages" @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(mandir) $(MANPAGES) -uninstallplugins:: +uninstallpc:: + @echo "Removing package configurations" + @cd $(DESTDIR)$(pkgconfigdir); rm -f $(notdir $(PC_FILES)) config.status: @echo "config.status does not exist. Please run ./configure." -- cgit From 2ed71ce6bc97cbb9b854bb24ab49001910eda36d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:28:06 +0200 Subject: Remove ldb_module_wait implementation - ldb_module.wait() is gone. --- source4/lib/ldb/ldb.i | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 1e3a3169c8..024ba1959a 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -1219,22 +1219,6 @@ int py_module_del_transaction(struct ldb_module *mod) return LDB_SUCCESS; } -int py_module_wait(struct ldb_handle *mod, enum ldb_wait_type wait_type) -{ - PyObject *py_ldb = mod->private_data; - PyObject *py_result; - - py_result = PyObject_CallMethod(py_ldb, "wait", "i", wait_type); - - if (py_result == NULL) { - return LDB_ERR_OPERATIONS_ERROR; - } - - Py_DECREF(py_result); - - return LDB_SUCCESS; -} - int py_module_sequence_number(struct ldb_module *mod, struct ldb_request *req) { PyObject *py_ldb = mod->private_data; @@ -1308,7 +1292,6 @@ int py_module_init (struct ldb_module *mod) $1->start_transaction = py_module_start_transaction; $1->end_transaction = py_module_end_transaction; $1->del_transaction = py_module_del_transaction; - $1->wait = py_module_wait; $1->sequence_number = py_module_sequence_number; } -- cgit From f379f67dd287292e3bb7b606f1bdc3fe7a8db59c Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:29:03 +0200 Subject: Fix installation of misc files. --- pidl/config.mk | 4 ++-- source4/Makefile | 13 +++++++++++-- source4/dynconfig/dynconfig.c | 3 --- source4/script/installmisc.sh | 6 ------ 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/pidl/config.mk b/pidl/config.mk index 07c8647ecd..45582f5d56 100644 --- a/pidl/config.mk +++ b/pidl/config.mk @@ -1,13 +1,13 @@ PIDL = $(PERL) $(pidldir)/pidl $(pidldir)/Makefile: $(pidldir)/Makefile.PL - cd $(pidldir) && $(PERL) Makefile.PL PREFIX=$(prefix) + @cd $(pidldir) && $(PERL) Makefile.PL PREFIX=$(prefix) pidl-testcov: $(pidldir)/Makefile cd $(pidldir) && cover -test installpidl:: $(pidldir)/Makefile - $(MAKE) -C $(pidldir) install_vendor VENDORPREFIX=$(prefix) \ + @$(MAKE) -C $(pidldir) install_vendor VENDORPREFIX=$(prefix) \ INSTALLVENDORLIB=$(datarootdir)/perl5 \ INSTALLVENDORBIN=$(bindir) \ INSTALLVENDORSCRIPT=$(bindir) \ diff --git a/source4/Makefile b/source4/Makefile index 8f31979f21..71529305b4 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -107,6 +107,15 @@ comsrcdir := $(srcdir)/lib/com include data.mk +$(foreach SCRIPT,$(wildcard scripting/bin/*),$(eval $(call binary_install_template,$(SCRIPT)))) + +$(DESTDIR)$(bindir)/%: scripting/bin/% installdirs + @mkdir -p $(@D) + @echo Installing $(@F) as $@ + @if test -f $@; then echo -n ""; rm -f $@.old; mv $@ $@.old; fi + @cp $< $@ + @chmod $(INSTALLPERMS) $@ + pythonmods:: $(PYTHON_PYS) $(PYTHON_SO) DEP_FILES = $(patsubst %.ho,%.hd,$(patsubst %.o,%.d,$(ALL_OBJS))) \ @@ -232,7 +241,7 @@ installman:: manpages installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(mandir) $(MANPAGES) installmisc:: installdirs - @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) $(DESTDIR)$(bindir) + @$(SHELL) $(srcdir)/script/installmisc.sh $(srcdir) $(DESTDIR)$(setupdir) installpc:: installdirs @$(SHELL) $(srcdir)/script/installpc.sh $(builddir) $(DESTDIR)$(pkgconfigdir) $(PC_FILES) @@ -242,7 +251,7 @@ uninstall:: uninstallbin uninstallsbin uninstalldat uninstallmisc uninstalllib u uninstallmisc:: @echo "Removing MISC files" - @cd $(DESTDIR)$(bindir); rm -f $(notdir $(miscbinfiles)) + @rm -rf $(DESTDIR)$(setupdir)/* $(DESTDIR)$(bindir)/%: bin/% installdirs @mkdir -p $(@D) diff --git a/source4/dynconfig/dynconfig.c b/source4/dynconfig/dynconfig.c index 507570318d..e0cabef317 100644 --- a/source4/dynconfig/dynconfig.c +++ b/source4/dynconfig/dynconfig.c @@ -79,9 +79,6 @@ _PUBLIC_ const char *dyn_SWATDIR = SWATDIR; /** SETUP files (source files used by the provision) */ _PUBLIC_ const char *dyn_SETUPDIR = SETUPDIR; -/** EJS Javascript library includes */ -_PUBLIC_ const char *dyn_JSDIR = JSDIR; - /** Where to find the winbindd socket */ _PUBLIC_ const char *dyn_WINBINDD_SOCKET_DIR = WINBINDD_SOCKET_DIR; diff --git a/source4/script/installmisc.sh b/source4/script/installmisc.sh index eb347307ba..2bd34b119f 100755 --- a/source4/script/installmisc.sh +++ b/source4/script/installmisc.sh @@ -3,7 +3,6 @@ SRCDIR="$1" SETUPDIR="$2" -BINDIR="$3" cd $SRCDIR || exit 1 @@ -25,9 +24,4 @@ cp setup/provision.smb.conf.dc $SETUPDIR || exit 1 cp setup/provision.smb.conf.member $SETUPDIR || exit 1 cp setup/provision.smb.conf.standalone $SETUPDIR || exit 1 -echo "Installing script tools" -mkdir -p "$BINDIR" -rm -f scripting/bin/*~ -cp scripting/bin/* $BINDIR/ || exit 1 - exit 0 -- cgit From 257fe87efd079ccc085e67d04c7797dbf2e84c51 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:32:20 +0200 Subject: Re-add uninstallplugins, there has to be at least one instance of this. --- source4/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source4/Makefile b/source4/Makefile index 71529305b4..74383b1a59 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -285,6 +285,8 @@ uninstallman:: @echo "Removing manpages" @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(mandir) $(MANPAGES) +uninstallplugins:: + uninstallpc:: @echo "Removing package configurations" @cd $(DESTDIR)$(pkgconfigdir); rm -f $(notdir $(PC_FILES)) -- cgit From 21df9532f54ad15c308630672f3b8a6dc4ce6294 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 00:48:13 +0200 Subject: Remove unused uninstallheader script. --- source4/script/uninstallheader.sh | 35 ----------------------------------- 1 file changed, 35 deletions(-) delete mode 100755 source4/script/uninstallheader.sh diff --git a/source4/script/uninstallheader.sh b/source4/script/uninstallheader.sh deleted file mode 100755 index cb491f071a..0000000000 --- a/source4/script/uninstallheader.sh +++ /dev/null @@ -1,35 +0,0 @@ -#!/bin/sh -# based on uninstallbin.sh: -# 4 July 96 Dan.Shearer@UniSA.edu.au - -INCLUDEDIR=$1 -shift - -if [ ! -d $INCLUDEDIR ]; then - echo Directory $INCLUDEDIR does not exist! - echo Do a "make installbin" or "make install" first. - exit 1 -fi - -for p in $*; do - p2=`basename $p` - if [ -f $INCLUDEDIR/$p2 ]; then - echo Removing $INCLUDEDIR/$p2 - rm -f $INCLUDEDIR/$p2 - if [ -f $INCLUDEDIR/$p2 ]; then - echo Cannot remove $INCLUDEDIR/$p2 ... does $USER have privileges? - fi - fi -done - - -cat << EOF -====================================================================== -The headers have been uninstalled. You may restore the headers using -the command "make installheader" or "make install" to install binaries, -man pages, modules and shell scripts. You can restore a previous -version of the headers (if there were any) using "make revert". -====================================================================== -EOF - -exit 0 -- cgit From 750a848d0dbae8ea66a9f265294d7f95556c0c27 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:01:07 -0700 Subject: added some more well known SIDs - thanks to the WSPP LSAT test suite --- source4/librpc/idl/security.idl | 6 ++++ source4/rpc_server/lsa/lsa_lookup.c | 43 +++++++++++++++++++++++++- source4/setup/provision_users.ldif | 60 +++++++++++++++++++++++++++++++++++++ 3 files changed, 108 insertions(+), 1 deletion(-) diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 80efe46453..ac7641c0af 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -153,6 +153,7 @@ interface security const string SID_CREATOR_OWNER_DOMAIN = "S-1-3"; const string SID_CREATOR_OWNER = "S-1-3-0"; const string SID_CREATOR_GROUP = "S-1-3-1"; + const string SID_OWNER_RIGHTS = "S-1-3-4"; /* SECURITY_NT_AUTHORITY */ const string NAME_NT_AUTHORITY = "NT AUTHORITY"; @@ -172,9 +173,14 @@ interface security const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13"; const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14"; const string SID_NT_THIS_ORGANISATION = "S-1-5-15"; + const string SID_NT_IUSR = "S-1-5-17"; const string SID_NT_SYSTEM = "S-1-5-18"; const string SID_NT_LOCAL_SERVICE = "S-1-5-19"; const string SID_NT_NETWORK_SERVICE = "S-1-5-20"; + const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21"; + const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10"; + const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14"; + const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000"; /* SECURITY_BUILTIN_DOMAIN_RID */ const string NAME_BUILTIN = "BUILTIN"; diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 30bceb8139..acd3164b69 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -43,6 +43,11 @@ static const struct { .sid = SID_CREATOR_GROUP, .rtype = SID_NAME_WKN_GRP, }, + { + .name = "Owner Rights", + .sid = SID_OWNER_RIGHTS, + .rtype = SID_NAME_WKN_GRP, + }, { .domain = "NT AUTHORITY", .name = "Dialup", @@ -111,7 +116,7 @@ static const struct { }, { .domain = "NT AUTHORITY", - .name = "Termainal Server User", + .name = "Terminal Server User", .sid = SID_NT_TERMINAL_SERVER_USERS, .rtype = SID_NAME_WKN_GRP, }, @@ -145,6 +150,42 @@ static const struct { .sid = SID_NT_NETWORK_SERVICE, .rtype = SID_NAME_WKN_GRP, }, + { + .domain = "NT AUTHORITY", + .name = "Digest Authentication", + .sid = SID_NT_DIGEST_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "Enterprise Domain Controllers", + .sid = SID_NT_ENTERPRISE_DCS, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "NTLM Authentication", + .sid = SID_NT_NTLM_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "Other Organization", + .sid = SID_NT_OTHER_ORGANISATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "SChannel Authentication", + .sid = SID_NT_SCHANNEL_AUTHENTICATION, + .rtype = SID_NAME_WKN_GRP, + }, + { + .domain = "NT AUTHORITY", + .name = "IUSR", + .sid = SID_NT_IUSR, + .rtype = SID_NAME_WKN_GRP, + }, { .sid = NULL, } diff --git a/source4/setup/provision_users.ldif b/source4/setup/provision_users.ldif index 854c42d07c..c61cb805c4 100644 --- a/source4/setup/provision_users.ldif +++ b/source4/setup/provision_users.ldif @@ -137,6 +137,66 @@ sAMAccountName: RAS and IAS Servers groupType: -2147483644 isCriticalSystemObject: TRUE +dn: CN=Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Read-Only Domain Controllers +description: read-only domain controllers +objectSid: ${DOMAINSID}-521 +sAMAccountName: Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Enterprise Read-Only Domain Controllers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Enterprise Read-Only Domain Controllers +description: enterprise read-only domain controllers +objectSid: ${DOMAINSID}-498 +sAMAccountName: Enterprise Read-Only Domain Controllers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Certificate Service DCOM Access,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Certificate Service DCOM Access +description: Certificate Service DCOM Access +objectSid: ${DOMAINSID}-574 +sAMAccountName: Certificate Service DCOM Access +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Cryptographic Operators,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Cryptographic Operators +description: Cryptographic Operators +objectSid: ${DOMAINSID}-569 +sAMAccountName: Cryptographic Operators +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=Event Log Readers,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: Event Log Readers +description: Event Log Readers +objectSid: ${DOMAINSID}-573 +sAMAccountName: Event Log Readers +groupType: -2147483644 +isCriticalSystemObject: TRUE + +dn: CN=IIS_IUSRS,CN=Users,${DOMAINDN} +objectClass: top +objectClass: group +cn: IIS_IUSRS +description: IIS_IUSRS +objectSid: ${DOMAINSID}-568 +sAMAccountName: IIS_IUSRS +groupType: -2147483644 +isCriticalSystemObject: TRUE + dn: CN=Administrators,CN=Builtin,${DOMAINDN} objectClass: top objectClass: group -- cgit From 385015f8f2ea44e8f846e72c7bc74d4c489ae49e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:10:54 -0700 Subject: unmapped SIDs should be rid 0 not rid -1 --- source4/rpc_server/lsa/lsa_lookup.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index acd3164b69..5f080e6da2 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -892,7 +892,10 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, r->out.sids->count++; r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN; - r->out.sids->sids[i].rid = 0xFFFFFFFF; + /* MS-LSAT 3.1.4.7 - rid zero is considered equivalent + to sid NULL - so we should return 0 rid for + unmapped entries */ + r->out.sids->sids[i].rid = 0; r->out.sids->sids[i].sid_index = 0xFFFFFFFF; r->out.sids->sids[i].unknown = 0; -- cgit From c8a19f0b8373bec27f4d3638bb731963896f3ff5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:29:53 +0200 Subject: Pass options struct into session initialization functions rather than using global_loadparm. --- source4/libcli/cliconnect.c | 6 +++++- source4/libcli/raw/clisession.c | 7 +++---- source4/libcli/smb_composite/connect.c | 5 ++++- source4/param/loadparm.c | 8 ++++++++ source4/param/param.h | 3 +++ source4/torture/basic/secleak.c | 5 ++++- source4/torture/raw/context.c | 26 ++++++++++++++++++-------- source4/torture/raw/lock.c | 5 ++++- source4/torture/rpc/samba3rpc.c | 8 ++++++-- 9 files changed, 55 insertions(+), 18 deletions(-) diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index c20a7fd935..6fb9f130a9 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -73,8 +73,12 @@ NTSTATUS smbcli_session_setup(struct smbcli_state *cli, { struct smb_composite_sesssetup setup; NTSTATUS status; + struct smbcli_session_options options; - cli->session = smbcli_session_init(cli->transport, cli, true); + lp_smbcli_session_options(global_loadparm, &options); + + cli->session = smbcli_session_init(cli->transport, cli, true, + options); if (!cli->session) return NT_STATUS_UNSUCCESSFUL; setup.in.sesskey = cli->transport->negotiate.sesskey; diff --git a/source4/libcli/raw/clisession.c b/source4/libcli/raw/clisession.c index ad4ca7b471..38d8f700f2 100644 --- a/source4/libcli/raw/clisession.c +++ b/source4/libcli/raw/clisession.c @@ -35,7 +35,8 @@ Initialize the session context ****************************************************************************/ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport, - TALLOC_CTX *parent_ctx, bool primary) + TALLOC_CTX *parent_ctx, bool primary, + struct smbcli_session_options options) { struct smbcli_session *session; uint16_t flags2; @@ -53,9 +54,7 @@ struct smbcli_session *smbcli_session_init(struct smbcli_transport *transport, } session->pid = (uint16_t)getpid(); session->vuid = UID_FIELD_INVALID; - session->options.lanman_auth = lp_client_lanman_auth(global_loadparm); - session->options.ntlmv2_auth = lp_client_ntlmv2_auth(global_loadparm); - session->options.plaintext_auth = lp_client_plaintext_auth(global_loadparm); + session->options = options; capabilities = transport->negotiate.capabilities; diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index e56339f96b..5f651f4865 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -229,12 +229,15 @@ static NTSTATUS connect_negprot(struct composite_context *c, { struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); NTSTATUS status; + struct smbcli_session_options options; + + lp_smbcli_session_options(global_loadparm, &options); status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); /* next step is a session setup */ - state->session = smbcli_session_init(state->transport, state, true); + state->session = smbcli_session_init(state->transport, state, true, options); NT_STATUS_HAVE_NO_MEMORY(state->session); /* setup for a tconx (or at least have the structure ready to diff --git a/source4/param/loadparm.c b/source4/param/loadparm.c index 15edbd1f89..0042dbd876 100644 --- a/source4/param/loadparm.c +++ b/source4/param/loadparm.c @@ -2629,3 +2629,11 @@ void lp_smbcli_options(struct loadparm_context *lp_ctx, options->use_oplocks = true; options->use_level2_oplocks = true; } + +void lp_smbcli_session_options(struct loadparm_context *lp_ctx, + struct smbcli_session_options *options) +{ + options->lanman_auth = lp_client_lanman_auth(lp_ctx); + options->ntlmv2_auth = lp_client_ntlmv2_auth(lp_ctx); + options->plaintext_auth = lp_client_plaintext_auth(lp_ctx); +} diff --git a/source4/param/param.h b/source4/param/param.h index 4ed2654692..4c6e8b79a2 100644 --- a/source4/param/param.h +++ b/source4/param/param.h @@ -60,6 +60,7 @@ enum announce_as {/* Types of machine we can announce as. */ struct loadparm_context; struct loadparm_service; struct smbcli_options; +struct smbcli_session_options; void reload_charcnv(struct loadparm_context *lp_ctx); @@ -318,6 +319,8 @@ int lp_maxprintjobs(struct loadparm_service *service, struct loadparm_service *s struct smb_iconv_convenience *lp_iconv_convenience(struct loadparm_context *lp_ctx); void lp_smbcli_options(struct loadparm_context *lp_ctx, struct smbcli_options *options); +void lp_smbcli_session_options(struct loadparm_context *lp_ctx, + struct smbcli_session_options *options); /* The following definitions come from param/generic.c */ diff --git a/source4/torture/basic/secleak.c b/source4/torture/basic/secleak.c index 4caeee72a4..ca1fd444d9 100644 --- a/source4/torture/basic/secleak.c +++ b/source4/torture/basic/secleak.c @@ -36,8 +36,11 @@ static bool try_failed_login(struct torture_context *tctx, struct smbcli_state * NTSTATUS status; struct smb_composite_sesssetup setup; struct smbcli_session *session; + struct smbcli_session_options options; - session = smbcli_session_init(cli->transport, cli, false); + lp_smbcli_session_options(tctx->lp_ctx, &options); + + session = smbcli_session_init(cli->transport, cli, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); diff --git a/source4/torture/raw/context.c b/source4/torture/raw/context.c index 15e736fff5..450ad0f260 100644 --- a/source4/torture/raw/context.c +++ b/source4/torture/raw/context.c @@ -81,6 +81,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; int i; + struct smbcli_session_options options; printf("TESTING SESSION HANDLING\n"); @@ -89,7 +90,10 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) } printf("create a second security context on the same transport\n"); - session = smbcli_session_init(cli->transport, tctx, false); + + lp_smbcli_session_options(tctx->lp_ctx, &options); + + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ @@ -103,7 +107,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) session->vuid = setup.out.vuid; printf("create a third security context on the same transport, with vuid set\n"); - session2 = smbcli_session_init(cli->transport, tctx, false); + session2 = smbcli_session_init(cli->transport, tctx, false, options); session2->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -130,7 +134,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) if (cli->transport->negotiate.capabilities & CAP_EXTENDED_SECURITY) { printf("create a fourth security context on the same transport, without extended security\n"); - session3 = smbcli_session_init(cli->transport, tctx, false); + session3 = smbcli_session_init(cli->transport, tctx, false, options); session3->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -144,7 +148,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) CHECK_STATUS(status, NT_STATUS_LOGON_FAILURE); printf("create a fouth anonymous security context on the same transport, without extended security\n"); - session4 = smbcli_session_init(cli->transport, tctx, false); + session4 = smbcli_session_init(cli->transport, tctx, false, options); session4->vuid = session->vuid; setup.in.sesskey = cli->transport->negotiate.sesskey; @@ -230,7 +234,7 @@ static bool test_session(struct smbcli_state *cli, struct torture_context *tctx) setups[i].in.credentials = cmdline_credentials; - sessions[i] = smbcli_session_init(cli->transport, tctx, false); + sessions[i] = smbcli_session_init(cli->transport, tctx, false, options); composite_contexts[i] = smb_composite_sesssetup_send(sessions[i], &setups[i]); } @@ -379,6 +383,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * const char *fname1 = BASEDIR "\\test1.txt"; const char *fname2 = BASEDIR "\\test2.txt"; uint8_t c = 1; + struct smbcli_session_options options; printf("TESTING TREE with ulogoff\n"); @@ -389,8 +394,10 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * share = torture_setting_string(tctx, "share", NULL); host = torture_setting_string(tctx, "host", NULL); + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("create the first new sessions\n"); - session1 = smbcli_session_init(cli->transport, tctx, false); + session1 = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); @@ -446,7 +453,7 @@ static bool test_tree_ulogoff(struct smbcli_state *cli, struct torture_context * CHECK_STATUS(status, NT_STATUS_OK); printf("create the second new sessions\n"); - session2 = smbcli_session_init(cli->transport, tctx, false); + session2 = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); @@ -634,6 +641,7 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct const char *fname = BASEDIR "\\test.txt"; uint8_t c = 1; uint16_t vuid1, vuid2; + struct smbcli_session_options options; printf("TESTING PID HANDLING WITH 2 SESSIONS\n"); @@ -641,8 +649,10 @@ static bool test_pid_2sess(struct smbcli_state *cli, struct torture_context *tct return false; } + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("create a second security context on the same transport\n"); - session = smbcli_session_init(cli->transport, tctx, false); + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; /* ignored in secondary session setup, except by our libs, which care about the extended security bit */ diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c index cd8d606795..dbe071c9ad 100644 --- a/source4/torture/raw/lock.c +++ b/source4/torture/raw/lock.c @@ -456,11 +456,14 @@ static bool test_async(struct torture_context *tctx, const char *fname = BASEDIR "\\test.txt"; time_t t; struct smbcli_request *req; + struct smbcli_session_options options; if (!torture_setup_dir(cli, BASEDIR)) { return false; } + lp_smbcli_session_options(tctx->lp_ctx, &options); + printf("Testing LOCKING_ANDX_CANCEL_LOCK\n"); io.generic.level = RAW_LOCK_LOCKX; @@ -590,7 +593,7 @@ static bool test_async(struct torture_context *tctx, } printf("create a new sessions\n"); - session = smbcli_session_init(cli->transport, tctx, false); + session = smbcli_session_init(cli->transport, tctx, false, options); setup.in.sesskey = cli->transport->negotiate.sesskey; setup.in.capabilities = cli->transport->negotiate.capabilities; setup.in.workgroup = lp_workgroup(tctx->lp_ctx); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 3bbf6cf223..e030b972f8 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -74,6 +74,7 @@ bool torture_bind_authcontext(struct torture_context *torture) struct cli_credentials *anon_creds; struct smb_composite_sesssetup setup; struct smbcli_options options; + struct smbcli_session_options session_options; mem_ctx = talloc_init("torture_bind_authcontext"); @@ -83,6 +84,7 @@ bool torture_bind_authcontext(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), @@ -142,7 +144,7 @@ bool torture_bind_authcontext(struct torture_context *torture) goto done; } - session2 = smbcli_session_init(cli->transport, mem_ctx, false); + session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options); if (session2 == NULL) { d_printf("smbcli_session_init failed\n"); goto done; @@ -1670,12 +1672,14 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) struct cli_credentials *user_creds; char *domain_name; struct smbcli_options options; + struct smbcli_session_options session_options; if (!(mem_ctx = talloc_new(torture))) { return false; } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection( mem_ctx, &cli, torture_setting_string(torture, "host", NULL), @@ -1762,7 +1766,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) struct smb_composite_sesssetup setup; struct smbcli_tree *tree; - session2 = smbcli_session_init(cli->transport, mem_ctx, false); + session2 = smbcli_session_init(cli->transport, mem_ctx, false, session_options); if (session2 == NULL) { d_printf("(%s) smbcli_session_init failed\n", __location__); -- cgit From 83183bf38190b867ca4bb7ebda1136803e36f777 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:38:51 +0200 Subject: Explicitly pass on session options to session setup function. --- source4/client/smbmount.c | 19 ++++++++++++++----- source4/libcli/cliconnect.c | 6 ++---- 2 files changed, 16 insertions(+), 9 deletions(-) diff --git a/source4/client/smbmount.c b/source4/client/smbmount.c index 9ab6c375f2..37c9eaadc4 100644 --- a/source4/client/smbmount.c +++ b/source4/client/smbmount.c @@ -111,7 +111,8 @@ static void usr1_handler(int x) /***************************************************** return a connection to a server *******************************************************/ -static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol) +static struct smbcli_state *do_connection(const char *the_service, bool unicode, int maxprotocol, + struct smbcli_session_options session_options) { struct smbcli_state *c; struct nmb_name called, calling; @@ -210,11 +211,12 @@ static struct smbcli_state *do_connection(const char *the_service, bool unicode, if (!smbcli_session_setup(c, username, password, strlen(password), password, strlen(password), - workgroup)) { + workgroup, session_options)) { /* if a password was not supplied then try again with a null username */ if (password[0] || !username[0] || - !smbcli_session_setup(c, "", "", 0, "", 0, workgroup)) { + !smbcli_session_setup(c, "", "", 0, "", 0, workgroup, + session_options)) { DEBUG(0,("%d: session setup failed: %s\n", sys_getpid(), smbcli_errstr(c))); talloc_free(c); @@ -329,6 +331,9 @@ static void send_fs_socket(struct loadparm_context *lp_ctx, int fd, closed = 0, res = 1; pid_t parentpid = getppid(); struct smb_conn_opt conn_options; + struct smbcli_session_options session_options; + + lp_smbcli_session_options(lp_ctx, &session_options); memset(&conn_options, 0, sizeof(conn_options)); @@ -409,7 +414,8 @@ static void send_fs_socket(struct loadparm_context *lp_ctx, DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid())); c = do_connection(the_service, lp_unicode(lp_ctx), - lp_cli_maxprotocol(lp_ctx)); + lp_cli_maxprotocol(lp_ctx), + session_options); } } @@ -430,14 +436,17 @@ static void init_mount(struct loadparm_context *lp_ctx) struct smbcli_state *c; char *args[20]; int i, status; + struct smbcli_session_options session_options; if (realpath(mpoint, mount_point) == NULL) { fprintf(stderr, "Could not resolve mount point %s\n", mpoint); return; } + lp_smbcli_session_options(lp_ctx, &session_options); - c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx)); + c = do_connection(service, lp_unicode(lp_ctx), lp_cli_maxprotocol(lp_ctx), + session_options); if (!c) { fprintf(stderr,"SMB connection failed\n"); exit(1); diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 6fb9f130a9..3b1c3c5314 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -69,13 +69,11 @@ NTSTATUS smbcli_negprot(struct smbcli_state *cli, bool unicode, int maxprotocol) /* wrapper around smb_raw_sesssetup() */ NTSTATUS smbcli_session_setup(struct smbcli_state *cli, struct cli_credentials *credentials, - const char *workgroup) + const char *workgroup, + struct smbcli_session_options options) { struct smb_composite_sesssetup setup; NTSTATUS status; - struct smbcli_session_options options; - - lp_smbcli_session_options(global_loadparm, &options); cli->session = smbcli_session_init(cli->transport, cli, true, options); -- cgit From 40fa4c4154aa572f39fddf16b2fefbe370910360 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:50:46 -0700 Subject: we need to return NT_STATUS_INVALID_PARAMETER for bad levels in lsalookupnames2 --- source4/rpc_server/lsa/lsa_lookup.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 5f080e6da2..7bf7d849b7 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -862,6 +862,11 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(h, r->in.handle, LSA_HANDLE_POLICY); + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + state = h->data; r->out.domains = talloc_zero(mem_ctx, struct lsa_RefDomainList); -- cgit From 28482efa5ceebdea821b9368a2761e93ee2fff59 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:51:05 -0700 Subject: WSPP docs say we need to check that root_dir is NULL --- source4/rpc_server/lsa/lsa_init.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index e5e31c74f8..a95cb10f9f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,6 +199,12 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); + if (r->in.attr == NULL || + r->in.attr->root_dir != NULL) { + /* MS-LSAD 3.1.4.4.1 */ + return NT_STATUS_INVALID_PARAMETER; + } + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit From c951a881da60b51e06a5182c5ad9fb32482b0ab5 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 16:51:21 -0700 Subject: added new level for lsalookupnames2 --- source4/librpc/idl/lsa.idl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index 9a6e4a202c..eed713f71c 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -387,7 +387,8 @@ import "misc.idl", "security.idl"; LSA_LOOKUP_NAMES_PRIMARY_DOMAIN_ONLY = 3, LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY = 4, LSA_LOOKUP_NAMES_FOREST_TRUSTS_ONLY = 5, - LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6 + LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 = 6, + LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC = 7 } lsa_LookupNamesLevel; [public] NTSTATUS lsa_LookupNames ( -- cgit From 9de1472bd1848363dfce1644ce7b971486551ec3 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:58:06 +0200 Subject: Remove redundant call. --- source4/librpc/rpc/dcerpc_connect.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 318b8fe36d..7bdca2d986 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -137,7 +137,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT /* send smb connect request */ conn_req = smb_composite_connect_send(conn, s->io.pipe->conn, - lp_resolve_context(lp_ctx), + s->io.resolve_ctx, s->io.pipe->conn->event_ctx); if (composite_nomem(conn_req, c)) return c; -- cgit From 43d944e6d6b66cf67ee857a62a439296738d3a59 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 01:59:10 +0200 Subject: Remove global_loadparm instance. --- source4/libnet/libnet_site.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index bb65de1f54..5647a93b8d 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -56,7 +56,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(global_loadparm)); + cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx)); status = cldap_netlogon(cldap, tmp_ctx, &search); if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { /* -- cgit From 755ad80e2932f2114941adeb13f8879010484ff8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:07:14 +0200 Subject: Remove uses of global_loadparm. --- source4/torture/rpc/samlogon.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source4/torture/rpc/samlogon.c b/source4/torture/rpc/samlogon.c index 4fbffee41e..b7028e6609 100644 --- a/source4/torture/rpc/samlogon.c +++ b/source4/torture/rpc/samlogon.c @@ -53,7 +53,9 @@ struct samlogon_state { const char *comment; const char *account_name; const char *account_domain; + const char *netbios_name; const char *password; + const char *workgroup; struct dcerpc_pipe *p; int function_level; uint32_t parameter_control; @@ -593,7 +595,7 @@ static bool test_lmv2_ntlmv2_broken(struct samlogon_state *samlogon_state, DATA_BLOB lmv2_response = data_blob(NULL, 0); DATA_BLOB lmv2_session_key = data_blob(NULL, 0); DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, TEST_MACHINE_NAME, samlogon_state->workgroup); uint8_t lm_session_key[8]; uint8_t user_session_key[16]; @@ -741,7 +743,7 @@ static bool test_lmv2_ntlm_broken(struct samlogon_state *samlogon_state, DATA_BLOB lmv2_response = data_blob(NULL, 0); DATA_BLOB lmv2_session_key = data_blob(NULL, 0); DATA_BLOB ntlmv2_session_key = data_blob(NULL, 0); - DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, lp_netbios_name(global_loadparm), lp_workgroup(global_loadparm)); + DATA_BLOB names_blob = NTLMv2_generate_names_blob(samlogon_state->mem_ctx, samlogon_state->iconv_convenience, samlogon_state->netbios_name, samlogon_state->workgroup); DATA_BLOB ntlm_response = data_blob_talloc(samlogon_state->mem_ctx, NULL, 24); DATA_BLOB ntlm_session_key = data_blob_talloc(samlogon_state->mem_ctx, NULL, 16); @@ -1337,6 +1339,8 @@ static bool test_SamLogon(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, samlogon_state.account_name = account_name; samlogon_state.account_domain = account_domain; samlogon_state.password = plain_pass; + samlogon_state.workgroup = lp_workgroup(tctx->lp_ctx); + samlogon_state.netbios_name = lp_netbios_name(tctx->lp_ctx); samlogon_state.p = p; samlogon_state.creds = creds; samlogon_state.expected_error = expected_error; -- cgit From 4e8cb60222ea13295eaff477625164dfd61e288f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:11:55 +0200 Subject: Remove global_loadparm instance. --- source4/libcli/smb_composite/fsinfo.c | 10 ++++++---- source4/torture/raw/composite.c | 2 +- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index 270d71f518..cd6e98547b 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -127,7 +127,8 @@ static void fsinfo_composite_handler(struct composite_context *creq) composite fsinfo call - connects to a tree and queries a file system information */ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, - struct smb_composite_fsinfo *io) + struct smb_composite_fsinfo *io, + struct resolve_context *resolve_ctx) { struct composite_context *c; struct fsinfo_state *state; @@ -160,7 +161,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, c->private_data = state; state->creq = smb_composite_connect_send(state->connect, state, - lp_resolve_context(global_loadparm), c->event_ctx); + resolve_ctx, c->event_ctx); if (state->creq == NULL) goto failed; @@ -197,9 +198,10 @@ NTSTATUS smb_composite_fsinfo_recv(struct composite_context *c, TALLOC_CTX *mem_ */ NTSTATUS smb_composite_fsinfo(struct smbcli_tree *tree, TALLOC_CTX *mem_ctx, - struct smb_composite_fsinfo *io) + struct smb_composite_fsinfo *io, + struct resolve_context *resolve_ctx) { - struct composite_context *c = smb_composite_fsinfo_send(tree, io); + struct composite_context *c = smb_composite_fsinfo_send(tree, io, resolve_ctx); return smb_composite_fsinfo_recv(c, mem_ctx); } diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index d73ac1327e..a151854e59 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -358,7 +358,7 @@ static bool test_fsinfo(struct smbcli_state *cli, struct torture_context *tctx) c = talloc_array(tctx, struct composite_context *, torture_numops); for (i=0; itree,&io1); + c[i] = smb_composite_fsinfo_send(cli->tree, &io1, lp_resolve_context(tctx->lp_ctx)); c[i]->async.fn = loadfile_complete; c[i]->async.private_data = count; } -- cgit From cef80957c49c972e82a634724590b5fd5d6ca78f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:19:15 +0200 Subject: Remove global_loadparm instance, discard_const_p. --- source4/libnet/libnet_samdump_keytab.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/source4/libnet/libnet_samdump_keytab.c b/source4/libnet/libnet_samdump_keytab.c index 0c4d3e5c59..4b71b0c24d 100644 --- a/source4/libnet/libnet_samdump_keytab.c +++ b/source4/libnet/libnet_samdump_keytab.c @@ -68,6 +68,11 @@ static NTSTATUS samdump_keytab_handle_user(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +struct libnet_samdump_keytab_data { + const char *keytab_name; + struct loadparm_context *lp_ctx; +}; + static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, void *private, enum netr_SamDatabaseID database, @@ -75,8 +80,7 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, char **error_string) { NTSTATUS nt_status = NT_STATUS_OK; - const char *keytab_name = private; - + struct libnet_samdump_keytab_data *data = private; *error_string = NULL; switch (delta->delta_type) { case NETR_DELTA_USER: @@ -85,8 +89,8 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, if (database == SAM_DATABASE_DOMAIN) { nt_status = samdump_keytab_handle_user(mem_ctx, event_context_find(mem_ctx), - global_loadparm, - keytab_name, + data->lp_ctx, + data->keytab_name, delta); break; } @@ -101,14 +105,18 @@ static NTSTATUS libnet_samdump_keytab_fn(TALLOC_CTX *mem_ctx, NTSTATUS libnet_SamDump_keytab(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, struct libnet_SamDump_keytab *r) { NTSTATUS nt_status; + struct libnet_samdump_keytab_data data; struct libnet_SamSync r2; + data.keytab_name = r->in.keytab_name; + data.lp_ctx = ctx->lp_ctx; + r2.out.error_string = NULL; r2.in.binding_string = r->in.binding_string; r2.in.rid_crypt = true; r2.in.init_fn = NULL; r2.in.delta_fn = libnet_samdump_keytab_fn; - r2.in.fn_ctx = discard_const(r->in.keytab_name); + r2.in.fn_ctx = &data; r2.in.machine_account = r->in.machine_account; nt_status = libnet_SamSync_netlogon(ctx, mem_ctx, &r2); r->out.error_string = r2.out.error_string; -- cgit From 181ee01da67985f5db684500247d655ce72fe611 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 02:47:19 +0200 Subject: Pass session options around; saves another use of global_loadparm. --- source4/auth/ntlm/auth_server.c | 1 + source4/libcli/raw/clitree.c | 4 +++- source4/libcli/smb_composite/connect.c | 5 +---- source4/libcli/smb_composite/fetchfile.c | 1 + source4/libcli/smb_composite/fsinfo.c | 1 + source4/libcli/smb_composite/smb_composite.h | 2 ++ source4/librpc/rpc/dcerpc_connect.c | 1 + source4/ntvfs/cifs/vfs_cifs.c | 1 + source4/torture/basic/misc.c | 1 + source4/torture/raw/composite.c | 1 + source4/torture/raw/lockbench.c | 1 + source4/torture/raw/openbench.c | 1 + 12 files changed, 15 insertions(+), 5 deletions(-) diff --git a/source4/auth/ntlm/auth_server.c b/source4/auth/ntlm/auth_server.c index bb8773e75e..539ae6aa80 100644 --- a/source4/auth/ntlm/auth_server.c +++ b/source4/auth/ntlm/auth_server.c @@ -80,6 +80,7 @@ static NTSTATUS server_get_challenge(struct auth_method_context *ctx, TALLOC_CTX io.in.workgroup = ""; /* only used with SPNEGO, disabled above */ io.in.options = smb_options; + lp_smbcli_session_options(ctx->auth_ctx->lp_ctx, &io.in.session_options); status = smb_composite_connect(&io, mem_ctx, lp_resolve_context(ctx->auth_ctx->lp_ctx), ctx->auth_ctx->event_ctx); diff --git a/source4/libcli/raw/clitree.c b/source4/libcli/raw/clitree.c index 15cd70833c..4b5d2dc397 100644 --- a/source4/libcli/raw/clitree.c +++ b/source4/libcli/raw/clitree.c @@ -177,7 +177,8 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { struct smb_composite_connect io; NTSTATUS status; @@ -200,6 +201,7 @@ NTSTATUS smbcli_tree_full_connection(TALLOC_CTX *parent_ctx, * is complete -- abartlet 2008-04-28 */ io.in.workgroup = lp_workgroup(global_loadparm); io.in.options = *options; + io.in.session_options = *session_options; status = smb_composite_connect(&io, parent_ctx, resolve_ctx, ev); if (NT_STATUS_IS_OK(status)) { diff --git a/source4/libcli/smb_composite/connect.c b/source4/libcli/smb_composite/connect.c index 5f651f4865..a4137290bb 100644 --- a/source4/libcli/smb_composite/connect.c +++ b/source4/libcli/smb_composite/connect.c @@ -229,15 +229,12 @@ static NTSTATUS connect_negprot(struct composite_context *c, { struct connect_state *state = talloc_get_type(c->private_data, struct connect_state); NTSTATUS status; - struct smbcli_session_options options; - - lp_smbcli_session_options(global_loadparm, &options); status = smb_raw_negotiate_recv(state->req); NT_STATUS_NOT_OK_RETURN(status); /* next step is a session setup */ - state->session = smbcli_session_init(state->transport, state, true, options); + state->session = smbcli_session_init(state->transport, state, true, io->in.session_options); NT_STATUS_HAVE_NO_MEMORY(state->session); /* setup for a tconx (or at least have the structure ready to diff --git a/source4/libcli/smb_composite/fetchfile.c b/source4/libcli/smb_composite/fetchfile.c index 9cd02a51f4..ff4f0e7930 100644 --- a/source4/libcli/smb_composite/fetchfile.c +++ b/source4/libcli/smb_composite/fetchfile.c @@ -147,6 +147,7 @@ struct composite_context *smb_composite_fetchfile_send(struct smb_composite_fetc state->connect->in.workgroup = io->in.workgroup; state->connect->in.options = io->in.options; + state->connect->in.session_options = io->in.session_options; state->creq = smb_composite_connect_send(state->connect, state, io->in.resolve_ctx, event_ctx); diff --git a/source4/libcli/smb_composite/fsinfo.c b/source4/libcli/smb_composite/fsinfo.c index cd6e98547b..dc5327a29c 100644 --- a/source4/libcli/smb_composite/fsinfo.c +++ b/source4/libcli/smb_composite/fsinfo.c @@ -155,6 +155,7 @@ struct composite_context *smb_composite_fsinfo_send(struct smbcli_tree *tree, state->connect->in.workgroup = io->in.workgroup; state->connect->in.options = tree->session->transport->options; + state->connect->in.session_options = tree->session->options; c->state = COMPOSITE_STATE_IN_PROGRESS; state->stage = FSINFO_CONNECT; diff --git a/source4/libcli/smb_composite/smb_composite.h b/source4/libcli/smb_composite/smb_composite.h index 7f4b9d73e4..08ca40c833 100644 --- a/source4/libcli/smb_composite/smb_composite.h +++ b/source4/libcli/smb_composite/smb_composite.h @@ -57,6 +57,7 @@ struct smb_composite_fetchfile { const char *workgroup; const char *filename; struct smbcli_options options; + struct smbcli_session_options session_options; struct resolve_context *resolve_ctx; } in; struct { @@ -98,6 +99,7 @@ struct smb_composite_connect { bool fallback_to_anonymous; const char *workgroup; struct smbcli_options options; + struct smbcli_session_options session_options; } in; struct { struct smbcli_tree *tree; diff --git a/source4/librpc/rpc/dcerpc_connect.c b/source4/librpc/rpc/dcerpc_connect.c index 7bdca2d986..b117a98270 100644 --- a/source4/librpc/rpc/dcerpc_connect.c +++ b/source4/librpc/rpc/dcerpc_connect.c @@ -121,6 +121,7 @@ static struct composite_context *dcerpc_pipe_connect_ncacn_np_smb_send(TALLOC_CT conn->in.workgroup = lp_workgroup(lp_ctx); lp_smbcli_options(lp_ctx, &conn->in.options); + lp_smbcli_session_options(lp_ctx, &conn->in.session_options); /* * provide proper credentials - user supplied, but allow a diff --git a/source4/ntvfs/cifs/vfs_cifs.c b/source4/ntvfs/cifs/vfs_cifs.c index 844fa11cc5..9bc36a1762 100644 --- a/source4/ntvfs/cifs/vfs_cifs.c +++ b/source4/ntvfs/cifs/vfs_cifs.c @@ -206,6 +206,7 @@ static NTSTATUS cvfs_connect(struct ntvfs_module_context *ntvfs, io.in.service = remote_share; io.in.service_type = "?????"; lp_smbcli_options(ntvfs->ctx->lp_ctx, &io.in.options); + lp_smbcli_session_options(ntvfs->ctx->lp_ctx, &io.in.session_options); if (!(ntvfs->ctx->client_caps & NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS)) { io.in.options.use_level2_oplocks = false; diff --git a/source4/torture/basic/misc.c b/source4/torture/basic/misc.c index 24e0324bc3..c129fd586b 100644 --- a/source4/torture/basic/misc.c +++ b/source4/torture/basic/misc.c @@ -823,6 +823,7 @@ static struct composite_context *torture_connect_async( smb->in.fallback_to_anonymous=false; smb->in.workgroup=workgroup; lp_smbcli_options(tctx->lp_ctx, &smb->in.options); + lp_smbcli_session_options(tctx->lp_ctx, &smb->in.session_options); return smb_composite_connect_send(smb,mem_ctx, lp_resolve_context(tctx->lp_ctx),ev); diff --git a/source4/torture/raw/composite.c b/source4/torture/raw/composite.c index a151854e59..7f1f5943e1 100644 --- a/source4/torture/raw/composite.c +++ b/source4/torture/raw/composite.c @@ -164,6 +164,7 @@ static bool test_fetchfile(struct smbcli_state *cli, struct torture_context *tct io2.in.filename = fname; io2.in.resolve_ctx = lp_resolve_context(tctx->lp_ctx); lp_smbcli_options(tctx->lp_ctx, &io2.in.options); + lp_smbcli_session_options(tctx->lp_ctx, &io2.in.session_options); printf("testing parallel fetchfile with %d ops\n", torture_numops); diff --git a/source4/torture/raw/lockbench.c b/source4/torture/raw/lockbench.c index 21541d003b..26fad4235e 100644 --- a/source4/torture/raw/lockbench.c +++ b/source4/torture/raw/lockbench.c @@ -195,6 +195,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.fallback_to_anonymous = false; io->in.workgroup = lp_workgroup(state->tctx->lp_ctx); lp_smbcli_options(state->tctx->lp_ctx, &io->in.options); + lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options); /* kill off the remnants of the old connection */ talloc_free(state->tree); diff --git a/source4/torture/raw/openbench.c b/source4/torture/raw/openbench.c index 26b862c33f..ec94637445 100644 --- a/source4/torture/raw/openbench.c +++ b/source4/torture/raw/openbench.c @@ -137,6 +137,7 @@ static void reopen_connection(struct event_context *ev, struct timed_event *te, io->in.fallback_to_anonymous = false; io->in.workgroup = lp_workgroup(state->tctx->lp_ctx); lp_smbcli_options(state->tctx->lp_ctx, &io->in.options); + lp_smbcli_session_options(state->tctx->lp_ctx, &io->in.session_options); /* kill off the remnants of the old connection */ talloc_free(state->tree); -- cgit From 235b729309a17fa44fecf743db5fe6552f67f577 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 03:07:08 +0200 Subject: Cope with API changes. --- source4/client/cifsdd.c | 15 ++++++++++----- source4/client/cifsdd.h | 4 +++- source4/client/cifsddio.c | 17 +++++++++++------ source4/client/client.c | 9 ++++++--- source4/libcli/cliconnect.c | 6 ++++-- source4/torture/gentest.c | 5 ++++- source4/torture/locktest.c | 4 +++- source4/torture/locktest2.c | 19 ++++++++++++------- source4/torture/masktest.c | 9 ++++++--- source4/torture/raw/oplock.c | 5 +++-- source4/torture/raw/tconrate.c | 4 +++- source4/torture/rpc/join.c | 6 ++++-- source4/torture/rpc/samba3rpc.c | 18 ++++++++++++------ source4/torture/unix/unix_info2.c | 4 +++- source4/torture/unix/whoami.c | 4 +++- source4/torture/util_smb.c | 4 +++- 16 files changed, 90 insertions(+), 43 deletions(-) diff --git a/source4/client/cifsdd.c b/source4/client/cifsdd.c index 141b165ad4..5f07826d06 100644 --- a/source4/client/cifsdd.c +++ b/source4/client/cifsdd.c @@ -357,7 +357,8 @@ static void print_transfer_stats(void) static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, struct event_context *ev, const char * which, const char **ports, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { int options = 0; const char * path = NULL; @@ -379,13 +380,13 @@ static struct dd_iohandle * open_file(struct resolve_context *resolve_ctx, path = check_arg_pathname("if"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("ibs"), options, - smb_options); + smb_options, smb_session_options); } else if (strcmp(which, "of") == 0) { options |= DD_WRITE; path = check_arg_pathname("of"); handle = dd_open_path(resolve_ctx, ev, path, ports, check_arg_numeric("obs"), options, - smb_options); + smb_options, smb_session_options); } else { SMB_ASSERT(0); return(NULL); @@ -412,12 +413,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) struct dd_iohandle * ofile; struct smbcli_options options; + struct smbcli_session_options session_options; ibs = check_arg_numeric("ibs"); obs = check_arg_numeric("obs"); count = check_arg_numeric("count"); lp_smbcli_options(lp_ctx, &options); + lp_smbcli_session_options(lp_ctx, &session_options); /* Allocate IO buffer. We need more than the max IO size because we * could accumulate a remainder if ibs and obs don't match. @@ -436,12 +439,14 @@ static int copy_files(struct event_context *ev, struct loadparm_context *lp_ctx) (unsigned long long)iomax, options.max_xmit)); if (!(ifile = open_file(lp_resolve_context(lp_ctx), ev, "if", - lp_smb_ports(lp_ctx), &options))) { + lp_smb_ports(lp_ctx), &options, + &session_options))) { return(FILESYS_EXIT_CODE); } if (!(ofile = open_file(lp_resolve_context(lp_ctx), ev, "of", - lp_smb_ports(lp_ctx), &options))) { + lp_smb_ports(lp_ctx), &options, + &session_options))) { return(FILESYS_EXIT_CODE); } diff --git a/source4/client/cifsdd.h b/source4/client/cifsdd.h index 21a4ad4882..3195e4334f 100644 --- a/source4/client/cifsdd.h +++ b/source4/client/cifsdd.h @@ -89,6 +89,7 @@ struct dd_iohandle #define DD_OPLOCK 0x00000008 struct smbcli_options; +struct smbcli_session_options; struct event_context; struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, @@ -96,7 +97,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char * path, const char **ports, uint64_t io_size, int options, - struct smbcli_options *smb_options); + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options); bool dd_fill_block(struct dd_iohandle * h, uint8_t * buf, uint64_t * buf_size, uint64_t need_size, uint64_t block_size); bool dd_flush_block(struct dd_iohandle * h, uint8_t * buf, diff --git a/source4/client/cifsddio.c b/source4/client/cifsddio.c index 4297c30012..25194a621a 100644 --- a/source4/client/cifsddio.c +++ b/source4/client/cifsddio.c @@ -225,7 +225,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct const char * host, const char **ports, const char * share, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { NTSTATUS ret; struct smbcli_state * cli = NULL; @@ -236,7 +237,8 @@ static struct smbcli_state * init_smb_session(struct resolve_context *resolve_ct ret = smbcli_full_connection(NULL, &cli, host, ports, share, NULL /* devtype */, cmdline_credentials, resolve_ctx, - ev, options); + ev, options, + session_options); if (!NT_STATUS_IS_OK(ret)) { fprintf(stderr, "%s: connecting to //%s/%s: %s\n", @@ -302,7 +304,8 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx const char * path, uint64_t io_size, int options, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { struct cifs_handle * smbh; @@ -323,7 +326,7 @@ static struct dd_iohandle * open_cifs_handle(struct resolve_context *resolve_ctx smbh->h.io_seek = smb_seek_func; if ((smbh->cli = init_smb_session(resolve_ctx, ev, host, ports, share, - smb_options)) == NULL) { + smb_options, smb_session_options)) == NULL) { return(NULL); } @@ -344,7 +347,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, const char **ports, uint64_t io_size, int options, - struct smbcli_options *smb_options) + struct smbcli_options *smb_options, + struct smbcli_session_options *smb_session_options) { if (file_exist(path)) { return(open_fd_handle(path, io_size, options)); @@ -361,7 +365,8 @@ struct dd_iohandle * dd_open_path(struct resolve_context *resolve_ctx, return(open_cifs_handle(resolve_ctx, ev, host, ports, share, remain, - io_size, options, smb_options)); + io_size, options, smb_options, + smb_session_options)); } return(open_fd_handle(path, io_size, options)); diff --git a/source4/client/client.c b/source4/client/client.c index e05e195372..266bd67025 100644 --- a/source4/client/client.c +++ b/source4/client/client.c @@ -3032,7 +3032,8 @@ static bool do_connect(struct smbclient_context *ctx, const char *specified_server, const char **ports, const char *specified_share, struct cli_credentials *cred, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { NTSTATUS status; char *server, *share; @@ -3051,7 +3052,7 @@ static bool do_connect(struct smbclient_context *ctx, status = smbcli_full_connection(ctx, &ctx->cli, server, ports, share, NULL, cred, resolve_ctx, - ev_ctx, options); + ev_ctx, options, session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("Connection to \\\\%s\\%s failed - %s\n", server, share, nt_errstr(status)); @@ -3138,6 +3139,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, struct smbclient_context *ctx; const char *cmdstr = NULL; struct smbcli_options smb_options; + struct smbcli_session_options smb_session_options; struct poptOption long_options[] = { POPT_AUTOHELP @@ -3227,6 +3229,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, poptFreeContext(pc); lp_smbcli_options(cmdline_lp_ctx, &smb_options); + lp_smbcli_session_options(cmdline_lp_ctx, &smb_session_options); ev_ctx = s4_event_context_init(talloc_autofree_context()); @@ -3255,7 +3258,7 @@ static int do_message_op(const char *netbios_name, const char *desthost, if (!do_connect(ctx, ev_ctx, lp_resolve_context(cmdline_lp_ctx), desthost, lp_smb_ports(cmdline_lp_ctx), service, - cmdline_credentials, &smb_options)) + cmdline_credentials, &smb_options, &smb_session_options)) return 1; if (base_directory) diff --git a/source4/libcli/cliconnect.c b/source4/libcli/cliconnect.c index 3b1c3c5314..e42b04cdc5 100644 --- a/source4/libcli/cliconnect.c +++ b/source4/libcli/cliconnect.c @@ -146,7 +146,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, struct cli_credentials *credentials, struct resolve_context *resolve_ctx, struct event_context *ev, - struct smbcli_options *options) + struct smbcli_options *options, + struct smbcli_session_options *session_options) { struct smbcli_tree *tree; NTSTATUS status; @@ -157,7 +158,8 @@ NTSTATUS smbcli_full_connection(TALLOC_CTX *parent_ctx, &tree, host, ports, sharename, devtype, credentials, resolve_ctx, ev, - options); + options, + session_options); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c index fecdfda56e..3bf3ad8b1b 100644 --- a/source4/torture/gentest.c +++ b/source4/torture/gentest.c @@ -214,7 +214,9 @@ static bool connect_servers(struct event_context *ev, for (j=0;jlp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); options.use_level2_oplocks = false; @@ -188,7 +189,7 @@ static bool open_connection_no_level2_oplocks(struct torture_context *tctx, torture_setting_string(tctx, "share", NULL), NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; diff --git a/source4/torture/raw/tconrate.c b/source4/torture/raw/tconrate.c index 6f0ba0d617..66ef2ae2dd 100644 --- a/source4/torture/raw/tconrate.c +++ b/source4/torture/raw/tconrate.c @@ -69,8 +69,10 @@ static int fork_tcon_client(struct torture_context *tctx, struct timeval end; struct timeval now; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); child = fork(); if (child == -1) { @@ -100,7 +102,7 @@ static int fork_tcon_client(struct torture_context *tctx, host, lp_smb_ports(tctx->lp_ctx), share, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/rpc/join.c b/source4/torture/rpc/join.c index 77da32d572..ee0c05360f 100644 --- a/source4/torture/rpc/join.c +++ b/source4/torture/rpc/join.c @@ -19,6 +19,7 @@ bool torture_rpc_join(struct torture_context *torture) struct smbcli_state *cli; const char *host = torture_setting_string(torture, "host", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; /* Join domain as a member server. */ tj = torture_join_domain(torture, @@ -33,13 +34,14 @@ bool torture_rpc_join(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(tj, &cli, host, lp_smb_ports(torture->lp_ctx), "IPC$", NULL, machine_account, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); @@ -65,7 +67,7 @@ bool torture_rpc_join(struct torture_context *torture) "IPC$", NULL, machine_account, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("%s failed to connect to IPC$ with workstation credentials\n", TORTURE_NETBIOS_NAME)); diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index e030b972f8..260c1cc149 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -91,7 +91,7 @@ bool torture_bind_authcontext(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -290,6 +290,7 @@ bool torture_bind_samba3(struct torture_context *torture) bool ret = false; struct smbcli_state *cli; struct smbcli_options options; + struct smbcli_session_options session_options; mem_ctx = talloc_init("torture_bind_authcontext"); @@ -299,13 +300,14 @@ bool torture_bind_samba3(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1197,6 +1199,7 @@ bool torture_netlogon_samba3(struct torture_context *torture) const char *wks_name; int i; struct smbcli_options options; + struct smbcli_session_options session_options; wks_name = torture_setting_string(torture, "wksname", NULL); if (wks_name == NULL) { @@ -1216,13 +1219,14 @@ bool torture_netlogon_samba3(struct torture_context *torture) } lp_smbcli_options(torture->lp_ctx, &options); + lp_smbcli_session_options(torture->lp_ctx, &session_options); status = smbcli_full_connection(mem_ctx, &cli, torture_setting_string(torture, "host", NULL), lp_smb_ports(torture->lp_ctx), "IPC$", NULL, anon_creds, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1301,15 +1305,17 @@ static bool test_join3(struct torture_context *tctx, struct smbcli_state *cli; struct cli_credentials *wks_creds; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, torture_setting_string(tctx, "host", NULL), lp_smb_ports(tctx->lp_ctx), "IPC$", NULL, smb_creds, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("smbcli_full_connection failed: %s\n", nt_errstr(status)); @@ -1686,7 +1692,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, cmdline_credentials, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); @@ -1713,7 +1719,7 @@ bool torture_samba3_rpc_getusername(struct torture_context *torture) lp_smb_ports(torture->lp_ctx), "IPC$", NULL, anon_creds, lp_resolve_context(torture->lp_ctx), - torture->ev, &options); + torture->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { d_printf("(%s) anon smbcli_full_connection failed: %s\n", __location__, nt_errstr(status)); diff --git a/source4/torture/unix/unix_info2.c b/source4/torture/unix/unix_info2.c index d7482ddcf1..3bddde2a97 100644 --- a/source4/torture/unix/unix_info2.c +++ b/source4/torture/unix/unix_info2.c @@ -56,15 +56,17 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx) const char *host = torture_setting_string(tctx, "host", NULL); const char *share = torture_setting_string(tctx, "share", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), share, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/unix/whoami.c b/source4/torture/unix/whoami.c index 39d0a12ab1..d742e23e82 100644 --- a/source4/torture/unix/whoami.c +++ b/source4/torture/unix/whoami.c @@ -77,14 +77,16 @@ static struct smbcli_state *connect_to_server(struct torture_context *tctx, const char *host = torture_setting_string(tctx, "host", NULL); const char *share = torture_setting_string(tctx, "share", NULL); struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); status = smbcli_full_connection(tctx, &cli, host, lp_smb_ports(tctx->lp_ctx), share, NULL, creds, lp_resolve_context(tctx->lp_ctx), - tctx->ev, &options); + tctx->ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("failed to connect to //%s/%s: %s\n", diff --git a/source4/torture/util_smb.c b/source4/torture/util_smb.c index 938e7d6c03..32e4453aca 100644 --- a/source4/torture/util_smb.c +++ b/source4/torture/util_smb.c @@ -475,8 +475,10 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, NTSTATUS status; struct smbcli_options options; + struct smbcli_session_options session_options; lp_smbcli_options(tctx->lp_ctx, &options); + lp_smbcli_session_options(tctx->lp_ctx, &session_options); options.use_oplocks = torture_setting_bool(tctx, "use_oplocks", true); options.use_level2_oplocks = torture_setting_bool(tctx, "use_level2_oplocks", true); @@ -486,7 +488,7 @@ _PUBLIC_ bool torture_open_connection_share(TALLOC_CTX *mem_ctx, sharename, NULL, cmdline_credentials, lp_resolve_context(tctx->lp_ctx), - ev, &options); + ev, &options, &session_options); if (!NT_STATUS_IS_OK(status)) { printf("Failed to open connection - %s\n", nt_errstr(status)); return false; -- cgit From 2ba4a79210f35df526a72c740ada5de34d6f45f4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 03:20:46 +0200 Subject: Eliminate another global_loadparm. --- source4/smbd/process_model.h | 3 ++- source4/smbd/process_prefork.c | 2 +- source4/smbd/process_single.c | 2 +- source4/smbd/process_standard.c | 5 +++-- source4/smbd/process_thread.c | 2 +- source4/smbd/service_stream.c | 2 +- source4/smbd/service_task.c | 2 +- 7 files changed, 10 insertions(+), 8 deletions(-) diff --git a/source4/smbd/process_model.h b/source4/smbd/process_model.h index a9b33a4725..6afb66ff20 100644 --- a/source4/smbd/process_model.h +++ b/source4/smbd/process_model.h @@ -63,7 +63,8 @@ struct model_ops { void *); /* function to terminate a connection or task */ - void (*terminate)(struct event_context *, const char *reason); + void (*terminate)(struct event_context *, struct loadparm_context *lp_ctx, + const char *reason); /* function to set a title for the connection or task */ void (*set_title)(struct event_context *, const char *title); diff --git a/source4/smbd/process_prefork.c b/source4/smbd/process_prefork.c index 0d17e5301d..1b369613ff 100644 --- a/source4/smbd/process_prefork.c +++ b/source4/smbd/process_prefork.c @@ -189,7 +189,7 @@ static void prefork_new_task(struct event_context *ev, /* called when a task goes down */ -_NORETURN_ static void prefork_terminate(struct event_context *ev, const char *reason) +_NORETURN_ static void prefork_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(2,("prefork_terminate: reason[%s]\n",reason)); } diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c index a7a27ef9e0..26afff9930 100644 --- a/source4/smbd/process_single.c +++ b/source4/smbd/process_single.c @@ -95,7 +95,7 @@ static void single_new_task(struct event_context *ev, /* called when a task goes down */ -static void single_terminate(struct event_context *ev, const char *reason) +static void single_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(2,("single_terminate: reason[%s]\n",reason)); } diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index c8f90209b6..0a864dabb2 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -196,13 +196,14 @@ static void standard_new_task(struct event_context *ev, /* called when a task goes down */ -_NORETURN_ static void standard_terminate(struct event_context *ev, const char *reason) +_NORETURN_ static void standard_terminate(struct event_context *ev, struct loadparm_context *lp_ctx, + const char *reason) { DEBUG(2,("standard_terminate: reason[%s]\n",reason)); /* this reload_charcnv() has the effect of freeing the iconv context memory, which makes leak checking easier */ - reload_charcnv(global_loadparm); + reload_charcnv(lp_ctx); talloc_free(ev); diff --git a/source4/smbd/process_thread.c b/source4/smbd/process_thread.c index 540d956420..597cf587f1 100644 --- a/source4/smbd/process_thread.c +++ b/source4/smbd/process_thread.c @@ -188,7 +188,7 @@ static void thread_new_task(struct event_context *ev, } /* called when a task goes down */ -static void thread_terminate(struct event_context *event_ctx, const char *reason) +static void thread_terminate(struct event_context *event_ctx, struct loadparm_context *lp_ctx, const char *reason) { DEBUG(10,("thread_terminate: reason[%s]\n",reason)); diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 48eda46dc7..1240382944 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -79,7 +79,7 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char talloc_free(srv_conn->event.fde); srv_conn->event.fde = NULL; talloc_free(srv_conn); - model_ops->terminate(event_ctx, reason); + model_ops->terminate(event_ctx, srv_conn->lp_ctx, reason); } /** diff --git a/source4/smbd/service_task.c b/source4/smbd/service_task.c index 2274685059..9a2903e281 100644 --- a/source4/smbd/service_task.c +++ b/source4/smbd/service_task.c @@ -35,7 +35,7 @@ void task_server_terminate(struct task_server *task, const char *reason) struct event_context *event_ctx = task->event_ctx; const struct model_ops *model_ops = task->model_ops; DEBUG(0,("task_server_terminate: [%s]\n", reason)); - model_ops->terminate(event_ctx, reason); + model_ops->terminate(event_ctx, task->lp_ctx, reason); /* don't free this above, it might contain the 'reason' being printed */ talloc_free(task); -- cgit From 5bbd73c0ff64ec5da337d327d4f6ed1de2132ed4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:01:47 +0200 Subject: Remove two more uses of global loadparm by remember required details for secondary DCE/RPC connections. --- source4/librpc/rpc/dcerpc_secondary.c | 7 +++--- source4/librpc/rpc/dcerpc_sock.c | 40 +++++++++++++++++++++++------------ 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/source4/librpc/rpc/dcerpc_secondary.c b/source4/librpc/rpc/dcerpc_secondary.c index abc67ad38b..b4d5d05b61 100644 --- a/source4/librpc/rpc/dcerpc_secondary.c +++ b/source4/librpc/rpc/dcerpc_secondary.c @@ -95,13 +95,14 @@ _PUBLIC_ struct composite_context* dcerpc_secondary_connection_send(struct dcerp s->binding->host, s->binding->target_hostname, atoi(s->binding->endpoint), - lp_resolve_context(global_loadparm)); + dcerpc_resolve_ctx(s->pipe->conn)); composite_continue(c, pipe_tcp_req, continue_open_tcp, c); return c; case NCALRPC: - pipe_ncalrpc_req = dcerpc_pipe_open_pipe_send(s->pipe2->conn, lp_ncalrpc_dir(global_loadparm), - s->binding->endpoint); + case NCACN_UNIX_STREAM: + pipe_ncalrpc_req = dcerpc_pipe_open_unix_stream_send(s->pipe2->conn, + dcerpc_unix_socket_path(s->pipe->conn)); composite_continue(c, pipe_ncalrpc_req, continue_open_pipe, c); return c; diff --git a/source4/librpc/rpc/dcerpc_sock.c b/source4/librpc/rpc/dcerpc_sock.c index 7480beae33..1e2b4cde48 100644 --- a/source4/librpc/rpc/dcerpc_sock.c +++ b/source4/librpc/rpc/dcerpc_sock.c @@ -39,6 +39,9 @@ struct sock_private { struct packet_context *packet; uint32_t pending_reads; + + struct resolve_context *resolve_ctx; + const char *path; /* For ncacn_unix_sock and ncalrpc */ }; @@ -307,6 +310,7 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct struct resolve_context *resolve_context, struct socket_address *server, const char *target_hostname, + const char *full_path, enum dcerpc_transport_t transport) { struct composite_context *c; @@ -334,6 +338,9 @@ static struct composite_context *dcerpc_pipe_open_socket_send(TALLOC_CTX *mem_ct talloc_steal(s->sock, s->socket_ctx); + s->sock->resolve_ctx = resolve_context; + s->sock->path = talloc_reference(s->sock, full_path); + conn_req = socket_connect_send(s->socket_ctx, NULL, s->server, 0, resolve_context, c->event_ctx); @@ -386,6 +393,7 @@ static void continue_ip_resolve_name(struct composite_context *ctx) sock_ipv4_req = dcerpc_pipe_open_socket_send(c, s->conn, s->resolve_ctx, s->srvaddr, s->target_hostname, + NULL, NCACN_IP_TCP); composite_continue(c, sock_ipv4_req, continue_ipv4_open_socket, c); } @@ -561,6 +569,7 @@ struct composite_context *dcerpc_pipe_open_unix_stream_send(struct dcerpc_connec sock_unix_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, + s->path, NCALRPC); composite_continue(c, sock_unix_req, continue_unix_open_socket, c); return c; @@ -579,13 +588,6 @@ NTSTATUS dcerpc_pipe_open_unix_stream_recv(struct composite_context *c) } -struct pipe_np_state { - char *full_path; - struct socket_address *srvaddr; - struct dcerpc_connection *conn; -}; - - /* Stage 2 of dcerpc_pipe_open_pipe_send: receive socket open request */ @@ -612,13 +614,13 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c struct composite_context *c; struct composite_context *sock_np_req; - struct pipe_np_state *s; + struct pipe_unix_state *s; /* composite context allocation and setup */ c = composite_create(conn, conn->event_ctx); if (c == NULL) return NULL; - s = talloc_zero(c, struct pipe_np_state); + s = talloc_zero(c, struct pipe_unix_state); if (composite_nomem(s, c)) return c; c->private_data = s; @@ -628,15 +630,15 @@ struct composite_context* dcerpc_pipe_open_pipe_send(struct dcerpc_connection *c s->conn = conn; string_replace(canon, '/', '\\'); - s->full_path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon); - if (composite_nomem(s->full_path, c)) return c; + s->path = talloc_asprintf(canon, "%s/%s", ncalrpc_dir, canon); + if (composite_nomem(s->path, c)) return c; /* prepare server address using path and transport name */ - s->srvaddr = socket_address_from_strings(conn, "unix", s->full_path, 0); + s->srvaddr = socket_address_from_strings(conn, "unix", s->path, 0); if (composite_nomem(s->srvaddr, c)) return c; /* send socket open request */ - sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, NCALRPC); + sock_np_req = dcerpc_pipe_open_socket_send(c, s->conn, NULL, s->srvaddr, NULL, s->path, NCALRPC); composite_continue(c, sock_np_req, continue_np_open_socket, c); return c; } @@ -662,3 +664,15 @@ NTSTATUS dcerpc_pipe_open_pipe(struct dcerpc_connection *conn, const char *ncalr struct composite_context *c = dcerpc_pipe_open_pipe_send(conn, ncalrpc_dir, identifier); return dcerpc_pipe_open_pipe_recv(c); } + +const char *dcerpc_unix_socket_path(struct dcerpc_connection *p) +{ + struct sock_private *sock = (struct sock_private *)p->transport.private_data; + return sock->path; +} + +struct resolve_context *dcerpc_resolve_ctx(struct dcerpc_connection *p) +{ + struct sock_private *sock = (struct sock_private *)p->transport.private_data; + return sock->resolve_ctx; +} -- cgit From 4a1dabd8361c8480261d89b4ea39236ff0431897 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:22:24 +0200 Subject: wmi: Use cli_credentials. --- source4/lib/wmi/wmi.h | 2 +- source4/lib/wmi/wmicore.c | 14 +------------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/source4/lib/wmi/wmi.h b/source4/lib/wmi/wmi.h index 32543a8ca7..46c9b70cdb 100644 --- a/source4/lib/wmi/wmi.h +++ b/source4/lib/wmi/wmi.h @@ -27,7 +27,7 @@ /** FIXME: Use credentials struct rather than user/password here */ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const char *nspace, - const char *user, const char *password, + struct cli_credentials *credentials, const char *locale, uint32_t flags, const char *authority, struct IWbemContext* wbem_ctx, struct IWbemServices** services); const char *wmi_errstr(WERROR werror); diff --git a/source4/lib/wmi/wmicore.c b/source4/lib/wmi/wmicore.c index 49c1e03312..3ac6c89292 100644 --- a/source4/lib/wmi/wmicore.c +++ b/source4/lib/wmi/wmicore.c @@ -51,7 +51,7 @@ void wmi_init(struct com_context **ctx, struct cli_credentials *credentials) /** FIXME: Use credentials struct rather than user/password here */ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uint16_t *nspace, - const char *user, const char *password, + struct cli_credentials *credentials, const char *locale, uint32_t flags, const char *authority, struct IWbemContext* wbem_ctx, struct IWbemServices** services) { @@ -61,18 +61,6 @@ WERROR WBEM_ConnectServer(struct com_context *ctx, const char *server, const uin struct IUnknown **mqi; struct IWbemLevel1Login *pL; - if (user) { - char *cred; - struct cli_credentials *cc; - - cred = talloc_asprintf(NULL, "%s%%%s", user, password); - cc = cli_credentials_init(cred); - cli_credentials_set_conf(cc, global_loadparm); - cli_credentials_parse_string(cc, cred, CRED_SPECIFIED); - dcom_add_server_credentials(ctx, server, cc); - talloc_free(cred); - } - GUID_from_string(CLSID_WBEMLEVEL1LOGIN, &clsid); GUID_from_string(COM_IWBEMLEVEL1LOGIN_UUID, &iid); result = dcom_create_object(ctx, &clsid, server, 1, &iid, &mqi, &coresult); -- cgit From 2400b1fea2a07ad3972ee8133e37eaf2f91499d0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 04:22:54 +0200 Subject: Fix segfault. --- source4/smbd/service_stream.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 1240382944..ce5b6519a1 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -78,8 +78,8 @@ void stream_terminate_connection(struct stream_connection *srv_conn, const char talloc_free(srv_conn->event.fde); srv_conn->event.fde = NULL; - talloc_free(srv_conn); model_ops->terminate(event_ctx, srv_conn->lp_ctx, reason); + talloc_free(srv_conn); } /** -- cgit From 454122ab091715edf02c26e0a408141c7374b693 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 06:05:05 +0200 Subject: make sure dcerpc is always initialized. --- pidl/lib/Parse/Pidl/Samba4/Python.pm | 10 ++++++++++ source4/librpc/rpc/dcerpc.c | 4 +--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 74cec5a827..fc64c35fca 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -1173,6 +1173,7 @@ sub Parse($$$$$) $self->pidl("{"); $self->indent; $self->pidl("PyObject *m;"); + $self->pidl("NTSTATUS status;"); $self->pidl(""); foreach (@{$self->{ready_types}}) { @@ -1208,6 +1209,15 @@ sub Parse($$$$$) $self->pidl("PyModule_AddObject(m, \"$object_name\", $c_name);"); } + $self->pidl(""); + $self->pidl("status = dcerpc_init();"); + $self->pidl("if (!NT_STATUS_IS_OK(status)) {"); + $self->indent; + $self->pidl("PyErr_SetNTSTATUS(status);"); + $self->pidl("return;"); + $self->deindent; + $self->pidl("}"); + $self->deindent; $self->pidl("}"); return ($self->{res_hdr}, $self->{res}); diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 5bbcc5e91c..5cee9f27ad 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -33,9 +33,7 @@ _PUBLIC_ NTSTATUS dcerpc_init(void) { - gensec_init(global_loadparm); - - return NT_STATUS_OK; + return gensec_init(global_loadparm); } static void dcerpc_connection_dead(struct dcerpc_connection *conn, NTSTATUS status); -- cgit From 43aaa78fe6f032d8d79b558ea931e7e8240f6f9d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 06:05:46 +0200 Subject: Update .gitignore for new pidl location. --- .gitignore | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b87f786678..e585504ce5 100644 --- a/.gitignore +++ b/.gitignore @@ -252,10 +252,10 @@ source4/param/proto.h source4/param/secrets_proto.h source4/param/share_proto.h source4/passdb/proto.h -source4/pidl/blib -source4/pidl/cover_db -source4/pidl/Makefile -source4/pidl/pm_to_blib +pidl/blib +pidl/cover_db +pidl/Makefile +pidl/pm_to_blib source4/rpc_server/common/proto.h source4/rpc_server/dcerpc_server_proto.h source4/rpc_server/lsa/proto.h -- cgit From ac5e69a999c4dcd337c5b8467aba3018df50126b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 06:10:32 +0200 Subject: dcesrv: Remove use of global_loadparm. --- source4/rpc_server/service_rpc.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index b68cec4c7d..2ef8591c32 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -436,6 +436,25 @@ static void dcesrv_task_init(struct task_server *task) NTSTATUS status; struct dcesrv_context *dce_ctx; struct dcesrv_endpoint *e; + extern NTSTATUS dcerpc_server_wkssvc_init(void); + extern NTSTATUS dcerpc_server_drsuapi_init(void); + extern NTSTATUS dcerpc_server_winreg_init(void); + extern NTSTATUS dcerpc_server_spoolss_init(void); + extern NTSTATUS dcerpc_server_epmapper_init(void); + extern NTSTATUS dcerpc_server_srvsvc_init(void); + extern NTSTATUS dcerpc_server_netlogon_init(void); + extern NTSTATUS dcerpc_server_rpcecho_init(void); + extern NTSTATUS dcerpc_server_unixinfo_init(void); + extern NTSTATUS dcerpc_server_samr_init(void); + extern NTSTATUS dcerpc_server_remote_init(void); + extern NTSTATUS dcerpc_server_lsa_init(void); + init_module_fn static_init[] = { STATIC_DCESRV_MODULES }; + init_module_fn *shared_init = load_samba_modules(NULL, task->lp_ctx, "dcerpc_server"); + + run_init_functions(static_init); + run_init_functions(shared_init); + + talloc_free(shared_init); task_server_set_title(task, "task[dcesrv]"); @@ -462,25 +481,6 @@ failed: NTSTATUS server_service_rpc_init(void) { - extern NTSTATUS dcerpc_server_wkssvc_init(void); - extern NTSTATUS dcerpc_server_drsuapi_init(void); - extern NTSTATUS dcerpc_server_winreg_init(void); - extern NTSTATUS dcerpc_server_spoolss_init(void); - extern NTSTATUS dcerpc_server_epmapper_init(void); - extern NTSTATUS dcerpc_server_srvsvc_init(void); - extern NTSTATUS dcerpc_server_netlogon_init(void); - extern NTSTATUS dcerpc_server_rpcecho_init(void); - extern NTSTATUS dcerpc_server_unixinfo_init(void); - extern NTSTATUS dcerpc_server_samr_init(void); - extern NTSTATUS dcerpc_server_remote_init(void); - extern NTSTATUS dcerpc_server_lsa_init(void); - init_module_fn static_init[] = { STATIC_DCESRV_MODULES }; - init_module_fn *shared_init = load_samba_modules(NULL, global_loadparm, "dcerpc_server"); - run_init_functions(static_init); - run_init_functions(shared_init); - - talloc_free(shared_init); - return register_server_service("rpc", dcesrv_task_init); } -- cgit From 3ff298c37be5daa015006fe5cede3980b26e570e Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:43:32 +0200 Subject: s4:selftest: add "smb.signing" to anon signing tests metze --- source4/selftest/samba4_tests.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 667b21975f..af8c3e94c1 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -328,9 +328,9 @@ for mech in \ name="smb.signing on with $signoptions" plantest "$name local-creds" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp $signoptions -U"\$NETBIOSNAME/\$USERNAME"%"\$PASSWORD" BASE-XCOPY "$*" done -plantest "--signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" -plantest "--signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" -plantest "--signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=yes anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=yes -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=required anon" dc $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=required -U% BASE-XCOPY "$*" +plantest "smb.signing --signing=no anon" member $VALGRIND $smb4torture //"\$NETBIOSNAME"/tmp -k no --signing=no -U% BASE-XCOPY "$*" NBT_TESTS=`$smb4torture --list | grep "^NBT-" | xargs` -- cgit From abe0af4ab417086d413f02cadf7315a8f801a0f8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 04:59:24 +0200 Subject: dcerpc.idl: add DCERPC_PFC_OFFSET metze --- source4/librpc/idl/dcerpc.idl | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/librpc/idl/dcerpc.idl b/source4/librpc/idl/dcerpc.idl index 1c6574b11b..a78329d990 100644 --- a/source4/librpc/idl/dcerpc.idl +++ b/source4/librpc/idl/dcerpc.idl @@ -261,6 +261,7 @@ interface dcerpc const uint8 DCERPC_PFC_FLAG_OBJECT_UUID = 0x80; /* on valid guid is in the optional object field */ /* these offsets are needed by the signing code */ + const uint8 DCERPC_PFC_OFFSET = 3; const uint8 DCERPC_DREP_OFFSET = 4; const uint8 DCERPC_FRAG_LEN_OFFSET = 8; const uint8 DCERPC_AUTH_LEN_OFFSET = 10; -- cgit From eb1de4f0ed149dd2b348d756f091809d934309a1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 04:59:56 +0200 Subject: s4:librpc/rpc: correctly sign or seal rpc request with an object guid metze --- source4/librpc/rpc/dcerpc.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/librpc/rpc/dcerpc.c b/source4/librpc/rpc/dcerpc.c index 5bbcc5e91c..c1e3e26ee9 100644 --- a/source4/librpc/rpc/dcerpc.c +++ b/source4/librpc/rpc/dcerpc.c @@ -334,6 +334,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, DATA_BLOB creds2; size_t payload_length; enum ndr_err_code ndr_err; + size_t hdr_size = DCERPC_REQUEST_LENGTH; /* non-signed packets are simpler */ if (sig_size == 0) { @@ -367,6 +368,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + hdr_size += 16; } ndr_err = ndr_push_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, pkt); @@ -415,7 +417,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, case DCERPC_AUTH_LEVEL_PRIVACY: status = gensec_seal_packet(c->security_state.generic_state, mem_ctx, - blob->data + DCERPC_REQUEST_LENGTH, + blob->data + hdr_size, payload_length, blob->data, blob->length, @@ -428,7 +430,7 @@ static NTSTATUS ncacn_push_request_sign(struct dcerpc_connection *c, case DCERPC_AUTH_LEVEL_INTEGRITY: status = gensec_sign_packet(c->security_state.generic_state, mem_ctx, - blob->data + DCERPC_REQUEST_LENGTH, + blob->data + hdr_size, payload_length, blob->data, blob->length, -- cgit From 844b331d257b02c073cc0dc4a6e229e6b9645949 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 05:01:19 +0200 Subject: s4:rpc_server: correctly handle dcerpc requests with object uuids metze --- source4/rpc_server/dcerpc_server.c | 8 ++++---- source4/rpc_server/dcesrv_auth.c | 10 ++++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index e5f59d0cf9..893055d3b1 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -870,10 +870,6 @@ static NTSTATUS dcesrv_request(struct dcesrv_call_state *call) call->context = context; call->ndr_pull = pull; - if (call->pkt.pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { - pull->flags |= LIBNDR_FLAG_OBJECT_PRESENT; - } - if (!(call->pkt.drep[0] & DCERPC_DREP_LE)) { pull->flags |= LIBNDR_FLAG_BIGENDIAN; } @@ -1112,6 +1108,10 @@ NTSTATUS dcesrv_input_process(struct dcesrv_connection *dce_conn) ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } + if (CVAL(blob.data, DCERPC_PFC_OFFSET) & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + } + ndr_err = ndr_pull_ncacn_packet(ndr, NDR_SCALARS|NDR_BUFFERS, &call->pkt); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(dce_conn->partial_input.data); diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 16bf4eb7ed..52d5631cfd 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -287,6 +287,7 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) struct ndr_pull *ndr; NTSTATUS status; enum ndr_err_code ndr_err; + size_t hdr_size = DCERPC_REQUEST_LENGTH; if (!dce_conn->auth_state.auth_info || !dce_conn->auth_state.gensec_security) { @@ -335,6 +336,11 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) ndr->flags |= LIBNDR_FLAG_BIGENDIAN; } + if (pkt->pfc_flags & DCERPC_PFC_FLAG_OBJECT_UUID) { + ndr->flags |= LIBNDR_FLAG_OBJECT_PRESENT; + hdr_size += 16; + } + ndr_err = ndr_pull_dcerpc_auth(ndr, NDR_SCALARS|NDR_BUFFERS, &auth); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { talloc_free(ndr); @@ -346,13 +352,13 @@ bool dcesrv_auth_request(struct dcesrv_call_state *call, DATA_BLOB *full_packet) case DCERPC_AUTH_LEVEL_PRIVACY: status = gensec_unseal_packet(dce_conn->auth_state.gensec_security, call, - full_packet->data + DCERPC_REQUEST_LENGTH, + full_packet->data + hdr_size, pkt->u.request.stub_and_verifier.length, full_packet->data, full_packet->length-auth.credentials.length, &auth.credentials); memcpy(pkt->u.request.stub_and_verifier.data, - full_packet->data + DCERPC_REQUEST_LENGTH, + full_packet->data + hdr_size, pkt->u.request.stub_and_verifier.length); break; -- cgit From 40e7769959e29eccf1f0f14142828c9d0b7880b6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:40:15 +0200 Subject: s4:torture/rpc: add RPC-OBJECTUUID This test shows that object uuids should be ignored if they're present in a dcerpc request. metze --- source4/torture/config.mk | 2 +- source4/torture/rpc/object_uuid.c | 87 +++++++++++++++++++++++++++++++++++++++ source4/torture/rpc/rpc.c | 1 + 3 files changed, 89 insertions(+), 1 deletion(-) create mode 100644 source4/torture/rpc/object_uuid.c diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 96da10b5df..211d09756d 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -116,7 +116,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ - handles.o frsapi.o) + handles.o frsapi.o object_uuid.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/rpc/object_uuid.c b/source4/torture/rpc/object_uuid.c new file mode 100644 index 0000000000..5a77bd1c29 --- /dev/null +++ b/source4/torture/rpc/object_uuid.c @@ -0,0 +1,87 @@ +/* + Unix SMB/CIFS implementation. + + test suite for behaviour of object uuids in rpc requests + + Copyright (C) Stefan Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "torture/torture.h" +#include "librpc/gen_ndr/ndr_dssetup.h" +#include "librpc/gen_ndr/ndr_dssetup_c.h" +#include "librpc/gen_ndr/ndr_lsa.h" +#include "librpc/gen_ndr/ndr_lsa_c.h" +#include "torture/rpc/rpc.h" + +/* + this tests the send object uuids in the dcerpc request +*/ + +static bool test_random_uuid(struct torture_context *torture) +{ + NTSTATUS status; + struct dcerpc_pipe *p1, *p2; + struct rpc_request *req; + struct GUID uuid; + struct dssetup_DsRoleGetPrimaryDomainInformation r1; + struct lsa_GetUserName r2; + struct lsa_StringPointer authority_name_p; + + torture_comment(torture, "RPC-OBJECTUUID-RANDOM\n"); + + status = torture_rpc_connection(torture, &p1, &ndr_table_dssetup); + torture_assert_ntstatus_ok(torture, status, "opening dsetup pipe1"); + + status = torture_rpc_connection(torture, &p2, &ndr_table_lsarpc); + torture_assert_ntstatus_ok(torture, status, "opening lsa pipe1"); + + uuid = GUID_random(); + + r1.in.level = DS_ROLE_BASIC_INFORMATION; + req = dcerpc_ndr_request_send(p1, &uuid, + &ndr_table_dssetup, + NDR_DSSETUP_DSROLEGETPRIMARYDOMAININFORMATION, + torture, &r1); + status = dcerpc_ndr_request_recv(req); + torture_assert_ntstatus_ok(torture, status, "DsRoleGetPrimaryDomainInformation failed"); + torture_assert_werr_ok(torture, r1.out.result, "DsRoleGetPrimaryDomainInformation failed"); + + uuid = GUID_random(); + + r2.in.system_name = "\\"; + r2.in.account_name = NULL; + r2.in.authority_name = &authority_name_p; + authority_name_p.string = NULL; + + req = dcerpc_ndr_request_send(p2, &uuid, + &ndr_table_lsarpc, + NDR_LSA_GETUSERNAME, + torture, &r2); + status = dcerpc_ndr_request_recv(req); + torture_assert_ntstatus_ok(torture, status, "lsaClose failed"); + torture_assert_ntstatus_ok(torture, r2.out.result, "lsaClose failed"); + + return true; +} + +struct torture_suite *torture_rpc_object_uuid(TALLOC_CTX *mem_ctx) +{ + struct torture_suite *suite; + suite = torture_suite_create(mem_ctx, "OBJECTUUID"); + torture_suite_add_simple_test(suite, "random-uuid", test_random_uuid); + return suite; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 85f7bde16c..c35f93e3f9 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -387,6 +387,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_suite(suite, torture_rpc_atsvc(suite)); torture_suite_add_suite(suite, torture_rpc_wkssvc(suite)); torture_suite_add_suite(suite, torture_rpc_handles(suite)); + torture_suite_add_suite(suite, torture_rpc_object_uuid(suite)); torture_suite_add_suite(suite, torture_rpc_winreg(suite)); torture_suite_add_simple_test(suite, "SPOOLSS", torture_rpc_spoolss); torture_suite_add_suite(suite, torture_rpc_spoolss_notify(suite)); -- cgit From 45645426c2ae541fc2c3a112cde5a7f1d857938b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 06:42:53 +0200 Subject: s4:selftest: make sure we test RPC-OBJECTUUID with seal metze --- source4/selftest/samba4_tests.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index af8c3e94c1..bfe386af69 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -91,7 +91,7 @@ plantest "ldb" none TEST_DATA_PREFIX=\$PREFIX $LDBDIR/tests/test-tdb.sh # that they stay passing ncacn_np_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-SAMSYNC RPC-SAMBA3SESSIONKEY RPC-SAMBA3-GETUSERNAME RPC-SAMBA3-LSA RPC-BINDSAMBA3 RPC-NETLOGSAMBA3 RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" ncalrpc_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-DRSUAPI RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" -ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT" +ncacn_ip_tcp_tests="RPC-SCHANNEL RPC-JOIN RPC-LSA RPC-DSSETUP RPC-ALTERCONTEXT RPC-MULTIBIND RPC-NETLOGON RPC-HANDLES RPC-DSSYNC RPC-ASYNCBIND RPC-LSALOOKUP RPC-LSA-GETUSER RPC-SCHANNEL2 RPC-AUTHCONTEXT RPC-OBJECTUUID" slow_ncacn_np_tests="RPC-SAMLOGON RPC-SAMR RPC-SAMR-USERS RPC-SAMR-PASSWORDS" slow_ncalrpc_tests="RPC-SAMR RPC-SAMR-PASSWORDS" slow_ncacn_ip_tcp_tests="RPC-SAMR RPC-SAMR-PASSWORDS RPC-CRACKNAMES" -- cgit From 8104968004a3a7fcfe4febb9918ecbf37ba948ac Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 21:59:04 -0700 Subject: return a more useful error message when no name resolution methods are available --- source4/libcli/resolve/resolve.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c index d89b50e430..2b14591d68 100644 --- a/source4/libcli/resolve/resolve.c +++ b/source4/libcli/resolve/resolve.c @@ -165,6 +165,10 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, } state->method = ctx->methods; + if (state->method == NULL) { + composite_error(c, NT_STATUS_HOST_UNREACHABLE); + return c; + } state->creq = setup_next_method(c); if (composite_nomem(state->creq, c)) return c; -- cgit From d87e9ba56b00962be6b797464e77619bc6f0ba2c Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Mon, 29 Sep 2008 21:59:50 -0700 Subject: setup the loadparm context for ldb in testjoin --- source4/torture/rpc/testjoin.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 21542e9b16..3408a1924c 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -472,6 +472,7 @@ static NTSTATUS torture_leave_ads_domain(struct torture_context *torture, } ldb_set_opaque(ldb_ctx, "credentials", cmdline_credentials); + ldb_set_opaque(ldb_ctx, "loadparm", cmdline_lp_ctx); rtn = ldb_connect(ldb_ctx, remote_ldb_url, 0, NULL); if (rtn != 0) { -- cgit From 8dd35fabbb4732cf601a93abbe0373fd53e661a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 11:20:45 -0700 Subject: NetApp found that we never set the smb signing flags2. This was found during testing at the CIFS plugfest. No other client seems to honour or use this bit, but it is quite ligitimately required by the spec. Andrew Bartlett --- source4/smb_server/smb/request.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index c7fa2d7d8a..eb3e100b96 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -140,6 +140,10 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen) flags2 |= FLAGS2_32_BIT_ERROR_CODES; } + if (req->smb_conn->signing.allow_smb_signing || req->smb_conn->signing.mandatory_signing) { + flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; + } + req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.vwv = req->out.hdr + HDR_VWV; req->out.wct = wct; -- cgit From 6ad78f01a5982666c83025a94ce4ff3729d5db6f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:10 -0700 Subject: Rename hdb_ldb to hdb_samba4 and load as a plugin into the kdc. This avoids one more custom patch to the Heimdal code, and provides a more standard way to produce hdb plugins in future. I've renamed from hdb_ldb to hdb_samba4 as it really is not generic ldb. Andrew Bartlett --- source4/heimdal/lib/hdb/hdb.c | 42 +- source4/heimdal/lib/hdb/hdb.h | 6 + source4/kdc/config.mk | 8 +- source4/kdc/hdb-ldb.c | 1550 ----------------------------------------- source4/kdc/hdb-samba4.c | 1550 +++++++++++++++++++++++++++++++++++++++++ source4/kdc/kdc.c | 17 +- 6 files changed, 1604 insertions(+), 1569 deletions(-) delete mode 100644 source4/kdc/hdb-ldb.c create mode 100644 source4/kdc/hdb-samba4.c diff --git a/source4/heimdal/lib/hdb/hdb.c b/source4/heimdal/lib/hdb/hdb.c index 3fddabb2d0..19c170767d 100644 --- a/source4/heimdal/lib/hdb/hdb.c +++ b/source4/heimdal/lib/hdb/hdb.c @@ -31,34 +31,27 @@ * SUCH DAMAGE. */ +#include "krb5.h" +#include "krb5_locl.h" #include "hdb_locl.h" - RCSID("$Id$"); #ifdef HAVE_DLFCN_H #include #endif -struct hdb_method { - const char *prefix; - krb5_error_code (*create)(krb5_context, HDB **, const char *filename); -}; - static struct hdb_method methods[] = { #if HAVE_DB1 || HAVE_DB3 - {"db:", hdb_db_create}, + {HDB_INTERFACE_VERSION, "db:", hdb_db_create}, #endif #if HAVE_NDBM - {"ndbm:", hdb_ndbm_create}, + {HDB_INTERFACE_VERSION, "ndbm:", hdb_ndbm_create}, #endif #if defined(OPENLDAP) && !defined(OPENLDAP_MODULE) - {"ldap:", hdb_ldap_create}, - {"ldapi:", hdb_ldapi_create}, -#endif -#ifdef HAVE_LDB /* Used for integrated samba build */ - {"ldb:", hdb_ldb_create}, + {HDB_INTERFACE_VERSION, "ldap:", hdb_ldap_create}, + {HDB_INTERFACE_VERSION, "ldapi:", hdb_ldapi_create}, #endif - {NULL, NULL} + {0, NULL, NULL} }; #if HAVE_DB1 || HAVE_DB3 @@ -398,11 +391,32 @@ hdb_create(krb5_context context, HDB **db, const char *filename) { const struct hdb_method *h; const char *residual; + krb5_error_code ret; + struct krb5_plugin *list = NULL, *e; if(filename == NULL) filename = HDB_DEFAULT_DB; krb5_add_et_list(context, initialize_hdb_error_table_r); h = find_method (filename, &residual); + + if (h == NULL) { + ret = _krb5_plugin_find(context, PLUGIN_TYPE_DATA, "hdb", &list); + if(ret == 0 && list != NULL) { + for (e = list; e != NULL; e = _krb5_plugin_get_next(e)) { + h = _krb5_plugin_get_symbol(e); + if (strncmp (filename, h->prefix, strlen(h->prefix)) == 0 + && h->interface_version == HDB_INTERFACE_VERSION) { + residual = filename + strlen(h->prefix); + break; + } + } + if (e == NULL) { + h = NULL; + _krb5_plugin_free(list); + } + } + } + #ifdef HAVE_DLOPEN if (h == NULL) h = find_dynamic_method (context, filename, &residual); diff --git a/source4/heimdal/lib/hdb/hdb.h b/source4/heimdal/lib/hdb/hdb.h index bc1b744015..5c2097ea59 100644 --- a/source4/heimdal/lib/hdb/hdb.h +++ b/source4/heimdal/lib/hdb/hdb.h @@ -139,6 +139,12 @@ typedef krb5_error_code (*hdb_foreach_func_t)(krb5_context, HDB*, hdb_entry_ex*, void*); extern krb5_kt_ops hdb_kt_ops; +struct hdb_method { + int interface_version; + const char *prefix; + krb5_error_code (*create)(krb5_context, HDB **, const char *filename); +}; + #include #endif /* __HDB_H__ */ diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk index b3e5bfdb92..dfd2879bd6 100644 --- a/source4/kdc/config.mk +++ b/source4/kdc/config.mk @@ -6,7 +6,7 @@ INIT_FUNCTION = server_service_kdc_init SUBSYSTEM = samba PRIVATE_DEPENDENCIES = \ - HEIMDAL_KDC HDB_LDB + HEIMDAL_KDC HDB_SAMBA4 # End SUBSYSTEM KDC ####################### @@ -14,7 +14,7 @@ KDC_OBJ_FILES = $(addprefix $(kdcsrcdir)/, kdc.o kpasswdd.o) ####################### # Start SUBSYSTEM KDC -[SUBSYSTEM::HDB_LDB] +[SUBSYSTEM::HDB_SAMBA4] CFLAGS = -Iheimdal/kdc -Iheimdal/lib/hdb PRIVATE_DEPENDENCIES = \ LIBLDB auth_sam auth_sam_reply CREDENTIALS \ @@ -22,5 +22,5 @@ PRIVATE_DEPENDENCIES = \ # End SUBSYSTEM KDC ####################### -HDB_LDB_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-ldb.o pac-glue.o) -$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_LDB_OBJ_FILES:.o=.c))) +HDB_SAMBA4_OBJ_FILES = $(addprefix $(kdcsrcdir)/, hdb-samba4.o pac-glue.o) +$(eval $(call proto_header_template,$(kdcsrcdir)/pac_glue.h,$(HDB_SAMBA4_OBJ_FILES:.o=.c))) diff --git a/source4/kdc/hdb-ldb.c b/source4/kdc/hdb-ldb.c deleted file mode 100644 index 4fde75cf70..0000000000 --- a/source4/kdc/hdb-ldb.c +++ /dev/null @@ -1,1550 +0,0 @@ -/* - * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. - * Copyright (c) 2004, Andrew Bartlett . - * Copyright (c) 2004, Stefan Metzmacher - * All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * - * 3. Neither the name of PADL Software nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -#include "includes.h" -#include "system/time.h" -#include "dsdb/common/flags.h" -#include "lib/ldb/include/ldb.h" -#include "lib/ldb/include/ldb_errors.h" -#include "librpc/gen_ndr/netlogon.h" -#include "auth/auth.h" -#include "auth/credentials/credentials.h" -#include "auth/auth_sam.h" -#include "util/util_ldb.h" -#include "dsdb/samdb/samdb.h" -#include "librpc/ndr/libndr.h" -#include "librpc/gen_ndr/ndr_drsblobs.h" -#include "librpc/gen_ndr/lsa.h" -#include "libcli/auth/libcli_auth.h" -#include "param/param.h" -#include "events/events.h" -#include "kdc/kdc.h" -#include "../lib/crypto/md4.h" - -enum hdb_ldb_ent_type -{ HDB_LDB_ENT_TYPE_CLIENT, HDB_LDB_ENT_TYPE_SERVER, - HDB_LDB_ENT_TYPE_KRBTGT, HDB_LDB_ENT_TYPE_TRUST, HDB_LDB_ENT_TYPE_ANY }; - -enum trust_direction { - UNKNOWN = 0, - INBOUND = LSA_TRUST_DIRECTION_INBOUND, - OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND -}; - -static const char *realm_ref_attrs[] = { - "nCName", - "dnsRoot", - NULL -}; - -static const char *trust_attrs[] = { - "trustPartner", - "trustAuthIncoming", - "trustAuthOutgoing", - "whenCreated", - "msDS-SupportedEncryptionTypes", - "trustAttributes", - "trustDirection", - "trustType", - NULL -}; - -static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val) -{ - const char *tmp; - const char *gentime; - struct tm tm; - - gentime = ldb_msg_find_attr_as_string(msg, attr, NULL); - if (!gentime) - return default_val; - - tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); - if (tmp == NULL) { - return default_val; - } - - return timegm(&tm); -} - -static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type) -{ - HDBFlags flags = int2HDBFlags(0); - - /* we don't allow kadmin deletes */ - flags.immutable = 1; - - /* mark the principal as invalid to start with */ - flags.invalid = 1; - - flags.renewable = 1; - - /* All accounts are servers, but this may be disabled again in the caller */ - flags.server = 1; - - /* Account types - clear the invalid bit if it turns out to be valid */ - if (userAccountControl & UF_NORMAL_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - - if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) { - if (ent_type == HDB_LDB_ENT_TYPE_CLIENT || ent_type == HDB_LDB_ENT_TYPE_ANY) { - flags.client = 1; - } - flags.invalid = 0; - } - - /* Not permitted to act as a client if disabled */ - if (userAccountControl & UF_ACCOUNTDISABLE) { - flags.client = 0; - } - if (userAccountControl & UF_LOCKOUT) { - flags.invalid = 1; - } -/* - if (userAccountControl & UF_PASSWORD_NOTREQD) { - flags.invalid = 1; - } -*/ -/* - UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent -*/ - if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) { - flags.invalid = 1; - } - -/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ - -/* - if (userAccountControl & UF_MNS_LOGON_ACCOUNT) { - flags.invalid = 1; - } -*/ - if (userAccountControl & UF_SMARTCARD_REQUIRED) { - flags.require_hwauth = 1; - } - if (userAccountControl & UF_TRUSTED_FOR_DELEGATION) { - flags.ok_as_delegate = 1; - } - if (!(userAccountControl & UF_NOT_DELEGATED)) { - flags.forwardable = 1; - flags.proxiable = 1; - } - - if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) { - flags.require_preauth = 0; - } else { - flags.require_preauth = 1; - - } - return flags; -} - -static int hdb_ldb_destructor(struct hdb_ldb_private *private) -{ - hdb_entry_ex *entry_ex = private->entry_ex; - free_hdb_entry(&entry_ex->entry); - return 0; -} - -static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) -{ - talloc_free(entry_ex->ctx); -} - -static krb5_error_code LDB_message2entry_keys(krb5_context context, - struct smb_iconv_convenience *iconv_convenience, - TALLOC_CTX *mem_ctx, - struct ldb_message *msg, - unsigned int userAccountControl, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret = 0; - enum ndr_err_code ndr_err; - struct samr_Password *hash; - const struct ldb_val *sc_val; - struct supplementalCredentialsBlob scb; - struct supplementalCredentialsPackage *scpk = NULL; - bool newer_keys = false; - struct package_PrimaryKerberosBlob _pkb; - struct package_PrimaryKerberosCtr3 *pkb3 = NULL; - struct package_PrimaryKerberosCtr4 *pkb4 = NULL; - uint32_t i; - uint32_t allocated_keys = 0; - - entry_ex->entry.keys.val = NULL; - entry_ex->entry.keys.len = 0; - - entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); - - /* Get keys from the db */ - - hash = samdb_result_hash(mem_ctx, msg, "unicodePwd"); - sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials"); - - /* unicodePwd for enctype 0x17 (23) if present */ - if (hash) { - allocated_keys++; - } - - /* supplementalCredentials if present */ - if (sc_val) { - ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb, - (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - dump_data(0, sc_val->data, sc_val->length); - ret = EINVAL; - goto out; - } - - if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) { - NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb); - ret = EINVAL; - goto out; - } - - for (i=0; i < scb.sub.num_packages; i++) { - if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) { - scpk = &scb.sub.packages[i]; - if (!scpk->data || !scpk->data[0]) { - scpk = NULL; - continue; - } - newer_keys = true; - break; - } else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) { - scpk = &scb.sub.packages[i]; - if (!scpk->data || !scpk->data[0]) { - scpk = NULL; - } - /* - * we don't break here in hope to find - * a Kerberos-Newer-Keys package - */ - } - } - } - /* - * Primary:Kerberos-Newer-Keys or Primary:Kerberos element - * of supplementalCredentials - */ - if (scpk) { - DATA_BLOB blob; - - blob = strhex_to_data_blob(scpk->data); - if (!blob.data) { - ret = ENOMEM; - goto out; - } - talloc_steal(mem_ctx, blob.data); - - /* we cannot use ndr_pull_struct_blob_all() here, as w2k and w2k3 add padding bytes */ - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, - (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); - ret = EINVAL; - goto out; - } - - if (newer_keys && _pkb.version != 4) { - krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); - krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); - ret = EINVAL; - goto out; - } - - if (!newer_keys && _pkb.version != 3) { - krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); - krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); - ret = EINVAL; - goto out; - } - - if (_pkb.version == 4) { - pkb4 = &_pkb.ctr.ctr4; - allocated_keys += pkb4->num_keys; - } else if (_pkb.version == 3) { - pkb3 = &_pkb.ctr.ctr3; - allocated_keys += pkb3->num_keys; - } - } - - if (allocated_keys == 0) { - /* oh, no password. Apparently (comment in - * hdb-ldap.c) this violates the ASN.1, but this - * allows an entry with no keys (yet). */ - return 0; - } - - /* allocate space to decode into */ - entry_ex->entry.keys.len = 0; - entry_ex->entry.keys.val = calloc(allocated_keys, sizeof(Key)); - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - - if (hash && !(userAccountControl & UF_USE_DES_KEY_ONLY)) { - Key key; - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ - - ret = krb5_keyblock_init(context, - ENCTYPE_ARCFOUR_HMAC_MD5, - hash->hash, sizeof(hash->hash), - &key.key); - if (ret) { - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - - if (pkb4) { - for (i=0; i < pkb4->num_keys; i++) { - bool use = true; - Key key; - - if (!pkb4->keys[i].value) continue; - - if (userAccountControl & UF_USE_DES_KEY_ONLY) { - switch (pkb4->keys[i].keytype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - break; - default: - use = false; - break; - } - } - - if (!use) continue; - - key.mkvno = 0; - key.salt = NULL; - - if (pkb4->salt.string) { - DATA_BLOB salt; - - salt = data_blob_string_const(pkb4->salt.string); - - key.salt = calloc(1, sizeof(*key.salt)); - if (key.salt == NULL) { - ret = ENOMEM; - goto out; - } - - key.salt->type = hdb_pw_salt; - - ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); - if (ret) { - free(key.salt); - key.salt = NULL; - goto out; - } - } - - /* TODO: maybe pass the iteration_count somehow... */ - - ret = krb5_keyblock_init(context, - pkb4->keys[i].keytype, - pkb4->keys[i].value->data, - pkb4->keys[i].value->length, - &key.key); - if (ret) { - if (key.salt) { - free_Salt(key.salt); - free(key.salt); - key.salt = NULL; - } - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - } else if (pkb3) { - for (i=0; i < pkb3->num_keys; i++) { - bool use = true; - Key key; - - if (!pkb3->keys[i].value) continue; - - if (userAccountControl & UF_USE_DES_KEY_ONLY) { - switch (pkb3->keys[i].keytype) { - case ENCTYPE_DES_CBC_CRC: - case ENCTYPE_DES_CBC_MD5: - break; - default: - use = false; - break; - } - } - - if (!use) continue; - - key.mkvno = 0; - key.salt = NULL; - - if (pkb3->salt.string) { - DATA_BLOB salt; - - salt = data_blob_string_const(pkb3->salt.string); - - key.salt = calloc(1, sizeof(*key.salt)); - if (key.salt == NULL) { - ret = ENOMEM; - goto out; - } - - key.salt->type = hdb_pw_salt; - - ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); - if (ret) { - free(key.salt); - key.salt = NULL; - goto out; - } - } - - ret = krb5_keyblock_init(context, - pkb3->keys[i].keytype, - pkb3->keys[i].value->data, - pkb3->keys[i].value->length, - &key.key); - if (ret) { - if (key.salt) { - free_Salt(key.salt); - free(key.salt); - key.salt = NULL; - } - goto out; - } - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - } - -out: - if (ret != 0) { - entry_ex->entry.keys.len = 0; - } - if (entry_ex->entry.keys.len == 0 && entry_ex->entry.keys.val) { - free(entry_ex->entry.keys.val); - entry_ex->entry.keys.val = NULL; - } - return ret; -} - -/* - * Construct an hdb_entry from a directory entry. - */ -static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, krb5_const_principal principal, - enum hdb_ldb_ent_type ent_type, - struct ldb_message *msg, - struct ldb_message *realm_ref_msg, - hdb_entry_ex *entry_ex) -{ - unsigned int userAccountControl; - int i; - krb5_error_code ret = 0; - krb5_boolean is_computer = FALSE; - const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL); - char *realm = strupper_talloc(mem_ctx, dnsdomain); - struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm"); - struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, - mem_ctx, - realm_ref_msg, - "nCName", - ldb_dn_new(mem_ctx, (struct ldb_context *)db->hdb_db, NULL)); - - struct hdb_ldb_private *private; - NTTIME acct_expiry; - - struct ldb_message_element *objectclasses; - struct ldb_val computer_val; - computer_val.data = discard_const_p(uint8_t,"computer"); - computer_val.length = strlen((const char *)computer_val.data); - - objectclasses = ldb_msg_find_element(msg, "objectClass"); - - if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { - is_computer = TRUE; - } - - memset(entry_ex, 0, sizeof(*entry_ex)); - - if (!realm) { - krb5_set_error_string(context, "talloc_strdup: out of memory"); - ret = ENOMEM; - goto out; - } - - private = talloc(mem_ctx, struct hdb_ldb_private); - if (!private) { - ret = ENOMEM; - goto out; - } - - private->entry_ex = entry_ex; - private->iconv_convenience = lp_iconv_convenience(lp_ctx); - private->netbios_name = lp_netbios_name(lp_ctx); - - talloc_set_destructor(private, hdb_ldb_destructor); - - entry_ex->ctx = private; - entry_ex->free_entry = hdb_ldb_free_entry; - - userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); - - - entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); - if (ent_type == HDB_LDB_ENT_TYPE_ANY && principal == NULL) { - const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); - if (!samAccountName) { - krb5_set_error_string(context, "LDB_message2entry: no samAccountName present"); - ret = ENOENT; - goto out; - } - samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); - krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); - } else { - char *strdup_realm; - ret = copy_Principal(principal, entry_ex->entry.principal); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - /* While we have copied the client principal, tests - * show that Win2k3 returns the 'corrected' realm, not - * the client-specified realm. This code attempts to - * replace the client principal's realm with the one - * we determine from our records */ - - /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); - } - - entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type); - - if (ent_type == HDB_LDB_ENT_TYPE_KRBTGT) { - entry_ex->entry.flags.invalid = 0; - entry_ex->entry.flags.server = 1; - entry_ex->entry.flags.forwardable = 1; - entry_ex->entry.flags.ok_as_delegate = 1; - } - - if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) { - if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) { - entry_ex->entry.flags.server = 0; - } - } - - /* use 'whenCreated' */ - entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); - /* use '???' */ - entry_ex->entry.created_by.principal = NULL; - - entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); - if (entry_ex->entry.modified_by == NULL) { - krb5_set_error_string(context, "malloc: out of memory"); - ret = ENOMEM; - goto out; - } - - /* use 'whenChanged' */ - entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); - /* use '???' */ - entry_ex->entry.modified_by->principal = NULL; - - entry_ex->entry.valid_start = NULL; - - acct_expiry = samdb_result_account_expires(msg); - if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) { - entry_ex->entry.valid_end = NULL; - } else { - entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); - if (entry_ex->entry.valid_end == NULL) { - ret = ENOMEM; - goto out; - } - *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry); - } - - if (ent_type != HDB_LDB_ENT_TYPE_KRBTGT) { - NTTIME must_change_time - = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx, - domain_dn, msg); - if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) { - entry_ex->entry.pw_end = NULL; - } else { - entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end)); - if (entry_ex->entry.pw_end == NULL) { - ret = ENOMEM; - goto out; - } - *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time); - } - } else { - entry_ex->entry.pw_end = NULL; - } - - entry_ex->entry.max_life = NULL; - - entry_ex->entry.max_renew = NULL; - - entry_ex->entry.generation = NULL; - - /* Get keys from the db */ - ret = LDB_message2entry_keys(context, private->iconv_convenience, private, msg, userAccountControl, entry_ex); - if (ret) { - /* Could be bougus data in the entry, or out of memory */ - goto out; - } - - entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); - if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - entry_ex->entry.etypes->len = entry_ex->entry.keys.len; - entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); - if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - for (i=0; i < entry_ex->entry.etypes->len; i++) { - entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; - } - - - private->msg = talloc_steal(private, msg); - private->realm_ref_msg = talloc_steal(private, realm_ref_msg); - private->samdb = (struct ldb_context *)db->hdb_db; - -out: - if (ret != 0) { - /* This doesn't free ent itself, that is for the eventual caller to do */ - hdb_free_entry(context, entry_ex); - } else { - talloc_steal(db, entry_ex->ctx); - } - - return ret; -} - -/* - * Construct an hdb_entry from a directory entry. - */ -static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, - struct loadparm_context *lp_ctx, - TALLOC_CTX *mem_ctx, krb5_const_principal principal, - enum trust_direction direction, - struct ldb_message *msg, - hdb_entry_ex *entry_ex) -{ - - const char *dnsdomain; - char *realm; - char *strdup_realm; - DATA_BLOB password_utf16; - struct samr_Password password_hash; - const struct ldb_val *password_val; - struct trustAuthInOutBlob password_blob; - struct hdb_ldb_private *private; - - enum ndr_err_code ndr_err; - int i, ret, trust_direction_flags; - - private = talloc(mem_ctx, struct hdb_ldb_private); - if (!private) { - ret = ENOMEM; - goto out; - } - - private->entry_ex = entry_ex; - private->iconv_convenience = lp_iconv_convenience(lp_ctx); - private->netbios_name = lp_netbios_name(lp_ctx); - - talloc_set_destructor(private, hdb_ldb_destructor); - - entry_ex->ctx = private; - entry_ex->free_entry = hdb_ldb_free_entry; - - /* use 'whenCreated' */ - entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); - /* use '???' */ - entry_ex->entry.created_by.principal = NULL; - - entry_ex->entry.valid_start = NULL; - - trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0); - - if (direction == INBOUND) { - realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); - password_val = ldb_msg_find_ldb_val(msg, "trustAuthIncoming"); - - } else { /* OUTBOUND */ - dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL); - realm = strupper_talloc(mem_ctx, dnsdomain); - password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing"); - } - - if (!password_val || !(trust_direction_flags & direction)) { - ret = ENOENT; - goto out; - } - - ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, - (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - ret = EINVAL; - goto out; - } - - for (i=0; i < password_blob.count; i++) { - if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { - password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, - password_blob.current->array[i].AuthInfo.clear.size); - /* In the future, generate all sorts of - * hashes, but for now we can't safely convert - * the random strings windows uses into - * utf8 */ - - /* but as it is utf16 already, we can get the NT password/arcfour-hmac-md5 key */ - mdfour(password_hash.hash, password_utf16.data, password_utf16.length); - break; - } else if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { - password_hash = password_blob.current->array[i].AuthInfo.nt4owf.password; - break; - } - } - entry_ex->entry.keys.len = 0; - entry_ex->entry.keys.val = NULL; - - if (i < password_blob.count) { - Key key; - /* Must have found a cleartext or MD4 password */ - entry_ex->entry.keys.val = calloc(1, sizeof(Key)); - - key.mkvno = 0; - key.salt = NULL; /* No salt for this enc type */ - - if (entry_ex->entry.keys.val == NULL) { - ret = ENOMEM; - goto out; - } - - ret = krb5_keyblock_init(context, - ENCTYPE_ARCFOUR_HMAC_MD5, - password_hash.hash, sizeof(password_hash.hash), - &key.key); - - entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; - entry_ex->entry.keys.len++; - } - - ret = copy_Principal(principal, entry_ex->entry.principal); - if (ret) { - krb5_clear_error_string(context); - goto out; - } - - /* While we have copied the client principal, tests - * show that Win2k3 returns the 'corrected' realm, not - * the client-specified realm. This code attempts to - * replace the client principal's realm with the one - * we determine from our records */ - - /* this has to be with malloc() */ - strdup_realm = strdup(realm); - if (!strdup_realm) { - ret = ENOMEM; - krb5_clear_error_string(context); - goto out; - } - free(*krb5_princ_realm(context, entry_ex->entry.principal)); - krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); - - entry_ex->entry.flags = int2HDBFlags(0); - entry_ex->entry.flags.immutable = 1; - entry_ex->entry.flags.invalid = 0; - entry_ex->entry.flags.server = 1; - entry_ex->entry.flags.require_preauth = 1; - - entry_ex->entry.pw_end = NULL; - - entry_ex->entry.max_life = NULL; - - entry_ex->entry.max_renew = NULL; - - entry_ex->entry.generation = NULL; - - entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); - if (entry_ex->entry.etypes == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - entry_ex->entry.etypes->len = entry_ex->entry.keys.len; - entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); - if (entry_ex->entry.etypes->val == NULL) { - krb5_clear_error_string(context); - ret = ENOMEM; - goto out; - } - for (i=0; i < entry_ex->entry.etypes->len; i++) { - entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; - } - - - private->msg = talloc_steal(private, msg); - private->realm_ref_msg = NULL; - private->samdb = (struct ldb_context *)db->hdb_db; - -out: - if (ret != 0) { - /* This doesn't free ent itself, that is for the eventual caller to do */ - hdb_free_entry(context, entry_ex); - } else { - talloc_steal(db, entry_ex->ctx); - } - - return ret; - -} - -static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - enum hdb_ldb_ent_type ent_type, - struct ldb_dn *realm_dn, - struct ldb_message ***pmsg) -{ - krb5_error_code ret; - int lret; - char *filter = NULL; - const char * const *princ_attrs = user_attrs; - - char *short_princ; - char *short_princ_talloc; - - struct ldb_result *res = NULL; - - ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ); - - if (ret != 0) { - krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); - krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); - return ret; - } - - short_princ_talloc = talloc_strdup(mem_ctx, short_princ); - free(short_princ); - if (!short_princ_talloc) { - krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); - return ENOMEM; - } - - switch (ent_type) { - case HDB_LDB_ENT_TYPE_CLIENT: - case HDB_LDB_ENT_TYPE_TRUST: - case HDB_LDB_ENT_TYPE_ANY: - /* Can't happen */ - return EINVAL; - case HDB_LDB_ENT_TYPE_KRBTGT: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", - KRB5_TGS_NAME); - break; - case HDB_LDB_ENT_TYPE_SERVER: - filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", - short_princ_talloc); - break; - } - - if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; - } - - lret = ldb_search(ldb_ctx, mem_ctx, &res, realm_dn, - LDB_SCOPE_SUBTREE, princ_attrs, "%s", filter); - if (lret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); - return HDB_ERR_NOENTRY; - } else if (res->count == 0 || res->count > 1) { - DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); - talloc_free(res); - return HDB_ERR_NOENTRY; - } - talloc_steal(mem_ctx, res->msgs); - *pmsg = res->msgs; - talloc_free(res); - return 0; -} - -static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - const char *realm, - struct ldb_dn *realm_dn, - struct ldb_message ***pmsg) -{ - int lret; - char *filter = NULL; - const char * const *attrs = trust_attrs; - - struct ldb_result *res = NULL; - filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm); - - if (!filter) { - krb5_set_error_string(context, "talloc_asprintf: out of memory"); - return ENOMEM; - } - - lret = ldb_search(ldb_ctx, mem_ctx, &res, - ldb_get_default_basedn(ldb_ctx), - LDB_SCOPE_SUBTREE, attrs, "%s", filter); - if (lret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); - return HDB_ERR_NOENTRY; - } else if (res->count == 0 || res->count > 1) { - DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); - talloc_free(res); - return HDB_ERR_NOENTRY; - } - talloc_steal(mem_ctx, res->msgs); - *pmsg = res->msgs; - talloc_free(res); - return 0; -} - -static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context *ldb_ctx, - TALLOC_CTX *mem_ctx, - const char *realm, - struct ldb_message ***pmsg) -{ - int ret; - struct ldb_result *cross_ref_res; - struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx); - - ret = ldb_search(ldb_ctx, mem_ctx, &cross_ref_res, - partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs, - "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", - realm, realm); - - if (ret != LDB_SUCCESS) { - DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx))); - talloc_free(cross_ref_res); - return HDB_ERR_NOENTRY; - } else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) { - DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count)); - talloc_free(cross_ref_res); - return HDB_ERR_NOENTRY; - } - - if (pmsg) { - *pmsg = cross_ref_res->msgs; - talloc_steal(mem_ctx, cross_ref_res->msgs); - } - talloc_free(cross_ref_res); - - return 0; -} - - -static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode) -{ - if (db->hdb_master_key_set) { - krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n"); - krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n"); - return HDB_ERR_NOENTRY; - } - - return 0; -} - -static krb5_error_code LDB_close(krb5_context context, HDB *db) -{ - return 0; -} - -static krb5_error_code LDB_lock(krb5_context context, HDB *db, int operation) -{ - return 0; -} - -static krb5_error_code LDB_unlock(krb5_context context, HDB *db) -{ - return 0; -} - -static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new_name) -{ - return HDB_ERR_DB_INUSE; -} - -static krb5_error_code LDB_fetch_client(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) { - NTSTATUS nt_status; - char *principal_string; - krb5_error_code ret; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg = NULL; - - ret = krb5_unparse_name(context, principal, &principal_string); - - if (ret != 0) { - return ret; - } - - nt_status = sam_get_results_principal((struct ldb_context *)db->hdb_db, - mem_ctx, principal_string, - &msg, &realm_ref_msg); - free(principal_string); - if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { - return HDB_ERR_NOENTRY; - } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { - return ENOMEM; - } else if (!NT_STATUS_IS_OK(nt_status)) { - return EINVAL; - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_CLIENT, - msg[0], realm_ref_msg[0], entry_ex); - return ret; -} - -static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg_1 = NULL; - struct ldb_message **realm_ref_msg_2 = NULL; - struct ldb_dn *realm_dn; - const char *realm; - - krb5_principal alloc_principal = NULL; - if (principal->name.name_string.len != 2 - || (strcmp(principal->name.name_string.val[0], KRB5_TGS_NAME) != 0)) { - /* Not a krbtgt */ - return HDB_ERR_NOENTRY; - } - - /* krbtgt case. Either us or a trusted realm */ - - if ((LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, principal->realm, &realm_ref_msg_1) == 0) - && (LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, principal->name.name_string.val[1], &realm_ref_msg_2) == 0) - && (ldb_dn_compare(realm_ref_msg_1[0]->dn, realm_ref_msg_1[0]->dn) == 0)) { - /* us */ - /* Cludge, cludge cludge. If the realm part of krbtgt/realm, - * is in our db, then direct the caller at our primary - * krbtgt */ - - const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg_1[0], "dnsRoot", NULL); - char *realm_fixed = strupper_talloc(mem_ctx, dnsdomain); - if (!realm_fixed) { - krb5_set_error_string(context, "strupper_talloc: out of memory"); - return ENOMEM; - } - - ret = krb5_copy_principal(context, principal, &alloc_principal); - if (ret) { - return ret; - } - - free(alloc_principal->name.name_string.val[1]); - alloc_principal->name.name_string.val[1] = strdup(realm_fixed); - talloc_free(realm_fixed); - if (!alloc_principal->name.name_string.val[1]) { - krb5_set_error_string(context, "LDB_fetch: strdup() failed!"); - return ENOMEM; - } - principal = alloc_principal; - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg_1[0], "nCName", NULL); - - ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - principal, HDB_LDB_ENT_TYPE_KRBTGT, realm_dn, &msg); - - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); - return ret; - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_KRBTGT, - msg[0], realm_ref_msg_1[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - return ret; - - } else { - enum trust_direction direction = UNKNOWN; - - struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(db->hdb_db, "loadparm"), struct loadparm_context); - /* Either an inbound or outbound trust */ - - if (strcasecmp(lp_realm(lp_ctx), principal->realm) == 0) { - /* look for inbound trust */ - direction = INBOUND; - realm = principal->name.name_string.val[1]; - } - - if (strcasecmp(lp_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { - /* look for outbound trust */ - direction = OUTBOUND; - realm = principal->realm; - } - - /* Trusted domains are under CN=system */ - - ret = LDB_lookup_trust(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - realm, realm_dn, &msg); - - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: could not find principal in DB"); - krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); - return ret; - } - - ret = LDB_trust_message2entry(context, db, lp_ctx, mem_ctx, - principal, direction, - msg[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - return ret; - - - /* we should lookup trusted domains */ - return HDB_ERR_NOENTRY; - } - -} - -static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db, - TALLOC_CTX *mem_ctx, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret; - const char *realm; - struct ldb_message **msg = NULL; - struct ldb_message **realm_ref_msg = NULL; - struct ldb_dn *partitions_basedn = samdb_partitions_dn(db->hdb_db, mem_ctx); - if (principal->name.name_string.len >= 2) { - /* 'normal server' case */ - int ldb_ret; - NTSTATUS nt_status; - struct ldb_dn *user_dn, *domain_dn; - char *principal_string; - - ret = krb5_unparse_name_flags(context, principal, - KRB5_PRINCIPAL_UNPARSE_NO_REALM, - &principal_string); - if (ret != 0) { - return ret; - } - - /* At this point we may find the host is known to be - * in a different realm, so we should generate a - * referral instead */ - nt_status = crack_service_principal_name((struct ldb_context *)db->hdb_db, - mem_ctx, principal_string, - &user_dn, &domain_dn); - free(principal_string); - - if (!NT_STATUS_IS_OK(nt_status)) { - return HDB_ERR_NOENTRY; - } - - ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db, - mem_ctx, user_dn, &msg, user_attrs); - - if (ldb_ret != 1) { - return HDB_ERR_NOENTRY; - } - - ldb_ret = gendb_search((struct ldb_context *)db->hdb_db, - mem_ctx, partitions_basedn, &realm_ref_msg, realm_ref_attrs, - "ncName=%s", ldb_dn_get_linearized(domain_dn)); - - if (ldb_ret != 1) { - return HDB_ERR_NOENTRY; - } - - } else { - struct ldb_dn *realm_dn; - /* server as client principal case, but we must not lookup userPrincipalNames */ - - realm = krb5_principal_get_realm(context, principal); - - ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, realm, &realm_ref_msg); - if (ret != 0) { - return HDB_ERR_NOENTRY; - } - - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg[0], "nCName", NULL); - - ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, - mem_ctx, - principal, HDB_LDB_ENT_TYPE_SERVER, realm_dn, &msg); - - if (ret != 0) { - return ret; - } - } - - ret = LDB_message2entry(context, db, mem_ctx, - principal, HDB_LDB_ENT_TYPE_SERVER, - msg[0], realm_ref_msg[0], entry_ex); - if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); - } - - return ret; -} - -static krb5_error_code LDB_fetch(krb5_context context, HDB *db, - krb5_const_principal principal, - unsigned flags, - hdb_entry_ex *entry_ex) -{ - krb5_error_code ret = HDB_ERR_NOENTRY; - - TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_fetch: talloc_named() failed!"); - return ENOMEM; - } - - if (flags & HDB_F_GET_CLIENT) { - ret = LDB_fetch_client(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - if (flags & HDB_F_GET_SERVER) { - /* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */ - ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - - /* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */ - ret = LDB_fetch_server(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - if (flags & HDB_F_GET_KRBTGT) { - ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); - if (ret != HDB_ERR_NOENTRY) goto done; - } - -done: - talloc_free(mem_ctx); - return ret; -} - -static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - return HDB_ERR_DB_INUSE; -} - -static krb5_error_code LDB_remove(krb5_context context, HDB *db, krb5_const_principal principal) -{ - return HDB_ERR_DB_INUSE; -} - -struct hdb_ldb_seq { - struct ldb_context *ctx; - int index; - int count; - struct ldb_message **msgs; - struct ldb_message **realm_ref_msgs; -}; - -static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) -{ - krb5_error_code ret; - struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; - TALLOC_CTX *mem_ctx; - hdb_entry_ex entry_ex; - memset(&entry_ex, '\0', sizeof(entry_ex)); - - if (!priv) { - return HDB_ERR_NOENTRY; - } - - mem_ctx = talloc_named(priv, 0, "LDB_seq context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_seq: talloc_named() failed!"); - return ENOMEM; - } - - if (priv->index < priv->count) { - ret = LDB_message2entry(context, db, mem_ctx, - NULL, HDB_LDB_ENT_TYPE_ANY, - priv->msgs[priv->index++], - priv->realm_ref_msgs[0], entry); - } else { - ret = HDB_ERR_NOENTRY; - } - - if (ret != 0) { - talloc_free(priv); - db->hdb_dbc = NULL; - } else { - talloc_free(mem_ctx); - } - - return ret; -} - -static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry_ex *entry) -{ - struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; - struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; - char *realm; - struct ldb_dn *realm_dn = NULL; - struct ldb_result *res = NULL; - struct ldb_message **realm_ref_msgs = NULL; - krb5_error_code ret; - TALLOC_CTX *mem_ctx; - int lret; - - if (priv) { - talloc_free(priv); - db->hdb_dbc = NULL; - } - - priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq); - if (!priv) { - krb5_set_error_string(context, "talloc: out of memory"); - return ENOMEM; - } - - priv->ctx = ldb_ctx; - priv->index = 0; - priv->msgs = NULL; - priv->realm_ref_msgs = NULL; - priv->count = 0; - - mem_ctx = talloc_named(priv, 0, "LDB_firstkey context"); - - if (!mem_ctx) { - krb5_set_error_string(context, "LDB_firstkey: talloc_named() failed!"); - return ENOMEM; - } - - ret = krb5_get_default_realm(context, &realm); - if (ret != 0) { - talloc_free(priv); - return ret; - } - - ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, - mem_ctx, realm, &realm_ref_msgs); - - free(realm); - - if (ret != 0) { - talloc_free(priv); - krb5_warnx(context, "LDB_firstkey: could not find realm\n"); - return HDB_ERR_NOENTRY; - } - - realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msgs[0], "nCName", NULL); - - priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); - - lret = ldb_search(ldb_ctx, priv, &res, - realm_dn, LDB_SCOPE_SUBTREE, user_attrs, - "(objectClass=user)"); - - if (lret != LDB_SUCCESS) { - talloc_free(priv); - return HDB_ERR_NOENTRY; - } - - priv->count = res->count; - priv->msgs = talloc_steal(priv, res->msgs); - talloc_free(res); - - db->hdb_dbc = priv; - - ret = LDB_seq(context, db, flags, entry); - - if (ret != 0) { - talloc_free(priv); - db->hdb_dbc = NULL; - } else { - talloc_free(mem_ctx); - } - return ret; -} - -static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags, - hdb_entry_ex *entry) -{ - return LDB_seq(context, db, flags, entry); -} - -static krb5_error_code LDB_destroy(krb5_context context, HDB *db) -{ - talloc_free(db); - return 0; -} - -/* This interface is to be called by the KDC, which is expecting Samba - * calling conventions. It is also called by a wrapper - * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb - * code */ - -NTSTATUS kdc_hdb_ldb_create(TALLOC_CTX *mem_ctx, - struct event_context *ev_ctx, - struct loadparm_context *lp_ctx, - krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - struct auth_session_info *session_info; - *db = talloc(mem_ctx, HDB); - if (!*db) { - krb5_set_error_string(context, "malloc: out of memory"); - return NT_STATUS_NO_MEMORY; - } - - (*db)->hdb_master_key_set = 0; - (*db)->hdb_db = NULL; - - nt_status = auth_system_session_info(*db, lp_ctx, &session_info); - if (!NT_STATUS_IS_OK(nt_status)) { - return nt_status; - } - - /* The idea here is very simple. Using Kerberos to - * authenticate the KDC to the LDAP server is higly likely to - * be circular. - * - * In future we may set this up to use EXERNAL and SSL - * certificates, for now it will almost certainly be NTLMSSP - */ - - cli_credentials_set_kerberos_state(session_info->credentials, - CRED_DONT_USE_KERBEROS); - - /* Setup the link to LDB */ - (*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info); - if ((*db)->hdb_db == NULL) { - DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!")); - return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - } - - (*db)->hdb_dbc = NULL; - (*db)->hdb_open = LDB_open; - (*db)->hdb_close = LDB_close; - (*db)->hdb_fetch = LDB_fetch; - (*db)->hdb_store = LDB_store; - (*db)->hdb_remove = LDB_remove; - (*db)->hdb_firstkey = LDB_firstkey; - (*db)->hdb_nextkey = LDB_nextkey; - (*db)->hdb_lock = LDB_lock; - (*db)->hdb_unlock = LDB_unlock; - (*db)->hdb_rename = LDB_rename; - /* we don't implement these, as we are not a lockable database */ - (*db)->hdb__get = NULL; - (*db)->hdb__put = NULL; - /* kadmin should not be used for deletes - use other tools instead */ - (*db)->hdb__del = NULL; - (*db)->hdb_destroy = LDB_destroy; - - return NT_STATUS_OK; -} - -krb5_error_code hdb_ldb_create(krb5_context context, struct HDB **db, const char *arg) -{ - NTSTATUS nt_status; - /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ - nt_status = kdc_hdb_ldb_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx, - context, db, arg); - - if (NT_STATUS_IS_OK(nt_status)) { - return 0; - } - return EINVAL; -} diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c new file mode 100644 index 0000000000..d7317f17d4 --- /dev/null +++ b/source4/kdc/hdb-samba4.c @@ -0,0 +1,1550 @@ +/* + * Copyright (c) 1999-2001, 2003, PADL Software Pty Ltd. + * Copyright (c) 2004, Andrew Bartlett . + * Copyright (c) 2004, Stefan Metzmacher + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of PADL Software nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY PADL SOFTWARE AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL PADL SOFTWARE OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "includes.h" +#include "system/time.h" +#include "dsdb/common/flags.h" +#include "lib/ldb/include/ldb.h" +#include "lib/ldb/include/ldb_errors.h" +#include "librpc/gen_ndr/netlogon.h" +#include "auth/auth.h" +#include "auth/credentials/credentials.h" +#include "auth/auth_sam.h" +#include "util/util_ldb.h" +#include "dsdb/samdb/samdb.h" +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" +#include "librpc/gen_ndr/lsa.h" +#include "libcli/auth/libcli_auth.h" +#include "param/param.h" +#include "events/events.h" +#include "kdc/kdc.h" +#include "../lib/crypto/md4.h" + +enum hdb_ldb_ent_type +{ HDB_SAMBA4_ENT_TYPE_CLIENT, HDB_SAMBA4_ENT_TYPE_SERVER, + HDB_SAMBA4_ENT_TYPE_KRBTGT, HDB_SAMBA4_ENT_TYPE_TRUST, HDB_SAMBA4_ENT_TYPE_ANY }; + +enum trust_direction { + UNKNOWN = 0, + INBOUND = LSA_TRUST_DIRECTION_INBOUND, + OUTBOUND = LSA_TRUST_DIRECTION_OUTBOUND +}; + +static const char *realm_ref_attrs[] = { + "nCName", + "dnsRoot", + NULL +}; + +static const char *trust_attrs[] = { + "trustPartner", + "trustAuthIncoming", + "trustAuthOutgoing", + "whenCreated", + "msDS-SupportedEncryptionTypes", + "trustAttributes", + "trustDirection", + "trustType", + NULL +}; + +static KerberosTime ldb_msg_find_krb5time_ldap_time(struct ldb_message *msg, const char *attr, KerberosTime default_val) +{ + const char *tmp; + const char *gentime; + struct tm tm; + + gentime = ldb_msg_find_attr_as_string(msg, attr, NULL); + if (!gentime) + return default_val; + + tmp = strptime(gentime, "%Y%m%d%H%M%SZ", &tm); + if (tmp == NULL) { + return default_val; + } + + return timegm(&tm); +} + +static HDBFlags uf2HDBFlags(krb5_context context, int userAccountControl, enum hdb_ldb_ent_type ent_type) +{ + HDBFlags flags = int2HDBFlags(0); + + /* we don't allow kadmin deletes */ + flags.immutable = 1; + + /* mark the principal as invalid to start with */ + flags.invalid = 1; + + flags.renewable = 1; + + /* All accounts are servers, but this may be disabled again in the caller */ + flags.server = 1; + + /* Account types - clear the invalid bit if it turns out to be valid */ + if (userAccountControl & UF_NORMAL_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + + if (userAccountControl & UF_INTERDOMAIN_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + if (userAccountControl & UF_WORKSTATION_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + if (userAccountControl & UF_SERVER_TRUST_ACCOUNT) { + if (ent_type == HDB_SAMBA4_ENT_TYPE_CLIENT || ent_type == HDB_SAMBA4_ENT_TYPE_ANY) { + flags.client = 1; + } + flags.invalid = 0; + } + + /* Not permitted to act as a client if disabled */ + if (userAccountControl & UF_ACCOUNTDISABLE) { + flags.client = 0; + } + if (userAccountControl & UF_LOCKOUT) { + flags.invalid = 1; + } +/* + if (userAccountControl & UF_PASSWORD_NOTREQD) { + flags.invalid = 1; + } +*/ +/* + UF_PASSWORD_CANT_CHANGE and UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED are irrelevent +*/ + if (userAccountControl & UF_TEMP_DUPLICATE_ACCOUNT) { + flags.invalid = 1; + } + +/* UF_DONT_EXPIRE_PASSWD and UF_USE_DES_KEY_ONLY handled in LDB_message2entry() */ + +/* + if (userAccountControl & UF_MNS_LOGON_ACCOUNT) { + flags.invalid = 1; + } +*/ + if (userAccountControl & UF_SMARTCARD_REQUIRED) { + flags.require_hwauth = 1; + } + if (userAccountControl & UF_TRUSTED_FOR_DELEGATION) { + flags.ok_as_delegate = 1; + } + if (!(userAccountControl & UF_NOT_DELEGATED)) { + flags.forwardable = 1; + flags.proxiable = 1; + } + + if (userAccountControl & UF_DONT_REQUIRE_PREAUTH) { + flags.require_preauth = 0; + } else { + flags.require_preauth = 1; + + } + return flags; +} + +static int hdb_ldb_destructor(struct hdb_ldb_private *private) +{ + hdb_entry_ex *entry_ex = private->entry_ex; + free_hdb_entry(&entry_ex->entry); + return 0; +} + +static void hdb_ldb_free_entry(krb5_context context, hdb_entry_ex *entry_ex) +{ + talloc_free(entry_ex->ctx); +} + +static krb5_error_code LDB_message2entry_keys(krb5_context context, + struct smb_iconv_convenience *iconv_convenience, + TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + unsigned int userAccountControl, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret = 0; + enum ndr_err_code ndr_err; + struct samr_Password *hash; + const struct ldb_val *sc_val; + struct supplementalCredentialsBlob scb; + struct supplementalCredentialsPackage *scpk = NULL; + bool newer_keys = false; + struct package_PrimaryKerberosBlob _pkb; + struct package_PrimaryKerberosCtr3 *pkb3 = NULL; + struct package_PrimaryKerberosCtr4 *pkb4 = NULL; + uint32_t i; + uint32_t allocated_keys = 0; + + entry_ex->entry.keys.val = NULL; + entry_ex->entry.keys.len = 0; + + entry_ex->entry.kvno = ldb_msg_find_attr_as_int(msg, "msDS-KeyVersionNumber", 0); + + /* Get keys from the db */ + + hash = samdb_result_hash(mem_ctx, msg, "unicodePwd"); + sc_val = ldb_msg_find_ldb_val(msg, "supplementalCredentials"); + + /* unicodePwd for enctype 0x17 (23) if present */ + if (hash) { + allocated_keys++; + } + + /* supplementalCredentials if present */ + if (sc_val) { + ndr_err = ndr_pull_struct_blob_all(sc_val, mem_ctx, iconv_convenience, &scb, + (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + dump_data(0, sc_val->data, sc_val->length); + ret = EINVAL; + goto out; + } + + if (scb.sub.signature != SUPPLEMENTAL_CREDENTIALS_SIGNATURE) { + NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb); + ret = EINVAL; + goto out; + } + + for (i=0; i < scb.sub.num_packages; i++) { + if (strcmp("Primary:Kerberos-Newer-Keys", scb.sub.packages[i].name) == 0) { + scpk = &scb.sub.packages[i]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + continue; + } + newer_keys = true; + break; + } else if (strcmp("Primary:Kerberos", scb.sub.packages[i].name) == 0) { + scpk = &scb.sub.packages[i]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + } + /* + * we don't break here in hope to find + * a Kerberos-Newer-Keys package + */ + } + } + } + /* + * Primary:Kerberos-Newer-Keys or Primary:Kerberos element + * of supplementalCredentials + */ + if (scpk) { + DATA_BLOB blob; + + blob = strhex_to_data_blob(scpk->data); + if (!blob.data) { + ret = ENOMEM; + goto out; + } + talloc_steal(mem_ctx, blob.data); + + /* we cannot use ndr_pull_struct_blob_all() here, as w2k and w2k3 add padding bytes */ + ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, iconv_convenience, &_pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + krb5_set_error_string(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse package_PrimaryKerberosBlob"); + ret = EINVAL; + goto out; + } + + if (newer_keys && _pkb.version != 4) { + krb5_set_error_string(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); + krb5_warnx(context, "LDB_message2entry_keys: Primary:Kerberos-Newer-Keys not version 4"); + ret = EINVAL; + goto out; + } + + if (!newer_keys && _pkb.version != 3) { + krb5_set_error_string(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); + krb5_warnx(context, "LDB_message2entry_keys: could not parse Primary:Kerberos not version 3"); + ret = EINVAL; + goto out; + } + + if (_pkb.version == 4) { + pkb4 = &_pkb.ctr.ctr4; + allocated_keys += pkb4->num_keys; + } else if (_pkb.version == 3) { + pkb3 = &_pkb.ctr.ctr3; + allocated_keys += pkb3->num_keys; + } + } + + if (allocated_keys == 0) { + /* oh, no password. Apparently (comment in + * hdb-ldap.c) this violates the ASN.1, but this + * allows an entry with no keys (yet). */ + return 0; + } + + /* allocate space to decode into */ + entry_ex->entry.keys.len = 0; + entry_ex->entry.keys.val = calloc(allocated_keys, sizeof(Key)); + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; + goto out; + } + + if (hash && !(userAccountControl & UF_USE_DES_KEY_ONLY)) { + Key key; + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + ret = krb5_keyblock_init(context, + ENCTYPE_ARCFOUR_HMAC_MD5, + hash->hash, sizeof(hash->hash), + &key.key); + if (ret) { + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + + if (pkb4) { + for (i=0; i < pkb4->num_keys; i++) { + bool use = true; + Key key; + + if (!pkb4->keys[i].value) continue; + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (pkb4->keys[i].keytype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + break; + default: + use = false; + break; + } + } + + if (!use) continue; + + key.mkvno = 0; + key.salt = NULL; + + if (pkb4->salt.string) { + DATA_BLOB salt; + + salt = data_blob_string_const(pkb4->salt.string); + + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + ret = ENOMEM; + goto out; + } + + key.salt->type = hdb_pw_salt; + + ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); + if (ret) { + free(key.salt); + key.salt = NULL; + goto out; + } + } + + /* TODO: maybe pass the iteration_count somehow... */ + + ret = krb5_keyblock_init(context, + pkb4->keys[i].keytype, + pkb4->keys[i].value->data, + pkb4->keys[i].value->length, + &key.key); + if (ret) { + if (key.salt) { + free_Salt(key.salt); + free(key.salt); + key.salt = NULL; + } + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + } else if (pkb3) { + for (i=0; i < pkb3->num_keys; i++) { + bool use = true; + Key key; + + if (!pkb3->keys[i].value) continue; + + if (userAccountControl & UF_USE_DES_KEY_ONLY) { + switch (pkb3->keys[i].keytype) { + case ENCTYPE_DES_CBC_CRC: + case ENCTYPE_DES_CBC_MD5: + break; + default: + use = false; + break; + } + } + + if (!use) continue; + + key.mkvno = 0; + key.salt = NULL; + + if (pkb3->salt.string) { + DATA_BLOB salt; + + salt = data_blob_string_const(pkb3->salt.string); + + key.salt = calloc(1, sizeof(*key.salt)); + if (key.salt == NULL) { + ret = ENOMEM; + goto out; + } + + key.salt->type = hdb_pw_salt; + + ret = krb5_data_copy(&key.salt->salt, salt.data, salt.length); + if (ret) { + free(key.salt); + key.salt = NULL; + goto out; + } + } + + ret = krb5_keyblock_init(context, + pkb3->keys[i].keytype, + pkb3->keys[i].value->data, + pkb3->keys[i].value->length, + &key.key); + if (ret) { + if (key.salt) { + free_Salt(key.salt); + free(key.salt); + key.salt = NULL; + } + goto out; + } + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + } + +out: + if (ret != 0) { + entry_ex->entry.keys.len = 0; + } + if (entry_ex->entry.keys.len == 0 && entry_ex->entry.keys.val) { + free(entry_ex->entry.keys.val); + entry_ex->entry.keys.val = NULL; + } + return ret; +} + +/* + * Construct an hdb_entry from a directory entry. + */ +static krb5_error_code LDB_message2entry(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, krb5_const_principal principal, + enum hdb_ldb_ent_type ent_type, + struct ldb_message *msg, + struct ldb_message *realm_ref_msg, + hdb_entry_ex *entry_ex) +{ + unsigned int userAccountControl; + int i; + krb5_error_code ret = 0; + krb5_boolean is_computer = FALSE; + const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg, "dnsRoot", NULL); + char *realm = strupper_talloc(mem_ctx, dnsdomain); + struct loadparm_context *lp_ctx = ldb_get_opaque((struct ldb_context *)db->hdb_db, "loadparm"); + struct ldb_dn *domain_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, + mem_ctx, + realm_ref_msg, + "nCName", + ldb_dn_new(mem_ctx, (struct ldb_context *)db->hdb_db, NULL)); + + struct hdb_ldb_private *private; + NTTIME acct_expiry; + + struct ldb_message_element *objectclasses; + struct ldb_val computer_val; + computer_val.data = discard_const_p(uint8_t,"computer"); + computer_val.length = strlen((const char *)computer_val.data); + + objectclasses = ldb_msg_find_element(msg, "objectClass"); + + if (objectclasses && ldb_msg_find_val(objectclasses, &computer_val)) { + is_computer = TRUE; + } + + memset(entry_ex, 0, sizeof(*entry_ex)); + + if (!realm) { + krb5_set_error_string(context, "talloc_strdup: out of memory"); + ret = ENOMEM; + goto out; + } + + private = talloc(mem_ctx, struct hdb_ldb_private); + if (!private) { + ret = ENOMEM; + goto out; + } + + private->entry_ex = entry_ex; + private->iconv_convenience = lp_iconv_convenience(lp_ctx); + private->netbios_name = lp_netbios_name(lp_ctx); + + talloc_set_destructor(private, hdb_ldb_destructor); + + entry_ex->ctx = private; + entry_ex->free_entry = hdb_ldb_free_entry; + + userAccountControl = ldb_msg_find_attr_as_uint(msg, "userAccountControl", 0); + + + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); + if (ent_type == HDB_SAMBA4_ENT_TYPE_ANY && principal == NULL) { + const char *samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); + if (!samAccountName) { + krb5_set_error_string(context, "LDB_message2entry: no samAccountName present"); + ret = ENOENT; + goto out; + } + samAccountName = ldb_msg_find_attr_as_string(msg, "samAccountName", NULL); + krb5_make_principal(context, &entry_ex->entry.principal, realm, samAccountName, NULL); + } else { + char *strdup_realm; + ret = copy_Principal(principal, entry_ex->entry.principal); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + /* While we have copied the client principal, tests + * show that Win2k3 returns the 'corrected' realm, not + * the client-specified realm. This code attempts to + * replace the client principal's realm with the one + * we determine from our records */ + + /* this has to be with malloc() */ + strdup_realm = strdup(realm); + if (!strdup_realm) { + ret = ENOMEM; + krb5_clear_error_string(context); + goto out; + } + free(*krb5_princ_realm(context, entry_ex->entry.principal)); + krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); + } + + entry_ex->entry.flags = uf2HDBFlags(context, userAccountControl, ent_type); + + if (ent_type == HDB_SAMBA4_ENT_TYPE_KRBTGT) { + entry_ex->entry.flags.invalid = 0; + entry_ex->entry.flags.server = 1; + entry_ex->entry.flags.forwardable = 1; + entry_ex->entry.flags.ok_as_delegate = 1; + } + + if (lp_parm_bool(lp_ctx, NULL, "kdc", "require spn for service", true)) { + if (!is_computer && !ldb_msg_find_attr_as_string(msg, "servicePrincipalName", NULL)) { + entry_ex->entry.flags.server = 0; + } + } + + /* use 'whenCreated' */ + entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); + /* use '???' */ + entry_ex->entry.created_by.principal = NULL; + + entry_ex->entry.modified_by = (Event *) malloc(sizeof(Event)); + if (entry_ex->entry.modified_by == NULL) { + krb5_set_error_string(context, "malloc: out of memory"); + ret = ENOMEM; + goto out; + } + + /* use 'whenChanged' */ + entry_ex->entry.modified_by->time = ldb_msg_find_krb5time_ldap_time(msg, "whenChanged", 0); + /* use '???' */ + entry_ex->entry.modified_by->principal = NULL; + + entry_ex->entry.valid_start = NULL; + + acct_expiry = samdb_result_account_expires(msg); + if (acct_expiry == 0x7FFFFFFFFFFFFFFFULL) { + entry_ex->entry.valid_end = NULL; + } else { + entry_ex->entry.valid_end = malloc(sizeof(*entry_ex->entry.valid_end)); + if (entry_ex->entry.valid_end == NULL) { + ret = ENOMEM; + goto out; + } + *entry_ex->entry.valid_end = nt_time_to_unix(acct_expiry); + } + + if (ent_type != HDB_SAMBA4_ENT_TYPE_KRBTGT) { + NTTIME must_change_time + = samdb_result_force_password_change((struct ldb_context *)db->hdb_db, mem_ctx, + domain_dn, msg); + if (must_change_time == 0x7FFFFFFFFFFFFFFFULL) { + entry_ex->entry.pw_end = NULL; + } else { + entry_ex->entry.pw_end = malloc(sizeof(*entry_ex->entry.pw_end)); + if (entry_ex->entry.pw_end == NULL) { + ret = ENOMEM; + goto out; + } + *entry_ex->entry.pw_end = nt_time_to_unix(must_change_time); + } + } else { + entry_ex->entry.pw_end = NULL; + } + + entry_ex->entry.max_life = NULL; + + entry_ex->entry.max_renew = NULL; + + entry_ex->entry.generation = NULL; + + /* Get keys from the db */ + ret = LDB_message2entry_keys(context, private->iconv_convenience, private, msg, userAccountControl, entry_ex); + if (ret) { + /* Could be bougus data in the entry, or out of memory */ + goto out; + } + + entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); + if (entry_ex->entry.etypes == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + entry_ex->entry.etypes->len = entry_ex->entry.keys.len; + entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); + if (entry_ex->entry.etypes->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + for (i=0; i < entry_ex->entry.etypes->len; i++) { + entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; + } + + + private->msg = talloc_steal(private, msg); + private->realm_ref_msg = talloc_steal(private, realm_ref_msg); + private->samdb = (struct ldb_context *)db->hdb_db; + +out: + if (ret != 0) { + /* This doesn't free ent itself, that is for the eventual caller to do */ + hdb_free_entry(context, entry_ex); + } else { + talloc_steal(db, entry_ex->ctx); + } + + return ret; +} + +/* + * Construct an hdb_entry from a directory entry. + */ +static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, + struct loadparm_context *lp_ctx, + TALLOC_CTX *mem_ctx, krb5_const_principal principal, + enum trust_direction direction, + struct ldb_message *msg, + hdb_entry_ex *entry_ex) +{ + + const char *dnsdomain; + char *realm; + char *strdup_realm; + DATA_BLOB password_utf16; + struct samr_Password password_hash; + const struct ldb_val *password_val; + struct trustAuthInOutBlob password_blob; + struct hdb_ldb_private *private; + + enum ndr_err_code ndr_err; + int i, ret, trust_direction_flags; + + private = talloc(mem_ctx, struct hdb_ldb_private); + if (!private) { + ret = ENOMEM; + goto out; + } + + private->entry_ex = entry_ex; + private->iconv_convenience = lp_iconv_convenience(lp_ctx); + private->netbios_name = lp_netbios_name(lp_ctx); + + talloc_set_destructor(private, hdb_ldb_destructor); + + entry_ex->ctx = private; + entry_ex->free_entry = hdb_ldb_free_entry; + + /* use 'whenCreated' */ + entry_ex->entry.created_by.time = ldb_msg_find_krb5time_ldap_time(msg, "whenCreated", 0); + /* use '???' */ + entry_ex->entry.created_by.principal = NULL; + + entry_ex->entry.valid_start = NULL; + + trust_direction_flags = ldb_msg_find_attr_as_int(msg, "trustDirection", 0); + + if (direction == INBOUND) { + realm = strupper_talloc(mem_ctx, lp_realm(lp_ctx)); + password_val = ldb_msg_find_ldb_val(msg, "trustAuthIncoming"); + + } else { /* OUTBOUND */ + dnsdomain = ldb_msg_find_attr_as_string(msg, "trustPartner", NULL); + realm = strupper_talloc(mem_ctx, dnsdomain); + password_val = ldb_msg_find_ldb_val(msg, "trustAuthOutgoing"); + } + + if (!password_val || !(trust_direction_flags & direction)) { + ret = ENOENT; + goto out; + } + + ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, + (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + ret = EINVAL; + goto out; + } + + for (i=0; i < password_blob.count; i++) { + if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { + password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, + password_blob.current->array[i].AuthInfo.clear.size); + /* In the future, generate all sorts of + * hashes, but for now we can't safely convert + * the random strings windows uses into + * utf8 */ + + /* but as it is utf16 already, we can get the NT password/arcfour-hmac-md5 key */ + mdfour(password_hash.hash, password_utf16.data, password_utf16.length); + break; + } else if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { + password_hash = password_blob.current->array[i].AuthInfo.nt4owf.password; + break; + } + } + entry_ex->entry.keys.len = 0; + entry_ex->entry.keys.val = NULL; + + if (i < password_blob.count) { + Key key; + /* Must have found a cleartext or MD4 password */ + entry_ex->entry.keys.val = calloc(1, sizeof(Key)); + + key.mkvno = 0; + key.salt = NULL; /* No salt for this enc type */ + + if (entry_ex->entry.keys.val == NULL) { + ret = ENOMEM; + goto out; + } + + ret = krb5_keyblock_init(context, + ENCTYPE_ARCFOUR_HMAC_MD5, + password_hash.hash, sizeof(password_hash.hash), + &key.key); + + entry_ex->entry.keys.val[entry_ex->entry.keys.len] = key; + entry_ex->entry.keys.len++; + } + + ret = copy_Principal(principal, entry_ex->entry.principal); + if (ret) { + krb5_clear_error_string(context); + goto out; + } + + /* While we have copied the client principal, tests + * show that Win2k3 returns the 'corrected' realm, not + * the client-specified realm. This code attempts to + * replace the client principal's realm with the one + * we determine from our records */ + + /* this has to be with malloc() */ + strdup_realm = strdup(realm); + if (!strdup_realm) { + ret = ENOMEM; + krb5_clear_error_string(context); + goto out; + } + free(*krb5_princ_realm(context, entry_ex->entry.principal)); + krb5_princ_set_realm(context, entry_ex->entry.principal, &strdup_realm); + + entry_ex->entry.flags = int2HDBFlags(0); + entry_ex->entry.flags.immutable = 1; + entry_ex->entry.flags.invalid = 0; + entry_ex->entry.flags.server = 1; + entry_ex->entry.flags.require_preauth = 1; + + entry_ex->entry.pw_end = NULL; + + entry_ex->entry.max_life = NULL; + + entry_ex->entry.max_renew = NULL; + + entry_ex->entry.generation = NULL; + + entry_ex->entry.etypes = malloc(sizeof(*(entry_ex->entry.etypes))); + if (entry_ex->entry.etypes == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + entry_ex->entry.etypes->len = entry_ex->entry.keys.len; + entry_ex->entry.etypes->val = calloc(entry_ex->entry.etypes->len, sizeof(int)); + if (entry_ex->entry.etypes->val == NULL) { + krb5_clear_error_string(context); + ret = ENOMEM; + goto out; + } + for (i=0; i < entry_ex->entry.etypes->len; i++) { + entry_ex->entry.etypes->val[i] = entry_ex->entry.keys.val[i].key.keytype; + } + + + private->msg = talloc_steal(private, msg); + private->realm_ref_msg = NULL; + private->samdb = (struct ldb_context *)db->hdb_db; + +out: + if (ret != 0) { + /* This doesn't free ent itself, that is for the eventual caller to do */ + hdb_free_entry(context, entry_ex); + } else { + talloc_steal(db, entry_ex->ctx); + } + + return ret; + +} + +static krb5_error_code LDB_lookup_principal(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + enum hdb_ldb_ent_type ent_type, + struct ldb_dn *realm_dn, + struct ldb_message ***pmsg) +{ + krb5_error_code ret; + int lret; + char *filter = NULL; + const char * const *princ_attrs = user_attrs; + + char *short_princ; + char *short_princ_talloc; + + struct ldb_result *res = NULL; + + ret = krb5_unparse_name_flags(context, principal, KRB5_PRINCIPAL_UNPARSE_NO_REALM, &short_princ); + + if (ret != 0) { + krb5_set_error_string(context, "LDB_lookup_principal: could not parse principal"); + krb5_warnx(context, "LDB_lookup_principal: could not parse principal"); + return ret; + } + + short_princ_talloc = talloc_strdup(mem_ctx, short_princ); + free(short_princ); + if (!short_princ_talloc) { + krb5_set_error_string(context, "LDB_lookup_principal: talloc_strdup() failed!"); + return ENOMEM; + } + + switch (ent_type) { + case HDB_SAMBA4_ENT_TYPE_CLIENT: + case HDB_SAMBA4_ENT_TYPE_TRUST: + case HDB_SAMBA4_ENT_TYPE_ANY: + /* Can't happen */ + return EINVAL; + case HDB_SAMBA4_ENT_TYPE_KRBTGT: + filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", + KRB5_TGS_NAME); + break; + case HDB_SAMBA4_ENT_TYPE_SERVER: + filter = talloc_asprintf(mem_ctx, "(&(objectClass=user)(samAccountName=%s))", + short_princ_talloc); + break; + } + + if (!filter) { + krb5_set_error_string(context, "talloc_asprintf: out of memory"); + return ENOMEM; + } + + lret = ldb_search(ldb_ctx, mem_ctx, &res, realm_dn, + LDB_SCOPE_SUBTREE, princ_attrs, "%s", filter); + if (lret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); + return HDB_ERR_NOENTRY; + } else if (res->count == 0 || res->count > 1) { + DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); + talloc_free(res); + return HDB_ERR_NOENTRY; + } + talloc_steal(mem_ctx, res->msgs); + *pmsg = res->msgs; + talloc_free(res); + return 0; +} + +static krb5_error_code LDB_lookup_trust(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + const char *realm, + struct ldb_dn *realm_dn, + struct ldb_message ***pmsg) +{ + int lret; + char *filter = NULL; + const char * const *attrs = trust_attrs; + + struct ldb_result *res = NULL; + filter = talloc_asprintf(mem_ctx, "(&(objectClass=trustedDomain)(|(flatname=%s)(trustPartner=%s)))", realm, realm); + + if (!filter) { + krb5_set_error_string(context, "talloc_asprintf: out of memory"); + return ENOMEM; + } + + lret = ldb_search(ldb_ctx, mem_ctx, &res, + ldb_get_default_basedn(ldb_ctx), + LDB_SCOPE_SUBTREE, attrs, "%s", filter); + if (lret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search for %s: %s\n", filter, ldb_errstring(ldb_ctx))); + return HDB_ERR_NOENTRY; + } else if (res->count == 0 || res->count > 1) { + DEBUG(3, ("Failed find a single entry for %s: got %d\n", filter, res->count)); + talloc_free(res); + return HDB_ERR_NOENTRY; + } + talloc_steal(mem_ctx, res->msgs); + *pmsg = res->msgs; + talloc_free(res); + return 0; +} + +static krb5_error_code LDB_lookup_realm(krb5_context context, struct ldb_context *ldb_ctx, + TALLOC_CTX *mem_ctx, + const char *realm, + struct ldb_message ***pmsg) +{ + int ret; + struct ldb_result *cross_ref_res; + struct ldb_dn *partitions_basedn = samdb_partitions_dn(ldb_ctx, mem_ctx); + + ret = ldb_search(ldb_ctx, mem_ctx, &cross_ref_res, + partitions_basedn, LDB_SCOPE_SUBTREE, realm_ref_attrs, + "(&(&(|(&(dnsRoot=%s)(nETBIOSName=*))(nETBIOSName=%s))(objectclass=crossRef))(ncName=*))", + realm, realm); + + if (ret != LDB_SUCCESS) { + DEBUG(3, ("Failed to search to lookup realm(%s): %s\n", realm, ldb_errstring(ldb_ctx))); + talloc_free(cross_ref_res); + return HDB_ERR_NOENTRY; + } else if (cross_ref_res->count == 0 || cross_ref_res->count > 1) { + DEBUG(3, ("Failed find a single entry for realm %s: got %d\n", realm, cross_ref_res->count)); + talloc_free(cross_ref_res); + return HDB_ERR_NOENTRY; + } + + if (pmsg) { + *pmsg = cross_ref_res->msgs; + talloc_steal(mem_ctx, cross_ref_res->msgs); + } + talloc_free(cross_ref_res); + + return 0; +} + + +static krb5_error_code LDB_open(krb5_context context, HDB *db, int flags, mode_t mode) +{ + if (db->hdb_master_key_set) { + krb5_warnx(context, "LDB_open: use of a master key incompatible with LDB\n"); + krb5_set_error_string(context, "LDB_open: use of a master key incompatible with LDB\n"); + return HDB_ERR_NOENTRY; + } + + return 0; +} + +static krb5_error_code LDB_close(krb5_context context, HDB *db) +{ + return 0; +} + +static krb5_error_code LDB_lock(krb5_context context, HDB *db, int operation) +{ + return 0; +} + +static krb5_error_code LDB_unlock(krb5_context context, HDB *db) +{ + return 0; +} + +static krb5_error_code LDB_rename(krb5_context context, HDB *db, const char *new_name) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code LDB_fetch_client(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) { + NTSTATUS nt_status; + char *principal_string; + krb5_error_code ret; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg = NULL; + + ret = krb5_unparse_name(context, principal, &principal_string); + + if (ret != 0) { + return ret; + } + + nt_status = sam_get_results_principal((struct ldb_context *)db->hdb_db, + mem_ctx, principal_string, + &msg, &realm_ref_msg); + free(principal_string); + if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { + return HDB_ERR_NOENTRY; + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_MEMORY)) { + return ENOMEM; + } else if (!NT_STATUS_IS_OK(nt_status)) { + return EINVAL; + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_CLIENT, + msg[0], realm_ref_msg[0], entry_ex); + return ret; +} + +static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg_1 = NULL; + struct ldb_message **realm_ref_msg_2 = NULL; + struct ldb_dn *realm_dn; + const char *realm; + + krb5_principal alloc_principal = NULL; + if (principal->name.name_string.len != 2 + || (strcmp(principal->name.name_string.val[0], KRB5_TGS_NAME) != 0)) { + /* Not a krbtgt */ + return HDB_ERR_NOENTRY; + } + + /* krbtgt case. Either us or a trusted realm */ + + if ((LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, principal->realm, &realm_ref_msg_1) == 0) + && (LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, principal->name.name_string.val[1], &realm_ref_msg_2) == 0) + && (ldb_dn_compare(realm_ref_msg_1[0]->dn, realm_ref_msg_1[0]->dn) == 0)) { + /* us */ + /* Cludge, cludge cludge. If the realm part of krbtgt/realm, + * is in our db, then direct the caller at our primary + * krbtgt */ + + const char *dnsdomain = ldb_msg_find_attr_as_string(realm_ref_msg_1[0], "dnsRoot", NULL); + char *realm_fixed = strupper_talloc(mem_ctx, dnsdomain); + if (!realm_fixed) { + krb5_set_error_string(context, "strupper_talloc: out of memory"); + return ENOMEM; + } + + ret = krb5_copy_principal(context, principal, &alloc_principal); + if (ret) { + return ret; + } + + free(alloc_principal->name.name_string.val[1]); + alloc_principal->name.name_string.val[1] = strdup(realm_fixed); + talloc_free(realm_fixed); + if (!alloc_principal->name.name_string.val[1]) { + krb5_set_error_string(context, "LDB_fetch: strdup() failed!"); + return ENOMEM; + } + principal = alloc_principal; + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg_1[0], "nCName", NULL); + + ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, realm_dn, &msg); + + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + return ret; + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, + msg[0], realm_ref_msg_1[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + return ret; + + } else { + enum trust_direction direction = UNKNOWN; + + struct loadparm_context *lp_ctx = talloc_get_type(ldb_get_opaque(db->hdb_db, "loadparm"), struct loadparm_context); + /* Either an inbound or outbound trust */ + + if (strcasecmp(lp_realm(lp_ctx), principal->realm) == 0) { + /* look for inbound trust */ + direction = INBOUND; + realm = principal->name.name_string.val[1]; + } + + if (strcasecmp(lp_realm(lp_ctx), principal->name.name_string.val[1]) == 0) { + /* look for outbound trust */ + direction = OUTBOUND; + realm = principal->realm; + } + + /* Trusted domains are under CN=system */ + + ret = LDB_lookup_trust(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + realm, realm_dn, &msg); + + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: could not find principal in DB"); + krb5_set_error_string(context, "LDB_fetch: could not find principal in DB"); + return ret; + } + + ret = LDB_trust_message2entry(context, db, lp_ctx, mem_ctx, + principal, direction, + msg[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + return ret; + + + /* we should lookup trusted domains */ + return HDB_ERR_NOENTRY; + } + +} + +static krb5_error_code LDB_fetch_server(krb5_context context, HDB *db, + TALLOC_CTX *mem_ctx, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret; + const char *realm; + struct ldb_message **msg = NULL; + struct ldb_message **realm_ref_msg = NULL; + struct ldb_dn *partitions_basedn = samdb_partitions_dn(db->hdb_db, mem_ctx); + if (principal->name.name_string.len >= 2) { + /* 'normal server' case */ + int ldb_ret; + NTSTATUS nt_status; + struct ldb_dn *user_dn, *domain_dn; + char *principal_string; + + ret = krb5_unparse_name_flags(context, principal, + KRB5_PRINCIPAL_UNPARSE_NO_REALM, + &principal_string); + if (ret != 0) { + return ret; + } + + /* At this point we may find the host is known to be + * in a different realm, so we should generate a + * referral instead */ + nt_status = crack_service_principal_name((struct ldb_context *)db->hdb_db, + mem_ctx, principal_string, + &user_dn, &domain_dn); + free(principal_string); + + if (!NT_STATUS_IS_OK(nt_status)) { + return HDB_ERR_NOENTRY; + } + + ldb_ret = gendb_search_dn((struct ldb_context *)db->hdb_db, + mem_ctx, user_dn, &msg, user_attrs); + + if (ldb_ret != 1) { + return HDB_ERR_NOENTRY; + } + + ldb_ret = gendb_search((struct ldb_context *)db->hdb_db, + mem_ctx, partitions_basedn, &realm_ref_msg, realm_ref_attrs, + "ncName=%s", ldb_dn_get_linearized(domain_dn)); + + if (ldb_ret != 1) { + return HDB_ERR_NOENTRY; + } + + } else { + struct ldb_dn *realm_dn; + /* server as client principal case, but we must not lookup userPrincipalNames */ + + realm = krb5_principal_get_realm(context, principal); + + ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, realm, &realm_ref_msg); + if (ret != 0) { + return HDB_ERR_NOENTRY; + } + + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msg[0], "nCName", NULL); + + ret = LDB_lookup_principal(context, (struct ldb_context *)db->hdb_db, + mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_SERVER, realm_dn, &msg); + + if (ret != 0) { + return ret; + } + } + + ret = LDB_message2entry(context, db, mem_ctx, + principal, HDB_SAMBA4_ENT_TYPE_SERVER, + msg[0], realm_ref_msg[0], entry_ex); + if (ret != 0) { + krb5_warnx(context, "LDB_fetch: message2entry failed"); + } + + return ret; +} + +static krb5_error_code LDB_fetch(krb5_context context, HDB *db, + krb5_const_principal principal, + unsigned flags, + hdb_entry_ex *entry_ex) +{ + krb5_error_code ret = HDB_ERR_NOENTRY; + + TALLOC_CTX *mem_ctx = talloc_named(db, 0, "LDB_fetch context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_fetch: talloc_named() failed!"); + return ENOMEM; + } + + if (flags & HDB_F_GET_CLIENT) { + ret = LDB_fetch_client(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + if (flags & HDB_F_GET_SERVER) { + /* krbtgt fits into this situation for trusted realms, and for resolving different versions of our own realm name */ + ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + + /* We return 'no entry' if it does not start with krbtgt/, so move to the common case quickly */ + ret = LDB_fetch_server(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + if (flags & HDB_F_GET_KRBTGT) { + ret = LDB_fetch_krbtgt(context, db, mem_ctx, principal, flags, entry_ex); + if (ret != HDB_ERR_NOENTRY) goto done; + } + +done: + talloc_free(mem_ctx); + return ret; +} + +static krb5_error_code LDB_store(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + return HDB_ERR_DB_INUSE; +} + +static krb5_error_code LDB_remove(krb5_context context, HDB *db, krb5_const_principal principal) +{ + return HDB_ERR_DB_INUSE; +} + +struct hdb_ldb_seq { + struct ldb_context *ctx; + int index; + int count; + struct ldb_message **msgs; + struct ldb_message **realm_ref_msgs; +}; + +static krb5_error_code LDB_seq(krb5_context context, HDB *db, unsigned flags, hdb_entry_ex *entry) +{ + krb5_error_code ret; + struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; + TALLOC_CTX *mem_ctx; + hdb_entry_ex entry_ex; + memset(&entry_ex, '\0', sizeof(entry_ex)); + + if (!priv) { + return HDB_ERR_NOENTRY; + } + + mem_ctx = talloc_named(priv, 0, "LDB_seq context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_seq: talloc_named() failed!"); + return ENOMEM; + } + + if (priv->index < priv->count) { + ret = LDB_message2entry(context, db, mem_ctx, + NULL, HDB_SAMBA4_ENT_TYPE_ANY, + priv->msgs[priv->index++], + priv->realm_ref_msgs[0], entry); + } else { + ret = HDB_ERR_NOENTRY; + } + + if (ret != 0) { + talloc_free(priv); + db->hdb_dbc = NULL; + } else { + talloc_free(mem_ctx); + } + + return ret; +} + +static krb5_error_code LDB_firstkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + struct ldb_context *ldb_ctx = (struct ldb_context *)db->hdb_db; + struct hdb_ldb_seq *priv = (struct hdb_ldb_seq *)db->hdb_dbc; + char *realm; + struct ldb_dn *realm_dn = NULL; + struct ldb_result *res = NULL; + struct ldb_message **realm_ref_msgs = NULL; + krb5_error_code ret; + TALLOC_CTX *mem_ctx; + int lret; + + if (priv) { + talloc_free(priv); + db->hdb_dbc = NULL; + } + + priv = (struct hdb_ldb_seq *) talloc(db, struct hdb_ldb_seq); + if (!priv) { + krb5_set_error_string(context, "talloc: out of memory"); + return ENOMEM; + } + + priv->ctx = ldb_ctx; + priv->index = 0; + priv->msgs = NULL; + priv->realm_ref_msgs = NULL; + priv->count = 0; + + mem_ctx = talloc_named(priv, 0, "LDB_firstkey context"); + + if (!mem_ctx) { + krb5_set_error_string(context, "LDB_firstkey: talloc_named() failed!"); + return ENOMEM; + } + + ret = krb5_get_default_realm(context, &realm); + if (ret != 0) { + talloc_free(priv); + return ret; + } + + ret = LDB_lookup_realm(context, (struct ldb_context *)db->hdb_db, + mem_ctx, realm, &realm_ref_msgs); + + free(realm); + + if (ret != 0) { + talloc_free(priv); + krb5_warnx(context, "LDB_firstkey: could not find realm\n"); + return HDB_ERR_NOENTRY; + } + + realm_dn = samdb_result_dn((struct ldb_context *)db->hdb_db, mem_ctx, realm_ref_msgs[0], "nCName", NULL); + + priv->realm_ref_msgs = talloc_steal(priv, realm_ref_msgs); + + lret = ldb_search(ldb_ctx, priv, &res, + realm_dn, LDB_SCOPE_SUBTREE, user_attrs, + "(objectClass=user)"); + + if (lret != LDB_SUCCESS) { + talloc_free(priv); + return HDB_ERR_NOENTRY; + } + + priv->count = res->count; + priv->msgs = talloc_steal(priv, res->msgs); + talloc_free(res); + + db->hdb_dbc = priv; + + ret = LDB_seq(context, db, flags, entry); + + if (ret != 0) { + talloc_free(priv); + db->hdb_dbc = NULL; + } else { + talloc_free(mem_ctx); + } + return ret; +} + +static krb5_error_code LDB_nextkey(krb5_context context, HDB *db, unsigned flags, + hdb_entry_ex *entry) +{ + return LDB_seq(context, db, flags, entry); +} + +static krb5_error_code LDB_destroy(krb5_context context, HDB *db) +{ + talloc_free(db); + return 0; +} + +/* This interface is to be called by the KDC, which is expecting Samba + * calling conventions. It is also called by a wrapper + * (hdb_ldb_create) from the kpasswdd -> krb5 -> keytab_hdb -> hdb + * code */ + +NTSTATUS kdc_hdb_samba4_create(TALLOC_CTX *mem_ctx, + struct event_context *ev_ctx, + struct loadparm_context *lp_ctx, + krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + struct auth_session_info *session_info; + *db = talloc(mem_ctx, HDB); + if (!*db) { + krb5_set_error_string(context, "malloc: out of memory"); + return NT_STATUS_NO_MEMORY; + } + + (*db)->hdb_master_key_set = 0; + (*db)->hdb_db = NULL; + + nt_status = auth_system_session_info(*db, lp_ctx, &session_info); + if (!NT_STATUS_IS_OK(nt_status)) { + return nt_status; + } + + /* The idea here is very simple. Using Kerberos to + * authenticate the KDC to the LDAP server is higly likely to + * be circular. + * + * In future we may set this up to use EXERNAL and SSL + * certificates, for now it will almost certainly be NTLMSSP + */ + + cli_credentials_set_kerberos_state(session_info->credentials, + CRED_DONT_USE_KERBEROS); + + /* Setup the link to LDB */ + (*db)->hdb_db = samdb_connect(*db, ev_ctx, lp_ctx, session_info); + if ((*db)->hdb_db == NULL) { + DEBUG(1, ("hdb_ldb_create: Cannot open samdb for KDC backend!")); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + (*db)->hdb_dbc = NULL; + (*db)->hdb_open = LDB_open; + (*db)->hdb_close = LDB_close; + (*db)->hdb_fetch = LDB_fetch; + (*db)->hdb_store = LDB_store; + (*db)->hdb_remove = LDB_remove; + (*db)->hdb_firstkey = LDB_firstkey; + (*db)->hdb_nextkey = LDB_nextkey; + (*db)->hdb_lock = LDB_lock; + (*db)->hdb_unlock = LDB_unlock; + (*db)->hdb_rename = LDB_rename; + /* we don't implement these, as we are not a lockable database */ + (*db)->hdb__get = NULL; + (*db)->hdb__put = NULL; + /* kadmin should not be used for deletes - use other tools instead */ + (*db)->hdb__del = NULL; + (*db)->hdb_destroy = LDB_destroy; + + return NT_STATUS_OK; +} + +krb5_error_code hdb_samba4_create(krb5_context context, struct HDB **db, const char *arg) +{ + NTSTATUS nt_status; + /* The global kdc_mem_ctx and kdc_lp_ctx, Disgusting, ugly hack, but it means one less private hook */ + nt_status = kdc_hdb_samba4_create(kdc_mem_ctx, event_context_find(kdc_mem_ctx), kdc_lp_ctx, + context, db, arg); + + if (NT_STATUS_IS_OK(nt_status)) { + return 0; + } + return EINVAL; +} diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c index 030eb23c10..83c6f1c2ee 100644 --- a/source4/kdc/kdc.c +++ b/source4/kdc/kdc.c @@ -667,6 +667,11 @@ static void kdc_task_init(struct task_server *task) NTSTATUS status; krb5_error_code ret; struct interface *ifaces; + struct hdb_method hdb_samba4 = { + .interface_version = HDB_INTERFACE_VERSION, + .prefix = "samba4:", + .create = hdb_samba4_create + }; switch (lp_server_role(task->lp_ctx)) { case ROLE_STANDALONE: @@ -724,7 +729,7 @@ static void kdc_task_init(struct task_server *task) } kdc->config->num_db = 1; - status = kdc_hdb_ldb_create(kdc, task->event_ctx, task->lp_ctx, + status = kdc_hdb_samba4_create(kdc, task->event_ctx, task->lp_ctx, kdc->smb_krb5_context->krb5_context, &kdc->config->db[0], NULL); if (!NT_STATUS_IS_OK(status)) { @@ -732,6 +737,16 @@ static void kdc_task_init(struct task_server *task) return; } + + /* Register hdb-samba4 hooks */ + ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context, + PLUGIN_TYPE_DATA, "hdb", + &hdb_samba4); + if(ret) { + task_server_terminate(task, "kdc: failed to register hdb keytab"); + return; + } + ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops); if(ret) { task_server_terminate(task, "kdc: failed to register hdb keytab"); -- cgit From 15b686198120cca0aaa305edc0a5e3242b4fa869 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Sep 2008 12:53:40 -0700 Subject: Use the new 'samba4' name for our internal hdb plugin. --- source4/setup/secrets_dc.ldif | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/setup/secrets_dc.ldif b/source4/setup/secrets_dc.ldif index abc5860cf7..8ae5578e6b 100644 --- a/source4/setup/secrets_dc.ldif +++ b/source4/setup/secrets_dc.ldif @@ -22,7 +22,7 @@ realm: ${REALM} sAMAccountName: krbtgt objectSid: ${DOMAINSID} servicePrincipalName: kadmin/changepw -krb5Keytab: HDB:ldb:${SAM_LDB}: +krb5Keytab: HDB:samba4:${SAM_LDB}: #The trailing : here is a HACK, but it matches the Heimdal format. # A hook from our credentials system into HDB, as we must be on a KDC, -- cgit From 64195b72be6c251412500984c2a5c103e376d3c6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Sep 2008 21:36:21 -0700 Subject: Fix parsing of the trust passwords in LSA CreateTrustedDomainEx* --- source4/libcli/config.mk | 8 -- source4/libcli/drsblobs.c | 179 ------------------------------ source4/librpc/config.mk | 4 +- source4/librpc/idl/drsblobs.idl | 25 +++-- source4/librpc/ndr/ndr_drsblobs.c | 213 ++++++++++++++++++++++++++++++++++++ source4/rpc_server/lsa/dcesrv_lsa.c | 8 +- source4/torture/rpc/lsa.c | 6 +- 7 files changed, 239 insertions(+), 204 deletions(-) delete mode 100644 source4/libcli/drsblobs.c create mode 100644 source4/librpc/ndr/ndr_drsblobs.c diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 2f81d7cff0..d68a2a2ce3 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -67,14 +67,6 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ netlogon.o) -[SUBSYSTEM::LIBCLI_DRSBLOBS] -PUBLIC_DEPENDENCIES = LIBNDR - -LIBCLI_DRSBLOBS_OBJ_FILES = $(addprefix $(libclisrcdir)/, \ - drsblobs.o) - -$(eval $(call proto_header_template,$(libclisrcdir)/drsblobs_proto.h,$(LIBCLI_DRSBLOBS_OBJ_FILES:.o=.c))) - [PYTHON::python_netbios] LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG diff --git a/source4/libcli/drsblobs.c b/source4/libcli/drsblobs.c deleted file mode 100644 index 126f2ccc40..0000000000 --- a/source4/libcli/drsblobs.c +++ /dev/null @@ -1,179 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Manually parsed structures found in the DRS protocol - - Copyright (C) Andrew Bartlett 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "libcli/drsblobs.h" - -/* parser auto-generated by pidl, then hand-modified by abartlet */ - -/* Modified to have 'count' specified */ -static enum ndr_err_code ndr_push_AuthenticationInformationArray_with_count(struct ndr_push *ndr, int ndr_flags, int count, - const struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); - } - } - if (ndr_flags & NDR_BUFFERS) { - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); - } - } - return NDR_ERR_SUCCESS; -} - -/* Modified to have 'count' specified, and to allocate the array */ -static enum ndr_err_code ndr_pull_AuthenticationInformationArray_with_count(struct ndr_pull *ndr, int ndr_flags, int count, struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - TALLOC_CTX *_mem_save_array_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_PULL_ALLOC_N(ndr, r->array, count); - _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); - } - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); - } - if (ndr_flags & NDR_BUFFERS) { - for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { - NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); - } - } - return NDR_ERR_SUCCESS; -} - -/* Modified to have 'count' specified */ -_PUBLIC_ void ndr_print_AuthenticationInformationArray_with_count(struct ndr_print *ndr, const char *name, int count, const struct AuthenticationInformationArray *r) -{ - uint32_t cntr_array_0; - ndr_print_struct(ndr, name, "AuthenticationInformationArray"); - ndr->depth++; - ndr->print(ndr, "%s: ARRAY(%d)", "array", (int)1); - ndr->depth++; - for (cntr_array_0=0;cntr_array_0array[cntr_array_0]); - free(idx_0); - } - } - ndr->depth--; - ndr->depth--; -} - -/* Modified to call AuthenticationInformationArray with 'count' specified */ -_PUBLIC_ enum ndr_err_code ndr_push_trustAuthInOutBlob(struct ndr_push *ndr, int ndr_flags, const struct trustAuthInOutBlob *r) -{ - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); - NDR_CHECK(ndr_push_relative_ptr1(ndr, r->current)); - NDR_CHECK(ndr_push_relative_ptr1(ndr, r->previous)); - } - if (ndr_flags & NDR_BUFFERS) { - if (r->current) { - NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current)); - NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); - } - if (r->previous) { - NDR_CHECK(ndr_push_relative_ptr2(ndr, r->previous)); - NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); - } - } - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r) -{ - uint32_t _ptr_current; - TALLOC_CTX *_mem_save_current_0; - uint32_t _ptr_previous; - TALLOC_CTX *_mem_save_previous_0; - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); - if (_ptr_current) { - NDR_PULL_ALLOC(ndr, r->current); - NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->current, _ptr_current)); - } else { - r->current = NULL; - } - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_previous)); - if (_ptr_previous) { - NDR_PULL_ALLOC(ndr, r->previous); - NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->previous, _ptr_previous)); - } else { - r->previous = NULL; - } - } - if (ndr_flags & NDR_BUFFERS) { - if (r->current) { - uint32_t _relative_save_offset; - _relative_save_offset = ndr->offset; - NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current)); - _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); - NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0); - ndr->offset = _relative_save_offset; - } - if (r->previous) { - uint32_t _relative_save_offset; - _relative_save_offset = ndr->offset; - NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->previous)); - _mem_save_previous_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->previous, 0); - NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_previous_0, 0); - ndr->offset = _relative_save_offset; - } - } - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *name, const struct trustAuthInOutBlob *r) -{ - ndr_print_struct(ndr, name, "trustAuthInOutBlob"); - ndr->depth++; - ndr_print_uint32(ndr, "count", r->count); - ndr_print_ptr(ndr, "current", r->current); - ndr->depth++; - if (r->current) { - ndr_print_AuthenticationInformationArray_with_count(ndr, "current", r->count, r->current); - } - ndr->depth--; - ndr_print_ptr(ndr, "previous", r->previous); - ndr->depth++; - if (r->previous) { - ndr_print_AuthenticationInformationArray_with_count(ndr, "previous", r->count, r->previous); - } - ndr->depth--; - ndr->depth--; -} - - diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index cf41f9884a..41dd17e428 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -144,9 +144,9 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o $(ndrsrcdir)/ndr_drsuapi.o [SUBSYSTEM::NDR_DRSBLOBS] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI LIBCLI_DRSBLOBS +PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI -NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o +NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o $(ndrsrcdir)/ndr_drsblobs.o [SUBSYSTEM::NDR_SASL_HELPERS] PUBLIC_DEPENDENCIES = LIBNDR diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index 6b1f649ff5..31fe8a359e 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -415,18 +415,27 @@ interface drsblobs { [relative] AuthenticationInformationArray *previous; } trustAuthInOutBlob; - typedef [public] struct { - uint8 confounder[512]; - trustAuthInOutBlob outgoing; - trustAuthInOutBlob incoming; - [value(ndr_size_trustAuthInOutBlob(&outgoing, ndr->flags))] uint32 outgoing_size; - [value(ndr_size_trustAuthInOutBlob(&incoming, ndr->flags))] uint32 incoming_size; - } trustAuthInAndOutBlob; - + typedef [public,gensize] struct { + uint32 count; + [relative] AuthenticationInformation *current[count]; + } trustCurrentPasswords; + void decode_trustAuthInOut( [in] trustAuthInOutBlob blob ); + typedef [public,nopull] struct { + uint8 confounder[512]; + [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing; + [subcontext(0),subcontext_size(incoming_size)] trustCurrentPasswords incoming; + [value(ndr_size_trustCurrentPasswords(&outgoing, ndr->flags))] uint32 outgoing_size; + [value(ndr_size_trustCurrentPasswords(&incoming, ndr->flags))] uint32 incoming_size; + } trustDomainPasswords; + + void decode_trustDomainPasswords( + [in] trustDomainPasswords blob + ); + typedef [public] struct { uint32 marker; DATA_BLOB data; diff --git a/source4/librpc/ndr/ndr_drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c new file mode 100644 index 0000000000..47a6bb60c9 --- /dev/null +++ b/source4/librpc/ndr/ndr_drsblobs.c @@ -0,0 +1,213 @@ +/* + Unix SMB/CIFS implementation. + + Manually parsed structures found in the DRS protocol + + Copyright (C) Andrew Bartlett 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libcli/drsblobs.h" + +/* parser auto-generated by pidl, then hand-modified by abartlet */ + +/* Modified to have 'count' specified */ +static enum ndr_err_code ndr_push_AuthenticationInformationArray_with_count(struct ndr_push *ndr, int ndr_flags, int count, + const struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); + } + } + if (ndr_flags & NDR_BUFFERS) { + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_push_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); + } + } + return NDR_ERR_SUCCESS; +} + +/* Modified to have 'count' specified, and to allocate the array */ +static enum ndr_err_code ndr_pull_AuthenticationInformationArray_with_count(struct ndr_pull *ndr, int ndr_flags, int count, struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + TALLOC_CTX *_mem_save_array_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_PULL_ALLOC_N(ndr, r->array, count); + _mem_save_array_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->array, 0); + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_SCALARS, &r->array[cntr_array_0])); + } + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_array_0, 0); + } + if (ndr_flags & NDR_BUFFERS) { + for (cntr_array_0 = 0; cntr_array_0 < count; cntr_array_0++) { + NDR_CHECK(ndr_pull_AuthenticationInformation(ndr, NDR_BUFFERS, &r->array[cntr_array_0])); + } + } + return NDR_ERR_SUCCESS; +} + +/* Modified to have 'count' specified */ +_PUBLIC_ void ndr_print_AuthenticationInformationArray_with_count(struct ndr_print *ndr, const char *name, int count, const struct AuthenticationInformationArray *r) +{ + uint32_t cntr_array_0; + ndr_print_struct(ndr, name, "AuthenticationInformationArray"); + ndr->depth++; + ndr->print(ndr, "%s: ARRAY(%d)", "array", (int)1); + ndr->depth++; + for (cntr_array_0=0;cntr_array_0array[cntr_array_0]); + free(idx_0); + } + } + ndr->depth--; + ndr->depth--; +} + +/* Modified to call AuthenticationInformationArray with 'count' specified */ +_PUBLIC_ enum ndr_err_code ndr_push_trustAuthInOutBlob(struct ndr_push *ndr, int ndr_flags, const struct trustAuthInOutBlob *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->count)); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r->current)); + NDR_CHECK(ndr_push_relative_ptr1(ndr, r->previous)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->current) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r->current)); + NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); + } + if (r->previous) { + NDR_CHECK(ndr_push_relative_ptr2(ndr, r->previous)); + NDR_CHECK(ndr_push_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_trustAuthInOutBlob(struct ndr_pull *ndr, int ndr_flags, struct trustAuthInOutBlob *r) +{ + uint32_t _ptr_current; + TALLOC_CTX *_mem_save_current_0; + uint32_t _ptr_previous; + TALLOC_CTX *_mem_save_previous_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->count)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_current)); + if (_ptr_current) { + NDR_PULL_ALLOC(ndr, r->current); + NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->current, _ptr_current)); + } else { + r->current = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_previous)); + if (_ptr_previous) { + NDR_PULL_ALLOC(ndr, r->previous); + NDR_CHECK(ndr_pull_relative_ptr1(ndr, r->previous, _ptr_previous)); + } else { + r->previous = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->current) { + uint32_t _relative_save_offset; + _relative_save_offset = ndr->offset; + NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->current)); + _mem_save_current_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->current, 0); + NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->current)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_current_0, 0); + ndr->offset = _relative_save_offset; + } + if (r->previous) { + uint32_t _relative_save_offset; + _relative_save_offset = ndr->offset; + NDR_CHECK(ndr_pull_relative_ptr2(ndr, r->previous)); + _mem_save_previous_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->previous, 0); + NDR_CHECK(ndr_pull_AuthenticationInformationArray_with_count(ndr, NDR_SCALARS|NDR_BUFFERS, r->count, r->previous)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_previous_0, 0); + ndr->offset = _relative_save_offset; + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_trustAuthInOutBlob(struct ndr_print *ndr, const char *name, const struct trustAuthInOutBlob *r) +{ + ndr_print_struct(ndr, name, "trustAuthInOutBlob"); + ndr->depth++; + ndr_print_uint32(ndr, "count", r->count); + ndr_print_ptr(ndr, "current", r->current); + ndr->depth++; + if (r->current) { + ndr_print_AuthenticationInformationArray_with_count(ndr, "current", r->count, r->current); + } + ndr->depth--; + ndr_print_ptr(ndr, "previous", r->previous); + ndr->depth++; + if (r->previous) { + ndr_print_AuthenticationInformationArray_with_count(ndr, "previous", r->count, r->previous); + } + ndr->depth--; + ndr->depth--; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_trustDomainPasswords(struct ndr_pull *ndr, int ndr_flags, struct trustDomainPasswords *r) +{ + if (ndr_flags & NDR_SCALARS) { + uint32_t offset; + NDR_PULL_ALIGN(ndr, 4); + NDR_PULL_NEED_BYTES(ndr, 8); + + offset = ndr->offset; + ndr->offset = ndr->data_size - 8; + + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size)); + + ndr->offset = offset; + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->confounder, 512)); + { + struct ndr_pull *_ndr_outgoing; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_outgoing, 0, r->outgoing_size)); + NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_outgoing, NDR_SCALARS|NDR_BUFFERS, &r->outgoing)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_outgoing, 0, r->outgoing_size)); + } + { + struct ndr_pull *_ndr_incoming; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_incoming, 0, r->incoming_size)); + NDR_CHECK(ndr_pull_trustCurrentPasswords(_ndr_incoming, NDR_SCALARS|NDR_BUFFERS, &r->incoming)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_incoming, 0, r->incoming_size)); + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->outgoing_size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->incoming_size)); + } + if (ndr_flags & NDR_BUFFERS) { + } + return NDR_ERR_SUCCESS; +} + diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 3b70f3e934..4c3c708d4a 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -626,7 +626,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc const char *name; DATA_BLOB session_key = data_blob(NULL, 0); DATA_BLOB trustAuthIncoming, trustAuthOutgoing, auth_blob; - struct trustAuthInAndOutBlob auth_struct; + struct trustDomainPasswords auth_struct; int ret; NTSTATUS nt_status; enum ndr_err_code ndr_err; @@ -679,7 +679,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_pull_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct, - (ndr_pull_flags_fn_t)ndr_pull_trustAuthInAndOutBlob); + (ndr_pull_flags_fn_t)ndr_pull_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -689,7 +689,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct.incoming, - (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -701,7 +701,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), &auth_struct.outgoing, - (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 69bf33352b..af5ee4f6e1 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -2077,7 +2077,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, struct lsa_CreateTrustedDomainEx2 r; struct lsa_TrustDomainInfoInfoEx trustinfo; struct lsa_TrustDomainInfoAuthInfoInternal authinfo; - struct trustAuthInAndOutBlob auth_struct; + struct trustDomainPasswords auth_struct; DATA_BLOB auth_blob; struct dom_sid *domsid[12]; struct policy_handle trustdom_handle[12]; @@ -2125,9 +2125,9 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, auth_struct.incoming.count = 0; ndr_err = ndr_push_struct_blob(&auth_blob, mem_ctx, lp_iconv_convenience(tctx->lp_ctx), &auth_struct, - (ndr_push_flags_fn_t)ndr_push_trustAuthInAndOutBlob); + (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - printf("ndr_push_struct_blob of trustAuthInAndOutBlob structure failed"); + printf("ndr_push_struct_blob of trustDomainPasswords structure failed"); ret = false; } -- cgit From 04edf11bee9f248241c46ce809870163a16d3ba0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 29 Sep 2008 22:34:30 -0700 Subject: Rework to match new trustDomainPasswords IDL --- source4/rpc_server/lsa/dcesrv_lsa.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 4c3c708d4a..7b15241b96 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -859,11 +859,11 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc if (auth_struct.incoming.count) { int i; for (i=0; i < auth_struct.incoming.count; i++ ) { - if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_NT4OWF) { + if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_NT4OWF) { samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user, "unicodePwd", - &auth_struct.incoming.current->array[i].AuthInfo.nt4owf.password); - } else if (auth_struct.incoming.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { + &auth_struct.incoming.current[i]->AuthInfo.nt4owf.password); + } else if (auth_struct.incoming.current[i]->AuthType == TRUST_AUTH_TYPE_CLEAR) { struct samr_Password hash; /* . We cannot do this, as windows chooses to send in random passwords here, that won't convert to UTF8 @@ -871,8 +871,8 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc mem_ctx, msg_user, "userPassword", auth_struct.incoming.current->array[i].AuthInfo.clear.password); */ - mdfour(hash.hash, auth_struct.incoming.current->array[i].AuthInfo.clear.password, - auth_struct.incoming.current->array[i].AuthInfo.clear.size); + mdfour(hash.hash, auth_struct.incoming.current[i]->AuthInfo.clear.password, + auth_struct.incoming.current[i]->AuthInfo.clear.size); samdb_msg_add_hash(trusted_domain_state->policy->sam_ldb, mem_ctx, msg_user, "unicodePwd", &hash); -- cgit From e622325155a13fd9f6f85a767d345344f18eca41 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 08:41:16 +0200 Subject: s4:smb_server/smb: FLAGS2_SMB_SECURITY_SIGNATURES should only be echoed, not set always metze --- source4/smb_server/smb/request.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/source4/smb_server/smb/request.c b/source4/smb_server/smb/request.c index eb3e100b96..241c262857 100644 --- a/source4/smb_server/smb/request.c +++ b/source4/smb_server/smb/request.c @@ -135,15 +135,16 @@ void smbsrv_setup_reply(struct smbsrv_request *req, uint_t wct, size_t buflen) flags2 = FLAGS2_LONG_PATH_COMPONENTS | FLAGS2_EXTENDED_ATTRIBUTES | FLAGS2_IS_LONG_NAME; - flags2 |= (req->flags2 & (FLAGS2_UNICODE_STRINGS|FLAGS2_EXTENDED_SECURITY)); +#define _SMB_FLAGS2_ECHOED_FLAGS ( \ + FLAGS2_UNICODE_STRINGS | \ + FLAGS2_EXTENDED_SECURITY | \ + FLAGS2_SMB_SECURITY_SIGNATURES \ +) + flags2 |= (req->flags2 & _SMB_FLAGS2_ECHOED_FLAGS); if (req->smb_conn->negotiate.client_caps & CAP_STATUS32) { flags2 |= FLAGS2_32_BIT_ERROR_CODES; } - if (req->smb_conn->signing.allow_smb_signing || req->smb_conn->signing.mandatory_signing) { - flags2 |= FLAGS2_SMB_SECURITY_SIGNATURES; - } - req->out.hdr = req->out.buffer + NBT_HDR_SIZE; req->out.vwv = req->out.hdr + HDR_VWV; req->out.wct = wct; -- cgit From 394f24b374e1fda8dc8222b71ce164a1a79efde6 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 30 Sep 2008 09:04:52 +0200 Subject: s4:drsblob: fix the build metze --- source4/libcli/drsblobs.h | 28 ---------------------------- source4/librpc/ndr/ndr_drsblobs.c | 2 +- 2 files changed, 1 insertion(+), 29 deletions(-) delete mode 100644 source4/libcli/drsblobs.h diff --git a/source4/libcli/drsblobs.h b/source4/libcli/drsblobs.h deleted file mode 100644 index 8fee4114be..0000000000 --- a/source4/libcli/drsblobs.h +++ /dev/null @@ -1,28 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Manually parsed structures found in the DRS protocol - - Copyright (C) Andrew Bartlett 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef __LIBCLI_DRSBLOBS_H__ -#define __LIBCLI_DRSBLOBS_H__ - -#include "librpc/gen_ndr/ndr_drsblobs.h" - -#include "libcli/drsblobs_proto.h" -#endif /* __CLDAP_SERVER_PROTO_H__ */ diff --git a/source4/librpc/ndr/ndr_drsblobs.c b/source4/librpc/ndr/ndr_drsblobs.c index 47a6bb60c9..aecb0c3b16 100644 --- a/source4/librpc/ndr/ndr_drsblobs.c +++ b/source4/librpc/ndr/ndr_drsblobs.c @@ -20,7 +20,7 @@ */ #include "includes.h" -#include "libcli/drsblobs.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" /* parser auto-generated by pidl, then hand-modified by abartlet */ -- cgit From 7f1c02cd7a8f4238041406acab061f34c587c69a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 15:24:46 +0200 Subject: Enable winreg Python tests - authentication works now. --- source4/samba4-skip | 1 - source4/scripting/python/samba/tests/dcerpc/rpcecho.py | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/samba4-skip b/source4/samba4-skip index 5fa40ee706..e3e2d2d525 100644 --- a/source4/samba4-skip +++ b/source4/samba4-skip @@ -59,4 +59,3 @@ samba4.ntvfs.cifs.raw. ^samba4.net.api.become.dc.*$ # Fails nss.test # Fails raw.offline # Samba 4 doesn't have much offline support yet -winreg* #Does not authenticate against the target server diff --git a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py index 12638e2397..06790736b8 100644 --- a/source4/scripting/python/samba/tests/dcerpc/rpcecho.py +++ b/source4/scripting/python/samba/tests/dcerpc/rpcecho.py @@ -25,7 +25,8 @@ from samba.tests import RpcInterfaceTestCase class RpcEchoTests(RpcInterfaceTestCase): def setUp(self): - self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm()) + self.conn = echo.rpcecho("ncalrpc:", self.get_loadparm(), + self.get_credentials()) def test_two_contexts(self): self.conn2 = echo.rpcecho("ncalrpc:", self.get_loadparm(), basis_connection=self.conn) -- cgit From a36b6c5a42212e175ece8e9f5aa74f2741ec8868 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:02:09 +0200 Subject: Make Sid member variables accessible from Python. --- source4/libcli/security/security.i | 6 ++ source4/libcli/security/security.py | 4 ++ source4/libcli/security/security_wrap.c | 118 ++++++++++++++++++++++++++++++++ 3 files changed, 128 insertions(+) diff --git a/source4/libcli/security/security.i b/source4/libcli/security/security.i index 6ba106bb5f..420439d147 100644 --- a/source4/libcli/security/security.i +++ b/source4/libcli/security/security.i @@ -105,6 +105,12 @@ typedef struct security_descriptor { %talloctype(dom_sid); typedef struct dom_sid { + %immutable; + uint8_t sid_rev_num; + int8_t num_auths;/* [range(0,15)] */ + uint8_t id_auth[6]; + uint32_t *sub_auths; + %mutable; %extend { dom_sid(TALLOC_CTX *mem_ctx, const char *text) { return dom_sid_parse_talloc(mem_ctx, text); diff --git a/source4/libcli/security/security.py b/source4/libcli/security/security.py index c310dde56b..8afb3eda61 100644 --- a/source4/libcli/security/security.py +++ b/source4/libcli/security/security.py @@ -147,6 +147,10 @@ security_descriptor_swigregister(security_descriptor) class Sid(object): thisown = _swig_property(lambda x: x.this.own(), lambda x, v: x.this.own(v), doc='The membership flag') __repr__ = _swig_repr + sid_rev_num = _swig_property(_security.Sid_sid_rev_num_get) + num_auths = _swig_property(_security.Sid_num_auths_get) + id_auth = _swig_property(_security.Sid_id_auth_get) + sub_auths = _swig_property(_security.Sid_sub_auths_get) def __init__(self, *args, **kwargs): _security.Sid_swiginit(self,_security.new_Sid(*args, **kwargs)) def __repr__(self): diff --git a/source4/libcli/security/security_wrap.c b/source4/libcli/security/security_wrap.c index b7d66b5aec..f7e3c2fb21 100644 --- a/source4/libcli/security/security_wrap.c +++ b/source4/libcli/security/security_wrap.c @@ -2712,6 +2712,28 @@ SWIGINTERN void delete_security_token(security_token *self){ talloc_free(self); SWIGINTERN security_descriptor *new_security_descriptor(TALLOC_CTX *mem_ctx){ return security_descriptor_initialise(mem_ctx); } SWIGINTERN void delete_security_descriptor(security_descriptor *self){ talloc_free(self); } +SWIGINTERNINLINE PyObject* +SWIG_From_unsigned_SS_long (unsigned long value) +{ + return (value > LONG_MAX) ? + PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value)); +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_unsigned_SS_char (unsigned char value) +{ + return SWIG_From_unsigned_SS_long (value); +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_signed_SS_char (signed char value) +{ + return SWIG_From_long (value); +} + + SWIGINTERN swig_type_info* SWIG_pchar_descriptor(void) { @@ -3337,6 +3359,98 @@ SWIGINTERN PyObject *security_descriptor_swiginit(PyObject *SWIGUNUSEDPARM(self) return SWIG_Python_InitShadowInstance(args); } +SWIGINTERN PyObject *_wrap_Sid_sid_rev_num_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint8_t result; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sid_rev_num_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint8_t) ((arg1)->sid_rev_num); + resultobj = SWIG_From_unsigned_SS_char((unsigned char)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_num_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + int8_t result; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_num_auths_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (int8_t) ((arg1)->num_auths); + resultobj = SWIG_From_signed_SS_char((signed char)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_id_auth_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint8_t *result = 0 ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_id_auth_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint8_t *)(uint8_t *) ((arg1)->id_auth); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_char, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_Sid_sub_auths_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + dom_sid *arg1 = (dom_sid *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject *swig_obj[1] ; + uint32_t *result = 0 ; + + if (!args) SWIG_fail; + swig_obj[0] = args; + res1 = SWIG_ConvertPtr(swig_obj[0], &argp1,SWIGTYPE_p_dom_sid, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "Sid_sub_auths_get" "', argument " "1"" of type '" "dom_sid *""'"); + } + arg1 = (dom_sid *)(argp1); + result = (uint32_t *) ((arg1)->sub_auths); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_unsigned_int, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + SWIGINTERN PyObject *_wrap_new_Sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args, PyObject *kwargs) { PyObject *resultobj = 0; TALLOC_CTX *arg1 = (TALLOC_CTX *) 0 ; @@ -3561,6 +3675,10 @@ static PyMethodDef SwigMethods[] = { { (char *)"delete_security_descriptor", (PyCFunction)_wrap_delete_security_descriptor, METH_O, NULL}, { (char *)"security_descriptor_swigregister", security_descriptor_swigregister, METH_VARARGS, NULL}, { (char *)"security_descriptor_swiginit", security_descriptor_swiginit, METH_VARARGS, NULL}, + { (char *)"Sid_sid_rev_num_get", (PyCFunction)_wrap_Sid_sid_rev_num_get, METH_O, NULL}, + { (char *)"Sid_num_auths_get", (PyCFunction)_wrap_Sid_num_auths_get, METH_O, NULL}, + { (char *)"Sid_id_auth_get", (PyCFunction)_wrap_Sid_id_auth_get, METH_O, NULL}, + { (char *)"Sid_sub_auths_get", (PyCFunction)_wrap_Sid_sub_auths_get, METH_O, NULL}, { (char *)"new_Sid", (PyCFunction) _wrap_new_Sid, METH_VARARGS | METH_KEYWORDS, NULL}, { (char *)"Sid___str__", (PyCFunction)_wrap_Sid___str__, METH_O, NULL}, { (char *)"Sid___eq__", (PyCFunction) _wrap_Sid___eq__, METH_VARARGS | METH_KEYWORDS, NULL}, -- cgit From 3d8323fbff85709ab64ea039044a555975821b7f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:02:21 +0200 Subject: Compare sids in samba3sam tests. --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 32 +++++++++++++++-------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 882376cb09..1fc531902d 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -27,6 +27,9 @@ import ldb from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm +import samba.dcerpc.security +import samba.security +import samba.ndr datadir = os.path.join(os.path.dirname(__file__), "../../../../../testdata/samba3") @@ -112,6 +115,18 @@ class MapBaseTestCase(TestCaseInTempDir): os.unlink(self.samba4.file) super(MapBaseTestCase, self).tearDown() + def assertSidEquals(self, text, ndr_sid): + sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.security.dom_sid, + str(ndr_sid[0])) + sid_obj2 = samba.security.Sid(text) + # For now, this is the only way we can compare these since the + # classes are in different places. Should reconcile that at some point. + self.assertEquals(sid_obj1.sid_rev_num, sid_obj2.sid_rev_num) + self.assertEquals(sid_obj1.num_auths, sid_obj2.num_auths) + # FIXME: self.assertEquals(sid_obj1.id_auth, sid_obj2.id_auth) + # FIXME: self.assertEquals(sid_obj1.sub_auths[:sid_obj1.num_auths], + # sid_obj2.sub_auths[:sid_obj2.num_auths]) + class Samba3SamTestCase(MapBaseTestCase): @@ -150,10 +165,8 @@ class Samba3SamTestCase(MapBaseTestCase): self.assertEquals(str(msg[0].dn), "cn=Replicator,ou=Groups,dc=vernstok,dc=nl") self.assertTrue("objectSid" in msg[0]) - # FIXME: NDR unpack msg[0]["objectSid"] before comparing: - # self.assertEquals(msg[0]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") - # Check mapping of objectClass + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + msg[0]["objectSid"]) oc = set(msg[0]["objectClass"]) self.assertEquals(oc, set(["group"])) @@ -459,17 +472,14 @@ primaryGroupID: 1-5-21-4231626423-2410014848-2360679739-512 self.assertEquals(str(res[0].dn), self.samba4.dn("cn=X")) self.assertEquals(res[0]["dnsHostName"], "x") self.assertEquals(res[0]["lastLogon"], "x") - # FIXME:Properly compare sid,requires converting between NDR encoding - # and string - #self.assertEquals(res[0]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + res[0]["objectSid"]) self.assertTrue("objectSid" in res[0]) self.assertEquals(str(res[1].dn), self.samba4.dn("cn=A")) self.assertTrue(not "dnsHostName" in res[1]) self.assertEquals(res[1]["lastLogon"], "x") - # FIXME: Properly compare sid,see above - #self.assertEquals(res[1]["objectSid"], - # "S-1-5-21-4231626423-2410014848-2360679739-552") + self.assertSidEquals("S-1-5-21-4231626423-2410014848-2360679739-552", + res[1]["objectSid"]) self.assertTrue("objectSid" in res[1]) # Search by generated attribute -- cgit From 717b36c672441f8cd86bf550ab0fabc52a3a3821 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 07:14:31 -0700 Subject: merged a bugfix for the idtree code from the Linux kernel. This matches commit 7aae6dd80e265aa9402ed507caaff4a5dba55069 in the kernel. Many thanks to Jim Houston for pointing out this fix to us --- source4/lib/util/idtree.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/source4/lib/util/idtree.c b/source4/lib/util/idtree.c index 1e2cc2976a..392f4e81f8 100644 --- a/source4/lib/util/idtree.c +++ b/source4/lib/util/idtree.c @@ -105,12 +105,13 @@ static int sub_alloc(struct idr_context *idp, void *ptr, int *starting_id) int n, m, sh; struct idr_layer *p, *new; struct idr_layer *pa[MAX_LEVEL]; - int l, id; + int l, id, oid; uint32_t bm; memset(pa, 0, sizeof(pa)); id = *starting_id; +restart: p = idp->top; l = idp->layers; pa[l--] = NULL; @@ -124,12 +125,23 @@ static int sub_alloc(struct idr_context *idp, void *ptr, int *starting_id) if (m == IDR_SIZE) { /* no space available go back to previous layer. */ l++; + oid = id; id = (id | ((1 << (IDR_BITS*l))-1)) + 1; + + /* if already at the top layer, we need to grow */ if (!(p = pa[l])) { *starting_id = id; return -2; } + + /* If we need to go up one layer, continue the + * loop; otherwise, restart from the top. + */ + sh = IDR_BITS * (l + 1); + if (oid >> sh == id >> sh) continue; + else + goto restart; } if (m != n) { sh = IDR_BITS*l; -- cgit From 4f07894c29996eb3e30fc79287d224ec2dbd80ee Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 07:17:02 -0700 Subject: The author of the upstream code asked for this code to be GPLv2+ not GPLv3 --- source4/lib/util/idtree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/lib/util/idtree.c b/source4/lib/util/idtree.c index 392f4e81f8..193922973f 100644 --- a/source4/lib/util/idtree.c +++ b/source4/lib/util/idtree.c @@ -12,7 +12,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or + the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From e0af9601e1535b847e3c82e334d6a9de2ff3580d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 16:41:21 +0200 Subject: Fix FHS flag, rename to --enable-fhs since it's a feature flag and doesn't take any arguments. --- source4/build/m4/check_path.m4 | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/source4/build/m4/check_path.m4 b/source4/build/m4/check_path.m4 index 51d5daa913..666dd3b0ae 100644 --- a/source4/build/m4/check_path.m4 +++ b/source4/build/m4/check_path.m4 @@ -23,13 +23,13 @@ winbindd_socket_dir="${localstatedir}/run/winbindd" winbindd_privileged_socket_dir="${localstatedir}/lib/winbindd_privileged" ntp_signd_socket_dir="${localstatedir}/run/ntp_signd" -# Check to prevent installing directly under /usr without the FHS -AS_IF([test ${prefix} == /usr],[ - AC_MSG_ERROR([Don't install directly under "/usr" without using the FHS option (--with-fhs). This could lead to file loss!]) -]) +AC_ARG_ENABLE(fhs, +[AS_HELP_STRING([--enable-fhs],[Use FHS-compliant paths (default=no)])], +[fhs=$enableval], +[fhs=no] +) -AC_ARG_WITH(fhs, -[AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])], +if test x$fhs = xyes; then lockdir="${localstatedir}/lib/samba" piddir="${localstatedir}/run/samba" logfilebase="${localstatedir}/log/samba" @@ -41,7 +41,12 @@ AC_ARG_WITH(fhs, ntp_signd_socket_dir="${localstatedir}/run/samba/ntp_signd" winbindd_socket_dir="${localstatedir}/run/samba/winbindd" winbindd_privileged_socket_dir="${localstatedir}/lib/samba/winbindd_privileged" -) +else + # Check to prevent installing directly under /usr without the FHS + AS_IF([test $prefix == /usr || $prefix == /usr/local],[ + AC_MSG_ERROR([Don't install directly under "/usr" or "/usr/local" without using the FHS option (--enable-fhs). This could lead to file loss!]) + ]) +fi ################################################# # set private directory location -- cgit From 40a6a28170881e567d130c10bec700441423d1e8 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 30 Sep 2008 17:11:39 +0200 Subject: Move Samba4-specific files into source4/ --- BUGS4.txt | 24 --- NEWS4 | 508 ----------------------------------------------------------- TODO4 | 278 -------------------------------- source4/BUGS | 24 +++ source4/NEWS | 508 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ source4/TODO | 278 ++++++++++++++++++++++++++++++++ 6 files changed, 810 insertions(+), 810 deletions(-) delete mode 100644 BUGS4.txt delete mode 100644 NEWS4 delete mode 100644 TODO4 create mode 100644 source4/BUGS create mode 100644 source4/NEWS create mode 100644 source4/TODO diff --git a/BUGS4.txt b/BUGS4.txt deleted file mode 100644 index 1a9790ddd9..0000000000 --- a/BUGS4.txt +++ /dev/null @@ -1,24 +0,0 @@ -Samba4 alpha4 is not a final Samba release. That is more a reference -to Samba4's lack of the features we expect you will need than a -statement of code quality, but clearly it hasn't seen a broad -deployment yet. If you were to upgrade Samba3 (or indeed Windows) to -Samba4, you would find many things work, but that other key features -you may have relied on simply are not there yet. - -For example, while Samba 3.0 is an excellent member of a Active -Directory domain, Samba4 is happier as a domain controller, and it is -in this role where it has seen deployment into production. - -Samba4 is subjected to an awesome battery of tests on an -automated basis, we have found Samba4 to be very stable in it's -behaviour. We have to recommend against upgrading production servers -from Samba 3 to Samba 4 at this stage, because there may be the features on -which you may rely that are not present, or the mapping of -your configuration and user database may not be complete. - -If you are upgrading, or looking to develop, test or deploy Samba4, you should -backup all configuration and data. - -We welcome your testing, please file bug reports at -https://bugzilla.samba.org/, product: Samba4. Please include as much -information as possible, such as GIT revision number and backtraces. diff --git a/NEWS4 b/NEWS4 deleted file mode 100644 index 8a63719a0e..0000000000 --- a/NEWS4 +++ /dev/null @@ -1,508 +0,0 @@ -This file aims to document the major changes since the latest released version -of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems -and uses a different internal format for most data. Since this -file is an initial draft, please update missing items. - -One of the main goals of Samba 4 was Active Directory Domain Controller -support. This means Samba now implements several protocols that are required -by AD such as Kerberos and DNS. - -An (experimental) upgrade script that performs a one-way upgrade -from Samba 3 is available in source/setup/upgrade. - -Removal of nmbd and introduction of process models -================================================== -smbd now implements several network protocols other than just CIFS and -DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports -various 'process models' that specify how concurrent connections are -handled (when to fork, use threads, etc). - -Introduction of LDB -=================== -Samba now stores most of its persistent data in a LDAP-like database -called LDB (see ldb(7) for more info). - -Removed SWAT -================== -Unlike previous versions, Samba4 does not provide a web interface at this time. - -Built-in KDC -============ -Samba4 ships with an integrated KDC (Kerberos Key Distribution -Center). Backed directly onto our main internal database, and -integrated with custom code to handle the PAC, Samba4's KDC is an -integral part of our support for AD logon protocols. - -Built-in LDAP Server -==================== -Like the situation with the KDC, Samba4 ships with it's own LDAP -server, included to provide simple, built-in LDAP services in an AD -(rather than distinctly standards) matching manner. The database is -LDB, and it shares that in common with the rest of Samba. - -Changed configuration options -============================= -Several configuration options have been removed in Samba4 while others have -been introduced. This section contains a summary of changes to smb.conf and -where these settings moved. Configuration options that have disappeared may be -re-added later when the functionality that uses them gets reimplemented in -Samba 4. - -The 'security' parameter has been split up. It is now only used to choose -between the 'user' and 'share' security levels (the latter is not supported -in Samba 4 yet). The other values of this option and the 'domain master' and -'domain logons' parameters have been merged into a 'server role' parameter -that can be either 'domain controller', 'member server' or 'standalone'. Note that -member server support does not work yet. - -The following parameters have been removed: -- passdb backend: accounts are now stored in a LDB-based SAM database, - see 'sam database' below. -- update encrypted -- public -- guest ok -- client schannel -- server schannel -- allow trusted domains -- hosts equiv -- map to guest -- smb passwd file -- algorithmic rid base -- root directory -- root dir -- root -- guest account -- enable privileges -- pam password change -- passwd program -- passwd chat debug -- passwd chat timeout -- check password script -- username map -- username level -- unix password sync -- restrict anonymous -- username -- user -- users -- invalid users -- valid users -- admin users -- read list -- write list -- printer admin -- force user -- force group -- group -- write ok -- writeable -- writable -- acl check permissions -- acl group control -- acl map full control -- create mask -- create mode -- force create mode -- security mask -- force security mode -- directory mask -- directory mode -- force directory mode -- directory security mask -- force directory security mode -- force unknown acl user -- inherit permissions -- inherit acls -- inherit owner -- guest only -- only guest -- only user -- allow hosts -- deny hosts -- preload modules -- use kerberos keytab -- syslog -- syslog only -- max log size -- debug timestamp -- timestamp logs -- debug hires timestamp -- debug pid -- debug uid -- allocation roundup size -- aio read size -- aio write size -- aio write behind -- large readwrite -- protocol -- read bmpx -- reset on zero vc -- acl compatibility -- defer sharing violations -- ea support -- nt acl support -- nt pipe support -- profile acls -- map acl inherit -- afs share -- max ttl -- client use spnego -- enable asu support -- svcctl list -- block size -- change notify timeout -- deadtime -- getwd cache -- keepalive -- kernel change notify -- lpq cache time -- max smbd processes -- max disk size -- max open files -- min print space -- strict allocate -- sync always -- use mmap -- use sendfile -- hostname lookups -- write cache size -- name cache timeout -- max reported print jobs -- load printers -- printcap cache time -- printcap name -- printcap -- printing -- cups options -- cups server -- iprint server -- print command -- disable spoolss -- enable spoolss -- lpq command -- lprm command -- lppause command -- lpresume command -- queuepause command -- queueresume command -- enumports command -- addprinter command -- deleteprinter command -- show add printer wizard -- os2 driver map -- use client driver -- default devmode -- force printername -- mangling method -- mangle prefix -- default case -- case sensitive -- casesignames -- preserve case -- short preserve case -- mangling char -- hide dot files -- hide special files -- hide unreadable -- hide unwriteable files -- delete veto files -- veto files -- hide files -- veto oplock files -- map readonly -- mangled names -- mangled map -- max stat cache size -- stat cache -- store dos attributes -- machine password timeout -- add user script -- rename user script -- delete user script -- add group script -- delete group script -- add user to group script -- delete user from group script -- set primary group script -- add machine script -- shutdown script -- abort shutdown script -- username map script -- logon script -- logon path -- logon drive -- logon home -- domain logons -- os level -- lm announce -- lm interval -- domain master -- browse list -- enhanced browsing -- wins proxy -- wins hook -- wins partners -- blocking locks -- fake oplocks -- kernel oplocks -- locking -- lock spin count -- lock spin time -- level2 oplocks -- oplock break wait time -- oplock contention limit -- posix locking -- share modes -- ldap server -- ldap port -- ldap admin dn -- ldap delete dn -- ldap group suffix -- ldap idmap suffix -- ldap machine suffix -- ldap passwd sync -- ldap password sync -- ldap replication sleep -- ldap suffix -- ldap ssl -- ldap timeout -- ldap page size -- ldap user suffix -- add share command -- change share command -- delete share command -- eventlog list -- utmp directory -- wtmp directory -- utmp -- default service -- default -- message command -- dfree cache time -- dfree command -- get quota command -- set quota command -- remote announce -- remote browse sync -- homedir map -- afs username map -- afs token lifetime -- log nt token command -- time offset -- NIS homedir -- preexec -- exec -- preexec close -- postexec -- root preexec -- root preexec close -- root postexec -- set directory -- wide links -- follow symlinks -- dont descend -- magic script -- magic output -- delete readonly -- dos filemode -- dos filetimes -- dos filetime resolution -- fake directory create times -- panic action -- vfs objects -- vfs object -- msdfs root -- msdfs proxy -- host msdfs -- enable rid algorithm -- passdb expand explicit -- idmap backend -- idmap uid -- winbind uid -- idmap gid -- winbind gid -- template homedir -- template shell -- winbind separator -- winbind cache time -- winbind enum users -- winbind enum groups -- winbind use default domain -- winbind trusted domains only -- winbind nested groups -- winbind max idle children -- winbind nss info - -The following parameters have been added: -+ rpc big endian (G) - Make Samba fake it is running on a bigendian machine when using DCE/RPC. - Useful for debugging. - - Default: no - -+ case insensitive filesystem (S) - Set to true if this share is located on a case-insensitive filesystem. - This disables looking for a filename by trying all possible combinations of - uppercase/lowercase characters and thus speeds up operations when a - file cannot be found. - - Default: no - -+ js include (G) - Path to JavaScript library. - - Default: Set at compile-time - -+ setup directory - Path to data used by provisioning script. - - Default: Set at compile-time - -+ ncalrpc dir - Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport. - - Default: Set at compile-time - -+ ntvfs handler - Backend to the NT VFS to use (more than one can be specified). Available - backends include: - - - posix: - Maps POSIX FS semantics to NT semantics - - - simple: - Very simple backend (original testing backend). - - - unixuid: - Sets up user credentials based on POSIX gid/uid. - - - cifs: - Proxies a remote CIFS FS. Mainly useful for testing. - - - nbench: - Filter module that saves data useful to the nbench benchmark suite. - - - ipc: - Allows using SMB for inter process communication. Only used for - the IPC$ share. - - - print: - Allows printing over SMB. This is LANMAN-style printing (?), not - the be confused with the spoolss DCE/RPC interface used by later - versions of Windows. - - Default: unixuid default - -+ ntptr providor - FIXME - -+ dcerpc endpoint servers - What DCE/RPC servers to start. - - Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup - -+ server services - Services Samba should provide. - - Default: smb rpc nbt wrepl ldap cldap web kdc - -+ sam database - Location of the SAM (account database) database. This should be a - LDB URL. - - Default: set at compile-time - -+ spoolss database - Spoolss (printer) DCE/RPC server database. This should be a LDB URL. - - Default: set at compile-time - -+ wins config database - WINS configuration database location. This should be a LDB URL. - - Default: set at compile-time - -+ wins database - WINS database location. This should be a LDB URL. - - Default: set at compile-time - -+ client use spnego principal - Tells the client to use the Kerberos service principal specified by the - server during the security protocol negotation rather than - looking up the principal itself (cifs/hostname). - - Default: false - -+ nbt port - TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation. - - Default: 137 - -+ dgram port - UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation. - - Default: 138 - -+ cldap port - UDP/IP port used by the CLDAP protocol. - - Default: 389 - -+ krb5 port - IP port used by the kerberos KDC. - - Default: 88 - -+ kpasswd port - IP port used by the kerberos password change protocol. - - Default: 464 - -+ web port - TCP/IP port SWAT should listen on. - - Default: 901 - -+ tls enabled - Enable TLS support for SWAT - - Default: true - -+ tls keyfile - Path to TLS key file (PEM format) to be used by SWAT. If no - path is specified, Samba will create a key. - - Default: none - -+ tls certfile - Path to TLS certificate file (PEM format) to be used by SWAT. If no - path is specified, Samba will create a certificate. - - Default: none - -+ tls cafile - Path to CA authority file Samba will use to sign TLS keys it generates. If - no path is specified, Samba will create a self-signed CA certificate. - - Default: none - -+ tls crlfile - Path to TLS certificate revocation lists file. - - Default: none - -+ swat directory - SWAT data directory. - - Default: set at compile-time - -+ large readwrite - Indicate the CIFS server is able to do large reads/writes. - - Default: true - -+ unicode - Enable/disable unicode support in the protocol. - - Default: true diff --git a/TODO4 b/TODO4 deleted file mode 100644 index 14df8a507a..0000000000 --- a/TODO4 +++ /dev/null @@ -1,278 +0,0 @@ -source/build/smb_build/TODO -source/lib/registry/TODO -source/lib/tdr/TODO -source/pidl/TODO - -- seperate adminlog mechanism (as opposed to the current DEBUG log, - which is not really aimed at administrators but more at developers) - Perhaps similar to eventlog so we can also use eventlog to retrieve the data? - -- testsuite for the 'net' tool - -- and a lot of other stuff - -Configuration options -===================== - -The following options don't exist in Samba4 yet -or are not converted by the upgrade script -or will be removed: - -- update encrypted -- public -- guest ok -- client schannel -- server schannel -- allow trusted domains -- hosts equiv -- map to guest -- algorithmic rid base -- root directory -- root dir -- root -- guest account -- enable privileges -- pam password change -- passwd program -- passwd chat debug -- passwd chat timeout -- check password script -- username map -- username level -- unix password sync -- restrict anonymous -- username -- user -- users -- invalid users -- valid users -- admin users -- read list -- write list -- printer admin -- force user -- force group -- group -- write ok -- writeable -- writable -- acl check permissions -- acl group control -- acl map full control -- create mask -- create mode -- force create mode -- security mask -- force security mode -- directory mask -- directory mode -- force directory mode -- directory security mask -- force directory security mode -- force unknown acl user -- inherit permissions -- inherit acls -- inherit owner -- guest only -- only guest -- only user -- allow hosts -- deny hosts -- preload modules -- use kerberos keytab -- syslog -- syslog only -- max log size -- debug timestamp -- timestamp logs -- debug hires timestamp -- debug pid -- debug uid -- allocation roundup size -- aio read size -- aio write size -- aio write behind -- large readwrite -- protocol -- read bmpx -- reset on zero vc -- acl compatibility -- defer sharing violations -- ea support -- nt acl support -- nt pipe support -- profile acls -- map acl inherit -- afs share -- max ttl -- client use spnego -- enable asu support -- svcctl list -- block size -- change notify timeout -- deadtime -- getwd cache -- keepalive -- kernel change notify -- lpq cache time -- max smbd processes -- max disk size -- max open files -- min print space -- strict allocate -- sync always -- use mmap -- use sendfile -- hostname lookups -- write cache size -- name cache timeout -- max reported print jobs -- load printers -- printcap cache time -- printcap name -- printcap -- printing -- cups options -- cups server -- iprint server -- print command -- disable spoolss -- enable spoolss -- lpq command -- lprm command -- lppause command -- lpresume command -- queuepause command -- queueresume command -- enumports command -- addprinter command -- deleteprinter command -- show add printer wizard -- os2 driver map -- use client driver -- default devmode -- force printername -- mangling method -- mangle prefix -- default case -- case sensitive -- casesignames -- preserve case -- short preserve case -- mangling char -- hide dot files -- hide special files -- hide unreadable -- hide unwriteable files -- delete veto files -- veto files -- hide files -- veto oplock files -- map readonly -- mangled names -- mangled map -- max stat cache size -- stat cache -- store dos attributes -- machine password timeout -- add user script -- rename user script -- delete user script -- add group script -- delete group script -- add user to group script -- delete user from group script -- set primary group script -- add machine script -- shutdown script -- abort shutdown script -- username map script -- logon script -- logon path -- logon drive -- logon home -- domain logons -- os level -- lm announce -- lm interval -- domain master -- browse list -- enhanced browsing -- wins proxy -- blocking locks -- fake oplocks -- kernel oplocks -- locking -- lock spin count -- lock spin time -- oplocks -- level2 oplocks -- oplock break wait time -- oplock contention limit -- posix locking -- share modes -- add share command -- change share command -- delete share command -- eventlog list -- utmp directory -- wtmp directory -- utmp -- default service -- default -- message command -- dfree cache time -- dfree command -- get quota command -- set quota command -- remote announce -- remote browse sync -- homedir map -- afs username map -- afs token lifetime -- log nt token command -- time offset -- NIS homedir -- preexec -- exec -- preexec close -- postexec -- root preexec -- root preexec close -- root postexec -- set directory -- wide links -- follow symlinks -- dont descend -- magic script -- magic output -- delete readonly -- dos filemode -- dos filetimes -- dos filetime resolution -- fake directory create times -- panic action -- vfs objects -- vfs object -- msdfs root -- msdfs proxy -- host msdfs -- enable rid algorithm -- passdb expand explicit -- idmap backend -- idmap uid -- winbind uid -- idmap gid -- winbind gid -- template homedir -- template shell -- winbind separator -- winbind cache time -- winbind enum users -- winbind enum groups -- winbind use default domain -- winbind trusted domains only -- winbind nested groups -- winbind max idle children -- winbind nss info - diff --git a/source4/BUGS b/source4/BUGS new file mode 100644 index 0000000000..1a9790ddd9 --- /dev/null +++ b/source4/BUGS @@ -0,0 +1,24 @@ +Samba4 alpha4 is not a final Samba release. That is more a reference +to Samba4's lack of the features we expect you will need than a +statement of code quality, but clearly it hasn't seen a broad +deployment yet. If you were to upgrade Samba3 (or indeed Windows) to +Samba4, you would find many things work, but that other key features +you may have relied on simply are not there yet. + +For example, while Samba 3.0 is an excellent member of a Active +Directory domain, Samba4 is happier as a domain controller, and it is +in this role where it has seen deployment into production. + +Samba4 is subjected to an awesome battery of tests on an +automated basis, we have found Samba4 to be very stable in it's +behaviour. We have to recommend against upgrading production servers +from Samba 3 to Samba 4 at this stage, because there may be the features on +which you may rely that are not present, or the mapping of +your configuration and user database may not be complete. + +If you are upgrading, or looking to develop, test or deploy Samba4, you should +backup all configuration and data. + +We welcome your testing, please file bug reports at +https://bugzilla.samba.org/, product: Samba4. Please include as much +information as possible, such as GIT revision number and backtraces. diff --git a/source4/NEWS b/source4/NEWS new file mode 100644 index 0000000000..8a63719a0e --- /dev/null +++ b/source4/NEWS @@ -0,0 +1,508 @@ +This file aims to document the major changes since the latest released version +of Samba, 3.0. Samba 4.0 contains rewrites of several subsystems +and uses a different internal format for most data. Since this +file is an initial draft, please update missing items. + +One of the main goals of Samba 4 was Active Directory Domain Controller +support. This means Samba now implements several protocols that are required +by AD such as Kerberos and DNS. + +An (experimental) upgrade script that performs a one-way upgrade +from Samba 3 is available in source/setup/upgrade. + +Removal of nmbd and introduction of process models +================================================== +smbd now implements several network protocols other than just CIFS and +DCE/RPC. nmbd's functionality has been merged into smbd. smbd supports +various 'process models' that specify how concurrent connections are +handled (when to fork, use threads, etc). + +Introduction of LDB +=================== +Samba now stores most of its persistent data in a LDAP-like database +called LDB (see ldb(7) for more info). + +Removed SWAT +================== +Unlike previous versions, Samba4 does not provide a web interface at this time. + +Built-in KDC +============ +Samba4 ships with an integrated KDC (Kerberos Key Distribution +Center). Backed directly onto our main internal database, and +integrated with custom code to handle the PAC, Samba4's KDC is an +integral part of our support for AD logon protocols. + +Built-in LDAP Server +==================== +Like the situation with the KDC, Samba4 ships with it's own LDAP +server, included to provide simple, built-in LDAP services in an AD +(rather than distinctly standards) matching manner. The database is +LDB, and it shares that in common with the rest of Samba. + +Changed configuration options +============================= +Several configuration options have been removed in Samba4 while others have +been introduced. This section contains a summary of changes to smb.conf and +where these settings moved. Configuration options that have disappeared may be +re-added later when the functionality that uses them gets reimplemented in +Samba 4. + +The 'security' parameter has been split up. It is now only used to choose +between the 'user' and 'share' security levels (the latter is not supported +in Samba 4 yet). The other values of this option and the 'domain master' and +'domain logons' parameters have been merged into a 'server role' parameter +that can be either 'domain controller', 'member server' or 'standalone'. Note that +member server support does not work yet. + +The following parameters have been removed: +- passdb backend: accounts are now stored in a LDB-based SAM database, + see 'sam database' below. +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- smb passwd file +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- wins hook +- wins partners +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- ldap server +- ldap port +- ldap admin dn +- ldap delete dn +- ldap group suffix +- ldap idmap suffix +- ldap machine suffix +- ldap passwd sync +- ldap password sync +- ldap replication sleep +- ldap suffix +- ldap ssl +- ldap timeout +- ldap page size +- ldap user suffix +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + +The following parameters have been added: ++ rpc big endian (G) + Make Samba fake it is running on a bigendian machine when using DCE/RPC. + Useful for debugging. + + Default: no + ++ case insensitive filesystem (S) + Set to true if this share is located on a case-insensitive filesystem. + This disables looking for a filename by trying all possible combinations of + uppercase/lowercase characters and thus speeds up operations when a + file cannot be found. + + Default: no + ++ js include (G) + Path to JavaScript library. + + Default: Set at compile-time + ++ setup directory + Path to data used by provisioning script. + + Default: Set at compile-time + ++ ncalrpc dir + Directory to use for UNIX sockets used by the 'ncalrpc' DCE/RPC transport. + + Default: Set at compile-time + ++ ntvfs handler + Backend to the NT VFS to use (more than one can be specified). Available + backends include: + + - posix: + Maps POSIX FS semantics to NT semantics + + - simple: + Very simple backend (original testing backend). + + - unixuid: + Sets up user credentials based on POSIX gid/uid. + + - cifs: + Proxies a remote CIFS FS. Mainly useful for testing. + + - nbench: + Filter module that saves data useful to the nbench benchmark suite. + + - ipc: + Allows using SMB for inter process communication. Only used for + the IPC$ share. + + - print: + Allows printing over SMB. This is LANMAN-style printing (?), not + the be confused with the spoolss DCE/RPC interface used by later + versions of Windows. + + Default: unixuid default + ++ ntptr providor + FIXME + ++ dcerpc endpoint servers + What DCE/RPC servers to start. + + Default: epmapper srvsvc wkssvc rpcecho samr netlogon lsarpc spoolss drsuapi winreg dssetup + ++ server services + Services Samba should provide. + + Default: smb rpc nbt wrepl ldap cldap web kdc + ++ sam database + Location of the SAM (account database) database. This should be a + LDB URL. + + Default: set at compile-time + ++ spoolss database + Spoolss (printer) DCE/RPC server database. This should be a LDB URL. + + Default: set at compile-time + ++ wins config database + WINS configuration database location. This should be a LDB URL. + + Default: set at compile-time + ++ wins database + WINS database location. This should be a LDB URL. + + Default: set at compile-time + ++ client use spnego principal + Tells the client to use the Kerberos service principal specified by the + server during the security protocol negotation rather than + looking up the principal itself (cifs/hostname). + + Default: false + ++ nbt port + TCP/IP Port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 137 + ++ dgram port + UDP/IP port used by the NetBIOS over TCP/IP (NBT) implementation. + + Default: 138 + ++ cldap port + UDP/IP port used by the CLDAP protocol. + + Default: 389 + ++ krb5 port + IP port used by the kerberos KDC. + + Default: 88 + ++ kpasswd port + IP port used by the kerberos password change protocol. + + Default: 464 + ++ web port + TCP/IP port SWAT should listen on. + + Default: 901 + ++ tls enabled + Enable TLS support for SWAT + + Default: true + ++ tls keyfile + Path to TLS key file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a key. + + Default: none + ++ tls certfile + Path to TLS certificate file (PEM format) to be used by SWAT. If no + path is specified, Samba will create a certificate. + + Default: none + ++ tls cafile + Path to CA authority file Samba will use to sign TLS keys it generates. If + no path is specified, Samba will create a self-signed CA certificate. + + Default: none + ++ tls crlfile + Path to TLS certificate revocation lists file. + + Default: none + ++ swat directory + SWAT data directory. + + Default: set at compile-time + ++ large readwrite + Indicate the CIFS server is able to do large reads/writes. + + Default: true + ++ unicode + Enable/disable unicode support in the protocol. + + Default: true diff --git a/source4/TODO b/source4/TODO new file mode 100644 index 0000000000..5efebed1b3 --- /dev/null +++ b/source4/TODO @@ -0,0 +1,278 @@ +build/smb_build/TODO +lib/registry/TODO +lib/tdr/TODO +pidl/TODO + +- seperate adminlog mechanism (as opposed to the current DEBUG log, + which is not really aimed at administrators but more at developers) + Perhaps similar to eventlog so we can also use eventlog to retrieve the data? + +- testsuite for the 'net' tool + +- and a lot of other stuff + +Configuration options +===================== + +The following options don't exist in Samba4 yet +or are not converted by the upgrade script +or will be removed: + +- update encrypted +- public +- guest ok +- client schannel +- server schannel +- allow trusted domains +- hosts equiv +- map to guest +- algorithmic rid base +- root directory +- root dir +- root +- guest account +- enable privileges +- pam password change +- passwd program +- passwd chat debug +- passwd chat timeout +- check password script +- username map +- username level +- unix password sync +- restrict anonymous +- username +- user +- users +- invalid users +- valid users +- admin users +- read list +- write list +- printer admin +- force user +- force group +- group +- write ok +- writeable +- writable +- acl check permissions +- acl group control +- acl map full control +- create mask +- create mode +- force create mode +- security mask +- force security mode +- directory mask +- directory mode +- force directory mode +- directory security mask +- force directory security mode +- force unknown acl user +- inherit permissions +- inherit acls +- inherit owner +- guest only +- only guest +- only user +- allow hosts +- deny hosts +- preload modules +- use kerberos keytab +- syslog +- syslog only +- max log size +- debug timestamp +- timestamp logs +- debug hires timestamp +- debug pid +- debug uid +- allocation roundup size +- aio read size +- aio write size +- aio write behind +- large readwrite +- protocol +- read bmpx +- reset on zero vc +- acl compatibility +- defer sharing violations +- ea support +- nt acl support +- nt pipe support +- profile acls +- map acl inherit +- afs share +- max ttl +- client use spnego +- enable asu support +- svcctl list +- block size +- change notify timeout +- deadtime +- getwd cache +- keepalive +- kernel change notify +- lpq cache time +- max smbd processes +- max disk size +- max open files +- min print space +- strict allocate +- sync always +- use mmap +- use sendfile +- hostname lookups +- write cache size +- name cache timeout +- max reported print jobs +- load printers +- printcap cache time +- printcap name +- printcap +- printing +- cups options +- cups server +- iprint server +- print command +- disable spoolss +- enable spoolss +- lpq command +- lprm command +- lppause command +- lpresume command +- queuepause command +- queueresume command +- enumports command +- addprinter command +- deleteprinter command +- show add printer wizard +- os2 driver map +- use client driver +- default devmode +- force printername +- mangling method +- mangle prefix +- default case +- case sensitive +- casesignames +- preserve case +- short preserve case +- mangling char +- hide dot files +- hide special files +- hide unreadable +- hide unwriteable files +- delete veto files +- veto files +- hide files +- veto oplock files +- map readonly +- mangled names +- mangled map +- max stat cache size +- stat cache +- store dos attributes +- machine password timeout +- add user script +- rename user script +- delete user script +- add group script +- delete group script +- add user to group script +- delete user from group script +- set primary group script +- add machine script +- shutdown script +- abort shutdown script +- username map script +- logon script +- logon path +- logon drive +- logon home +- domain logons +- os level +- lm announce +- lm interval +- domain master +- browse list +- enhanced browsing +- wins proxy +- blocking locks +- fake oplocks +- kernel oplocks +- locking +- lock spin count +- lock spin time +- oplocks +- level2 oplocks +- oplock break wait time +- oplock contention limit +- posix locking +- share modes +- add share command +- change share command +- delete share command +- eventlog list +- utmp directory +- wtmp directory +- utmp +- default service +- default +- message command +- dfree cache time +- dfree command +- get quota command +- set quota command +- remote announce +- remote browse sync +- homedir map +- afs username map +- afs token lifetime +- log nt token command +- time offset +- NIS homedir +- preexec +- exec +- preexec close +- postexec +- root preexec +- root preexec close +- root postexec +- set directory +- wide links +- follow symlinks +- dont descend +- magic script +- magic output +- delete readonly +- dos filemode +- dos filetimes +- dos filetime resolution +- fake directory create times +- panic action +- vfs objects +- vfs object +- msdfs root +- msdfs proxy +- host msdfs +- enable rid algorithm +- passdb expand explicit +- idmap backend +- idmap uid +- winbind uid +- idmap gid +- winbind gid +- template homedir +- template shell +- winbind separator +- winbind cache time +- winbind enum users +- winbind enum groups +- winbind use default domain +- winbind trusted domains only +- winbind nested groups +- winbind max idle children +- winbind nss info + -- cgit From be050125b60028ab05dfd685291d2163c2e5903a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:42:12 -0700 Subject: - make bcast name resolution match other name resolution modules for host not found errors - when we have no resolve context return NT_STATUS_OBJECT_NAME_NOT_FOUND --- source4/libcli/resolve/bcast.c | 8 +++++++- source4/libcli/resolve/resolve.c | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/source4/libcli/resolve/bcast.c b/source4/libcli/resolve/bcast.c index 2e2eb05397..ca78a2ce43 100644 --- a/source4/libcli/resolve/bcast.c +++ b/source4/libcli/resolve/bcast.c @@ -75,7 +75,13 @@ struct composite_context *resolve_name_bcast_send(TALLOC_CTX *mem_ctx, NTSTATUS resolve_name_bcast_recv(struct composite_context *c, TALLOC_CTX *mem_ctx, const char **reply_addr) { - return resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + NTSTATUS status = resolve_name_nbtlist_recv(c, mem_ctx, reply_addr); + if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { + /* this makes much more sense for a bcast name resolution + timeout */ + status = NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return status; } /* diff --git a/source4/libcli/resolve/resolve.c b/source4/libcli/resolve/resolve.c index 2b14591d68..dbc4a2ede7 100644 --- a/source4/libcli/resolve/resolve.c +++ b/source4/libcli/resolve/resolve.c @@ -166,7 +166,7 @@ struct composite_context *resolve_name_send(struct resolve_context *ctx, state->method = ctx->methods; if (state->method == NULL) { - composite_error(c, NT_STATUS_HOST_UNREACHABLE); + composite_error(c, NT_STATUS_BAD_NETWORK_NAME); return c; } state->creq = setup_next_method(c); -- cgit From dab5d4abbce7fc54427e5eb130e36860ffa74685 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:44:06 -0700 Subject: cope with NULL attr --- source4/rpc_server/lsa/lsa_init.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/rpc_server/lsa/lsa_init.c b/source4/rpc_server/lsa/lsa_init.c index a95cb10f9f..8d8417109f 100644 --- a/source4/rpc_server/lsa/lsa_init.c +++ b/source4/rpc_server/lsa/lsa_init.c @@ -199,7 +199,7 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * ZERO_STRUCTP(r->out.handle); - if (r->in.attr == NULL || + if (r->in.attr != NULL && r->in.attr->root_dir != NULL) { /* MS-LSAD 3.1.4.4.1 */ return NT_STATUS_INVALID_PARAMETER; @@ -217,6 +217,8 @@ NTSTATUS dcesrv_lsa_OpenPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX * handle->data = talloc_steal(handle, state); + /* need to check the access mask against - need ACLs - fails + WSPP test */ state->access_mask = r->in.access_mask; state->handle = handle; *r->out.handle = handle->wire_handle; -- cgit From ef6fc37add1fd9164eb143c953fde0d5a9fc584a Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 08:44:31 -0700 Subject: check call status not rpc fault code when calling to different levels of calls --- source4/rpc_server/lsa/lsa_lookup.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 7bf7d849b7..a71bd57516 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -649,7 +649,7 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.out.names = r->out.names; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -682,7 +682,7 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.out.names = NULL; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -836,7 +836,7 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } @@ -955,7 +955,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); - if (dce_call->fault_code != 0) { + if (NT_STATUS_IS_ERR(status)) { return status; } -- cgit From ee97097783aa146b0b2f88c15f3764a420797e1a Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Tue, 30 Sep 2008 18:10:04 +0200 Subject: Use UTF8 rather than the possibly different UNIX charset. --- source4/lib/registry/tests/generic.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/lib/registry/tests/generic.c b/source4/lib/registry/tests/generic.c index 6eae26bc46..2b7eb838ba 100644 --- a/source4/lib/registry/tests/generic.c +++ b/source4/lib/registry/tests/generic.c @@ -53,7 +53,7 @@ static bool test_reg_val_data_string_dword(struct torture_context *ctx) static bool test_reg_val_data_string_sz(struct torture_context *ctx) { DATA_BLOB db; - db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + db.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "bla", 3, (void **)&db.data); torture_assert_str_equal(ctx, "bla", reg_val_data_string(ctx, lp_iconv_convenience(ctx->lp_ctx), REG_SZ, db), @@ -88,7 +88,7 @@ static bool test_reg_val_data_string_empty(struct torture_context *ctx) static bool test_reg_val_description(struct torture_context *ctx) { DATA_BLOB data; - data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "stationary traveller", strlen("stationary traveller"), (void **)&data.data); @@ -102,7 +102,7 @@ static bool test_reg_val_description(struct torture_context *ctx) static bool test_reg_val_description_nullname(struct torture_context *ctx) { DATA_BLOB data; - data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UNIX, CH_UTF16, + data.length = convert_string_talloc(ctx, lp_iconv_convenience(ctx->lp_ctx), CH_UTF8, CH_UTF16, "west berlin", strlen("west berlin"), (void **)&data.data); -- cgit From a238f17e2785da4f11411c6a4dd20fdcb3c349b6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 12:33:00 -0700 Subject: Add in test name visible on the wire or in debug logs so you can see when particular tests start. Jeremy. --- source4/torture/raw/notify.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 25c91eb88b..14ee23158a 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -583,7 +583,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t notify.nttrans.in.buffer_size = 1000; notify.nttrans.in.recursive = true; -#define NOTIFY_MASK_TEST(setup, op, cleanup, Action, expected, nchanges) \ +#define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \ + smbcli_unlink(cli->tree, test_name); \ do { for (mask=i=0;i<32;i++) { \ struct smbcli_request *req; \ status = smb_raw_open(cli->tree, tctx, &io); \ @@ -643,21 +644,21 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } while (0) printf("testing mkdir\n"); - NOTIFY_MASK_TEST(;, + NOTIFY_MASK_TEST("testing mkdir",;, smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rmdir(cli->tree, BASEDIR "\\tname1");, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME, 1); printf("testing create file\n"); - NOTIFY_MASK_TEST(;, + NOTIFY_MASK_TEST("testing create file",;, smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_FILE_NAME, 1); printf("testing unlink\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing unlink", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, ;, @@ -665,7 +666,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_FILE_NAME, 1); printf("testing rmdir\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rmdir", smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rmdir(cli->tree, BASEDIR "\\tname1");, ;, @@ -673,7 +674,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_DIR_NAME, 1); printf("testing rename file\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rename file", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");, smbcli_unlink(cli->tree, BASEDIR "\\tname2");, @@ -681,7 +682,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_FILE_NAME|FILE_NOTIFY_CHANGE_ATTRIBUTES|FILE_NOTIFY_CHANGE_CREATION, 2); printf("testing rename dir\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing rename dir", smbcli_mkdir(cli->tree, BASEDIR "\\tname1");, smbcli_rename(cli->tree, BASEDIR "\\tname1", BASEDIR "\\tname2");, smbcli_rmdir(cli->tree, BASEDIR "\\tname2");, @@ -689,7 +690,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_DIR_NAME, 2); printf("testing set path attribute\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set path attribute", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_HIDDEN, 0);, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, @@ -697,7 +698,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_ATTRIBUTES, 1); printf("testing set path write time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set path write time", smbcli_close(cli->tree, smbcli_open(cli->tree, BASEDIR "\\tname1", O_CREAT, 0));, smbcli_setatr(cli->tree, BASEDIR "\\tname1", FILE_ATTRIBUTE_NORMAL, 1000);, smbcli_unlink(cli->tree, BASEDIR "\\tname1");, @@ -705,7 +706,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_WRITE, 1); printf("testing set file attribute\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file attribute", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, FILE_ATTRIBUTE_HIDDEN, 0, 0, 0, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -718,7 +719,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } else { printf("testing set file create time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file create time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, t, 0, 0, 0);, @@ -729,7 +730,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t } printf("testing set file access time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file access time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, t, 0, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -737,7 +738,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_ACCESS, 1); printf("testing set file write time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file write time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, t, 0);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -745,7 +746,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t FILE_NOTIFY_CHANGE_LAST_WRITE, 1); printf("testing set file change time\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing set file change time", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_fsetatr(cli->tree, fnum2, 0, 0, 0, 0, t);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -754,7 +755,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t printf("testing write\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing write", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_write(cli->tree, fnum2, 1, &c, 10000, 1);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, @@ -762,7 +763,7 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t 0, 1); printf("testing truncate\n"); - NOTIFY_MASK_TEST( + NOTIFY_MASK_TEST("testing truncate", fnum2 = create_complex_file(cli, tctx, BASEDIR "\\tname1");, smbcli_ftruncate(cli->tree, fnum2, 10000);, (smbcli_close(cli->tree, fnum2), smbcli_unlink(cli->tree, BASEDIR "\\tname1"));, -- cgit From 687ce0b60a3913b0f2eca2365a5ab56e78523ab5 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 30 Sep 2008 12:44:24 -0700 Subject: Use a getatr instead to make things cleaner. Jeremy. --- source4/torture/raw/notify.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/torture/raw/notify.c b/source4/torture/raw/notify.c index 14ee23158a..d7541b7c71 100644 --- a/source4/torture/raw/notify.c +++ b/source4/torture/raw/notify.c @@ -584,7 +584,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t notify.nttrans.in.recursive = true; #define NOTIFY_MASK_TEST(test_name, setup, op, cleanup, Action, expected, nchanges) \ - smbcli_unlink(cli->tree, test_name); \ + do { \ + smbcli_getatr(cli->tree, test_name, NULL, NULL, NULL); \ do { for (mask=i=0;i<32;i++) { \ struct smbcli_request *req; \ status = smb_raw_open(cli->tree, tctx, &io); \ @@ -641,7 +642,8 @@ static bool test_notify_mask(struct smbcli_state *cli, struct torture_context *t mask, expected); \ } \ } \ - } while (0) + } while (0); \ + } while (0); printf("testing mkdir\n"); NOTIFY_MASK_TEST("testing mkdir",;, -- cgit From 97d57d03640664416500efb1f1cf8e5a4a9522d8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 13:26:41 -0700 Subject: Fix the make test problem Karolin reported. Now rename_open_files actually works correctly we must emit the change notify before we change the name, not before. Jeremy. --- source3/smbd/reply.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 6933533672..8bfa28faea 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5583,10 +5583,10 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, DEBUG(3,("rename_internals_fsp: succeeded doing rename on %s -> %s\n", fsp->fsp_name,newname)); - rename_open_files(conn, lck, newname); - notify_rename(conn, fsp->is_directory, fsp->fsp_name, newname); + rename_open_files(conn, lck, newname); + /* * A rename acts as a new file create w.r.t. allowing an initial delete * on close, probably because in Windows there is a new handle to the -- cgit From 69fe3a5ddd6af872bc686ff2161b9b6a5e5c62a2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 13:42:30 -0700 Subject: fixed a number of places in our LSA server where we should return the sid/name array even when all are unmapped. If we don't fill in the array then the windows client runtime crashes --- source4/librpc/idl/lsa.idl | 2 +- source4/rpc_server/lsa/lsa_lookup.c | 24 +++++++++++++----------- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index eed713f71c..e1c4499022 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -1052,7 +1052,7 @@ import "misc.idl", "security.idl"; lsa_SidType sid_type; dom_sid2 *sid; uint32 sid_index; - uint32 unknown; + uint32 flags; } lsa_TranslatedSid3; typedef struct { diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index a71bd57516..0ffb0572ee 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -620,6 +620,8 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, NTSTATUS status; struct dcesrv_handle *h; + ZERO_STRUCT(r2); + /* No policy handle on the wire, so make one up here */ r2.in.handle = talloc(mem_ctx, struct policy_handle); if (!r2.in.handle) { @@ -649,9 +651,6 @@ NTSTATUS dcesrv_lsa_LookupSids3(struct dcesrv_call_state *dce_call, r2.out.names = r->out.names; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } r->out.domains = r2.out.domains; r->out.names = r2.out.names; @@ -671,6 +670,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m NTSTATUS status; int i; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.sids = r->in.sids; r2.in.names = NULL; @@ -761,7 +762,7 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, r->out.sids->sids[i].sid_type = SID_NAME_UNKNOWN; r->out.sids->sids[i].sid = NULL; r->out.sids->sids[i].sid_index = 0xFFFFFFFF; - r->out.sids->sids[i].unknown = 0; + r->out.sids->sids[i].flags = 0; status2 = dcesrv_lsa_lookup_name(dce_call->event_ctx, lp_ctx, policy_state, mem_ctx, name, &authority_name, &sid, &rtype); if (!NT_STATUS_IS_OK(status2) || sid->num_auths == 0) { @@ -771,13 +772,13 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, status2 = dcesrv_lsa_authority_list(policy_state, mem_ctx, rtype, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.sids->sids[i].sid_type = rtype; r->out.sids->sids[i].sid = sid; r->out.sids->sids[i].sid_index = sid_index; - r->out.sids->sids[i].unknown = 0; + r->out.sids->sids[i].flags = 0; (*r->out.count)++; } @@ -806,6 +807,8 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX NTSTATUS status; struct dcesrv_handle *h; + ZERO_STRUCT(r2); + /* No policy handle on the wire, so make one up here */ r2.in.handle = talloc(mem_ctx, struct policy_handle); if (!r2.in.handle) { @@ -836,9 +839,6 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames3(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } r->out.domains = r2.out.domains; r->out.sids = r2.out.sids; @@ -913,7 +913,7 @@ NTSTATUS dcesrv_lsa_LookupNames2(struct dcesrv_call_state *dce_call, status2 = dcesrv_lsa_authority_list(state, mem_ctx, rtype, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.sids->sids[i].sid_type = rtype; @@ -944,6 +944,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * NTSTATUS status; int i; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; @@ -955,7 +957,7 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { + if (r2.out.sids == NULL) { return status; } -- cgit From 2c978bbfa92b7fe29c17e40ad6d8059814b78399 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 13:57:23 -0700 Subject: handle NULL strings in strchr_m() and strrchr_m() This is needed for the LSA server code which needs to cope with a NULL names passed to lsa_LookupNames3() --- source4/lib/charset/util_unistr.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source4/lib/charset/util_unistr.c b/source4/lib/charset/util_unistr.c index a8ff88423a..5f3b2c53f1 100644 --- a/source4/lib/charset/util_unistr.c +++ b/source4/lib/charset/util_unistr.c @@ -386,6 +386,9 @@ _PUBLIC_ size_t strlen_m_term(const char *s) **/ _PUBLIC_ char *strchr_m(const char *s, char c) { + if (s == NULL) { + return NULL; + } /* characters below 0x3F are guaranteed to not appear in non-initial position in multi-byte charsets */ if ((c & 0xC0) == 0) { @@ -411,6 +414,10 @@ _PUBLIC_ char *strrchr_m(const char *s, char c) { char *ret = NULL; + if (s == NULL) { + return NULL; + } + /* characters below 0x3F are guaranteed to not appear in non-initial position in multi-byte charsets */ if ((c & 0xC0) == 0) { -- cgit From 14378d7c4cfff171e7c005c210abe253a2d7dea3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 30 Sep 2008 14:03:01 -0700 Subject: add a test for a LSA lookupnames with a NULL string --- source4/torture/rpc/lsa.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index af5ee4f6e1..45f67afd69 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -222,12 +222,13 @@ static bool test_LookupNames_bogus(struct dcerpc_pipe *p, NTSTATUS status; int i; - struct lsa_TranslatedName name; + struct lsa_TranslatedName name[2]; struct lsa_TransNameArray tnames; - tnames.names = &name; - tnames.count = 1; - name.name.string = "NT AUTHORITY\\BOGUS"; + tnames.names = name; + tnames.count = 2; + name[0].name.string = "NT AUTHORITY\\BOGUS"; + name[1].name.string = NULL; printf("\nTesting LookupNames with bogus names\n"); -- cgit From 321191d5e2ec1eaf22728dcee944e0a250a7725d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:13:19 -0700 Subject: Restructure the module so it connects to the remote data sink on connect, and closes the socket on client disconnect. This should make it much more efficient. Store the remote fd in a private data pointer off the handle. Finally we need to remove the fstrings and convert to allocated buffer storage. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 306 +++++++++++++++-------------- 1 file changed, 156 insertions(+), 150 deletions(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 9e4cf81638..cd843e6ad4 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -31,67 +31,8 @@ extern userdom_struct current_user_info; static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -NTSTATUS vfs_smb_traffic_analyzer_init(void); - -static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, - files_struct *fsp, const void *data, size_t n); - -static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, - files_struct *fsp, void *data, size_t n); - -static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, - files_struct *fsp, const void *data, size_t n, - SMB_OFF_T offset); - -static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, - files_struct *fsp, void *data, size_t n, SMB_OFF_T offset); - - -/* VFS operations we use */ - -static vfs_op_tuple smb_traffic_analyzer_tuples[] = { - - {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, - SMB_VFS_LAYER_LOGGER}, - {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} - - }; - - -/* Module initialization */ - -NTSTATUS vfs_smb_traffic_analyzer_init(void) -{ - NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ - "smb_traffic_analyzer", smb_traffic_analyzer_tuples); - - if (!NT_STATUS_IS_OK(ret)) - return ret; - - vfs_smb_traffic_analyzer_debug_level = - debug_add_class("smb_traffic_analyzer"); - - if (vfs_smb_traffic_analyzer_debug_level == -1) { - vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; - DEBUG(1, ("smb_traffic_analyzer: Couldn't register custom" - "debugging class!\n")); - } else { - DEBUG(3, ("smb_traffic_analyzer: Debug class number of" - "'smb_traffic_analyzer': %d\n", \ - vfs_smb_traffic_analyzer_debug_level)); - } - - return ret; -} - /* create the timestamp in sqlite compatible format */ -static void get_timestamp( char *String ) +static void get_timestamp(fstring str) { struct timeval tv; struct timezone tz; @@ -102,13 +43,13 @@ static void get_timestamp( char *String ) tm=localtime(&tv.tv_sec); seconds=(float) (tv.tv_usec / 1000); - fstr_sprintf(String,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ + fstr_sprintf(str,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); } -static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) +static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; const char *Mode; @@ -122,10 +63,9 @@ static int smb_traffic_analyzer_connMode( vfs_handle_struct *handle) } -/* Send data over a internet socket */ -static void smb_traffic_analyzer_send_data_inet_socket( char *String, - vfs_handle_struct *handle, const char *file_name, - bool Write) +/* Connect to an internet socket */ + +static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) { /* Create a streaming Socket */ const char *Hostname; @@ -134,13 +74,11 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, struct addrinfo hints; struct addrinfo *ailist = NULL; struct addrinfo *res = NULL; - char Sender[200]; - char TimeStamp[200]; connection_struct *conn = handle->conn; int ret; /* get port number, target system from the config parameters */ - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", + Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "host", "localhost"); ZERO_STRUCT(hints); @@ -154,14 +92,14 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, &ailist); if (ret) { - DEBUG(3,("smb_traffic_analyzer_send_data_inet_socket: " + DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: " "getaddrinfo failed for name %s [%s]\n", Hostname, gai_strerror(ret) )); - return; + return -1; } - port = atoi( lp_parm_const_string(SNUM(conn), + port = atoi( lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", "port", "9430")); DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," @@ -188,116 +126,129 @@ static void smb_traffic_analyzer_send_data_inet_socket( char *String, } if (sockfd == -1) { - DEBUG(1, ("smb_traffic_analyzer: unable to create socket, error is %s", + DEBUG(1, ("smb_traffic_analyzer: unable to create " + "socket, error is %s", strerror(errno))); - return; + return -1; } - strlcpy(Sender, String, sizeof(Sender)); - strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, get_current_username(), sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, current_user_info.domain, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) - strlcat(Sender, "W", sizeof(Sender)); - else - strlcat(Sender, "R", sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - strlcat(Sender, file_name, sizeof(Sender) - 1); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender) - 1); - strlcat(Sender, "\");", sizeof(Sender) - 1); - DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); - if ( send(sockfd, Sender, strlen(Sender), 0) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: error sending data to socket!\n")); - close(sockfd); - return ; - } - - /* one operation, close the socket */ - close(sockfd); + return sockfd; } +/* Connect to a unix domain socket */ - -/* Send data over a unix domain socket */ -static void smb_traffic_analyzer_send_data_unix_socket( char *String , - vfs_handle_struct *handle, const char *file_name, - bool Write) +static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) { /* Create the socket to stad */ int len, sock; struct sockaddr_un remote; - char Sender[200]; - char TimeStamp[200]; - DEBUG(7, ("smb_traffic_analyzer: Unix domain socket mode. Using " + DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: " + "Unix domain socket mode. Using " "/var/tmp/stadsocket\n")); if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { - DEBUG(1, ("smb_traffic_analyzer: Couldn create socket," + DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " + "Couldn't create socket, " "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - strlcpy(remote.sun_path, "/var/tmp/stadsocket", + strlcpy(remote.sun_path, "/var/tmp/stadsocket", sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: Could not connect to" + DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " + "Could not connect to " "socket, make sure\nstad is running!\n")); close(sock); + return -1; + } + return sock; +} + +/* Send data over a socket */ + +static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, + char *str, + const char *file_name, + bool Write) +{ + int *psockfd = NULL; + char Sender[200]; + char TimeStamp[200]; + + SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); + + if (psockfd == NULL || *psockfd == -1) { + DEBUG(1, ("smb_traffic_analyzer_send_data: socket is " + "closed\n")); return; } - strlcpy(Sender, String, sizeof(Sender)); + + strlcpy(Sender, str, sizeof(Sender)); strlcat(Sender, ",\"", sizeof(Sender)); strlcat(Sender, get_current_username(), sizeof(Sender)); - strlcat(Sender,"\",\"",sizeof(Sender)); + strlcat(Sender, "\",\"", sizeof(Sender)); strlcat(Sender, current_user_info.domain, sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) + if (Write) strlcat(Sender, "W", sizeof(Sender)); else strlcat(Sender, "R", sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, file_name, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender)); - strlcat(Sender, "\");", sizeof(Sender)); - - DEBUG(10, ("smb_traffic_analyzer: sending %s\n", Sender)); - if ( send(sock, Sender, strlen(Sender), 0) == -1 ) { - DEBUG(1, ("smb_traffic_analyzer: error sending data to" - "socket!\n")); - close(sock); - return; + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + strlcat(Sender, file_name, sizeof(Sender) - 1); + strlcat(Sender, "\",\"", sizeof(Sender) - 1); + get_timestamp(TimeStamp); + strlcat(Sender, TimeStamp, sizeof(Sender) - 1); + strlcat(Sender, "\");", sizeof(Sender) - 1); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", + Sender)); + if (send(*psockfd, Sender, strlen(Sender), 0) == -1 ) { + DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " + "error sending data to socket!\n")); + return ; } +} - /* one operation, close the socket */ - close(sock); - return; +static void smb_traffic_analyzer_free_data(void **pptr) +{ + int *pfd = *(int **)pptr; + if(!pfd) { + return; + } + if (*pfd != -1) { + close(*pfd); + } + TALLOC_FREE(pfd); } -static void smb_traffic_analyzer_send_data( char *Buffer , vfs_handle_struct \ - *handle, char *file_name, bool Write, files_struct *fsp) +static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle, + const char *service, + const char *user) { + int *pfd = TALLOC_P(handle, int); - if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { - smb_traffic_analyzer_send_data_unix_socket(Buffer, handle, \ - fsp->fsp_name, Write); - } else { - smb_traffic_analyzer_send_data_inet_socket(Buffer, handle, \ - fsp->fsp_name, Write); - } -} + if (!pfd) { + errno = ENOMEM; + return -1; + } + if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { + *pfd = smb_traffic_analyzer_connect_unix_socket(handle); + } else { + *pfd = smb_traffic_analyzer_connect_inet_socket(handle); + } + if (*pfd == -1) { + return -1; + } + /* Store the private data. */ + SMB_VFS_HANDLE_SET_DATA(handle, pfd, smb_traffic_analyzer_free_data, + int, return -1); + return SMB_VFS_NEXT_CONNECT(handle, service, user); +} /* VFS Functions: write, read, pread, pwrite for now */ @@ -308,11 +259,14 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); - DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + false); return result; } @@ -325,10 +279,13 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); - DEBUG(10, ("smb_traffic_analyzer: READ: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer,"%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, false, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + false); return result; } @@ -341,11 +298,13 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); - DEBUG(10, ("smb_traffic_analyzer: WRITE: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, \ - true, fsp ); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + true); return result; } @@ -357,9 +316,56 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); - DEBUG(10, ("smb_traffic_analyzer: PWRITE: %s\n", fsp->fsp_name )); + DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name )); fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(Buffer, handle, fsp->fsp_name, true, fsp); + smb_traffic_analyzer_send_data(handle, + Buffer, + fsp->fsp_name, + true); return result; } + +/* VFS operations we use */ + +static vfs_op_tuple smb_traffic_analyzer_tuples[] = { + + {SMB_VFS_OP(smb_traffic_analyzer_connect), SMB_VFS_OP_CONNECT, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_read), SMB_VFS_OP_READ, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pread), SMB_VFS_OP_PREAD, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_write), SMB_VFS_OP_WRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(smb_traffic_analyzer_pwrite), SMB_VFS_OP_PWRITE, + SMB_VFS_LAYER_LOGGER}, + {SMB_VFS_OP(NULL),SMB_VFS_OP_NOOP,SMB_VFS_LAYER_NOOP} +}; + +/* Module initialization */ + +NTSTATUS vfs_smb_traffic_analyzer_init(void) +{ + NTSTATUS ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, \ + "smb_traffic_analyzer", smb_traffic_analyzer_tuples); + + if (!NT_STATUS_IS_OK(ret)) { + return ret; + } + + vfs_smb_traffic_analyzer_debug_level = + debug_add_class("smb_traffic_analyzer"); + + if (vfs_smb_traffic_analyzer_debug_level == -1) { + vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; + DEBUG(1, ("smb_traffic_analyzer_init: Couldn't register custom" + "debugging class!\n")); + } else { + DEBUG(3, ("smb_traffic_analyzer_init: Debug class number of" + "'smb_traffic_analyzer': %d\n", \ + vfs_smb_traffic_analyzer_debug_level)); + } + + return ret; +} -- cgit From 4e6445a0720d7265f0bddff71cd2e17d6b2ac057 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:21:58 -0700 Subject: Remove current_user_info - not needed. Jeremy. --- source3/modules/vfs_expand_msdfs.c | 2 +- source3/modules/vfs_smb_traffic_analyzer.c | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index 0d09d213e1..c22ab66e14 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -147,7 +147,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, conn->connectpath, conn->server_info->utok.gid, conn->server_info->sanitized_username, - pdb_get_domain(conn->server_info->sam_account), + pdb_get_domain(handle->conn->server_info->sam_account), targethost); DEBUG(10, ("Expanded targethost to %s\n", targethost)); diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index cd843e6ad4..12c893fae7 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -27,8 +27,6 @@ /* Prototypes */ -extern userdom_struct current_user_info; - static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; /* create the timestamp in sqlite compatible format */ @@ -187,9 +185,9 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, strlcpy(Sender, str, sizeof(Sender)); strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, get_current_username(), sizeof(Sender)); + strlcat(Sender, handle->conn->server_info->sanitized_username, sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, current_user_info.domain, sizeof(Sender)); + strlcat(Sender, pdb_get_domain(handle->conn->server_info->sam_account), sizeof(Sender)); strlcat(Sender, "\",\"", sizeof(Sender)); if (Write) strlcat(Sender, "W", sizeof(Sender)); -- cgit From 5d7d18b7e827930018ab30fc5e738b5a5cd90789 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 15:26:26 -0700 Subject: Revert erroneous commit. Jeremy. --- source3/modules/vfs_expand_msdfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_expand_msdfs.c b/source3/modules/vfs_expand_msdfs.c index c22ab66e14..0d09d213e1 100644 --- a/source3/modules/vfs_expand_msdfs.c +++ b/source3/modules/vfs_expand_msdfs.c @@ -147,7 +147,7 @@ static char *expand_msdfs_target(TALLOC_CTX *ctx, conn->connectpath, conn->server_info->utok.gid, conn->server_info->sanitized_username, - pdb_get_domain(handle->conn->server_info->sam_account), + pdb_get_domain(conn->server_info->sam_account), targethost); DEBUG(10, ("Expanded targethost to %s\n", targethost)); -- cgit From c164ff2be5f9af7cc83e43d8c54b54186444fac0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 30 Sep 2008 16:19:37 -0700 Subject: Convert to allocated strings. Use write_data(), not send as this doesn't correctly deal with EINTR. Jim and Holger please check this still works. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 100 ++++++++++++----------------- 1 file changed, 42 insertions(+), 58 deletions(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 12c893fae7..3925424214 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -24,29 +24,8 @@ #define UNIX_DOMAIN_SOCKET 1 #define INTERNET_SOCKET 0 - -/* Prototypes */ - static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -/* create the timestamp in sqlite compatible format */ -static void get_timestamp(fstring str) -{ - struct timeval tv; - struct timezone tz; - struct tm *tm; - int seconds; - - gettimeofday(&tv, &tz); - tm=localtime(&tv.tv_sec); - seconds=(float) (tv.tv_usec / 1000); - - fstr_sprintf(str,"%04d-%02d-%02d %02d:%02d:%02d.%03d", \ - tm->tm_year+1900, tm->tm_mon+1, tm->tm_mday, \ - tm->tm_hour, tm->tm_min, tm->tm_sec, (int)seconds); - -} - static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; @@ -58,7 +37,6 @@ static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) } else { return INTERNET_SOCKET; } - } /* Connect to an internet socket */ @@ -167,13 +145,16 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) /* Send data over a socket */ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, - char *str, + ssize_t result, const char *file_name, bool Write) { int *psockfd = NULL; - char Sender[200]; - char TimeStamp[200]; + struct timeval tv; + struct tm *tm = NULL; + int seconds; + char *str = NULL; + size_t len; SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); @@ -183,27 +164,39 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, return; } - strlcpy(Sender, str, sizeof(Sender)); - strlcat(Sender, ",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->server_info->sanitized_username, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, pdb_get_domain(handle->conn->server_info->sam_account), sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - if (Write) - strlcat(Sender, "W", sizeof(Sender)); - else - strlcat(Sender, "R", sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender)); - strlcat(Sender, handle->conn->connectpath, sizeof(Sender)); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - strlcat(Sender, file_name, sizeof(Sender) - 1); - strlcat(Sender, "\",\"", sizeof(Sender) - 1); - get_timestamp(TimeStamp); - strlcat(Sender, TimeStamp, sizeof(Sender) - 1); - strlcat(Sender, "\");", sizeof(Sender) - 1); + GetTimeOfDay(&tv); + tm=localtime(&tv.tv_sec); + if (!tm) { + return; + } + seconds=(float) (tv.tv_usec / 1000); + + str = talloc_asprintf(talloc_tos(), + "%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," + "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\");", + (unsigned int)result, + handle->conn->server_info->sanitized_username, + pdb_get_domain(handle->conn->server_info->sam_account), + Write ? 'W' : 'R', + handle->conn->connectpath, + file_name, + tm->tm_year+1900, + tm->tm_mon+1, + tm->tm_mday, + tm->tm_hour, + tm->tm_min, + tm->tm_sec, + (int)seconds); + + if (!str) { + return; + } + + len = strlen(str); + DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", - Sender)); - if (send(*psockfd, Sender, strlen(Sender), 0) == -1 ) { + str)); + if (write_data(*psockfd, str, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending data to socket!\n")); return ; @@ -254,15 +247,12 @@ static ssize_t smb_traffic_analyzer_read(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_READ(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer_read: READ: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); - smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, false); return result; @@ -273,15 +263,13 @@ static ssize_t smb_traffic_analyzer_pread(vfs_handle_struct *handle, \ files_struct *fsp, void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); DEBUG(10, ("smb_traffic_analyzer_pread: PREAD: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer,"%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, false); @@ -292,15 +280,13 @@ static ssize_t smb_traffic_analyzer_write(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_WRITE(handle, fsp, data, n); DEBUG(10, ("smb_traffic_analyzer_write: WRITE: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, true); return result; @@ -310,15 +296,13 @@ static ssize_t smb_traffic_analyzer_pwrite(vfs_handle_struct *handle, \ files_struct *fsp, const void *data, size_t n, SMB_OFF_T offset) { ssize_t result; - fstring Buffer; result = SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); DEBUG(10, ("smb_traffic_analyzer_pwrite: PWRITE: %s\n", fsp->fsp_name )); - fstr_sprintf(Buffer, "%u", (uint) result); smb_traffic_analyzer_send_data(handle, - Buffer, + result, fsp->fsp_name, true); return result; -- cgit From d56a81f60a820e6a4a3f2617c4fdd4f88e7853cd Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 1 Oct 2008 17:27:42 +0200 Subject: Update to refer to 3 and 4, not just Samba 3. --- README.Coding | 65 +++++++++++++++++++++++++++++------------------------------ 1 file changed, 32 insertions(+), 33 deletions(-) diff --git a/README.Coding b/README.Coding index 8063ae8691..c1b6641a5a 100644 --- a/README.Coding +++ b/README.Coding @@ -1,6 +1,7 @@ -## -## Coding conventions in the Samba 3 tree -## +Coding conventions in the Samba tree +------------------------------------ + +.. contents:: =========== Quick Start @@ -14,15 +15,13 @@ style should never outweigh coding itself and so the the guidelines described here are hopefully easy enough to follow as they are very common and supported by tools and editors. -The basic style, also mentioned in the SAMBA_4_0/prog_guide.txt is the -Linux kernel coding style (See Documentation/CodingStyle in the kernel -source tree). The closely matches what most Samba developers use already -anyways. +The basic style, also mentioned in prog_guide4.txt, is the Linux kernel coding +style (See Documentation/CodingStyle in the kernel source tree). This closely +matches what most Samba developers use already anyways. But to save you the trouble of reading the Linux kernel style guide, here are the highlights. - * Maximum Line Width is 80 Characters The reason is not for people with low-res screens but rather sticking to 80 columns prevents you from easily nesting more than one level of @@ -59,14 +58,14 @@ Vi -- (Thanks to SATOH Fumiyasu for these hints): -For the basic vi editor including with all variants of *nix, add the +For the basic vi editor including with all variants of \*nix, add the following to $HOME/.exrc: set tabstop=8 set shiftwidth=8 For Vim, the following settings in $HOME/.vimrc will also deal with -displaying trailing whitespace: +displaying trailing whitespace:: if has("syntax") && (&t_Co > 2 || has("gui_running")) syntax on @@ -91,7 +90,7 @@ FAQ & Statement Reference Comments -------- -Comments should always use the standard C syntax. I.e. /* ... */. C++ +Comments should always use the standard C syntax. C++ style comments are not currently allowed. @@ -145,7 +144,7 @@ The exception to the ending rule is when the closing brace is followed by another language keyword such as else or the closing while in a do..while loop. -Good examples: +Good examples:: if (x == 1) { printf("good\n"); @@ -162,7 +161,7 @@ Good examples: printf("also good\n"); } while (1); -Bad examples: +Bad examples:: while (1) { @@ -177,29 +176,29 @@ evil, they can greatly enhance readability and reduce memory leaks when used as the single exit point from a function. But in no Samba world what so ever is a goto outside of a function or block of code a good idea. -Good Examples: - -int function foo(int y) -{ - int *z = NULL; - int ret = 0; +Good Examples:: - if ( y < 10 ) { - z = malloc(sizeof(int)*y); - if (!z) { - ret = 1; - goto done; + int function foo(int y) + { + int *z = NULL; + int ret = 0; + + if ( y < 10 ) { + z = malloc(sizeof(int)*y); + if (!z) { + ret = 1; + goto done; + } } - } - print("Allocated %d elements.\n", y); + print("Allocated %d elements.\n", y); - done: - if (z) - free(z); + done: + if (z) + free(z); - return ret; -} + return ret; + } Checking Pointer Values @@ -207,13 +206,13 @@ Checking Pointer Values When invoking functions that return pointer values, either of the following are acceptable. Use you best judgement and choose the more readable option. -Remember that many other people will review it. +Remember that many other people will review it.:: if ((x = malloc(sizeof(short)*10)) == NULL ) { fprintf(stderr, "Unable to alloc memory!\n"); } -or +or:: x = malloc(sizeof(short)*10); if (!x) { -- cgit From 90d1481cf6b100988f9a6157674d03ed677f280f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 1 Oct 2008 17:28:12 +0200 Subject: Fix formatting to be compatible with ReST. --- prog_guide4.txt | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/prog_guide4.txt b/prog_guide4.txt index 2f5be5f791..cc20c262d8 100644 --- a/prog_guide4.txt +++ b/prog_guide4.txt @@ -7,6 +7,8 @@ FROM A FEW PEOPLE. DON'T TAKE THIS AS THE FINAL VERSION YET. Samba4 Programming Guide ------------------------ +.. contents:: + The internals of Samba4 are quite different from previous versions of Samba, so even if you are an experienced Samba developer please take the time to read through this document. @@ -144,8 +146,7 @@ data is a bug waiting to happen. Static data is evil as it has the following consequences: - it makes code much less likely to be thread-safe - it makes code much less likely to be recursion-safe -- it leads to subtle side effects when the same code is called from - multiple places +- it leads to subtle side effects when the same code is called from multiple places - doesn't play well with shared libraries or plugins Static data is particularly evil in library code (such as our internal @@ -273,9 +274,9 @@ generating the right offsets. The same rule applies to strings. In many places in the SMB and MSRPC protocols complex strings are used on the wire, with complex rules about padding, format, alighment, termination etc. None of that -information is useful to a high level calling routine or to a backend -- its all just so much wire fluff. So, in Samba4 these strings are -just "char *" and are always in our internal multi-byte format (which +information is useful to a high level calling routine or to a backend - its +all just so much wire fluff. So, in Samba4 these strings are +just "char \*" and are always in our internal multi-byte format (which is usually UTF8). It is up to the parse functions to worry about translating the format and getting the padding right. @@ -580,13 +581,17 @@ DCERPC Handles The various handles that are used in the RPC servers should be created and fetch using the dcesrv_handle_* functions. -Use dcesrv_handle_new(struct dcesrv_connection *, uint8 handle_type) to obtain +Use dcesrv_handle_new(struct dcesrv_connection \*, uint8 handle_type) to obtain a new handle of the specified type. Handle types are unique within each pipe. -The handle can later be fetched again using -struct dcesrv_handle *dcesrv_handle_fetch(struct dcesrv_connection *dce_conn, struct policy_handle *p, uint8 handle_type) -and destroyed by dcesrv_handle_destroy(struct dcesrv_handle *). +The handle can later be fetched again using:: + + struct dcesrv_handle *dcesrv_handle_fetch(struct dcesrv_connection *dce_conn, struct policy_handle *p, uint8 handle_type) + +and destroyed by:: + + dcesrv_handle_destroy(struct dcesrv_handle *). User data should be stored in the 'data' member of the dcesrv_handle struct. @@ -765,12 +770,10 @@ BUGS: no 137 resolution not possible should not fallback to anon when pass supplied should check pass-thu cap bit, and skip lots of tests - possibly allow the test suite to say "allow oversized replies" for - trans2 and other calls + possibly allow the test suite to say "allow oversized replies" for trans2 and other calls handle servers that don't have the setattre call in torture add max file coponent length test and max path len test - check for alloc failure in all core reply.c and trans2.c code where - allocation size depends on client parameter + check for alloc failure in all core reply.c and trans2.c code where allocation size depends on client parameter case-insenstive idea: all filenames on disk lowercase -- cgit From bdd80734c977336b09f64cd55d76815de49a5fee Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 1 Oct 2008 17:29:16 +0200 Subject: Fix header. --- prog_guide4.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/prog_guide4.txt b/prog_guide4.txt index cc20c262d8..8d6ff56964 100644 --- a/prog_guide4.txt +++ b/prog_guide4.txt @@ -5,7 +5,7 @@ FROM A FEW PEOPLE. DON'T TAKE THIS AS THE FINAL VERSION YET. Samba4 Programming Guide ------------------------- +======================== .. contents:: -- cgit From ca44340891d60de7e48bb263c7debd45cc3f3ed0 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 1 Oct 2008 18:06:55 +0200 Subject: Fix some syntax errors for use with ReST. --- lib/talloc/talloc_guide.txt | 43 ++++++++++++++++++++++++++----------------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/lib/talloc/talloc_guide.txt b/lib/talloc/talloc_guide.txt index 18663b370d..3201fe6f0f 100644 --- a/lib/talloc/talloc_guide.txt +++ b/lib/talloc/talloc_guide.txt @@ -1,5 +1,7 @@ Using talloc in Samba4 ----------------------- +====================== + +.. contents:: Andrew Tridgell September 2004 @@ -18,7 +20,7 @@ get used to it. Perhaps the biggest change from Samba3 is that there is no distinction between a "talloc context" and a "talloc pointer". Any pointer returned from talloc() is itself a valid talloc context. This means -you can do this: +you can do this:: struct foo *X = talloc(mem_ctx, struct foo); X->name = talloc_strdup(X, "foo"); @@ -271,7 +273,7 @@ equivalent to: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- void *talloc_named_const(const void *context, size_t size, const char *name); -This is equivalent to: +This is equivalent to:: ptr = talloc_size(context, size); talloc_set_name_const(ptr, name); @@ -288,7 +290,7 @@ talloc_set_name() for details. void *talloc_init(const char *fmt, ...); This function creates a zero length named talloc context as a top -level context. It is equivalent to: +level context. It is equivalent to:: talloc_named(NULL, 0, fmt, ...); @@ -309,7 +311,7 @@ The talloc_realloc() macro changes the size of a talloc pointer. The "count" argument is the number of elements of type "type" that you want the resulting pointer to hold. -talloc_realloc() has the following equivalences: +talloc_realloc() has the following equivalences:: talloc_realloc(context, NULL, type, 1) ==> talloc(context, type); talloc_realloc(context, NULL, type, N) ==> talloc_array(context, type, N); @@ -490,7 +492,7 @@ This disables tracking of the NULL memory context. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- (type *)talloc_zero(const void *ctx, type); -The talloc_zero() macro is equivalent to: +The talloc_zero() macro is equivalent to:: ptr = talloc(ctx, type); if (ptr) memset(ptr, 0, sizeof(type)); @@ -505,7 +507,7 @@ The talloc_zero_size() function is useful when you don't have a known type =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- void *talloc_memdup(const void *ctx, const void *p, size_t size); -The talloc_memdup() function is equivalent to: +The talloc_memdup() function is equivalent to:: ptr = talloc_size(ctx, size); if (ptr) memcpy(ptr, p, size); @@ -514,13 +516,14 @@ The talloc_memdup() function is equivalent to: =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- char *talloc_strdup(const void *ctx, const char *p); -The talloc_strdup() function is equivalent to: +The talloc_strdup() function is equivalent to:: ptr = talloc_size(ctx, strlen(p)+1); if (ptr) memcpy(ptr, p, strlen(p)+1); This functions sets the name of the new pointer to the passed -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- @@ -540,7 +543,8 @@ The talloc_append_string() function appends the given formatted string to the given string. This function sets the name of the new pointer to the new -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- @@ -550,7 +554,8 @@ The talloc_vasprintf() function is the talloc equivalent of the C library function vasprintf() This functions sets the name of the new pointer to the new -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) @@ -561,7 +566,8 @@ The talloc_asprintf() function is the talloc equivalent of the C library function asprintf() This functions sets the name of the new pointer to the new -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) @@ -574,7 +580,8 @@ Use this varient when the string in the current talloc buffer may have been truncated in length. This functions sets the name of the new pointer to the new -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) @@ -587,14 +594,15 @@ Use this varient when the string in the current talloc buffer has not been changed. This functions sets the name of the new pointer to the new -string. This is equivalent to: +string. This is equivalent to:: + talloc_set_name_const(ptr, ptr) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ((type *)talloc_array(const void *ctx, type, uint_t count); -The talloc_array() macro is equivalent to: +The talloc_array() macro is equivalent to:: (type *)talloc_size(ctx, sizeof(type) * count); @@ -648,7 +656,7 @@ then the pointer is returned. It it doesn't then NULL is returned. This macro allows you to do type checking on talloc pointers. It is particularly useful for void* private pointers. It is equivalent to -this: +this:: (type *)talloc_check_name(ptr, #type) @@ -660,7 +668,8 @@ This macro allows you to force the name of a pointer to be a particular type. This can be used in conjunction with talloc_get_type() to do type checking on void* pointers. -It is equivalent to this: +It is equivalent to this:: + talloc_set_name_const(ptr, #type) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- cgit From 370cbe0060cb2670c7f65100954dac6c63030ca0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 1 Oct 2008 12:50:29 -0700 Subject: Turn the socket connections into a refcounted list - in the common case there'll now only be one socket per smbd. Changed the format of the wire data to (a) include a version number (V1) as the first element. (b) removed the ";)" at the end an replaced it with a "\n". Receiver can change back if needed, and now receiver can just log "as-is" to a text file (making testing easier). Added my (C). Sorry Holger, but I've changed quite a bit now. Jeremy. --- source3/modules/vfs_smb_traffic_analyzer.c | 139 ++++++++++++++++++++--------- 1 file changed, 95 insertions(+), 44 deletions(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index 3925424214..ff61768495 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -3,6 +3,7 @@ * on the net. * * Copyright (C) Holger Hetterich, 2008 + * Copyright (C) Jeremy Allison, 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -21,12 +22,14 @@ #include "includes.h" /* abstraction for the send_over_network function */ -#define UNIX_DOMAIN_SOCKET 1 -#define INTERNET_SOCKET 0 + +enum sock_type {INTERNET_SOCKET = 0, UNIX_DOMAIN_SOCKET}; + +#define LOCAL_PATHNAME "/var/tmp/stadsocket" static int vfs_smb_traffic_analyzer_debug_level = DBGC_VFS; -static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) +static enum sock_type smb_traffic_analyzer_connMode(vfs_handle_struct *handle) { connection_struct *conn = handle->conn; const char *Mode; @@ -41,28 +44,22 @@ static int smb_traffic_analyzer_connMode(vfs_handle_struct *handle) /* Connect to an internet socket */ -static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) +static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle, + const char *name, uint16_t port) { /* Create a streaming Socket */ - const char *Hostname; int sockfd = -1; - uint16_t port; struct addrinfo hints; struct addrinfo *ailist = NULL; struct addrinfo *res = NULL; - connection_struct *conn = handle->conn; int ret; - /* get port number, target system from the config parameters */ - Hostname=lp_parm_const_string(SNUM(conn), "smb_traffic_analyzer", - "host", "localhost"); - ZERO_STRUCT(hints); /* By default make sure it supports TCP. */ hints.ai_socktype = SOCK_STREAM; hints.ai_flags = AI_ADDRCONFIG; - ret = getaddrinfo(Hostname, + ret = getaddrinfo(name, NULL, &hints, &ailist); @@ -70,16 +67,13 @@ static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) if (ret) { DEBUG(3,("smb_traffic_analyzer_connect_inet_socket: " "getaddrinfo failed for name %s [%s]\n", - Hostname, + name, gai_strerror(ret) )); return -1; } - port = atoi( lp_parm_const_string(SNUM(conn), - "smb_traffic_analyzer", "port", "9430")); - DEBUG(3,("smb_traffic_analyzer: Internet socket mode. Hostname: %s," - "Port: %i\n", Hostname, port)); + "Port: %i\n", name, port)); for (res = ailist; res; res = res->ai_next) { struct sockaddr_storage ss; @@ -113,15 +107,16 @@ static int smb_traffic_analyzer_connect_inet_socket(vfs_handle_struct *handle) /* Connect to a unix domain socket */ -static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) +static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle, + const char *name) { /* Create the socket to stad */ int len, sock; struct sockaddr_un remote; DEBUG(7, ("smb_traffic_analyzer_connect_unix_socket: " - "Unix domain socket mode. Using " - "/var/tmp/stadsocket\n")); + "Unix domain socket mode. Using %s\n", + name )); if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) { DEBUG(1, ("smb_traffic_analyzer_connect_unix_socket: " @@ -129,7 +124,7 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) "make sure stad is running!\n")); } remote.sun_family = AF_UNIX; - strlcpy(remote.sun_path, "/var/tmp/stadsocket", + strlcpy(remote.sun_path, name, sizeof(remote.sun_path)); len=strlen(remote.sun_path) + sizeof(remote.sun_family); if (connect(sock, (struct sockaddr *)&remote, len) == -1 ) { @@ -142,6 +137,16 @@ static int smb_traffic_analyzer_connect_unix_socket(vfs_handle_struct *handle) return sock; } +/* Private data allowing shared connection sockets. */ + +struct refcounted_sock { + struct refcounted_sock *next, *prev; + char *name; + uint16_t port; + int sock; + unsigned int ref_count; +}; + /* Send data over a socket */ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, @@ -149,16 +154,16 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, const char *file_name, bool Write) { - int *psockfd = NULL; + struct refcounted_sock *rf_sock = NULL; struct timeval tv; struct tm *tm = NULL; int seconds; char *str = NULL; size_t len; - SMB_VFS_HANDLE_GET_DATA(handle, psockfd, int, return); + SMB_VFS_HANDLE_GET_DATA(handle, rf_sock, struct refcounted_sock, return); - if (psockfd == NULL || *psockfd == -1) { + if (rf_sock == NULL || rf_sock->sock == -1) { DEBUG(1, ("smb_traffic_analyzer_send_data: socket is " "closed\n")); return; @@ -172,8 +177,8 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, seconds=(float) (tv.tv_usec / 1000); str = talloc_asprintf(talloc_tos(), - "%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," - "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\");", + "V1,%u,\"%s\",\"%s\",\"%c\",\"%s\",\"%s\"," + "\"%04d-%02d-%02d %02d:%02d:%02d.%03d\"\n", (unsigned int)result, handle->conn->server_info->sanitized_username, pdb_get_domain(handle->conn->server_info->sam_account), @@ -196,48 +201,94 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, DEBUG(10, ("smb_traffic_analyzer_send_data_socket: sending %s\n", str)); - if (write_data(*psockfd, str, len) != len) { + if (write_data(rf_sock->sock, str, len) != len) { DEBUG(1, ("smb_traffic_analyzer_send_data_socket: " "error sending data to socket!\n")); return ; } } +static struct refcounted_sock *sock_list; + static void smb_traffic_analyzer_free_data(void **pptr) { - int *pfd = *(int **)pptr; - if(!pfd) { + struct refcounted_sock *rf_sock = *(struct refcounted_sock **)pptr; + if (rf_sock == NULL) { return; } - if (*pfd != -1) { - close(*pfd); + rf_sock->ref_count--; + if (rf_sock->ref_count != 0) { + return; + } + if (rf_sock->sock != -1) { + close(rf_sock->sock); } - TALLOC_FREE(pfd); + DLIST_REMOVE(sock_list, rf_sock); + TALLOC_FREE(rf_sock); } static int smb_traffic_analyzer_connect(struct vfs_handle_struct *handle, const char *service, const char *user) { - int *pfd = TALLOC_P(handle, int); + connection_struct *conn = handle->conn; + enum sock_type st = smb_traffic_analyzer_connMode(handle); + struct refcounted_sock *rf_sock = NULL; + const char *name = (st == UNIX_DOMAIN_SOCKET) ? LOCAL_PATHNAME : + lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", + "host", "localhost"); + uint16_t port = (st == UNIX_DOMAIN_SOCKET) ? 0 : + atoi( lp_parm_const_string(SNUM(conn), + "smb_traffic_analyzer", "port", "9430")); - if (!pfd) { - errno = ENOMEM; - return -1; + /* Are we already connected ? */ + for (rf_sock = sock_list; rf_sock; rf_sock = rf_sock->next) { + if (port == rf_sock->port && + (strcmp(name, rf_sock->name) == 0)) { + break; + } } - if (smb_traffic_analyzer_connMode(handle) == UNIX_DOMAIN_SOCKET) { - *pfd = smb_traffic_analyzer_connect_unix_socket(handle); + /* If we're connected already, just increase the + * reference count. */ + if (rf_sock) { + rf_sock->ref_count++; } else { - *pfd = smb_traffic_analyzer_connect_inet_socket(handle); - } - if (*pfd == -1) { - return -1; + /* New connection. */ + rf_sock = TALLOC_ZERO_P(NULL, struct refcounted_sock); + if (rf_sock == NULL) { + errno = ENOMEM; + return -1; + } + rf_sock->name = talloc_strdup(rf_sock, name); + if (rf_sock->name == NULL) { + TALLOC_FREE(rf_sock); + errno = ENOMEM; + return -1; + } + rf_sock->port = port; + rf_sock->ref_count = 1; + + if (st == UNIX_DOMAIN_SOCKET) { + rf_sock->sock = smb_traffic_analyzer_connect_unix_socket(handle, + name); + } else { + + rf_sock->sock = smb_traffic_analyzer_connect_inet_socket(handle, + name, + port); + } + if (rf_sock->sock == -1) { + TALLOC_FREE(rf_sock); + return -1; + } + DLIST_ADD(sock_list, rf_sock); } /* Store the private data. */ - SMB_VFS_HANDLE_SET_DATA(handle, pfd, smb_traffic_analyzer_free_data, - int, return -1); + SMB_VFS_HANDLE_SET_DATA(handle, rf_sock, smb_traffic_analyzer_free_data, + struct refcounted_sock, return -1); return SMB_VFS_NEXT_CONNECT(handle, service, user); } -- cgit From e4f5bfb34b7a515e2cf107eb94489260594b8733 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 1 Oct 2008 13:15:54 -0700 Subject: Fix use of DLIST_REMOVE as spotted by Constantine Vetoshev . This API is unusual in that if used to remove a non-list head it nulls out the next and prev pointers. This is what you want for debugging (don't want an entry removed from the list to be still virtually linked into it) but means there is no consistent idiom for use as the next and prev pointers get trashed on removal from the list, meaning you must save them yourself. You can use it one way when deleting everything via the head pointer, as this preserves the next pointer, but you *must* use it another way when not deleting everything via the head pointer. Fix all known uses of this (the main one is in conn_free_internal() and would not free all the private data entries for vfs modules. The other changes in web/statuspage.c and winbindd_util.c are not strictly neccessary, as the head pointer is being used, but I've done them for consistency. Long term we must revisit this as this API is too hard to use correctly. Jeremy. --- source3/smbd/conn.c | 2 +- source3/web/statuspage.c | 5 +++-- source3/winbindd/winbindd_util.c | 3 +-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index b9433bb965..7f34d2b8e2 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -252,8 +252,8 @@ void conn_free_internal(connection_struct *conn) /* Free vfs_connection_struct */ handle = conn->vfs_handles; while(handle) { - DLIST_REMOVE(conn->vfs_handles, handle); thandle = handle->next; + DLIST_REMOVE(conn->vfs_handles, handle); if (handle->free_data) handle->free_data(&handle->data); handle = thandle; diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c index ce24c7cddd..e684a075c2 100644 --- a/source3/web/statuspage.c +++ b/source3/web/statuspage.c @@ -43,9 +43,10 @@ static void initPid2Machine (void) { /* show machine name rather PID on table "Open Files"? */ if (PID_or_Machine) { - PIDMAP *p; + PIDMAP *p, *next; - for (p = pidmap; p != NULL; ) { + for (p = pidmap; p != NULL; p = next) { + next = p->next; DLIST_REMOVE(pidmap, p); SAFE_FREE(p->machine); SAFE_FREE(p); diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c index b8cb27c797..fdfc8ed9d1 100644 --- a/source3/winbindd/winbindd_util.c +++ b/source3/winbindd/winbindd_util.c @@ -1075,13 +1075,12 @@ void free_getent_state(struct getent_state *state) temp = state; while(temp != NULL) { - struct getent_state *next; + struct getent_state *next = temp->next; /* Free sam entries then list entry */ SAFE_FREE(state->sam_entries); DLIST_REMOVE(state, state); - next = temp->next; SAFE_FREE(temp); temp = next; -- cgit From ea85ceefa945f1fee2bb10441a3cc8e35216733b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 1 Oct 2008 15:01:05 -0700 Subject: Whitespace cleanup. Jeremy. --- source3/printing/print_cups.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index f9568f0a54..97584cbe05 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -7,12 +7,12 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ @@ -109,7 +109,7 @@ bool cups_cache_reload(void) { "printer-name", "printer-info" - }; + }; bool ret = False; DEBUG(5, ("reloading cups printcap cache\n")); @@ -657,8 +657,8 @@ static int cups_job_submit(int snum, struct printjob *pjob) ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "job-name", NULL, new_jobname); - /* - * add any options defined in smb.conf + /* + * add any options defined in smb.conf */ num_options = 0; @@ -666,7 +666,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) num_options = cupsParseOptions(lp_cups_options(snum), num_options, &options); if ( num_options ) - cupsEncodeOptions(request, num_options, options); + cupsEncodeOptions(request, num_options, options); /* * Do the request and get back a response... @@ -712,7 +712,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) static int cups_queue_get(const char *sharename, enum printing_types printing_type, char *lpq_command, - print_queue_struct **q, + print_queue_struct **q, print_status_struct *status) { fstring printername; @@ -751,10 +751,10 @@ static int cups_queue_get(const char *sharename, *q = NULL; - /* HACK ALERT!!! The problem with support the 'printer name' - option is that we key the tdb off the sharename. So we will - overload the lpq_command string to pass in the printername - (which is basically what we do for non-cups printers ... using + /* HACK ALERT!!! The problem with support the 'printer name' + option is that we key the tdb off the sharename. So we will + overload the lpq_command string to pass in the printername + (which is basically what we do for non-cups printers ... using the lpq_command to get the queue listing). */ fstrcpy( printername, lpq_command ); @@ -1316,22 +1316,22 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) /* Grab the comment if we don't have one */ if ( (strcmp(attr->name, "printer-info") == 0) && (attr->value_tag == IPP_TAG_TEXT) - && !strlen(printer->comment) ) + && !strlen(printer->comment) ) { DEBUG(5,("cups_pull_comment_location: Using cups comment: %s\n", - attr->values[0].string.text)); + attr->values[0].string.text)); strlcpy(printer->comment, attr->values[0].string.text, sizeof(printer->comment)); } - /* Grab the location if we don't have one */ + /* Grab the location if we don't have one */ if ( (strcmp(attr->name, "printer-location") == 0) - && (attr->value_tag == IPP_TAG_TEXT) + && (attr->value_tag == IPP_TAG_TEXT) && !strlen(printer->location) ) { DEBUG(5,("cups_pull_comment_location: Using cups location: %s\n", - attr->values[0].string.text)); + attr->values[0].string.text)); fstrcpy(printer->location,attr->values[0].string.text); } -- cgit From 3bfb53caa86ece1d7ff1bf3c7759f003203d4247 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 1 Oct 2008 16:40:41 -0700 Subject: Fix bug #5080. Access to cups-printers via samba broken with cups 1.3.4, Unsupported character set. Cups 1.3.4 expects utf8 to be used in all messages to/from the server. We may be using a different character set so we need to use talloc utf8 push/pull functions in all communication. Needs more testing. Don't release until I've done a thorough test. I also have a version for 3.2.x. Jeremy. --- source3/printing/print_cups.c | 341 +++++++++++++++++++++++++++++++----------- 1 file changed, 251 insertions(+), 90 deletions(-) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 97584cbe05..b46d83bb01 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -2,6 +2,7 @@ * Support code for the Common UNIX Printing System ("CUPS") * * Copyright 1999-2003 by Michael R Sweet. + * Copyright 2008 Jeremy Allison. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -17,6 +18,10 @@ * along with this program; if not, see . */ +/* + * JRA. Converted to utf8 pull/push. + */ + #include "includes.h" #include "printing.h" @@ -51,24 +56,23 @@ cups_passwd_cb(const char *prompt) /* I - Prompt */ return (NULL); } -static http_t *cups_connect(void) +static http_t *cups_connect(TALLOC_CTX *frame) { - http_t *http; - char *server, *p; + http_t *http = NULL; + char *server = NULL, *p = NULL; int port; int timeout = lp_cups_connection_timeout(); - - gotalarm = 0; - - if (timeout) { - CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(timeout); - } + size_t size; if (lp_cups_server() != NULL && strlen(lp_cups_server()) > 0) { - server = smb_xstrdup(lp_cups_server()); + if (!push_utf8_talloc(frame, &server, lp_cups_server(), &size)) { + return NULL; + } } else { - server = smb_xstrdup(cupsServer()); + server = talloc_strdup(frame,cupsServer()); + } + if (server) { + return NULL; } p = strchr(server, ':'); @@ -82,6 +86,13 @@ static http_t *cups_connect(void) DEBUG(10, ("connecting to cups server %s:%d\n", server, port)); + gotalarm = 0; + + if (timeout) { + CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); + alarm(timeout); + } + http = httpConnect(server, port); CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN); @@ -92,12 +103,12 @@ static http_t *cups_connect(void) server, port, strerror(errno))); } - SAFE_FREE(server); return http; } bool cups_cache_reload(void) { + TALLOC_CTX *frame = talloc_stackframe(); http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ @@ -111,6 +122,7 @@ bool cups_cache_reload(void) "printer-info" }; bool ret = False; + size_t size; DEBUG(5, ("reloading cups printcap cache\n")); @@ -124,7 +136,7 @@ bool cups_cache_reload(void) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -145,7 +157,7 @@ bool cups_cache_reload(void) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -185,12 +197,24 @@ bool cups_cache_reload(void) while (attr != NULL && attr->group_tag == IPP_TAG_PRINTER) { if (strcmp(attr->name, "printer-name") == 0 && - attr->value_tag == IPP_TAG_NAME) - name = attr->values[0].string.text; + attr->value_tag == IPP_TAG_NAME) { + if (!pull_utf8_talloc(frame, + &name, + attr->values[0].string.text, + &size)) { + goto out; + } + } if (strcmp(attr->name, "printer-info") == 0 && - attr->value_tag == IPP_TAG_TEXT) - info = attr->values[0].string.text; + attr->value_tag == IPP_TAG_TEXT) { + if (!pull_utf8_talloc(frame, + &info, + attr->values[0].string.text, + &size)) { + goto out; + } + } attr = attr->next; } @@ -225,7 +249,7 @@ bool cups_cache_reload(void) request->request.op.request_id = 1; ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -265,12 +289,24 @@ bool cups_cache_reload(void) while (attr != NULL && attr->group_tag == IPP_TAG_PRINTER) { if (strcmp(attr->name, "printer-name") == 0 && - attr->value_tag == IPP_TAG_NAME) - name = attr->values[0].string.text; + attr->value_tag == IPP_TAG_NAME) { + if (!pull_utf8_talloc(frame, + &name, + attr->values[0].string.text, + &size)) { + goto out; + } + } if (strcmp(attr->name, "printer-info") == 0 && - attr->value_tag == IPP_TAG_TEXT) - info = attr->values[0].string.text; + attr->value_tag == IPP_TAG_TEXT) { + if (!pull_utf8_talloc(frame, + &info, + attr->values[0].string.text, + &size)) { + goto out; + } + } attr = attr->next; } @@ -299,6 +335,7 @@ bool cups_cache_reload(void) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -309,13 +346,15 @@ bool cups_cache_reload(void) static int cups_job_delete(const char *sharename, const char *lprm_command, struct printjob *pjob) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ cups_lang_t *language = NULL; /* Default language */ + char *user = NULL; char uri[HTTP_MAX_URI]; /* printer-uri attribute */ - + size_t size; DEBUG(5,("cups_job_delete(%s, %p (%d))\n", sharename, pjob, pjob->sysjob)); @@ -329,7 +368,7 @@ static int cups_job_delete(const char *sharename, const char *lprm_command, stru * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -351,7 +390,7 @@ static int cups_job_delete(const char *sharename, const char *lprm_command, stru language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -360,8 +399,12 @@ static int cups_job_delete(const char *sharename, const char *lprm_command, stru ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); + if (!push_utf8_talloc(frame, &user, pjob->user, &size)) { + goto out; + } + ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, pjob->user); + NULL, user); /* * Do the request and get back a response... @@ -389,6 +432,7 @@ static int cups_job_delete(const char *sharename, const char *lprm_command, stru if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -399,13 +443,15 @@ static int cups_job_delete(const char *sharename, const char *lprm_command, stru static int cups_job_pause(int snum, struct printjob *pjob) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ cups_lang_t *language = NULL; /* Default language */ + char *user = NULL; char uri[HTTP_MAX_URI]; /* printer-uri attribute */ - + size_t size; DEBUG(5,("cups_job_pause(%d, %p (%d))\n", snum, pjob, pjob->sysjob)); @@ -419,7 +465,7 @@ static int cups_job_pause(int snum, struct printjob *pjob) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -441,7 +487,7 @@ static int cups_job_pause(int snum, struct printjob *pjob) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -450,8 +496,11 @@ static int cups_job_pause(int snum, struct printjob *pjob) ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); + if (!push_utf8_talloc(frame, &user, pjob->user, &size)) { + goto out; + } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, pjob->user); + NULL, user); /* * Do the request and get back a response... @@ -479,6 +528,7 @@ static int cups_job_pause(int snum, struct printjob *pjob) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -489,13 +539,15 @@ static int cups_job_pause(int snum, struct printjob *pjob) static int cups_job_resume(int snum, struct printjob *pjob) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ cups_lang_t *language = NULL; /* Default language */ + char *user = NULL; char uri[HTTP_MAX_URI]; /* printer-uri attribute */ - + size_t size; DEBUG(5,("cups_job_resume(%d, %p (%d))\n", snum, pjob, pjob->sysjob)); @@ -509,7 +561,7 @@ static int cups_job_resume(int snum, struct printjob *pjob) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -531,7 +583,7 @@ static int cups_job_resume(int snum, struct printjob *pjob) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -540,8 +592,11 @@ static int cups_job_resume(int snum, struct printjob *pjob) ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "job-uri", NULL, uri); + if (!push_utf8_talloc(frame, &user, pjob->user, &size)) { + goto out; + } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, pjob->user); + NULL, user); /* * Do the request and get back a response... @@ -569,6 +624,7 @@ static int cups_job_resume(int snum, struct printjob *pjob) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -579,6 +635,7 @@ static int cups_job_resume(int snum, struct printjob *pjob) static int cups_job_submit(int snum, struct printjob *pjob) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ @@ -589,6 +646,12 @@ static int cups_job_submit(int snum, struct printjob *pjob) char *new_jobname = NULL; int num_options = 0; cups_option_t *options = NULL; + char *printername = NULL; + char *user = NULL; + char *jobname = NULL; + char *cupsoptions = NULL; + char *filename = NULL; + size_t size; char addr[INET6_ADDRSTRLEN]; DEBUG(5,("cups_job_submit(%d, %p (%d))\n", snum, pjob, pjob->sysjob)); @@ -603,7 +666,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -626,19 +689,25 @@ static int cups_job_submit(int snum, struct printjob *pjob) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); + if (!push_utf8_talloc(frame, &printername, PRINTERNAME(snum), &size)) { + goto out; + } slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", - PRINTERNAME(snum)); + printername); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); + if (!push_utf8_talloc(frame, &user, pjob->user, &size)) { + goto out; + } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, pjob->user); + NULL, user); clientname = client_name(get_client_fd()); if (strcmp(clientname, "UNKNOWN") == 0) { @@ -649,8 +718,14 @@ static int cups_job_submit(int snum, struct printjob *pjob) "job-originating-host-name", NULL, clientname); - if (asprintf(&new_jobname,"%s%.8u %s", PRINT_SPOOL_PREFIX, - (unsigned int)pjob->smbjob, pjob->jobname) < 0) { + if (!push_utf8_talloc(frame, &jobname, pjob->jobname, &size)) { + goto out; + } + new_jobname = talloc_asprintf(frame, + "%s%.8u %s", PRINT_SPOOL_PREFIX, + (unsigned int)pjob->smbjob, + jobname); + if (new_jobname == NULL) { goto out; } @@ -661,9 +736,12 @@ static int cups_job_submit(int snum, struct printjob *pjob) * add any options defined in smb.conf */ + if (!push_utf8_talloc(frame, &cupsoptions, lp_cups_options(snum), &size)) { + goto out; + } num_options = 0; options = NULL; - num_options = cupsParseOptions(lp_cups_options(snum), num_options, &options); + num_options = cupsParseOptions(cupsoptions, num_options, &options); if ( num_options ) cupsEncodeOptions(request, num_options, options); @@ -672,8 +750,11 @@ static int cups_job_submit(int snum, struct printjob *pjob) * Do the request and get back a response... */ - slprintf(uri, sizeof(uri) - 1, "/printers/%s", PRINTERNAME(snum)); + slprintf(uri, sizeof(uri) - 1, "/printers/%s", printername); + if (!push_utf8_talloc(frame, &filename, pjob->filename, &size)) { + goto out; + } if ((response = cupsDoFileRequest(http, request, uri, pjob->filename)) != NULL) { if (response->request.status.status_code >= IPP_OK_CONFLICT) { DEBUG(0,("Unable to print file to %s - %s\n", PRINTERNAME(snum), @@ -700,7 +781,7 @@ static int cups_job_submit(int snum, struct printjob *pjob) if (http) httpClose(http); - SAFE_FREE(new_jobname); + TALLOC_FREE(frame); return ret; } @@ -715,7 +796,8 @@ static int cups_queue_get(const char *sharename, print_queue_struct **q, print_status_struct *status) { - fstring printername; + TALLOC_CTX *frame = talloc_stackframe(); + char *printername = NULL; http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ @@ -726,13 +808,14 @@ static int cups_queue_get(const char *sharename, qalloc = 0; /* Number of queue entries allocated */ print_queue_struct *queue = NULL, /* Queue entries */ *temp; /* Temporary pointer for queue */ - const char *user_name, /* job-originating-user-name attribute */ - *job_name; /* job-name attribute */ + char *user_name = NULL, /* job-originating-user-name attribute */ + *job_name = NULL; /* job-name attribute */ int job_id; /* job-id attribute */ int job_k_octets; /* job-k-octets attribute */ time_t job_time; /* time-at-creation attribute */ ipp_jstate_t job_status; /* job-status attribute */ int job_priority; /* job-priority attribute */ + size_t size; static const char *jattrs[] = /* Requested job attributes */ { "job-id", @@ -757,9 +840,10 @@ static int cups_queue_get(const char *sharename, (which is basically what we do for non-cups printers ... using the lpq_command to get the queue listing). */ - fstrcpy( printername, lpq_command ); - - DEBUG(5,("cups_queue_get(%s, %p, %p)\n", printername, q, status)); + if (!push_utf8_talloc(frame, &printername, lpq_command, &size)) { + goto out; + } + DEBUG(5,("cups_queue_get(%s, %p, %p)\n", lpq_command, q, status)); /* * Make sure we don't ask for passwords... @@ -771,7 +855,7 @@ static int cups_queue_get(const char *sharename, * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -799,7 +883,7 @@ static int cups_queue_get(const char *sharename, language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -904,12 +988,24 @@ static int cups_queue_get(const char *sharename, job_time = attr->values[0].integer; if (strcmp(attr->name, "job-name") == 0 && - attr->value_tag == IPP_TAG_NAME) - job_name = attr->values[0].string.text; + attr->value_tag == IPP_TAG_NAME) { + if (!pull_utf8_talloc(frame, + &job_name, + attr->values[0].string.text, + &size)) { + goto out; + } + } if (strcmp(attr->name, "job-originating-user-name") == 0 && - attr->value_tag == IPP_TAG_NAME) - user_name = attr->values[0].string.text; + attr->value_tag == IPP_TAG_NAME) { + if (!pull_utf8_talloc(frame, + &user_name, + attr->values[0].string.text, + &size)) { + goto out; + } + } attr = attr->next; } @@ -933,8 +1029,8 @@ static int cups_queue_get(const char *sharename, LPQ_PRINTING; temp->priority = job_priority; temp->time = job_time; - strncpy(temp->fs_user, user_name, sizeof(temp->fs_user) - 1); - strncpy(temp->fs_file, job_name, sizeof(temp->fs_file) - 1); + strlcpy(temp->fs_user, user_name, sizeof(temp->fs_user)); + strlcpy(temp->fs_file, job_name, sizeof(temp->fs_file)); qcount ++; @@ -961,7 +1057,7 @@ static int cups_queue_get(const char *sharename, request->request.op.request_id = 1; ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); @@ -1004,8 +1100,15 @@ static int cups_queue_get(const char *sharename, } if ((attr = ippFindAttribute(response, "printer-state-message", - IPP_TAG_TEXT)) != NULL) - fstrcpy(status->message, attr->values[0].string.text); + IPP_TAG_TEXT)) != NULL) { + char *msg = NULL; + if (!pull_utf8_talloc(frame, &msg, + attr->values[0].string.text, + &size)) { + goto out; + } + fstrcpy(status->message, msg); + } /* * Return the job queue... @@ -1023,6 +1126,7 @@ static int cups_queue_get(const char *sharename, if (http) httpClose(http); + TALLOC_FREE(frame); return qcount; } @@ -1033,13 +1137,16 @@ static int cups_queue_get(const char *sharename, static int cups_queue_pause(int snum) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ cups_lang_t *language = NULL; /* Default language */ + char *printername = NULL; + char *username = NULL; char uri[HTTP_MAX_URI]; /* printer-uri attribute */ - + size_t size; DEBUG(5,("cups_queue_pause(%d)\n", snum)); @@ -1053,7 +1160,7 @@ static int cups_queue_pause(int snum) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -1075,18 +1182,24 @@ static int cups_queue_pause(int snum) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); + if (!push_utf8_talloc(frame, &printername, PRINTERNAME(snum), &size)) { + goto out; + } slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", - PRINTERNAME(snum)); + printername); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); + if (!push_utf8_talloc(frame, &username, current_user_info.unix_name, &size)) { + goto out; + } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, current_user_info.unix_name); + NULL, username); /* * Do the request and get back a response... @@ -1114,6 +1227,7 @@ static int cups_queue_pause(int snum) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -1124,13 +1238,16 @@ static int cups_queue_pause(int snum) static int cups_queue_resume(int snum) { + TALLOC_CTX *frame = talloc_stackframe(); int ret = 1; /* Return value */ http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ cups_lang_t *language = NULL; /* Default language */ + char *printername = NULL; + char *username = NULL; char uri[HTTP_MAX_URI]; /* printer-uri attribute */ - + size_t size; DEBUG(5,("cups_queue_resume(%d)\n", snum)); @@ -1144,7 +1261,7 @@ static int cups_queue_resume(int snum) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -1166,18 +1283,24 @@ static int cups_queue_resume(int snum) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); + if (!push_utf8_talloc(frame, &printername, PRINTERNAME(snum), &size)) { + goto out; + } slprintf(uri, sizeof(uri) - 1, "ipp://localhost/printers/%s", - PRINTERNAME(snum)); + printername); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); + if (!push_utf8_talloc(frame, &username, current_user_info.unix_name, &size)) { + goto out; + } ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_NAME, "requesting-user-name", - NULL, current_user_info.unix_name); + NULL, username); /* * Do the request and get back a response... @@ -1205,6 +1328,7 @@ static int cups_queue_resume(int snum) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } @@ -1226,15 +1350,16 @@ struct printif cups_printif = bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) { + TALLOC_CTX *frame = talloc_stackframe(); http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ ipp_attribute_t *attr; /* Current attribute */ cups_lang_t *language = NULL; /* Default language */ - char *name, /* printer-name attribute */ - *info, /* printer-info attribute */ - *location; /* printer-location attribute */ char uri[HTTP_MAX_URI]; + char *server = NULL; + char *sharename = NULL; + char *name = NULL; static const char *requested[] =/* Requested attributes */ { "printer-name", @@ -1242,6 +1367,7 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) "printer-location" }; bool ret = False; + size_t size; DEBUG(5, ("pulling %s location\n", printer->sharename)); @@ -1255,7 +1381,7 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) * Try to connect to the server... */ - if ((http = cups_connect()) == NULL) { + if ((http = cups_connect(frame)) == NULL) { goto out; } @@ -1267,13 +1393,26 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) language = cupsLangDefault(); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_CHARSET, - "attributes-charset", NULL, cupsLangEncoding(language)); + "attributes-charset", NULL, "utf-8"); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_LANGUAGE, "attributes-natural-language", NULL, language->language); + if (lp_cups_server() != NULL && strlen(lp_cups_server()) > 0) { + if (!push_utf8_talloc(frame, &server, lp_cups_server(), &size)) { + goto out; + } + } else { + server = talloc_strdup(frame,cupsServer()); + } + if (server) { + goto out; + } + if (!push_utf8_talloc(frame, &sharename, printer->sharename, &size)) { + goto out; + } slprintf(uri, sizeof(uri) - 1, "ipp://%s/printers/%s", - lp_cups_server(), printer->sharename); + server, sharename); ippAddString(request, IPP_TAG_OPERATION, IPP_TAG_URI, "printer-uri", NULL, uri); @@ -1308,21 +1447,34 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) * Pull the needed attributes from this printer... */ - name = NULL; - info = NULL; - location = NULL; - while ( attr && (attr->group_tag == IPP_TAG_PRINTER) ) { + if (strcmp(attr->name, "printer-name") == 0 && + attr->value_tag == IPP_TAG_NAME) { + if (!pull_utf8_talloc(frame, + &name, + attr->values[0].string.text, + &size)) { + goto out; + } + } + /* Grab the comment if we don't have one */ if ( (strcmp(attr->name, "printer-info") == 0) && (attr->value_tag == IPP_TAG_TEXT) && !strlen(printer->comment) ) { + char *comment = NULL; + if (!pull_utf8_talloc(frame, + &comment, + attr->values[0].string.text, + &size)) { + goto out; + } DEBUG(5,("cups_pull_comment_location: Using cups comment: %s\n", - attr->values[0].string.text)); + comment)); strlcpy(printer->comment, - attr->values[0].string.text, - sizeof(printer->comment)); + comment, + sizeof(printer->comment)); } /* Grab the location if we don't have one */ @@ -1330,21 +1482,29 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) && (attr->value_tag == IPP_TAG_TEXT) && !strlen(printer->location) ) { + char *location = NULL; + if (!pull_utf8_talloc(frame, + &location, + attr->values[0].string.text, + &size)) { + goto out; + } DEBUG(5,("cups_pull_comment_location: Using cups location: %s\n", - attr->values[0].string.text)); - fstrcpy(printer->location,attr->values[0].string.text); + location)); + strlcpy(printer->location, + location, + sizeof(printer->location)); } attr = attr->next; } /* - * See if we have everything needed... + * We have everything needed... */ - if (name == NULL) + if (name != NULL) break; - } ret = True; @@ -1359,6 +1519,7 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer) if (http) httpClose(http); + TALLOC_FREE(frame); return ret; } -- cgit From 9097a67def72ea41e85a4acb5d7cbcc46adaaa84 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Oct 2008 02:17:04 +0200 Subject: Fix bug 5798: "CFLAGS info lost in configure" Michael, please check and merge to the other branches if it's right. Thanks, Volker --- source3/configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/configure.in b/source3/configure.in index f04ddbeaa5..545a5653de 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -128,7 +128,7 @@ fi if test "x$debug" = "xyes" ; then CFLAGS="${CFLAGS} -g" else - CFLAGS="-O" + CFLAGS="${CFLAGS} -O" fi m4_include(../lib/socket_wrapper/config.m4) -- cgit From 8641b54a736c5c924bf38cf4574d1f8e34d2d0cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Oct 2008 03:37:52 +0200 Subject: Attempt to fix the build on IRIX Under irix, "sa_family" is a #define to sa_union.sa_generic.sa_family2 --- source3/librpc/gen_ndr/nbt.h | 2 +- source3/librpc/gen_ndr/ndr_nbt.c | 6 +++--- source3/librpc/idl/nbt.idl | 2 +- source3/libsmb/dsgetdcname.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/librpc/gen_ndr/nbt.h b/source3/librpc/gen_ndr/nbt.h index 264b00b84f..4b872d7936 100644 --- a/source3/librpc/gen_ndr/nbt.h +++ b/source3/librpc/gen_ndr/nbt.h @@ -391,7 +391,7 @@ struct nbt_dgram_packet { }/* [public,flag(LIBNDR_FLAG_NOALIGN|LIBNDR_FLAG_BIGENDIAN|LIBNDR_PRINT_ARRAY_HEX)] */; struct nbt_sockaddr { - uint32_t sa_family; + uint32_t sockaddr_family; const char * pdc_ip;/* [flag(LIBNDR_FLAG_BIGENDIAN)] */ DATA_BLOB remaining;/* [flag(LIBNDR_FLAG_REMAINING)] */ }/* [gensize,public] */; diff --git a/source3/librpc/gen_ndr/ndr_nbt.c b/source3/librpc/gen_ndr/ndr_nbt.c index 84cfabda57..c02b539da5 100644 --- a/source3/librpc/gen_ndr/ndr_nbt.c +++ b/source3/librpc/gen_ndr/ndr_nbt.c @@ -1531,7 +1531,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_nbt_sockaddr(struct ndr_push *ndr, int ndr_f { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sa_family)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->sockaddr_family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1554,7 +1554,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_nbt_sockaddr(struct ndr_pull *ndr, int ndr_f { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sa_family)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->sockaddr_family)); { uint32_t _flags_save_ipv4address = ndr->flags; ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); @@ -1577,7 +1577,7 @@ _PUBLIC_ void ndr_print_nbt_sockaddr(struct ndr_print *ndr, const char *name, co { ndr_print_struct(ndr, name, "nbt_sockaddr"); ndr->depth++; - ndr_print_uint32(ndr, "sa_family", r->sa_family); + ndr_print_uint32(ndr, "sockaddr_family", r->sockaddr_family); ndr_print_ipv4address(ndr, "pdc_ip", r->pdc_ip); ndr_print_DATA_BLOB(ndr, "remaining", r->remaining); ndr->depth--; diff --git a/source3/librpc/idl/nbt.idl b/source3/librpc/idl/nbt.idl index 82571d96e6..f3590fcf2b 100644 --- a/source3/librpc/idl/nbt.idl +++ b/source3/librpc/idl/nbt.idl @@ -339,7 +339,7 @@ interface nbt */ typedef [public,gensize] struct { - uint32 sa_family; + uint32 sockaddr_family; [flag(NDR_BIG_ENDIAN)] ipv4address pdc_ip; [flag(NDR_REMAINING)] DATA_BLOB remaining; } nbt_sockaddr; diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 89769d8a76..d2ede1d875 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -200,7 +200,7 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx, /* FIXME */ r->sockaddr_size = 0x10; /* the w32 winsock addr size */ - r->sockaddr.sa_family = 2; /* AF_INET */ + r->sockaddr.sockaddr_family = 2; /* AF_INET */ r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr); ndr_err = ndr_push_struct_blob(&blob, mem_ctx, NULL, r, -- cgit From af1c802791e3c9f54220d8c80c3de79ef422d726 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 2 Oct 2008 08:09:25 +0200 Subject: The IRIX compiler does not like embedded unnamed unions --- libcli/netlogon.c | 83 +++++++++++++++++++--------------- libcli/netlogon.h | 4 +- source3/libads/cldap.c | 2 +- source3/libsmb/clidgram.c | 4 +- source3/libsmb/dsgetdcname.c | 20 ++++----- source4/cldap_server/netlogon.c | 80 ++++++++++++++++----------------- source4/libnet/libnet_become_dc.c | 2 +- source4/libnet/libnet_site.c | 5 ++- source4/libnet/libnet_unbecome_dc.c | 2 +- source4/nbt_server/dgram/netlogon.c | 4 +- source4/nbt_server/irpc.c | 9 ++-- source4/torture/ldap/cldap.c | 88 ++++++++++++++++++------------------- source4/torture/nbt/dgram.c | 42 +++++++++--------- source4/torture/rpc/dssync.c | 6 +-- 14 files changed, 183 insertions(+), 168 deletions(-) diff --git a/libcli/netlogon.c b/libcli/netlogon.c index 36d9e5fdcd..acfce61cca 100644 --- a/libcli/netlogon.c +++ b/libcli/netlogon.c @@ -37,17 +37,17 @@ NTSTATUS push_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, if (response->ntver == NETLOGON_NT_VERSION_1) { ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, - &response->nt4, + &response->data.nt4, (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_NT40); } else if (response->ntver & NETLOGON_NT_VERSION_5EX) { ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, - &response->nt5_ex, + &response->data.nt5_ex, (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags); } else if (response->ntver & NETLOGON_NT_VERSION_5) { ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, - &response->nt5, + &response->data.nt5, (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE); } else { DEBUG(0, ("Asked to push unknown netlogon response type 0x%02x\n", response->ntver)); @@ -86,11 +86,12 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, if (ntver == NETLOGON_NT_VERSION_1) { ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, iconv_convenience, - &response->nt4, + &response->data.nt4, (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_NT40); response->ntver = NETLOGON_NT_VERSION_1; if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_NT40, &response->nt4); + NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_NT40, + &response->data.nt4); } } else if (ntver & NETLOGON_NT_VERSION_5EX) { @@ -99,7 +100,9 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, if (!ndr) { return NT_STATUS_NO_MEMORY; } - ndr_err = ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(ndr, NDR_SCALARS|NDR_BUFFERS, &response->nt5_ex, ntver); + ndr_err = ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags( + ndr, NDR_SCALARS|NDR_BUFFERS, &response->data.nt5_ex, + ntver); if (ndr->offset < ndr->data_size) { ndr_err = ndr_pull_error(ndr, NDR_ERR_UNREAD_BYTES, "not all bytes consumed ofs[%u] size[%u]", @@ -107,17 +110,19 @@ NTSTATUS pull_netlogon_samlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, } response->ntver = NETLOGON_NT_VERSION_5EX; if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX, &response->nt5_ex); + NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE_EX, + &response->data.nt5_ex); } } else if (ntver & NETLOGON_NT_VERSION_5) { ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, iconv_convenience, - &response->nt5, + &response->data.nt5, (ndr_pull_flags_fn_t)ndr_pull_NETLOGON_SAM_LOGON_RESPONSE); response->ntver = NETLOGON_NT_VERSION_5; if (NDR_ERR_CODE_IS_SUCCESS(ndr_err) && DEBUGLEVEL >= 10) { - NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE, &response->nt5); + NDR_PRINT_DEBUG(NETLOGON_SAM_LOGON_RESPONSE, + &response->data.nt5); } } else { DEBUG(2,("failed to parse netlogon response of type 0x%02x - unknown response type\n", @@ -144,34 +149,34 @@ void map_netlogon_samlogon_response(struct netlogon_samlogon_response *response) break; case NETLOGON_NT_VERSION_5: ZERO_STRUCT(response_5_ex); - response_5_ex.command = response->nt5.command; - response_5_ex.pdc_name = response->nt5.pdc_name; - response_5_ex.user_name = response->nt5.user_name; - response_5_ex.domain = response->nt5.domain_name; - response_5_ex.domain_uuid = response->nt5.domain_uuid; - response_5_ex.forest = response->nt5.forest; - response_5_ex.dns_domain = response->nt5.dns_domain; - response_5_ex.pdc_dns_name = response->nt5.pdc_dns_name; - response_5_ex.sockaddr.pdc_ip = response->nt5.pdc_ip; - response_5_ex.server_type = response->nt5.server_type; - response_5_ex.nt_version = response->nt5.nt_version; - response_5_ex.lmnt_token = response->nt5.lmnt_token; - response_5_ex.lm20_token = response->nt5.lm20_token; + response_5_ex.command = response->data.nt5.command; + response_5_ex.pdc_name = response->data.nt5.pdc_name; + response_5_ex.user_name = response->data.nt5.user_name; + response_5_ex.domain = response->data.nt5.domain_name; + response_5_ex.domain_uuid = response->data.nt5.domain_uuid; + response_5_ex.forest = response->data.nt5.forest; + response_5_ex.dns_domain = response->data.nt5.dns_domain; + response_5_ex.pdc_dns_name = response->data.nt5.pdc_dns_name; + response_5_ex.sockaddr.pdc_ip = response->data.nt5.pdc_ip; + response_5_ex.server_type = response->data.nt5.server_type; + response_5_ex.nt_version = response->data.nt5.nt_version; + response_5_ex.lmnt_token = response->data.nt5.lmnt_token; + response_5_ex.lm20_token = response->data.nt5.lm20_token; response->ntver = NETLOGON_NT_VERSION_5EX; - response->nt5_ex = response_5_ex; + response->data.nt5_ex = response_5_ex; break; case NETLOGON_NT_VERSION_1: ZERO_STRUCT(response_5_ex); - response_5_ex.command = response->nt4.command; - response_5_ex.pdc_name = response->nt4.server; - response_5_ex.user_name = response->nt4.user_name; - response_5_ex.domain = response->nt4.domain; - response_5_ex.nt_version = response->nt4.nt_version; - response_5_ex.lmnt_token = response->nt4.lmnt_token; - response_5_ex.lm20_token = response->nt4.lm20_token; + response_5_ex.command = response->data.nt4.command; + response_5_ex.pdc_name = response->data.nt4.server; + response_5_ex.user_name = response->data.nt4.user_name; + response_5_ex.domain = response->data.nt4.domain; + response_5_ex.nt_version = response->data.nt4.nt_version; + response_5_ex.lmnt_token = response->data.nt4.lmnt_token; + response_5_ex.lm20_token = response->data.nt4.lm20_token; response->ntver = NETLOGON_NT_VERSION_5EX; - response->nt5_ex = response_5_ex; + response->data.nt5_ex = response_5_ex; break; } return; @@ -185,7 +190,9 @@ NTSTATUS push_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, enum ndr_err_code ndr_err; switch (response->response_type) { case NETLOGON_GET_PDC: - ndr_err = ndr_push_struct_blob(data, mem_ctx, iconv_convenience, &response->get_pdc, + ndr_err = ndr_push_struct_blob(data, mem_ctx, + iconv_convenience, + &response->data.get_pdc, (ndr_push_flags_fn_t)ndr_push_nbt_netlogon_response_from_pdc); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -199,7 +206,9 @@ NTSTATUS push_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, status = NT_STATUS_OK; break; case NETLOGON_SAMLOGON: - status = push_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon); + status = push_netlogon_samlogon_response( + data, mem_ctx, iconv_convenience, + &response->data.samlogon); break; } return status; @@ -221,7 +230,9 @@ NTSTATUS pull_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, switch (command) { case NETLOGON_RESPONSE_FROM_PDC: - ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, iconv_convenience, &response->get_pdc, + ndr_err = ndr_pull_struct_blob_all(data, mem_ctx, + iconv_convenience, + &response->data.get_pdc, (ndr_pull_flags_fn_t)ndr_pull_nbt_netlogon_response_from_pdc); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); @@ -241,7 +252,9 @@ NTSTATUS pull_nbt_netlogon_response(DATA_BLOB *data, TALLOC_CTX *mem_ctx, case LOGON_SAM_LOGON_RESPONSE_EX: case LOGON_SAM_LOGON_PAUSE_RESPONSE_EX: case LOGON_SAM_LOGON_USER_UNKNOWN_EX: - status = pull_netlogon_samlogon_response(data, mem_ctx, iconv_convenience, &response->samlogon); + status = pull_netlogon_samlogon_response( + data, mem_ctx, iconv_convenience, + &response->data.samlogon); response->response_type = NETLOGON_SAMLOGON; break; diff --git a/libcli/netlogon.h b/libcli/netlogon.h index 8bd9d0d90a..6ca3de3366 100644 --- a/libcli/netlogon.h +++ b/libcli/netlogon.h @@ -36,7 +36,7 @@ struct netlogon_samlogon_response struct NETLOGON_SAM_LOGON_RESPONSE_NT40 nt4; struct NETLOGON_SAM_LOGON_RESPONSE nt5; struct NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex; - }; + } data; }; @@ -46,7 +46,7 @@ struct nbt_netlogon_response union { struct nbt_netlogon_response_from_pdc get_pdc; struct netlogon_samlogon_response samlogon; - }; + } data; }; #include "../libcli/netlogon_proto.h" diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index edabbed0e9..c37220c903 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -283,7 +283,7 @@ bool ads_cldap_netlogon_5(TALLOC_CTX *mem_ctx, return false; } - *reply5 = reply->nt5_ex; + *reply5 = reply->data.nt5_ex; return true; } diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c index e8799bce47..611ae0870c 100644 --- a/source3/libsmb/clidgram.c +++ b/source3/libsmb/clidgram.c @@ -279,8 +279,8 @@ bool receive_getdc_response(TALLOC_CTX *mem_ctx, /* do we still need this ? */ *nt_version = r.ntver; - returned_domain = r.nt5_ex.domain; - returned_dc = r.nt5_ex.pdc_name; + returned_domain = r.data.nt5_ex.domain; + returned_dc = r.data.nt5_ex.pdc_name; if (!strequal(returned_domain, domain_name)) { DEBUG(3, ("GetDC: Expected domain %s, got %s\n", diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index d2ede1d875..18010aaa1c 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -272,12 +272,12 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * case 3: case 18: case 19: - return r->nt5.server_type; + return r->data.nt5.server_type; case 4: case 5: case 6: case 7: - return r->nt5_ex.server_type; + return r->data.nt5_ex.server_type; case 8: case 9: case 10: @@ -286,7 +286,7 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * case 13: case 14: case 15: - return r->nt5_ex.server_type; + return r->data.nt5_ex.server_type; case 20: case 21: case 22: @@ -296,11 +296,11 @@ static uint32_t get_cldap_reply_server_flags(struct netlogon_samlogon_response * case 26: case 27: case 28: - return r->nt5_ex.server_type; + return r->data.nt5_ex.server_type; case 29: case 30: case 31: - return r->nt5_ex.server_type; + return r->data.nt5_ex.server_type; default: return 0; } @@ -913,10 +913,10 @@ static NTSTATUS process_dc_dns(TALLOC_CTX *mem_ctx, } status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss, - &r->nt5_ex, info); + &r->data.nt5_ex, info); if (NT_STATUS_IS_OK(status)) { return store_cldap_reply(mem_ctx, flags, &dclist[i].ss, - nt_version, &r->nt5_ex); + nt_version, &r->data.nt5_ex); } return status; @@ -1035,7 +1035,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, logon1.domain = talloc_strdup_upper(mem_ctx, domain_name); NT_STATUS_HAVE_NO_MEMORY(logon1.domain); - r->nt4 = logon1; + r->data.nt4 = logon1; r->ntver = nt_version; namecache_store(tmp_dc_name, NBT_NAME_SERVER, 1, &ip_list); @@ -1049,10 +1049,10 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, make_reply: status = make_dc_info_from_cldap_reply(mem_ctx, flags, &dclist[i].ss, - &r->nt5_ex, info); + &r->data.nt5_ex, info); if (NT_STATUS_IS_OK(status) && store_cache) { return store_cldap_reply(mem_ctx, flags, &dclist[i].ss, - nt_version, &r->nt5_ex); + nt_version, &r->data.nt5_ex); } return status; diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 7dccd81fad..aac74f5d77 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -331,68 +331,68 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, /* could check if the user exists */ if (user_known) { - netlogon->nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; + netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_RESPONSE_EX; } else { - netlogon->nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; + netlogon->data.nt5_ex.command = LOGON_SAM_LOGON_USER_UNKNOWN_EX; } - netlogon->nt5_ex.server_type = server_type; - netlogon->nt5_ex.domain_uuid = domain_uuid; - netlogon->nt5_ex.forest = realm; - netlogon->nt5_ex.dns_domain = dns_domain; - netlogon->nt5_ex.pdc_dns_name = pdc_dns_name; - netlogon->nt5_ex.domain = flatname; - netlogon->nt5_ex.pdc_name = lp_netbios_name(lp_ctx); - netlogon->nt5_ex.user_name = user; - netlogon->nt5_ex.server_site = server_site; - netlogon->nt5_ex.client_site = client_site; + netlogon->data.nt5_ex.server_type = server_type; + netlogon->data.nt5_ex.domain_uuid = domain_uuid; + netlogon->data.nt5_ex.forest = realm; + netlogon->data.nt5_ex.dns_domain = dns_domain; + netlogon->data.nt5_ex.pdc_dns_name = pdc_dns_name; + netlogon->data.nt5_ex.domain = flatname; + netlogon->data.nt5_ex.pdc_name = lp_netbios_name(lp_ctx); + netlogon->data.nt5_ex.user_name = user; + netlogon->data.nt5_ex.server_site = server_site; + netlogon->data.nt5_ex.client_site = client_site; if (version & NETLOGON_NT_VERSION_5EX_WITH_IP) { /* Clearly this needs to be fixed up for IPv6 */ extra_flags = NETLOGON_NT_VERSION_5EX_WITH_IP; - netlogon->nt5_ex.sockaddr.sa_family = 2; - netlogon->nt5_ex.sockaddr.pdc_ip = pdc_ip; - netlogon->nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); + netlogon->data.nt5_ex.sockaddr.sa_family = 2; + netlogon->data.nt5_ex.sockaddr.pdc_ip = pdc_ip; + netlogon->data.nt5_ex.sockaddr.remaining = data_blob_talloc_zero(mem_ctx, 8); } - netlogon->nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; - netlogon->nt5_ex.lmnt_token = 0xFFFF; - netlogon->nt5_ex.lm20_token = 0xFFFF; + netlogon->data.nt5_ex.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5EX|extra_flags; + netlogon->data.nt5_ex.lmnt_token = 0xFFFF; + netlogon->data.nt5_ex.lm20_token = 0xFFFF; } else if (version & NETLOGON_NT_VERSION_5) { netlogon->ntver = NETLOGON_NT_VERSION_5; /* could check if the user exists */ if (user_known) { - netlogon->nt5.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->data.nt5.command = LOGON_SAM_LOGON_RESPONSE; } else { - netlogon->nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; + netlogon->data.nt5.command = LOGON_SAM_LOGON_USER_UNKNOWN; } - netlogon->nt5.pdc_name = pdc_name; - netlogon->nt5.user_name = user; - netlogon->nt5.domain_name = flatname; - netlogon->nt5.domain_uuid = domain_uuid; - netlogon->nt5.forest = realm; - netlogon->nt5.dns_domain = dns_domain; - netlogon->nt5.pdc_dns_name = pdc_dns_name; - netlogon->nt5.pdc_ip = pdc_ip; - netlogon->nt5.server_type = server_type; - netlogon->nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; - netlogon->nt5.lmnt_token = 0xFFFF; - netlogon->nt5.lm20_token = 0xFFFF; + netlogon->data.nt5.pdc_name = pdc_name; + netlogon->data.nt5.user_name = user; + netlogon->data.nt5.domain_name = flatname; + netlogon->data.nt5.domain_uuid = domain_uuid; + netlogon->data.nt5.forest = realm; + netlogon->data.nt5.dns_domain = dns_domain; + netlogon->data.nt5.pdc_dns_name = pdc_dns_name; + netlogon->data.nt5.pdc_ip = pdc_ip; + netlogon->data.nt5.server_type = server_type; + netlogon->data.nt5.nt_version = NETLOGON_NT_VERSION_1|NETLOGON_NT_VERSION_5; + netlogon->data.nt5.lmnt_token = 0xFFFF; + netlogon->data.nt5.lm20_token = 0xFFFF; } else /* (version & NETLOGON_NT_VERSION_1) and all other cases */ { netlogon->ntver = NETLOGON_NT_VERSION_1; /* could check if the user exists */ if (user_known) { - netlogon->nt4.command = LOGON_SAM_LOGON_RESPONSE; + netlogon->data.nt4.command = LOGON_SAM_LOGON_RESPONSE; } else { - netlogon->nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; + netlogon->data.nt4.command = LOGON_SAM_LOGON_USER_UNKNOWN; } - netlogon->nt4.server = pdc_name; - netlogon->nt4.user_name = user; - netlogon->nt4.domain = flatname; - netlogon->nt4.nt_version = NETLOGON_NT_VERSION_1; - netlogon->nt4.lmnt_token = 0xFFFF; - netlogon->nt4.lm20_token = 0xFFFF; + netlogon->data.nt4.server = pdc_name; + netlogon->data.nt4.user_name = user; + netlogon->data.nt4.domain = flatname; + netlogon->data.nt4.nt_version = NETLOGON_NT_VERSION_1; + netlogon->data.nt4.lmnt_token = 0xFFFF; + netlogon->data.nt4.lm20_token = 0xFFFF; } return NT_STATUS_OK; diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index b9071d5eb1..4cbebbf6d0 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -770,7 +770,7 @@ static void becomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; + s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; s->domain.dns_name = s->cldap.netlogon.dns_domain; s->domain.netbios_name = s->cldap.netlogon.domain; diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index 5647a93b8d..4a32ab92ed 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -58,7 +58,8 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx)); status = cldap_netlogon(cldap, tmp_ctx, &search); - if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.nt5_ex.client_site) { + if (!NT_STATUS_IS_OK(status) + || !search.out.netlogon.data.nt5_ex.client_site) { /* If cldap_netlogon() returns in error, default to using Default-First-Site-Name. @@ -72,7 +73,7 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li } } else { site_name_str = talloc_asprintf(tmp_ctx, "%s", - search.out.netlogon.nt5_ex.client_site); + search.out.netlogon.data.nt5_ex.client_site); if (!site_name_str) { r->out.error_string = NULL; talloc_free(tmp_ctx); diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 4eeaf1b80c..3a9a5cebd8 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -289,7 +289,7 @@ static void unbecomeDC_recv_cldap(struct cldap_request *req) c->status = cldap_netlogon_recv(req, s, &s->cldap.io); if (!composite_is_ok(c)) return; - s->cldap.netlogon = s->cldap.io.out.netlogon.nt5_ex; + s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; s->domain.dns_name = s->cldap.netlogon.dns_domain; s->domain.netbios_name = s->cldap.netlogon.domain; diff --git a/source4/nbt_server/dgram/netlogon.c b/source4/nbt_server/dgram/netlogon.c index 5e95270b7d..1bc3e2b62f 100644 --- a/source4/nbt_server/dgram/netlogon.c +++ b/source4/nbt_server/dgram/netlogon.c @@ -77,7 +77,7 @@ static void nbtd_netlogon_getdc(struct dgram_mailslot_handler *dgmslot, /* setup a GETDC reply */ ZERO_STRUCT(netlogon_response); netlogon_response.response_type = NETLOGON_GET_PDC; - pdc = &netlogon_response.get_pdc; + pdc = &netlogon_response.data.get_pdc; pdc->command = NETLOGON_RESPONSE_FROM_PDC; pdc->pdc_name = lp_netbios_name(iface->nbtsrv->task->lp_ctx); @@ -132,7 +132,7 @@ static void nbtd_netlogon_samlogon(struct dgram_mailslot_handler *dgmslot, status = fill_netlogon_samlogon_response(samctx, packet, NULL, name->name, sid, NULL, netlogon->req.logon.user_name, netlogon->req.logon.acct_control, src->addr, - netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.samlogon); + netlogon->req.logon.nt_version, iface->nbtsrv->task->lp_ctx, &netlogon_response.data.samlogon); if (!NT_STATUS_IS_OK(status)) { DEBUG(2,("NBT netlogon query failed domain=%s sid=%s version=%d - %s\n", name->name, dom_sid_string(packet, sid), netlogon->req.logon.nt_version, nt_errstr(status))); diff --git a/source4/nbt_server/irpc.c b/source4/nbt_server/irpc.c index 8f1f74afcf..fc61372ead 100644 --- a/source4/nbt_server/irpc.c +++ b/source4/nbt_server/irpc.c @@ -79,16 +79,17 @@ static void getdc_recv_netlogon_reply(struct dgram_mailslot_handler *dgmslot, /* We asked for version 1 only */ if (netlogon.response_type == NETLOGON_SAMLOGON - && netlogon.samlogon.ntver != NETLOGON_NT_VERSION_1) { + && netlogon.data.samlogon.ntver != NETLOGON_NT_VERSION_1) { status = NT_STATUS_INVALID_NETWORK_RESPONSE; goto done; } - p = netlogon.samlogon.nt4.server; + p = netlogon.data.samlogon.data.nt4.server; DEBUG(10, ("NTLOGON_SAM_LOGON_REPLY: server: %s, user: %s, " - "domain: %s\n", p, netlogon.samlogon.nt4.user_name, - netlogon.samlogon.nt4.domain)); + "domain: %s\n", p, + netlogon.data.samlogon.data.nt4.user_name, + netlogon.data.samlogon.data.nt4.domain)); if (*p == '\\') p += 1; if (*p == '\\') p += 1; diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 3730193c86..23b0554c4f 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -64,7 +64,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) n1 = search.out.netlogon; search.in.user = "Administrator"; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; search.in.host = "__cldap_torture__"; printf("Scanning for netlogon levels\n"); @@ -93,8 +93,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with User=Administrator\n"); @@ -102,8 +102,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = NETLOGON_NT_VERSION_5; status = cldap_netlogon(cldap, tctx, &search); @@ -114,8 +114,8 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); printf("Trying with User=Administrator\n"); @@ -123,18 +123,18 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN); search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; printf("Trying with a GUID\n"); search.in.realm = NULL; - search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(GUID_string(tctx, &search.out.netlogon.nt5_ex.domain_uuid), search.in.domain_guid); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid); printf("Trying with a incorrect GUID\n"); guid = GUID_random(); @@ -145,53 +145,53 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a AAC\n"); search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a zero AAC\n"); search.in.acct_control = 0x0; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a zero AAC and user=Administrator\n"); search.in.acct_control = 0x0; search.in.user = "Administrator"; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, "Administrator"); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator"); printf("Trying with a bad AAC\n"); search.in.user = NULL; search.in.acct_control = 0xFF00FF00; - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); printf("Trying with a user only\n"); search = empty_search; search.in.user = "Administrator"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, search.in.user); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); printf("Trying with just a bad domain\n"); search = empty_search; @@ -200,29 +200,29 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); - search.in.domain_guid = GUID_string(tctx, &n1.nt5_ex.domain_uuid); + search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); - search.in.realm = n1.nt5_ex.dns_domain; + search.in.realm = n1.data.nt5_ex.dns_domain; status = cldap_netlogon(cldap, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); - CHECK_STRING(search.out.netlogon.nt5_ex.dns_domain, n1.nt5_ex.dns_domain); - CHECK_STRING(search.out.netlogon.nt5_ex.user_name, ""); - CHECK_VAL(search.out.netlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); + CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); + CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); + CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); return true; } @@ -255,9 +255,9 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx, n1 = search.out.netlogon; if (n1.ntver == NETLOGON_NT_VERSION_5) - server_type = n1.nt5.server_type; + server_type = n1.data.nt5.server_type; else if (n1.ntver == NETLOGON_NT_VERSION_5EX) - server_type = n1.nt5_ex.server_type; + server_type = n1.data.nt5_ex.server_type; printf("The word is: %i\n", server_type); if (server_type & NBT_SERVER_PDC) @@ -366,9 +366,9 @@ static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx, n1 = search.out.netlogon; if (n1.ntver == NETLOGON_NT_VERSION_5) - server_type = n1.nt5.server_type; + server_type = n1.data.nt5.server_type; else if (n1.ntver == NETLOGON_NT_VERSION_5EX) - server_type = n1.nt5_ex.server_type; + server_type = n1.data.nt5_ex.server_type; if (server_type & NBT_SERVER_DS_DNS_FOREST) { struct cldap_search search2; diff --git a/source4/torture/nbt/dgram.c b/source4/torture/nbt/dgram.c index eac2b1fe30..5d26d65e0c 100644 --- a/source4/torture/nbt/dgram.c +++ b/source4/torture/nbt/dgram.c @@ -148,7 +148,7 @@ static bool nbt_test_netlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert(tctx, response->response_type == NETLOGON_GET_PDC, "Got incorrect type of netlogon response"); - torture_assert(tctx, response->get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command"); + torture_assert(tctx, response->data.get_pdc.command == NETLOGON_RESPONSE_FROM_PDC, "Got incorrect netlogon response command"); return true; } @@ -243,10 +243,10 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command"); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.nt_version, NETLOGON_NT_VERSION_5EX_WITH_IP|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_1, "Got incorrect netlogon response command"); /* setup (another) temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, @@ -282,11 +282,11 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); join_ctx = torture_join_domain(tctx, TEST_NAME, ACB_WSTRUST, &machine_credentials); @@ -333,9 +333,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); /* setup (another) temporary mailslot listener for replies */ dgmslot = dgram_mailslot_temp(dgmsock, NBT_MAILSLOT_GETDC, @@ -374,9 +374,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); dgmslot->private = NULL; @@ -413,9 +413,9 @@ static bool nbt_test_netlogon2(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN, "Got incorrect netlogon response command"); torture_leave_domain(tctx, join_ctx); return true; @@ -522,11 +522,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); /* setup a temporary mailslot listener for replies */ @@ -566,11 +566,11 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_SAMLOGON, "Got incorrect type of netlogon response"); - map_netlogon_samlogon_response(&response->samlogon); + map_netlogon_samlogon_response(&response->data.samlogon); - torture_assert_int_equal(tctx, response->samlogon.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); + torture_assert_int_equal(tctx, response->data.samlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE, "Got incorrect netlogon response command"); - torture_assert_str_equal(tctx, response->samlogon.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); + torture_assert_str_equal(tctx, response->data.samlogon.data.nt5_ex.user_name, TEST_NAME"$", "Got incorrect user in netlogon response"); /* setup (another) temporary mailslot listener for replies */ @@ -606,7 +606,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); - torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); torture_leave_domain(tctx, join_ctx); @@ -643,7 +643,7 @@ static bool nbt_test_ntlogon(struct torture_context *tctx) torture_assert(tctx, response != NULL, "Failed to receive a netlogon reply packet"); torture_assert_int_equal(tctx, response->response_type, NETLOGON_GET_PDC, "Got incorrect type of ntlogon response"); - torture_assert_int_equal(tctx, response->get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); + torture_assert_int_equal(tctx, response->data.get_pdc.command, NETLOGON_RESPONSE_FROM_PDC, "Got incorrect ntlogon response command"); return true; diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index df16c860cb..41bb168619 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -310,14 +310,14 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); printf("cldap_netlogon() returned %s. Defaulting to Site-Name: %s\n", errstr, ctx->site_name); } else { - ctx->site_name = talloc_steal(ctx, search.out.netlogon.nt5_ex.client_site); + ctx->site_name = talloc_steal(ctx, search.out.netlogon.data.nt5_ex.client_site); printf("cldap_netlogon() returned Client Site-Name: %s.\n",ctx->site_name); - printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.nt5_ex.server_site); + printf("cldap_netlogon() returned Server Site-Name: %s.\n",search.out.netlogon.data.nt5_ex.server_site); } if (!ctx->domain_dn) { struct ldb_context *ldb = ldb_init(ctx, tctx->ev); - struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.nt5_ex.dns_domain); + struct ldb_dn *dn = samdb_dns_domain_to_dn(ldb, ctx, search.out.netlogon.data.nt5_ex.dns_domain); ctx->domain_dn = ldb_dn_alloc_linearized(ctx, dn); talloc_free(dn); talloc_free(ldb); -- cgit From 5fc7fb48a0d7da8c4d0eec580c37b8a503faecce Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:23:21 +0200 Subject: s4:lib/ldb: fix stupid dn parsing bugs metze --- source4/lib/ldb/common/ldb_dn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c index c0d36cfbf3..e36aea4e69 100644 --- a/source4/lib/ldb/common/ldb_dn.c +++ b/source4/lib/ldb/common/ldb_dn.c @@ -91,7 +91,7 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx, struct ldb_context *ldb, const * exploded_dn control is used */ dn->special = true; /* FIXME: add a GUID string to ldb_dn structure */ - } else if (strdn->length >= 8 && strncasecmp((const char *)strdn->data, "length >= 5 && strncasecmp((const char *)strdn->data, "special = true; @@ -150,7 +150,7 @@ struct ldb_dn *ldb_dn_new_fmt(void *mem_ctx, struct ldb_context *ldb, const char * exploded_dn control is used */ dn->special = true; /* FIXME: add a GUID string to ldb_dn structure */ - } else if (strncasecmp(strdn, "basedn = NULL; + break; + } + + for (i=0; i < el->num_values; i++) { + valstr = talloc_strndup(ac, + (const char *)el->values[i].data, + el->values[i].length); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + if (strncasecmp(valstr, ac->wellknown_object, wkn_len) != 0) { + talloc_free(valstr); + continue; + } + + found = &valstr[wkn_len]; + break; + } + + if (!found) { + break; + } + + ac->basedn = ldb_dn_new(ac, ac->module->ldb, found); + talloc_free(valstr); + if (!ac->basedn) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + break; + + case LDB_REPLY_REFERRAL: + break; + + case LDB_REPLY_DONE: + + if (!ac->basedn) { + const char *str = talloc_asprintf(req, "Base-DN '%s' not found", + ldb_dn_get_linearized(ac->req->op.search.base)); + ldb_set_errstring(ac->module->ldb, str); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_NO_SUCH_OBJECT); + } + + ret = ldb_build_search_req_ex(&down_req, + ac->module->ldb, ac, + ac->basedn, + ac->req->op.search.scope, + ac->req->op.search.tree, + ac->cast_attrs, + ac->req->controls, + ac, extended_callback, + ac->req); + if (ret != LDB_SUCCESS) { + return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); + } + + if (ac->control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(ac->control, down_req, &saved_controls)) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* perform the search */ + return ldb_next_request(ac->module, down_req); + } + return LDB_SUCCESS; +} static int extended_search(struct ldb_module *module, struct ldb_request *req) { @@ -256,25 +374,190 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) struct ldb_control **saved_controls; struct extended_context *ac; struct ldb_request *down_req; - const char * const *cast_attrs = NULL; char **new_attrs; int ret; + struct ldb_dn *base_dn = NULL; + enum ldb_scope base_dn_scope = LDB_SCOPE_BASE; + const char *base_dn_filter = NULL; + const char * const *base_dn_attrs = NULL; + char *wellknown_object = NULL; + static const char *dnattr[] = { + "distinguishedName", + NULL + }; + static const char *wkattr[] = { + "wellKnownObjects", + NULL + }; + + if (ldb_dn_is_special(req->op.search.base)) { + char *dn; + + dn = ldb_dn_alloc_linearized(req, req->op.search.base); + if (!dn) { + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + if (strncasecmp(dn, "'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + if (strncasecmp(str, "S-", 2) == 0) { + valstr = str; + } else { + DATA_BLOB binary; + binary = strhex_to_data_blob(str); + if (!binary.data) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + valstr = ldb_binary_encode(req, binary); + data_blob_free(&binary); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* TODO: do a search over all partitions */ + base_dn = ldb_get_default_basedn(module->ldb); + base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_SUBTREE; + base_dn_attrs = dnattr; + } else if (strncasecmp(dn, "'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + if (strchr(str, '-')) { + valstr = str; + } else { + DATA_BLOB binary; + binary = strhex_to_data_blob(str); + if (!binary.data) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + valstr = ldb_binary_encode(req, binary); + data_blob_free(&binary); + if (!valstr) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + } + + /* TODO: do a search over all partitions */ + base_dn = ldb_get_default_basedn(module->ldb); + base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_SUBTREE; + base_dn_attrs = dnattr; + } else if (strncasecmp(dn, "module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + + tail_str = p; + p = strchr(tail_str, '>'); + if (!p) { + return LDB_ERR_INVALID_DN_SYNTAX; + } + p[0] = '\0'; + + base_dn = ldb_dn_new(req, module->ldb, tail_str); + if (!base_dn) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_filter = talloc_strdup(req, "(objectClass=*)"); + if (!base_dn_filter) { + ldb_oom(ac->module->ldb); + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + base_dn_scope = LDB_SCOPE_BASE; + base_dn_attrs = wkattr; + } + talloc_free(dn); + } /* check if there's an extended dn control */ control = ldb_request_get_control(req, LDB_CONTROL_EXTENDED_DN_OID); - if (control == NULL) { + if (control == NULL && base_dn_filter == NULL) { /* not found go on */ return ldb_next_request(module, req); } - if (control->data) { + if (control && control->data) { extended_ctrl = talloc_get_type(control->data, struct ldb_extended_dn_control); if (!extended_ctrl) { return LDB_ERR_PROTOCOL_ERROR; } } - ac = talloc(req, struct extended_context); + ac = talloc_zero(req, struct extended_context); if (ac == NULL) { ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; @@ -282,49 +565,75 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) ac->module = module; ac->req = req; + ac->control = control; + ac->basedn = NULL; + ac->wellknown_object = wellknown_object; + ac->inject = false; ac->remove_guid = false; ac->remove_sid = false; - if (extended_ctrl) { - ac->extended_type = extended_ctrl->type; - } else { - ac->extended_type = 0; - } - /* check if attrs only is specified, in that case check wether we need to modify them */ - if (req->op.search.attrs) { - if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { - ac->remove_guid = true; - } - if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { - ac->remove_sid = true; + if (control) { + ac->inject = true; + if (extended_ctrl) { + ac->extended_type = extended_ctrl->type; + } else { + ac->extended_type = 0; } - if (ac->remove_guid || ac->remove_sid) { - new_attrs = copy_attrs(ac, req->op.search.attrs); - if (new_attrs == NULL) { - ldb_oom(module->ldb); - return LDB_ERR_OPERATIONS_ERROR; + + /* check if attrs only is specified, in that case check wether we need to modify them */ + if (req->op.search.attrs) { + if (! is_attr_in_list(req->op.search.attrs, "objectGUID")) { + ac->remove_guid = true; } - - if (ac->remove_guid) { - if (!add_attrs(ac, &new_attrs, "objectGUID")) - return LDB_ERR_OPERATIONS_ERROR; + if (! is_attr_in_list(req->op.search.attrs, "objectSID")) { + ac->remove_sid = true; } - if (ac->remove_sid) { - if (!add_attrs(ac, &new_attrs, "objectSID")) + if (ac->remove_guid || ac->remove_sid) { + new_attrs = copy_attrs(ac, req->op.search.attrs); + if (new_attrs == NULL) { + ldb_oom(module->ldb); return LDB_ERR_OPERATIONS_ERROR; + } + + if (ac->remove_guid) { + if (!add_attrs(ac, &new_attrs, "objectGUID")) + return LDB_ERR_OPERATIONS_ERROR; + } + if (ac->remove_sid) { + if (!add_attrs(ac, &new_attrs, "objectSID")) + return LDB_ERR_OPERATIONS_ERROR; + } + ac->cast_attrs = (const char * const *)new_attrs; + } else { + ac->cast_attrs = req->op.search.attrs; } - cast_attrs = (const char * const *)new_attrs; - } else { - cast_attrs = req->op.search.attrs; } } + if (base_dn) { + ret = ldb_build_search_req(&down_req, + module->ldb, ac, + base_dn, + base_dn_scope, + base_dn_filter, + base_dn_attrs, + NULL, + ac, extended_base_callback, + req); + if (ret != LDB_SUCCESS) { + return LDB_ERR_OPERATIONS_ERROR; + } + + /* perform the search */ + return ldb_next_request(module, down_req); + } + ret = ldb_build_search_req_ex(&down_req, module->ldb, ac, req->op.search.base, req->op.search.scope, req->op.search.tree, - cast_attrs, + ac->cast_attrs, req->controls, ac, extended_callback, req); @@ -332,11 +641,13 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } - /* save it locally and remove it from the list */ - /* we do not need to replace them later as we - * are keeping the original req intact */ - if (!save_controls(control, down_req, &saved_controls)) { - return LDB_ERR_OPERATIONS_ERROR; + if (ac->control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(control, down_req, &saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } } /* perform the search */ -- cgit From 8aff4430308b36ae1a1a6629d67bba87eebb0dde Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 02:44:25 +0200 Subject: s4:kludge_acl: just fake support for the SD_FLAGS control metze --- source4/dsdb/samdb/ldb_modules/kludge_acl.c | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/source4/dsdb/samdb/ldb_modules/kludge_acl.c b/source4/dsdb/samdb/ldb_modules/kludge_acl.c index 24527c36c9..6e6da5581d 100644 --- a/source4/dsdb/samdb/ldb_modules/kludge_acl.c +++ b/source4/dsdb/samdb/ldb_modules/kludge_acl.c @@ -321,6 +321,8 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) struct kludge_private_data *data; const char * const *attrs; int ret, i; + struct ldb_control *sd_control; + struct ldb_control **sd_saved_controls; ac = talloc(req, struct kludge_acl_context); if (ac == NULL) { @@ -382,6 +384,17 @@ static int kludge_acl_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* check if there's an SD_FLAGS control */ + sd_control = ldb_request_get_control(down_req, LDB_CONTROL_SD_FLAGS_OID); + if (sd_control) { + /* save it locally and remove it from the list */ + /* we do not need to replace them later as we + * are keeping the original req intact */ + if (!save_controls(sd_control, down_req, &sd_saved_controls)) { + return LDB_ERR_OPERATIONS_ERROR; + } + } + /* perform the search */ return ldb_next_request(module, down_req); } @@ -462,6 +475,13 @@ static int kludge_acl_init(struct ldb_module *module) } data->password_attrs[i] = NULL; + ret = ldb_mod_register_control(module, LDB_CONTROL_SD_FLAGS_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + done: talloc_free(mem_ctx); return ldb_next_init(module); -- cgit From 3ebf3f316b003000b77499f494cf4d017ef870ad Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:05:02 +0200 Subject: s4:linked_attributes: fix a crash bug when the definition of a target attribute is missing Windows 2003 has a broken schema where the definition of msDS-IsDomainFor is missing (which is supposed to be the backlink of the msDS-HasDomainNCs attribute. Our schema is extracted from windows 2003, so we have the problem. As the NET-API-BECOME-DC test triggers this bug, windows 2003 seems to just skip creating a backlink. metze --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 38 ++++++++++++++++++++-- 1 file changed, 35 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index 3b389afffb..14fd107d81 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -217,6 +217,17 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * /* Even link IDs are for the originating attribute */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; + } + attr_name = target_attr->lDAPDisplayName; attr_val = ldb_dn_get_linearized(ac->req->op.add.message->dn); @@ -301,6 +312,16 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are } target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; + } attr_name = target_attr->lDAPDisplayName; /* make sure we manage each value */ @@ -399,9 +420,14 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques /* Now find the target attribute */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); if (!target_attr) { - ldb_asprintf_errstring(module->ldb, - "attribute %s does not have valid link target", el->name); - return LDB_ERR_OBJECT_CLASS_VIOLATION; + /* + * windows 2003 has a broken schema where + * the definition of msDS-IsDomainFor + * is missing (which is supposed to be + * the backlink of the msDS-HasDomainNCs + * attribute + */ + continue; } attr_name = target_attr->lDAPDisplayName; @@ -654,9 +680,15 @@ static int la_op_search_callback(struct ldb_request *req, if ((schema_attr->linkID & 1) == 0) { /* Odd is for the target. */ target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID + 1); + if (!target_attr) { + continue; + } attr_name = target_attr->lDAPDisplayName; } else { target_attr = dsdb_attribute_by_linkID(ac->schema, schema_attr->linkID - 1); + if (!target_attr) { + continue; + } attr_name = target_attr->lDAPDisplayName; } for (j = 0; j < el->num_values; j++) { -- cgit From 551bbd853c87002fe068b5fb2a044c424ab7e874 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:11:14 +0200 Subject: s4:partition: pass down the SEARCH_OPTIONS control as uncritical metze --- source4/dsdb/samdb/ldb_modules/partition.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad2901c308..ad3518e6b2 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -466,6 +466,14 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_OPERATIONS_ERROR; } + /* + * for now pass down the LDB_CONTROL_SEARCH_OPTIONS_OID control + * down as uncritical to make windows 2008 dcpromo happy. + */ + if (search_control) { + search_control->critical = 0; + } + /* TODO: Generate referrals (look for a partition under this DN) if we don't have the above control specified */ -- cgit From 81b3358f2a61c38ddd9d10accea8a4fe432f3085 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:22:33 +0200 Subject: s4:partition: register DOMAIN_SCOPE and SEARCH_OPTIONS controls metze --- source4/dsdb/samdb/ldb_modules/partition.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad3518e6b2..f600c72748 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -1160,6 +1160,20 @@ static int partition_init(struct ldb_module *module) } } + ret = ldb_mod_register_control(module, LDB_CONTROL_DOMAIN_SCOPE_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_mod_register_control(module, LDB_CONTROL_SEARCH_OPTIONS_OID); + if (ret != LDB_SUCCESS) { + ldb_debug(module->ldb, LDB_DEBUG_ERROR, + "partition: Unable to register control with rootdse!\n"); + return LDB_ERR_OPERATIONS_ERROR; + } + talloc_free(mem_ctx); return ldb_next_init(module); } -- cgit From 1e24fd3ba20ace6e8f7e974dd7b7fc1738ade8be Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:20:10 +0200 Subject: s4:rootdse: for now don't pass down controls for the rootdse search metze --- source4/dsdb/samdb/ldb_modules/rootdse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/ldb_modules/rootdse.c b/source4/dsdb/samdb/ldb_modules/rootdse.c index 0d14a54464..b38e182cf7 100644 --- a/source4/dsdb/samdb/ldb_modules/rootdse.c +++ b/source4/dsdb/samdb/ldb_modules/rootdse.c @@ -318,7 +318,7 @@ static int rootdse_search(struct ldb_module *module, struct ldb_request *req) LDB_SCOPE_BASE, NULL, req->op.search.attrs, - req->controls, + NULL,/* for now skip the controls from the client */ ac, rootdse_callback, req); if (ret != LDB_SUCCESS) { -- cgit From 3c9f3c32d1290b8e6c438a197602afe3e96ae828 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:25:13 +0200 Subject: s4:drsuapi.idl: fix some fields in drsuapi_DsRemoveDSServer() metze --- source4/libnet/libnet_unbecome_dc.c | 7 +------ source4/librpc/idl/drsuapi.idl | 4 ++-- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 3a9a5cebd8..2ee3c641b2 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -641,7 +641,7 @@ static void unbecomeDC_drsuapi_remove_ds_server_send(struct libnet_UnbecomeDC_st r->in.level = 1; r->in.req.req1.server_dn= s->dest_dsa.server_dn_str; r->in.req.req1.domain_dn= s->domain.dn_str; - r->in.req.req1.unknown = 0x00000001; + r->in.req.req1.commit = true; req = dcerpc_drsuapi_DsRemoveDSServer_send(s->drsuapi.pipe, s, r); composite_continue_rpc(c, req, unbecomeDC_drsuapi_remove_ds_server_recv, s); @@ -666,11 +666,6 @@ static void unbecomeDC_drsuapi_remove_ds_server_recv(struct rpc_request *req) composite_error(c, NT_STATUS_INVALID_NETWORK_RESPONSE); return; } - - if (!W_ERROR_IS_OK(r->out.res.res1.status)) { - composite_error(c, werror_to_ntstatus(r->out.res.res1.status)); - return; - } composite_done(c); } diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 0a5a081dd7..76858b2d5c 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -970,7 +970,7 @@ interface drsuapi typedef struct { [charset(UTF16),string] uint16 *server_dn; [charset(UTF16),string] uint16 *domain_dn; - uint32 unknown; /* 0x000000001 */ + boolean32 commit; } drsuapi_DsRemoveDSServerRequest1; typedef [switch_type(int32)] union { @@ -978,7 +978,7 @@ interface drsuapi } drsuapi_DsRemoveDSServerRequest; typedef struct { - WERROR status; + boolean32 last_dc_in_domain; } drsuapi_DsRemoveDSServerResult1; typedef [switch_type(int32)] union { -- cgit From f0c17496366547f14638763a6b8859c365f18792 Mon Sep 17 00:00:00 2001 From: Derrell Lipman Date: Thu, 2 Oct 2008 09:03:32 -0400 Subject: Fix bug 5805: don't close stdout - When calling setup_logging multiple times, the code was closing the debug file descriptor before opening or assigning the new one. We don't, however, want to close the debug file descriptor if it is stdout. Derrell --- source3/lib/debug.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/lib/debug.c b/source3/lib/debug.c index d835ea7c17..d91b55dd23 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -578,7 +578,9 @@ void setup_logging(const char *pname, bool interactive) stdout_logging = False; if (dbf) { x_fflush(dbf); - (void) x_fclose(dbf); + if (dbf != x_stdout) { + (void) x_fclose(dbf); + } } dbf = NULL; -- cgit From 05994005a35b940efc9cd8d1b3b0eebf2d2e38d7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 11:56:12 +0200 Subject: s4:setup: add wellknownObjects to the domain object metze --- source4/setup/provision_basedn_modify.ldif | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source4/setup/provision_basedn_modify.ldif b/source4/setup/provision_basedn_modify.ldif index 63332e937b..a7b501e8a8 100644 --- a/source4/setup/provision_basedn_modify.ldif +++ b/source4/setup/provision_basedn_modify.ldif @@ -77,4 +77,12 @@ subRefs: ${SCHEMADN} replace: gPLink gPLink: [LDAP://CN={${POLICYGUID}},CN=Policies,CN=System,${DOMAINDN};0] - +replace: wellKnownObjects +wellKnownObjects: B:32:22b70c67d56e4efb91e9300fca3dc1aa:CN=ForeignSecurityPrincipals,${DOMAINDN} +wellKnownObjects: B:32:2fbac1870ade11d297c400c04fd8d5cd:CN=Infrastructure,${DOMAINDN} +wellKnownObjects: B:32:ab1d30f3768811d1aded00c04fd8d5cd:CN=System,${DOMAINDN} +wellKnownObjects: B:32:a361b2ffffd211d1aa4b00c04fd7d83a:OU=Domain Controllers,${DOMAINDN} +wellKnownObjects: B:32:aa312825768811d1aded00c04fd8d5cd:CN=Computers,${DOMAINDN} +wellKnownObjects: B:32:a9d1ca15768811d1aded00c04fd8d5cd:CN=Users,${DOMAINDN} +- ${DOMAINGUID_MOD} -- cgit From a25fac13ebd6ffc1e5eac25182636cfa298435f4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 18:49:11 +0200 Subject: s4:blackblox/test_ldb: test searches via wellknownObjects metze --- testprogs/blackbox/test_ldb.sh | 62 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh index 8e1af99719..7a657d2e8d 100755 --- a/testprogs/blackbox/test_ldb.sh +++ b/testprogs/blackbox/test_ldb.sh @@ -117,5 +117,67 @@ echo "Search Options Control Query test returned 0 items" failed=`expr $failed + 1` fi +function wellkown_object_test() { + local guid=$1 + local object=$2 + local basedns + local dn + local r + local c + local n + local failed=0 + + basedns=" " + for dn in ${basedns}; do + echo "Test ${dn} => ${object}" + r=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER '(objectClass=*)' -b "${dn}" | grep 'dn: '` + n=`echo "${r}" | grep 'dn: ' | wc -l` + c=`echo "${r}" | grep "${object}" | wc -l` + + if [ $n -lt 1 ]; then + echo "Object not found by WKGUID" + failed=`expr $failed + 1` + continue + fi + if [ $c -lt 1 ]; then + echo "Wrong object found by WKGUID: [${r}]" + failed=`expr $failed + 1` + continue + fi + done + + return $failed +} + +wellkown_object_test 22B70C67D56E4EFB91E9300FCA3DC1AA ForeignSecurityPrincipals +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi +wellkown_object_test 2FBAC1870ADE11D297C400C04FD8D5CD Infrastructure +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi +wellkown_object_test AB1D30F3768811D1ADED00C04FD8D5CD System +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi +wellkown_object_test A361B2FFFFD211D1AA4B00C04FD7D83A Domain Controllers +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi +wellkown_object_test AA312825768811D1ADED00C04FD8D5CD Computers +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi +wellkown_object_test A9D1CA15768811D1ADED00C04FD8D5CD Users +st=$? +if [ x"$st" != x"0" ]; then + failed=`expr $failed + $st` +fi exit $failed -- cgit From e0dbac6873b816384f570ad8a7ceea7c96573d00 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 2 Oct 2008 12:21:11 -0700 Subject: Don't reject a successful alloc :-(. Jeremy. --- source3/printing/print_cups.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index b46d83bb01..b9bed7a138 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -71,7 +71,7 @@ static http_t *cups_connect(TALLOC_CTX *frame) } else { server = talloc_strdup(frame,cupsServer()); } - if (server) { + if (!server) { return NULL; } -- cgit From b174765d54c202eb507b1caaed95c33bcd54d243 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Thu, 2 Oct 2008 17:15:00 -0400 Subject: Fix crash bugs in error paths: ac is not yet initialized here, and we don't need to call ldb_module_done in the main module functions, we can directly return an error. ldb_module_done() is for callbacks --- source4/dsdb/samdb/ldb_modules/extended_dn.c | 45 +++++++++++----------------- 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/extended_dn.c b/source4/dsdb/samdb/ldb_modules/extended_dn.c index 6a7ed4e7c6..88a8887056 100644 --- a/source4/dsdb/samdb/ldb_modules/extended_dn.c +++ b/source4/dsdb/samdb/ldb_modules/extended_dn.c @@ -426,16 +426,14 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) DATA_BLOB binary; binary = strhex_to_data_blob(str); if (!binary.data) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } valstr = ldb_binary_encode(req, binary); data_blob_free(&binary); if (!valstr) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } } @@ -443,9 +441,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_get_default_basedn(module->ldb); base_dn_filter = talloc_asprintf(req, "(objectSid=%s)", valstr); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = dnattr; @@ -476,16 +473,14 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) DATA_BLOB binary; binary = strhex_to_data_blob(str); if (!binary.data) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } valstr = ldb_binary_encode(req, binary); data_blob_free(&binary); if (!valstr) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } } @@ -493,9 +488,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_get_default_basedn(module->ldb); base_dn_filter = talloc_asprintf(req, "(objectGUID=%s)", valstr); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_SUBTREE; base_dn_attrs = dnattr; @@ -513,9 +507,8 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) wellknown_object = talloc_asprintf(req, "B:32:%s:", &dn[8]); if (!wellknown_object) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } tail_str = p; @@ -527,15 +520,13 @@ static int extended_search(struct ldb_module *module, struct ldb_request *req) base_dn = ldb_dn_new(req, module->ldb, tail_str); if (!base_dn) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_filter = talloc_strdup(req, "(objectClass=*)"); if (!base_dn_filter) { - ldb_oom(ac->module->ldb); - return ldb_module_done(ac->req, NULL, NULL, - LDB_ERR_OPERATIONS_ERROR); + ldb_oom(module->ldb); + return LDB_ERR_OPERATIONS_ERROR; } base_dn_scope = LDB_SCOPE_BASE; base_dn_attrs = wkattr; -- cgit From 89a67bb60c3b88d5054a81085fb400930cfd5c55 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 2 Oct 2008 21:55:26 -0700 Subject: we need to listen on all interfaces in the CLDAP server as the windows CDLAP client ignores replies from the wrong IP --- source4/cldap_server/cldap_server.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c index 310fb564e0..240f2b1dc2 100644 --- a/source4/cldap_server/cldap_server.c +++ b/source4/cldap_server/cldap_server.c @@ -127,6 +127,7 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l int num_interfaces; TALLOC_CTX *tmp_ctx = talloc_new(cldapd); NTSTATUS status; + int i; num_interfaces = iface_count(ifaces); @@ -135,14 +136,14 @@ static NTSTATUS cldapd_startup_interfaces(struct cldapd_server *cldapd, struct l if (!lp_bind_interfaces_only(lp_ctx)) { status = cldapd_add_socket(cldapd, lp_ctx, "0.0.0.0"); NT_STATUS_NOT_OK_RETURN(status); - } else { - int i; - - for (i=0; i Date: Thu, 2 Oct 2008 21:57:27 -0700 Subject: fixed a talloc error in the rpc handle desctructor - destructors should not try to free the ptr they are given --- source4/rpc_server/handles.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/rpc_server/handles.c b/source4/rpc_server/handles.c index 47174b6eeb..4831fb063d 100644 --- a/source4/rpc_server/handles.c +++ b/source4/rpc_server/handles.c @@ -29,7 +29,6 @@ static int dcesrv_handle_destructor(struct dcesrv_handle *h) { DLIST_REMOVE(h->context->handles, h); - talloc_free(h); return 0; } -- cgit From c5fdb82d3280a0c94c9b15be0090c08675338159 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 2 Oct 2008 21:58:46 -0700 Subject: fixed the sense of ldb base dn comparisons in two places, and use a direct comparison instead of a sub-tree comparison in another this fixes basedn searches on the global catalog port --- source4/cldap_server/netlogon.c | 2 +- source4/dsdb/samdb/ldb_modules/partition.c | 4 ++-- source4/dsdb/samdb/ldb_modules/proxy.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 7dccd81fad..b31e89b7a5 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -301,7 +301,7 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, server_type |= NBT_SERVER_KDC; } - if (!ldb_dn_compare_base(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx))) { + if (ldb_dn_compare(ldb_get_root_basedn(sam_ctx), ldb_get_default_basedn(sam_ctx)) == 0) { server_type |= NBT_SERVER_DS_DNS_FOREST; } diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index ad2901c308..7cc19a1012 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -493,7 +493,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) } for (i=0; data && data->partitions && data->partitions[i]; i++) { /* Find all partitions under the search base */ - if (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0) { + if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; @@ -578,7 +578,7 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) } for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(req->op.rename.olddn, data->partitions[i]->dn) == 0) { + if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.rename.olddn) == 0) { matched = i; } } diff --git a/source4/dsdb/samdb/ldb_modules/proxy.c b/source4/dsdb/samdb/ldb_modules/proxy.c index 171832bbb4..18b0649dda 100644 --- a/source4/dsdb/samdb/ldb_modules/proxy.c +++ b/source4/dsdb/samdb/ldb_modules/proxy.c @@ -233,7 +233,7 @@ static void proxy_convert_record(struct ldb_context *ldb, int attr, v; /* fix the message DN */ - if (ldb_dn_compare_base(ldb, proxy->olddn, msg->dn) == 0) { + if (ldb_dn_compare_base(proxy->olddn, msg->dn) == 0) { ldb_dn_remove_base_components(msg->dn, ldb_dn_get_comp_num(proxy->olddn)); ldb_dn_add_base(msg->dn, proxy->newdn); } @@ -322,7 +322,7 @@ static int proxy_search_bytree(struct ldb_module *module, struct ldb_request *re } /* see if the dn is within olddn */ - if (ldb_dn_compare_base(module->ldb, proxy->newdn, req->op.search.base) != 0) { + if (ldb_dn_compare_base(proxy->newdn, req->op.search.base) != 0) { goto passthru; } -- cgit From 63e908e4b4b07455e14ac04d8efb3c4a3d043692 Mon Sep 17 00:00:00 2001 From: Matthias Dieter Wallnöfer Date: Fri, 3 Oct 2008 14:29:47 +0200 Subject: Fix regressions in patchfile after last patch, several other minor fixes. --- source4/lib/registry/patchfile.c | 42 +++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 22 deletions(-) diff --git a/source4/lib/registry/patchfile.c b/source4/lib/registry/patchfile.c index d49d46250d..a6f947ee78 100644 --- a/source4/lib/registry/patchfile.c +++ b/source4/lib/registry/patchfile.c @@ -69,7 +69,7 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey, old_num_values = 0; } - /* Subkeys that were deleted */ + /* Subkeys that were changed or deleted */ for (i = 0; i < old_num_subkeys; i++) { error1 = reg_key_get_subkey_by_index(mem_ctx, oldkey, i, &keyname1, NULL, NULL); @@ -81,24 +81,23 @@ WERROR reg_generate_diff_key(struct registry_key *oldkey, if (newkey != NULL) { error2 = reg_open_key(mem_ctx, newkey, keyname1, &t2); - - if (W_ERROR_IS_OK(error2)) - continue; } else { error2 = WERR_BADFILE; t2 = NULL; } - if (!W_ERROR_EQUAL(error2, WERR_BADFILE)) { + if (!W_ERROR_IS_OK(error2) && !W_ERROR_EQUAL(error2, WERR_BADFILE)) { DEBUG(0, ("Error occured while getting subkey by name: %s\n", win_errstr(error2))); talloc_free(mem_ctx); return error2; } - /* newkey didn't have such a subkey, add del diff */ + /* if "error2" is going to be "WERR_BADFILE", then newkey */ + /* didn't have such a subkey and therefore add a del diff */ tmppath = talloc_asprintf(mem_ctx, "%s\\%s", path, keyname1); - callbacks->del_key(callback_data, tmppath); + if (!W_ERROR_IS_OK(error2)) + callbacks->del_key(callback_data, tmppath); /* perform here also the recursive invocation */ error1 = reg_open_key(mem_ctx, oldkey, keyname1, &t1); @@ -385,14 +384,13 @@ static WERROR reg_diff_apply_add_key(void *_ctx, const char *key_name) static WERROR reg_diff_apply_del_key(void *_ctx, const char *key_name) { struct registry_context *ctx = (struct registry_context *)_ctx; - WERROR error; - error = reg_key_del_abs(ctx, key_name); + /* We can't proof here for success, because a common superkey could */ + /* have been deleted before the subkey's (diff order). This removed */ + /* therefore all childs recursively and the "WERR_BADFILE" result is */ + /* expected. */ - if(!W_ERROR_IS_OK(error)) { - DEBUG(0, ("Unable to delete key '%s'\n", key_name)); - return error; - } + reg_key_del_abs(ctx, key_name); return WERR_OK; } @@ -454,8 +452,7 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name) struct registry_context *ctx = (struct registry_context *)_ctx; struct registry_key *key; WERROR error; - int i; - uint32_t num_values; + const char* value_name; error = reg_open_key_abs(ctx, ctx, key_name, &key); @@ -465,14 +462,15 @@ static WERROR reg_diff_apply_del_all_values(void *_ctx, const char *key_name) } W_ERROR_NOT_OK_RETURN(reg_key_get_info(ctx, key, NULL, - NULL, &num_values, NULL, NULL, NULL, NULL)); + NULL, NULL, NULL, NULL, NULL, NULL)); - for (i = 0; i < num_values; i++) { - const char *name; - W_ERROR_NOT_OK_RETURN(reg_key_get_value_by_index(ctx, key, i, - &name, - NULL, NULL)); - W_ERROR_NOT_OK_RETURN(reg_del_value(key, name)); + while (W_ERROR_IS_OK(reg_key_get_value_by_index( + ctx, key, 0, &value_name, NULL, NULL))) { + error = reg_del_value(key, value_name); + if (!W_ERROR_IS_OK(error)) { + DEBUG(0, ("Error deleting value '%s'\n", value_name)); + return error; + } } return WERR_OK; -- cgit From 8e1d93e6a692676744c267dfd0d95802ff036a5f Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Fri, 3 Oct 2008 10:51:21 -0500 Subject: libaddns: Use the same prerequisite for DDNS update as Windows XP. Hostname, TYPE: CNAME, CLASS: NONE This has to have been broken for ages. I cannot see how it would have worked in any environment. --- source3/libaddns/dnsrecord.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/libaddns/dnsrecord.c b/source3/libaddns/dnsrecord.c index 500cbd6681..559c2644d4 100644 --- a/source3/libaddns/dnsrecord.c +++ b/source3/libaddns/dnsrecord.c @@ -378,10 +378,10 @@ DNS_ERROR dns_create_update_request(TALLOC_CTX *mem_ctx, if (!ERR_DNS_IS_OK(err)) return err; /* - * The zone must be used at all + * Use the same prereq as WinXP -- No CNAME records for this host. */ - err = dns_create_rrec(req, domainname, QTYPE_ANY, DNS_CLASS_ANY, + err = dns_create_rrec(req, hostname, QTYPE_CNAME, DNS_CLASS_NONE, 0, 0, NULL, &rec); if (!ERR_DNS_IS_OK(err)) goto error; -- cgit From c7625979ceb350d90d87d2add6ed7156440072c3 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Fri, 3 Oct 2008 10:51:54 -0500 Subject: net_dns: Make "lwinet ads dns register" honor the "interfaces" parameter. This is helpful on multihomed hosts that only require a subset of IP addresses be registered with DNS. --- source3/utils/net_dns.c | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 14d45e2b0f..46f38d42f6 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -150,9 +150,10 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss ) struct sockaddr_storage *list = NULL; int count = 0; - /* find the first non-loopback address from our list of interfaces */ + /* Honor the configured list of interfaces to register */ - n = get_interfaces(nics, MAX_INTERFACES); + load_interfaces(); + n = iface_count(); if (n <= 0) { return -1; @@ -163,19 +164,17 @@ int get_my_ip_address( struct sockaddr_storage **pp_ss ) } for ( i=0; i Date: Fri, 3 Oct 2008 12:21:53 -0700 Subject: fixed the partition module and the GC handling - when multiple partitions are searched, consider the search a success if any of the partitions return success - only search the right subset of partitions, looking at the scope and basedn of the search This fixes several errors with GC searches --- source4/dsdb/samdb/ldb_modules/partition.c | 42 +++++++++++++++++++++++++++--- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 7cc19a1012..1274061e77 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -50,6 +50,7 @@ struct part_request { struct partition_context { struct ldb_module *module; struct ldb_request *req; + bool got_success; struct part_request *part_req; int num_requests; @@ -170,7 +171,8 @@ static int partition_req_callback(struct ldb_request *req, return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } - if (ares->error != LDB_SUCCESS) { + + if (ares->error != LDB_SUCCESS && !ac->got_success) { return ldb_module_done(ac->req, ares->controls, ares->response, ares->error); } @@ -191,6 +193,9 @@ static int partition_req_callback(struct ldb_request *req, return ldb_module_send_entry(ac->req, ares->message); case LDB_REPLY_DONE: + if (ares->error == LDB_SUCCESS) { + ac->got_success = true; + } if (ac->req->operation == LDB_EXTENDED) { /* FIXME: check for ares->response, replmd does not fill it ! */ if (ares->response) { @@ -210,7 +215,8 @@ static int partition_req_callback(struct ldb_request *req, if (ac->finished_requests == ac->num_requests) { /* this was the last one, call callback */ return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); + ares->response, + ac->got_success?LDB_SUCCESS:ares->error); } /* not the last, now call the next one */ @@ -492,13 +498,41 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req) return partition_send_all(module, ac, req); } for (i=0; data && data->partitions && data->partitions[i]; i++) { - /* Find all partitions under the search base */ - if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { + bool match = false, stop = false; + /* Find all partitions under the search base + + we match if: + + 1) the DN we are looking for exactly matches the partition + or + 2) the DN we are looking for is a parent of the partition and it isn't + a scope base search + or + 3) the DN we are looking for is a child of the partition + */ + if (ldb_dn_compare(data->partitions[i]->dn, req->op.search.base) == 0) { + match = true; + if (req->op.search.scope == LDB_SCOPE_BASE) { + stop = true; + } + } + if (!match && + (ldb_dn_compare_base(req->op.search.base, data->partitions[i]->dn) == 0 && + req->op.search.scope != LDB_SCOPE_BASE)) { + match = true; + } + if (!match && + ldb_dn_compare_base(data->partitions[i]->dn, req->op.search.base) == 0) { + match = true; + stop = true; /* note that this relies on partition ordering */ + } + if (match) { ret = partition_prep_request(ac, data->partitions[i]); if (ret != LDB_SUCCESS) { return ret; } } + if (stop) break; } /* Perhaps we didn't match any partitions. Try the main partition, only */ -- cgit From 4b9cc7d478438e34217add83b2647d47d52268a7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 14:05:33 -0700 Subject: Document "cups connection timeout". Jeremy. --- .../smbdotconf/printing/cupsconnectiontimeout.xml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 docs-xml/smbdotconf/printing/cupsconnectiontimeout.xml diff --git a/docs-xml/smbdotconf/printing/cupsconnectiontimeout.xml b/docs-xml/smbdotconf/printing/cupsconnectiontimeout.xml new file mode 100644 index 0000000000..1c7df15c3c --- /dev/null +++ b/docs-xml/smbdotconf/printing/cupsconnectiontimeout.xml @@ -0,0 +1,20 @@ + + + + This parameter is only applicable if is set to cups. + + + + If set, this option specifies the number of seconds that smbd will wait + whilst trying to contact to the CUPS server. The connection will fail + if it takes longer than this number of seconds. + + + +30 +60 + -- cgit From f6c883b4b00f4cd751cd312a27bddffb3be9c059 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 14:18:35 -0700 Subject: Simply our main loop processing. A lot :-). Correctly use events for all the previous "special" cases. A step on the way to adding signals to the events and being able to merge the S3 event system with the S4 one. Jeremy. --- source3/auth/auth_domain.c | 65 +++++++++++++++ source3/include/proto.h | 3 +- source3/lib/dummysmbd.c | 15 ++++ source3/printing/notify.c | 26 ++++++ source3/smbd/process.c | 193 +++------------------------------------------ source3/smbd/reply.c | 3 - source3/smbd/server.c | 31 ++++++++ 7 files changed, 148 insertions(+), 188 deletions(-) diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c index c25e62ab80..f11dbe60ee 100644 --- a/source3/auth/auth_domain.c +++ b/source3/auth/auth_domain.c @@ -26,6 +26,71 @@ extern bool global_machine_password_needs_changing; static struct named_mutex *mutex; +/* + * Change machine password (called from main loop + * idle timeout. Must be done as root. + */ + +void attempt_machine_password_change(void) +{ + unsigned char trust_passwd_hash[16]; + time_t lct; + void *lock; + + if (!global_machine_password_needs_changing) { + return; + } + + if (lp_security() != SEC_DOMAIN) { + return; + } + + /* + * We're in domain level security, and the code that + * read the machine password flagged that the machine + * password needs changing. + */ + + /* + * First, open the machine password file with an exclusive lock. + */ + + lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); + + if (lock == NULL) { + DEBUG(0,("attempt_machine_password_change: unable to lock " + "the machine account password for machine %s in " + "domain %s.\n", + global_myname(), lp_workgroup() )); + return; + } + + if(!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd_hash, &lct, NULL)) { + DEBUG(0,("attempt_machine_password_change: unable to read the " + "machine account password for %s in domain %s.\n", + global_myname(), lp_workgroup())); + TALLOC_FREE(lock); + return; + } + + /* + * Make sure someone else hasn't already done this. + */ + + if(time(NULL) < lct + lp_machine_password_timeout()) { + global_machine_password_needs_changing = false; + TALLOC_FREE(lock); + return; + } + + /* always just contact the PDC here */ + + change_trust_account_password( lp_workgroup(), NULL); + global_machine_password_needs_changing = false; + TALLOC_FREE(lock); +} + /** * Connect to a remote server for (inter)domain security authenticaion. * diff --git a/source3/include/proto.h b/source3/include/proto.h index 2ccf3b15f7..6799106217 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -43,7 +43,8 @@ bool password_ok(const char *smb_name, DATA_BLOB password_blob); /* The following definitions come from auth/auth_domain.c */ -NTSTATUS auth_domain_init(void) ; +void attempt_machine_password_change(void); +NTSTATUS auth_domain_init(void); /* The following definitions come from auth/auth_ntlmssp.c */ diff --git a/source3/lib/dummysmbd.c b/source3/lib/dummysmbd.c index dbe886e3d1..5c624bdebf 100644 --- a/source3/lib/dummysmbd.c +++ b/source3/lib/dummysmbd.c @@ -51,3 +51,18 @@ NTSTATUS can_delete_directory(struct connection_struct *conn, { return NT_STATUS_OK; } + +bool change_to_root_user(void) +{ + return false; +} + +struct event_context *smbd_event_context(void) +{ + return NULL; +} + +struct messaging_context *smbd_messaging_context(void) +{ + return NULL; +} diff --git a/source3/printing/notify.c b/source3/printing/notify.c index 23df17c389..f6599c413d 100644 --- a/source3/printing/notify.c +++ b/source3/printing/notify.c @@ -34,6 +34,7 @@ static struct notify_queue { size_t buflen; } *notify_queue_head = NULL; +static struct timed_event *notify_event; static bool create_send_ctx(void) { @@ -214,6 +215,22 @@ void print_notify_send_messages(struct messaging_context *msg_ctx, num_messages = 0; } +/******************************************************************* + Event handler to send the messages. +*******************************************************************/ + +static void print_notify_event_send_messages(struct event_context *event_ctx, + struct timed_event *te, + const struct timeval *now, + void *private_data) +{ + /* Remove this timed event handler. */ + TALLOC_FREE(notify_event); + + change_to_root_user(); + print_notify_send_messages(smbd_messaging_context(), 0); +} + /********************************************************************** deep copy a SPOOLSS_NOTIFY_MSG structure using a TALLOC_CTX *********************************************************************/ @@ -304,6 +321,15 @@ to notify_queue_head\n", msg->type, msg->field, msg->printer)); DLIST_ADD_END(notify_queue_head, pnqueue, struct notify_queue *); num_messages++; + + if (smbd_event_context()) { + /* Add an event for 1 second's time to send this queue. */ + notify_event = event_add_timed(smbd_event_context(), NULL, + timeval_current_ofs(1,0), + "print_notify", + print_notify_event_send_messages, NULL); + } + } static void send_notify_field_values(const char *sharename, uint32 type, diff --git a/source3/smbd/process.c b/source3/smbd/process.c index b2d19e11e3..32629fd392 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -706,7 +706,7 @@ The timeout is in milliseconds ****************************************************************************/ static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer, - size_t *buffer_len, int timeout, + size_t *buffer_len, size_t *p_unread, bool *p_encrypted) { fd_set r_fds, w_fds; @@ -720,13 +720,8 @@ static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer, again: - if (timeout >= 0) { - to.tv_sec = timeout / 1000; - to.tv_usec = (timeout % 1000) * 1000; - } else { - to.tv_sec = SMBD_SELECT_TIMEOUT; - to.tv_usec = 0; - } + to.tv_sec = SMBD_SELECT_TIMEOUT; + to.tv_usec = 0; /* * Note that this call must be before processing any SMB @@ -869,7 +864,7 @@ static NTSTATUS receive_message_or_smb(TALLOC_CTX *mem_ctx, char **buffer, /* Did we timeout ? */ if (selrtn == 0) { - return NT_STATUS_IO_TIMEOUT; + goto again; } /* @@ -1836,23 +1831,6 @@ void chain_reply(struct smb_request *req) return; } -/**************************************************************************** - Setup the needed select timeout in milliseconds. -****************************************************************************/ - -static int setup_select_timeout(void) -{ - int select_timeout; - - select_timeout = SMBD_SELECT_TIMEOUT*1000; - - if (print_notify_messages_pending()) { - select_timeout = MIN(select_timeout, 1000); - } - - return select_timeout; -} - /**************************************************************************** Check if services need reloading. ****************************************************************************/ @@ -1906,114 +1884,19 @@ void check_reload(time_t t) } } -/**************************************************************************** - Process any timeout housekeeping. Return False if the caller should exit. -****************************************************************************/ - -static void timeout_processing(int *select_timeout, - time_t *last_timeout_processing_time) -{ - time_t t; - - *last_timeout_processing_time = t = time(NULL); - - /* become root again if waiting */ - change_to_root_user(); - - /* check if we need to reload services */ - check_reload(t); - - if(global_machine_password_needs_changing && - /* for ADS we need to do a regular ADS password change, not a domain - password change */ - lp_security() == SEC_DOMAIN) { - - unsigned char trust_passwd_hash[16]; - time_t lct; - void *lock; - - /* - * We're in domain level security, and the code that - * read the machine password flagged that the machine - * password needs changing. - */ - - /* - * First, open the machine password file with an exclusive lock. - */ - - lock = secrets_get_trust_account_lock(NULL, lp_workgroup()); - - if (lock == NULL) { - DEBUG(0,("process: unable to lock the machine account password for \ -machine %s in domain %s.\n", global_myname(), lp_workgroup() )); - return; - } - - if(!secrets_fetch_trust_account_password(lp_workgroup(), trust_passwd_hash, &lct, NULL)) { - DEBUG(0,("process: unable to read the machine account password for \ -machine %s in domain %s.\n", global_myname(), lp_workgroup())); - TALLOC_FREE(lock); - return; - } - - /* - * Make sure someone else hasn't already done this. - */ - - if(t < lct + lp_machine_password_timeout()) { - global_machine_password_needs_changing = False; - TALLOC_FREE(lock); - return; - } - - /* always just contact the PDC here */ - - change_trust_account_password( lp_workgroup(), NULL); - global_machine_password_needs_changing = False; - TALLOC_FREE(lock); - } - - /* update printer queue caches if necessary */ - - update_monitored_printq_cache(); - - /* - * Now we are root, check if the log files need pruning. - * Force a log file check. - */ - force_check_log_size(); - check_log_size(); - - /* Send any queued printer notify message to interested smbd's. */ - - print_notify_send_messages(smbd_messaging_context(), 0); - - /* - * Modify the select timeout depending upon - * what we have remaining in our queues. - */ - - *select_timeout = setup_select_timeout(); - - return; -} - /**************************************************************************** Process commands from the client ****************************************************************************/ void smbd_process(void) { - time_t last_timeout_processing_time = time(NULL); unsigned int num_smbs = 0; size_t unread_bytes = 0; max_recv = MIN(lp_maxxmit(),BUFFER_SIZE); while (True) { - int select_timeout = setup_select_timeout(); - int num_echos; + NTSTATUS status; char *inbuf = NULL; size_t inbuf_len = 0; bool encrypted = false; @@ -2021,82 +1904,24 @@ void smbd_process(void) errno = 0; - /* Did someone ask for immediate checks on things like blocking locks ? */ - if (select_timeout == 0) { - timeout_processing(&select_timeout, - &last_timeout_processing_time); - num_smbs = 0; /* Reset smb counter. */ - } - run_events(smbd_event_context(), 0, NULL, NULL); - while (True) { - NTSTATUS status; - - status = receive_message_or_smb( - talloc_tos(), &inbuf, &inbuf_len, - select_timeout, &unread_bytes, &encrypted); - - if (NT_STATUS_IS_OK(status)) { - break; - } - - if (NT_STATUS_EQUAL(status, NT_STATUS_IO_TIMEOUT)) { - timeout_processing( - &select_timeout, - &last_timeout_processing_time); - continue; - } + status = receive_message_or_smb( + talloc_tos(), &inbuf, &inbuf_len, + &unread_bytes, &encrypted); + if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("receive_message_or_smb failed: %s, " "exiting\n", nt_errstr(status))); return; - - num_smbs = 0; /* Reset smb counter. */ } - - /* - * Ensure we do timeout processing if the SMB we just got was - * only an echo request. This allows us to set the select - * timeout in 'receive_message_or_smb()' to any value we like - * without worrying that the client will send echo requests - * faster than the select timeout, thus starving out the - * essential processing (change notify, blocking locks) that - * the timeout code does. JRA. - */ - num_echos = smb_echo_count; - process_smb(inbuf, inbuf_len, unread_bytes, encrypted); TALLOC_FREE(inbuf); - if (smb_echo_count != num_echos) { - timeout_processing(&select_timeout, - &last_timeout_processing_time); - num_smbs = 0; /* Reset smb counter. */ - } - num_smbs++; - /* - * If we are getting smb requests in a constant stream - * with no echos, make sure we attempt timeout processing - * every select_timeout milliseconds - but only check for this - * every 200 smb requests. - */ - - if ((num_smbs % 200) == 0) { - time_t new_check_time = time(NULL); - if(new_check_time - last_timeout_processing_time >= (select_timeout/1000)) { - timeout_processing( - &select_timeout, - &last_timeout_processing_time); - num_smbs = 0; /* Reset smb counter. */ - last_timeout_processing_time = new_check_time; /* Reset time. */ - } - } - /* The timeout_processing function isn't run nearly often enough to implement 'max log size' without overrunning the size of the file by many megabytes. diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 8bfa28faea..0226d314f7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -29,7 +29,6 @@ /* look in server.c for some explanation of these variables */ extern enum protocol_types Protocol; extern int max_recv; -unsigned int smb_echo_count = 0; extern uint32 global_client_caps; extern bool global_encrypted_passwords_negotiated; @@ -4611,8 +4610,6 @@ void reply_echo(struct smb_request *req) TALLOC_FREE(req->outbuf); - smb_echo_count++; - END_PROFILE(SMBecho); return; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 53116f3d98..69a483e4fc 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1067,6 +1067,30 @@ static bool deadtime_fn(const struct timeval *now, void *private_data) return True; } +/* + * Do the recurring log file and smb.conf reload checks. + */ + +static bool housekeeping_fn(const struct timeval *now, void *private_data) +{ + change_to_root_user(); + + /* update printer queue caches if necessary */ + update_monitored_printq_cache(); + + /* check if we need to reload services */ + check_reload(time(NULL)); + + /* Change machine password if neccessary. */ + attempt_machine_password_change(); + + /* + * Force a log file check. + */ + force_check_log_size(); + check_log_size(); + return true; +} /**************************************************************************** main program. @@ -1426,6 +1450,13 @@ extern void build_options(bool screen); exit(1); } + if (!(event_add_idle(smbd_event_context(), NULL, + timeval_set(SMBD_SELECT_TIMEOUT, 0), + "housekeeping", housekeeping_fn, NULL))) { + DEBUG(0, ("Could not add housekeeping event\n")); + exit(1); + } + #ifdef CLUSTER_SUPPORT if (lp_clustering()) { -- cgit From a9390d3047b7b7aba6f73c20e3dff292f7600a9f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 14:58:41 -0700 Subject: Correctly fix smbclient to terminate on eof from server. Jeremy. --- source3/client/client.c | 13 +++++++++++-- source3/include/proto.h | 1 + source3/lib/readline.c | 13 ++++++++++++- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/source3/client/client.c b/source3/client/client.c index 7af7d30108..4d6bf8f198 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4345,6 +4345,8 @@ cleanup: } } +static bool finished; + /**************************************************************************** Make sure we swallow keepalives during idle time. ****************************************************************************/ @@ -4391,6 +4393,8 @@ static void readline_callback(void) DEBUG(0, ("Read from server failed, maybe it closed " "the connection\n")); + finished = true; + smb_readline_done(); if (NT_STATUS_EQUAL(status, NT_STATUS_END_OF_FILE)) { set_smb_read_error(&cli->smb_rw_error, SMB_READ_EOF); @@ -4419,7 +4423,12 @@ static void readline_callback(void) { unsigned char garbage[16]; memset(garbage, 0xf0, sizeof(garbage)); - cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage))); + if (!cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)))) { + DEBUG(0, ("SMBecho failed. Maybe server has closed " + "the connection\n")); + finished = true; + smb_readline_done(); + } } } @@ -4431,7 +4440,7 @@ static int process_stdin(void) { int rc = 0; - while (1) { + while (!finished) { TALLOC_CTX *frame = talloc_stackframe(); char *tok = NULL; char *the_prompt = NULL; diff --git a/source3/include/proto.h b/source3/include/proto.h index 6799106217..7cdcba19ab 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -708,6 +708,7 @@ bool privilege_set_to_se_priv( SE_PRIV *mask, struct lsa_PrivilegeSet *privset ) /* The following definitions come from lib/readline.c */ +void smb_readline_done(void); char *smb_readline(const char *prompt, void (*callback)(void), char **(completion_fn)(const char *text, int start, int end)); const char *smb_readline_get_line_buffer(void); diff --git a/source3/lib/readline.c b/source3/lib/readline.c index 254f55c86a..fd57799b57 100644 --- a/source3/lib/readline.c +++ b/source3/lib/readline.c @@ -45,6 +45,16 @@ # define RL_COMPLETION_CAST #endif /* HAVE_NEW_LIBREADLINE */ +static bool smb_rl_done; + +void smb_readline_done(void) +{ + smb_rl_done = true; +#if HAVE_LIBREADLINE + rl_done = 1; +#endif +} + /**************************************************************************** Display the prompt and wait for input. Call callback() regularly ****************************************************************************/ @@ -69,7 +79,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void) return NULL; } - while (1) { + while (!smb_rl_done) { timeout.tv_sec = 5; timeout.tv_usec = 0; @@ -87,6 +97,7 @@ static char *smb_readline_replacement(const char *prompt, void (*callback)(void) callback(); } } + return NULL; } /**************************************************************************** -- cgit From e13270d7ac1b8d1a85e67e3b84ca9bfdf88aa0cd Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:08:39 -0700 Subject: fixed the ldb blackbox test to work with non-bourne shells (as needed by ubuntu) fixed spelling of 'wellknown' --- testprogs/blackbox/test_ldb.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh index 7a657d2e8d..1774dbc7a3 100755 --- a/testprogs/blackbox/test_ldb.sh +++ b/testprogs/blackbox/test_ldb.sh @@ -117,7 +117,7 @@ echo "Search Options Control Query test returned 0 items" failed=`expr $failed + 1` fi -function wellkown_object_test() { +wellknown_object_test() { local guid=$1 local object=$2 local basedns @@ -149,32 +149,32 @@ function wellkown_object_test() { return $failed } -wellkown_object_test 22B70C67D56E4EFB91E9300FCA3DC1AA ForeignSecurityPrincipals +wellknown_object_test 22B70C67D56E4EFB91E9300FCA3DC1AA ForeignSecurityPrincipals st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi -wellkown_object_test 2FBAC1870ADE11D297C400C04FD8D5CD Infrastructure +wellknown_object_test 2FBAC1870ADE11D297C400C04FD8D5CD Infrastructure st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi -wellkown_object_test AB1D30F3768811D1ADED00C04FD8D5CD System +wellknown_object_test AB1D30F3768811D1ADED00C04FD8D5CD System st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi -wellkown_object_test A361B2FFFFD211D1AA4B00C04FD7D83A Domain Controllers +wellknown_object_test A361B2FFFFD211D1AA4B00C04FD7D83A Domain Controllers st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi -wellkown_object_test AA312825768811D1ADED00C04FD8D5CD Computers +wellknown_object_test AA312825768811D1ADED00C04FD8D5CD Computers st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi -wellkown_object_test A9D1CA15768811D1ADED00C04FD8D5CD Users +wellknown_object_test A9D1CA15768811D1ADED00C04FD8D5CD Users st=$? if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` -- cgit From 025ff92f59512fd530f4f68306fea77b26061682 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:10:53 -0700 Subject: expanded the netlogon test to better simulate the WSPP NRPC test that we had some trouble with --- source4/torture/rpc/netlogon.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 2522062696..3d4c594d05 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -1397,7 +1397,14 @@ static bool test_GetDomainInfo(struct torture_context *tctx, q1.blob2.data = NULL; q1.product.string = "product string"; - torture_comment(tctx, "Testing netr_uogonGetDomainInfo\n"); + torture_comment(tctx, "Testing netr_LogonGetDomainInfo\n"); + + status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo"); + torture_assert(tctx, creds_client_check(creds, &a.cred), "Credential chaining failed"); + + torture_comment(tctx, "Testing netr_LogonGetDomainInfo 2nd call\n"); + creds_client_authenticator(creds, &a); status = dcerpc_netr_LogonGetDomainInfo(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "netr_LogonGetDomainInfo"); @@ -1581,6 +1588,7 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx) tcase = torture_suite_add_machine_rpc_iface_tcase(suite, "netlogon", &ndr_table_netlogon, TEST_MACHINE_NAME); + torture_rpc_tcase_add_test(tcase, "LogonUasLogon", test_LogonUasLogon); torture_rpc_tcase_add_test(tcase, "LogonUasLogoff", test_LogonUasLogoff); torture_rpc_tcase_add_test_creds(tcase, "SamLogon", test_SamLogon); -- cgit From ba5ef49f831dbbfec1a360cd4644999de822e2bc Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 3 Oct 2008 17:52:59 -0700 Subject: updated the LSA and NETLOGON servers with fixes resulting from the AD plugfest in Redmond --- source4/librpc/idl/lsa.idl | 39 ++++++++++------- source4/librpc/idl/netlogon.idl | 61 +++++++++++++++++++++------ source4/rpc_server/lsa/dcesrv_lsa.c | 57 ++++++++++++++++++++++--- source4/rpc_server/lsa/lsa_lookup.c | 32 ++++++++++---- source4/rpc_server/netlogon/dcerpc_netlogon.c | 44 ++++++++++++++++--- source4/torture/ndr/lsa.c | 8 ++-- source4/torture/rpc/lsa.c | 30 +++++++++---- 7 files changed, 211 insertions(+), 60 deletions(-) diff --git a/source4/librpc/idl/lsa.idl b/source4/librpc/idl/lsa.idl index e1c4499022..4dce6d6d1e 100644 --- a/source4/librpc/idl/lsa.idl +++ b/source4/librpc/idl/lsa.idl @@ -140,12 +140,11 @@ import "misc.idl", "security.idl"; typedef struct { uint32 percent_full; - uint32 log_size; - NTTIME retention_time; + uint32 maximum_log_size; + hyper retention_time; uint8 shutdown_in_progress; - NTTIME time_to_shutdown; + hyper time_to_shutdown; uint32 next_audit_record; - uint32 unknown; } lsa_AuditLogInfo; typedef [v1_enum] enum { @@ -183,9 +182,13 @@ import "misc.idl", "security.idl"; lsa_String name; } lsa_PDAccountInfo; + typedef [v1_enum] enum { + LSA_ROLE_BACKUP=2, + LSA_ROLE_PRIMARY=3 + } lsa_Role; + typedef struct { - uint16 unknown; /* an midl padding bug? */ - uint16 role; + lsa_Role role; } lsa_ServerRole; typedef struct { @@ -204,7 +207,7 @@ import "misc.idl", "security.idl"; typedef struct { hyper modified_id; - NTTIME db_create_time; + NTTIME_hyper db_create_time; } lsa_ModificationInfo; typedef struct { @@ -212,7 +215,6 @@ import "misc.idl", "security.idl"; } lsa_AuditFullSetInfo; typedef struct { - uint16 unknown; /* an midl padding bug? */ uint8 shutdown_on_full; uint8 log_is_full; } lsa_AuditFullQueryInfo; @@ -243,7 +245,8 @@ import "misc.idl", "security.idl"; LSA_POLICY_INFO_DB=9, LSA_POLICY_INFO_AUDIT_FULL_SET=10, LSA_POLICY_INFO_AUDIT_FULL_QUERY=11, - LSA_POLICY_INFO_DNS=12 + LSA_POLICY_INFO_DNS=12, + LSA_POLICY_INFO_DNS_INT=13 } lsa_PolicyInfo; typedef [switch_type(uint16)] union { @@ -259,6 +262,7 @@ import "misc.idl", "security.idl"; [case(LSA_POLICY_INFO_AUDIT_FULL_SET)] lsa_AuditFullSetInfo auditfullset; [case(LSA_POLICY_INFO_AUDIT_FULL_QUERY)] lsa_AuditFullQueryInfo auditfullquery; [case(LSA_POLICY_INFO_DNS)] lsa_DnsDomainInfo dns; + [case(LSA_POLICY_INFO_DNS_INT)] lsa_DnsDomainInfo dns; } lsa_PolicyInformation; NTSTATUS lsa_QueryInfoPolicy ( @@ -1009,8 +1013,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray2 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x3b */ @@ -1068,8 +1072,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x45 */ @@ -1148,6 +1152,11 @@ import "misc.idl", "security.idl"; [in] uint32 unknown2 ); + const int LSA_CLIENT_REVISION_NO_DNS = 0x00000001; + const int LSA_CLIENT_REVISION_DNS = 0x00000002; + + const int LSA_LOOKUP_OPTIONS_NO_ISOLATED = 0x80000000; + /* Function 0x4d */ NTSTATUS lsa_LookupNames4( [in,range(0,1000)] uint32 num_names, @@ -1156,8 +1165,8 @@ import "misc.idl", "security.idl"; [in,out] lsa_TransSidArray3 *sids, [in] lsa_LookupNamesLevel level, [in,out] uint32 *count, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 lookup_options, + [in] uint32 client_revision /* LSA_CLIENT_REVISION* */ ); /* Function 0x4e */ diff --git a/source4/librpc/idl/netlogon.idl b/source4/librpc/idl/netlogon.idl index 8a36922fdd..22e90878e7 100644 --- a/source4/librpc/idl/netlogon.idl +++ b/source4/librpc/idl/netlogon.idl @@ -1100,6 +1100,16 @@ interface netlogon /****************/ /* Function 0x1d */ + typedef [bitmap32bit] bitmap { + NETR_TRUST_FLAG_IN_FOREST = 0x00000001, + NETR_TRUST_FLAG_OUTBOUND = 0x00000002, + NETR_TRUST_FLAG_TREEROOT = 0x00000004, + NETR_TRUST_FLAG_PRIMARY = 0x00000008, + NETR_TRUST_FLAG_NATIVE = 0x00000010, + NETR_TRUST_FLAG_INBOUND = 0x00000020, + NETR_TRUST_FLAG_MIT_KRB5 = 0x00000080, + NETR_TRUST_FLAG_AES = 0x00000100 + } netr_TrustFlags; typedef [flag(NDR_PAHEX)] struct { uint16 length; @@ -1127,26 +1137,61 @@ interface netlogon [case(2)] netr_DomainQuery1 *query1; } netr_DomainQuery; + typedef struct { + /* these first 3 values come from the fact windows + actually encodes this structure as a UNICODE_STRING + - see MS-NRPC section 2.2.1.3.9 */ + [value(8)] uint32 length; + [value(0)] uint32 dummy; + [value(8)] uint32 size; + netr_TrustFlags flags; + uint32 parent_index; + uint32 trust_type; + uint32 trust_attributes; + } netr_trust_extension; + + typedef struct { + uint16 length; /* value is 16 when info != NULL, otherwise 0 */ + [value(length)] uint16 size; /* value is 16 when info != NULL, otherwise 0 */ + netr_trust_extension *info; + } netr_trust_extension_container; + typedef struct { lsa_String domainname; lsa_String fulldomainname; lsa_String forest; GUID guid; dom_sid2 *sid; - netr_BinaryString unknown1[4]; - uint32 unknown[4]; + netr_trust_extension_container trust_extension; + lsa_String dummystring[3]; + uint32 dummy[4]; } netr_DomainTrustInfo; + typedef struct { + uint32 policy_size; + [size_is(policy_size)] uint8 *policy; + } netr_LsaPolicyInfo; + + typedef [public,bitmap32bit] bitmap { + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS = 0x00000001, + NETR_WS_FLAG_HANDLES_SPN_UPDATE = 0x00000002 + } netr_WorkstationFlags; + typedef struct { netr_DomainTrustInfo domaininfo; uint32 num_trusts; [size_is(num_trusts)] netr_DomainTrustInfo *trusts; - uint32 unknown[14]; /* room for expansion? */ + netr_LsaPolicyInfo lsa_policy; + lsa_String dns_hostname; + lsa_String dummystring[3]; + netr_WorkstationFlags workstation_flags; + uint32 supported_enc_types; + uint32 dummy[2]; } netr_DomainInfo1; typedef union { [case(1)] netr_DomainInfo1 *info1; - [case(2)] netr_DomainInfo1 *info1; + [case(2)] netr_DomainInfo1 *info2; } netr_DomainInfo; NTSTATUS netr_LogonGetDomainInfo( @@ -1230,14 +1275,6 @@ interface netlogon /****************/ /* Function 0x24 */ - typedef [bitmap32bit] bitmap { - NETR_TRUST_FLAG_IN_FOREST = 0x00000001, - NETR_TRUST_FLAG_OUTBOUND = 0x00000002, - NETR_TRUST_FLAG_TREEROOT = 0x00000004, - NETR_TRUST_FLAG_PRIMARY = 0x00000008, - NETR_TRUST_FLAG_NATIVE = 0x00000010, - NETR_TRUST_FLAG_INBOUND = 0x00000020 - } netr_TrustFlags; typedef [v1_enum] enum { NETR_TRUST_TYPE_DOWNLEVEL = 1, diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 7b15241b96..5e3be84cc5 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -1,3 +1,5 @@ +/* need access mask/acl implementation */ + /* Unix SMB/CIFS implementation. @@ -141,7 +143,8 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OK; } else if (h->wire_handle.handle_type == LSA_HANDLE_TRUSTED_DOMAIN) { - struct lsa_trusted_domain_state *trusted_domain_state = h->data; + struct lsa_trusted_domain_state *trusted_domain_state = + talloc_get_type(h->data, struct lsa_trusted_domain_state); ret = ldb_transaction_start(trusted_domain_state->policy->sam_ldb); if (ret != 0) { return NT_STATUS_INTERNAL_DB_CORRUPTION; @@ -187,6 +190,9 @@ static NTSTATUS dcesrv_lsa_DeleteObject(struct dcesrv_call_state *dce_call, TALL r2.in.sid = astate->account_sid; r2.out.rights = rights; + /* dcesrv_lsa_EnumAccountRights takes a LSA_HANDLE_POLICY, + but we have a LSA_HANDLE_ACCOUNT here, so this call + will always fail */ status = dcesrv_lsa_EnumAccountRights(dce_call, mem_ctx, &r2); if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { return NT_STATUS_OK; @@ -444,18 +450,46 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy2(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.info); switch (r->in.level) { + case LSA_POLICY_INFO_AUDIT_LOG: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_log); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_EVENTS: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->audit_events); + return NT_STATUS_OK; + case LSA_POLICY_INFO_PD: + /* we don't need to fill in any of this */ + ZERO_STRUCT(r->out.info->pd); + return NT_STATUS_OK; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: return dcesrv_lsa_info_AccountDomain(state, mem_ctx, &r->out.info->account_domain); + case LSA_POLICY_INFO_ROLE: + r->out.info->role.role = LSA_ROLE_PRIMARY; + return NT_STATUS_OK; case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_DNS_INT: return dcesrv_lsa_info_DNS(state, mem_ctx, &r->out.info->dns); - case LSA_POLICY_INFO_DB: + + case LSA_POLICY_INFO_REPLICA: + ZERO_STRUCT(r->out.info->replica); + return NT_STATUS_OK; + + case LSA_POLICY_INFO_QUOTA: + ZERO_STRUCT(r->out.info->quota); + return NT_STATUS_OK; + case LSA_POLICY_INFO_AUDIT_FULL_SET: + case LSA_POLICY_INFO_DB: case LSA_POLICY_INFO_AUDIT_FULL_QUERY: + /* windows gives INVALID_PARAMETER */ + r->out.info = NULL; return NT_STATUS_INVALID_PARAMETER; } + r->out.info = NULL; return NT_STATUS_INVALID_INFO_CLASS; } @@ -468,6 +502,8 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T struct lsa_QueryInfoPolicy2 r2; NTSTATUS status; + ZERO_STRUCT(r2); + r2.in.handle = r->in.handle; r2.in.level = r->in.level; @@ -484,6 +520,7 @@ static NTSTATUS dcesrv_lsa_QueryInfoPolicy(struct dcesrv_call_state *dce_call, T static NTSTATUS dcesrv_lsa_SetInfoPolicy(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy *r) { + /* need to support this */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } @@ -502,6 +539,13 @@ static NTSTATUS dcesrv_lsa_ClearAuditLog(struct dcesrv_call_state *dce_call, TAL lsa_CreateAccount This call does not seem to have any long-term effects, hence no database operations + + we need to talk to the MS product group to find out what this account database means! + + answer is that the lsa database is totally separate from the SAM and + ldap databases. We are going to need a separate ldb to store these + accounts. The SIDs on this account bear no relation to the SIDs in + AD */ static NTSTATUS dcesrv_lsa_CreateAccount(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_CreateAccount *r) @@ -648,7 +692,7 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc dns_name = r->in.info->domain_name.string; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1004,7 +1048,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomain(struct dcesrv_call_state *dce_call, ZERO_STRUCTP(r->out.trustdom_handle); policy_state = policy_handle->data; - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1088,7 +1132,7 @@ static NTSTATUS dcesrv_lsa_OpenTrustedDomainByName(struct dcesrv_call_state *dce return NT_STATUS_INVALID_PARAMETER; } - trusted_domain_state = talloc(mem_ctx, struct lsa_trusted_domain_state); + trusted_domain_state = talloc_zero(mem_ctx, struct lsa_trusted_domain_state); if (!trusted_domain_state) { return NT_STATUS_NO_MEMORY; } @@ -1228,7 +1272,7 @@ static NTSTATUS dcesrv_lsa_QueryTrustedDomainInfo(struct dcesrv_call_state *dce_ DCESRV_PULL_HANDLE(h, r->in.trustdom_handle, LSA_HANDLE_TRUSTED_DOMAIN); - trusted_domain_state = h->data; + trusted_domain_state = talloc_get_type(h->data, struct lsa_trusted_domain_state); /* pull all the user attributes */ ret = gendb_search_dn(trusted_domain_state->policy->sam_ldb, mem_ctx, @@ -2786,6 +2830,7 @@ static NTSTATUS dcesrv_lsa_SetInfoPolicy2(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx, struct lsa_SetInfoPolicy2 *r) { + /* need to support these */ DCESRV_FAULT(DCERPC_FAULT_OP_RNG_ERROR); } diff --git a/source4/rpc_server/lsa/lsa_lookup.c b/source4/rpc_server/lsa/lsa_lookup.c index 0ffb0572ee..2375a6d27a 100644 --- a/source4/rpc_server/lsa/lsa_lookup.c +++ b/source4/rpc_server/lsa/lsa_lookup.c @@ -525,8 +525,19 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, int i; NTSTATUS status = NT_STATUS_OK; + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + r->out.domains = NULL; + /* NOTE: the WSPP test suite tries SIDs with invalid revision numbers, + and expects NT_STATUS_INVALID_PARAMETER back - we just treat it as + an unknown SID. We could add a SID validator here. (tridge) + MS-DTYP 2.4.2 + */ + status = dcesrv_lsa_get_policy_state(dce_call, mem_ctx, &state); if (!NT_STATUS_IS_OK(status)) { return status; @@ -583,7 +594,7 @@ NTSTATUS dcesrv_lsa_LookupSids2(struct dcesrv_call_state *dce_call, authority_name, sid, r->out.domains, &sid_index); if (!NT_STATUS_IS_OK(status2)) { - return status2; + continue; } r->out.names->names[i].sid_type = rtype; @@ -683,9 +694,8 @@ NTSTATUS dcesrv_lsa_LookupSids(struct dcesrv_call_state *dce_call, TALLOC_CTX *m r2.out.names = NULL; status = dcesrv_lsa_LookupSids2(dce_call, mem_ctx, &r2); - if (NT_STATUS_IS_ERR(status)) { - return status; - } + /* we deliberately don't check for error from the above, + as even on error we are supposed to return the names */ r->out.domains = r2.out.domains; if (!r2.out.names) { @@ -727,6 +737,11 @@ NTSTATUS dcesrv_lsa_LookupNames3(struct dcesrv_call_state *dce_call, DCESRV_PULL_HANDLE(policy_handle, r->in.handle, LSA_HANDLE_POLICY); + if (r->in.level < LSA_LOOKUP_NAMES_ALL || + r->in.level > LSA_LOOKUP_NAMES_RODC_REFERRAL_TO_FULL_DC) { + return NT_STATUS_INVALID_PARAMETER; + } + policy_state = policy_handle->data; r->out.domains = NULL; @@ -830,10 +845,11 @@ NTSTATUS dcesrv_lsa_LookupNames4(struct dcesrv_call_state *dce_call, TALLOC_CTX r2.in.num_names = r->in.num_names; r2.in.names = r->in.names; + r2.in.level = r->in.level; r2.in.sids = r->in.sids; r2.in.count = r->in.count; - r2.in.unknown1 = r->in.unknown1; - r2.in.unknown2 = r->in.unknown2; + r2.in.lookup_options = r->in.lookup_options; + r2.in.client_revision = r->in.client_revision; r2.out.domains = r->out.domains; r2.out.sids = r->out.sids; r2.out.count = r->out.count; @@ -952,8 +968,8 @@ NTSTATUS dcesrv_lsa_LookupNames(struct dcesrv_call_state *dce_call, TALLOC_CTX * r2.in.sids = NULL; r2.in.level = r->in.level; r2.in.count = r->in.count; - r2.in.unknown1 = 0; - r2.in.unknown2 = 0; + r2.in.lookup_options = 0; + r2.in.client_revision = 0; r2.out.count = r->out.count; status = dcesrv_lsa_LookupNames2(dce_call, mem_ctx, &r2); diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index cceb2a62ac..beb1c4eb06 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -36,6 +36,7 @@ #include "param/param.h" #include "lib/messaging/irpc.h" #include "librpc/gen_ndr/ndr_irpc.h" +#include "librpc/gen_ndr/ndr_netlogon.h" struct server_pipe_state { struct netr_Credential client_challenge; @@ -898,20 +899,36 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, struct ldb_message *res, struct ldb_message *ref_res, struct netr_DomainTrustInfo *info, - bool is_local) + bool is_local, bool is_trust_list) { ZERO_STRUCTP(info); + info->trust_extension.info = talloc_zero(mem_ctx, struct netr_trust_extension); + info->trust_extension.length = 16; + info->trust_extension.info->flags = + NETR_TRUST_FLAG_TREEROOT | + NETR_TRUST_FLAG_IN_FOREST | + NETR_TRUST_FLAG_PRIMARY; + info->trust_extension.info->parent_index = 0; /* should be index into array + of parent */ + info->trust_extension.info->trust_type = LSA_TRUST_TYPE_UPLEVEL; /* should be based on ldb search for trusts */ + info->trust_extension.info->trust_attributes = LSA_TRUST_ATTRIBUTE_NON_TRANSITIVE; /* needs to be based on ldb search */ + + if (is_trust_list) { + /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */ + info->forest.string = NULL; + } else { + info->forest.string = "bludom.tridgell.net"; /* need ldb search */ + } + if (is_local) { info->domainname.string = samdb_result_string(ref_res, "nETBIOSName", NULL); info->fulldomainname.string = samdb_result_string(ref_res, "dnsRoot", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "objectSid"); } else { info->domainname.string = samdb_result_string(res, "flatName", NULL); info->fulldomainname.string = samdb_result_string(res, "trustPartner", NULL); - info->forest.string = NULL; info->guid = samdb_result_guid(res, "objectGUID"); info->sid = samdb_result_dom_sid(mem_ctx, res, "securityIdentifier"); } @@ -942,11 +959,16 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; + NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r); + status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, r->in.credential, r->out.return_authenticator, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,(__location__ " Bad credentials - error\n")); + } NT_STATUS_NOT_OK_RETURN(status); sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); @@ -992,19 +1014,29 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal info1->num_trusts); NT_STATUS_HAVE_NO_MEMORY(info1->trusts); - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->domaininfo, + true, false); NT_STATUS_NOT_OK_RETURN(status); for (i=0;itrusts[i], false); + status = fill_domain_trust_info(mem_ctx, res2[i], NULL, &info1->trusts[i], + false, true); NT_STATUS_NOT_OK_RETURN(status); } - status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], true); + status = fill_domain_trust_info(mem_ctx, res1[0], ref_res[0], &info1->trusts[i], + true, true); NT_STATUS_NOT_OK_RETURN(status); + info1->dns_hostname.string = "blu.bludom.tridgell.net"; + info1->workstation_flags = + NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE; + info1->supported_enc_types = 0; /* w2008 gives this 0 */ + r->out.info.info1 = info1; + NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r); + return NT_STATUS_OK; } diff --git a/source4/torture/ndr/lsa.c b/source4/torture/ndr/lsa.c index a72a03fa38..0d6d786882 100644 --- a/source4/torture/ndr/lsa.c +++ b/source4/torture/ndr/lsa.c @@ -1538,8 +1538,8 @@ static bool lsarlookupnames2_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); @@ -1637,8 +1637,8 @@ static bool lsarlookupnames3_in_check(struct torture_context *tctx, torture_assert_str_equal(tctx, r->in.names[1].string, "Administrators", "names[1]"); torture_assert_int_equal(tctx, r->in.level, 1, "level"); - torture_assert_int_equal(tctx, r->in.unknown1, 0, "unknown 1"); - torture_assert_int_equal(tctx, r->in.unknown2, 0, "unknown 2"); + torture_assert_int_equal(tctx, r->in.lookup_options, 0, "lookup_options"); + torture_assert_int_equal(tctx, r->in.client_revision, 0, "client_revision"); torture_assert_int_equal(tctx, *r->in.count, 0, "count"); torture_assert_int_equal(tctx, r->in.sids->count, 0, "sids count"); torture_assert(tctx, r->in.sids->sids == NULL, "sids sids"); diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index 45f67afd69..efbdecab13 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -338,8 +338,8 @@ static bool test_LookupNames2(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -383,8 +383,8 @@ static bool test_LookupNames3(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -425,8 +425,8 @@ static bool test_LookupNames4(struct dcerpc_pipe *p, r.in.sids = &sids; r.in.level = 1; r.in.count = &count; - r.in.unknown1 = 0; - r.in.unknown2 = 0; + r.in.lookup_options = 0; + r.in.client_revision = 0; r.out.count = &count; r.out.sids = &sids; @@ -2243,7 +2243,7 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, bool ret = true; printf("\nTesting QueryInfoPolicy\n"); - for (i=1;i<13;i++) { + for (i=1;i<=13;i++) { r.in.handle = handle; r.in.level = i; @@ -2262,7 +2262,14 @@ static bool test_QueryInfoPolicy(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy failed - %s\n", nt_errstr(status)); ret = false; @@ -2352,7 +2359,14 @@ static bool test_QueryInfoPolicy2(struct dcerpc_pipe *p, break; case LSA_POLICY_INFO_DOMAIN: case LSA_POLICY_INFO_ACCOUNT_DOMAIN: + case LSA_POLICY_INFO_DNS_INT: case LSA_POLICY_INFO_DNS: + case LSA_POLICY_INFO_REPLICA: + case LSA_POLICY_INFO_QUOTA: + case LSA_POLICY_INFO_ROLE: + case LSA_POLICY_INFO_AUDIT_LOG: + case LSA_POLICY_INFO_AUDIT_EVENTS: + case LSA_POLICY_INFO_PD: if (!NT_STATUS_IS_OK(status)) { printf("QueryInfoPolicy2 failed - %s\n", nt_errstr(status)); ret = false; @@ -2458,7 +2472,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!join) { ret = false; } - if (!test_LookupNames_wellknown(p, tctx, handle)) { ret = false; } @@ -2482,7 +2495,6 @@ bool torture_rpc_lsa(struct torture_context *tctx) if (!test_CreateSecret(p, tctx, handle)) { ret = false; } - if (!test_CreateTrustedDomain(p, tctx, handle)) { ret = false; } -- cgit From af9dc6381da52c686d797a54d69b486214000cb5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 3 Oct 2008 17:57:37 -0700 Subject: Fix the build farm. In this branch cli_echo returns NTSTATUS. Jeremy --- source3/client/client.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/source3/client/client.c b/source3/client/client.c index 4d6bf8f198..eb9f31bdf2 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -4421,9 +4421,12 @@ static void readline_callback(void) /* Ping the server to keep the connection alive using SMBecho. */ { + NTSTATUS status; unsigned char garbage[16]; memset(garbage, 0xf0, sizeof(garbage)); - if (!cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)))) { + status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage))); + + if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("SMBecho failed. Maybe server has closed " "the connection\n")); finished = true; -- cgit From 0e0371b78a8d445cd0a08bd102a9a2c4952c235f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 21:52:11 +0200 Subject: "gwen/cc" does not like the double const :-) --- source3/libnet/libnet_proto.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 43046a44c0..69a16c1c7d 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -53,7 +53,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx); struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, const char *principal, int kvno, - const const krb5_enctype enctype, + const krb5_enctype enctype, TALLOC_CTX *mem_ctx); #endif -- cgit From 87f496f3c1ff5c8fd72bcfb6b4af7cb539d5bc47 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 22:07:14 +0200 Subject: Fix a potential NULL deref in line 258 found by the IBM checker --- source3/libaddns/dnsmarshall.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/libaddns/dnsmarshall.c b/source3/libaddns/dnsmarshall.c index 8c3389eb9b..5530290c57 100644 --- a/source3/libaddns/dnsmarshall.c +++ b/source3/libaddns/dnsmarshall.c @@ -252,6 +252,7 @@ void dns_unmarshall_domain_name(TALLOC_CTX *mem_ctx, if (!(name = talloc(mem_ctx, struct dns_domain_name))) { buf->error = ERROR_DNS_NO_MEMORY; + return; } dns_unmarshall_label(name, 0, buf, &name->pLabelList); -- cgit From 9eea6929e3420a0035ec3c0e3f1b4dd24847bbfa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 22:15:03 +0200 Subject: Fix an uninitialized variable found by the IBM Checker --- source3/libads/ldap.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index bfcfcf30b9..40f052281d 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -2828,6 +2828,7 @@ ADS_STATUS ads_domain_func_level(ADS_STRUCT *ads, uint32 *val) if ( (ads_s = ads_init( ads->server.realm, ads->server.workgroup, ads->server.ldap_server )) == NULL ) { + status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); goto done; } ads_s->auth.flags = ADS_AUTH_ANON_BIND; -- cgit From 80665a0b5abbdd8df735e1ccdab3206399beba0b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 4 Oct 2008 22:17:30 +0200 Subject: Fix an unlikely memleak found by the IBM checker --- source3/libads/util.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/libads/util.c b/source3/libads/util.c index 72f5dee80c..d23c36f326 100644 --- a/source3/libads/util.c +++ b/source3/libads/util.c @@ -86,6 +86,8 @@ ADS_STATUS ads_guess_service_principal(ADS_STRUCT *ads, server_realm = SMB_STRDUP(ads->config.realm); if (!server || !server_realm) { + SAFE_FREE(server); + SAFE_FREE(server_realm); return ADS_ERROR(LDAP_NO_MEMORY); } -- cgit From fe67306fc626333da4f03f6f2a823de9cc2b6cc2 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 5 Oct 2008 08:17:16 +1100 Subject: removed some debug lines I left in the last commit --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 4 ---- 1 file changed, 4 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index beb1c4eb06..64d0f77303 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -959,8 +959,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal const char *local_domain; - NDR_PRINT_IN_DEBUG(netr_LogonGetDomainInfo, r); - status = dcesrv_netr_creds_server_step_check(dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, r->in.computer_name, mem_ctx, r->in.credential, @@ -1035,8 +1033,6 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal r->out.info.info1 = info1; - NDR_PRINT_OUT_DEBUG(netr_LogonGetDomainInfo, r); - return NT_STATUS_OK; } -- cgit From de5edb1d0c0d60b337d2cbb7151db47d31bfa8d4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Sun, 5 Oct 2008 15:48:46 +1100 Subject: remove dependencies on my home domain (in other words, don't do commits in airports) --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index 64d0f77303..d5f7d2afae 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -918,7 +918,8 @@ static NTSTATUS fill_domain_trust_info(TALLOC_CTX *mem_ctx, /* MS-NRPC 3.5.4.3.9 - must be set to NULL for trust list */ info->forest.string = NULL; } else { - info->forest.string = "bludom.tridgell.net"; /* need ldb search */ + /* TODO: we need a common function for pulling the forest */ + info->forest.string = samdb_result_string(ref_res, "dnsRoot", NULL); } if (is_local) { @@ -1026,7 +1027,7 @@ static NTSTATUS dcesrv_netr_LogonGetDomainInfo(struct dcesrv_call_state *dce_cal true, true); NT_STATUS_NOT_OK_RETURN(status); - info1->dns_hostname.string = "blu.bludom.tridgell.net"; + info1->dns_hostname.string = samdb_result_string(ref_res[0], "dnsRoot", NULL); info1->workstation_flags = NETR_WS_FLAG_HANDLES_INBOUND_TRUSTS | NETR_WS_FLAG_HANDLES_SPN_UPDATE; info1->supported_enc_types = 0; /* w2008 gives this 0 */ -- cgit From 6ee4e81ad13fba417a4e50b5c162a799e44adf27 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 10:55:30 +0200 Subject: Fix an uninitialized variable warning Not sure if we can ever not get domain and dns_domain, but gcc complained --- source3/libsmb/dsgetdcname.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index 18010aaa1c..08ab8cad14 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -228,6 +228,8 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx, } } + status = NT_STATUS_OK; + done: data_blob_free(&blob); -- cgit From 01ecd766c86ad49c7d8b9095bef76b5dcc71d757 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 13:12:31 +0200 Subject: OS/X does not have rl_done in readline.h --- source3/lib/readline.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source3/lib/readline.c b/source3/lib/readline.c index fd57799b57..cafb5a9f62 100644 --- a/source3/lib/readline.c +++ b/source3/lib/readline.c @@ -47,6 +47,14 @@ static bool smb_rl_done; +#if HAVE_LIBREADLINE +/* + * MacOS/X does not have rl_done in readline.h, but + * readline.so has it + */ +extern int rl_done; +#endif + void smb_readline_done(void) { smb_rl_done = true; -- cgit From 8670235f2a2b9ef4b6863c185bd2ab57acd7e57a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 13:58:09 +0200 Subject: Fix some missing error handlings --- source3/lib/netapi/file.c | 3 ++- source3/lib/netapi/getdc.c | 4 ++++ source3/lib/netapi/share.c | 3 ++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/source3/lib/netapi/file.c b/source3/lib/netapi/file.c index 036af32f38..0d66be0eb1 100644 --- a/source3/lib/netapi/file.c +++ b/source3/lib/netapi/file.c @@ -47,7 +47,8 @@ WERROR NetFileClose_r(struct libnetapi_ctx *ctx, r->in.server_name, r->in.fileid, &werr); - if (!W_ERROR_IS_OK(werr)) { + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); goto done; } diff --git a/source3/lib/netapi/getdc.c b/source3/lib/netapi/getdc.c index 07a6544af1..76c0d0be2a 100644 --- a/source3/lib/netapi/getdc.c +++ b/source3/lib/netapi/getdc.c @@ -58,6 +58,10 @@ WERROR NetGetDCName_r(struct libnetapi_ctx *ctx, r->in.domain_name, (const char **)r->out.buffer, &werr); + + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + } done: return werr; diff --git a/source3/lib/netapi/share.c b/source3/lib/netapi/share.c index 1d0e1810f1..e6aed36064 100644 --- a/source3/lib/netapi/share.c +++ b/source3/lib/netapi/share.c @@ -271,7 +271,8 @@ WERROR NetShareDel_r(struct libnetapi_ctx *ctx, r->in.net_name, r->in.reserved, &werr); - if (!W_ERROR_IS_OK(werr)) { + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); goto done; } -- cgit From 9bb6bae4ef5c02cb2b6c325e228fc4f4d4366167 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 15:48:55 +0200 Subject: Remove an unused variable --- source3/utils/net_dns.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/utils/net_dns.c b/source3/utils/net_dns.c index 46f38d42f6..4e617a1968 100644 --- a/source3/utils/net_dns.c +++ b/source3/utils/net_dns.c @@ -145,7 +145,6 @@ error: int get_my_ip_address( struct sockaddr_storage **pp_ss ) { - struct iface_struct nics[MAX_INTERFACES]; int i, n; struct sockaddr_storage *list = NULL; int count = 0; -- cgit From 9542b2fe60482382459d387294fb92c182f35d64 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 16:09:18 +0200 Subject: Re-enable build of smb_samba3.c after the rename smbd->samba --- source4/smb_server/config.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/smb_server/config.mk b/source4/smb_server/config.mk index 8ed03b17fe..6a1a50ffbf 100644 --- a/source4/smb_server/config.mk +++ b/source4/smb_server/config.mk @@ -13,7 +13,7 @@ $(eval $(call proto_header_template,$(smb_serversrcdir)/service_smb_proto.h,$(SE # [MODULE::SERVICE_SAMBA3_SMB] INIT_FUNCTION = server_service_samba3_smb_init -SUBSYSTEM = smbd +SUBSYSTEM = samba SERVICE_SAMBA3_SMB_OBJ_FILES = $(smb_serversrcdir)/smb_samba3.o -- cgit From 1a228b442e9382167872fb863529001ac71d7567 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 20:47:00 +0200 Subject: smbd3 is unhappy if stderr is not open --- source4/smb_server/smb_samba3.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source4/smb_server/smb_samba3.c b/source4/smb_server/smb_samba3.c index 7b3229892f..259d29039d 100644 --- a/source4/smb_server/smb_samba3.c +++ b/source4/smb_server/smb_samba3.c @@ -52,7 +52,8 @@ static void samba3_smb_accept(struct stream_connection *conn) close(1); dup2(fd, 0); dup2(fd, 1); - for (i=2;i<256;i++) { + dup2(fd, 2); + for (i=3;i<256;i++) { close(i); } -- cgit From 41ee314438fe15d3bdd6a86ad5acf953c255011c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 5 Oct 2008 16:14:27 +0200 Subject: Fix some nonempty blank lines --- source3/libsmb/cliquota.c | 50 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/source3/libsmb/cliquota.c b/source3/libsmb/cliquota.c index f369d28dff..dcdfec241d 100644 --- a/source3/libsmb/cliquota.c +++ b/source3/libsmb/cliquota.c @@ -2,17 +2,17 @@ Unix SMB/CIFS implementation. client quota functions Copyright (C) Stefan (metze) Metzmacher 2003 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -25,7 +25,7 @@ bool cli_get_quota_handle(struct cli_state *cli, int *quota_fnum) 0x00000016, DESIRED_ACCESS_PIPE, 0x00000000, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0x00000000, 0x03); - + if (*quota_fnum == (-1)) { return False; } @@ -37,7 +37,7 @@ void free_ntquota_list(SMB_NTQUOTA_LIST **qt_list) { if (!qt_list) return; - + if ((*qt_list)->mem_ctx) talloc_destroy((*qt_list)->mem_ctx); @@ -60,7 +60,7 @@ static bool parse_user_quota_record(const char *rdata, unsigned int rdata_count, if (rdata_count < 40) { return False; } - + /* offset to next quota record. * 4 bytes IVAL(rdata,0) * unused here... @@ -116,7 +116,7 @@ static bool parse_user_quota_record(const char *rdata, unsigned int rdata_count, return False; } #endif /* LARGE_SMB_OFF_T */ - + sid_parse(rdata+40,sid_len,&qt.sid); qt.qtype = SMB_USER_QUOTA_TYPE; @@ -149,13 +149,13 @@ bool cli_get_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC SIVAL(params, 4,0x00000024); SIVAL(params, 8,0x00000000); SIVAL(params,12,0x00000024); - + sid_len = ndr_size_dom_sid(&pqt->sid, 0); data_len = sid_len+8; SIVAL(data, 0, 0x00000000); SIVAL(data, 4, sid_len); sid_linearize(data+8, sid_len, &pqt->sid); - + if (!cli_send_nt_trans(cli, NT_TRANSACT_GET_USER_QUOTA, 0, @@ -204,7 +204,7 @@ bool cli_set_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC unsigned int rparam_count=0, rdata_count=0; unsigned int sid_len; memset(data,'\0',112); - + if (!cli||!pqt) { smb_panic("cli_set_user_quota() called with NULL Pointer!"); } @@ -221,7 +221,7 @@ bool cli_set_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_STRUC SBIG_UINT(data,24,pqt->softlim); SBIG_UINT(data,32,pqt->hardlim); sid_linearize(data+40, sid_len, &pqt->sid); - + if (!cli_send_nt_trans(cli, NT_TRANSACT_SET_USER_QUOTA, 0, @@ -278,7 +278,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST SIVAL(params, 4,0x00000000); SIVAL(params, 8,0x00000000); SIVAL(params,12,0x00000000); - + if (!cli_send_nt_trans(cli, NT_TRANSACT_GET_USER_QUOTA, 0, @@ -353,7 +353,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST DEBUG(1,("Failed to send NT_TRANSACT_GET_USER_QUOTA\n")); goto cleanup; } - + SAFE_FREE(rparam); SAFE_FREE(rdata); if (!cli_receive_nt_trans(cli, @@ -369,7 +369,7 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST } else { ret = True; } - + if (rdata_count == 0) { break; } @@ -389,26 +389,26 @@ bool cli_list_user_quota(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_LIST talloc_destroy(mem_ctx); goto cleanup; } - + if ((tmp_list_ent->quotas=TALLOC_ZERO_P(mem_ctx,SMB_NTQUOTA_STRUCT))==NULL) { DEBUG(0,("TALLOC_ZERO() failed\n")); talloc_destroy(mem_ctx); goto cleanup; } - + memcpy(tmp_list_ent->quotas,&qt,sizeof(qt)); tmp_list_ent->mem_ctx = mem_ctx; - + DLIST_ADD((*pqt_list),tmp_list_ent); } } - + ret = True; cleanup: SAFE_FREE(rparam); SAFE_FREE(rdata); - + return ret; } @@ -427,9 +427,9 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST } setup = TRANSACT2_QFSINFO; - + SSVAL(param,0,SMB_FS_QUOTA_INFORMATION); - + if (!cli_send_trans(cli, SMBtrans2, NULL, 0, 0, @@ -438,7 +438,7 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST NULL, 0, 560)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -455,7 +455,7 @@ bool cli_get_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST if (rdata_count < 48) { goto cleanup; } - + /* unknown_1 24 NULL bytes in pdata*/ /* the soft quotas 8 bytes (SMB_BIG_UINT)*/ @@ -541,7 +541,7 @@ bool cli_set_fs_quota_info(struct cli_state *cli, int quota_fnum, SMB_NTQUOTA_ST data, 48, 0)) { goto cleanup; } - + if (!cli_receive_trans(cli, SMBtrans2, &rparam, &rparam_count, &rdata, &rdata_count)) { @@ -604,7 +604,7 @@ void dump_ntquota(SMB_NTQUOTA_STRUCT *qt, bool _verbose, bool _numeric, void (*_ case SMB_USER_QUOTA_TYPE: { fstring username_str = {0}; - + if (_sidtostring) { _sidtostring(username_str,&qt->sid,_numeric); } else { -- cgit From bb4e9d72dd7de46ae4635ff5fbe5427b2a93e7cc Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 2 Oct 2008 19:31:56 +0200 Subject: s4:blackbox/test_ldb: test search by and metze --- testprogs/blackbox/test_ldb.sh | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/testprogs/blackbox/test_ldb.sh b/testprogs/blackbox/test_ldb.sh index 1774dbc7a3..5209abeb2c 100755 --- a/testprogs/blackbox/test_ldb.sh +++ b/testprogs/blackbox/test_ldb.sh @@ -180,4 +180,29 @@ if [ x"$st" != x"0" ]; then failed=`expr $failed + $st` fi +echo "Getting HEX GUID/SID of $BASEDN" +HEXDN=`bin/ldbsearch $CONFIGURATION $options -b "$BASEDN" -H $p://$SERVER -s base "(objectClass=*)" --controls=extended_dn:1:0 | grep 'dn: ' | cut -d ' ' -f2-` +HEXGUID=`echo "$HEXDN" | cut -d ';' -f1` +HEXSID=`echo "$HEXDN" | cut -d ';' -f2` +echo "HEXGUID[$HEXGUID]" +echo "HEXSID[$HEXSID]" + +echo "Getting STR GUID/SID of $BASEDN" +STRDN=`bin/ldbsearch $CONFIGURATION $options -b "$BASEDN" -H $p://$SERVER -s base "(objectClass=*)" --controls=extended_dn:1:1 | grep 'dn: ' | cut -d ' ' -f2-` +echo "STRDN: $STRDN" +STRGUID=`echo "$STRDN" | cut -d ';' -f1` +STRSID=`echo "$STRDN" | cut -d ';' -f2` +echo "STRGUID[$STRGUID]" +echo "STRSID[$STRSID]" + +SPECIALDNS="$HEXGUID $HEXSID $STRGUID $STRSID" +for SPDN in $SPECIALDNS; do + echo "Search for $SPDN" + nentries=`bin/ldbsearch $options $CONFIGURATION -H $p://$SERVER -s base -b "$SPDN" '(objectClass=*)' | grep "dn: $BASEDN" | wc -l` + if [ $nentries -lt 1 ]; then + echo "Special search returned 0 items" + failed=`expr $failed + 1` + fi +done + exit $failed -- cgit From f3ba7fc0b973ea66ee57fe0e1be73b3bcefc07fb Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 22 Sep 2008 19:23:21 +0200 Subject: Store a local schannel key in secrets.tdb --- source3/include/proto.h | 2 ++ source3/include/secrets.h | 2 ++ source3/passdb/secrets.c | 25 +++++++++++++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 7cdcba19ab..41544da8c9 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6421,6 +6421,8 @@ bool secrets_restore_schannel_session_info(TALLOC_CTX *mem_ctx, struct dcinfo **ppdc); bool secrets_store_generic(const char *owner, const char *key, const char *secret); char *secrets_fetch_generic(const char *owner, const char *key); +bool secrets_store_local_schannel_key(uint8_t schannel_key[16]); +bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]); /* The following definitions come from passdb/util_builtin.c */ diff --git a/source3/include/secrets.h b/source3/include/secrets.h index d9f457558b..3c8e2ccf81 100644 --- a/source3/include/secrets.h +++ b/source3/include/secrets.h @@ -45,6 +45,8 @@ #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW" +#define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY" + /* Authenticated user info is stored in secrets.tdb under these keys */ #define SECRETS_AUTH_USER "SECRETS/AUTH_USER" diff --git a/source3/passdb/secrets.c b/source3/passdb/secrets.c index 4527ae7127..306d4d0a35 100644 --- a/source3/passdb/secrets.c +++ b/source3/passdb/secrets.c @@ -259,6 +259,31 @@ bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid) return True; } +bool secrets_store_local_schannel_key(uint8_t schannel_key[16]) +{ + return secrets_store(SECRETS_LOCAL_SCHANNEL_KEY, schannel_key, 16); +} + +bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16]) +{ + size_t size = 0; + uint8_t *key; + + key = (uint8_t *)secrets_fetch(SECRETS_LOCAL_SCHANNEL_KEY, &size); + if (key == NULL) { + return false; + } + + if (size != 16) { + SAFE_FREE(key); + return false; + } + + memcpy(schannel_key, key, 16); + SAFE_FREE(key); + return true; +} + /** * Form a key for fetching the machine trust account sec channel type * -- cgit From 2f6026248ec9a84f6a263622f1753e98c89eb543 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 22 Sep 2008 19:24:59 +0200 Subject: Add dyn_NCALRPCDIR --- source3/Makefile.in | 2 ++ source3/dynconfig.c | 1 + source3/include/dynconfig.h | 4 ++++ source3/m4/check_path.m4 | 19 +++++++++++++++++++ 4 files changed, 26 insertions(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index 61e946e7cd..1bb2b87a4a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -127,6 +127,7 @@ LOGFILEBASE = @logfilebase@ CONFIGFILE = $(CONFIGDIR)/smb.conf LMHOSTSFILE = $(CONFIGDIR)/lmhosts CTDBDIR = @ctdbdir@ +NCALRPCDIR = @ncalrpcdir@ # This is where smbpasswd et al go PRIVATEDIR = @privatedir@ @@ -166,6 +167,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \ -DLOGFILEBASE=\"$(LOGFILEBASE)\" \ -DSHLIBEXT=\"@SHLIBEXT@\" \ -DCTDBDIR=\"$(CTDBDIR)\" \ + -DNCALRPCDIR=\"$(NCALRPCDIR)\" \ -DCONFIGDIR=\"$(CONFIGDIR)\" \ -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" \ -DCACHEDIR=\"$(CACHEDIR)\" \ diff --git a/source3/dynconfig.c b/source3/dynconfig.c index 3a54507599..6125f9944c 100644 --- a/source3/dynconfig.c +++ b/source3/dynconfig.c @@ -77,6 +77,7 @@ DEFINE_DYN_CONFIG_PARAM(MODULESDIR) DEFINE_DYN_CONFIG_PARAM(SHLIBEXT) DEFINE_DYN_CONFIG_PARAM(LOCKDIR) DEFINE_DYN_CONFIG_PARAM(PIDDIR) +DEFINE_DYN_CONFIG_PARAM(NCALRPCDIR) DEFINE_DYN_CONFIG_PARAM(SMB_PASSWD_FILE) DEFINE_DYN_CONFIG_PARAM(PRIVATE_DIR) diff --git a/source3/include/dynconfig.h b/source3/include/dynconfig.h index 758bde33cc..8267064f23 100644 --- a/source3/include/dynconfig.h +++ b/source3/include/dynconfig.h @@ -71,6 +71,10 @@ const char *get_dyn_PIDDIR(void); const char *set_dyn_PIDDIR(const char *newpath); bool is_default_dyn_PIDDIR(void); +const char *get_dyn_NCALRPCDIR(void); +const char *set_dyn_NCALRPCDIR(const char *newpath); +bool is_default_dyn_NCALRPCDIR(void); + const char *get_dyn_SMB_PASSWD_FILE(void); const char *set_dyn_SMB_PASSWD_FILE(const char *newpath); bool is_default_dyn_SMB_PASSWD_FILE(void); diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4 index 7aa8c213e0..40a97d3674 100644 --- a/source3/m4/check_path.m4 +++ b/source3/m4/check_path.m4 @@ -18,6 +18,7 @@ AC_PREFIX_DEFAULT(/usr/local/samba) rootsbindir="\${SBINDIR}" lockdir="\${VARDIR}/locks" piddir="\${VARDIR}/locks" +ncalrpcdir="\${VARDIR}/ncalrpc" test "${mandir}" || mandir="\${prefix}/man" logfilebase="\${VARDIR}" privatedir="\${prefix}/private" @@ -46,6 +47,7 @@ AC_ARG_WITH(fhs, codepagedir="\${MODULESDIR}" statedir="\${VARDIR}/lib/samba" cachedir="\${VARDIR}/lib/samba" + ncalrpcdir="\${VARDIR}/ncalrpc" AC_DEFINE(FHS_COMPATIBLE, 1, [Whether to use fully FHS-compatible paths]) ;; esac]) @@ -114,6 +116,22 @@ AC_ARG_WITH(piddir, ;; esac]) +################################################# +# set ncalrpc directory location +AC_ARG_WITH(ncalprcdir, +[AS_HELP_STRING([--with-ncalprcdir=DIR], [Where to put ncalrpc sockets ($ac_default_prefix/var/ncalrpc)])], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-ncalrpcdir called without argument - will use default]) + ;; + * ) + ncalrpcdir="$withval" + ;; + esac]) + ################################################# # set SWAT directory location AC_ARG_WITH(swatdir, @@ -227,6 +245,7 @@ AC_ARG_WITH(mandir, AC_SUBST(configdir) AC_SUBST(lockdir) AC_SUBST(piddir) +AC_SUBST(ncalrpcdir) AC_SUBST(logfilebase) AC_SUBST(ctdbdir) AC_SUBST(privatedir) -- cgit From 439086099ad97a49c93102af1e6edafabea64b6f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 22 Sep 2008 19:29:05 +0200 Subject: Add netlogond auth method This authenticates against a local running samba4 using SamLogonEx. We retrieve the machine password using samba4's mymachinepwd script and store the schannel key for re-use in secrets.tdb. --- source3/Makefile.in | 5 + source3/auth/auth_netlogond.c | 321 ++++++++++++++++++++++++++++++++++++++++++ source3/configure.in | 3 +- source3/include/proto.h | 2 + 4 files changed, 330 insertions(+), 1 deletion(-) create mode 100644 source3/auth/auth_netlogond.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 1bb2b87a4a..eb6a05cba5 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -638,6 +638,7 @@ AUTH_SERVER_OBJ = auth/auth_server.o AUTH_UNIX_OBJ = auth/auth_unix.o AUTH_WINBIND_OBJ = auth/auth_winbind.o AUTH_SCRIPT_OBJ = auth/auth_script.o +AUTH_NETLOGOND_OBJ = auth/auth_netlogond.o AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ auth/auth_compat.o auth/auth_ntlmssp.o \ @@ -2197,6 +2198,10 @@ bin/script.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SCRIPT_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_SCRIPT_OBJ) +bin/netlogond.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_NETLOGOND_OBJ) + @echo "Building plugin $@" + @$(SHLD_MODULE) $(AUTH_NETLOGOND_OBJ) + bin/smbserver.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_SERVER_OBJ) @echo "Building plugin $@" @$(SHLD_MODULE) $(AUTH_SERVER_OBJ) diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c new file mode 100644 index 0000000000..a57f3b74a3 --- /dev/null +++ b/source3/auth/auth_netlogond.c @@ -0,0 +1,321 @@ +/* + Unix SMB/CIFS implementation. + Authenticate against a netlogon pipe listening on a unix domain socket + Copyright (C) Volker Lendecke 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_AUTH + +static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx, + const struct auth_context *auth_context, + const char *ncalrpc_sockname, + uint8_t schannel_key[16], + const auth_usersupplied_info *user_info, + struct netr_SamInfo3 **pinfo3, + NTSTATUS *schannel_bind_result) +{ + struct rpc_pipe_client *p; + struct cli_pipe_auth_data *auth; + struct netr_SamInfo3 *info3 = NULL; + NTSTATUS status; + + *schannel_bind_result = NT_STATUS_OK; + + status = rpc_pipe_open_ncalrpc(talloc_tos(), ncalrpc_sockname, + &ndr_table_netlogon.syntax_id, &p); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpc_pipe_open_ncalrpc failed: %s\n", + nt_errstr(status))); + return status; + } + + status = rpccli_schannel_bind_data(p, lp_workgroup(), + PIPE_AUTH_LEVEL_PRIVACY, + schannel_key, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpccli_schannel_bind_data failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(p); + return status; + } + + status = rpc_pipe_bind(p, auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpc_pipe_bind failed: %s\n", nt_errstr(status))); + TALLOC_FREE(p); + *schannel_bind_result = status; + return status; + } + + /* + * We have to fake a struct dcinfo, so that + * rpccli_netlogon_sam_network_logon_ex can decrypt the session keys. + */ + + p->dc = talloc(p, struct dcinfo); + if (p->dc == NULL) { + DEBUG(0, ("talloc failed\n")); + TALLOC_FREE(p); + return NT_STATUS_NO_MEMORY; + } + + memcpy(p->dc->sess_key, schannel_key, 16); + + status = rpccli_netlogon_sam_network_logon_ex( + p, p, + user_info->logon_parameters,/* flags such as 'allow + * workstation logon' */ + global_myname(), /* server name */ + user_info->smb_name, /* user name logging on. */ + user_info->client_domain, /* domain name */ + user_info->wksta_name, /* workstation name */ + (uchar *)auth_context->challenge.data, /* 8 byte challenge. */ + user_info->lm_resp, /* lanman 24 byte response */ + user_info->nt_resp, /* nt 24 byte response */ + &info3); /* info3 out */ + + DEBUG(10, ("rpccli_netlogon_sam_network_logon_ex returned %s\n", + nt_errstr(status))); + + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(p); + return status; + } + + *pinfo3 = talloc_move(mem_ctx, &info3); + + TALLOC_FREE(p); + return NT_STATUS_OK; +} + +static char *mymachinepw(TALLOC_CTX *mem_ctx) +{ + fstring pwd; + const char *script; + char *to_free = NULL; + ssize_t nread; + int ret, fd; + + script = lp_parm_const_string( + GLOBAL_SECTION_SNUM, "auth_netlogond", "machinepwscript", + NULL); + + if (script == NULL) { + to_free = talloc_asprintf(talloc_tos(), "%s/%s", + get_dyn_SBINDIR(), "mymachinepw"); + script = to_free; + } + if (script == NULL) { + return NULL; + } + + ret = smbrun(script, &fd); + DEBUG(ret ? 0 : 3, ("mymachinepw: Running the command `%s' gave %d\n", + script, ret)); + TALLOC_FREE(to_free); + + if (ret != 0) { + return NULL; + } + + pwd[sizeof(pwd)-1] = '\0'; + + nread = read(fd, pwd, sizeof(pwd)-1); + close(fd); + + if (nread <= 0) { + DEBUG(3, ("mymachinepwd: Could not read password\n")); + return NULL; + } + + DEBUG(0, ("pwd: %d [%s]\n", (int)nread, pwd)); + + if (pwd[nread-1] == '\n') { + pwd[nread-1] = '\0'; + } + + return talloc_strdup(mem_ctx, pwd); +} + +static NTSTATUS check_netlogond_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + TALLOC_CTX *frame = talloc_stackframe(); + struct netr_SamInfo3 *info3 = NULL; + struct rpc_pipe_client *p; + struct cli_pipe_auth_data *auth; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + char *plaintext_machinepw; + uint8_t machine_password[16]; + uint8_t schannel_key[16]; + NTSTATUS schannel_bind_result, status; + struct named_mutex *mutex; + const char *ncalrpcsock; + + ncalrpcsock = lp_parm_const_string( + GLOBAL_SECTION_SNUM, "auth_netlogond", "socket", NULL); + + if (ncalrpcsock == NULL) { + ncalrpcsock = talloc_asprintf(talloc_tos(), "%s/%s", + get_dyn_NCALRPCDIR(), "DEFAULT"); + } + + if (ncalrpcsock == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + if (!secrets_fetch_local_schannel_key(schannel_key)) { + goto new_key; + } + + status = netlogond_validate(talloc_tos(), auth_context, ncalrpcsock, + schannel_key, user_info, &info3, + &schannel_bind_result); + + DEBUG(10, ("netlogond_validate returned %s\n", nt_errstr(status))); + + if (NT_STATUS_IS_OK(status)) { + goto okay; + } + + if (NT_STATUS_IS_OK(schannel_bind_result)) { + /* + * This is a real failure from the DC + */ + goto done; + } + + new_key: + + mutex = grab_named_mutex(talloc_tos(), "LOCAL_SCHANNEL_KEY", 60); + if (mutex == NULL) { + DEBUG(10, ("Could not get mutex LOCAL_SCHANNEL_KEY\n")); + status = NT_STATUS_ACCESS_DENIED; + goto done; + } + + DEBUG(10, ("schannel bind failed, setting up new key\n")); + + status = rpc_pipe_open_ncalrpc(talloc_tos(), ncalrpcsock, + &ndr_table_netlogon.syntax_id, &p); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpc_pipe_open_ncalrpc failed: %s\n", + nt_errstr(status))); + goto done; + } + + status = rpccli_anon_bind_data(p, &auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpccli_anon_bind_data failed: %s\n", + nt_errstr(status))); + goto done; + } + + status = rpc_pipe_bind(p, auth); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpc_pipe_bind failed: %s\n", nt_errstr(status))); + goto done; + } + + TALLOC_FREE(auth); + + plaintext_machinepw = mymachinepw(talloc_tos()); + if (plaintext_machinepw == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + E_md4hash(plaintext_machinepw, machine_password); + + TALLOC_FREE(plaintext_machinepw); + + status = rpccli_netlogon_setup_creds( + p, global_myname(), lp_workgroup(), global_myname(), + global_myname(), machine_password, SEC_CHAN_BDC, &neg_flags); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("rpccli_netlogon_setup_creds failed: %s\n", + nt_errstr(status))); + goto done; + } + + memcpy(schannel_key, p->dc->sess_key, 16); + secrets_store_local_schannel_key(schannel_key); + + TALLOC_FREE(p); + + /* + * Retry the authentication with the mutex held. This way nobody else + * can step on our toes. + */ + + status = netlogond_validate(talloc_tos(), auth_context, ncalrpcsock, + schannel_key, user_info, &info3, + &schannel_bind_result); + + DEBUG(10, ("netlogond_validate returned %s\n", nt_errstr(status))); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + okay: + + status = make_server_info_info3(mem_ctx, user_info->smb_name, + user_info->domain, server_info, + info3); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("make_server_info_info3 failed: %s\n", + nt_errstr(status))); + TALLOC_FREE(frame); + return status; + } + + status = NT_STATUS_OK; + + done: + TALLOC_FREE(frame); + return status; +} + +/* module initialisation */ +static NTSTATUS auth_init_netlogond(struct auth_context *auth_context, + const char *param, + auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return NT_STATUS_NO_MEMORY; + } + + (*auth_method)->name = "netlogond"; + (*auth_method)->auth = check_netlogond_security; + return NT_STATUS_OK; +} + +NTSTATUS auth_netlogond_init(void) +{ + smb_register_auth(AUTH_INTERFACE_VERSION, "netlogond", + auth_init_netlogond); + return NT_STATUS_OK; +} diff --git a/source3/configure.in b/source3/configure.in index 545a5653de..1eba4a0a58 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -404,7 +404,7 @@ AC_SUBST(DYNEXP) dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template" +default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template" dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer" @@ -6077,6 +6077,7 @@ SMB_MODULE(auth_server, \$(AUTH_SERVER_OBJ), "bin/smbserver.$SHLIBEXT", AUTH) SMB_MODULE(auth_domain, \$(AUTH_DOMAIN_OBJ), "bin/domain.$SHLIBEXT", AUTH) SMB_MODULE(auth_builtin, \$(AUTH_BUILTIN_OBJ), "bin/builtin.$SHLIBEXT", AUTH) SMB_MODULE(auth_script, \$(AUTH_SCRIPT_OBJ), "bin/script.$SHLIBEXT", AUTH) +SMB_MODULE(auth_netlogond, \$(AUTH_NETLOGOND_OBJ), "bin/netlogond.$SHLIBEXT", AUTH) SMB_SUBSYSTEM(AUTH,auth/auth.o) SMB_MODULE(vfs_default, \$(VFS_DEFAULT_OBJ), "bin/default.$SHLIBEXT", VFS) diff --git a/source3/include/proto.h b/source3/include/proto.h index 41544da8c9..30e309cd4e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -46,6 +46,8 @@ bool password_ok(const char *smb_name, DATA_BLOB password_blob); void attempt_machine_password_change(void); NTSTATUS auth_domain_init(void); +NTSTATUS auth_netlogond_init(void); + /* The following definitions come from auth/auth_ntlmssp.c */ NTSTATUS auth_ntlmssp_start(AUTH_NTLMSSP_STATE **auth_ntlmssp_state); -- cgit From 6aa8613b11b596fed115849262e96524b84a8fbe Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 6 Oct 2008 10:57:13 +0200 Subject: Log in the parent winbind log where a request is going --- source3/winbindd/winbindd_dual.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 1600f05eb1..f6a9c1f26d 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -120,6 +120,10 @@ void async_request(TALLOC_CTX *mem_ctx, struct winbindd_child *child, SMB_ASSERT(continuation != NULL); + DEBUG(10, ("Sending request to child pid %d (domain=%s)\n", + (int)child->pid, + (child->domain != NULL) ? child->domain->name : "''")); + state = TALLOC_P(mem_ctx, struct winbindd_async_request); if (state == NULL) { -- cgit From f4095b62a8030cb9d929bb113f3488f3917b8f9b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 6 Oct 2008 14:49:10 +0200 Subject: If name_to_fqdn fails, retry with the dns domain the DC gave us This is a workaround for the cases where you want to join under a netbios name that is different from your hostname, i.e. a name that can not be found in /etc/hosts or dns. In these cases, name_to_fqdn fails or gives invalid results. --- source3/libnet/libnet_join.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a39dee676f..ab8af0be6b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -357,10 +357,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, strupper_m(spn); spn_array[0] = spn; - if (name_to_fqdn(my_fqdn, r->in.machine_name) && - !strequal(my_fqdn, r->in.machine_name)) { + if (!name_to_fqdn(my_fqdn, r->in.machine_name) + || (strchr(my_fqdn, '.') == NULL)) { + fstr_sprintf(my_fqdn, "%s.%s", r->in.machine_name, + r->out.dns_domain_name); + } + + strlower_m(my_fqdn); - strlower_m(my_fqdn); + if (!strequal(my_fqdn, r->in.machine_name)) { spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); if (!spn) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); -- cgit From 999b69d176a967aad8b6a871632d1869757181aa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 1 Oct 2008 02:27:09 +0200 Subject: s4:gensec: pass down want_features to the spnego backend mech metze --- source4/auth/gensec/gensec.c | 8 +++++++- source4/auth/gensec/gensec.h | 2 ++ source4/auth/gensec/spnego.c | 15 +++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/source4/auth/gensec/gensec.c b/source4/auth/gensec/gensec.c index 0edb34d740..5d57383d2a 100644 --- a/source4/auth/gensec/gensec.c +++ b/source4/auth/gensec/gensec.c @@ -490,6 +490,7 @@ static NTSTATUS gensec_start(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(*gensec_security); (*gensec_security)->ops = NULL; + (*gensec_security)->private_data = NULL; ZERO_STRUCT((*gensec_security)->target); ZERO_STRUCT((*gensec_security)->peer_addr); @@ -525,6 +526,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx, (*gensec_security)->private_data = NULL; (*gensec_security)->subcontext = true; + (*gensec_security)->want_features = parent->want_features; (*gensec_security)->event_ctx = parent->event_ctx; (*gensec_security)->msg_ctx = parent->msg_ctx; (*gensec_security)->lp_ctx = parent->lp_ctx; @@ -1015,7 +1017,11 @@ _PUBLIC_ NTSTATUS gensec_update_recv(struct gensec_update_request *req, TALLOC_C _PUBLIC_ void gensec_want_feature(struct gensec_security *gensec_security, uint32_t feature) { - gensec_security->want_features |= feature; + if (!gensec_security->ops || !gensec_security->ops->want_feature) { + gensec_security->want_features |= feature; + return; + } + gensec_security->ops->want_feature(gensec_security, feature); } /** diff --git a/source4/auth/gensec/gensec.h b/source4/auth/gensec/gensec.h index 84fc26d127..0b31882ddd 100644 --- a/source4/auth/gensec/gensec.h +++ b/source4/auth/gensec/gensec.h @@ -133,6 +133,8 @@ struct gensec_security_ops { NTSTATUS (*session_key)(struct gensec_security *gensec_security, DATA_BLOB *session_key); NTSTATUS (*session_info)(struct gensec_security *gensec_security, struct auth_session_info **session_info); + void (*want_feature)(struct gensec_security *gensec_security, + uint32_t feature); bool (*have_feature)(struct gensec_security *gensec_security, uint32_t feature); bool enabled; diff --git a/source4/auth/gensec/spnego.c b/source4/auth/gensec/spnego.c index 1855e0583d..bf991616bd 100644 --- a/source4/auth/gensec/spnego.c +++ b/source4/auth/gensec/spnego.c @@ -1094,6 +1094,20 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA return NT_STATUS_INVALID_PARAMETER; } +static void gensec_spnego_want_feature(struct gensec_security *gensec_security, + uint32_t feature) +{ + struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data; + + if (!spnego_state || !spnego_state->sub_sec_security) { + gensec_security->want_features |= feature; + return; + } + + gensec_want_feature(spnego_state->sub_sec_security, + feature); +} + static bool gensec_spnego_have_feature(struct gensec_security *gensec_security, uint32_t feature) { @@ -1133,6 +1147,7 @@ static const struct gensec_security_ops gensec_spnego_security_ops = { .unwrap_packets = gensec_spnego_unwrap_packets, .session_key = gensec_spnego_session_key, .session_info = gensec_spnego_session_info, + .want_feature = gensec_spnego_want_feature, .have_feature = gensec_spnego_have_feature, .enabled = true, .priority = GENSEC_SPNEGO -- cgit From 9e492b1ba2ccf2d7c62ef7295b33260687e3aeae Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Oct 2008 19:39:53 +0200 Subject: s4:rpc_server: tell the gensec layer that we want to do header signing Note: header signing is still off by default, as the gensec backends don't support it together with seal yet. metze --- source4/rpc_server/dcesrv_auth.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source4/rpc_server/dcesrv_auth.c b/source4/rpc_server/dcesrv_auth.c index 52d5631cfd..bef7e4be78 100644 --- a/source4/rpc_server/dcesrv_auth.c +++ b/source4/rpc_server/dcesrv_auth.c @@ -95,6 +95,10 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call) return false; } + if (call->conn->state_flags & DCESRV_CALL_STATE_FLAG_HEADER_SIGNING) { + gensec_want_feature(auth->gensec_security, GENSEC_FEATURE_SIGN_PKT_HEADER); + } + return true; } -- cgit From 338f658a5a300e21cc69b1a84ebbdc7d63262448 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Mon, 6 Oct 2008 11:34:45 -0500 Subject: idmap_adex: Add log messages to dc_add_domain for easier debugging. Part of continue work on BUG 5806. --- source3/winbindd/idmap_adex/domain_util.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source3/winbindd/idmap_adex/domain_util.c b/source3/winbindd/idmap_adex/domain_util.c index ab31ccef7a..6851503cc8 100644 --- a/source3/winbindd/idmap_adex/domain_util.c +++ b/source3/winbindd/idmap_adex/domain_util.c @@ -49,6 +49,12 @@ static NTSTATUS dc_add_domain(const char *domain) NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct dc_info *dc = NULL; + if (!domain) { + return NT_STATUS_INVALID_PARAMETER; + } + + DEBUG(10,("dc_add_domain: Attempting to add domain %s\n", domain)); + /* Check for duplicates */ dc = dc_list_head(); @@ -73,6 +79,8 @@ static NTSTATUS dc_add_domain(const char *domain) nt_status = NT_STATUS_OK; + DEBUG(5,("dc_add_domain: Successfully added %s\n", domain)); + done: if (!NT_STATUS_IS_OK(nt_status)) { talloc_destroy(dc); -- cgit From 2a35985283be45adbba63b5d7ced8499bcb64f59 Mon Sep 17 00:00:00 2001 From: "Gerald (Jerry) Carter" Date: Mon, 6 Oct 2008 11:47:57 -0500 Subject: idmap_adex: Add more debugging to the basic search function. Log the dn of all located entries in order to verify search results. --- source3/winbindd/idmap_adex/likewise_cell.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source3/winbindd/idmap_adex/likewise_cell.c b/source3/winbindd/idmap_adex/likewise_cell.c index 77eeee406b..7723b3e015 100644 --- a/source3/winbindd/idmap_adex/likewise_cell.c +++ b/source3/winbindd/idmap_adex/likewise_cell.c @@ -389,6 +389,24 @@ done: status = ads_do_search(c->conn, search_base, scope, expr, attrs, msg); if (ADS_ERR_OK(status)) { + if (DEBUGLEVEL >= 10) { + LDAPMessage *e = NULL; + + int n = ads_count_replies(c->conn, *msg); + + DEBUG(10,("cell_do_search: Located %d entries\n", n)); + + for (e=ads_first_entry(c->conn, *msg); + e!=NULL; + e = ads_next_entry(c->conn, e)) + { + char *dn = ads_get_dn(c->conn, e); + + DEBUGADD(10,(" dn: %s\n", dn ? dn : "")); + SAFE_FREE(dn); + } + } + return status; } -- cgit From c412a930ad19da866503e6d8ccb71fb3191fc6d2 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:25:59 -0700 Subject: Fix Domain Trust creation with Windows 2008 (and many other tools) A dITConentRules attribute (unlike objectClasses) must not contain a 'SUP'. The ADSI layer in Windows would download the whole schema, and validate it. Thanks to the team at Microsoft for very long debugging session to find this. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 6884c5284e..e152f44b97 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -309,7 +309,11 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->lDAPDisplayName, (const char **)aux_class_list, NULL, - class->subClassOf, + NULL, /* Must not specify a + * SUP (subclass) in + * ditContentRules + * per MS-ADTS + * 3.1.1.3.1.1.1 */ -1, must_attr_list, may_attr_list); talloc_free(tmp_ctx); return schema_description; -- cgit From 7d9f18609b25463d306c0c150fe0da7f065860fd Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:36:04 -0700 Subject: Remove DESCRIPTION from generated schema lines. This is not permitted in the AD aggregate schema, and more trouble than it is worth in the OpenLDAP schema due to escaping issues. Andrew Bartlett --- source4/dsdb/schema/schema_description.c | 21 +-------------------- source4/utils/ad2oLschema.c | 14 ++++++++++---- 2 files changed, 11 insertions(+), 24 deletions(-) diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index e152f44b97..c3c37b4653 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -33,7 +33,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, const char *seperator, const char *oid, const char *name, - const char *description, const char *equality, const char *substring, const char *syntax, @@ -46,15 +45,6 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { -#if 0 - /* Need a way to escape ' characters from the description */ - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); -#endif - } - if (equality) { schema_entry = talloc_asprintf_append(schema_entry, "EQUALITY %s%s", equality, seperator); @@ -104,7 +94,7 @@ char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_att " ", attribute->attributeID_oid, attribute->lDAPDisplayName, - NULL, NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), + NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), attribute->isSingleValued, attribute->systemOnly); talloc_free(tmp_ctx); @@ -149,7 +139,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, const char *oid, const char *name, const char **auxillary_classes, - const char *description, const char *subClassOf, int objectClassCategory, char **must, @@ -164,12 +153,6 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, "NAME '%s'%s", name, seperator); IF_NULL_FAIL_RET(schema_entry); - if (description) { - schema_entry = talloc_asprintf_append(schema_entry, - "DESC '%s'%s", description, seperator); - IF_NULL_FAIL_RET(schema_entry); - } - if (auxillary_classes) { schema_entry = talloc_asprintf_append(schema_entry, "AUX ( "); @@ -262,7 +245,6 @@ char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class * " ", class->governsID_oid, class->lDAPDisplayName, - NULL, NULL, class->subClassOf, class->objectClassCategory, @@ -308,7 +290,6 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas class->governsID_oid, class->lDAPDisplayName, (const char **)aux_class_list, - NULL, NULL, /* Must not specify a * SUP (subclass) in * ditContentRules diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index 3c2ffe7a00..c579112b45 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -221,7 +221,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch for (attribute=schema->attributes; attribute; attribute = attribute->next) { const char *name = attribute->lDAPDisplayName; - const char *description = attribute->adminDescription; const char *oid = attribute->attributeID_oid; const char *syntax = attribute->attributeSyntax_oid; const char *equality = NULL, *substring = NULL; @@ -270,7 +269,16 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch } } - schema_entry = schema_attribute_description(mem_ctx, target, seperator, oid, name, description, equality, substring, syntax, single_value, false); + schema_entry = schema_attribute_description(mem_ctx, + target, + seperator, + oid, + name, + equality, + substring, + syntax, + single_value, + false); if (schema_entry == NULL) { ret.failures++; @@ -291,7 +299,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch /* This is already sorted to have 'top' and similar classes first */ for (objectclass=schema->classes; objectclass; objectclass = objectclass->next) { const char *name = objectclass->lDAPDisplayName; - const char *description = objectclass->adminDescription; const char *oid = objectclass->governsID_oid; const char *subClassOf = objectclass->subClassOf; int objectClassCategory = objectclass->objectClassCategory; @@ -356,7 +363,6 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch oid, name, NULL, - description, subClassOf, objectClassCategory, must, -- cgit From c0240d78351e489c5aca7e729aac045157080088 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 4 Oct 2008 10:25:46 -0700 Subject: Remove compleatly bogus rename test in partitions module. --- source4/dsdb/samdb/ldb_modules/partition.c | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c index 8e4483a78e..b452b66d56 100644 --- a/source4/dsdb/samdb/ldb_modules/partition.c +++ b/source4/dsdb/samdb/ldb_modules/partition.c @@ -589,7 +589,6 @@ static int partition_delete(struct ldb_module *module, struct ldb_request *req) /* rename */ static int partition_rename(struct ldb_module *module, struct ldb_request *req) { - int i, matched = -1; /* Find backend */ struct dsdb_control_current_partition *backend, *backend2; @@ -619,22 +618,6 @@ static int partition_rename(struct ldb_module *module, struct ldb_request *req) return LDB_ERR_AFFECTS_MULTIPLE_DSAS; } - for (i=0; data && data->partitions && data->partitions[i]; i++) { - if (ldb_dn_compare_base(data->partitions[i]->dn, req->op.rename.olddn) == 0) { - matched = i; - } - } - - if (matched > 0) { - ldb_asprintf_errstring(module->ldb, - "Cannot rename from %s to %s, subtree rename would cross partition %s: %s", - ldb_dn_get_linearized(req->op.rename.olddn), - ldb_dn_get_linearized(req->op.rename.newdn), - ldb_dn_get_linearized(data->partitions[matched]->dn), - ldb_strerror(LDB_ERR_AFFECTS_MULTIPLE_DSAS)); - return LDB_ERR_AFFECTS_MULTIPLE_DSAS; - } - return partition_replicate(module, req, req->op.rename.olddn); } -- cgit From 8256717c766fb8e145c2f4b5acb3502f4d7c57d9 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 30 Sep 2008 14:24:58 -0700 Subject: Implement 'type unknown' names in the CrackNames code. This guesses the type by running each of the possible options. Andrew Bartlett --- source4/dsdb/samdb/cracknames.c | 58 ++++++++++++++++++++++++++------ source4/librpc/idl/drsuapi.idl | 2 +- source4/torture/rpc/drsuapi_cracknames.c | 1 + 3 files changed, 50 insertions(+), 11 deletions(-) diff --git a/source4/dsdb/samdb/cracknames.c b/source4/dsdb/samdb/cracknames.c index e02e8d81a6..ca87159c58 100644 --- a/source4/dsdb/samdb/cracknames.c +++ b/source4/dsdb/samdb/cracknames.c @@ -356,15 +356,7 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, const char *result_filter = NULL; struct ldb_dn *name_dn = NULL; - struct smb_krb5_context *smb_krb5_context; - ret = smb_krb5_init_context(mem_ctx, - ldb_get_event_context(sam_ctx), - (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), - &smb_krb5_context); - - if (ret) { - return WERR_NOMEM; - } + struct smb_krb5_context *smb_krb5_context = NULL; info1->status = DRSUAPI_DS_NAME_STATUS_RESOLVE_ERROR; info1->dns_domain_name = NULL; @@ -380,6 +372,30 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, /* here we need to set the domain_filter and/or the result_filter */ switch (format_offered) { + case DRSUAPI_DS_NAME_FORMAT_UNKNOWN: + { + int i; + enum drsuapi_DsNameFormat formats[] = { + DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL, + DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_CANONICAL, + DRSUAPI_DS_NAME_FORMAT_GUID, DRSUAPI_DS_NAME_FORMAT_DISPLAY, + DRSUAPI_DS_NAME_FORMAT_SERVICE_PRINCIPAL, + DRSUAPI_DS_NAME_FORMAT_SID_OR_SID_HISTORY, + DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX + }; + WERROR werr; + for (i=0; i < ARRAY_SIZE(formats); i++) { + werr = DsCrackNameOneName(sam_ctx, mem_ctx, format_flags, formats[i], format_desired, name, info1); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + if (info1->status != DRSUAPI_DS_NAME_STATUS_NOT_FOUND) { + return werr; + } + } + return werr; + } + case DRSUAPI_DS_NAME_FORMAT_CANONICAL: case DRSUAPI_DS_NAME_FORMAT_CANONICAL_EX: { @@ -534,6 +550,16 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, case DRSUAPI_DS_NAME_FORMAT_USER_PRINCIPAL: { krb5_principal principal; char *unparsed_name; + + ret = smb_krb5_init_context(mem_ctx, + ldb_get_event_context(sam_ctx), + (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), + &smb_krb5_context); + + if (ret) { + return WERR_NOMEM; + } + ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal); if (ret) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -560,6 +586,16 @@ WERROR DsCrackNameOneName(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ctx, krb5_principal principal; char *unparsed_name_short; char *service; + + ret = smb_krb5_init_context(mem_ctx, + ldb_get_event_context(sam_ctx), + (struct loadparm_context *)ldb_get_opaque(sam_ctx, "loadparm"), + &smb_krb5_context); + + if (ret) { + return WERR_NOMEM; + } + ret = krb5_parse_name(smb_krb5_context->krb5_context, name, &principal); if (ret == 0 && principal->name.name_string.len < 2) { info1->status = DRSUAPI_DS_NAME_STATUS_NOT_FOUND; @@ -1265,7 +1301,7 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx, const char **nt4_domain, const char **nt4_account) { - uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UKNOWN; + uint32_t format_offered = DRSUAPI_DS_NAME_FORMAT_UNKNOWN; /* Handle anonymous bind */ if (!name || !*name) { @@ -1282,6 +1318,8 @@ NTSTATUS crack_auto_name_to_nt4_name(TALLOC_CTX *mem_ctx, format_offered = DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT; } else if (strchr_m(name, '/')) { format_offered = DRSUAPI_DS_NAME_FORMAT_CANONICAL; + } else { + return NT_STATUS_NO_SUCH_USER; } return crack_name_to_nt4_name(mem_ctx, ev_ctx, lp_ctx, format_offered, name, nt4_domain, nt4_account); diff --git a/source4/librpc/idl/drsuapi.idl b/source4/librpc/idl/drsuapi.idl index 76858b2d5c..a41bc9cf19 100644 --- a/source4/librpc/idl/drsuapi.idl +++ b/source4/librpc/idl/drsuapi.idl @@ -877,7 +877,7 @@ interface drsuapi } drsuapi_DsNameFlags; typedef [v1_enum] enum { - DRSUAPI_DS_NAME_FORMAT_UKNOWN = 0, + DRSUAPI_DS_NAME_FORMAT_UNKNOWN = 0, DRSUAPI_DS_NAME_FORMAT_FQDN_1779 = 1, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT = 2, DRSUAPI_DS_NAME_FORMAT_DISPLAY = 3, diff --git a/source4/torture/rpc/drsuapi_cracknames.c b/source4/torture/rpc/drsuapi_cracknames.c index fbda69df57..a9a614953d 100644 --- a/source4/torture/rpc/drsuapi_cracknames.c +++ b/source4/torture/rpc/drsuapi_cracknames.c @@ -39,6 +39,7 @@ static bool test_DsCrackNamesMatrix(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, bool ret = true; struct drsuapi_DsCrackNames r; enum drsuapi_DsNameFormat formats[] = { + DRSUAPI_DS_NAME_FORMAT_UNKNOWN, DRSUAPI_DS_NAME_FORMAT_FQDN_1779, DRSUAPI_DS_NAME_FORMAT_NT4_ACCOUNT, DRSUAPI_DS_NAME_FORMAT_DISPLAY, -- cgit From 8cdb3ebe27814629cb17d2a438c89780c5cecfdf Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:10:11 -0700 Subject: Clarify use of manual parsers in trustInOutBlob (drsblobs.idl) --- source4/librpc/idl/drsblobs.idl | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source4/librpc/idl/drsblobs.idl b/source4/librpc/idl/drsblobs.idl index 31fe8a359e..4274d2000a 100644 --- a/source4/librpc/idl/drsblobs.idl +++ b/source4/librpc/idl/drsblobs.idl @@ -409,21 +409,23 @@ interface drsblobs { [size_is(1)] AuthenticationInformation array[]; } AuthenticationInformationArray; + /* This is nopull,nopush because we pass count down to the + * manual parser of AuthenticationInformationArray */ typedef [public,nopull,nopush,noprint,gensize] struct { uint32 count; [relative] AuthenticationInformationArray *current; [relative] AuthenticationInformationArray *previous; } trustAuthInOutBlob; + void decode_trustAuthInOut( + [in] trustAuthInOutBlob blob + ); + typedef [public,gensize] struct { uint32 count; [relative] AuthenticationInformation *current[count]; } trustCurrentPasswords; - void decode_trustAuthInOut( - [in] trustAuthInOutBlob blob - ); - typedef [public,nopull] struct { uint8 confounder[512]; [subcontext(0),subcontext_size(outgoing_size)] trustCurrentPasswords outgoing; -- cgit From 8e1c0470d72ca85d837bbdd4aec0ca2f27a7a29f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:10:35 -0700 Subject: Add in secure channel type used by AD trusts --- source4/librpc/idl/misc.idl | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source4/librpc/idl/misc.idl b/source4/librpc/idl/misc.idl index 8331977398..791b86466c 100644 --- a/source4/librpc/idl/misc.idl +++ b/source4/librpc/idl/misc.idl @@ -30,9 +30,11 @@ interface misc /* Only SEC_CHAN_WKSTA can forward requests to other domains. */ typedef [public] enum { - SEC_CHAN_WKSTA = 2, - SEC_CHAN_DOMAIN = 4, - SEC_CHAN_BDC = 6 + SEC_CHAN_NULL = 0, + SEC_CHAN_WKSTA = 2, + SEC_CHAN_DNS_DOMAIN = 3, + SEC_CHAN_DOMAIN = 4, + SEC_CHAN_BDC = 6 } netr_SchannelType; /* SAM database types */ -- cgit From 99d0eb4fb701c500f0175ca9a38482160bdb08e4 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:11:11 -0700 Subject: Make RPC-LSA test for enumeration conditions more strict --- source4/torture/rpc/lsa.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/source4/torture/rpc/lsa.c b/source4/torture/rpc/lsa.c index efbdecab13..245ed1e41b 100644 --- a/source4/torture/rpc/lsa.c +++ b/source4/torture/rpc/lsa.c @@ -1899,7 +1899,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { - return true; + if (domains.count == 0) { + return true; + } + printf("EnumTrustDom failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n"); + return false; } else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) { /* Windows 2003 gets this off by one on the first run */ if (r.out.domains->count < 3 || r.out.domains->count > 4) { @@ -1950,7 +1954,11 @@ static bool test_EnumTrustDom(struct dcerpc_pipe *p, /* NO_MORE_ENTRIES is allowed */ if (NT_STATUS_EQUAL(enum_status, NT_STATUS_NO_MORE_ENTRIES)) { - return true; + if (domains_ex.count == 0) { + return true; + } + printf("EnumTrustDomainsEx failed - should have returned 0 trusted domains with 'NT_STATUS_NO_MORE_ENTRIES'\n"); + return false; } else if (NT_STATUS_EQUAL(enum_status, STATUS_MORE_ENTRIES)) { /* Windows 2003 gets this off by one on the first run */ if (r_ex.out.domains->count < 3 || r_ex.out.domains->count > 4) { @@ -2115,7 +2123,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, /* Try different trust types too */ - /* 1 == downleven (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */ + /* 1 == downlevel (NT4), 2 == uplevel (ADS), 3 == MIT (kerberos but not AD) */ trustinfo.trust_type = (((i / 3) + 1) % 3) + 1; trustinfo.trust_attributes = LSA_TRUST_ATTRIBUTE_USES_RC4_ENCRYPTION; @@ -2160,6 +2168,7 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, printf("QueryTrustedDomainInfo level 1 failed - %s\n", nt_errstr(status)); ret = false; } else if (!q.out.info) { + printf("QueryTrustedDomainInfo level 1 failed to return an info pointer\n"); ret = false; } else { if (strcmp(q.out.info->info_ex.netbios_name.string, trustinfo.netbios_name.string) != 0) { @@ -2188,11 +2197,13 @@ static bool test_CreateTrustedDomainEx2(struct dcerpc_pipe *p, /* now that we have some domains to look over, we can test the enum calls */ if (!test_EnumTrustDom(p, mem_ctx, handle)) { + printf("test_EnumTrustDom failed\n"); ret = false; } for (i=0; i<12; i++) { if (!test_DeleteTrustedDomainBySid(p, mem_ctx, handle, domsid[i])) { + printf("test_DeleteTrustedDomainBySid failed\n"); ret = false; } } -- cgit From 1a29fd1cf5436c850c7de180668a7a33f9b034d8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:12:15 -0700 Subject: Store trusted domain passwords in the LSA server --- source4/rpc_server/lsa/dcesrv_lsa.c | 68 ++++++++++++++++++++++++++++++++++--- 1 file changed, 64 insertions(+), 4 deletions(-) diff --git a/source4/rpc_server/lsa/dcesrv_lsa.c b/source4/rpc_server/lsa/dcesrv_lsa.c index 5e3be84cc5..836fd8dc62 100644 --- a/source4/rpc_server/lsa/dcesrv_lsa.c +++ b/source4/rpc_server/lsa/dcesrv_lsa.c @@ -727,13 +727,46 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } + + if (op == NDR_LSA_CREATETRUSTEDDOMAINEX) { + if (auth_struct.incoming.count > 1) { + return NT_STATUS_INVALID_PARAMETER; + } + } } if (auth_struct.incoming.count) { + int i; + struct trustAuthInOutBlob incoming; + + incoming.count = auth_struct.incoming.count; + incoming.current = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!incoming.current) { + return NT_STATUS_NO_MEMORY; + } + + incoming.current->array = *auth_struct.incoming.current; + if (!incoming.current->array) { + return NT_STATUS_NO_MEMORY; + } + + incoming.previous = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!incoming.previous) { + return NT_STATUS_NO_MEMORY; + } + incoming.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, incoming.count); + if (!incoming.previous->array) { + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i < incoming.count; i++) { + incoming.previous->array[i].LastUpdateTime = 0; + incoming.previous->array[i].AuthType = 0; + } ndr_err = ndr_push_struct_blob(&trustAuthIncoming, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - &auth_struct.incoming, - (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); + &incoming, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } @@ -742,10 +775,37 @@ static NTSTATUS dcesrv_lsa_CreateTrustedDomain_base(struct dcesrv_call_state *dc } if (auth_struct.outgoing.count) { + int i; + struct trustAuthInOutBlob outgoing; + + outgoing.count = auth_struct.outgoing.count; + outgoing.current = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!outgoing.current) { + return NT_STATUS_NO_MEMORY; + } + + outgoing.current->array = *auth_struct.outgoing.current; + if (!outgoing.current->array) { + return NT_STATUS_NO_MEMORY; + } + + outgoing.previous = talloc(mem_ctx, struct AuthenticationInformationArray); + if (!outgoing.previous) { + return NT_STATUS_NO_MEMORY; + } + outgoing.previous->array = talloc_array(mem_ctx, struct AuthenticationInformation, outgoing.count); + if (!outgoing.previous->array) { + return NT_STATUS_NO_MEMORY; + } + + for (i = 0; i < outgoing.count; i++) { + outgoing.previous->array[i].LastUpdateTime = 0; + outgoing.previous->array[i].AuthType = 0; + } ndr_err = ndr_push_struct_blob(&trustAuthOutgoing, mem_ctx, lp_iconv_convenience(dce_call->conn->dce_ctx->lp_ctx), - &auth_struct.outgoing, - (ndr_push_flags_fn_t)ndr_push_trustDomainPasswords); + &outgoing, + (ndr_push_flags_fn_t)ndr_push_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { return NT_STATUS_INVALID_PARAMETER; } -- cgit From 320d402180ac2d8505aec2664feaddbd63e5b17e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 13:31:22 -0700 Subject: Start implementing AD-style trusted domains in Samba4's NETLOGON server --- source4/rpc_server/netlogon/dcerpc_netlogon.c | 52 +++++++++++++++++++++++++-- 1 file changed, 50 insertions(+), 2 deletions(-) diff --git a/source4/rpc_server/netlogon/dcerpc_netlogon.c b/source4/rpc_server/netlogon/dcerpc_netlogon.c index d5f7d2afae..b948d1210e 100644 --- a/source4/rpc_server/netlogon/dcerpc_netlogon.c +++ b/source4/rpc_server/netlogon/dcerpc_netlogon.c @@ -87,6 +87,9 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca const char *attrs[] = {"unicodePwd", "userAccountControl", "objectSid", NULL}; + const char *trust_dom_attrs[] = {"flatname", NULL}; + const char *account_name; + ZERO_STRUCTP(r->out.credentials); *r->out.rid = 0; *r->out.negotiate_flags = *r->in.negotiate_flags; @@ -101,10 +104,54 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca if (sam_ctx == NULL) { return NT_STATUS_INVALID_SYSTEM_SERVICE; } + + if (r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) { + char *encoded_account = ldb_binary_encode_string(mem_ctx, r->in.account_name); + char *flatname; + if (!encoded_account) { + return NT_STATUS_NO_MEMORY; + } + + /* Kill the trailing dot */ + if (encoded_account[strlen(encoded_account)-1] == '.') { + encoded_account[strlen(encoded_account)-1] = '\0'; + } + + /* pull the user attributes */ + num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, trust_dom_attrs, + "(&(trustPartner=%s)(objectclass=trustedDomain))", + encoded_account); + + if (num_records == 0) { + DEBUG(3,("Couldn't find trust [%s] in samdb.\n", + encoded_account)); + return NT_STATUS_ACCESS_DENIED; + } + + if (num_records > 1) { + DEBUG(0,("Found %d records matching user [%s]\n", num_records, r->in.account_name)); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + flatname = ldb_msg_find_attr_as_string(msgs[0], "flatname", NULL); + if (!flatname) { + /* No flatname for this trust - we can't proceed */ + return NT_STATUS_ACCESS_DENIED; + } + account_name = talloc_asprintf(mem_ctx, "%s$", flatname); + + if (!account_name) { + return NT_STATUS_NO_MEMORY; + } + + } else { + account_name = r->in.account_name; + } + /* pull the user attributes */ num_records = gendb_search(sam_ctx, mem_ctx, NULL, &msgs, attrs, "(&(sAMAccountName=%s)(objectclass=user))", - r->in.account_name); + ldb_binary_encode_string(mem_ctx, account_name)); if (num_records == 0) { DEBUG(3,("Couldn't find user [%s] in samdb.\n", @@ -130,7 +177,8 @@ static NTSTATUS dcesrv_netr_ServerAuthenticate3(struct dcesrv_call_state *dce_ca DEBUG(1, ("Client asked for a workstation secure channel, but is not a workstation (member server) acb flags: 0x%x\n", user_account_control)); return NT_STATUS_ACCESS_DENIED; } - } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN) { + } else if (r->in.secure_channel_type == SEC_CHAN_DOMAIN || + r->in.secure_channel_type == SEC_CHAN_DNS_DOMAIN) { if (!(user_account_control & UF_INTERDOMAIN_TRUST_ACCOUNT)) { DEBUG(1, ("Client asked for a trusted domain secure channel, but is not a trusted domain: acb flags: 0x%x\n", user_account_control)); -- cgit From 912209ac84395ef0e2fca0556b1e4bec34367b5c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 1 Oct 2008 16:00:33 -0700 Subject: Use the trust password version as kvno for trusts in Kerberos. --- source4/kdc/hdb-samba4.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index d7317f17d4..818c4a12fd 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -717,6 +717,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, enum ndr_err_code ndr_err; int i, ret, trust_direction_flags; + uint32_t kvno; private = talloc(mem_ctx, struct hdb_ldb_private); if (!private) { @@ -764,6 +765,12 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } + for (i=0; i < password_blob.count; i++) { + if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) { + entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version; + } + } + for (i=0; i < password_blob.count; i++) { if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_CLEAR) { password_utf16 = data_blob_const(password_blob.current->array[i].AuthInfo.clear.password, -- cgit From 6a5547742f0b87017e4d21c80ec8facece6688d0 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 2 Oct 2008 11:29:34 -0700 Subject: Allow the PAC to be passed along during cross-realm authentication --- source4/heimdal/kdc/krb5tgs.c | 34 ++++++++++++++++------------------ 1 file changed, 16 insertions(+), 18 deletions(-) diff --git a/source4/heimdal/kdc/krb5tgs.c b/source4/heimdal/kdc/krb5tgs.c index 19dff5e01d..d557da2a5b 100644 --- a/source4/heimdal/kdc/krb5tgs.c +++ b/source4/heimdal/kdc/krb5tgs.c @@ -1393,6 +1393,8 @@ tgs_build_reply(krb5_context context, char opt_str[128]; int signedpath = 0; + Key *tkey; + memset(&sessionkey, 0, sizeof(sessionkey)); memset(&adtkt, 0, sizeof(adtkt)); krb5_data_zero(&rspac); @@ -1630,26 +1632,22 @@ server_lookup: } /* check PAC if not cross realm and if there is one */ - if (!cross_realm) { - Key *tkey; - - ret = hdb_enctype2key(context, &krbtgt->entry, - krbtgt_etype, &tkey); - if(ret) { - kdc_log(context, config, 0, + ret = hdb_enctype2key(context, &krbtgt->entry, + krbtgt_etype, &tkey); + if(ret) { + kdc_log(context, config, 0, "Failed to find key for krbtgt PAC check"); - goto out; - } + goto out; + } - ret = check_PAC(context, config, cp, - client, server, ekey, &tkey->key, - tgt, &rspac, &signedpath); - if (ret) { - kdc_log(context, config, 0, - "Verify PAC failed for %s (%s) from %s with %s", - spn, cpn, from, krb5_get_err_text(context, ret)); - goto out; - } + ret = check_PAC(context, config, cp, + client, server, ekey, &tkey->key, + tgt, &rspac, &signedpath); + if (ret) { + kdc_log(context, config, 0, + "Verify PAC failed for %s (%s) from %s with %s", + spn, cpn, from, krb5_get_err_text(context, ret)); + goto out; } /* also check the krbtgt for signature */ -- cgit From c3b28c7a81c04a0f019b6c1e543a65d6d48b0b2c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 2 Oct 2008 11:30:14 -0700 Subject: Fix cross-realm authentication in Samba4's KDC. --- source4/kdc/hdb-samba4.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 818c4a12fd..5b7f55822e 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -758,7 +758,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } - ndr_err = ndr_pull_struct_blob_all(password_val, mem_ctx, private->iconv_convenience, &password_blob, + ndr_err = ndr_pull_struct_blob(password_val, mem_ctx, private->iconv_convenience, &password_blob, (ndr_pull_flags_fn_t)ndr_pull_trustAuthInOutBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { ret = EINVAL; @@ -813,6 +813,8 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, entry_ex->entry.keys.len++; } + entry_ex->entry.principal = malloc(sizeof(*(entry_ex->entry.principal))); + ret = copy_Principal(principal, entry_ex->entry.principal); if (ret) { krb5_clear_error_string(context); @@ -1155,7 +1157,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, principal, HDB_SAMBA4_ENT_TYPE_KRBTGT, msg[0], realm_ref_msg_1[0], entry_ex); if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); + krb5_warnx(context, "LDB_fetch: self krbtgt message2entry failed"); } return ret; @@ -1193,7 +1195,7 @@ static krb5_error_code LDB_fetch_krbtgt(krb5_context context, HDB *db, principal, direction, msg[0], entry_ex); if (ret != 0) { - krb5_warnx(context, "LDB_fetch: message2entry failed"); + krb5_warnx(context, "LDB_fetch: trust_message2entry failed"); } return ret; -- cgit From e0a4d7f467d9727563adaaa97961edd06886490e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 3 Oct 2008 16:36:49 -0700 Subject: Set default trust kvno to -1 --- source4/kdc/hdb-samba4.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c index 5b7f55822e..51f464cd09 100644 --- a/source4/kdc/hdb-samba4.c +++ b/source4/kdc/hdb-samba4.c @@ -717,7 +717,6 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, enum ndr_err_code ndr_err; int i, ret, trust_direction_flags; - uint32_t kvno; private = talloc(mem_ctx, struct hdb_ldb_private); if (!private) { @@ -765,6 +764,7 @@ static krb5_error_code LDB_trust_message2entry(krb5_context context, HDB *db, goto out; } + entry_ex->entry.kvno = -1; for (i=0; i < password_blob.count; i++) { if (password_blob.current->array[i].AuthType == TRUST_AUTH_TYPE_VERSION) { entry_ex->entry.kvno = password_blob.current->array[i].AuthInfo.version.version; -- cgit From f19086872ec734fff3f2119712ff24117bec4e5e Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 6 Oct 2008 16:41:46 -0700 Subject: Fixed "declaration shadows global declaration" warnings. The patch simply uses a more descriptive variable name for tcp_seq. ../lib/socket_wrapper/socket_wrapper.c:753: warning: declaration of 'tcp_seq' shadows a global declaration /usr/include/netinet/tcp.h:40: warning: shadowed declaration is here ../lib/socket_wrapper/socket_wrapper.c: In function `swrap_marshall_packet': ../lib/socket_wrapper/socket_wrapper.c:919: warning: declaration of 'tcp_seq' shadows a global declaration /usr/include/netinet/tcp.h:40: warning: shadowed declaration is here --- lib/socket_wrapper/socket_wrapper.c | 38 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/lib/socket_wrapper/socket_wrapper.c b/lib/socket_wrapper/socket_wrapper.c index e8d27adc37..ecb6142cfc 100644 --- a/lib/socket_wrapper/socket_wrapper.c +++ b/lib/socket_wrapper/socket_wrapper.c @@ -750,7 +750,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval, int socket_type, const unsigned char *payload, size_t payload_len, - unsigned long tcp_seq, + unsigned long tcp_seq_num, unsigned long tcp_ack, unsigned char tcp_ctl, int unreachable, @@ -852,7 +852,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval, case SOCK_STREAM: packet->ip.p.tcp.source_port = src_port; packet->ip.p.tcp.dest_port = dest_port; - packet->ip.p.tcp.seq_num = htonl(tcp_seq); + packet->ip.p.tcp.seq_num = htonl(tcp_seq_num); packet->ip.p.tcp.ack_num = htonl(tcp_ack); packet->ip.p.tcp.hdr_length = 0x50; /* 5 * 32 bit words */ packet->ip.p.tcp.control = tcp_ctl; @@ -916,7 +916,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, { const struct sockaddr_in *src_addr; const struct sockaddr_in *dest_addr; - unsigned long tcp_seq = 0; + unsigned long tcp_seq_num = 0; unsigned long tcp_ack = 0; unsigned char tcp_ctl = 0; int unreachable = 0; @@ -937,7 +937,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x02; /* SYN */ @@ -951,7 +951,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x12; /** SYN,ACK */ @@ -966,7 +966,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)addr; /* Unreachable: resend the data of SWRAP_CONNECT_SEND */ - tcp_seq = si->io.pck_snd - 1; + tcp_seq_num = si->io.pck_snd - 1; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x02; /* SYN */ unreachable = 1; @@ -979,7 +979,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x10; /* ACK */ @@ -991,7 +991,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x02; /* SYN */ @@ -1005,7 +1005,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x12; /* SYN,ACK */ @@ -1019,7 +1019,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x10; /* ACK */ @@ -1029,7 +1029,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x18; /* PSH,ACK */ @@ -1047,7 +1047,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, buf, len, packet_len); } - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /** RST,ACK */ @@ -1061,7 +1061,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return NULL; } - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /* RST,ACK */ @@ -1071,7 +1071,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)si->peername; - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x18; /* PSH,ACK */ @@ -1087,7 +1087,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return NULL; } - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /* RST,ACK */ @@ -1123,7 +1123,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x11; /* FIN, ACK */ @@ -1137,7 +1137,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)si->peername; - tcp_seq = si->io.pck_rcv; + tcp_seq_num = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x11; /* FIN,ACK */ @@ -1151,7 +1151,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq = si->io.pck_snd; + tcp_seq_num = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x10; /* ACK */ @@ -1164,7 +1164,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return swrap_packet_init(&tv, src_addr, dest_addr, si->type, (const unsigned char *)buf, len, - tcp_seq, tcp_ack, tcp_ctl, unreachable, + tcp_seq_num, tcp_ack, tcp_ctl, unreachable, packet_len); } -- cgit From cde1b09d68e496f8f531336088433e9546b2864d Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 6 Oct 2008 17:09:48 -0700 Subject: Fixed build warning "passing arg from incompatible pointer type" The fix explicitly makes the conversion from timeval to time_t using the existing time utility functions. Compiling modules/vfs_smb_traffic_analyzer.c modules/vfs_smb_traffic_analyzer.c: In function `smb_traffic_analyzer_send_data': modules/vfs_smb_traffic_analyzer.c:173: warning: passing arg 1 of `localtime' from incompatible pointer type --- source3/modules/vfs_smb_traffic_analyzer.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_smb_traffic_analyzer.c b/source3/modules/vfs_smb_traffic_analyzer.c index ff61768495..9b4c1b3e25 100644 --- a/source3/modules/vfs_smb_traffic_analyzer.c +++ b/source3/modules/vfs_smb_traffic_analyzer.c @@ -156,6 +156,7 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, { struct refcounted_sock *rf_sock = NULL; struct timeval tv; + time_t tv_sec; struct tm *tm = NULL; int seconds; char *str = NULL; @@ -170,7 +171,8 @@ static void smb_traffic_analyzer_send_data(vfs_handle_struct *handle, } GetTimeOfDay(&tv); - tm=localtime(&tv.tv_sec); + tv_sec = convert_timespec_to_time_t(convert_timeval_to_timespec(tv)); + tm = localtime(&tv_sec); if (!tm) { return; } -- cgit From abf00f710dc3a4b3fab8058a4c4f0df37b1baac4 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 7 Oct 2008 10:56:30 -0700 Subject: Changed variable name from f19086872ec734fff3f2119712ff24117bec4e5e to match v3-[23]-test --- lib/socket_wrapper/socket_wrapper.c | 38 ++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/lib/socket_wrapper/socket_wrapper.c b/lib/socket_wrapper/socket_wrapper.c index ecb6142cfc..9d61976950 100644 --- a/lib/socket_wrapper/socket_wrapper.c +++ b/lib/socket_wrapper/socket_wrapper.c @@ -750,7 +750,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval, int socket_type, const unsigned char *payload, size_t payload_len, - unsigned long tcp_seq_num, + unsigned long tcp_seqno, unsigned long tcp_ack, unsigned char tcp_ctl, int unreachable, @@ -852,7 +852,7 @@ static struct swrap_packet *swrap_packet_init(struct timeval *tval, case SOCK_STREAM: packet->ip.p.tcp.source_port = src_port; packet->ip.p.tcp.dest_port = dest_port; - packet->ip.p.tcp.seq_num = htonl(tcp_seq_num); + packet->ip.p.tcp.seq_num = htonl(tcp_seqno); packet->ip.p.tcp.ack_num = htonl(tcp_ack); packet->ip.p.tcp.hdr_length = 0x50; /* 5 * 32 bit words */ packet->ip.p.tcp.control = tcp_ctl; @@ -916,7 +916,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, { const struct sockaddr_in *src_addr; const struct sockaddr_in *dest_addr; - unsigned long tcp_seq_num = 0; + unsigned long tcp_seqno = 0; unsigned long tcp_ack = 0; unsigned char tcp_ctl = 0; int unreachable = 0; @@ -937,7 +937,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x02; /* SYN */ @@ -951,7 +951,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x12; /** SYN,ACK */ @@ -966,7 +966,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)addr; /* Unreachable: resend the data of SWRAP_CONNECT_SEND */ - tcp_seq_num = si->io.pck_snd - 1; + tcp_seqno = si->io.pck_snd - 1; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x02; /* SYN */ unreachable = 1; @@ -979,7 +979,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x10; /* ACK */ @@ -991,7 +991,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x02; /* SYN */ @@ -1005,7 +1005,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x12; /* SYN,ACK */ @@ -1019,7 +1019,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)addr; - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x10; /* ACK */ @@ -1029,7 +1029,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x18; /* PSH,ACK */ @@ -1047,7 +1047,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, buf, len, packet_len); } - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /** RST,ACK */ @@ -1061,7 +1061,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return NULL; } - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /* RST,ACK */ @@ -1071,7 +1071,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)si->peername; - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x18; /* PSH,ACK */ @@ -1087,7 +1087,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return NULL; } - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x14; /* RST,ACK */ @@ -1123,7 +1123,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x11; /* FIN, ACK */ @@ -1137,7 +1137,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, dest_addr = (const struct sockaddr_in *)si->myname; src_addr = (const struct sockaddr_in *)si->peername; - tcp_seq_num = si->io.pck_rcv; + tcp_seqno = si->io.pck_rcv; tcp_ack = si->io.pck_snd; tcp_ctl = 0x11; /* FIN,ACK */ @@ -1151,7 +1151,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, src_addr = (const struct sockaddr_in *)si->myname; dest_addr = (const struct sockaddr_in *)si->peername; - tcp_seq_num = si->io.pck_snd; + tcp_seqno = si->io.pck_snd; tcp_ack = si->io.pck_rcv; tcp_ctl = 0x10; /* ACK */ @@ -1164,7 +1164,7 @@ static struct swrap_packet *swrap_marshall_packet(struct socket_info *si, return swrap_packet_init(&tv, src_addr, dest_addr, si->type, (const unsigned char *)buf, len, - tcp_seq_num, tcp_ack, tcp_ctl, unreachable, + tcp_seqno, tcp_ack, tcp_ctl, unreachable, packet_len); } -- cgit From 2024d87cf5ffa0633225ed189fa48f0f56151e7e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 14:43:42 -0700 Subject: Make map_errno_from_nt_status() a generic call, not just a cli specific one. Remove some unused calls from vfs_acl_xattr. Test for SD's on existing files. Jeremy. --- source3/include/proto.h | 1 + source3/lib/errmap_unix.c | 136 ++++++++++++++++++++++++++++++++++++++ source3/libsmb/clierror.c | 140 +--------------------------------------- source3/modules/vfs_acl_xattr.c | 58 ++++++++++------- 4 files changed, 175 insertions(+), 160 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 30e309cd4e..d7acdcb910 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -515,6 +515,7 @@ void display_set_stderr(void); /* The following definitions come from lib/errmap_unix.c */ NTSTATUS map_nt_error_from_unix(int unix_error); +int map_errno_from_nt_status(NTSTATUS status); /* The following definitions come from lib/events.c */ diff --git a/source3/lib/errmap_unix.c b/source3/lib/errmap_unix.c index 2cd2386c5c..9adb237096 100644 --- a/source3/lib/errmap_unix.c +++ b/source3/lib/errmap_unix.c @@ -128,3 +128,139 @@ NTSTATUS map_nt_error_from_unix(int unix_error) /* Default return */ return NT_STATUS_ACCESS_DENIED; } + +/* Return a UNIX errno from a NT status code */ +static const struct { + NTSTATUS status; + int error; +} nt_errno_map[] = { + {NT_STATUS_ACCESS_VIOLATION, EACCES}, + {NT_STATUS_INVALID_HANDLE, EBADF}, + {NT_STATUS_ACCESS_DENIED, EACCES}, + {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT}, + {NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT}, + {NT_STATUS_SHARING_VIOLATION, EBUSY}, + {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR}, + {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST}, + {NT_STATUS_PATH_NOT_COVERED, ENOENT}, + {NT_STATUS_UNSUCCESSFUL, EINVAL}, + {NT_STATUS_NOT_IMPLEMENTED, ENOSYS}, + {NT_STATUS_IN_PAGE_ERROR, EFAULT}, + {NT_STATUS_BAD_NETWORK_NAME, ENOENT}, +#ifdef EDQUOT + {NT_STATUS_PAGEFILE_QUOTA, EDQUOT}, + {NT_STATUS_QUOTA_EXCEEDED, EDQUOT}, + {NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT}, + {NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT}, +#endif +#ifdef ETIME + {NT_STATUS_TIMER_NOT_CANCELED, ETIME}, +#endif + {NT_STATUS_INVALID_PARAMETER, EINVAL}, + {NT_STATUS_NO_SUCH_DEVICE, ENODEV}, + {NT_STATUS_NO_SUCH_FILE, ENOENT}, +#ifdef ENODATA + {NT_STATUS_END_OF_FILE, ENODATA}, +#endif +#ifdef ENOMEDIUM + {NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM}, + {NT_STATUS_NO_MEDIA, ENOMEDIUM}, +#endif + {NT_STATUS_NONEXISTENT_SECTOR, ESPIPE}, + {NT_STATUS_NO_MEMORY, ENOMEM}, + {NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE}, + {NT_STATUS_NOT_MAPPED_VIEW, EINVAL}, + {NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE}, + {NT_STATUS_ACCESS_DENIED, EACCES}, + {NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS}, + {NT_STATUS_WRONG_PASSWORD, EACCES}, + {NT_STATUS_LOGON_FAILURE, EACCES}, + {NT_STATUS_INVALID_WORKSTATION, EACCES}, + {NT_STATUS_INVALID_LOGON_HOURS, EACCES}, + {NT_STATUS_PASSWORD_EXPIRED, EACCES}, + {NT_STATUS_ACCOUNT_DISABLED, EACCES}, + {NT_STATUS_DISK_FULL, ENOSPC}, + {NT_STATUS_INVALID_PIPE_STATE, EPIPE}, + {NT_STATUS_PIPE_BUSY, EPIPE}, + {NT_STATUS_PIPE_DISCONNECTED, EPIPE}, + {NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS}, + {NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR}, + {NT_STATUS_NOT_SUPPORTED, ENOSYS}, + {NT_STATUS_NOT_A_DIRECTORY, ENOTDIR}, + {NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY}, + {NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH}, + {NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH}, + {NT_STATUS_CONNECTION_ABORTED, ECONNABORTED}, + {NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED}, + {NT_STATUS_TOO_MANY_LINKS, EMLINK}, + {NT_STATUS_NETWORK_BUSY, EBUSY}, + {NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV}, +#ifdef ELIBACC + {NT_STATUS_DLL_NOT_FOUND, ELIBACC}, +#endif + {NT_STATUS_PIPE_BROKEN, EPIPE}, + {NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED}, + {NT_STATUS_NETWORK_ACCESS_DENIED, EACCES}, + {NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE}, +#ifdef EPROTO + {NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO}, +#endif + {NT_STATUS_FLOAT_OVERFLOW, ERANGE}, + {NT_STATUS_FLOAT_UNDERFLOW, ERANGE}, + {NT_STATUS_INTEGER_OVERFLOW, ERANGE}, + {NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS}, + {NT_STATUS_PIPE_CONNECTED, EISCONN}, + {NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT}, + {NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE}, + {NT_STATUS_ILL_FORMED_PASSWORD, EACCES}, + {NT_STATUS_PASSWORD_RESTRICTION, EACCES}, + {NT_STATUS_ACCOUNT_RESTRICTION, EACCES}, + {NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED}, + {NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG}, + {NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN}, + {NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED}, + {NT_STATUS_CONNECTION_RESET, ENETRESET}, +#ifdef ENOTUNIQ + {NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ}, + {NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ}, +#endif + {NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE}, + {NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT}, + {NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE}, + {NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH}, + {NT_STATUS_IO_TIMEOUT, ETIMEDOUT}, + {NT_STATUS_RETRY, EAGAIN}, +#ifdef ENOTUNIQ + {NT_STATUS_DUPLICATE_NAME, ENOTUNIQ}, +#endif +#ifdef ECOMM + {NT_STATUS_NET_WRITE_FAULT, ECOMM}, +#endif +#ifdef EXDEV + {NT_STATUS_NOT_SAME_DEVICE, EXDEV}, +#endif + {NT_STATUS(0), 0} +}; + +int map_errno_from_nt_status(NTSTATUS status) +{ + int i; + DEBUG(10,("map_errno_from_nt_status: 32 bit codes: code=%08x\n", + NT_STATUS_V(status))); + + /* Status codes without this bit set are not errors */ + + if (!(NT_STATUS_V(status) & 0xc0000000)) { + return 0; + } + + for (i=0;nt_errno_map[i].error;i++) { + if (NT_STATUS_V(nt_errno_map[i].status) == + NT_STATUS_V(status)) { + return nt_errno_map[i].error; + } + } + + /* for all other cases - a default code */ + return EINVAL; +} diff --git a/source3/libsmb/clierror.c b/source3/libsmb/clierror.c index 36746419f7..54f8a7a43c 100644 --- a/source3/libsmb/clierror.c +++ b/source3/libsmb/clierror.c @@ -236,142 +236,6 @@ void cli_dos_error(struct cli_state *cli, uint8 *eclass, uint32 *ecode) *ecode = SVAL(cli->inbuf,smb_err); } -/* Return a UNIX errno from a NT status code */ -static const struct { - NTSTATUS status; - int error; -} nt_errno_map[] = { - {NT_STATUS_ACCESS_VIOLATION, EACCES}, - {NT_STATUS_INVALID_HANDLE, EBADF}, - {NT_STATUS_ACCESS_DENIED, EACCES}, - {NT_STATUS_OBJECT_NAME_NOT_FOUND, ENOENT}, - {NT_STATUS_OBJECT_PATH_NOT_FOUND, ENOENT}, - {NT_STATUS_SHARING_VIOLATION, EBUSY}, - {NT_STATUS_OBJECT_PATH_INVALID, ENOTDIR}, - {NT_STATUS_OBJECT_NAME_COLLISION, EEXIST}, - {NT_STATUS_PATH_NOT_COVERED, ENOENT}, - {NT_STATUS_UNSUCCESSFUL, EINVAL}, - {NT_STATUS_NOT_IMPLEMENTED, ENOSYS}, - {NT_STATUS_IN_PAGE_ERROR, EFAULT}, - {NT_STATUS_BAD_NETWORK_NAME, ENOENT}, -#ifdef EDQUOT - {NT_STATUS_PAGEFILE_QUOTA, EDQUOT}, - {NT_STATUS_QUOTA_EXCEEDED, EDQUOT}, - {NT_STATUS_REGISTRY_QUOTA_LIMIT, EDQUOT}, - {NT_STATUS_LICENSE_QUOTA_EXCEEDED, EDQUOT}, -#endif -#ifdef ETIME - {NT_STATUS_TIMER_NOT_CANCELED, ETIME}, -#endif - {NT_STATUS_INVALID_PARAMETER, EINVAL}, - {NT_STATUS_NO_SUCH_DEVICE, ENODEV}, - {NT_STATUS_NO_SUCH_FILE, ENOENT}, -#ifdef ENODATA - {NT_STATUS_END_OF_FILE, ENODATA}, -#endif -#ifdef ENOMEDIUM - {NT_STATUS_NO_MEDIA_IN_DEVICE, ENOMEDIUM}, - {NT_STATUS_NO_MEDIA, ENOMEDIUM}, -#endif - {NT_STATUS_NONEXISTENT_SECTOR, ESPIPE}, - {NT_STATUS_NO_MEMORY, ENOMEM}, - {NT_STATUS_CONFLICTING_ADDRESSES, EADDRINUSE}, - {NT_STATUS_NOT_MAPPED_VIEW, EINVAL}, - {NT_STATUS_UNABLE_TO_FREE_VM, EADDRINUSE}, - {NT_STATUS_ACCESS_DENIED, EACCES}, - {NT_STATUS_BUFFER_TOO_SMALL, ENOBUFS}, - {NT_STATUS_WRONG_PASSWORD, EACCES}, - {NT_STATUS_LOGON_FAILURE, EACCES}, - {NT_STATUS_INVALID_WORKSTATION, EACCES}, - {NT_STATUS_INVALID_LOGON_HOURS, EACCES}, - {NT_STATUS_PASSWORD_EXPIRED, EACCES}, - {NT_STATUS_ACCOUNT_DISABLED, EACCES}, - {NT_STATUS_DISK_FULL, ENOSPC}, - {NT_STATUS_INVALID_PIPE_STATE, EPIPE}, - {NT_STATUS_PIPE_BUSY, EPIPE}, - {NT_STATUS_PIPE_DISCONNECTED, EPIPE}, - {NT_STATUS_PIPE_NOT_AVAILABLE, ENOSYS}, - {NT_STATUS_FILE_IS_A_DIRECTORY, EISDIR}, - {NT_STATUS_NOT_SUPPORTED, ENOSYS}, - {NT_STATUS_NOT_A_DIRECTORY, ENOTDIR}, - {NT_STATUS_DIRECTORY_NOT_EMPTY, ENOTEMPTY}, - {NT_STATUS_NETWORK_UNREACHABLE, ENETUNREACH}, - {NT_STATUS_HOST_UNREACHABLE, EHOSTUNREACH}, - {NT_STATUS_CONNECTION_ABORTED, ECONNABORTED}, - {NT_STATUS_CONNECTION_REFUSED, ECONNREFUSED}, - {NT_STATUS_TOO_MANY_LINKS, EMLINK}, - {NT_STATUS_NETWORK_BUSY, EBUSY}, - {NT_STATUS_DEVICE_DOES_NOT_EXIST, ENODEV}, -#ifdef ELIBACC - {NT_STATUS_DLL_NOT_FOUND, ELIBACC}, -#endif - {NT_STATUS_PIPE_BROKEN, EPIPE}, - {NT_STATUS_REMOTE_NOT_LISTENING, ECONNREFUSED}, - {NT_STATUS_NETWORK_ACCESS_DENIED, EACCES}, - {NT_STATUS_TOO_MANY_OPENED_FILES, EMFILE}, -#ifdef EPROTO - {NT_STATUS_DEVICE_PROTOCOL_ERROR, EPROTO}, -#endif - {NT_STATUS_FLOAT_OVERFLOW, ERANGE}, - {NT_STATUS_FLOAT_UNDERFLOW, ERANGE}, - {NT_STATUS_INTEGER_OVERFLOW, ERANGE}, - {NT_STATUS_MEDIA_WRITE_PROTECTED, EROFS}, - {NT_STATUS_PIPE_CONNECTED, EISCONN}, - {NT_STATUS_MEMORY_NOT_ALLOCATED, EFAULT}, - {NT_STATUS_FLOAT_INEXACT_RESULT, ERANGE}, - {NT_STATUS_ILL_FORMED_PASSWORD, EACCES}, - {NT_STATUS_PASSWORD_RESTRICTION, EACCES}, - {NT_STATUS_ACCOUNT_RESTRICTION, EACCES}, - {NT_STATUS_PORT_CONNECTION_REFUSED, ECONNREFUSED}, - {NT_STATUS_NAME_TOO_LONG, ENAMETOOLONG}, - {NT_STATUS_REMOTE_DISCONNECT, ESHUTDOWN}, - {NT_STATUS_CONNECTION_DISCONNECTED, ECONNABORTED}, - {NT_STATUS_CONNECTION_RESET, ENETRESET}, -#ifdef ENOTUNIQ - {NT_STATUS_IP_ADDRESS_CONFLICT1, ENOTUNIQ}, - {NT_STATUS_IP_ADDRESS_CONFLICT2, ENOTUNIQ}, -#endif - {NT_STATUS_PORT_MESSAGE_TOO_LONG, EMSGSIZE}, - {NT_STATUS_PROTOCOL_UNREACHABLE, ENOPROTOOPT}, - {NT_STATUS_ADDRESS_ALREADY_EXISTS, EADDRINUSE}, - {NT_STATUS_PORT_UNREACHABLE, EHOSTUNREACH}, - {NT_STATUS_IO_TIMEOUT, ETIMEDOUT}, - {NT_STATUS_RETRY, EAGAIN}, -#ifdef ENOTUNIQ - {NT_STATUS_DUPLICATE_NAME, ENOTUNIQ}, -#endif -#ifdef ECOMM - {NT_STATUS_NET_WRITE_FAULT, ECOMM}, -#endif -#ifdef EXDEV - {NT_STATUS_NOT_SAME_DEVICE, EXDEV}, -#endif - {NT_STATUS(0), 0} -}; - -/**************************************************************************** - The following mappings need tidying up and moving into libsmb/errormap.c... -****************************************************************************/ - -static int cli_errno_from_nt(NTSTATUS status) -{ - int i; - DEBUG(10,("cli_errno_from_nt: 32 bit codes: code=%08x\n", NT_STATUS_V(status))); - - /* Status codes without this bit set are not errors */ - - if (!(NT_STATUS_V(status) & 0xc0000000)) { - return 0; - } - - for (i=0;nt_errno_map[i].error;i++) { - if (NT_STATUS_V(nt_errno_map[i].status) == - NT_STATUS_V(status)) return nt_errno_map[i].error; - } - - /* for all other cases - a default code */ - return EINVAL; -} /* Return a UNIX errno appropriate for the error received in the last packet. */ @@ -382,7 +246,7 @@ int cli_errno(struct cli_state *cli) if (cli_is_nt_error(cli)) { status = cli_nt_error(cli); - return cli_errno_from_nt(status); + return map_errno_from_nt_status(status); } if (cli_is_dos_error(cli)) { @@ -391,7 +255,7 @@ int cli_errno(struct cli_state *cli) cli_dos_error(cli, &eclass, &ecode); status = dos_to_ntstatus(eclass, ecode); - return cli_errno_from_nt(status); + return map_errno_from_nt_status(status); } /* diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index a2f3477b76..80e44e51fc 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -133,26 +133,6 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, return NT_STATUS_OK; } -static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) -{ - return SMB_VFS_NEXT_MKDIR(handle, path, mode); -} - -static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) -{ - return SMB_VFS_NEXT_RMDIR(handle, path); -} - -static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode) -{ - return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); -} - -static int unlink_acl_xattr(vfs_handle_struct *handle, const char *fname) -{ - return SMB_VFS_NEXT_UNLINK(handle, fname); -} - static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, files_struct *fsp, const char *name, @@ -198,6 +178,42 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, return status; } +static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +{ + return SMB_VFS_NEXT_MKDIR(handle, path, mode); +} + +/********************************************************************* + * Currently this only works for existing files. Need to work on + * inheritance for new files. +*********************************************************************/ + +static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode) +{ + uint32_t access_granted = 0; + SEC_DESC *pdesc = NULL; + NTSTATUS status = get_nt_acl_xattr_internal(handle, + NULL, + fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &pdesc); + if (NT_STATUS_IS_OK(status)) { + /* See if we can access it. */ + if (!se_access_check(pdesc, + handle->conn->server_info->ptok, + fsp->access_mask, + &access_granted, + &status)) { + errno = map_errno_from_nt_status(status); + return -1; + } + } + + return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); +} + static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { @@ -312,9 +328,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, static vfs_op_tuple skel_op_tuples[] = { {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(unlink_acl_xattr),SMB_VFS_OP_UNLINK,SMB_VFS_LAYER_TRANSPARENT}, /* NT File ACL operations */ -- cgit From 20b73b1309a74eee3fbf37738407584dce63bb78 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 6 Oct 2008 04:54:48 +0200 Subject: Print proper error if include file can't be found. --- pidl/lib/Parse/Pidl/ODL.pm | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pidl/lib/Parse/Pidl/ODL.pm b/pidl/lib/Parse/Pidl/ODL.pm index ad8c76f622..c49cdfb795 100644 --- a/pidl/lib/Parse/Pidl/ODL.pm +++ b/pidl/lib/Parse/Pidl/ODL.pm @@ -57,6 +57,10 @@ sub ODL2IDL if ($x->{TYPE} eq "IMPORT") { foreach my $idl_file (@{$x->{PATHS}}) { $idl_file = unmake_str($idl_file); + unless (-f "$basedir/$idl_file") { + error($x, "Unable to open include file `$idl_file'"); + next; + } my $podl = Parse::Pidl::IDL::parse_file("$basedir/$idl_file", $opt_incdirs); if (defined(@$podl)) { require Parse::Pidl::Typelist; -- cgit From c024fb7d5745dbca96b969c88284b70ac7c520e4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Mon, 6 Oct 2008 16:00:10 +0200 Subject: Allow 'make testenv-dc', 'make testenv-member', etc. --- source4/selftest/config.mk | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source4/selftest/config.mk b/source4/selftest/config.mk index 2fcb71eb7a..e4bb2df0ad 100644 --- a/source4/selftest/config.mk +++ b/source4/selftest/config.mk @@ -49,6 +49,9 @@ quicktestone:: all testenv:: everything $(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv +testenv-%:: everything + SELFTEST_TESTENV=$* $(SELFTEST) $(SELFTEST_NOSLOW_OPTS) --socket-wrapper --testenv + valgrindtest:: valgrindtest-all valgrindtest-quick:: all -- cgit From 8da78b732554a88bee0f1dd547e329fe8d82b7f9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 01:48:44 +0200 Subject: Move subunit helper utility to specific subunit directory. --- lib/unit | 36 ++++++++++++++++++++++++++++++++++++ source4/script/harness2subunit.pl | 36 ------------------------------------ source4/selftest/samba4_tests.sh | 2 +- 3 files changed, 37 insertions(+), 37 deletions(-) create mode 100755 lib/unit delete mode 100755 source4/script/harness2subunit.pl diff --git a/lib/unit b/lib/unit new file mode 100755 index 0000000000..45f515540b --- /dev/null +++ b/lib/unit @@ -0,0 +1,36 @@ +#!/usr/bin/perl +# Simple script that converts Perl test harness output to +# Subunit +# Copyright (C) 2008 Jelmer Vernooij +# Published under the GNU GPL, v3 or later + +my $firstline = 1; +my $error = 0; +while() { + if ($firstline) { + $firstline = 0; + next; + } + if (/^not ok (\d+) - (.*)$/) { + print "test: $2\n"; + print "failure: $2\n"; + $error = 1; + } elsif (/^ok (\d+) - (.*)$/) { + print "test: $2\n"; + print "success: $2\n"; + } elsif (/^ok (\d+)$/) { + print "test: $1\n"; + print "success: $1\n"; + } elsif (/^ok (\d+) # skip (.*)$/) { + print "test: $1\n"; + print "skip: $1 [\n$2\n]\n"; + } elsif (/^not ok (\d+)$/) { + print "test: $1\n"; + print "failure: $1\n"; + $error = 1; + } else { + print; + } +} +exit $error; + diff --git a/source4/script/harness2subunit.pl b/source4/script/harness2subunit.pl deleted file mode 100755 index 45f515540b..0000000000 --- a/source4/script/harness2subunit.pl +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/perl -# Simple script that converts Perl test harness output to -# Subunit -# Copyright (C) 2008 Jelmer Vernooij -# Published under the GNU GPL, v3 or later - -my $firstline = 1; -my $error = 0; -while() { - if ($firstline) { - $firstline = 0; - next; - } - if (/^not ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "failure: $2\n"; - $error = 1; - } elsif (/^ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "success: $2\n"; - } elsif (/^ok (\d+)$/) { - print "test: $1\n"; - print "success: $1\n"; - } elsif (/^ok (\d+) # skip (.*)$/) { - print "test: $1\n"; - print "skip: $1 [\n$2\n]\n"; - } elsif (/^not ok (\d+)$/) { - print "test: $1\n"; - print "failure: $1\n"; - $error = 1; - } else { - print; - } -} -exit $error; - diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index bfe386af69..7ddaf9f996 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -252,7 +252,7 @@ if test x"${PIDL_TESTS_SKIP}" = x"yes"; then echo "Skipping pidl tests - PIDL_TESTS_SKIP=yes" elif $PERL -e 'eval require Test::More;' > /dev/null 2>&1; then for f in $samba4srcdir/../pidl/tests/*.pl; do - plantest "pidl.`basename $f .pl`" none $PERL $f "|" $samba4srcdir/script/harness2subunit.pl + plantest "pidl.`basename $f .pl`" none $PERL $f "|" $samba4srcdir/../lib/subunit/harness2subunit.pl done else echo "Skipping pidl tests - Test::More not installed" -- cgit From 3ecde315d3ef6d13ea3811d34deb51f87cdeaa6d Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 01:58:42 +0200 Subject: Import tests for subunit python module. --- source4/scripting/python/subunit/tests/TestUtil.py | 80 +++ source4/scripting/python/subunit/tests/__init__.py | 25 + .../python/subunit/tests/sample-script.py | 11 + .../python/subunit/tests/sample-two-script.py | 7 + .../python/subunit/tests/test_test_protocol.py | 730 +++++++++++++++++++++ source4/selftest/samba4_tests.sh | 1 + 6 files changed, 854 insertions(+) create mode 100644 source4/scripting/python/subunit/tests/TestUtil.py create mode 100644 source4/scripting/python/subunit/tests/__init__.py create mode 100755 source4/scripting/python/subunit/tests/sample-script.py create mode 100755 source4/scripting/python/subunit/tests/sample-two-script.py create mode 100644 source4/scripting/python/subunit/tests/test_test_protocol.py diff --git a/source4/scripting/python/subunit/tests/TestUtil.py b/source4/scripting/python/subunit/tests/TestUtil.py new file mode 100644 index 0000000000..1b5ba9c293 --- /dev/null +++ b/source4/scripting/python/subunit/tests/TestUtil.py @@ -0,0 +1,80 @@ +# Copyright (c) 2004 Canonical Limited +# Author: Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import logging +import unittest + + +class LogCollector(logging.Handler): + def __init__(self): + logging.Handler.__init__(self) + self.records=[] + def emit(self, record): + self.records.append(record.getMessage()) + + +def makeCollectingLogger(): + """I make a logger instance that collects its logs for programmatic analysis + -> (logger, collector)""" + logger=logging.Logger("collector") + handler=LogCollector() + handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) + logger.addHandler(handler) + return logger, handler + + +def visitTests(suite, visitor): + """A foreign method for visiting the tests in a test suite.""" + for test in suite._tests: + #Abusing types to avoid monkey patching unittest.TestCase. + # Maybe that would be better? + try: + test.visit(visitor) + except AttributeError: + if isinstance(test, unittest.TestCase): + visitor.visitCase(test) + elif isinstance(test, unittest.TestSuite): + visitor.visitSuite(test) + visitTests(test, visitor) + else: + print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) + + +class TestSuite(unittest.TestSuite): + """I am an extended TestSuite with a visitor interface. + This is primarily to allow filtering of tests - and suites or + more in the future. An iterator of just tests wouldn't scale...""" + + def visit(self, visitor): + """visit the composite. Visiting is depth-first. + current callbacks are visitSuite and visitCase.""" + visitor.visitSuite(self) + visitTests(self, visitor) + + +class TestLoader(unittest.TestLoader): + """Custome TestLoader to set the right TestSuite class.""" + suiteClass = TestSuite + +class TestVisitor(object): + """A visitor for Tests""" + def visitSuite(self, aTestSuite): + pass + def visitCase(self, aTestCase): + pass diff --git a/source4/scripting/python/subunit/tests/__init__.py b/source4/scripting/python/subunit/tests/__init__.py new file mode 100644 index 0000000000..544d0e704f --- /dev/null +++ b/source4/scripting/python/subunit/tests/__init__.py @@ -0,0 +1,25 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from subunit.tests import TestUtil, test_test_protocol + +def test_suite(): + result = TestUtil.TestSuite() + result.addTest(test_test_protocol.test_suite()) + return result diff --git a/source4/scripting/python/subunit/tests/sample-script.py b/source4/scripting/python/subunit/tests/sample-script.py new file mode 100755 index 0000000000..223d2f5d9f --- /dev/null +++ b/source4/scripting/python/subunit/tests/sample-script.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "failure bing crosby [" +print "foo.c:53:ERROR invalid state" +print "]" +print "test an error" +print "error an error" +sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/sample-two-script.py b/source4/scripting/python/subunit/tests/sample-two-script.py new file mode 100755 index 0000000000..d5550842bf --- /dev/null +++ b/source4/scripting/python/subunit/tests/sample-two-script.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "success bing crosby" +sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/test_test_protocol.py b/source4/scripting/python/subunit/tests/test_test_protocol.py new file mode 100644 index 0000000000..af31584a97 --- /dev/null +++ b/source4/scripting/python/subunit/tests/test_test_protocol.py @@ -0,0 +1,730 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import unittest +from StringIO import StringIO +import os +import subunit +import sys + +try: + class MockTestProtocolServerClient(object): + """A mock protocol server client to test callbacks.""" + + def __init__(self): + self.end_calls = [] + self.error_calls = [] + self.failure_calls = [] + self.start_calls = [] + self.success_calls = [] + super(MockTestProtocolServerClient, self).__init__() + + def addError(self, test, error): + self.error_calls.append((test, error)) + + def addFailure(self, test, error): + self.failure_calls.append((test, error)) + + def addSuccess(self, test): + self.success_calls.append(test) + + def stopTest(self, test): + self.end_calls.append(test) + + def startTest(self, test): + self.start_calls.append(test) + +except AttributeError: + MockTestProtocolServer = None + + +class TestMockTestProtocolServer(unittest.TestCase): + + def test_start_test(self): + protocol = MockTestProtocolServerClient() + protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_error(self): + protocol = MockTestProtocolServerClient() + protocol.addError(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, [( + subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_failure(self): + protocol = MockTestProtocolServerClient() + protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, [ + (subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.success_calls, []) + + def test_add_success(self): + protocol = MockTestProtocolServerClient() + protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + + def test_end_test(self): + protocol = MockTestProtocolServerClient() + protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.end_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + self.assertEqual(protocol.start_calls, []) + + +class TestTestImports(unittest.TestCase): + + def test_imports(self): + from subunit import TestProtocolServer + from subunit import RemotedTestCase + from subunit import RemoteError + from subunit import ExecTestCase + from subunit import IsolatedTestCase + from subunit import TestProtocolClient + + +class TestTestProtocolServerPipe(unittest.TestCase): + + def test_story(self): + client = unittest.TestResult() + protocol = subunit.TestProtocolServer(client) + pipe = StringIO("test old mcdonald\n" + "success old mcdonald\n" + "test bing crosby\n" + "failure bing crosby [\n" + "foo.c:53:ERROR invalid state\n" + "]\n" + "test an error\n" + "error an error\n") + protocol.readFrom(pipe) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(client.errors, + [(an_error, 'RemoteException: \n\n')]) + self.assertEqual( + client.failures, + [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) + self.assertEqual(client.testsRun, 3) + + +class TestTestProtocolServerStartTest(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + + def test_start_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing(self): + self.protocol.lineReceived("testing old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_test_colon(self): + self.protocol.lineReceived("test: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing_colon(self): + self.protocol.lineReceived("testing: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + +class TestTestProtocolServerPassThrough(unittest.TestCase): + + def setUp(self): + from StringIO import StringIO + self.stdout = StringIO() + self.test = subunit.RemotedTestCase("old mcdonald") + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client, self.stdout) + + def keywords_before_test(self): + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + + def test_keywords_before_test(self): + self.keywords_before_test() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_keywords_after_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure: old mcdonald [\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n"))]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_stdout_passthrough(self): + """Lines received which cannot be interpreted as any protocol action + should be passed through to sys.stdout. + """ + bytes = "randombytes\n" + self.protocol.lineReceived(bytes) + self.assertEqual(self.stdout.getvalue(), bytes) + + +class TestTestProtocolServerLostConnection(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.test = subunit.RemotedTestCase("old mcdonald") + + def test_lost_connection_no_input(self): + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_start(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during " + "test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during error " + "report of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.protocol.lostConnection() + test = subunit.RemotedTestCase("old mcdonald") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, + subunit.RemoteError("lost connection during " + "failure report" + " of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + +class TestTestProtocolServerAddError(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_error_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def test_simple_error(self): + self.simple_error_keyword("error") + + def test_simple_error_colon(self): + self.simple_error_keyword("error:") + + def test_error_empty_message(self): + self.protocol.lineReceived("error mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def error_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("]\n"))]) + self.assertEqual(self.client.failure_calls, []) + + def test_error_quoted_bracket(self): + self.error_quoted_bracket("error") + + def test_error_colon_quoted_bracket(self): + self.error_quoted_bracket("error:") + + +class TestTestProtocolServerAddFailure(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_failure_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def test_simple_failure(self): + self.simple_failure_keyword("failure") + + def test_simple_failure_colon(self): + self.simple_failure_keyword("failure:") + + def test_failure_empty_message(self): + self.protocol.lineReceived("failure mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def failure_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("]\n"))]) + + def test_failure_quoted_bracket(self): + self.failure_quoted_bracket("failure") + + def test_failure_colon_quoted_bracket(self): + self.failure_quoted_bracket("failure:") + + +class TestTestProtocolServerAddSuccess(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_success_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_simple_success(self): + self.simple_success_keyword("failure") + + def test_simple_success_colon(self): + self.simple_success_keyword("failure:") + + def test_simple_success(self): + self.simple_success_keyword("successful") + + def test_simple_success_colon(self): + self.simple_success_keyword("successful:") + + +class TestRemotedTestCase(unittest.TestCase): + + def test_simple(self): + test = subunit.RemotedTestCase("A test description") + self.assertRaises(NotImplementedError, test.setUp) + self.assertRaises(NotImplementedError, test.tearDown) + self.assertEqual("A test description", + test.shortDescription()) + self.assertEqual("subunit.RemotedTestCase.A test description", + test.id()) + self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) + self.assertEqual("", "%r" % test) + result = unittest.TestResult() + test.run(result) + self.assertEqual([(test, "RemoteException: " + "Cannot run RemotedTestCases.\n\n")], + result.errors) + self.assertEqual(1, result.testsRun) + another_test = subunit.RemotedTestCase("A test description") + self.assertEqual(test, another_test) + different_test = subunit.RemotedTestCase("ofo") + self.assertNotEqual(test, different_test) + self.assertNotEqual(another_test, different_test) + + +class TestRemoteError(unittest.TestCase): + + def test_eq(self): + error = subunit.RemoteError("Something went wrong") + another_error = subunit.RemoteError("Something went wrong") + different_error = subunit.RemoteError("boo!") + self.assertEqual(error, another_error) + self.assertNotEqual(error, different_error) + self.assertNotEqual(different_error, another_error) + + def test_empty_constructor(self): + self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) + + +class TestExecTestCase(unittest.TestCase): + + class SampleExecTestCase(subunit.ExecTestCase): + + def test_sample_method(self): + """sample-script.py""" + # the sample script runs three tests, one each + # that fails, errors and succeeds + + + def test_construct(self): + test = self.SampleExecTestCase("test_sample_method") + self.assertEqual(test.script, + subunit.join_dir(__file__, 'sample-script.py')) + + def test_run(self): + runner = MockTestProtocolServerClient() + test = self.SampleExecTestCase("test_sample_method") + test.run(runner) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(runner.error_calls, + [(an_error, subunit.RemoteError())]) + self.assertEqual(runner.failure_calls, + [(bing, + subunit.RemoteError( + "foo.c:53:ERROR invalid state\n"))]) + self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) + self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) + + def test_debug(self): + test = self.SampleExecTestCase("test_sample_method") + test.debug() + + def test_count_test_cases(self): + """TODO run the child process and count responses to determine the count.""" + + def test_join_dir(self): + sibling = subunit.join_dir(__file__, 'foo') + expected = '%s/foo' % (os.path.split(__file__)[0],) + self.assertEqual(sibling, expected) + + +class DoExecTestCase(subunit.ExecTestCase): + + def test_working_script(self): + """sample-two-script.py""" + + +class TestIsolatedTestCase(unittest.TestCase): + + class SampleIsolatedTestCase(subunit.IsolatedTestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True + + def tearDown(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True + + + def test_construct(self): + test = self.SampleIsolatedTestCase("test_sets_global_state") + + def test_run(self): + result = unittest.TestResult() + test = self.SampleIsolatedTestCase("test_sets_global_state") + test.run(result) + self.assertEqual(result.testsRun, 1) + self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) + self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) + self.assertEqual(self.SampleIsolatedTestCase.TEST, False) + + def test_debug(self): + pass + #test = self.SampleExecTestCase("test_sample_method") + #test.debug() + + +class TestIsolatedTestSuite(unittest.TestCase): + + class SampleTestToIsolate(unittest.TestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True + + def tearDown(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEST = True + + + def test_construct(self): + suite = subunit.IsolatedTestSuite() + + def test_run(self): + result = unittest.TestResult() + suite = subunit.IsolatedTestSuite() + sub_suite = unittest.TestSuite() + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.addTest(sub_suite) + suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.run(result) + self.assertEqual(result.testsRun, 3) + self.assertEqual(self.SampleTestToIsolate.SETUP, False) + self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) + self.assertEqual(self.SampleTestToIsolate.TEST, False) + + +class TestTestProtocolClient(unittest.TestCase): + + def setUp(self): + self.io = StringIO() + self.protocol = subunit.TestProtocolClient(self.io) + self.test = TestTestProtocolClient("test_start_test") + + + def test_start_test(self): + """Test startTest on a TestProtocolClient.""" + self.protocol.startTest(self.test) + self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) + + def test_stop_test(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.stopTest(self.test) + self.assertEqual(self.io.getvalue(), "") + + def test_add_success(self): + """Test addSuccess on a TestProtocolClient.""" + self.protocol.addSuccess(self.test) + self.assertEqual( + self.io.getvalue(), "successful: %s\n" % self.test.id()) + + def test_add_failure(self): + """Test addFailure on a TestProtocolClient.""" + self.protocol.addFailure(self.test, subunit.RemoteError("boo")) + self.assertEqual( + self.io.getvalue(), + 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) + + def test_add_error(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.addError(self.test, subunit.RemoteError("phwoar")) + self.assertEqual( + self.io.getvalue(), + 'error: %s [\n' + "RemoteException: phwoar\n" + "]\n" % self.test.id()) + + +def test_suite(): + loader = subunit.tests.TestUtil.TestLoader() + result = loader.loadTestsFromName(__name__) + return result diff --git a/source4/selftest/samba4_tests.sh b/source4/selftest/samba4_tests.sh index 7ddaf9f996..9fc71a104f 100755 --- a/source4/selftest/samba4_tests.sh +++ b/source4/selftest/samba4_tests.sh @@ -381,6 +381,7 @@ plantest "samdb.python" none $SUBUNITRUN samba.tests.samdb plantest "events.python" none PYTHONPATH="$PYTHONPATH:lib/events" $SUBUNITRUN tests plantest "messaging.python" none PYTHONPATH="$PYTHONPATH:lib/messaging/tests" $SUBUNITRUN bindings plantest "samba3sam.python" none PYTHONPATH="$PYTHONPATH:dsdb/samdb/ldb_modules/tests" $SUBUNITRUN samba3sam +plantest "subunit.python" none $SUBUNITRUN subunit plantest "rpcecho.python" dc $SUBUNITRUN samba.tests.dcerpc.rpcecho plantest "winreg.python" dc $SUBUNITRUN -U\$USERNAME%\$PASSWORD samba.tests.dcerpc.registry plantest "ldap.python" dc $PYTHON $samba4srcdir/lib/ldb/tests/python/ldap.py $CONFIGURATION \$SERVER -U\$USERNAME%\$PASSWORD -W \$DOMAIN -- cgit From 68837ff597bd39ff215ef30b4616692d2e31b1b4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 7 Oct 2008 01:23:34 +0200 Subject: Fix syntax errors in minschema. --- source4/scripting/bin/minschema | 36 ++++++++++++++++-------------------- 1 file changed, 16 insertions(+), 20 deletions(-) diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema index 111557126d..e7d7ed4979 100755 --- a/source4/scripting/bin/minschema +++ b/source4/scripting/bin/minschema @@ -11,7 +11,8 @@ import os, sys sys.path.insert(0, "bin/python") import samba -from samba import getopt as options +from samba import getopt as options, Ldb +from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError import sys parser = optparse.OptionParser("minschema ") @@ -50,7 +51,9 @@ if len(args) != 2: (url, classfile) = args -creds = credopts.get_credentials() +lp_ctx = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp_ctx) ldb = Ldb(url, credentials=creds) objectclasses = [] @@ -131,17 +134,10 @@ attrib_attrs = ["objectClass", # 2: abstract # 3: auxiliary -# -# print only if verbose is set -# -def dprintf(text): - if verbose is not None: - print text - def get_object_cn(ldb, name): attrs = ["cn"] - res = ldb.search("(ldapDisplayName=%s)" % name, rootDse["schemaNamingContext"], ldb.SCOPE_SUBTREE, attrs) + res = ldb.search("(ldapDisplayName=%s)" % name, rootDse["schemaNamingContext"], SCOPE_SUBTREE, attrs) assert len(res) == 1 return res[0]["cn"] @@ -229,7 +225,7 @@ def find_objectclass_properties(ldb, o): """the properties of an objectclass""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, attrs=class_attrs) + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=class_attrs) assert(len(res) == 1) msg = res[0] for a in msg: @@ -239,7 +235,7 @@ def find_attribute_properties(ldb, o): """find the properties of an attribute""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrib_attrs) assert(len(res) == 1) msg = res[0] @@ -269,7 +265,7 @@ def find_objectclass_auto(ldb, o): print "%s\n" % ldif return - res = ldb.search("", testdn, ldb.SCOPE_BASE) + res = ldb.search(base=testdn, scope=ldb.SCOPE_BASE) ldb.delete(testdn) for a in res.msgs[0]: @@ -284,7 +280,7 @@ def expand_objectclass(ldb, o): "subClassOf"] res = ldb.search( expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % o.name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrs) print "Expanding class %s\n" % o.name assert(len(res) == 1) @@ -322,13 +318,13 @@ def walk_dn(ldb, dn): # get a list of all possible attributes for this object attrs = ["allowedAttributes"] try: - res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, attrs) + res = ldb.search("objectClass=*", dn, SCOPE_BASE, attrs) except LdbError, e: print "Unable to fetch allowedAttributes for '%s' - %r\n" % (dn, e) return allattrs = res[0]["allowedAttributes"] try: - res = ldb.search("objectClass=*", dn, ldb.SCOPE_BASE, allattrs) + res = ldb.search("objectClass=*", dn, SCOPE_BASE, allattrs) except LdbError, e: print "Unable to fetch all attributes for '%s' - %s\n" % (dn, e) return @@ -340,7 +336,7 @@ def walk_dn(ldb, dn): def walk_naming_context(ldb, namingContext): """walk a naming context, looking for all records""" try: - res = ldb.search("objectClass=*", namingContext, ldb.SCOPE_DEFAULT, + res = ldb.search("objectClass=*", namingContext, SCOPE_DEFAULT, ["objectClass"]) except LdbError, e: print "Unable to fetch objectClasses for '%s' - %s\n" % (namingContext, e) @@ -398,7 +394,7 @@ def build_objectclass(ldb, name): try: res = ldb.search( expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % name, - basedn=rootDse["schemaNamingContext"], scope=ldb.SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=attrs) except LdbError, e: print "unknown class '%s'\n" % name @@ -503,10 +499,10 @@ objectCategory: CN=SubSchema,${SCHEMADN} def load_list(file): """load a list from a file""" - return open(file, 'r').splitlines() + return open(file, 'r').readlines() # get the rootDSE -res = ldb.search("", "", ldb.SCOPE_BASE) +res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"]) rootDse = res[0] # load the list of classes we are interested in -- cgit From f9facb51207713d1f294038e68909ba7701c61e4 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 02:17:47 +0200 Subject: Move all subunit files to lib directory. --- lib/subunit/python/__init__.py | 388 +++++++++++ lib/subunit/python/tests/TestUtil.py | 80 +++ lib/subunit/python/tests/__init__.py | 25 + lib/subunit/python/tests/sample-script.py | 11 + lib/subunit/python/tests/sample-two-script.py | 7 + lib/subunit/python/tests/test_test_protocol.py | 730 +++++++++++++++++++++ source4/scripting/bin/subunitrun | 1 + source4/scripting/python/config.mk | 4 +- source4/scripting/python/subunit/__init__.py | 388 ----------- source4/scripting/python/subunit/tests/TestUtil.py | 80 --- source4/scripting/python/subunit/tests/__init__.py | 25 - .../python/subunit/tests/sample-script.py | 11 - .../python/subunit/tests/sample-two-script.py | 7 - .../python/subunit/tests/test_test_protocol.py | 730 --------------------- 14 files changed, 1244 insertions(+), 1243 deletions(-) create mode 100644 lib/subunit/python/__init__.py create mode 100644 lib/subunit/python/tests/TestUtil.py create mode 100644 lib/subunit/python/tests/__init__.py create mode 100755 lib/subunit/python/tests/sample-script.py create mode 100755 lib/subunit/python/tests/sample-two-script.py create mode 100644 lib/subunit/python/tests/test_test_protocol.py delete mode 100644 source4/scripting/python/subunit/__init__.py delete mode 100644 source4/scripting/python/subunit/tests/TestUtil.py delete mode 100644 source4/scripting/python/subunit/tests/__init__.py delete mode 100755 source4/scripting/python/subunit/tests/sample-script.py delete mode 100755 source4/scripting/python/subunit/tests/sample-two-script.py delete mode 100644 source4/scripting/python/subunit/tests/test_test_protocol.py diff --git a/lib/subunit/python/__init__.py b/lib/subunit/python/__init__.py new file mode 100644 index 0000000000..406cd8765b --- /dev/null +++ b/lib/subunit/python/__init__.py @@ -0,0 +1,388 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# Copyright (C) 2007 Jelmer Vernooij +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import os +from StringIO import StringIO +import sys +import unittest + +def test_suite(): + import subunit.tests + return subunit.tests.test_suite() + + +def join_dir(base_path, path): + """ + Returns an absolute path to C{path}, calculated relative to the parent + of C{base_path}. + + @param base_path: A path to a file or directory. + @param path: An absolute path, or a path relative to the containing + directory of C{base_path}. + + @return: An absolute path to C{path}. + """ + return os.path.join(os.path.dirname(os.path.abspath(base_path)), path) + + +class TestProtocolServer(object): + """A class for receiving results from a TestProtocol client.""" + + OUTSIDE_TEST = 0 + TEST_STARTED = 1 + READING_FAILURE = 2 + READING_ERROR = 3 + + def __init__(self, client, stream=sys.stdout): + """Create a TestProtocol server instance. + + client should be an object that provides + - startTest + - addSuccess + - addFailure + - addError + - stopTest + methods, i.e. a TestResult. + """ + self.state = TestProtocolServer.OUTSIDE_TEST + self.client = client + self._stream = stream + + def _addError(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addError(self._current_test, RemoteError("")) + self.client.stopTest(self._current_test) + self._current_test = None + elif (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description + " [" == line[offset:-1]): + self.state = TestProtocolServer.READING_ERROR + self._message = "" + else: + self.stdOutLineReceived(line) + + def _addFailure(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addFailure(self._current_test, RemoteError()) + self.client.stopTest(self._current_test) + elif (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description + " [" == line[offset:-1]): + self.state = TestProtocolServer.READING_FAILURE + self._message = "" + else: + self.stdOutLineReceived(line) + + def _addSuccess(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.client.addSuccess(self._current_test) + self.client.stopTest(self._current_test) + self.current_test_description = None + self._current_test = None + self.state = TestProtocolServer.OUTSIDE_TEST + else: + self.stdOutLineReceived(line) + + def _appendMessage(self, line): + if line[0:2] == " ]": + # quoted ] start + self._message += line[1:] + else: + self._message += line + + def endQuote(self, line): + if self.state == TestProtocolServer.READING_FAILURE: + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addFailure(self._current_test, + RemoteError(self._message)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_ERROR: + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addError(self._current_test, + RemoteError(self._message)) + self.client.stopTest(self._current_test) + else: + self.stdOutLineReceived(line) + + def lineReceived(self, line): + """Call the appropriate local method for the received line.""" + if line == "]\n": + self.endQuote(line) + elif (self.state == TestProtocolServer.READING_FAILURE or + self.state == TestProtocolServer.READING_ERROR): + self._appendMessage(line) + else: + parts = line.split(None, 1) + if len(parts) == 2: + cmd, rest = parts + offset = len(cmd) + 1 + cmd = cmd.strip(':') + if cmd in ('test', 'testing'): + self._startTest(offset, line) + elif cmd == 'error': + self._addError(offset, line) + elif cmd == 'failure': + self._addFailure(offset, line) + elif cmd in ('success', 'successful'): + self._addSuccess(offset, line) + else: + self.stdOutLineReceived(line) + else: + self.stdOutLineReceived(line) + + def lostConnection(self): + """The input connection has finished.""" + if self.state == TestProtocolServer.TEST_STARTED: + self.client.addError(self._current_test, + RemoteError("lost connection during test '%s'" + % self.current_test_description)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_ERROR: + self.client.addError(self._current_test, + RemoteError("lost connection during " + "error report of test " + "'%s'" % + self.current_test_description)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_FAILURE: + self.client.addError(self._current_test, + RemoteError("lost connection during " + "failure report of test " + "'%s'" % + self.current_test_description)) + self.client.stopTest(self._current_test) + + def readFrom(self, pipe): + for line in pipe.readlines(): + self.lineReceived(line) + self.lostConnection() + + def _startTest(self, offset, line): + """Internal call to change state machine. Override startTest().""" + if self.state == TestProtocolServer.OUTSIDE_TEST: + self.state = TestProtocolServer.TEST_STARTED + self._current_test = RemotedTestCase(line[offset:-1]) + self.current_test_description = line[offset:-1] + self.client.startTest(self._current_test) + else: + self.stdOutLineReceived(line) + + def stdOutLineReceived(self, line): + self._stream.write(line) + + +class RemoteException(Exception): + """An exception that occured remotely to python.""" + + def __eq__(self, other): + try: + return self.args == other.args + except AttributeError: + return False + + +class TestProtocolClient(unittest.TestResult): + """A class that looks like a TestResult and informs a TestProtocolServer.""" + + def __init__(self, stream): + super(TestProtocolClient, self).__init__() + self._stream = stream + + def addError(self, test, error): + """Report an error in test test.""" + self._stream.write("error: %s [\n" % (test.shortDescription() or str(test))) + for line in self._exc_info_to_string(error, test).splitlines(): + self._stream.write("%s\n" % line) + self._stream.write("]\n") + super(TestProtocolClient, self).addError(test, error) + + def addFailure(self, test, error): + """Report a failure in test test.""" + self._stream.write("failure: %s [\n" % (test.shortDescription() or str(test))) + for line in self._exc_info_to_string(error, test).splitlines(): + self._stream.write("%s\n" % line) + self._stream.write("]\n") + super(TestProtocolClient, self).addFailure(test, error) + + def addSuccess(self, test): + """Report a success in a test.""" + self._stream.write("successful: %s\n" % (test.shortDescription() or str(test))) + super(TestProtocolClient, self).addSuccess(test) + + def startTest(self, test): + """Mark a test as starting its test run.""" + self._stream.write("test: %s\n" % (test.shortDescription() or str(test))) + super(TestProtocolClient, self).startTest(test) + + +def RemoteError(description=""): + if description == "": + description = "\n" + return (RemoteException, RemoteException(description), None) + + +class RemotedTestCase(unittest.TestCase): + """A class to represent test cases run in child processes.""" + + def __eq__ (self, other): + try: + return self.__description == other.__description + except AttributeError: + return False + + def __init__(self, description): + """Create a psuedo test case with description description.""" + self.__description = description + + def error(self, label): + raise NotImplementedError("%s on RemotedTestCases is not permitted." % + label) + + def setUp(self): + self.error("setUp") + + def tearDown(self): + self.error("tearDown") + + def shortDescription(self): + return self.__description + + def id(self): + return "%s.%s" % (self._strclass(), self.__description) + + def __str__(self): + return "%s (%s)" % (self.__description, self._strclass()) + + def __repr__(self): + return "<%s description='%s'>" % \ + (self._strclass(), self.__description) + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + result.startTest(self) + result.addError(self, RemoteError("Cannot run RemotedTestCases.\n")) + result.stopTest(self) + + def _strclass(self): + cls = self.__class__ + return "%s.%s" % (cls.__module__, cls.__name__) + + +class ExecTestCase(unittest.TestCase): + """A test case which runs external scripts for test fixtures.""" + + def __init__(self, methodName='runTest'): + """Create an instance of the class that will use the named test + method when executed. Raises a ValueError if the instance does + not have a method with the specified name. + """ + unittest.TestCase.__init__(self, methodName) + testMethod = getattr(self, methodName) + self.script = join_dir(sys.modules[self.__class__.__module__].__file__, + testMethod.__doc__) + + def countTestCases(self): + return 1 + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + self._run(result) + + def debug(self): + """Run the test without collecting errors in a TestResult""" + self._run(unittest.TestResult()) + + def _run(self, result): + protocol = TestProtocolServer(result) + output = os.popen(self.script, mode='r') + protocol.readFrom(output) + + +class IsolatedTestCase(unittest.TestCase): + """A TestCase which runs its tests in a forked process.""" + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + run_isolated(unittest.TestCase, self, result) + + +class IsolatedTestSuite(unittest.TestSuite): + """A TestCase which runs its tests in a forked process.""" + + def run(self, result=None): + if result is None: result = unittest.TestResult() + run_isolated(unittest.TestSuite, self, result) + + +def run_isolated(klass, self, result): + """Run a test suite or case in a subprocess, using the run method on klass. + """ + c2pread, c2pwrite = os.pipe() + # fixme - error -> result + # now fork + pid = os.fork() + if pid == 0: + # Child + # Close parent's pipe ends + os.close(c2pread) + # Dup fds for child + os.dup2(c2pwrite, 1) + # Close pipe fds. + os.close(c2pwrite) + + # at this point, sys.stdin is redirected, now we want + # to filter it to escape ]'s. + ### XXX: test and write that bit. + + result = TestProtocolClient(sys.stdout) + klass.run(self, result) + sys.stdout.flush() + sys.stderr.flush() + # exit HARD, exit NOW. + os._exit(0) + else: + # Parent + # Close child pipe ends + os.close(c2pwrite) + # hookup a protocol engine + protocol = TestProtocolServer(result) + protocol.readFrom(os.fdopen(c2pread, 'rU')) + os.waitpid(pid, 0) + # TODO return code evaluation. + return result + + +class SubunitTestRunner(object): + def __init__(self, stream=sys.stdout): + self.stream = stream + + def run(self, test): + "Run the given test case or test suite." + result = TestProtocolClient(self.stream) + test(result) + return result + diff --git a/lib/subunit/python/tests/TestUtil.py b/lib/subunit/python/tests/TestUtil.py new file mode 100644 index 0000000000..1b5ba9c293 --- /dev/null +++ b/lib/subunit/python/tests/TestUtil.py @@ -0,0 +1,80 @@ +# Copyright (c) 2004 Canonical Limited +# Author: Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import logging +import unittest + + +class LogCollector(logging.Handler): + def __init__(self): + logging.Handler.__init__(self) + self.records=[] + def emit(self, record): + self.records.append(record.getMessage()) + + +def makeCollectingLogger(): + """I make a logger instance that collects its logs for programmatic analysis + -> (logger, collector)""" + logger=logging.Logger("collector") + handler=LogCollector() + handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) + logger.addHandler(handler) + return logger, handler + + +def visitTests(suite, visitor): + """A foreign method for visiting the tests in a test suite.""" + for test in suite._tests: + #Abusing types to avoid monkey patching unittest.TestCase. + # Maybe that would be better? + try: + test.visit(visitor) + except AttributeError: + if isinstance(test, unittest.TestCase): + visitor.visitCase(test) + elif isinstance(test, unittest.TestSuite): + visitor.visitSuite(test) + visitTests(test, visitor) + else: + print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) + + +class TestSuite(unittest.TestSuite): + """I am an extended TestSuite with a visitor interface. + This is primarily to allow filtering of tests - and suites or + more in the future. An iterator of just tests wouldn't scale...""" + + def visit(self, visitor): + """visit the composite. Visiting is depth-first. + current callbacks are visitSuite and visitCase.""" + visitor.visitSuite(self) + visitTests(self, visitor) + + +class TestLoader(unittest.TestLoader): + """Custome TestLoader to set the right TestSuite class.""" + suiteClass = TestSuite + +class TestVisitor(object): + """A visitor for Tests""" + def visitSuite(self, aTestSuite): + pass + def visitCase(self, aTestCase): + pass diff --git a/lib/subunit/python/tests/__init__.py b/lib/subunit/python/tests/__init__.py new file mode 100644 index 0000000000..544d0e704f --- /dev/null +++ b/lib/subunit/python/tests/__init__.py @@ -0,0 +1,25 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from subunit.tests import TestUtil, test_test_protocol + +def test_suite(): + result = TestUtil.TestSuite() + result.addTest(test_test_protocol.test_suite()) + return result diff --git a/lib/subunit/python/tests/sample-script.py b/lib/subunit/python/tests/sample-script.py new file mode 100755 index 0000000000..223d2f5d9f --- /dev/null +++ b/lib/subunit/python/tests/sample-script.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "failure bing crosby [" +print "foo.c:53:ERROR invalid state" +print "]" +print "test an error" +print "error an error" +sys.exit(0) diff --git a/lib/subunit/python/tests/sample-two-script.py b/lib/subunit/python/tests/sample-two-script.py new file mode 100755 index 0000000000..d5550842bf --- /dev/null +++ b/lib/subunit/python/tests/sample-two-script.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "success bing crosby" +sys.exit(0) diff --git a/lib/subunit/python/tests/test_test_protocol.py b/lib/subunit/python/tests/test_test_protocol.py new file mode 100644 index 0000000000..af31584a97 --- /dev/null +++ b/lib/subunit/python/tests/test_test_protocol.py @@ -0,0 +1,730 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import unittest +from StringIO import StringIO +import os +import subunit +import sys + +try: + class MockTestProtocolServerClient(object): + """A mock protocol server client to test callbacks.""" + + def __init__(self): + self.end_calls = [] + self.error_calls = [] + self.failure_calls = [] + self.start_calls = [] + self.success_calls = [] + super(MockTestProtocolServerClient, self).__init__() + + def addError(self, test, error): + self.error_calls.append((test, error)) + + def addFailure(self, test, error): + self.failure_calls.append((test, error)) + + def addSuccess(self, test): + self.success_calls.append(test) + + def stopTest(self, test): + self.end_calls.append(test) + + def startTest(self, test): + self.start_calls.append(test) + +except AttributeError: + MockTestProtocolServer = None + + +class TestMockTestProtocolServer(unittest.TestCase): + + def test_start_test(self): + protocol = MockTestProtocolServerClient() + protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_error(self): + protocol = MockTestProtocolServerClient() + protocol.addError(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, [( + subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_failure(self): + protocol = MockTestProtocolServerClient() + protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, [ + (subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.success_calls, []) + + def test_add_success(self): + protocol = MockTestProtocolServerClient() + protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + + def test_end_test(self): + protocol = MockTestProtocolServerClient() + protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.end_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + self.assertEqual(protocol.start_calls, []) + + +class TestTestImports(unittest.TestCase): + + def test_imports(self): + from subunit import TestProtocolServer + from subunit import RemotedTestCase + from subunit import RemoteError + from subunit import ExecTestCase + from subunit import IsolatedTestCase + from subunit import TestProtocolClient + + +class TestTestProtocolServerPipe(unittest.TestCase): + + def test_story(self): + client = unittest.TestResult() + protocol = subunit.TestProtocolServer(client) + pipe = StringIO("test old mcdonald\n" + "success old mcdonald\n" + "test bing crosby\n" + "failure bing crosby [\n" + "foo.c:53:ERROR invalid state\n" + "]\n" + "test an error\n" + "error an error\n") + protocol.readFrom(pipe) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(client.errors, + [(an_error, 'RemoteException: \n\n')]) + self.assertEqual( + client.failures, + [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) + self.assertEqual(client.testsRun, 3) + + +class TestTestProtocolServerStartTest(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + + def test_start_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing(self): + self.protocol.lineReceived("testing old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_test_colon(self): + self.protocol.lineReceived("test: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing_colon(self): + self.protocol.lineReceived("testing: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + +class TestTestProtocolServerPassThrough(unittest.TestCase): + + def setUp(self): + from StringIO import StringIO + self.stdout = StringIO() + self.test = subunit.RemotedTestCase("old mcdonald") + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client, self.stdout) + + def keywords_before_test(self): + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + + def test_keywords_before_test(self): + self.keywords_before_test() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_keywords_after_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure: old mcdonald [\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n"))]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_stdout_passthrough(self): + """Lines received which cannot be interpreted as any protocol action + should be passed through to sys.stdout. + """ + bytes = "randombytes\n" + self.protocol.lineReceived(bytes) + self.assertEqual(self.stdout.getvalue(), bytes) + + +class TestTestProtocolServerLostConnection(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.test = subunit.RemotedTestCase("old mcdonald") + + def test_lost_connection_no_input(self): + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_start(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during " + "test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during error " + "report of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.protocol.lostConnection() + test = subunit.RemotedTestCase("old mcdonald") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, + subunit.RemoteError("lost connection during " + "failure report" + " of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + +class TestTestProtocolServerAddError(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_error_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def test_simple_error(self): + self.simple_error_keyword("error") + + def test_simple_error_colon(self): + self.simple_error_keyword("error:") + + def test_error_empty_message(self): + self.protocol.lineReceived("error mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def error_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("]\n"))]) + self.assertEqual(self.client.failure_calls, []) + + def test_error_quoted_bracket(self): + self.error_quoted_bracket("error") + + def test_error_colon_quoted_bracket(self): + self.error_quoted_bracket("error:") + + +class TestTestProtocolServerAddFailure(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_failure_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def test_simple_failure(self): + self.simple_failure_keyword("failure") + + def test_simple_failure_colon(self): + self.simple_failure_keyword("failure:") + + def test_failure_empty_message(self): + self.protocol.lineReceived("failure mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def failure_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("]\n"))]) + + def test_failure_quoted_bracket(self): + self.failure_quoted_bracket("failure") + + def test_failure_colon_quoted_bracket(self): + self.failure_quoted_bracket("failure:") + + +class TestTestProtocolServerAddSuccess(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_success_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_simple_success(self): + self.simple_success_keyword("failure") + + def test_simple_success_colon(self): + self.simple_success_keyword("failure:") + + def test_simple_success(self): + self.simple_success_keyword("successful") + + def test_simple_success_colon(self): + self.simple_success_keyword("successful:") + + +class TestRemotedTestCase(unittest.TestCase): + + def test_simple(self): + test = subunit.RemotedTestCase("A test description") + self.assertRaises(NotImplementedError, test.setUp) + self.assertRaises(NotImplementedError, test.tearDown) + self.assertEqual("A test description", + test.shortDescription()) + self.assertEqual("subunit.RemotedTestCase.A test description", + test.id()) + self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) + self.assertEqual("", "%r" % test) + result = unittest.TestResult() + test.run(result) + self.assertEqual([(test, "RemoteException: " + "Cannot run RemotedTestCases.\n\n")], + result.errors) + self.assertEqual(1, result.testsRun) + another_test = subunit.RemotedTestCase("A test description") + self.assertEqual(test, another_test) + different_test = subunit.RemotedTestCase("ofo") + self.assertNotEqual(test, different_test) + self.assertNotEqual(another_test, different_test) + + +class TestRemoteError(unittest.TestCase): + + def test_eq(self): + error = subunit.RemoteError("Something went wrong") + another_error = subunit.RemoteError("Something went wrong") + different_error = subunit.RemoteError("boo!") + self.assertEqual(error, another_error) + self.assertNotEqual(error, different_error) + self.assertNotEqual(different_error, another_error) + + def test_empty_constructor(self): + self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) + + +class TestExecTestCase(unittest.TestCase): + + class SampleExecTestCase(subunit.ExecTestCase): + + def test_sample_method(self): + """sample-script.py""" + # the sample script runs three tests, one each + # that fails, errors and succeeds + + + def test_construct(self): + test = self.SampleExecTestCase("test_sample_method") + self.assertEqual(test.script, + subunit.join_dir(__file__, 'sample-script.py')) + + def test_run(self): + runner = MockTestProtocolServerClient() + test = self.SampleExecTestCase("test_sample_method") + test.run(runner) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(runner.error_calls, + [(an_error, subunit.RemoteError())]) + self.assertEqual(runner.failure_calls, + [(bing, + subunit.RemoteError( + "foo.c:53:ERROR invalid state\n"))]) + self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) + self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) + + def test_debug(self): + test = self.SampleExecTestCase("test_sample_method") + test.debug() + + def test_count_test_cases(self): + """TODO run the child process and count responses to determine the count.""" + + def test_join_dir(self): + sibling = subunit.join_dir(__file__, 'foo') + expected = '%s/foo' % (os.path.split(__file__)[0],) + self.assertEqual(sibling, expected) + + +class DoExecTestCase(subunit.ExecTestCase): + + def test_working_script(self): + """sample-two-script.py""" + + +class TestIsolatedTestCase(unittest.TestCase): + + class SampleIsolatedTestCase(subunit.IsolatedTestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True + + def tearDown(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True + + + def test_construct(self): + test = self.SampleIsolatedTestCase("test_sets_global_state") + + def test_run(self): + result = unittest.TestResult() + test = self.SampleIsolatedTestCase("test_sets_global_state") + test.run(result) + self.assertEqual(result.testsRun, 1) + self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) + self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) + self.assertEqual(self.SampleIsolatedTestCase.TEST, False) + + def test_debug(self): + pass + #test = self.SampleExecTestCase("test_sample_method") + #test.debug() + + +class TestIsolatedTestSuite(unittest.TestCase): + + class SampleTestToIsolate(unittest.TestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True + + def tearDown(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEST = True + + + def test_construct(self): + suite = subunit.IsolatedTestSuite() + + def test_run(self): + result = unittest.TestResult() + suite = subunit.IsolatedTestSuite() + sub_suite = unittest.TestSuite() + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.addTest(sub_suite) + suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.run(result) + self.assertEqual(result.testsRun, 3) + self.assertEqual(self.SampleTestToIsolate.SETUP, False) + self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) + self.assertEqual(self.SampleTestToIsolate.TEST, False) + + +class TestTestProtocolClient(unittest.TestCase): + + def setUp(self): + self.io = StringIO() + self.protocol = subunit.TestProtocolClient(self.io) + self.test = TestTestProtocolClient("test_start_test") + + + def test_start_test(self): + """Test startTest on a TestProtocolClient.""" + self.protocol.startTest(self.test) + self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) + + def test_stop_test(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.stopTest(self.test) + self.assertEqual(self.io.getvalue(), "") + + def test_add_success(self): + """Test addSuccess on a TestProtocolClient.""" + self.protocol.addSuccess(self.test) + self.assertEqual( + self.io.getvalue(), "successful: %s\n" % self.test.id()) + + def test_add_failure(self): + """Test addFailure on a TestProtocolClient.""" + self.protocol.addFailure(self.test, subunit.RemoteError("boo")) + self.assertEqual( + self.io.getvalue(), + 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) + + def test_add_error(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.addError(self.test, subunit.RemoteError("phwoar")) + self.assertEqual( + self.io.getvalue(), + 'error: %s [\n' + "RemoteException: phwoar\n" + "]\n" % self.test.id()) + + +def test_suite(): + loader = subunit.tests.TestUtil.TestLoader() + result = loader.loadTestsFromName(__name__) + return result diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun index 6f1086ad37..bc35c7ce22 100755 --- a/source4/scripting/bin/subunitrun +++ b/source4/scripting/bin/subunitrun @@ -21,6 +21,7 @@ import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") +sys.path.insert(0, "../lib/subunit/python") from subunit import SubunitTestRunner from unittest import TestProgram diff --git a/source4/scripting/python/config.mk b/source4/scripting/python/config.mk index b494ee6e8d..c88728a9fd 100644 --- a/source4/scripting/python/config.mk +++ b/source4/scripting/python/config.mk @@ -23,7 +23,7 @@ python_misc_OBJ_FILES = $(pyscriptsrcdir)/misc_wrap.o $(python_misc_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL) -_PY_FILES = $(shell find $(pyscriptsrcdir)/samba $(pyscriptsrcdir)/subunit -name "*.py") +_PY_FILES = $(shell find $(pyscriptsrcdir)/samba ../lib/subunit/python -name "*.py") $(foreach pyfile, $(_PY_FILES),$(eval $(call python_py_module_template,$(patsubst $(pyscriptsrcdir)/%,%,$(pyfile)),$(pyfile)))) @@ -32,6 +32,6 @@ $(eval $(call python_py_module_template,samba/misc.py,$(pyscriptsrcdir)/misc.py) EPYDOC_OPTIONS = --no-private --url http://www.samba.org/ --no-sourcecode epydoc:: pythonmods - PYTHONPATH=$(pythonbuilddir) epydoc $(EPYDOC_OPTIONS) samba tdb ldb subunit + PYTHONPATH=$(pythonbuilddir):../lib/subunit/python epydoc $(EPYDOC_OPTIONS) samba tdb ldb subunit install:: installpython diff --git a/source4/scripting/python/subunit/__init__.py b/source4/scripting/python/subunit/__init__.py deleted file mode 100644 index 406cd8765b..0000000000 --- a/source4/scripting/python/subunit/__init__.py +++ /dev/null @@ -1,388 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# Copyright (C) 2007 Jelmer Vernooij -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -from StringIO import StringIO -import sys -import unittest - -def test_suite(): - import subunit.tests - return subunit.tests.test_suite() - - -def join_dir(base_path, path): - """ - Returns an absolute path to C{path}, calculated relative to the parent - of C{base_path}. - - @param base_path: A path to a file or directory. - @param path: An absolute path, or a path relative to the containing - directory of C{base_path}. - - @return: An absolute path to C{path}. - """ - return os.path.join(os.path.dirname(os.path.abspath(base_path)), path) - - -class TestProtocolServer(object): - """A class for receiving results from a TestProtocol client.""" - - OUTSIDE_TEST = 0 - TEST_STARTED = 1 - READING_FAILURE = 2 - READING_ERROR = 3 - - def __init__(self, client, stream=sys.stdout): - """Create a TestProtocol server instance. - - client should be an object that provides - - startTest - - addSuccess - - addFailure - - addError - - stopTest - methods, i.e. a TestResult. - """ - self.state = TestProtocolServer.OUTSIDE_TEST - self.client = client - self._stream = stream - - def _addError(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, RemoteError("")) - self.client.stopTest(self._current_test) - self._current_test = None - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_ERROR - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addFailure(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, RemoteError()) - self.client.stopTest(self._current_test) - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_FAILURE - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addSuccess(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.client.addSuccess(self._current_test) - self.client.stopTest(self._current_test) - self.current_test_description = None - self._current_test = None - self.state = TestProtocolServer.OUTSIDE_TEST - else: - self.stdOutLineReceived(line) - - def _appendMessage(self, line): - if line[0:2] == " ]": - # quoted ] start - self._message += line[1:] - else: - self._message += line - - def endQuote(self, line): - if self.state == TestProtocolServer.READING_FAILURE: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def lineReceived(self, line): - """Call the appropriate local method for the received line.""" - if line == "]\n": - self.endQuote(line) - elif (self.state == TestProtocolServer.READING_FAILURE or - self.state == TestProtocolServer.READING_ERROR): - self._appendMessage(line) - else: - parts = line.split(None, 1) - if len(parts) == 2: - cmd, rest = parts - offset = len(cmd) + 1 - cmd = cmd.strip(':') - if cmd in ('test', 'testing'): - self._startTest(offset, line) - elif cmd == 'error': - self._addError(offset, line) - elif cmd == 'failure': - self._addFailure(offset, line) - elif cmd in ('success', 'successful'): - self._addSuccess(offset, line) - else: - self.stdOutLineReceived(line) - else: - self.stdOutLineReceived(line) - - def lostConnection(self): - """The input connection has finished.""" - if self.state == TestProtocolServer.TEST_STARTED: - self.client.addError(self._current_test, - RemoteError("lost connection during test '%s'" - % self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "error report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_FAILURE: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "failure report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - - def readFrom(self, pipe): - for line in pipe.readlines(): - self.lineReceived(line) - self.lostConnection() - - def _startTest(self, offset, line): - """Internal call to change state machine. Override startTest().""" - if self.state == TestProtocolServer.OUTSIDE_TEST: - self.state = TestProtocolServer.TEST_STARTED - self._current_test = RemotedTestCase(line[offset:-1]) - self.current_test_description = line[offset:-1] - self.client.startTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def stdOutLineReceived(self, line): - self._stream.write(line) - - -class RemoteException(Exception): - """An exception that occured remotely to python.""" - - def __eq__(self, other): - try: - return self.args == other.args - except AttributeError: - return False - - -class TestProtocolClient(unittest.TestResult): - """A class that looks like a TestResult and informs a TestProtocolServer.""" - - def __init__(self, stream): - super(TestProtocolClient, self).__init__() - self._stream = stream - - def addError(self, test, error): - """Report an error in test test.""" - self._stream.write("error: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addError(test, error) - - def addFailure(self, test, error): - """Report a failure in test test.""" - self._stream.write("failure: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addFailure(test, error) - - def addSuccess(self, test): - """Report a success in a test.""" - self._stream.write("successful: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).addSuccess(test) - - def startTest(self, test): - """Mark a test as starting its test run.""" - self._stream.write("test: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).startTest(test) - - -def RemoteError(description=""): - if description == "": - description = "\n" - return (RemoteException, RemoteException(description), None) - - -class RemotedTestCase(unittest.TestCase): - """A class to represent test cases run in child processes.""" - - def __eq__ (self, other): - try: - return self.__description == other.__description - except AttributeError: - return False - - def __init__(self, description): - """Create a psuedo test case with description description.""" - self.__description = description - - def error(self, label): - raise NotImplementedError("%s on RemotedTestCases is not permitted." % - label) - - def setUp(self): - self.error("setUp") - - def tearDown(self): - self.error("tearDown") - - def shortDescription(self): - return self.__description - - def id(self): - return "%s.%s" % (self._strclass(), self.__description) - - def __str__(self): - return "%s (%s)" % (self.__description, self._strclass()) - - def __repr__(self): - return "<%s description='%s'>" % \ - (self._strclass(), self.__description) - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - result.startTest(self) - result.addError(self, RemoteError("Cannot run RemotedTestCases.\n")) - result.stopTest(self) - - def _strclass(self): - cls = self.__class__ - return "%s.%s" % (cls.__module__, cls.__name__) - - -class ExecTestCase(unittest.TestCase): - """A test case which runs external scripts for test fixtures.""" - - def __init__(self, methodName='runTest'): - """Create an instance of the class that will use the named test - method when executed. Raises a ValueError if the instance does - not have a method with the specified name. - """ - unittest.TestCase.__init__(self, methodName) - testMethod = getattr(self, methodName) - self.script = join_dir(sys.modules[self.__class__.__module__].__file__, - testMethod.__doc__) - - def countTestCases(self): - return 1 - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - self._run(result) - - def debug(self): - """Run the test without collecting errors in a TestResult""" - self._run(unittest.TestResult()) - - def _run(self, result): - protocol = TestProtocolServer(result) - output = os.popen(self.script, mode='r') - protocol.readFrom(output) - - -class IsolatedTestCase(unittest.TestCase): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - run_isolated(unittest.TestCase, self, result) - - -class IsolatedTestSuite(unittest.TestSuite): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = unittest.TestResult() - run_isolated(unittest.TestSuite, self, result) - - -def run_isolated(klass, self, result): - """Run a test suite or case in a subprocess, using the run method on klass. - """ - c2pread, c2pwrite = os.pipe() - # fixme - error -> result - # now fork - pid = os.fork() - if pid == 0: - # Child - # Close parent's pipe ends - os.close(c2pread) - # Dup fds for child - os.dup2(c2pwrite, 1) - # Close pipe fds. - os.close(c2pwrite) - - # at this point, sys.stdin is redirected, now we want - # to filter it to escape ]'s. - ### XXX: test and write that bit. - - result = TestProtocolClient(sys.stdout) - klass.run(self, result) - sys.stdout.flush() - sys.stderr.flush() - # exit HARD, exit NOW. - os._exit(0) - else: - # Parent - # Close child pipe ends - os.close(c2pwrite) - # hookup a protocol engine - protocol = TestProtocolServer(result) - protocol.readFrom(os.fdopen(c2pread, 'rU')) - os.waitpid(pid, 0) - # TODO return code evaluation. - return result - - -class SubunitTestRunner(object): - def __init__(self, stream=sys.stdout): - self.stream = stream - - def run(self, test): - "Run the given test case or test suite." - result = TestProtocolClient(self.stream) - test(result) - return result - diff --git a/source4/scripting/python/subunit/tests/TestUtil.py b/source4/scripting/python/subunit/tests/TestUtil.py deleted file mode 100644 index 1b5ba9c293..0000000000 --- a/source4/scripting/python/subunit/tests/TestUtil.py +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) 2004 Canonical Limited -# Author: Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import sys -import logging -import unittest - - -class LogCollector(logging.Handler): - def __init__(self): - logging.Handler.__init__(self) - self.records=[] - def emit(self, record): - self.records.append(record.getMessage()) - - -def makeCollectingLogger(): - """I make a logger instance that collects its logs for programmatic analysis - -> (logger, collector)""" - logger=logging.Logger("collector") - handler=LogCollector() - handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) - logger.addHandler(handler) - return logger, handler - - -def visitTests(suite, visitor): - """A foreign method for visiting the tests in a test suite.""" - for test in suite._tests: - #Abusing types to avoid monkey patching unittest.TestCase. - # Maybe that would be better? - try: - test.visit(visitor) - except AttributeError: - if isinstance(test, unittest.TestCase): - visitor.visitCase(test) - elif isinstance(test, unittest.TestSuite): - visitor.visitSuite(test) - visitTests(test, visitor) - else: - print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) - - -class TestSuite(unittest.TestSuite): - """I am an extended TestSuite with a visitor interface. - This is primarily to allow filtering of tests - and suites or - more in the future. An iterator of just tests wouldn't scale...""" - - def visit(self, visitor): - """visit the composite. Visiting is depth-first. - current callbacks are visitSuite and visitCase.""" - visitor.visitSuite(self) - visitTests(self, visitor) - - -class TestLoader(unittest.TestLoader): - """Custome TestLoader to set the right TestSuite class.""" - suiteClass = TestSuite - -class TestVisitor(object): - """A visitor for Tests""" - def visitSuite(self, aTestSuite): - pass - def visitCase(self, aTestCase): - pass diff --git a/source4/scripting/python/subunit/tests/__init__.py b/source4/scripting/python/subunit/tests/__init__.py deleted file mode 100644 index 544d0e704f..0000000000 --- a/source4/scripting/python/subunit/tests/__init__.py +++ /dev/null @@ -1,25 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -from subunit.tests import TestUtil, test_test_protocol - -def test_suite(): - result = TestUtil.TestSuite() - result.addTest(test_test_protocol.test_suite()) - return result diff --git a/source4/scripting/python/subunit/tests/sample-script.py b/source4/scripting/python/subunit/tests/sample-script.py deleted file mode 100755 index 223d2f5d9f..0000000000 --- a/source4/scripting/python/subunit/tests/sample-script.py +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "failure bing crosby [" -print "foo.c:53:ERROR invalid state" -print "]" -print "test an error" -print "error an error" -sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/sample-two-script.py b/source4/scripting/python/subunit/tests/sample-two-script.py deleted file mode 100755 index d5550842bf..0000000000 --- a/source4/scripting/python/subunit/tests/sample-two-script.py +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "success bing crosby" -sys.exit(0) diff --git a/source4/scripting/python/subunit/tests/test_test_protocol.py b/source4/scripting/python/subunit/tests/test_test_protocol.py deleted file mode 100644 index af31584a97..0000000000 --- a/source4/scripting/python/subunit/tests/test_test_protocol.py +++ /dev/null @@ -1,730 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import unittest -from StringIO import StringIO -import os -import subunit -import sys - -try: - class MockTestProtocolServerClient(object): - """A mock protocol server client to test callbacks.""" - - def __init__(self): - self.end_calls = [] - self.error_calls = [] - self.failure_calls = [] - self.start_calls = [] - self.success_calls = [] - super(MockTestProtocolServerClient, self).__init__() - - def addError(self, test, error): - self.error_calls.append((test, error)) - - def addFailure(self, test, error): - self.failure_calls.append((test, error)) - - def addSuccess(self, test): - self.success_calls.append(test) - - def stopTest(self, test): - self.end_calls.append(test) - - def startTest(self, test): - self.start_calls.append(test) - -except AttributeError: - MockTestProtocolServer = None - - -class TestMockTestProtocolServer(unittest.TestCase): - - def test_start_test(self): - protocol = MockTestProtocolServerClient() - protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_error(self): - protocol = MockTestProtocolServerClient() - protocol.addError(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, [( - subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_failure(self): - protocol = MockTestProtocolServerClient() - protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, [ - (subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.success_calls, []) - - def test_add_success(self): - protocol = MockTestProtocolServerClient() - protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - - def test_end_test(self): - protocol = MockTestProtocolServerClient() - protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.end_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - self.assertEqual(protocol.start_calls, []) - - -class TestTestImports(unittest.TestCase): - - def test_imports(self): - from subunit import TestProtocolServer - from subunit import RemotedTestCase - from subunit import RemoteError - from subunit import ExecTestCase - from subunit import IsolatedTestCase - from subunit import TestProtocolClient - - -class TestTestProtocolServerPipe(unittest.TestCase): - - def test_story(self): - client = unittest.TestResult() - protocol = subunit.TestProtocolServer(client) - pipe = StringIO("test old mcdonald\n" - "success old mcdonald\n" - "test bing crosby\n" - "failure bing crosby [\n" - "foo.c:53:ERROR invalid state\n" - "]\n" - "test an error\n" - "error an error\n") - protocol.readFrom(pipe) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(client.errors, - [(an_error, 'RemoteException: \n\n')]) - self.assertEqual( - client.failures, - [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) - self.assertEqual(client.testsRun, 3) - - -class TestTestProtocolServerStartTest(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - - def test_start_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing(self): - self.protocol.lineReceived("testing old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_test_colon(self): - self.protocol.lineReceived("test: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing_colon(self): - self.protocol.lineReceived("testing: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - -class TestTestProtocolServerPassThrough(unittest.TestCase): - - def setUp(self): - from StringIO import StringIO - self.stdout = StringIO() - self.test = subunit.RemotedTestCase("old mcdonald") - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client, self.stdout) - - def keywords_before_test(self): - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - - def test_keywords_before_test(self): - self.keywords_before_test() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_keywords_after_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure: old mcdonald [\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n"))]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_stdout_passthrough(self): - """Lines received which cannot be interpreted as any protocol action - should be passed through to sys.stdout. - """ - bytes = "randombytes\n" - self.protocol.lineReceived(bytes) - self.assertEqual(self.stdout.getvalue(), bytes) - - -class TestTestProtocolServerLostConnection(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.test = subunit.RemotedTestCase("old mcdonald") - - def test_lost_connection_no_input(self): - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_start(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during " - "test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during error " - "report of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.protocol.lostConnection() - test = subunit.RemotedTestCase("old mcdonald") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, - subunit.RemoteError("lost connection during " - "failure report" - " of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - -class TestTestProtocolServerAddError(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_error_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def test_simple_error(self): - self.simple_error_keyword("error") - - def test_simple_error_colon(self): - self.simple_error_keyword("error:") - - def test_error_empty_message(self): - self.protocol.lineReceived("error mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def error_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("]\n"))]) - self.assertEqual(self.client.failure_calls, []) - - def test_error_quoted_bracket(self): - self.error_quoted_bracket("error") - - def test_error_colon_quoted_bracket(self): - self.error_quoted_bracket("error:") - - -class TestTestProtocolServerAddFailure(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_failure_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def test_simple_failure(self): - self.simple_failure_keyword("failure") - - def test_simple_failure_colon(self): - self.simple_failure_keyword("failure:") - - def test_failure_empty_message(self): - self.protocol.lineReceived("failure mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def failure_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("]\n"))]) - - def test_failure_quoted_bracket(self): - self.failure_quoted_bracket("failure") - - def test_failure_colon_quoted_bracket(self): - self.failure_quoted_bracket("failure:") - - -class TestTestProtocolServerAddSuccess(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_success_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_simple_success(self): - self.simple_success_keyword("failure") - - def test_simple_success_colon(self): - self.simple_success_keyword("failure:") - - def test_simple_success(self): - self.simple_success_keyword("successful") - - def test_simple_success_colon(self): - self.simple_success_keyword("successful:") - - -class TestRemotedTestCase(unittest.TestCase): - - def test_simple(self): - test = subunit.RemotedTestCase("A test description") - self.assertRaises(NotImplementedError, test.setUp) - self.assertRaises(NotImplementedError, test.tearDown) - self.assertEqual("A test description", - test.shortDescription()) - self.assertEqual("subunit.RemotedTestCase.A test description", - test.id()) - self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) - self.assertEqual("", "%r" % test) - result = unittest.TestResult() - test.run(result) - self.assertEqual([(test, "RemoteException: " - "Cannot run RemotedTestCases.\n\n")], - result.errors) - self.assertEqual(1, result.testsRun) - another_test = subunit.RemotedTestCase("A test description") - self.assertEqual(test, another_test) - different_test = subunit.RemotedTestCase("ofo") - self.assertNotEqual(test, different_test) - self.assertNotEqual(another_test, different_test) - - -class TestRemoteError(unittest.TestCase): - - def test_eq(self): - error = subunit.RemoteError("Something went wrong") - another_error = subunit.RemoteError("Something went wrong") - different_error = subunit.RemoteError("boo!") - self.assertEqual(error, another_error) - self.assertNotEqual(error, different_error) - self.assertNotEqual(different_error, another_error) - - def test_empty_constructor(self): - self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) - - -class TestExecTestCase(unittest.TestCase): - - class SampleExecTestCase(subunit.ExecTestCase): - - def test_sample_method(self): - """sample-script.py""" - # the sample script runs three tests, one each - # that fails, errors and succeeds - - - def test_construct(self): - test = self.SampleExecTestCase("test_sample_method") - self.assertEqual(test.script, - subunit.join_dir(__file__, 'sample-script.py')) - - def test_run(self): - runner = MockTestProtocolServerClient() - test = self.SampleExecTestCase("test_sample_method") - test.run(runner) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(runner.error_calls, - [(an_error, subunit.RemoteError())]) - self.assertEqual(runner.failure_calls, - [(bing, - subunit.RemoteError( - "foo.c:53:ERROR invalid state\n"))]) - self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) - self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) - - def test_debug(self): - test = self.SampleExecTestCase("test_sample_method") - test.debug() - - def test_count_test_cases(self): - """TODO run the child process and count responses to determine the count.""" - - def test_join_dir(self): - sibling = subunit.join_dir(__file__, 'foo') - expected = '%s/foo' % (os.path.split(__file__)[0],) - self.assertEqual(sibling, expected) - - -class DoExecTestCase(subunit.ExecTestCase): - - def test_working_script(self): - """sample-two-script.py""" - - -class TestIsolatedTestCase(unittest.TestCase): - - class SampleIsolatedTestCase(subunit.IsolatedTestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True - - def tearDown(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True - - - def test_construct(self): - test = self.SampleIsolatedTestCase("test_sets_global_state") - - def test_run(self): - result = unittest.TestResult() - test = self.SampleIsolatedTestCase("test_sets_global_state") - test.run(result) - self.assertEqual(result.testsRun, 1) - self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) - self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) - self.assertEqual(self.SampleIsolatedTestCase.TEST, False) - - def test_debug(self): - pass - #test = self.SampleExecTestCase("test_sample_method") - #test.debug() - - -class TestIsolatedTestSuite(unittest.TestCase): - - class SampleTestToIsolate(unittest.TestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True - - def tearDown(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEST = True - - - def test_construct(self): - suite = subunit.IsolatedTestSuite() - - def test_run(self): - result = unittest.TestResult() - suite = subunit.IsolatedTestSuite() - sub_suite = unittest.TestSuite() - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.addTest(sub_suite) - suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.run(result) - self.assertEqual(result.testsRun, 3) - self.assertEqual(self.SampleTestToIsolate.SETUP, False) - self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) - self.assertEqual(self.SampleTestToIsolate.TEST, False) - - -class TestTestProtocolClient(unittest.TestCase): - - def setUp(self): - self.io = StringIO() - self.protocol = subunit.TestProtocolClient(self.io) - self.test = TestTestProtocolClient("test_start_test") - - - def test_start_test(self): - """Test startTest on a TestProtocolClient.""" - self.protocol.startTest(self.test) - self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) - - def test_stop_test(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.stopTest(self.test) - self.assertEqual(self.io.getvalue(), "") - - def test_add_success(self): - """Test addSuccess on a TestProtocolClient.""" - self.protocol.addSuccess(self.test) - self.assertEqual( - self.io.getvalue(), "successful: %s\n" % self.test.id()) - - def test_add_failure(self): - """Test addFailure on a TestProtocolClient.""" - self.protocol.addFailure(self.test, subunit.RemoteError("boo")) - self.assertEqual( - self.io.getvalue(), - 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) - - def test_add_error(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.addError(self.test, subunit.RemoteError("phwoar")) - self.assertEqual( - self.io.getvalue(), - 'error: %s [\n' - "RemoteException: phwoar\n" - "]\n" % self.test.id()) - - -def test_suite(): - loader = subunit.tests.TestUtil.TestLoader() - result = loader.loadTestsFromName(__name__) - return result -- cgit From df4e9c7066059f072420d869ba6d2f383838afad Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 02:23:51 +0200 Subject: Fix path apparently gone wrong by cherrypick. --- lib/subunit/harness2subunit.pl | 36 ++++++++++++++++++++++++++++++++++++ lib/unit | 36 ------------------------------------ 2 files changed, 36 insertions(+), 36 deletions(-) create mode 100755 lib/subunit/harness2subunit.pl delete mode 100755 lib/unit diff --git a/lib/subunit/harness2subunit.pl b/lib/subunit/harness2subunit.pl new file mode 100755 index 0000000000..45f515540b --- /dev/null +++ b/lib/subunit/harness2subunit.pl @@ -0,0 +1,36 @@ +#!/usr/bin/perl +# Simple script that converts Perl test harness output to +# Subunit +# Copyright (C) 2008 Jelmer Vernooij +# Published under the GNU GPL, v3 or later + +my $firstline = 1; +my $error = 0; +while() { + if ($firstline) { + $firstline = 0; + next; + } + if (/^not ok (\d+) - (.*)$/) { + print "test: $2\n"; + print "failure: $2\n"; + $error = 1; + } elsif (/^ok (\d+) - (.*)$/) { + print "test: $2\n"; + print "success: $2\n"; + } elsif (/^ok (\d+)$/) { + print "test: $1\n"; + print "success: $1\n"; + } elsif (/^ok (\d+) # skip (.*)$/) { + print "test: $1\n"; + print "skip: $1 [\n$2\n]\n"; + } elsif (/^not ok (\d+)$/) { + print "test: $1\n"; + print "failure: $1\n"; + $error = 1; + } else { + print; + } +} +exit $error; + diff --git a/lib/unit b/lib/unit deleted file mode 100755 index 45f515540b..0000000000 --- a/lib/unit +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/perl -# Simple script that converts Perl test harness output to -# Subunit -# Copyright (C) 2008 Jelmer Vernooij -# Published under the GNU GPL, v3 or later - -my $firstline = 1; -my $error = 0; -while() { - if ($firstline) { - $firstline = 0; - next; - } - if (/^not ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "failure: $2\n"; - $error = 1; - } elsif (/^ok (\d+) - (.*)$/) { - print "test: $2\n"; - print "success: $2\n"; - } elsif (/^ok (\d+)$/) { - print "test: $1\n"; - print "success: $1\n"; - } elsif (/^ok (\d+) # skip (.*)$/) { - print "test: $1\n"; - print "skip: $1 [\n$2\n]\n"; - } elsif (/^not ok (\d+)$/) { - print "test: $1\n"; - print "failure: $1\n"; - $error = 1; - } else { - print; - } -} -exit $error; - -- cgit From ec5d09dbff94d909f5ef65fb30165672947455b8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 17:50:01 -0700 Subject: Update vfs version as I've added a const to the security_descriptor paramter in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy. --- examples/VFS/skel_opaque.c | 2 +- examples/VFS/skel_transparent.c | 2 +- source3/include/proto.h | 4 ++-- source3/include/vfs.h | 5 ++-- source3/modules/nfs4_acls.c | 10 +++----- source3/modules/vfs_acl_xattr.c | 4 ++-- source3/modules/vfs_afsacl.c | 10 ++++---- source3/modules/vfs_aixacl2.c | 4 ++-- source3/modules/vfs_default.c | 2 +- source3/modules/vfs_full_audit.c | 4 ++-- source3/modules/vfs_gpfs.c | 4 ++-- source3/modules/vfs_zfsacl.c | 4 ++-- source3/smbd/posix_acls.c | 51 ++++++++++++++++++++-------------------- 13 files changed, 52 insertions(+), 54 deletions(-) diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index 89d8ce5239..3df1fcd5bf 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -315,7 +315,7 @@ static size_t skel_get_nt_acl(vfs_handle_struct *handle, } static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) + uint32 security_info_sent, const SEC_DESC *psd) { errno = ENOSYS; return NT_STATUS_NOT_IMPLEMENTED; diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index ea8530d855..e6dee97775 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -302,7 +302,7 @@ static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle, } static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) + uint32 security_info_sent, const SEC_DESC *psd) { return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); } diff --git a/source3/include/proto.h b/source3/include/proto.h index d7acdcb910..efa29be16d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -9923,14 +9923,14 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req); /* The following definitions come from smbd/posix_acls.c */ -NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd); +NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd); SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl); NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, SEC_DESC **ppdesc); NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, SEC_DESC **ppdesc); int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); -NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd); +NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd); int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); int chmod_acl(connection_struct *conn, const char *name, mode_t mode); int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir, diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 9b72f69328..a3d38f6a25 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -108,8 +108,9 @@ /* Leave at 22 - not yet released. Remove parameter fd from close_fn. - obnox */ /* Changed to version 23 - remove set_nt_acl call. This can only be done via an open handle. JRA. */ +/* Changed to version 24 - make security descriptor const in fset_nt_acl. JRA. */ -#define SMB_VFS_INTERFACE_VERSION 23 +#define SMB_VFS_INTERFACE_VERSION 24 /* to bug old modules which are trying to compile with the old functions */ @@ -365,7 +366,7 @@ struct vfs_ops { NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, uint32 security_info_sent, - struct security_descriptor *psd); + const struct security_descriptor *psd); /* POSIX ACL operations. */ diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 9e28db8b39..f1b8cfffce 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -44,10 +44,6 @@ typedef struct _SMB_ACL4_INT_T SMB_ACE4_INT_T *last; } SMB_ACL4_INT_T; -extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); -extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, - uint32 security_info_sent, SEC_DESC *psd); - static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl) { SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl; @@ -518,7 +514,7 @@ static bool smbacl4_fill_ace4( smbacl4_vfs_params *params, uid_t ownerUID, gid_t ownerGID, - SEC_ACE *ace_nt, /* input */ + const SEC_ACE *ace_nt, /* input */ SMB_ACE4PROP_T *ace_v4 /* output */ ) { @@ -650,7 +646,7 @@ static int smbacl4_MergeIgnoreReject( static SMB4ACL_T *smbacl4_win2nfs4( const char *filename, - SEC_ACL *dacl, + const SEC_ACL *dacl, smbacl4_vfs_params *pparams, uid_t ownerUID, gid_t ownerGID @@ -694,7 +690,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd, + const SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native) { smbacl4_vfs_params params; diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 80e44e51fc..2b3fc2ebb2 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -238,7 +238,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, security_info, ppdesc); } -static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob) +static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; struct security_descriptor_timestamp sd_ts; @@ -307,7 +307,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp, } static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, - uint32 security_info_sent, SEC_DESC *psd) + uint32 security_info_sent, const SEC_DESC *psd) { NTSTATUS status; DATA_BLOB blob; diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index 9409f3fa20..c78369ac13 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -717,12 +717,12 @@ static bool mappable_sid(const DOM_SID *sid) static bool nt_to_afs_acl(const char *filename, uint32 security_info_sent, - struct security_descriptor *psd, + const struct security_descriptor *psd, uint32 (*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) { - SEC_ACL *dacl; + const SEC_ACL *dacl; int i; /* Currently we *only* look at the dacl */ @@ -737,7 +737,7 @@ static bool nt_to_afs_acl(const char *filename, dacl = psd->dacl; for (i = 0; i < dacl->num_aces; i++) { - SEC_ACE *ace = &(dacl->aces[i]); + const SEC_ACE *ace = &(dacl->aces[i]); const char *dom_name, *name; enum lsa_SidType name_type; char *p; @@ -887,7 +887,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst) static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - struct security_descriptor *psd) + const struct security_descriptor *psd) { struct afs_acl old_afs_acl, new_afs_acl; struct afs_acl dir_acl, file_acl; @@ -1040,7 +1040,7 @@ static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle, NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { return afs_set_nt_acl(handle, fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 23c4d88134..a078b9f9f6 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -371,7 +371,7 @@ static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { acl_type_t acl_type_info; NTSTATUS result = NT_STATUS_ACCESS_DENIED; @@ -395,7 +395,7 @@ static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_inf return result; } -NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 381aa18561..372cdf2d53 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -1036,7 +1036,7 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, return result; } -static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { NTSTATUS result; diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 1224ec3edb..9fadcd9e0c 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -202,7 +202,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, SEC_DESC **ppdesc); static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd); + const SEC_DESC *psd); static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, const char *path, mode_t mode); static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -1582,7 +1582,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { NTSTATUS result; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 39d2bb6c38..29ea7f0abe 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -365,7 +365,7 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { struct gpfs_acl *acl; NTSTATUS result = NT_STATUS_ACCESS_DENIED; @@ -386,7 +386,7 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i return result; } -static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); } diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index e933e47317..3688b2386e 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -166,7 +166,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) */ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - struct security_descriptor *psd) + const struct security_descriptor *psd) { return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, zfs_process_smbacl); @@ -207,7 +207,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd) + const SEC_DESC *psd) { return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 7479aea076..48ea993e28 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -988,7 +988,7 @@ static mode_t map_nt_perms( uint32 *mask, int type) Unpack a SEC_DESC into a UNIX owner and group. ****************************************************************************/ -NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd) { DOM_SID owner_sid; DOM_SID grp_sid; @@ -1329,11 +1329,13 @@ static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID Unpack a SEC_DESC into two canonical ace lists. ****************************************************************************/ -static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, - DOM_SID *pfile_owner_sid, - DOM_SID *pfile_grp_sid, - canon_ace **ppfile_ace, canon_ace **ppdir_ace, - SEC_ACL *dacl) +static bool create_canon_ace_lists(files_struct *fsp, + SMB_STRUCT_STAT *pst, + DOM_SID *pfile_owner_sid, + DOM_SID *pfile_grp_sid, + canon_ace **ppfile_ace, + canon_ace **ppdir_ace, + const SEC_ACL *dacl) { bool all_aces_are_inherit_only = (fsp->is_directory ? True : False); canon_ace *file_ace = NULL; @@ -2016,12 +2018,14 @@ static mode_t create_default_mode(files_struct *fsp, bool interitable_mode) succeeding. ****************************************************************************/ -static bool unpack_canon_ace(files_struct *fsp, - SMB_STRUCT_STAT *pst, - DOM_SID *pfile_owner_sid, - DOM_SID *pfile_grp_sid, - canon_ace **ppfile_ace, canon_ace **ppdir_ace, - uint32 security_info_sent, SEC_DESC *psd) +static bool unpack_canon_ace(files_struct *fsp, + SMB_STRUCT_STAT *pst, + DOM_SID *pfile_owner_sid, + DOM_SID *pfile_grp_sid, + canon_ace **ppfile_ace, + canon_ace **ppdir_ace, + uint32 security_info_sent, + const SEC_DESC *psd) { canon_ace *file_ace = NULL; canon_ace *dir_ace = NULL; @@ -3224,25 +3228,25 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) ****************************************************************************/ static NTSTATUS append_parent_acl(files_struct *fsp, - SMB_STRUCT_STAT *psbuf, - SEC_DESC *psd, + const SEC_DESC *pcsd, SEC_DESC **pp_new_sd) { SEC_DESC *parent_sd = NULL; files_struct *parent_fsp = NULL; - TALLOC_CTX *mem_ctx = talloc_parent(psd); + TALLOC_CTX *mem_ctx = talloc_tos(); char *parent_name = NULL; SEC_ACE *new_ace = NULL; - unsigned int num_aces = psd->dacl->num_aces; + unsigned int num_aces = pcsd->dacl->num_aces; SMB_STRUCT_STAT sbuf; NTSTATUS status; int info; unsigned int i, j; - bool is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED); + SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd); + bool is_dacl_protected = (pcsd->type & SE_DESC_DACL_PROTECTED); ZERO_STRUCT(sbuf); - if (mem_ctx == NULL) { + if (psd == NULL) { return NT_STATUS_NO_MEMORY; } @@ -3398,11 +3402,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, parent_name)); } - /* This sucks. psd should be const and we should - * be doing a deep-copy here. We're getting away - * with is as we know parent_sd is talloced off - * talloc_tos() as well as psd. JRA. */ - psd->dacl->aces = new_ace; psd->dacl->num_aces = i; psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED| @@ -3418,7 +3417,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, This should be the only external function needed for the UNIX style set ACL. ****************************************************************************/ -NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { connection_struct *conn = fsp->conn; uid_t user = (uid_t)-1; @@ -3529,10 +3528,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) SE_DESC_DACL_AUTO_INHERIT_REQ))== (SE_DESC_DACL_AUTO_INHERITED| SE_DESC_DACL_AUTO_INHERIT_REQ) ) { - status = append_parent_acl(fsp, &sbuf, psd, &psd); + SEC_DESC *new_sd = NULL; + status = append_parent_acl(fsp, psd, &new_sd); if (!NT_STATUS_IS_OK(status)) { return status; } + psd = new_sd; } acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, -- cgit From 859facda89ff3589e87c4cbe1708578769d7c535 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Oct 2008 17:56:32 -0700 Subject: Fix const warning. Jeremy. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 2b3fc2ebb2..4a8f6fec01 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -257,7 +257,7 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob) xacl.version = 2; xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = psd; + xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd); unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); ndr_err = ndr_push_struct_blob( -- cgit From f8a02a1a804fdb8640989595e2b57df86281c0f7 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 03:33:38 +0200 Subject: Fix subunit files location after cherrypicks. --- lib/subunit/python/__init__.py | 388 ----------- lib/subunit/python/subunit/__init__.py | 388 +++++++++++ lib/subunit/python/subunit/tests/TestUtil.py | 80 +++ lib/subunit/python/subunit/tests/__init__.py | 25 + lib/subunit/python/subunit/tests/sample-script.py | 11 + .../python/subunit/tests/sample-two-script.py | 7 + .../python/subunit/tests/test_test_protocol.py | 730 +++++++++++++++++++++ lib/subunit/python/tests/TestUtil.py | 80 --- lib/subunit/python/tests/__init__.py | 25 - lib/subunit/python/tests/sample-script.py | 11 - lib/subunit/python/tests/sample-two-script.py | 7 - lib/subunit/python/tests/test_test_protocol.py | 730 --------------------- source4/lib/ldb/tests/python/ldap.py | 1 + source4/scripting/bin/subunitrun | 2 +- 14 files changed, 1243 insertions(+), 1242 deletions(-) delete mode 100644 lib/subunit/python/__init__.py create mode 100644 lib/subunit/python/subunit/__init__.py create mode 100644 lib/subunit/python/subunit/tests/TestUtil.py create mode 100644 lib/subunit/python/subunit/tests/__init__.py create mode 100755 lib/subunit/python/subunit/tests/sample-script.py create mode 100755 lib/subunit/python/subunit/tests/sample-two-script.py create mode 100644 lib/subunit/python/subunit/tests/test_test_protocol.py delete mode 100644 lib/subunit/python/tests/TestUtil.py delete mode 100644 lib/subunit/python/tests/__init__.py delete mode 100755 lib/subunit/python/tests/sample-script.py delete mode 100755 lib/subunit/python/tests/sample-two-script.py delete mode 100644 lib/subunit/python/tests/test_test_protocol.py diff --git a/lib/subunit/python/__init__.py b/lib/subunit/python/__init__.py deleted file mode 100644 index 406cd8765b..0000000000 --- a/lib/subunit/python/__init__.py +++ /dev/null @@ -1,388 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# Copyright (C) 2007 Jelmer Vernooij -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import os -from StringIO import StringIO -import sys -import unittest - -def test_suite(): - import subunit.tests - return subunit.tests.test_suite() - - -def join_dir(base_path, path): - """ - Returns an absolute path to C{path}, calculated relative to the parent - of C{base_path}. - - @param base_path: A path to a file or directory. - @param path: An absolute path, or a path relative to the containing - directory of C{base_path}. - - @return: An absolute path to C{path}. - """ - return os.path.join(os.path.dirname(os.path.abspath(base_path)), path) - - -class TestProtocolServer(object): - """A class for receiving results from a TestProtocol client.""" - - OUTSIDE_TEST = 0 - TEST_STARTED = 1 - READING_FAILURE = 2 - READING_ERROR = 3 - - def __init__(self, client, stream=sys.stdout): - """Create a TestProtocol server instance. - - client should be an object that provides - - startTest - - addSuccess - - addFailure - - addError - - stopTest - methods, i.e. a TestResult. - """ - self.state = TestProtocolServer.OUTSIDE_TEST - self.client = client - self._stream = stream - - def _addError(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, RemoteError("")) - self.client.stopTest(self._current_test) - self._current_test = None - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_ERROR - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addFailure(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, RemoteError()) - self.client.stopTest(self._current_test) - elif (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description + " [" == line[offset:-1]): - self.state = TestProtocolServer.READING_FAILURE - self._message = "" - else: - self.stdOutLineReceived(line) - - def _addSuccess(self, offset, line): - if (self.state == TestProtocolServer.TEST_STARTED and - self.current_test_description == line[offset:-1]): - self.client.addSuccess(self._current_test) - self.client.stopTest(self._current_test) - self.current_test_description = None - self._current_test = None - self.state = TestProtocolServer.OUTSIDE_TEST - else: - self.stdOutLineReceived(line) - - def _appendMessage(self, line): - if line[0:2] == " ]": - # quoted ] start - self._message += line[1:] - else: - self._message += line - - def endQuote(self, line): - if self.state == TestProtocolServer.READING_FAILURE: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addFailure(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.state = TestProtocolServer.OUTSIDE_TEST - self.current_test_description = None - self.client.addError(self._current_test, - RemoteError(self._message)) - self.client.stopTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def lineReceived(self, line): - """Call the appropriate local method for the received line.""" - if line == "]\n": - self.endQuote(line) - elif (self.state == TestProtocolServer.READING_FAILURE or - self.state == TestProtocolServer.READING_ERROR): - self._appendMessage(line) - else: - parts = line.split(None, 1) - if len(parts) == 2: - cmd, rest = parts - offset = len(cmd) + 1 - cmd = cmd.strip(':') - if cmd in ('test', 'testing'): - self._startTest(offset, line) - elif cmd == 'error': - self._addError(offset, line) - elif cmd == 'failure': - self._addFailure(offset, line) - elif cmd in ('success', 'successful'): - self._addSuccess(offset, line) - else: - self.stdOutLineReceived(line) - else: - self.stdOutLineReceived(line) - - def lostConnection(self): - """The input connection has finished.""" - if self.state == TestProtocolServer.TEST_STARTED: - self.client.addError(self._current_test, - RemoteError("lost connection during test '%s'" - % self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_ERROR: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "error report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - elif self.state == TestProtocolServer.READING_FAILURE: - self.client.addError(self._current_test, - RemoteError("lost connection during " - "failure report of test " - "'%s'" % - self.current_test_description)) - self.client.stopTest(self._current_test) - - def readFrom(self, pipe): - for line in pipe.readlines(): - self.lineReceived(line) - self.lostConnection() - - def _startTest(self, offset, line): - """Internal call to change state machine. Override startTest().""" - if self.state == TestProtocolServer.OUTSIDE_TEST: - self.state = TestProtocolServer.TEST_STARTED - self._current_test = RemotedTestCase(line[offset:-1]) - self.current_test_description = line[offset:-1] - self.client.startTest(self._current_test) - else: - self.stdOutLineReceived(line) - - def stdOutLineReceived(self, line): - self._stream.write(line) - - -class RemoteException(Exception): - """An exception that occured remotely to python.""" - - def __eq__(self, other): - try: - return self.args == other.args - except AttributeError: - return False - - -class TestProtocolClient(unittest.TestResult): - """A class that looks like a TestResult and informs a TestProtocolServer.""" - - def __init__(self, stream): - super(TestProtocolClient, self).__init__() - self._stream = stream - - def addError(self, test, error): - """Report an error in test test.""" - self._stream.write("error: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addError(test, error) - - def addFailure(self, test, error): - """Report a failure in test test.""" - self._stream.write("failure: %s [\n" % (test.shortDescription() or str(test))) - for line in self._exc_info_to_string(error, test).splitlines(): - self._stream.write("%s\n" % line) - self._stream.write("]\n") - super(TestProtocolClient, self).addFailure(test, error) - - def addSuccess(self, test): - """Report a success in a test.""" - self._stream.write("successful: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).addSuccess(test) - - def startTest(self, test): - """Mark a test as starting its test run.""" - self._stream.write("test: %s\n" % (test.shortDescription() or str(test))) - super(TestProtocolClient, self).startTest(test) - - -def RemoteError(description=""): - if description == "": - description = "\n" - return (RemoteException, RemoteException(description), None) - - -class RemotedTestCase(unittest.TestCase): - """A class to represent test cases run in child processes.""" - - def __eq__ (self, other): - try: - return self.__description == other.__description - except AttributeError: - return False - - def __init__(self, description): - """Create a psuedo test case with description description.""" - self.__description = description - - def error(self, label): - raise NotImplementedError("%s on RemotedTestCases is not permitted." % - label) - - def setUp(self): - self.error("setUp") - - def tearDown(self): - self.error("tearDown") - - def shortDescription(self): - return self.__description - - def id(self): - return "%s.%s" % (self._strclass(), self.__description) - - def __str__(self): - return "%s (%s)" % (self.__description, self._strclass()) - - def __repr__(self): - return "<%s description='%s'>" % \ - (self._strclass(), self.__description) - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - result.startTest(self) - result.addError(self, RemoteError("Cannot run RemotedTestCases.\n")) - result.stopTest(self) - - def _strclass(self): - cls = self.__class__ - return "%s.%s" % (cls.__module__, cls.__name__) - - -class ExecTestCase(unittest.TestCase): - """A test case which runs external scripts for test fixtures.""" - - def __init__(self, methodName='runTest'): - """Create an instance of the class that will use the named test - method when executed. Raises a ValueError if the instance does - not have a method with the specified name. - """ - unittest.TestCase.__init__(self, methodName) - testMethod = getattr(self, methodName) - self.script = join_dir(sys.modules[self.__class__.__module__].__file__, - testMethod.__doc__) - - def countTestCases(self): - return 1 - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - self._run(result) - - def debug(self): - """Run the test without collecting errors in a TestResult""" - self._run(unittest.TestResult()) - - def _run(self, result): - protocol = TestProtocolServer(result) - output = os.popen(self.script, mode='r') - protocol.readFrom(output) - - -class IsolatedTestCase(unittest.TestCase): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = self.defaultTestResult() - run_isolated(unittest.TestCase, self, result) - - -class IsolatedTestSuite(unittest.TestSuite): - """A TestCase which runs its tests in a forked process.""" - - def run(self, result=None): - if result is None: result = unittest.TestResult() - run_isolated(unittest.TestSuite, self, result) - - -def run_isolated(klass, self, result): - """Run a test suite or case in a subprocess, using the run method on klass. - """ - c2pread, c2pwrite = os.pipe() - # fixme - error -> result - # now fork - pid = os.fork() - if pid == 0: - # Child - # Close parent's pipe ends - os.close(c2pread) - # Dup fds for child - os.dup2(c2pwrite, 1) - # Close pipe fds. - os.close(c2pwrite) - - # at this point, sys.stdin is redirected, now we want - # to filter it to escape ]'s. - ### XXX: test and write that bit. - - result = TestProtocolClient(sys.stdout) - klass.run(self, result) - sys.stdout.flush() - sys.stderr.flush() - # exit HARD, exit NOW. - os._exit(0) - else: - # Parent - # Close child pipe ends - os.close(c2pwrite) - # hookup a protocol engine - protocol = TestProtocolServer(result) - protocol.readFrom(os.fdopen(c2pread, 'rU')) - os.waitpid(pid, 0) - # TODO return code evaluation. - return result - - -class SubunitTestRunner(object): - def __init__(self, stream=sys.stdout): - self.stream = stream - - def run(self, test): - "Run the given test case or test suite." - result = TestProtocolClient(self.stream) - test(result) - return result - diff --git a/lib/subunit/python/subunit/__init__.py b/lib/subunit/python/subunit/__init__.py new file mode 100644 index 0000000000..406cd8765b --- /dev/null +++ b/lib/subunit/python/subunit/__init__.py @@ -0,0 +1,388 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# Copyright (C) 2007 Jelmer Vernooij +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import os +from StringIO import StringIO +import sys +import unittest + +def test_suite(): + import subunit.tests + return subunit.tests.test_suite() + + +def join_dir(base_path, path): + """ + Returns an absolute path to C{path}, calculated relative to the parent + of C{base_path}. + + @param base_path: A path to a file or directory. + @param path: An absolute path, or a path relative to the containing + directory of C{base_path}. + + @return: An absolute path to C{path}. + """ + return os.path.join(os.path.dirname(os.path.abspath(base_path)), path) + + +class TestProtocolServer(object): + """A class for receiving results from a TestProtocol client.""" + + OUTSIDE_TEST = 0 + TEST_STARTED = 1 + READING_FAILURE = 2 + READING_ERROR = 3 + + def __init__(self, client, stream=sys.stdout): + """Create a TestProtocol server instance. + + client should be an object that provides + - startTest + - addSuccess + - addFailure + - addError + - stopTest + methods, i.e. a TestResult. + """ + self.state = TestProtocolServer.OUTSIDE_TEST + self.client = client + self._stream = stream + + def _addError(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addError(self._current_test, RemoteError("")) + self.client.stopTest(self._current_test) + self._current_test = None + elif (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description + " [" == line[offset:-1]): + self.state = TestProtocolServer.READING_ERROR + self._message = "" + else: + self.stdOutLineReceived(line) + + def _addFailure(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addFailure(self._current_test, RemoteError()) + self.client.stopTest(self._current_test) + elif (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description + " [" == line[offset:-1]): + self.state = TestProtocolServer.READING_FAILURE + self._message = "" + else: + self.stdOutLineReceived(line) + + def _addSuccess(self, offset, line): + if (self.state == TestProtocolServer.TEST_STARTED and + self.current_test_description == line[offset:-1]): + self.client.addSuccess(self._current_test) + self.client.stopTest(self._current_test) + self.current_test_description = None + self._current_test = None + self.state = TestProtocolServer.OUTSIDE_TEST + else: + self.stdOutLineReceived(line) + + def _appendMessage(self, line): + if line[0:2] == " ]": + # quoted ] start + self._message += line[1:] + else: + self._message += line + + def endQuote(self, line): + if self.state == TestProtocolServer.READING_FAILURE: + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addFailure(self._current_test, + RemoteError(self._message)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_ERROR: + self.state = TestProtocolServer.OUTSIDE_TEST + self.current_test_description = None + self.client.addError(self._current_test, + RemoteError(self._message)) + self.client.stopTest(self._current_test) + else: + self.stdOutLineReceived(line) + + def lineReceived(self, line): + """Call the appropriate local method for the received line.""" + if line == "]\n": + self.endQuote(line) + elif (self.state == TestProtocolServer.READING_FAILURE or + self.state == TestProtocolServer.READING_ERROR): + self._appendMessage(line) + else: + parts = line.split(None, 1) + if len(parts) == 2: + cmd, rest = parts + offset = len(cmd) + 1 + cmd = cmd.strip(':') + if cmd in ('test', 'testing'): + self._startTest(offset, line) + elif cmd == 'error': + self._addError(offset, line) + elif cmd == 'failure': + self._addFailure(offset, line) + elif cmd in ('success', 'successful'): + self._addSuccess(offset, line) + else: + self.stdOutLineReceived(line) + else: + self.stdOutLineReceived(line) + + def lostConnection(self): + """The input connection has finished.""" + if self.state == TestProtocolServer.TEST_STARTED: + self.client.addError(self._current_test, + RemoteError("lost connection during test '%s'" + % self.current_test_description)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_ERROR: + self.client.addError(self._current_test, + RemoteError("lost connection during " + "error report of test " + "'%s'" % + self.current_test_description)) + self.client.stopTest(self._current_test) + elif self.state == TestProtocolServer.READING_FAILURE: + self.client.addError(self._current_test, + RemoteError("lost connection during " + "failure report of test " + "'%s'" % + self.current_test_description)) + self.client.stopTest(self._current_test) + + def readFrom(self, pipe): + for line in pipe.readlines(): + self.lineReceived(line) + self.lostConnection() + + def _startTest(self, offset, line): + """Internal call to change state machine. Override startTest().""" + if self.state == TestProtocolServer.OUTSIDE_TEST: + self.state = TestProtocolServer.TEST_STARTED + self._current_test = RemotedTestCase(line[offset:-1]) + self.current_test_description = line[offset:-1] + self.client.startTest(self._current_test) + else: + self.stdOutLineReceived(line) + + def stdOutLineReceived(self, line): + self._stream.write(line) + + +class RemoteException(Exception): + """An exception that occured remotely to python.""" + + def __eq__(self, other): + try: + return self.args == other.args + except AttributeError: + return False + + +class TestProtocolClient(unittest.TestResult): + """A class that looks like a TestResult and informs a TestProtocolServer.""" + + def __init__(self, stream): + super(TestProtocolClient, self).__init__() + self._stream = stream + + def addError(self, test, error): + """Report an error in test test.""" + self._stream.write("error: %s [\n" % (test.shortDescription() or str(test))) + for line in self._exc_info_to_string(error, test).splitlines(): + self._stream.write("%s\n" % line) + self._stream.write("]\n") + super(TestProtocolClient, self).addError(test, error) + + def addFailure(self, test, error): + """Report a failure in test test.""" + self._stream.write("failure: %s [\n" % (test.shortDescription() or str(test))) + for line in self._exc_info_to_string(error, test).splitlines(): + self._stream.write("%s\n" % line) + self._stream.write("]\n") + super(TestProtocolClient, self).addFailure(test, error) + + def addSuccess(self, test): + """Report a success in a test.""" + self._stream.write("successful: %s\n" % (test.shortDescription() or str(test))) + super(TestProtocolClient, self).addSuccess(test) + + def startTest(self, test): + """Mark a test as starting its test run.""" + self._stream.write("test: %s\n" % (test.shortDescription() or str(test))) + super(TestProtocolClient, self).startTest(test) + + +def RemoteError(description=""): + if description == "": + description = "\n" + return (RemoteException, RemoteException(description), None) + + +class RemotedTestCase(unittest.TestCase): + """A class to represent test cases run in child processes.""" + + def __eq__ (self, other): + try: + return self.__description == other.__description + except AttributeError: + return False + + def __init__(self, description): + """Create a psuedo test case with description description.""" + self.__description = description + + def error(self, label): + raise NotImplementedError("%s on RemotedTestCases is not permitted." % + label) + + def setUp(self): + self.error("setUp") + + def tearDown(self): + self.error("tearDown") + + def shortDescription(self): + return self.__description + + def id(self): + return "%s.%s" % (self._strclass(), self.__description) + + def __str__(self): + return "%s (%s)" % (self.__description, self._strclass()) + + def __repr__(self): + return "<%s description='%s'>" % \ + (self._strclass(), self.__description) + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + result.startTest(self) + result.addError(self, RemoteError("Cannot run RemotedTestCases.\n")) + result.stopTest(self) + + def _strclass(self): + cls = self.__class__ + return "%s.%s" % (cls.__module__, cls.__name__) + + +class ExecTestCase(unittest.TestCase): + """A test case which runs external scripts for test fixtures.""" + + def __init__(self, methodName='runTest'): + """Create an instance of the class that will use the named test + method when executed. Raises a ValueError if the instance does + not have a method with the specified name. + """ + unittest.TestCase.__init__(self, methodName) + testMethod = getattr(self, methodName) + self.script = join_dir(sys.modules[self.__class__.__module__].__file__, + testMethod.__doc__) + + def countTestCases(self): + return 1 + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + self._run(result) + + def debug(self): + """Run the test without collecting errors in a TestResult""" + self._run(unittest.TestResult()) + + def _run(self, result): + protocol = TestProtocolServer(result) + output = os.popen(self.script, mode='r') + protocol.readFrom(output) + + +class IsolatedTestCase(unittest.TestCase): + """A TestCase which runs its tests in a forked process.""" + + def run(self, result=None): + if result is None: result = self.defaultTestResult() + run_isolated(unittest.TestCase, self, result) + + +class IsolatedTestSuite(unittest.TestSuite): + """A TestCase which runs its tests in a forked process.""" + + def run(self, result=None): + if result is None: result = unittest.TestResult() + run_isolated(unittest.TestSuite, self, result) + + +def run_isolated(klass, self, result): + """Run a test suite or case in a subprocess, using the run method on klass. + """ + c2pread, c2pwrite = os.pipe() + # fixme - error -> result + # now fork + pid = os.fork() + if pid == 0: + # Child + # Close parent's pipe ends + os.close(c2pread) + # Dup fds for child + os.dup2(c2pwrite, 1) + # Close pipe fds. + os.close(c2pwrite) + + # at this point, sys.stdin is redirected, now we want + # to filter it to escape ]'s. + ### XXX: test and write that bit. + + result = TestProtocolClient(sys.stdout) + klass.run(self, result) + sys.stdout.flush() + sys.stderr.flush() + # exit HARD, exit NOW. + os._exit(0) + else: + # Parent + # Close child pipe ends + os.close(c2pwrite) + # hookup a protocol engine + protocol = TestProtocolServer(result) + protocol.readFrom(os.fdopen(c2pread, 'rU')) + os.waitpid(pid, 0) + # TODO return code evaluation. + return result + + +class SubunitTestRunner(object): + def __init__(self, stream=sys.stdout): + self.stream = stream + + def run(self, test): + "Run the given test case or test suite." + result = TestProtocolClient(self.stream) + test(result) + return result + diff --git a/lib/subunit/python/subunit/tests/TestUtil.py b/lib/subunit/python/subunit/tests/TestUtil.py new file mode 100644 index 0000000000..1b5ba9c293 --- /dev/null +++ b/lib/subunit/python/subunit/tests/TestUtil.py @@ -0,0 +1,80 @@ +# Copyright (c) 2004 Canonical Limited +# Author: Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import sys +import logging +import unittest + + +class LogCollector(logging.Handler): + def __init__(self): + logging.Handler.__init__(self) + self.records=[] + def emit(self, record): + self.records.append(record.getMessage()) + + +def makeCollectingLogger(): + """I make a logger instance that collects its logs for programmatic analysis + -> (logger, collector)""" + logger=logging.Logger("collector") + handler=LogCollector() + handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) + logger.addHandler(handler) + return logger, handler + + +def visitTests(suite, visitor): + """A foreign method for visiting the tests in a test suite.""" + for test in suite._tests: + #Abusing types to avoid monkey patching unittest.TestCase. + # Maybe that would be better? + try: + test.visit(visitor) + except AttributeError: + if isinstance(test, unittest.TestCase): + visitor.visitCase(test) + elif isinstance(test, unittest.TestSuite): + visitor.visitSuite(test) + visitTests(test, visitor) + else: + print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) + + +class TestSuite(unittest.TestSuite): + """I am an extended TestSuite with a visitor interface. + This is primarily to allow filtering of tests - and suites or + more in the future. An iterator of just tests wouldn't scale...""" + + def visit(self, visitor): + """visit the composite. Visiting is depth-first. + current callbacks are visitSuite and visitCase.""" + visitor.visitSuite(self) + visitTests(self, visitor) + + +class TestLoader(unittest.TestLoader): + """Custome TestLoader to set the right TestSuite class.""" + suiteClass = TestSuite + +class TestVisitor(object): + """A visitor for Tests""" + def visitSuite(self, aTestSuite): + pass + def visitCase(self, aTestCase): + pass diff --git a/lib/subunit/python/subunit/tests/__init__.py b/lib/subunit/python/subunit/tests/__init__.py new file mode 100644 index 0000000000..544d0e704f --- /dev/null +++ b/lib/subunit/python/subunit/tests/__init__.py @@ -0,0 +1,25 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +from subunit.tests import TestUtil, test_test_protocol + +def test_suite(): + result = TestUtil.TestSuite() + result.addTest(test_test_protocol.test_suite()) + return result diff --git a/lib/subunit/python/subunit/tests/sample-script.py b/lib/subunit/python/subunit/tests/sample-script.py new file mode 100755 index 0000000000..223d2f5d9f --- /dev/null +++ b/lib/subunit/python/subunit/tests/sample-script.py @@ -0,0 +1,11 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "failure bing crosby [" +print "foo.c:53:ERROR invalid state" +print "]" +print "test an error" +print "error an error" +sys.exit(0) diff --git a/lib/subunit/python/subunit/tests/sample-two-script.py b/lib/subunit/python/subunit/tests/sample-two-script.py new file mode 100755 index 0000000000..d5550842bf --- /dev/null +++ b/lib/subunit/python/subunit/tests/sample-two-script.py @@ -0,0 +1,7 @@ +#!/usr/bin/env python +import sys +print "test old mcdonald" +print "success old mcdonald" +print "test bing crosby" +print "success bing crosby" +sys.exit(0) diff --git a/lib/subunit/python/subunit/tests/test_test_protocol.py b/lib/subunit/python/subunit/tests/test_test_protocol.py new file mode 100644 index 0000000000..af31584a97 --- /dev/null +++ b/lib/subunit/python/subunit/tests/test_test_protocol.py @@ -0,0 +1,730 @@ +# +# subunit: extensions to python unittest to get test results from subprocesses. +# Copyright (C) 2005 Robert Collins +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +# + +import unittest +from StringIO import StringIO +import os +import subunit +import sys + +try: + class MockTestProtocolServerClient(object): + """A mock protocol server client to test callbacks.""" + + def __init__(self): + self.end_calls = [] + self.error_calls = [] + self.failure_calls = [] + self.start_calls = [] + self.success_calls = [] + super(MockTestProtocolServerClient, self).__init__() + + def addError(self, test, error): + self.error_calls.append((test, error)) + + def addFailure(self, test, error): + self.failure_calls.append((test, error)) + + def addSuccess(self, test): + self.success_calls.append(test) + + def stopTest(self, test): + self.end_calls.append(test) + + def startTest(self, test): + self.start_calls.append(test) + +except AttributeError: + MockTestProtocolServer = None + + +class TestMockTestProtocolServer(unittest.TestCase): + + def test_start_test(self): + protocol = MockTestProtocolServerClient() + protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_error(self): + protocol = MockTestProtocolServerClient() + protocol.addError(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, [( + subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + + def test_add_failure(self): + protocol = MockTestProtocolServerClient() + protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, [ + (subunit.RemotedTestCase("old mcdonald"), + subunit.RemoteError("omg it works"))]) + self.assertEqual(protocol.success_calls, []) + + def test_add_success(self): + protocol = MockTestProtocolServerClient() + protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.start_calls, []) + self.assertEqual(protocol.end_calls, []) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + + def test_end_test(self): + protocol = MockTestProtocolServerClient() + protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) + self.assertEqual(protocol.end_calls, + [subunit.RemotedTestCase("test old mcdonald")]) + self.assertEqual(protocol.error_calls, []) + self.assertEqual(protocol.failure_calls, []) + self.assertEqual(protocol.success_calls, []) + self.assertEqual(protocol.start_calls, []) + + +class TestTestImports(unittest.TestCase): + + def test_imports(self): + from subunit import TestProtocolServer + from subunit import RemotedTestCase + from subunit import RemoteError + from subunit import ExecTestCase + from subunit import IsolatedTestCase + from subunit import TestProtocolClient + + +class TestTestProtocolServerPipe(unittest.TestCase): + + def test_story(self): + client = unittest.TestResult() + protocol = subunit.TestProtocolServer(client) + pipe = StringIO("test old mcdonald\n" + "success old mcdonald\n" + "test bing crosby\n" + "failure bing crosby [\n" + "foo.c:53:ERROR invalid state\n" + "]\n" + "test an error\n" + "error an error\n") + protocol.readFrom(pipe) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(client.errors, + [(an_error, 'RemoteException: \n\n')]) + self.assertEqual( + client.failures, + [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) + self.assertEqual(client.testsRun, 3) + + +class TestTestProtocolServerStartTest(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + + def test_start_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing(self): + self.protocol.lineReceived("testing old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_test_colon(self): + self.protocol.lineReceived("test: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + def test_start_testing_colon(self): + self.protocol.lineReceived("testing: old mcdonald\n") + self.assertEqual(self.client.start_calls, + [subunit.RemotedTestCase("old mcdonald")]) + + +class TestTestProtocolServerPassThrough(unittest.TestCase): + + def setUp(self): + from StringIO import StringIO + self.stdout = StringIO() + self.test = subunit.RemotedTestCase("old mcdonald") + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client, self.stdout) + + def keywords_before_test(self): + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + + def test_keywords_before_test(self): + self.keywords_before_test() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.keywords_before_test() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_keywords_after_test(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived("]\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_keywords_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure: old mcdonald [\n") + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure a\n") + self.protocol.lineReceived("failure: a\n") + self.protocol.lineReceived("error a\n") + self.protocol.lineReceived("error: a\n") + self.protocol.lineReceived("success a\n") + self.protocol.lineReceived("success: a\n") + self.protocol.lineReceived("successful a\n") + self.protocol.lineReceived("successful: a\n") + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.stdout.getvalue(), "") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("test old mcdonald\n" + "failure a\n" + "failure: a\n" + "error a\n" + "error: a\n" + "success a\n" + "success: a\n" + "successful a\n" + "successful: a\n" + "]\n"))]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_stdout_passthrough(self): + """Lines received which cannot be interpreted as any protocol action + should be passed through to sys.stdout. + """ + bytes = "randombytes\n" + self.protocol.lineReceived(bytes) + self.assertEqual(self.stdout.getvalue(), bytes) + + +class TestTestProtocolServerLostConnection(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.test = subunit.RemotedTestCase("old mcdonald") + + def test_lost_connection_no_input(self): + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, []) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_start(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during " + "test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_error(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("error old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("lost connection during error " + "report of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connected_after_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald\n") + self.protocol.lostConnection() + test = subunit.RemotedTestCase("old mcdonald") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_during_failure(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("failure old mcdonald [\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, + [(self.test, + subunit.RemoteError("lost connection during " + "failure report" + " of test 'old mcdonald'"))]) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, []) + + def test_lost_connection_after_success(self): + self.protocol.lineReceived("test old mcdonald\n") + self.protocol.lineReceived("success old mcdonald\n") + self.protocol.lostConnection() + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + +class TestTestProtocolServerAddError(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_error_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def test_simple_error(self): + self.simple_error_keyword("error") + + def test_simple_error_colon(self): + self.simple_error_keyword("error:") + + def test_error_empty_message(self): + self.protocol.lineReceived("error mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError(""))]) + self.assertEqual(self.client.failure_calls, []) + + def error_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, [ + (self.test, subunit.RemoteError("]\n"))]) + self.assertEqual(self.client.failure_calls, []) + + def test_error_quoted_bracket(self): + self.error_quoted_bracket("error") + + def test_error_colon_quoted_bracket(self): + self.error_quoted_bracket("error:") + + +class TestTestProtocolServerAddFailure(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_failure_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def test_simple_failure(self): + self.simple_failure_keyword("failure") + + def test_simple_failure_colon(self): + self.simple_failure_keyword("failure:") + + def test_failure_empty_message(self): + self.protocol.lineReceived("failure mcdonalds farm [\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError())]) + + def failure_quoted_bracket(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) + self.protocol.lineReceived(" ]\n") + self.protocol.lineReceived("]\n") + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.failure_calls, + [(self.test, subunit.RemoteError("]\n"))]) + + def test_failure_quoted_bracket(self): + self.failure_quoted_bracket("failure") + + def test_failure_colon_quoted_bracket(self): + self.failure_quoted_bracket("failure:") + + +class TestTestProtocolServerAddSuccess(unittest.TestCase): + + def setUp(self): + self.client = MockTestProtocolServerClient() + self.protocol = subunit.TestProtocolServer(self.client) + self.protocol.lineReceived("test mcdonalds farm\n") + self.test = subunit.RemotedTestCase("mcdonalds farm") + + def simple_success_keyword(self, keyword): + self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) + self.assertEqual(self.client.start_calls, [self.test]) + self.assertEqual(self.client.end_calls, [self.test]) + self.assertEqual(self.client.error_calls, []) + self.assertEqual(self.client.success_calls, [self.test]) + + def test_simple_success(self): + self.simple_success_keyword("failure") + + def test_simple_success_colon(self): + self.simple_success_keyword("failure:") + + def test_simple_success(self): + self.simple_success_keyword("successful") + + def test_simple_success_colon(self): + self.simple_success_keyword("successful:") + + +class TestRemotedTestCase(unittest.TestCase): + + def test_simple(self): + test = subunit.RemotedTestCase("A test description") + self.assertRaises(NotImplementedError, test.setUp) + self.assertRaises(NotImplementedError, test.tearDown) + self.assertEqual("A test description", + test.shortDescription()) + self.assertEqual("subunit.RemotedTestCase.A test description", + test.id()) + self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) + self.assertEqual("", "%r" % test) + result = unittest.TestResult() + test.run(result) + self.assertEqual([(test, "RemoteException: " + "Cannot run RemotedTestCases.\n\n")], + result.errors) + self.assertEqual(1, result.testsRun) + another_test = subunit.RemotedTestCase("A test description") + self.assertEqual(test, another_test) + different_test = subunit.RemotedTestCase("ofo") + self.assertNotEqual(test, different_test) + self.assertNotEqual(another_test, different_test) + + +class TestRemoteError(unittest.TestCase): + + def test_eq(self): + error = subunit.RemoteError("Something went wrong") + another_error = subunit.RemoteError("Something went wrong") + different_error = subunit.RemoteError("boo!") + self.assertEqual(error, another_error) + self.assertNotEqual(error, different_error) + self.assertNotEqual(different_error, another_error) + + def test_empty_constructor(self): + self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) + + +class TestExecTestCase(unittest.TestCase): + + class SampleExecTestCase(subunit.ExecTestCase): + + def test_sample_method(self): + """sample-script.py""" + # the sample script runs three tests, one each + # that fails, errors and succeeds + + + def test_construct(self): + test = self.SampleExecTestCase("test_sample_method") + self.assertEqual(test.script, + subunit.join_dir(__file__, 'sample-script.py')) + + def test_run(self): + runner = MockTestProtocolServerClient() + test = self.SampleExecTestCase("test_sample_method") + test.run(runner) + mcdonald = subunit.RemotedTestCase("old mcdonald") + bing = subunit.RemotedTestCase("bing crosby") + an_error = subunit.RemotedTestCase("an error") + self.assertEqual(runner.error_calls, + [(an_error, subunit.RemoteError())]) + self.assertEqual(runner.failure_calls, + [(bing, + subunit.RemoteError( + "foo.c:53:ERROR invalid state\n"))]) + self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) + self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) + + def test_debug(self): + test = self.SampleExecTestCase("test_sample_method") + test.debug() + + def test_count_test_cases(self): + """TODO run the child process and count responses to determine the count.""" + + def test_join_dir(self): + sibling = subunit.join_dir(__file__, 'foo') + expected = '%s/foo' % (os.path.split(__file__)[0],) + self.assertEqual(sibling, expected) + + +class DoExecTestCase(subunit.ExecTestCase): + + def test_working_script(self): + """sample-two-script.py""" + + +class TestIsolatedTestCase(unittest.TestCase): + + class SampleIsolatedTestCase(subunit.IsolatedTestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True + + def tearDown(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True + + + def test_construct(self): + test = self.SampleIsolatedTestCase("test_sets_global_state") + + def test_run(self): + result = unittest.TestResult() + test = self.SampleIsolatedTestCase("test_sets_global_state") + test.run(result) + self.assertEqual(result.testsRun, 1) + self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) + self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) + self.assertEqual(self.SampleIsolatedTestCase.TEST, False) + + def test_debug(self): + pass + #test = self.SampleExecTestCase("test_sample_method") + #test.debug() + + +class TestIsolatedTestSuite(unittest.TestCase): + + class SampleTestToIsolate(unittest.TestCase): + + SETUP = False + TEARDOWN = False + TEST = False + + def setUp(self): + TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True + + def tearDown(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True + + def test_sets_global_state(self): + TestIsolatedTestSuite.SampleTestToIsolate.TEST = True + + + def test_construct(self): + suite = subunit.IsolatedTestSuite() + + def test_run(self): + result = unittest.TestResult() + suite = subunit.IsolatedTestSuite() + sub_suite = unittest.TestSuite() + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.addTest(sub_suite) + suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) + suite.run(result) + self.assertEqual(result.testsRun, 3) + self.assertEqual(self.SampleTestToIsolate.SETUP, False) + self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) + self.assertEqual(self.SampleTestToIsolate.TEST, False) + + +class TestTestProtocolClient(unittest.TestCase): + + def setUp(self): + self.io = StringIO() + self.protocol = subunit.TestProtocolClient(self.io) + self.test = TestTestProtocolClient("test_start_test") + + + def test_start_test(self): + """Test startTest on a TestProtocolClient.""" + self.protocol.startTest(self.test) + self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) + + def test_stop_test(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.stopTest(self.test) + self.assertEqual(self.io.getvalue(), "") + + def test_add_success(self): + """Test addSuccess on a TestProtocolClient.""" + self.protocol.addSuccess(self.test) + self.assertEqual( + self.io.getvalue(), "successful: %s\n" % self.test.id()) + + def test_add_failure(self): + """Test addFailure on a TestProtocolClient.""" + self.protocol.addFailure(self.test, subunit.RemoteError("boo")) + self.assertEqual( + self.io.getvalue(), + 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) + + def test_add_error(self): + """Test stopTest on a TestProtocolClient.""" + self.protocol.addError(self.test, subunit.RemoteError("phwoar")) + self.assertEqual( + self.io.getvalue(), + 'error: %s [\n' + "RemoteException: phwoar\n" + "]\n" % self.test.id()) + + +def test_suite(): + loader = subunit.tests.TestUtil.TestLoader() + result = loader.loadTestsFromName(__name__) + return result diff --git a/lib/subunit/python/tests/TestUtil.py b/lib/subunit/python/tests/TestUtil.py deleted file mode 100644 index 1b5ba9c293..0000000000 --- a/lib/subunit/python/tests/TestUtil.py +++ /dev/null @@ -1,80 +0,0 @@ -# Copyright (c) 2004 Canonical Limited -# Author: Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import sys -import logging -import unittest - - -class LogCollector(logging.Handler): - def __init__(self): - logging.Handler.__init__(self) - self.records=[] - def emit(self, record): - self.records.append(record.getMessage()) - - -def makeCollectingLogger(): - """I make a logger instance that collects its logs for programmatic analysis - -> (logger, collector)""" - logger=logging.Logger("collector") - handler=LogCollector() - handler.setFormatter(logging.Formatter("%(levelname)s: %(message)s")) - logger.addHandler(handler) - return logger, handler - - -def visitTests(suite, visitor): - """A foreign method for visiting the tests in a test suite.""" - for test in suite._tests: - #Abusing types to avoid monkey patching unittest.TestCase. - # Maybe that would be better? - try: - test.visit(visitor) - except AttributeError: - if isinstance(test, unittest.TestCase): - visitor.visitCase(test) - elif isinstance(test, unittest.TestSuite): - visitor.visitSuite(test) - visitTests(test, visitor) - else: - print "unvisitable non-unittest.TestCase element %r (%r)" % (test, test.__class__) - - -class TestSuite(unittest.TestSuite): - """I am an extended TestSuite with a visitor interface. - This is primarily to allow filtering of tests - and suites or - more in the future. An iterator of just tests wouldn't scale...""" - - def visit(self, visitor): - """visit the composite. Visiting is depth-first. - current callbacks are visitSuite and visitCase.""" - visitor.visitSuite(self) - visitTests(self, visitor) - - -class TestLoader(unittest.TestLoader): - """Custome TestLoader to set the right TestSuite class.""" - suiteClass = TestSuite - -class TestVisitor(object): - """A visitor for Tests""" - def visitSuite(self, aTestSuite): - pass - def visitCase(self, aTestCase): - pass diff --git a/lib/subunit/python/tests/__init__.py b/lib/subunit/python/tests/__init__.py deleted file mode 100644 index 544d0e704f..0000000000 --- a/lib/subunit/python/tests/__init__.py +++ /dev/null @@ -1,25 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -from subunit.tests import TestUtil, test_test_protocol - -def test_suite(): - result = TestUtil.TestSuite() - result.addTest(test_test_protocol.test_suite()) - return result diff --git a/lib/subunit/python/tests/sample-script.py b/lib/subunit/python/tests/sample-script.py deleted file mode 100755 index 223d2f5d9f..0000000000 --- a/lib/subunit/python/tests/sample-script.py +++ /dev/null @@ -1,11 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "failure bing crosby [" -print "foo.c:53:ERROR invalid state" -print "]" -print "test an error" -print "error an error" -sys.exit(0) diff --git a/lib/subunit/python/tests/sample-two-script.py b/lib/subunit/python/tests/sample-two-script.py deleted file mode 100755 index d5550842bf..0000000000 --- a/lib/subunit/python/tests/sample-two-script.py +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env python -import sys -print "test old mcdonald" -print "success old mcdonald" -print "test bing crosby" -print "success bing crosby" -sys.exit(0) diff --git a/lib/subunit/python/tests/test_test_protocol.py b/lib/subunit/python/tests/test_test_protocol.py deleted file mode 100644 index af31584a97..0000000000 --- a/lib/subunit/python/tests/test_test_protocol.py +++ /dev/null @@ -1,730 +0,0 @@ -# -# subunit: extensions to python unittest to get test results from subprocesses. -# Copyright (C) 2005 Robert Collins -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -# - -import unittest -from StringIO import StringIO -import os -import subunit -import sys - -try: - class MockTestProtocolServerClient(object): - """A mock protocol server client to test callbacks.""" - - def __init__(self): - self.end_calls = [] - self.error_calls = [] - self.failure_calls = [] - self.start_calls = [] - self.success_calls = [] - super(MockTestProtocolServerClient, self).__init__() - - def addError(self, test, error): - self.error_calls.append((test, error)) - - def addFailure(self, test, error): - self.failure_calls.append((test, error)) - - def addSuccess(self, test): - self.success_calls.append(test) - - def stopTest(self, test): - self.end_calls.append(test) - - def startTest(self, test): - self.start_calls.append(test) - -except AttributeError: - MockTestProtocolServer = None - - -class TestMockTestProtocolServer(unittest.TestCase): - - def test_start_test(self): - protocol = MockTestProtocolServerClient() - protocol.startTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_error(self): - protocol = MockTestProtocolServerClient() - protocol.addError(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, [( - subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - - def test_add_failure(self): - protocol = MockTestProtocolServerClient() - protocol.addFailure(subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, [ - (subunit.RemotedTestCase("old mcdonald"), - subunit.RemoteError("omg it works"))]) - self.assertEqual(protocol.success_calls, []) - - def test_add_success(self): - protocol = MockTestProtocolServerClient() - protocol.addSuccess(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.start_calls, []) - self.assertEqual(protocol.end_calls, []) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - - def test_end_test(self): - protocol = MockTestProtocolServerClient() - protocol.stopTest(subunit.RemotedTestCase("test old mcdonald")) - self.assertEqual(protocol.end_calls, - [subunit.RemotedTestCase("test old mcdonald")]) - self.assertEqual(protocol.error_calls, []) - self.assertEqual(protocol.failure_calls, []) - self.assertEqual(protocol.success_calls, []) - self.assertEqual(protocol.start_calls, []) - - -class TestTestImports(unittest.TestCase): - - def test_imports(self): - from subunit import TestProtocolServer - from subunit import RemotedTestCase - from subunit import RemoteError - from subunit import ExecTestCase - from subunit import IsolatedTestCase - from subunit import TestProtocolClient - - -class TestTestProtocolServerPipe(unittest.TestCase): - - def test_story(self): - client = unittest.TestResult() - protocol = subunit.TestProtocolServer(client) - pipe = StringIO("test old mcdonald\n" - "success old mcdonald\n" - "test bing crosby\n" - "failure bing crosby [\n" - "foo.c:53:ERROR invalid state\n" - "]\n" - "test an error\n" - "error an error\n") - protocol.readFrom(pipe) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(client.errors, - [(an_error, 'RemoteException: \n\n')]) - self.assertEqual( - client.failures, - [(bing, "RemoteException: foo.c:53:ERROR invalid state\n\n")]) - self.assertEqual(client.testsRun, 3) - - -class TestTestProtocolServerStartTest(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - - def test_start_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing(self): - self.protocol.lineReceived("testing old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_test_colon(self): - self.protocol.lineReceived("test: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - def test_start_testing_colon(self): - self.protocol.lineReceived("testing: old mcdonald\n") - self.assertEqual(self.client.start_calls, - [subunit.RemotedTestCase("old mcdonald")]) - - -class TestTestProtocolServerPassThrough(unittest.TestCase): - - def setUp(self): - from StringIO import StringIO - self.stdout = StringIO() - self.test = subunit.RemotedTestCase("old mcdonald") - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client, self.stdout) - - def keywords_before_test(self): - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - - def test_keywords_before_test(self): - self.keywords_before_test() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.keywords_before_test() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_keywords_after_test(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived("]\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.assertEqual(self.stdout.getvalue(), "test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_keywords_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure: old mcdonald [\n") - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure a\n") - self.protocol.lineReceived("failure: a\n") - self.protocol.lineReceived("error a\n") - self.protocol.lineReceived("error: a\n") - self.protocol.lineReceived("success a\n") - self.protocol.lineReceived("success: a\n") - self.protocol.lineReceived("successful a\n") - self.protocol.lineReceived("successful: a\n") - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.stdout.getvalue(), "") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("test old mcdonald\n" - "failure a\n" - "failure: a\n" - "error a\n" - "error: a\n" - "success a\n" - "success: a\n" - "successful a\n" - "successful: a\n" - "]\n"))]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_stdout_passthrough(self): - """Lines received which cannot be interpreted as any protocol action - should be passed through to sys.stdout. - """ - bytes = "randombytes\n" - self.protocol.lineReceived(bytes) - self.assertEqual(self.stdout.getvalue(), bytes) - - -class TestTestProtocolServerLostConnection(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.test = subunit.RemotedTestCase("old mcdonald") - - def test_lost_connection_no_input(self): - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, []) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_start(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during " - "test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_error(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("error old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("lost connection during error " - "report of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connected_after_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald\n") - self.protocol.lostConnection() - test = subunit.RemotedTestCase("old mcdonald") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_during_failure(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("failure old mcdonald [\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, - [(self.test, - subunit.RemoteError("lost connection during " - "failure report" - " of test 'old mcdonald'"))]) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, []) - - def test_lost_connection_after_success(self): - self.protocol.lineReceived("test old mcdonald\n") - self.protocol.lineReceived("success old mcdonald\n") - self.protocol.lostConnection() - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - -class TestTestProtocolServerAddError(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_error_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def test_simple_error(self): - self.simple_error_keyword("error") - - def test_simple_error_colon(self): - self.simple_error_keyword("error:") - - def test_error_empty_message(self): - self.protocol.lineReceived("error mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError(""))]) - self.assertEqual(self.client.failure_calls, []) - - def error_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, [ - (self.test, subunit.RemoteError("]\n"))]) - self.assertEqual(self.client.failure_calls, []) - - def test_error_quoted_bracket(self): - self.error_quoted_bracket("error") - - def test_error_colon_quoted_bracket(self): - self.error_quoted_bracket("error:") - - -class TestTestProtocolServerAddFailure(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_failure_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def test_simple_failure(self): - self.simple_failure_keyword("failure") - - def test_simple_failure_colon(self): - self.simple_failure_keyword("failure:") - - def test_failure_empty_message(self): - self.protocol.lineReceived("failure mcdonalds farm [\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError())]) - - def failure_quoted_bracket(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm [\n" % keyword) - self.protocol.lineReceived(" ]\n") - self.protocol.lineReceived("]\n") - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.failure_calls, - [(self.test, subunit.RemoteError("]\n"))]) - - def test_failure_quoted_bracket(self): - self.failure_quoted_bracket("failure") - - def test_failure_colon_quoted_bracket(self): - self.failure_quoted_bracket("failure:") - - -class TestTestProtocolServerAddSuccess(unittest.TestCase): - - def setUp(self): - self.client = MockTestProtocolServerClient() - self.protocol = subunit.TestProtocolServer(self.client) - self.protocol.lineReceived("test mcdonalds farm\n") - self.test = subunit.RemotedTestCase("mcdonalds farm") - - def simple_success_keyword(self, keyword): - self.protocol.lineReceived("%s mcdonalds farm\n" % keyword) - self.assertEqual(self.client.start_calls, [self.test]) - self.assertEqual(self.client.end_calls, [self.test]) - self.assertEqual(self.client.error_calls, []) - self.assertEqual(self.client.success_calls, [self.test]) - - def test_simple_success(self): - self.simple_success_keyword("failure") - - def test_simple_success_colon(self): - self.simple_success_keyword("failure:") - - def test_simple_success(self): - self.simple_success_keyword("successful") - - def test_simple_success_colon(self): - self.simple_success_keyword("successful:") - - -class TestRemotedTestCase(unittest.TestCase): - - def test_simple(self): - test = subunit.RemotedTestCase("A test description") - self.assertRaises(NotImplementedError, test.setUp) - self.assertRaises(NotImplementedError, test.tearDown) - self.assertEqual("A test description", - test.shortDescription()) - self.assertEqual("subunit.RemotedTestCase.A test description", - test.id()) - self.assertEqual("A test description (subunit.RemotedTestCase)", "%s" % test) - self.assertEqual("", "%r" % test) - result = unittest.TestResult() - test.run(result) - self.assertEqual([(test, "RemoteException: " - "Cannot run RemotedTestCases.\n\n")], - result.errors) - self.assertEqual(1, result.testsRun) - another_test = subunit.RemotedTestCase("A test description") - self.assertEqual(test, another_test) - different_test = subunit.RemotedTestCase("ofo") - self.assertNotEqual(test, different_test) - self.assertNotEqual(another_test, different_test) - - -class TestRemoteError(unittest.TestCase): - - def test_eq(self): - error = subunit.RemoteError("Something went wrong") - another_error = subunit.RemoteError("Something went wrong") - different_error = subunit.RemoteError("boo!") - self.assertEqual(error, another_error) - self.assertNotEqual(error, different_error) - self.assertNotEqual(different_error, another_error) - - def test_empty_constructor(self): - self.assertEqual(subunit.RemoteError(), subunit.RemoteError("")) - - -class TestExecTestCase(unittest.TestCase): - - class SampleExecTestCase(subunit.ExecTestCase): - - def test_sample_method(self): - """sample-script.py""" - # the sample script runs three tests, one each - # that fails, errors and succeeds - - - def test_construct(self): - test = self.SampleExecTestCase("test_sample_method") - self.assertEqual(test.script, - subunit.join_dir(__file__, 'sample-script.py')) - - def test_run(self): - runner = MockTestProtocolServerClient() - test = self.SampleExecTestCase("test_sample_method") - test.run(runner) - mcdonald = subunit.RemotedTestCase("old mcdonald") - bing = subunit.RemotedTestCase("bing crosby") - an_error = subunit.RemotedTestCase("an error") - self.assertEqual(runner.error_calls, - [(an_error, subunit.RemoteError())]) - self.assertEqual(runner.failure_calls, - [(bing, - subunit.RemoteError( - "foo.c:53:ERROR invalid state\n"))]) - self.assertEqual(runner.start_calls, [mcdonald, bing, an_error]) - self.assertEqual(runner.end_calls, [mcdonald, bing, an_error]) - - def test_debug(self): - test = self.SampleExecTestCase("test_sample_method") - test.debug() - - def test_count_test_cases(self): - """TODO run the child process and count responses to determine the count.""" - - def test_join_dir(self): - sibling = subunit.join_dir(__file__, 'foo') - expected = '%s/foo' % (os.path.split(__file__)[0],) - self.assertEqual(sibling, expected) - - -class DoExecTestCase(subunit.ExecTestCase): - - def test_working_script(self): - """sample-two-script.py""" - - -class TestIsolatedTestCase(unittest.TestCase): - - class SampleIsolatedTestCase(subunit.IsolatedTestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestCase.SampleIsolatedTestCase.SETUP = True - - def tearDown(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestCase.SampleIsolatedTestCase.TEST = True - - - def test_construct(self): - test = self.SampleIsolatedTestCase("test_sets_global_state") - - def test_run(self): - result = unittest.TestResult() - test = self.SampleIsolatedTestCase("test_sets_global_state") - test.run(result) - self.assertEqual(result.testsRun, 1) - self.assertEqual(self.SampleIsolatedTestCase.SETUP, False) - self.assertEqual(self.SampleIsolatedTestCase.TEARDOWN, False) - self.assertEqual(self.SampleIsolatedTestCase.TEST, False) - - def test_debug(self): - pass - #test = self.SampleExecTestCase("test_sample_method") - #test.debug() - - -class TestIsolatedTestSuite(unittest.TestCase): - - class SampleTestToIsolate(unittest.TestCase): - - SETUP = False - TEARDOWN = False - TEST = False - - def setUp(self): - TestIsolatedTestSuite.SampleTestToIsolate.SETUP = True - - def tearDown(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEARDOWN = True - - def test_sets_global_state(self): - TestIsolatedTestSuite.SampleTestToIsolate.TEST = True - - - def test_construct(self): - suite = subunit.IsolatedTestSuite() - - def test_run(self): - result = unittest.TestResult() - suite = subunit.IsolatedTestSuite() - sub_suite = unittest.TestSuite() - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - sub_suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.addTest(sub_suite) - suite.addTest(self.SampleTestToIsolate("test_sets_global_state")) - suite.run(result) - self.assertEqual(result.testsRun, 3) - self.assertEqual(self.SampleTestToIsolate.SETUP, False) - self.assertEqual(self.SampleTestToIsolate.TEARDOWN, False) - self.assertEqual(self.SampleTestToIsolate.TEST, False) - - -class TestTestProtocolClient(unittest.TestCase): - - def setUp(self): - self.io = StringIO() - self.protocol = subunit.TestProtocolClient(self.io) - self.test = TestTestProtocolClient("test_start_test") - - - def test_start_test(self): - """Test startTest on a TestProtocolClient.""" - self.protocol.startTest(self.test) - self.assertEqual(self.io.getvalue(), "test: %s\n" % self.test.id()) - - def test_stop_test(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.stopTest(self.test) - self.assertEqual(self.io.getvalue(), "") - - def test_add_success(self): - """Test addSuccess on a TestProtocolClient.""" - self.protocol.addSuccess(self.test) - self.assertEqual( - self.io.getvalue(), "successful: %s\n" % self.test.id()) - - def test_add_failure(self): - """Test addFailure on a TestProtocolClient.""" - self.protocol.addFailure(self.test, subunit.RemoteError("boo")) - self.assertEqual( - self.io.getvalue(), - 'failure: %s [\nRemoteException: boo\n]\n' % self.test.id()) - - def test_add_error(self): - """Test stopTest on a TestProtocolClient.""" - self.protocol.addError(self.test, subunit.RemoteError("phwoar")) - self.assertEqual( - self.io.getvalue(), - 'error: %s [\n' - "RemoteException: phwoar\n" - "]\n" % self.test.id()) - - -def test_suite(): - loader = subunit.tests.TestUtil.TestLoader() - result = loader.loadTestsFromName(__name__) - return result diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index 6c910b63f1..e2cc658521 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -8,6 +8,7 @@ import sys import time sys.path.append("bin/python") +sys.path.append("../lib/subunit/python") import samba.getopt as options diff --git a/source4/scripting/bin/subunitrun b/source4/scripting/bin/subunitrun index bc35c7ce22..e7737bdbec 100755 --- a/source4/scripting/bin/subunitrun +++ b/source4/scripting/bin/subunitrun @@ -21,7 +21,7 @@ import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") -sys.path.insert(0, "../lib/subunit/python") +sys.path.insert(1, "../lib/subunit/python") from subunit import SubunitTestRunner from unittest import TestProgram -- cgit From 6e493fc631647c1c4d19f77dd9f625202bd889f2 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 11:56:46 +0200 Subject: Add manpage for nmblookup, move nmblookup closer to nbt library. --- source4/libcli/config.mk | 14 ++ source4/libcli/nbt/man/nmblookup.1.xml | 223 +++++++++++++++++++ source4/libcli/nbt/tools/nmblookup.c | 381 +++++++++++++++++++++++++++++++++ source4/utils/config.mk | 17 -- source4/utils/nmblookup.c | 381 --------------------------------- 5 files changed, 618 insertions(+), 398 deletions(-) create mode 100644 source4/libcli/nbt/man/nmblookup.1.xml create mode 100644 source4/libcli/nbt/tools/nmblookup.c delete mode 100644 source4/utils/nmblookup.c diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index d68a2a2ce3..8e8587ffa4 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -55,6 +55,20 @@ LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/nbt/, \ namerefresh.o \ namerelease.o) +[BINARY::nmblookup] +INSTALLDIR = BINDIR +PRIVATE_DEPENDENCIES = \ + LIBSAMBA-HOSTCONFIG \ + LIBSAMBA-UTIL \ + LIBCLI_NBT \ + LIBPOPT \ + POPT_SAMBA \ + LIBNETIF \ + LIBCLI_RESOLVE + +nmblookup_OBJ_FILES = $(libclinbtsrcdir)/tools/nmblookup.o +MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 + [SUBSYSTEM::LIBCLI_NDR_NETLOGON] PUBLIC_DEPENDENCIES = LIBNDR \ NDR_SECURITY diff --git a/source4/libcli/nbt/man/nmblookup.1.xml b/source4/libcli/nbt/man/nmblookup.1.xml new file mode 100644 index 0000000000..85640da033 --- /dev/null +++ b/source4/libcli/nbt/man/nmblookup.1.xml @@ -0,0 +1,223 @@ + + + + + + nmblookup + 1 + Samba + User Commands + 3.2 + + + + + nmblookup + NetBIOS over TCP/IP client used to lookup NetBIOS + names + + + + + nmblookup + -M + -R + -S + -r + -A + -h + -B <broadcast address> + -U <unicast address> + -d <debug level> + -s <smb config file> + -i <NetBIOS scope> + -T + -f + name + + + + + DESCRIPTION + + This tool is part of the samba + 7 suite. + + nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP. + + + + OPTIONS + + + + -M + Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If + name is "-" then it does a lookup on the special name + __MSBROWSE__. Please note that in order to + use the name "-", you need to make sure "-" isn't parsed as an + argument, e.g. use : + nmblookup -M -- -. + + + + -R + Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See RFC1001, RFC1002 for details. + + + + + -S + Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + + + + + + -r + Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd + 8 daemon is running on this machine it also binds to this port. + + + + + + -A + Interpret name as + an IP Address and do a node status query on this address. + + + + + + &popt.common.connection; + &stdarg.help; + + + -B <broadcast address> + Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf + 5 file. + + + + + + + -U <unicast address> + Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server. + + + &stdarg.server.debug; + &popt.common.samba; + + + -T + This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each + + IP address .... NetBIOS name + + pair that is the normal output. + + + + -f + + Show which flags apply to the name that has been looked up. Possible + answers are zero or more of: Response, Authoritative, + Truncated, Recursion_Desired, Recursion_Available, Broadcast. + + + + + + name + This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area. + + + + + + + EXAMPLES + + nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, nmblookup + must be called like this: + + nmblookup -U server -R 'name' + + For example, running : + + nmblookup -U samba.org -R 'IRIX#1B' + + would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup. + + + + VERSION + + This man page is correct for version 3 of + the Samba suite. + + + + SEE ALSO + nmbd + 8, samba + 7, and smb.conf + 5. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. The conversion to DocBook + XML 4.2 for Samba 3.0 was done by Alexander Bokovoy. + + + diff --git a/source4/libcli/nbt/tools/nmblookup.c b/source4/libcli/nbt/tools/nmblookup.c new file mode 100644 index 0000000000..0d98cb99de --- /dev/null +++ b/source4/libcli/nbt/tools/nmblookup.c @@ -0,0 +1,381 @@ +/* + Unix SMB/CIFS implementation. + + NBT client - used to lookup netbios names + + Copyright (C) Andrew Tridgell 1994-2005 + Copyright (C) Jelmer Vernooij 2003 (Conversion to popt) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +*/ + +#include "includes.h" +#include "lib/cmdline/popt_common.h" +#include "lib/socket/socket.h" +#include "lib/events/events.h" +#include "system/network.h" +#include "system/locale.h" +#include "lib/socket/netif.h" +#include "librpc/gen_ndr/nbt.h" +#include "../libcli/nbt/libnbt.h" +#include "param/param.h" + +/* command line options */ +static struct { + const char *broadcast_address; + const char *unicast_address; + bool find_master; + bool wins_lookup; + bool node_status; + bool root_port; + bool lookup_by_ip; + bool case_sensitive; +} options; + +/* + clean any binary from a node name +*/ +static const char *clean_name(TALLOC_CTX *mem_ctx, const char *name) +{ + char *ret = talloc_strdup(mem_ctx, name); + int i; + for (i=0;ret[i];i++) { + if (!isprint((unsigned char)ret[i])) ret[i] = '.'; + } + return ret; +} + +/* + turn a node status flags field into a string +*/ +static char *node_status_flags(TALLOC_CTX *mem_ctx, uint16_t flags) +{ + char *ret; + const char *group = " "; + const char *type = "B"; + + if (flags & NBT_NM_GROUP) { + group = ""; + } + + switch (flags & NBT_NM_OWNER_TYPE) { + case NBT_NODE_B: + type = "B"; + break; + case NBT_NODE_P: + type = "P"; + break; + case NBT_NODE_M: + type = "M"; + break; + case NBT_NODE_H: + type = "H"; + break; + } + + ret = talloc_asprintf(mem_ctx, "%s %s", group, type); + + if (flags & NBT_NM_DEREGISTER) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_CONFLICT) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_ACTIVE) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + if (flags & NBT_NM_PERMANENT) { + ret = talloc_asprintf_append_buffer(ret, " "); + } + + return ret; +} + +/* do a single node status */ +static bool do_node_status(struct nbt_name_socket *nbtsock, + const char *addr, uint16_t port) +{ + struct nbt_name_status io; + NTSTATUS status; + + io.in.name.name = "*"; + io.in.name.type = NBT_NAME_CLIENT; + io.in.name.scope = NULL; + io.in.dest_addr = addr; + io.in.dest_port = port; + io.in.timeout = 1; + io.in.retries = 2; + + status = nbt_name_status(nbtsock, nbtsock, &io); + if (NT_STATUS_IS_OK(status)) { + int i; + printf("Node status reply from %s\n", + io.out.reply_from); + for (i=0;i %s\n", + clean_name(nbtsock, io.out.status.names[i].name), + io.out.status.names[i].type, + node_status_flags(nbtsock, io.out.status.names[i].nb_flags)); + } + printf("\n\tMAC Address = %02X-%02X-%02X-%02X-%02X-%02X\n", + io.out.status.statistics.unit_id[0], + io.out.status.statistics.unit_id[1], + io.out.status.statistics.unit_id[2], + io.out.status.statistics.unit_id[3], + io.out.status.statistics.unit_id[4], + io.out.status.statistics.unit_id[5]); + return true; + } + + return false; +} + +/* do a single node query */ +static NTSTATUS do_node_query(struct nbt_name_socket *nbtsock, + const char *addr, + uint16_t port, + const char *node_name, + enum nbt_name_type node_type, + bool broadcast) +{ + struct nbt_name_query io; + NTSTATUS status; + int i; + + io.in.name.name = node_name; + io.in.name.type = node_type; + io.in.name.scope = NULL; + io.in.dest_addr = addr; + io.in.dest_port = port; + io.in.broadcast = broadcast; + io.in.wins_lookup = options.wins_lookup; + io.in.timeout = 1; + io.in.retries = 2; + + status = nbt_name_query(nbtsock, nbtsock, &io); + NT_STATUS_NOT_OK_RETURN(status); + + for (i=0;i\n", + io.out.reply_addrs[i], + io.out.name.name, + io.out.name.type); + } + if (options.node_status && io.out.num_addrs > 0) { + do_node_status(nbtsock, io.out.reply_addrs[0], port); + } + + return status; +} + + +static bool process_one(struct loadparm_context *lp_ctx, struct event_context *ev, + struct interface *ifaces, const char *name, int nbt_port) +{ + TALLOC_CTX *tmp_ctx = talloc_new(NULL); + enum nbt_name_type node_type = NBT_NAME_CLIENT; + char *node_name, *p; + struct socket_address *all_zero_addr; + struct nbt_name_socket *nbtsock; + NTSTATUS status = NT_STATUS_OK; + bool ret = true; + + if (!options.case_sensitive) { + name = strupper_talloc(tmp_ctx, name); + } + + if (options.find_master) { + node_type = NBT_NAME_MASTER; + if (*name == '-' || *name == '_') { + name = "\01\02__MSBROWSE__\02"; + node_type = NBT_NAME_MS; + } + } + + p = strchr(name, '#'); + if (p) { + node_name = talloc_strndup(tmp_ctx, name, PTR_DIFF(p,name)); + node_type = (enum nbt_name_type)strtol(p+1, NULL, 16); + } else { + node_name = talloc_strdup(tmp_ctx, name); + } + + nbtsock = nbt_name_socket_init(tmp_ctx, ev, lp_iconv_convenience(lp_ctx)); + + if (options.root_port) { + all_zero_addr = socket_address_from_strings(tmp_ctx, nbtsock->sock->backend_name, + "0.0.0.0", NBT_NAME_SERVICE_PORT); + + if (!all_zero_addr) { + talloc_free(tmp_ctx); + return false; + } + + status = socket_listen(nbtsock->sock, all_zero_addr, 0, 0); + if (!NT_STATUS_IS_OK(status)) { + printf("Failed to bind to local port 137 - %s\n", nt_errstr(status)); + talloc_free(tmp_ctx); + return false; + } + } + + if (options.lookup_by_ip) { + ret = do_node_status(nbtsock, name, nbt_port); + talloc_free(tmp_ctx); + return ret; + } + + if (options.broadcast_address) { + status = do_node_query(nbtsock, options.broadcast_address, nbt_port, + node_name, node_type, true); + } else if (options.unicast_address) { + status = do_node_query(nbtsock, options.unicast_address, + nbt_port, node_name, node_type, false); + } else { + int i, num_interfaces; + + num_interfaces = iface_count(ifaces); + for (i=0;i as an IP Address", NULL }, + + { "case-sensitive", 0, POPT_ARG_NONE, NULL, OPT_CASE_SENSITIVE, + "Don't uppercase the name before sending", NULL }, + + POPT_COMMON_SAMBA + { 0, 0, 0, 0 } + }; + + pc = poptGetContext("nmblookup", argc, argv, long_options, + POPT_CONTEXT_KEEP_FIRST); + + poptSetOtherOptionHelp(pc, " ..."); + + while ((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + case OPT_BROADCAST_ADDRESS: + options.broadcast_address = poptGetOptArg(pc); + break; + case OPT_UNICAST_ADDRESS: + options.unicast_address = poptGetOptArg(pc); + break; + case OPT_FIND_MASTER: + options.find_master = true; + break; + case OPT_WINS_LOOKUP: + options.wins_lookup = true; + break; + case OPT_NODE_STATUS: + options.node_status = true; + break; + case OPT_ROOT_PORT: + options.root_port = true; + break; + case OPT_LOOKUP_BY_IP: + options.lookup_by_ip = true; + break; + case OPT_CASE_SENSITIVE: + options.case_sensitive = true; + break; + } + } + + /* swallow argv[0] */ + poptGetArg(pc); + + if(!poptPeekArg(pc)) { + poptPrintUsage(pc, stderr, 0); + exit(1); + } + + load_interfaces(NULL, lp_interfaces(cmdline_lp_ctx), &ifaces); + + ev = s4_event_context_init(talloc_autofree_context()); + + while (poptPeekArg(pc)) { + const char *name = poptGetArg(pc); + + ret &= process_one(cmdline_lp_ctx, ev, ifaces, name, lp_nbt_port(cmdline_lp_ctx)); + } + + talloc_free(ev); + + talloc_free(ifaces); + + poptFreeContext(pc); + + if (!ret) { + return 1; + } + + return 0; +} diff --git a/source4/utils/config.mk b/source4/utils/config.mk index 37a19077f1..0b98dcfa85 100644 --- a/source4/utils/config.mk +++ b/source4/utils/config.mk @@ -61,23 +61,6 @@ PRIVATE_DEPENDENCIES = setnttoken_OBJ_FILES = $(utilssrcdir)/setnttoken.o -################################# -# Start BINARY nmblookup -[BINARY::nmblookup] -INSTALLDIR = BINDIR -PRIVATE_DEPENDENCIES = \ - LIBSAMBA-HOSTCONFIG \ - LIBSAMBA-UTIL \ - LIBCLI_NBT \ - LIBPOPT \ - POPT_SAMBA \ - LIBNETIF \ - LIBCLI_RESOLVE -# End BINARY nmblookup -################################# - -nmblookup_OBJ_FILES = $(utilssrcdir)/nmblookup.o - ################################# # Start BINARY testparm [BINARY::testparm] diff --git a/source4/utils/nmblookup.c b/source4/utils/nmblookup.c deleted file mode 100644 index 0d98cb99de..0000000000 --- a/source4/utils/nmblookup.c +++ /dev/null @@ -1,381 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - NBT client - used to lookup netbios names - - Copyright (C) Andrew Tridgell 1994-2005 - Copyright (C) Jelmer Vernooij 2003 (Conversion to popt) - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -*/ - -#include "includes.h" -#include "lib/cmdline/popt_common.h" -#include "lib/socket/socket.h" -#include "lib/events/events.h" -#include "system/network.h" -#include "system/locale.h" -#include "lib/socket/netif.h" -#include "librpc/gen_ndr/nbt.h" -#include "../libcli/nbt/libnbt.h" -#include "param/param.h" - -/* command line options */ -static struct { - const char *broadcast_address; - const char *unicast_address; - bool find_master; - bool wins_lookup; - bool node_status; - bool root_port; - bool lookup_by_ip; - bool case_sensitive; -} options; - -/* - clean any binary from a node name -*/ -static const char *clean_name(TALLOC_CTX *mem_ctx, const char *name) -{ - char *ret = talloc_strdup(mem_ctx, name); - int i; - for (i=0;ret[i];i++) { - if (!isprint((unsigned char)ret[i])) ret[i] = '.'; - } - return ret; -} - -/* - turn a node status flags field into a string -*/ -static char *node_status_flags(TALLOC_CTX *mem_ctx, uint16_t flags) -{ - char *ret; - const char *group = " "; - const char *type = "B"; - - if (flags & NBT_NM_GROUP) { - group = ""; - } - - switch (flags & NBT_NM_OWNER_TYPE) { - case NBT_NODE_B: - type = "B"; - break; - case NBT_NODE_P: - type = "P"; - break; - case NBT_NODE_M: - type = "M"; - break; - case NBT_NODE_H: - type = "H"; - break; - } - - ret = talloc_asprintf(mem_ctx, "%s %s", group, type); - - if (flags & NBT_NM_DEREGISTER) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_CONFLICT) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_ACTIVE) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - if (flags & NBT_NM_PERMANENT) { - ret = talloc_asprintf_append_buffer(ret, " "); - } - - return ret; -} - -/* do a single node status */ -static bool do_node_status(struct nbt_name_socket *nbtsock, - const char *addr, uint16_t port) -{ - struct nbt_name_status io; - NTSTATUS status; - - io.in.name.name = "*"; - io.in.name.type = NBT_NAME_CLIENT; - io.in.name.scope = NULL; - io.in.dest_addr = addr; - io.in.dest_port = port; - io.in.timeout = 1; - io.in.retries = 2; - - status = nbt_name_status(nbtsock, nbtsock, &io); - if (NT_STATUS_IS_OK(status)) { - int i; - printf("Node status reply from %s\n", - io.out.reply_from); - for (i=0;i %s\n", - clean_name(nbtsock, io.out.status.names[i].name), - io.out.status.names[i].type, - node_status_flags(nbtsock, io.out.status.names[i].nb_flags)); - } - printf("\n\tMAC Address = %02X-%02X-%02X-%02X-%02X-%02X\n", - io.out.status.statistics.unit_id[0], - io.out.status.statistics.unit_id[1], - io.out.status.statistics.unit_id[2], - io.out.status.statistics.unit_id[3], - io.out.status.statistics.unit_id[4], - io.out.status.statistics.unit_id[5]); - return true; - } - - return false; -} - -/* do a single node query */ -static NTSTATUS do_node_query(struct nbt_name_socket *nbtsock, - const char *addr, - uint16_t port, - const char *node_name, - enum nbt_name_type node_type, - bool broadcast) -{ - struct nbt_name_query io; - NTSTATUS status; - int i; - - io.in.name.name = node_name; - io.in.name.type = node_type; - io.in.name.scope = NULL; - io.in.dest_addr = addr; - io.in.dest_port = port; - io.in.broadcast = broadcast; - io.in.wins_lookup = options.wins_lookup; - io.in.timeout = 1; - io.in.retries = 2; - - status = nbt_name_query(nbtsock, nbtsock, &io); - NT_STATUS_NOT_OK_RETURN(status); - - for (i=0;i\n", - io.out.reply_addrs[i], - io.out.name.name, - io.out.name.type); - } - if (options.node_status && io.out.num_addrs > 0) { - do_node_status(nbtsock, io.out.reply_addrs[0], port); - } - - return status; -} - - -static bool process_one(struct loadparm_context *lp_ctx, struct event_context *ev, - struct interface *ifaces, const char *name, int nbt_port) -{ - TALLOC_CTX *tmp_ctx = talloc_new(NULL); - enum nbt_name_type node_type = NBT_NAME_CLIENT; - char *node_name, *p; - struct socket_address *all_zero_addr; - struct nbt_name_socket *nbtsock; - NTSTATUS status = NT_STATUS_OK; - bool ret = true; - - if (!options.case_sensitive) { - name = strupper_talloc(tmp_ctx, name); - } - - if (options.find_master) { - node_type = NBT_NAME_MASTER; - if (*name == '-' || *name == '_') { - name = "\01\02__MSBROWSE__\02"; - node_type = NBT_NAME_MS; - } - } - - p = strchr(name, '#'); - if (p) { - node_name = talloc_strndup(tmp_ctx, name, PTR_DIFF(p,name)); - node_type = (enum nbt_name_type)strtol(p+1, NULL, 16); - } else { - node_name = talloc_strdup(tmp_ctx, name); - } - - nbtsock = nbt_name_socket_init(tmp_ctx, ev, lp_iconv_convenience(lp_ctx)); - - if (options.root_port) { - all_zero_addr = socket_address_from_strings(tmp_ctx, nbtsock->sock->backend_name, - "0.0.0.0", NBT_NAME_SERVICE_PORT); - - if (!all_zero_addr) { - talloc_free(tmp_ctx); - return false; - } - - status = socket_listen(nbtsock->sock, all_zero_addr, 0, 0); - if (!NT_STATUS_IS_OK(status)) { - printf("Failed to bind to local port 137 - %s\n", nt_errstr(status)); - talloc_free(tmp_ctx); - return false; - } - } - - if (options.lookup_by_ip) { - ret = do_node_status(nbtsock, name, nbt_port); - talloc_free(tmp_ctx); - return ret; - } - - if (options.broadcast_address) { - status = do_node_query(nbtsock, options.broadcast_address, nbt_port, - node_name, node_type, true); - } else if (options.unicast_address) { - status = do_node_query(nbtsock, options.unicast_address, - nbt_port, node_name, node_type, false); - } else { - int i, num_interfaces; - - num_interfaces = iface_count(ifaces); - for (i=0;i as an IP Address", NULL }, - - { "case-sensitive", 0, POPT_ARG_NONE, NULL, OPT_CASE_SENSITIVE, - "Don't uppercase the name before sending", NULL }, - - POPT_COMMON_SAMBA - { 0, 0, 0, 0 } - }; - - pc = poptGetContext("nmblookup", argc, argv, long_options, - POPT_CONTEXT_KEEP_FIRST); - - poptSetOtherOptionHelp(pc, " ..."); - - while ((opt = poptGetNextOpt(pc)) != -1) { - switch(opt) { - case OPT_BROADCAST_ADDRESS: - options.broadcast_address = poptGetOptArg(pc); - break; - case OPT_UNICAST_ADDRESS: - options.unicast_address = poptGetOptArg(pc); - break; - case OPT_FIND_MASTER: - options.find_master = true; - break; - case OPT_WINS_LOOKUP: - options.wins_lookup = true; - break; - case OPT_NODE_STATUS: - options.node_status = true; - break; - case OPT_ROOT_PORT: - options.root_port = true; - break; - case OPT_LOOKUP_BY_IP: - options.lookup_by_ip = true; - break; - case OPT_CASE_SENSITIVE: - options.case_sensitive = true; - break; - } - } - - /* swallow argv[0] */ - poptGetArg(pc); - - if(!poptPeekArg(pc)) { - poptPrintUsage(pc, stderr, 0); - exit(1); - } - - load_interfaces(NULL, lp_interfaces(cmdline_lp_ctx), &ifaces); - - ev = s4_event_context_init(talloc_autofree_context()); - - while (poptPeekArg(pc)) { - const char *name = poptGetArg(pc); - - ret &= process_one(cmdline_lp_ctx, ev, ifaces, name, lp_nbt_port(cmdline_lp_ctx)); - } - - talloc_free(ev); - - talloc_free(ifaces); - - poptFreeContext(pc); - - if (!ret) { - return 1; - } - - return 0; -} -- cgit From 08223692c69963bdb47b1687dc5be760e0c7ad7b Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 12:03:45 +0200 Subject: fix libclinbtsrcdir variable. --- source3/samba4.mk | 2 +- source4/Makefile | 2 +- source4/libcli/config.mk | 12 ++++++------ 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/samba4.mk b/source3/samba4.mk index 3abcbe121f..524fc9f64c 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -107,7 +107,7 @@ ntvfssrcdir := $(samba4srcdir)/ntvfs ntptrsrcdir := $(samba4srcdir)/ntptr clientsrcdir := $(samba4srcdir)/client libclisrcdir := $(samba4srcdir)/libcli -libclinbtsrcdir := $(samba4srcdir)/../libcli +libclinbtsrcdir := $(samba4srcdir)/../libcli/nbt pyscriptsrcdir := $(samba4srcdir)/scripting/python kdcsrcdir := $(samba4srcdir)/kdc smbreadlinesrcdir := $(samba4srcdir)/lib/smbreadline diff --git a/source4/Makefile b/source4/Makefile index 74383b1a59..cab82674d2 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -97,7 +97,7 @@ ntvfssrcdir := ntvfs ntptrsrcdir := ntptr librpcsrcdir := librpc libclisrcdir := libcli -libclinbtsrcdir := ../libcli +libclinbtsrcdir := ../libcli/nbt pyscriptsrcdir := $(srcdir)/scripting/python kdcsrcdir := kdc ntp_signdsrcdir := ntp_signd diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index 8e8587ffa4..8d9a1f5fa8 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -40,15 +40,15 @@ $(eval $(call proto_header_template,$(libclisrcdir)/smb_composite/proto.h,$(LIBC [SUBSYSTEM::NDR_NBT_BUF] -NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbt/nbtname.o +NDR_NBT_BUF_OBJ_FILES = $(libclinbtsrcdir)/nbtname.o -$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbt/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) +$(eval $(call proto_header_template,$(libclinbtsrcdir)/nbtname.h,$(NDR_NBT_BUF_OBJ_FILES:.o=.c))) [SUBSYSTEM::LIBCLI_NBT] PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT LIBCLI_COMPOSITE LIBEVENTS \ NDR_SECURITY samba-socket LIBSAMBA-UTIL -LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/nbt/, \ +LIBCLI_NBT_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ nbtsocket.o \ namequery.o \ nameregister.o \ @@ -73,19 +73,19 @@ MANPAGES += $(libclinbtsrcdir)/man/nmblookup.1 PUBLIC_DEPENDENCIES = LIBNDR \ NDR_SECURITY -LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, ndr_netlogon.o) +LIBCLI_NDR_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/../, ndr_netlogon.o) [SUBSYSTEM::LIBCLI_NETLOGON] PUBLIC_DEPENDENCIES = LIBSAMBA-UTIL LIBCLI_NDR_NETLOGON LIBCLI_NETLOGON_OBJ_FILES = $(addprefix $(libclinbtsrcdir)/, \ - netlogon.o) + ../netlogon.o) [PYTHON::python_netbios] LIBRARY_REALNAME = samba/netbios.$(SHLIBEXT) PUBLIC_DEPENDENCIES = LIBCLI_NBT DYNCONFIG LIBSAMBA-HOSTCONFIG -python_netbios_OBJ_FILES = $(libclinbtsrcdir)/nbt/pynbt.o +python_netbios_OBJ_FILES = $(libclinbtsrcdir)/pynbt.o $(python_libcli_nbt_OBJ_FILES): CFLAGS+=$(CFLAG_NO_UNUSED_MACROS) $(CFLAG_NO_CAST_QUAL) -- cgit From 71ef7ae824b1e8d411590a9a7dbd1f5b86b9df5e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 12:08:52 +0200 Subject: Remove duplicate copy of manual page. --- source4/utils/man/ndrdump.1.xml | 83 ----------------------------------------- 1 file changed, 83 deletions(-) delete mode 100644 source4/utils/man/ndrdump.1.xml diff --git a/source4/utils/man/ndrdump.1.xml b/source4/utils/man/ndrdump.1.xml deleted file mode 100644 index 9d66102682..0000000000 --- a/source4/utils/man/ndrdump.1.xml +++ /dev/null @@ -1,83 +0,0 @@ - - - - - - ndrdump - 1 - - - - - ndrdump - DCE/RPC Packet Parser and Dumper - - - - - ndrdump - -c context - pipe - function - in|out - filename - - - ndrdump - pipe - - - ndrdump - - - - - DESCRIPTION - - ndrdump tries to parse the specified filename - using Samba's parser for the specified pipe and function. The - third argument should be - either in or out, depending - on whether the data should be parsed as a request or a reply. - - Running ndrdump without arguments will list the pipes for which - parsers are available. - - Running ndrdump with one argument will list the functions that - Samba can parse for the specified pipe. - - The primary function of ndrdump is debugging Samba's internal - DCE/RPC parsing functions. The file being parsed is usually - one exported by wiresharks Export selected packet bytes - function. - - The context argument can be used to load context data from the request - packet when parsing reply packets (such as array lengths). - - - - - VERSION - - This man page is correct for version 4.0 of the Samba suite. - - - - SEE ALSO - - wireshark, pidl - - - - - AUTHOR - - This utility is part of the Samba suite, which is developed by the global Samba Team. - - ndrdump was written by Andrew Tridgell. - - This manpage was written by Jelmer Vernooij. - - - - -- cgit From be63f86ce7029b0a4efbe1478cc16189b5d26aec Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Oct 2008 12:56:04 +0200 Subject: Remove unused CHECK_FSP macro --- source3/include/smb_macros.h | 16 ---------------- source3/smbd/reply.c | 5 ++--- 2 files changed, 2 insertions(+), 19 deletions(-) diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 20e2a9a443..d2e0aa95ac 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -75,22 +75,6 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ } while(0) -/* you must add the following extern declaration to files using this macro - * (do not add it to the macro as that causes nested extern declaration warnings) - * extern struct current_user current_user; - */ -#define CHECK_FSP(fsp,conn) do {\ - if (!(fsp) || !(conn)) \ - return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ - else if (((conn) != (fsp)->conn) || current_user.vuid != (fsp)->vuid) \ - return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ - else if ((fsp)->is_directory) \ - return ERROR_NT(NT_STATUS_INVALID_DEVICE_REQUEST); \ - else if ((fsp)->fh->fd == -1) \ - return ERROR_NT(NT_STATUS_ACCESS_DENIED); \ - (fsp)->num_smb_operations++;\ - } while(0) - #define CHECK_READ(fsp,inbuf) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \ ((SVAL((inbuf),smb_flg2) & FLAGS2_READ_PERMIT_EXECUTE) && \ (fsp->access_mask & FILE_EXECUTE)))) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 0226d314f7..48403073f7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -339,8 +339,7 @@ bool check_fsp_open(connection_struct *conn, struct smb_request *req, } /**************************************************************************** - Check if we have a correct fsp pointing to a file. Replacement for the - CHECK_FSP macro. + Check if we have a correct fsp pointing to a file. ****************************************************************************/ bool check_fsp(connection_struct *conn, struct smb_request *req, @@ -4272,7 +4271,7 @@ void reply_close(struct smb_request *req) fsp = file_fsp(SVAL(req->inbuf,smb_vwv0)); /* - * We can only use CHECK_FSP if we know it's not a directory. + * We can only use check_fsp if we know it's not a directory. */ if(!fsp || (fsp->conn != conn) || (fsp->vuid != req->vuid)) { -- cgit From 14f835ba4b7e553d0cd75f3b311378c5c875e87c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 11:39:32 -0700 Subject: Fix bug #5814 - Winbindd dumping core in a strange manner while doing "rescan_trusted_domain". From analysis by hargagan : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. --- source3/winbindd/winbindd_dual.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index f6a9c1f26d..aeb52d9b5a 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -300,6 +300,18 @@ static void schedule_async_request(struct winbindd_child *child) return; /* Busy */ } + /* + * This may be a reschedule, so we might + * have an existing timeout event pending on + * the first entry in the child->requests list + * (we only send one request at a time). + * Ensure we free it before we reschedule. + * Bug #5814, from hargagan . + * JRA. + */ + + TALLOC_FREE(request->reply_timeout_event); + if ((child->pid == 0) && (!fork_domain_child(child))) { /* fork_domain_child failed. Cancel all outstanding requests */ @@ -495,6 +507,17 @@ void winbind_child_died(pid_t pid) child->event.flags = 0; child->pid = 0; + if (child->requests) { + /* + * schedule_async_request() will also + * clear this event but the call is + * idempotent so it doesn't hurt to + * cover all possible future code + * paths. JRA. + */ + TALLOC_FREE(child->requests->reply_timeout_event); + } + schedule_async_request(child); } -- cgit From 646df8bec618d78905f83779bf57d96141109d8f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 15:18:25 -0700 Subject: Deal with inheritance from parent directory when setting Windows ACLs. Jeremy. --- source3/include/proto.h | 3 +++ source3/modules/vfs_acl_xattr.c | 16 ++++++++++++++++ source3/smbd/posix_acls.c | 2 +- 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index efa29be16d..535adf7e2f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -9930,6 +9930,9 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, SEC_DESC **ppdesc); int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); +NTSTATUS append_parent_acl(files_struct *fsp, + const SEC_DESC *pcsd, + SEC_DESC **pp_new_sd); NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd); int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); int chmod_acl(connection_struct *conn, const char *name, mode_t mode); diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 4a8f6fec01..b641195fd7 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -317,6 +317,22 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return status; } + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + SEC_DESC *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + create_acl_blob(psd, &blob); store_acl_blob(fsp, &blob); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 48ea993e28..da17e53b2c 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3227,7 +3227,7 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) Take care of parent ACL inheritance. ****************************************************************************/ -static NTSTATUS append_parent_acl(files_struct *fsp, +NTSTATUS append_parent_acl(files_struct *fsp, const SEC_DESC *pcsd, SEC_DESC **pp_new_sd) { -- cgit From 88a58ae0eeb553969c903a94e578375e109ad05a Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 7 Oct 2008 20:16:04 -0700 Subject: Fixed "might be uninitialized" warning --- source3/modules/vfs_acl_xattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index b641195fd7..241751c6a6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -89,7 +89,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, uint8_t *val = NULL; uint8_t *tmp; ssize_t sizeret; - int saved_errno; + int saved_errno = 0; ZERO_STRUCTP(pblob); @@ -277,7 +277,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp, DATA_BLOB *pblob) { int ret; - int saved_errno; + int saved_errno = 0; DEBUG(10,("store_acl_blob: storing blob length %u on file %s\n", (unsigned int)pblob->length, fsp->fsp_name)); -- cgit From 543c6a02ae1dcb903de800c88af1f9e221827d61 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 18:06:58 -0700 Subject: For the vfs_acl_xattr.c module, make sure we map GENERIC file and directory bits to specific bits every time a security descriptor is set. The S4 torture suite proves that generic bits are not returned when querying an ACL set using them (ie. only the specific bits are stored on disk). Jeremy. --- source3/include/proto.h | 1 + source3/lib/util_seaccess.c | 18 ++++++++++++++++++ source3/rpc_server/srv_srvsvc_nt.c | 26 ++++++++++++++++++++++++-- source3/smbd/nttrans.c | 5 +++++ source3/smbd/open.c | 4 ++++ 5 files changed, 52 insertions(+), 2 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 535adf7e2f..b7e363253f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1431,6 +1431,7 @@ WERROR registry_push_value(TALLOC_CTX *mem_ctx, /* The following definitions come from lib/util_seaccess.c */ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping); +void security_acl_map_generic(struct security_acl *sa, const struct generic_mapping *mapping); void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping); bool se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token, uint32 acc_desired, uint32 *acc_granted, diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index 87e70bb95b..cab4261adf 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping) } } +/* Map generic access rights to object specific rights for all the ACE's + * in a security_acl. + */ + +void security_acl_map_generic(struct security_acl *sa, + const struct generic_mapping *mapping) +{ + unsigned int i; + + if (!sa) { + return; + } + + for (i = 0; i < sa->num_aces; i++) { + se_map_generic(&sa->aces[i].access_mask, mapping); + } +} + /* Map standard access rights to object specific rights. This technique is used to give meaning to assigning read, write, execute and all access to objects. Each type of object has its own mapping of standard to object diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index fb7478653d..47688b114c 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2150,6 +2150,8 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, connection_struct *conn = NULL; int snum; char *oldcwd = NULL; + struct security_descriptor *psd = NULL; + uint32_t security_info_sent = 0; ZERO_STRUCT(st); @@ -2198,9 +2200,29 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } + psd = r->in.sd_buf->sd; + security_info_sent = r->in.securityinformation; + + if (psd->owner_sid==0) { + security_info_sent &= ~OWNER_SECURITY_INFORMATION; + } + if (psd->group_sid==0) { + security_info_sent &= ~GROUP_SECURITY_INFORMATION; + } + if (psd->sacl==0) { + security_info_sent &= ~SACL_SECURITY_INFORMATION; + } + if (psd->dacl==0) { + security_info_sent &= ~DACL_SECURITY_INFORMATION; + } + + /* Convert all the generic bits. */ + security_acl_map_generic(psd->dacl, &file_generic_mapping); + security_acl_map_generic(psd->sacl, &file_generic_mapping); + nt_status = SMB_VFS_FSET_NT_ACL(fsp, - r->in.securityinformation, - r->in.sd_buf->sd); + security_info_sent, + psd); if (!NT_STATUS_IS_OK(nt_status) ) { DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL " diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 584399c86c..061855876c 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -713,6 +713,7 @@ static void do_nt_transact_create_pipe(connection_struct *conn, static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, uint32 security_info_sent) { + extern const struct generic_mapping file_generic_mapping; SEC_DESC *psd = NULL; NTSTATUS status; @@ -739,6 +740,10 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, security_info_sent &= ~DACL_SECURITY_INFORMATION; } + /* Convert all the generic bits. */ + security_acl_map_generic(psd->dacl, &file_generic_mapping); + security_acl_map_generic(psd->sacl, &file_generic_mapping); + status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd); TALLOC_FREE(psd); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ad024a58ef..8727e80d5f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2764,6 +2764,10 @@ NTSTATUS create_file_unixpath(connection_struct *conn, fsp->access_mask = FILE_GENERIC_ALL; + /* Convert all the generic bits. */ + security_acl_map_generic(sd->dacl, &file_generic_mapping); + security_acl_map_generic(sd->sacl, &file_generic_mapping); + status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); fsp->access_mask = saved_access_mask; -- cgit From 298a918e953853d3b6fbb20e5984275db083bc9b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 03:05:47 +0200 Subject: s3-winbindd: add dsgetdcname request and reply to winbind structure. Guenther --- source3/nsswitch/winbind_struct_protocol.h | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index e81813c77b..ff52dbddaf 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -313,6 +313,12 @@ struct winbindd_request { uint32_t initial_blob_len; /* blobs in extra_data */ uint32_t challenge_blob_len; } ccache_ntlm_auth; + struct { + fstring domain_name; + fstring domain_guid; + fstring site_name; + uint32_t flags; + } dsgetdcname; /* padding -- needed to fix alignment between 32bit and 64bit libs. The size is the sizeof the union without the padding aligned on @@ -453,6 +459,17 @@ struct winbindd_response { struct { uint32_t auth_blob_len; /* blob in extra_data */ } ccache_ntlm_auth; + struct { + fstring dc_unc; + fstring dc_address; + uint32_t dc_address_type; + fstring domain_guid; + fstring domain_name; + fstring forest_name; + uint32_t dc_flags; + fstring dc_site_name; + fstring client_site_name; + } dsgetdcname; } data; /* Variable length return data */ -- cgit From 4c68f3cd9b77414802bef08631ddb66325bfff4c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 9 Oct 2008 11:45:03 +0200 Subject: build: add "make test_wbpad" for checking winbind 32/64bit structure padding. Guenther --- source3/Makefile.in | 4 +++ source3/script/tests/wb_pad.sh | 82 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100755 source3/script/tests/wb_pad.sh diff --git a/source3/Makefile.in b/source3/Makefile.in index eb6a05cba5..0ae32a0ef8 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2769,6 +2769,10 @@ valgrindtest:: all torture timelimit VALGRIND="valgrind -q --num-callers=30 --log-file=${selftest_prefix}/valgrind.log" \ PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" +# Check for Winbind struct 32/64bit padding +test_wbpad: + @echo "Testing winbind request/response structure for 32/64bit padding" + @./script/tests/wb_pad.sh || exit 1; ## ## Examples: diff --git a/source3/script/tests/wb_pad.sh b/source3/script/tests/wb_pad.sh new file mode 100755 index 0000000000..f1f5ca24c4 --- /dev/null +++ b/source3/script/tests/wb_pad.sh @@ -0,0 +1,82 @@ +#!/bin/sh +# +# Copyright (C) Guenther Deschner 2008 +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . + +tempdir=`mktemp -d /tmp/wb_padXXXXXX` +test -n "$tempdir" || exit 1 +cat >> $tempdir/wb_pad.c << _EOF +#include "nsswitch/winbind_client.h" + +int main(int argc, const char **argv) +{ + struct winbindd_request req; + struct winbindd_response resp; + + if (argc != 2) { + printf("usage: %s [req|resp]\n", argv[0]); + return 0; + } + + if (strcmp(argv[1], "req") == 0) { + printf("%d\n", (uint32_t)sizeof(req)); + } + if (strcmp(argv[1], "resp") == 0) { + printf("%d\n", (uint32_t)sizeof(resp)); + } + + return 0; +} +_EOF + +cleanup() { + rm -f $tempdir/wb_pad_32 $tempdir/wb_pad_64 $tempdir/wb_pad.c + rmdir $tempdir +} + +cflags="-I. -I./../lib/replace -Iinclude" +${CC:-gcc} -m32 $RPM_OPT_FLAGS $CFLAGS -o $tempdir/wb_pad_32 $cflags $tempdir/wb_pad.c +if [ $? -ne 0 ]; then + cleanup + exit 1 +fi +${CC:-gcc} -m64 $RPM_OPT_FLAGS $CFLAGS -o $tempdir/wb_pad_64 $cflags $tempdir/wb_pad.c +if [ $? -ne 0 ]; then + cleanup + exit 1 +fi + +out_64_req=`$tempdir/wb_pad_64 req` +out_64_resp=`$tempdir/wb_pad_64 resp` +out_32_req=`$tempdir/wb_pad_32 req` +out_32_resp=`$tempdir/wb_pad_32 resp` + +cleanup + +if test "$out_64_req" != "$out_32_req"; then + echo "winbind request size differs!" + echo "64bit: $out_64_req" + echo "32bit: $out_32_req" + exit 1 +fi + +if test "$out_64_resp" != "$out_32_resp"; then + echo "winbind response size differs!" + echo "64bit: $out_64_resp" + echo "32bit: $out_32_resp" + exit 1 +fi + +exit 0 -- cgit From 96a5d169dd3a8746270a9e086717ab6206ab02c6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Oct 2008 17:24:24 +0200 Subject: Fix a typo --- source3/smbd/ipc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index f4c45999ba..0f2caad86f 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -318,7 +318,7 @@ static void api_fd_reply(connection_struct *conn, uint16 vuid, /* Get the file handle and hence the file name. */ /* * NB. The setup array has already been transformed - * via SVAL and so is in gost byte order. + * via SVAL and so is in host byte order. */ pnum = ((int)setup[1]) & 0xFFFF; subcommand = ((int)setup[0]) & 0xFFFF; -- cgit From 1d83fbffae23325961fd80873c93c06cae5f7a4e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Oct 2008 17:42:22 +0200 Subject: Remove a pointless level of indirection --- source3/include/proto.h | 1 - source3/smbd/fake_file.c | 8 -------- source3/smbd/files.c | 4 +--- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index b7e363253f..99557a25a1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -9558,7 +9558,6 @@ NTSTATUS open_fake_file(connection_struct *conn, const char *fname, uint32 access_mask, files_struct **result); -void destroy_fake_file_handle(struct fake_file_handle **fh); NTSTATUS close_fake_file(files_struct *fsp); /* The following definitions come from smbd/file_access.c */ diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 8dd9abee1a..1761cb66a8 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -146,14 +146,6 @@ NTSTATUS open_fake_file(connection_struct *conn, return NT_STATUS_OK; } -void destroy_fake_file_handle(struct fake_file_handle **fh) -{ - if (!fh) { - return; - } - TALLOC_FREE(*fh); -} - NTSTATUS close_fake_file(files_struct *fsp) { file_free(fsp); diff --git a/source3/smbd/files.c b/source3/smbd/files.c index 8d06e20f81..519f4945f2 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -400,9 +400,7 @@ void file_free(files_struct *fsp) string_free(&fsp->fsp_name); - if (fsp->fake_file_handle) { - destroy_fake_file_handle(&fsp->fake_file_handle); - } + TALLOC_FREE(fsp->fake_file_handle); if (fsp->fh->ref_count == 1) { SAFE_FREE(fsp->fh); -- cgit From 76a8da6f711ce13de6c4e3e1af6714b0475b71f5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 03:09:07 +0200 Subject: s3-winbindd: use new, richer structures in WINBINDD_DSGETDCNAME implementation. Guenther --- source3/winbindd/winbindd_locator.c | 61 ++++++++++++++++++++++++------------- 1 file changed, 40 insertions(+), 21 deletions(-) diff --git a/source3/winbindd/winbindd_locator.c b/source3/winbindd/winbindd_locator.c index b2a8bd7e30..b60d235f70 100644 --- a/source3/winbindd/winbindd_locator.c +++ b/source3/winbindd/winbindd_locator.c @@ -45,11 +45,15 @@ struct winbindd_child *locator_child(void) void winbindd_dsgetdcname(struct winbindd_cli_state *state) { - state->request.domain_name - [sizeof(state->request.domain_name)-1] = '\0'; + state->request.data.dsgetdcname.domain_name + [sizeof(state->request.data.dsgetdcname.domain_name)-1] = '\0'; + state->request.data.dsgetdcname.site_name + [sizeof(state->request.data.dsgetdcname.site_name)-1] = '\0'; + state->request.data.dsgetdcname.domain_guid + [sizeof(state->request.data.dsgetdcname.domain_guid)-1] = '\0'; DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid, - state->request.domain_name)); + state->request.data.dsgetdcname.domain_name)); sendto_child(state, locator_child()); } @@ -94,44 +98,59 @@ static uint32_t get_dsgetdc_flags(uint32_t wbc_flags) return ds_flags; } - static enum winbindd_result dual_dsgetdcname(struct winbindd_domain *domain, struct winbindd_cli_state *state) { NTSTATUS result; struct netr_DsRGetDCNameInfo *info = NULL; - const char *dc = NULL; uint32_t ds_flags = 0; + struct GUID guid, *guid_ptr = NULL; + const char *guid_str = NULL; - state->request.domain_name - [sizeof(state->request.domain_name)-1] = '\0'; + state->request.data.dsgetdcname.domain_name + [sizeof(state->request.data.dsgetdcname.domain_name)-1] = '\0'; + state->request.data.dsgetdcname.site_name + [sizeof(state->request.data.dsgetdcname.site_name)-1] = '\0'; + state->request.data.dsgetdcname.domain_guid + [sizeof(state->request.data.dsgetdcname.domain_guid)-1] = '\0'; DEBUG(3, ("[%5lu]: dsgetdcname for %s\n", (unsigned long)state->pid, - state->request.domain_name)); + state->request.data.dsgetdcname.domain_name)); ds_flags = get_dsgetdc_flags(state->request.flags); - result = dsgetdcname(state->mem_ctx, winbind_messaging_context(), - state->request.domain_name, - NULL, NULL, ds_flags, &info); - - if (!NT_STATUS_IS_OK(result)) { - return WINBINDD_ERROR; + result = GUID_from_string(state->request.data.dsgetdcname.domain_guid, + &guid); + if (NT_STATUS_IS_OK(result) && !GUID_all_zero(&guid)) { + guid_ptr = &guid; } - if (info->dc_address) { - dc = strip_hostname(info->dc_address); - } + result = dsgetdcname(state->mem_ctx, + winbind_messaging_context(), + state->request.data.dsgetdcname.domain_name, + guid_ptr, + state->request.data.dsgetdcname.site_name, + ds_flags, + &info); - if ((!dc || !is_ipaddress_v4(dc)) && info->dc_unc) { - dc = strip_hostname(info->dc_unc); + if (!NT_STATUS_IS_OK(result)) { + return WINBINDD_ERROR; } - if (!dc || !*dc) { + guid_str = GUID_string(state->mem_ctx, &info->domain_guid); + if (!guid_str) { return WINBINDD_ERROR; } - fstrcpy(state->response.data.dc_name, dc); + fstrcpy(state->response.data.dsgetdcname.dc_unc, info->dc_unc); + fstrcpy(state->response.data.dsgetdcname.dc_address, info->dc_address); + state->response.data.dsgetdcname.dc_address_type = info->dc_address_type; + fstrcpy(state->response.data.dsgetdcname.domain_guid, guid_str); + fstrcpy(state->response.data.dsgetdcname.domain_name, info->domain_name); + fstrcpy(state->response.data.dsgetdcname.forest_name, info->forest_name); + state->response.data.dsgetdcname.dc_flags = info->dc_flags; + fstrcpy(state->response.data.dsgetdcname.dc_site_name, info->dc_site_name); + fstrcpy(state->response.data.dsgetdcname.client_site_name, info->client_site_name); return WINBINDD_OK; } -- cgit From 4e04c5ae1bb7ade41c0b28bbf9ec7cdb4930d9ae Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 03:11:33 +0200 Subject: wbinfo: fix dsgetdcname caller. Guenther --- source3/nsswitch/wbinfo.c | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 60524d1d1b..fc49be4314 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -538,8 +538,8 @@ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags) ZERO_STRUCT(request); ZERO_STRUCT(response); - fstrcpy(request.domain_name, domain_name); - request.flags = flags; + fstrcpy(request.data.dsgetdcname.domain_name, domain_name); + request.data.dsgetdcname.flags = flags; request.flags |= DS_DIRECTORY_SERVICE_REQUIRED; @@ -553,7 +553,15 @@ static bool wbinfo_dsgetdcname(const char *domain_name, uint32_t flags) /* Display response */ - d_printf("%s\n", response.data.dc_name); + d_printf("%s\n", response.data.dsgetdcname.dc_unc); + d_printf("%s\n", response.data.dsgetdcname.dc_address); + d_printf("%d\n", response.data.dsgetdcname.dc_address_type); + d_printf("%s\n", response.data.dsgetdcname.domain_guid); + d_printf("%s\n", response.data.dsgetdcname.domain_name); + d_printf("%s\n", response.data.dsgetdcname.forest_name); + d_printf("0x%08x\n", response.data.dsgetdcname.dc_flags); + d_printf("%s\n", response.data.dsgetdcname.dc_site_name); + d_printf("%s\n", response.data.dsgetdcname.client_site_name); return true; } -- cgit From bf5c80c8eb3051ff2d04629b2b4a74b0c86d726d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 03:11:59 +0200 Subject: krb5-locator: fix dsgetdcname caller. Guenther --- source3/nsswitch/winbind_krb5_locator.c | 27 ++++++++++++++++++++++----- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/source3/nsswitch/winbind_krb5_locator.c b/source3/nsswitch/winbind_krb5_locator.c index 990c2cae50..7eecd13b70 100644 --- a/source3/nsswitch/winbind_krb5_locator.c +++ b/source3/nsswitch/winbind_krb5_locator.c @@ -1,7 +1,7 @@ /* Unix SMB/CIFS implementation. kerberos locator plugin - Copyright (C) Guenther Deschner 2007 + Copyright (C) Guenther Deschner 2007-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -247,18 +247,19 @@ static bool ask_winbind(const char *realm, char **dcname) NSS_STATUS status; struct winbindd_request request; struct winbindd_response response; + const char *dc = NULL; ZERO_STRUCT(request); ZERO_STRUCT(response); - request.flags = 0x40020600; + request.data.dsgetdcname.flags = 0x40020600; /* DS_KDC_REQUIRED | DS_IS_DNS_NAME | DS_RETURN_DNS_NAME | DS_IP_REQUIRED */ - strncpy(request.domain_name, realm, - sizeof(request.domain_name)-1); + strncpy(request.data.dsgetdcname.domain_name, realm, + sizeof(request.data.dsgetdcname.domain_name)-1); status = winbindd_request_response(WINBINDD_DSGETDCNAME, &request, &response); @@ -270,7 +271,23 @@ static bool ask_winbind(const char *realm, char **dcname) return false; } - *dcname = strdup(response.data.dc_name); + if (response.data.dsgetdcname.dc_address[0] != '\0') { + dc = response.data.dsgetdcname.dc_address; + if (dc[0] == '\\') dc++; + if (dc[0] == '\\') dc++; + } + + if (!dc && response.data.dsgetdcname.dc_unc[0] != '\0') { + dc = response.data.dsgetdcname.dc_unc; + if (dc[0] == '\\') dc++; + if (dc[0] == '\\') dc++; + } + + if (!dc) { + return false; + } + + *dcname = strdup(dc); if (!*dcname) { return false; } -- cgit From 5a61f30d13d55d10b74adf9fdb3a7e6731565682 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 2 Oct 2008 13:07:14 +0200 Subject: wbclient: add my copyright. Guenther --- source3/nsswitch/libwbclient/wbc_pam.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 20b42b6efb..70e2aa60a5 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -4,6 +4,7 @@ Winbind client API Copyright (C) Gerald (Jerry) Carter 2007 + Copyright (C) Guenther Deschner 2008 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public -- cgit From 8fcb81ee996312269b84ac9c7fb835b1048dc64b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 2 Oct 2008 13:06:50 +0200 Subject: wbclient: add wbcGuid structure. Guenther --- source3/nsswitch/libwbclient/wbclient.h | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index cae3feec5b..2fc7a9b7c1 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -136,6 +136,19 @@ struct wbcSidWithAttr { #define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000 #define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000 +/** + * @brief Windows GUID + * + **/ + +struct wbcGuid { + uint32_t time_low; + uint16_t time_mid; + uint16_t time_hi_and_version; + uint8_t clock_seq[2]; + uint8_t node[6]; +}; + /** * @brief Domain Information **/ -- cgit From b28db15af8d9d163348e713c0adbb8ab7b955fb4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 2 Oct 2008 13:11:31 +0200 Subject: wbclient: add wbcGuidToString and wbcStringToGuid helper functions. Guenther --- source3/Makefile.in | 1 + source3/nsswitch/libwbclient/wbc_guid.c | 118 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 10 +++ 3 files changed, 129 insertions(+) create mode 100644 source3/nsswitch/libwbclient/wbc_guid.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 0ae32a0ef8..18581badea 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1718,6 +1718,7 @@ LIBWBCLIENT_OBJ0 = nsswitch/libwbclient/wbclient.o \ nsswitch/libwbclient/wbc_pwd.o \ nsswitch/libwbclient/wbc_idmap.o \ nsswitch/libwbclient/wbc_sid.o \ + nsswitch/libwbclient/wbc_guid.o \ nsswitch/libwbclient/wbc_pam.o LIBWBCLIENT_OBJ = $(LIBWBCLIENT_OBJ0) \ $(WBCOMMON_OBJ) \ diff --git a/source3/nsswitch/libwbclient/wbc_guid.c b/source3/nsswitch/libwbclient/wbc_guid.c new file mode 100644 index 0000000000..0cb33e9868 --- /dev/null +++ b/source3/nsswitch/libwbclient/wbc_guid.c @@ -0,0 +1,118 @@ +/* + Unix SMB/CIFS implementation. + + Winbind client API + + Copyright (C) Gerald (Jerry) Carter 2007 + + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 3 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Library General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with this program. If not, see . +*/ + +/* Required Headers */ + +#include "libwbclient.h" + +/** @brief Convert a binary GUID to a character string + * + * @param guid Binary Guid + * @param **guid_string Resulting character string + * + * @return #wbcErr + **/ + +wbcErr wbcGuidToString(const struct wbcGuid *guid, + char **guid_string) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!guid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + *guid_string = talloc_asprintf(NULL, + "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + guid->time_low, guid->time_mid, + guid->time_hi_and_version, + guid->clock_seq[0], + guid->clock_seq[1], + guid->node[0], guid->node[1], + guid->node[2], guid->node[3], + guid->node[4], guid->node[5]); + BAIL_ON_PTR_ERROR((*guid_string), wbc_status); + + wbc_status = WBC_ERR_SUCCESS; + +done: + return wbc_status; +} + +/** @brief Convert a character string to a binary GUID + * + * @param *str Character string + * @param guid Resulting binary GUID + * + * @return #wbcErr + **/ + +wbcErr wbcStringToGuid(const char *str, + struct wbcGuid *guid) +{ + uint32_t time_low; + uint32_t time_mid, time_hi_and_version; + uint32_t clock_seq[2]; + uint32_t node[6]; + int i; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + + if (!guid) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (!str) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (11 == sscanf(str, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + &time_low, &time_mid, &time_hi_and_version, + &clock_seq[0], &clock_seq[1], + &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { + wbc_status = WBC_ERR_SUCCESS; + } else if (11 == sscanf(str, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", + &time_low, &time_mid, &time_hi_and_version, + &clock_seq[0], &clock_seq[1], + &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { + wbc_status = WBC_ERR_SUCCESS; + } + + BAIL_ON_WBC_ERROR(wbc_status); + + guid->time_low = time_low; + guid->time_mid = time_mid; + guid->time_hi_and_version = time_hi_and_version; + guid->clock_seq[0] = clock_seq[0]; + guid->clock_seq[1] = clock_seq[1]; + + for (i=0;i<6;i++) { + guid->node[i] = node[i]; + } + + wbc_status = WBC_ERR_SUCCESS; + +done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 2fc7a9b7c1..48b6115612 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -411,6 +411,16 @@ wbcErr wbcSidToString(const struct wbcDomainSid *sid, wbcErr wbcStringToSid(const char *sid_string, struct wbcDomainSid *sid); +/* + * Utility functions for dealing with GUIDs + */ + +wbcErr wbcGuidToString(const struct wbcGuid *guid, + char **guid_string); + +wbcErr wbcStringToGuid(const char *guid_string, + struct wbcGuid *guid); + wbcErr wbcPing(void); wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); -- cgit From eb78e5c46f2ceb1de9cdd459f024d0632ef90893 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 27 Sep 2008 03:29:01 +0200 Subject: wbclient: add wbcLookupDomainControllerEx call. Guenther --- source3/nsswitch/libwbclient/wbc_util.c | 139 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 21 ++++- 2 files changed, 159 insertions(+), 1 deletion(-) diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 8e01e6e719..5aea884272 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -550,3 +550,142 @@ done: return wbc_status; } + +static wbcErr wbc_create_domain_controller_info_ex(TALLOC_CTX *mem_ctx, + const struct winbindd_response *resp, + struct wbcDomainControllerInfoEx **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcDomainControllerInfoEx *i; + struct wbcGuid guid; + + i = talloc(mem_ctx, struct wbcDomainControllerInfoEx); + BAIL_ON_PTR_ERROR(i, wbc_status); + + i->dc_unc = talloc_strdup(i, resp->data.dsgetdcname.dc_unc); + BAIL_ON_PTR_ERROR(i->dc_unc, wbc_status); + + i->dc_address = talloc_strdup(i, resp->data.dsgetdcname.dc_address); + BAIL_ON_PTR_ERROR(i->dc_address, wbc_status); + + i->dc_address_type = resp->data.dsgetdcname.dc_address_type; + + wbc_status = wbcStringToGuid(resp->data.dsgetdcname.domain_guid, &guid); + if (WBC_ERROR_IS_OK(wbc_status)) { + i->domain_guid = talloc(i, struct wbcGuid); + BAIL_ON_PTR_ERROR(i->domain_guid, wbc_status); + + *i->domain_guid = guid; + } else { + i->domain_guid = NULL; + } + + i->domain_name = talloc_strdup(i, resp->data.dsgetdcname.domain_name); + BAIL_ON_PTR_ERROR(i->domain_name, wbc_status); + + if (resp->data.dsgetdcname.forest_name[0] != '\0') { + i->forest_name = talloc_strdup(i, + resp->data.dsgetdcname.forest_name); + BAIL_ON_PTR_ERROR(i->forest_name, wbc_status); + } else { + i->forest_name = NULL; + } + + i->dc_flags = resp->data.dsgetdcname.dc_flags; + + if (resp->data.dsgetdcname.dc_site_name[0] != '\0') { + i->dc_site_name = talloc_strdup(i, + resp->data.dsgetdcname.dc_site_name); + BAIL_ON_PTR_ERROR(i->dc_site_name, wbc_status); + } else { + i->dc_site_name = NULL; + } + + if (resp->data.dsgetdcname.client_site_name[0] != '\0') { + i->client_site_name = talloc_strdup(i, + resp->data.dsgetdcname.client_site_name); + BAIL_ON_PTR_ERROR(i->client_site_name, wbc_status); + } else { + i->client_site_name = NULL; + } + + *_i = i; + i = NULL; + +done: + talloc_free(i); + return wbc_status; +} + +/** @brief Get extended domain controller information + * + * @param domain Name of the domain to query for a DC + * @param guid Guid of the domain to query for a DC + * @param site Site of the domain to query for a DC + * @param flags Bit flags used to control the domain location query + * @param *dc_info Pointer to the returned extended domain controller information + * + * @return #wbcErr + * + **/ + +wbcErr wbcLookupDomainControllerEx(const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_response response; + + /* validate input params */ + + if (!domain || !dc_info) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + request.data.dsgetdcname.flags = flags; + + strncpy(request.data.dsgetdcname.domain_name, domain, + sizeof(request.data.dsgetdcname.domain_name)-1); + + if (site) { + strncpy(request.data.dsgetdcname.site_name, site, + sizeof(request.data.dsgetdcname.site_name)-1); + } + + if (guid) { + char *str = NULL; + + wbc_status = wbcGuidToString(guid, &str); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dsgetdcname.domain_guid, str, + sizeof(request.data.dsgetdcname.domain_guid)-1); + + wbcFreeMemory(str); + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_DSGETDCNAME, + &request, + &response); + BAIL_ON_WBC_ERROR(wbc_status); + + if (dc_info) { + wbc_status = wbc_create_domain_controller_info_ex(NULL, + &response, + dc_info); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_SUCCESS; +done: + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 48b6115612..327dafdae4 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -392,7 +392,20 @@ struct wbcDomainControllerInfo { char *dc_name; }; - +/* + * DomainControllerInfoEx struct + */ +struct wbcDomainControllerInfoEx { + const char *dc_unc; + const char *dc_address; + uint16_t dc_address_type; + struct wbcGuid *domain_guid; + const char *domain_name; + const char *forest_name; + uint32_t dc_flags; + const char *dc_site_name; + const char *client_site_name; +}; /* * Memory Management @@ -554,6 +567,12 @@ wbcErr wbcLookupDomainController(const char *domain, uint32_t flags, struct wbcDomainControllerInfo **dc_info); +wbcErr wbcLookupDomainControllerEx(const char *domain, + struct wbcGuid *guid, + const char *site, + uint32_t flags, + struct wbcDomainControllerInfoEx **dc_info); + /* * Athenticate functions */ -- cgit From dd9002cf498e177b769eabd2fed40213069cd239 Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 9 Oct 2008 09:58:39 -0400 Subject: mount.cifs: have uppercase_string return success on NULL pointer We currently don't attempt to uppercase the device portion of the mount string if there isn't a prefixpath. Fix that by making uppercase_string return success without doing anything on a NULL pointer. Signed-off-by: Jeff Layton --- source3/client/mount.cifs.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index b7a76c6102..0c30216cd4 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -996,12 +996,12 @@ static struct option longopts[] = { }; /* convert a string to uppercase. return false if the string - * wasn't ASCII or was a NULL ptr */ + * wasn't ASCII. Return success on a NULL ptr */ static int uppercase_string(char *string) { if (!string) - return 0; + return 1; while (*string) { /* check for unicode */ -- cgit From 2c9df6401c4b5cbd49c67c86c58f0515426846bb Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 9 Oct 2008 09:58:40 -0400 Subject: mount.cifs: make return codes match the return codes for /bin/mount (try #3) The manpage for /bin/mount specifies that the return code should be a positive integer (actually, it's a bitfield). Clean up the return codes from mount.cifs to make them match the expected return values from /bin/mount. This necessary for proper integration with autofs. This is the third attempt at this patch. The changes here are minor, just changing some return's from main() into exit() calls for consistency's sake. Signed-off-by: Jeff Layton --- source3/client/mount.cifs.c | 82 +++++++++++++++++++++++++-------------------- 1 file changed, 46 insertions(+), 36 deletions(-) diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index 0c30216cd4..fd8014cf9f 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -79,6 +79,15 @@ #define MOUNT_PASSWD_SIZE 64 #define DOMAIN_SIZE 64 +/* exit status - bits below are ORed */ +#define EX_USAGE 1 /* incorrect invocation or permission */ +#define EX_SYSERR 2 /* out of memory, cannot fork, ... */ +#define EX_SOFTWARE 4 /* internal mount bug or wrong version */ +#define EX_USER 8 /* user interrupt */ +#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */ +#define EX_FAIL 32 /* mount failure */ +#define EX_SOMEOK 64 /* some mount succeeded */ + const char *thisprogram; int verboseflag = 0; static int got_password = 0; @@ -174,7 +183,7 @@ static void mount_cifs_usage(void) printf("\n\t%s -V\n",thisprogram); SAFE_FREE(mountpassword); - exit(1); + exit(EX_USAGE); } /* caller frees username if necessary */ @@ -233,7 +242,7 @@ static int open_cred_file(char * file_name) if(length > 4086) { printf("mount.cifs failed due to malformed username in credentials file"); memset(line_buf,0,4096); - exit(1); + exit(EX_USAGE); } else { got_user = 1; user_name = (char *)calloc(1 + length,1); @@ -257,7 +266,7 @@ static int open_cred_file(char * file_name) if(length > MOUNT_PASSWD_SIZE) { printf("mount.cifs failed: password in credentials file too long\n"); memset(line_buf,0, 4096); - exit(1); + exit(EX_USAGE); } else { if(mountpassword == NULL) { mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); @@ -285,7 +294,7 @@ static int open_cred_file(char * file_name) } if(length > DOMAIN_SIZE) { printf("mount.cifs failed: domain in credentials file too long\n"); - exit(1); + exit(EX_USAGE); } else { if(domain_name == NULL) { domain_name = (char *)calloc(DOMAIN_SIZE+1,1); @@ -318,7 +327,7 @@ static int get_password_from_file(int file_descript, char * filename) if (mountpassword == NULL) { printf("malloc failed\n"); - exit(1); + exit(EX_SYSERR); } if(filename != NULL) { @@ -326,7 +335,7 @@ static int get_password_from_file(int file_descript, char * filename) if(file_descript < 0) { printf("mount.cifs failed. %s attempting to open password file %s\n", strerror(errno),filename); - exit(1); + exit(EX_SYSERR); } } /* else file already open and fd provided */ @@ -337,7 +346,7 @@ static int get_password_from_file(int file_descript, char * filename) printf("mount.cifs failed. Error %s reading password file\n",strerror(errno)); if(filename != NULL) close(file_descript); - exit(1); + exit(EX_SYSERR); } else if(rc == 0) { if(mountpassword[0] == 0) { if(verboseflag) @@ -563,7 +572,7 @@ static int parse_options(char ** optionsp, int * filesys_flags) if (!(pw = getpwnam(value))) { printf("bad user name \"%s\"\n", value); - exit(1); + exit(EX_USAGE); } snprintf(user, sizeof(user), "%u", pw->pw_uid); } else { @@ -579,7 +588,7 @@ static int parse_options(char ** optionsp, int * filesys_flags) if (!(gr = getgrnam(value))) { printf("bad group name \"%s\"\n", value); - exit(1); + exit(EX_USAGE); } snprintf(group, sizeof(group), "%u", gr->gr_gid); } else { @@ -674,7 +683,7 @@ static int parse_options(char ** optionsp, int * filesys_flags) out = (char *)realloc(out, out_len + word_len + 2); if (out == NULL) { perror("malloc"); - exit(1); + exit(EX_SYSERR); } if (out_len) { @@ -699,7 +708,7 @@ nocopy: out = (char *)realloc(out, out_len + word_len + 6); if (out == NULL) { perror("malloc"); - exit(1); + exit(EX_SYSERR); } if (out_len) { @@ -715,7 +724,7 @@ nocopy: out = (char *)realloc(out, out_len + 1 + word_len + 6); if (out == NULL) { perror("malloc"); - exit(1); + exit(EX_SYSERR); } if (out_len) { @@ -1050,7 +1059,7 @@ int main(int argc, char ** argv) thisprogram = argv[0]; } else { mount_cifs_usage(); - exit(1); + exit(EX_USAGE); } if(thisprogram == NULL) @@ -1067,12 +1076,12 @@ int main(int argc, char ** argv) share_name = strndup(argv[1], MAX_UNC_LEN); if (share_name == NULL) { fprintf(stderr, "%s: %s", argv[0], strerror(ENOMEM)); - exit(1); + exit(EX_SYSERR); } mountpoint = argv[2]; } else { mount_cifs_usage(); - exit(1); + exit(EX_USAGE); } /* add sharename in opts string as unc= parm */ @@ -1094,7 +1103,7 @@ int main(int argc, char ** argv) case '?': case 'h': /* help */ mount_cifs_usage (); - exit(1); + exit(EX_USAGE); case 'n': ++nomtab; break; @@ -1148,14 +1157,14 @@ int main(int argc, char ** argv) uid = strtoul(optarg, &ep, 10); if (*ep) { printf("bad uid value \"%s\"\n", optarg); - exit(1); + exit(EX_USAGE); } } else { struct passwd *pw; if (!(pw = getpwnam(optarg))) { printf("bad user name \"%s\"\n", optarg); - exit(1); + exit(EX_USAGE); } uid = pw->pw_uid; endpwent(); @@ -1168,14 +1177,14 @@ int main(int argc, char ** argv) gid = strtoul(optarg, &ep, 10); if (*ep) { printf("bad gid value \"%s\"\n", optarg); - exit(1); + exit(EX_USAGE); } } else { struct group *gr; if (!(gr = getgrnam(optarg))) { printf("bad user name \"%s\"\n", optarg); - exit(1); + exit(EX_USAGE); } gid = gr->gr_gid; endpwent(); @@ -1205,13 +1214,13 @@ int main(int argc, char ** argv) default: printf("unknown mount option %c\n",c); mount_cifs_usage(); - exit(1); + exit(EX_USAGE); } } if((argc < 3) || (dev_name == NULL) || (mountpoint == NULL)) { mount_cifs_usage(); - exit(1); + exit(EX_USAGE); } if (getenv("PASSWD")) { @@ -1228,13 +1237,13 @@ int main(int argc, char ** argv) } if (orgoptions && parse_options(&orgoptions, &flags)) { - rc = -1; + rc = EX_USAGE; goto mount_exit; } ipaddr = parse_server(&share_name); if((ipaddr == NULL) && (got_ip == 0)) { printf("No ip address specified and hostname not found\n"); - rc = -1; + rc = EX_USAGE; goto mount_exit; } @@ -1249,19 +1258,19 @@ int main(int argc, char ** argv) } if(chdir(mountpoint)) { printf("mount error: can not change directory into mount target %s\n",mountpoint); - rc = -1; + rc = EX_USAGE; goto mount_exit; } if(stat (".", &statbuf)) { printf("mount error: mount point %s does not exist\n",mountpoint); - rc = -1; + rc = EX_USAGE; goto mount_exit; } if (S_ISDIR(statbuf.st_mode) == 0) { printf("mount error: mount point %s is not a directory\n",mountpoint); - rc = -1; + rc = EX_USAGE; goto mount_exit; } @@ -1274,7 +1283,7 @@ int main(int argc, char ** argv) #endif } else { printf("mount error: permission denied or not superuser and mount.cifs not installed SUID\n"); - return -1; + exit(EX_USAGE); } } @@ -1289,7 +1298,7 @@ int main(int argc, char ** argv) mountpassword = (char *)calloc(MOUNT_PASSWD_SIZE+1,1); if (!tmp_pass || !mountpassword) { printf("Password not entered, exiting\n"); - return -1; + exit(EX_USAGE); } strlcpy(mountpassword, tmp_pass, MOUNT_PASSWD_SIZE+1); got_password = 1; @@ -1307,7 +1316,7 @@ mount_retry: else { printf("No server share name specified\n"); printf("\nMounting the DFS root for server not implemented yet\n"); - exit(1); + exit(EX_USAGE); } if(user_name) optlen += strlen(user_name) + 6; @@ -1321,7 +1330,7 @@ mount_retry: if(options == NULL) { printf("Could not allocate memory for mount options\n"); - return -1; + exit(EX_SYSERR); } options[0] = 0; @@ -1400,8 +1409,7 @@ mount_retry: printf("mount error %d = %s\n",errno,strerror(errno)); } printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); - rc = -1; - goto mount_exit; + rc = EX_FAIL; } else { pmntfile = setmntent(MOUNTED, "a+"); if(pmntfile) { @@ -1439,11 +1447,13 @@ mount_retry: rc = addmntent(pmntfile,&mountent); endmntent(pmntfile); SAFE_FREE(mountent.mnt_opts); + if (rc) + rc = EX_FILEIO; } else { - printf("could not update mount table\n"); + printf("could not update mount table\n"); + rc = EX_FILEIO; } } - rc = 0; mount_exit: if(mountpassword) { int len = strlen(mountpassword); @@ -1455,5 +1465,5 @@ mount_exit: SAFE_FREE(orgoptions); SAFE_FREE(resolved_path); SAFE_FREE(share_name); - return rc; + exit(rc); } -- cgit From 45b359a77f006a366837efa3ad51570942bc4faa Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 9 Oct 2008 17:22:59 +0200 Subject: Make use of ZERO_STRUCT (the first memset was actually wrong) --- source3/modules/vfs_gpfs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 29ea7f0abe..fa0b4e97a5 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -179,7 +179,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl) "who: %d\n", gace->aceType, gace->aceIFlags, gace->aceFlags, gace->aceMask, gace->aceWho)); - memset(&smbace, 0, sizeof(SMB4ACE_T)); + ZERO_STRUCT(smbace); if (gace->aceIFlags & ACE4_IFLAG_SPECIAL_ID) { smbace.flags |= SMB_ACE4_ID_SPECIAL; switch (gace->aceWho) { @@ -739,7 +739,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) if (haveAllowEntry[i]==True) continue; - memset(&ace, 0, sizeof(SMB_ACE4PROP_T)); + ZERO_STRUCT(ace); ace.aceType = SMB_ACE4_ACCESS_ALLOWED_ACE_TYPE; ace.flags |= SMB_ACE4_ID_SPECIAL; ace.who.special_id = i; @@ -761,7 +761,7 @@ static int gpfsacl_emu_chmod(const char *path, mode_t mode) } /* don't add complementary DENY ACEs here */ - memset(&fake_fsp, 0, sizeof(struct files_struct)); + ZERO_STRUCT(fake_fsp); fake_fsp.fsp_name = (char *)path; /* no file_new is needed here */ /* put the acl */ -- cgit From e5692d4cbe70dc4f2aba88db4fa3b68c572c6142 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Oct 2008 09:49:03 -0700 Subject: Remove SEC_ACCESS. It's a uint32_t. Jeremy. --- source3/include/proto.h | 3 +-- source3/include/rpc_secdes.h | 3 --- source3/lib/display_sec.c | 2 +- source3/lib/secace.c | 2 +- source3/lib/secdesc.c | 13 +------------ source3/lib/sharesec.c | 8 ++++---- source3/lib/util_seaccess.c | 14 +++++++------- source3/libgpo/gpo_reg.c | 14 +++++++------- source3/libsmb/libsmb_xattr.c | 2 +- source3/modules/nfs4_acls.c | 4 ++-- source3/modules/vfs_afsacl.c | 6 ++---- source3/printing/nt_printing.c | 10 +++++----- source3/registry/reg_dispatcher.c | 10 +++------- source3/rpc_server/srv_lsa_nt.c | 10 +++------- source3/rpc_server/srv_samr_nt.c | 19 +++++++++---------- source3/rpc_server/srv_svcctl_nt.c | 9 ++++----- source3/services/services_db.c | 16 ++++++++-------- source3/smbd/posix_acls.c | 26 +++++++------------------- source3/utils/sharesec.c | 2 +- source3/utils/smbcacls.c | 2 +- 20 files changed, 68 insertions(+), 107 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 99557a25a1..b7a7ed5479 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -497,7 +497,7 @@ TALLOC_CTX *debug_ctx(void); /* The following definitions come from lib/display_sec.c */ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type); -void display_sec_access(SEC_ACCESS *info); +void display_sec_access(uint32_t *info); void display_sec_ace_flags(uint8_t flags); void display_sec_ace(SEC_ACE *ace); void display_sec_acl(SEC_ACL *sec_acl); @@ -776,7 +776,6 @@ NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask); NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size); SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, bool child_container); -void init_sec_access(uint32 *t, uint32 mask); /* The following definitions come from lib/select.c */ diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 83103b7386..71fba41fe9 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -70,9 +70,6 @@ PROTECTED_SACL_SECURITY_INFORMATION|\ PROTECTED_DACL_SECURITY_INFORMATION) -/* SEC_ACCESS */ -typedef uint32 SEC_ACCESS; - /* SEC_ACE */ typedef struct security_ace SEC_ACE; #define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32)) diff --git a/source3/lib/display_sec.c b/source3/lib/display_sec.c index 67392e4568..5427a8173e 100644 --- a/source3/lib/display_sec.c +++ b/source3/lib/display_sec.c @@ -118,7 +118,7 @@ char *get_sec_mask_str(TALLOC_CTX *ctx, uint32 type) /**************************************************************************** display sec_access structure ****************************************************************************/ -void display_sec_access(SEC_ACCESS *info) +void display_sec_access(uint32_t *info) { char *mask_str = get_sec_mask_str(NULL, *info); printf("\t\tPermissions: 0x%x: %s\n", *info, mask_str ? mask_str : ""); diff --git a/source3/lib/secace.c b/source3/lib/secace.c index 8760a6109a..9f5a0c02ba 100644 --- a/source3/lib/secace.c +++ b/source3/lib/secace.c @@ -55,7 +55,7 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ********************************************************************/ void init_sec_ace(SEC_ACE *t, const DOM_SID *sid, enum security_ace_type type, - uint32 mask, uint8 flag) + uint32_t mask, uint8 flag) { t->type = type; t->flags = flag; diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 4965200bc1..52ff067d6a 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -512,7 +512,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, if (!inherit) continue; - init_sec_access(&new_ace->access_mask, ace->access_mask); + new_ace->access_mask = ace->access_mask; init_sec_ace(new_ace, &ace->trustee, ace->type, new_ace->access_mask, new_flags); @@ -546,14 +546,3 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr, return sdb; } - -/******************************************************************* - Sets up a SEC_ACCESS structure. -********************************************************************/ - -void init_sec_access(uint32 *t, uint32 mask) -{ - *t = mask; -} - - diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 33f66ca47f..298655e181 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -124,7 +124,7 @@ static bool share_info_db_init(void) SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def_access) { - SEC_ACCESS sa; + uint32_t sa; SEC_ACE ace; SEC_ACL *psa = NULL; SEC_DESC *psd = NULL; @@ -132,7 +132,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def se_map_generic(&spec_access, &file_generic_mapping); - init_sec_access(&sa, def_access | spec_access ); + sa = (def_access | spec_access ); init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { @@ -332,7 +332,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) } for (i = 0; i < num_aces; i++) { - SEC_ACCESS sa; + uint32_t sa; uint32 g_access; uint32 s_access; DOM_SID sid; @@ -380,7 +380,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) pacl++; /* Go past any ',' */ se_map_generic(&s_access, &file_generic_mapping); - init_sec_access(&sa, g_access | s_access ); + sa = (g_access | s_access); init_sec_ace(&ace_list[i], &sid, type, sa, 0); } diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c index cab4261adf..7e461556b3 100644 --- a/source3/lib/util_seaccess.c +++ b/source3/lib/util_seaccess.c @@ -30,7 +30,7 @@ extern NT_USER_TOKEN anonymous_token; static uint32 check_ace(SEC_ACE *ace, const NT_USER_TOKEN *token, uint32 acc_desired, NTSTATUS *status) { - uint32 mask = ace->access_mask; + uint32_t mask = ace->access_mask; /* * Inherit only is ignored. @@ -346,7 +346,6 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) DOM_SID act_sid; SEC_ACE ace[3]; - SEC_ACCESS mask; SEC_ACL *psa = NULL; @@ -357,13 +356,14 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS); /*basic access for every one*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); /*full access for builtin aliases Administrators and Account Operators*/ - init_sec_access(&mask, GENERIC_RIGHTS_SAM_ALL_ACCESS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[2], &act_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[1], &adm_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); + init_sec_ace(&ace[2], &act_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c index 920deeb189..d49315021e 100644 --- a/source3/libgpo/gpo_reg.c +++ b/source3/libgpo/gpo_reg.c @@ -689,25 +689,25 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, size_t *sd_size) { SEC_ACE ace[6]; - SEC_ACCESS mask; + uint32_t mask; SEC_ACL *acl = NULL; uint8_t inherit_flags; - init_sec_access(&mask, REG_KEY_ALL); + mask = REG_KEY_ALL; init_sec_ace(&ace[0], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_access(&mask, REG_KEY_ALL); + mask = REG_KEY_ALL; init_sec_ace(&ace[1], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_access(&mask, REG_KEY_READ); + mask = REG_KEY_READ; init_sec_ace(&ace[2], sid ? sid : &global_sid_Authenticated_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, @@ -717,19 +717,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, SEC_ACE_FLAG_CONTAINER_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY; - init_sec_access(&mask, REG_KEY_ALL); + mask = REG_KEY_ALL; init_sec_ace(&ace[3], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, inherit_flags); - init_sec_access(&mask, REG_KEY_ALL); + mask = REG_KEY_ALL; init_sec_ace(&ace[4], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, inherit_flags); - init_sec_access(&mask, REG_KEY_READ); + mask = REG_KEY_READ; init_sec_ace(&ace[5], sid ? sid : &global_sid_Authenticated_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c index f1b3d1415e..ea2c46953c 100644 --- a/source3/libsmb/libsmb_xattr.c +++ b/source3/libsmb/libsmb_xattr.c @@ -266,7 +266,7 @@ parse_ace(struct cli_state *ipc_cli, unsigned int aflags; unsigned int amask; DOM_SID sid; - SEC_ACCESS mask; + uint32_t mask; const struct perm_value *v; struct perm_value { const char *perm; diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index f1b8cfffce..f411176590 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -221,7 +221,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */ } for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { - SEC_ACCESS mask; + uint32_t mask; DOM_SID sid; SMB_ACE4PROP_T *ace = &aceint->prop; @@ -256,7 +256,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */ DEBUG(10, ("mapped %d to %s\n", ace->who.id, sid_string_dbg(&sid))); - init_sec_access(&mask, ace->aceMask); + mask = ace->aceMask; init_sec_ace(&nt_ace_list[good_aces++], &sid, ace->aceType, mask, ace->aceFlags & 0xf); diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index c78369ac13..8c89d2fd9f 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -592,7 +592,6 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, { SEC_ACE *nt_ace_list; DOM_SID owner_sid, group_sid; - SEC_ACCESS mask; SEC_ACL *psa = NULL; int good_aces; size_t sd_size; @@ -616,7 +615,7 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, good_aces = 0; while (afs_ace != NULL) { - uint32 nt_rights; + uint32_t nt_rights; uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_CONTAINER_INHERIT; @@ -633,9 +632,8 @@ static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl, else nt_rights = afs_to_nt_file_rights(afs_ace->rights); - init_sec_access(&mask, nt_rights); init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid), - SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag); + SEC_ACE_TYPE_ACCESS_ALLOWED, nt_rights, flag); afs_ace = afs_ace->next; } diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 19c44d1bbb..850375e82b 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -5493,7 +5493,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) { SEC_ACE ace[5]; /* max number of ace entries */ int i = 0; - SEC_ACCESS sa; + uint32_t sa; SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; SEC_DESC *psd = NULL; @@ -5502,7 +5502,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) /* Create an ACE where Everyone is allowed to print */ - init_sec_access(&sa, PRINTER_ACE_PRINT); + sa = PRINTER_ACE_PRINT; init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); @@ -5514,7 +5514,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) sid_copy(&domadmins_sid, get_global_sam_sid()); sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS); - init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL); + sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); @@ -5524,7 +5524,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); - init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL); + sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); @@ -5534,7 +5534,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) /* add BUILTIN\Administrators as FULL CONTROL */ - init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL); + sa = PRINTER_ACE_FULL_CONTROL; init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c index c68ecdedeb..d06410a1b3 100644 --- a/source3/registry/reg_dispatcher.c +++ b/source3/registry/reg_dispatcher.c @@ -37,7 +37,6 @@ static const struct generic_mapping reg_generic_map = static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd) { SEC_ACE ace[3]; - SEC_ACCESS mask; size_t i = 0; SEC_DESC *sd; SEC_ACL *acl; @@ -45,21 +44,18 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd) /* basic access for Everyone */ - init_sec_access(&mask, REG_KEY_READ); init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); + REG_KEY_READ, 0); /* Full Access 'BUILTIN\Administrators' */ - init_sec_access(&mask, REG_KEY_ALL); init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, - SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0); /* Full Access 'NT Authority\System' */ - init_sec_access(&mask, REG_KEY_ALL ); init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, - mask, 0); + REG_KEY_ALL, 0); /* create the security descriptor */ diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 94517f3478..0e9d121242 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -290,22 +290,18 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s DOM_SID adm_sid; SEC_ACE ace[3]; - SEC_ACCESS mask; SEC_ACL *psa = NULL; - init_sec_access(&mask, LSA_POLICY_EXECUTE); - init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_EXECUTE, 0); sid_copy(&adm_sid, get_global_sam_sid()); sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); - init_sec_access(&mask, LSA_POLICY_ALL_ACCESS); - init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[1], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0); sid_copy(&local_adm_sid, &global_sid_Builtin); sid_append_rid(&local_adm_sid, BUILTIN_ALIAS_RID_ADMINS); - init_sec_access(&mask, LSA_POLICY_ALL_ACCESS); - init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[2], &local_adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, LSA_POLICY_ALL_ACCESS, 0); if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL) return NT_STATUS_NO_MEMORY; diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 1b1e98c049..6455f02374 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -113,36 +113,35 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd { DOM_SID domadmin_sid; SEC_ACE ace[5]; /* at most 5 entries */ - SEC_ACCESS mask; size_t i = 0; SEC_ACL *psa = NULL; /* basic access for Everyone */ - init_sec_access(&mask, map->generic_execute | map->generic_read ); - init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, + map->generic_execute | map->generic_read, 0); /* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ - init_sec_access(&mask, map->generic_all); - - init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); /* Add Full Access for Domain Admins if we are a DC */ if ( IS_DC ) { sid_copy( &domadmin_sid, get_global_sam_sid() ); sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); - init_sec_ace(&ace[i++], &domadmin_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &domadmin_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); } /* if we have a sid, give it some special access */ if ( sid ) { - init_sec_access( &mask, sid_access ); - init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0); } /* create the security descriptor */ diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 6bb538a311..a57d0ff4a4 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -140,7 +140,6 @@ static NTSTATUS svcctl_access_check( SEC_DESC *sec_desc, NT_USER_TOKEN *token, static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx ) { SEC_ACE ace[2]; - SEC_ACCESS mask; size_t i = 0; SEC_DESC *sd; SEC_ACL *acl; @@ -148,13 +147,13 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx ) /* basic access for Everyone */ - init_sec_access(&mask, SC_MANAGER_READ_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0); /* Full Access 'BUILTIN\Administrators' */ - init_sec_access(&mask,SC_MANAGER_ALL_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, + SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0); /* create the security descriptor */ diff --git a/source3/services/services_db.c b/source3/services/services_db.c index 8f58c2dbfa..0f5264bcd8 100644 --- a/source3/services/services_db.c +++ b/source3/services/services_db.c @@ -89,7 +89,6 @@ struct service_display_info common_unix_svcs[] = { static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx ) { SEC_ACE ace[4]; - SEC_ACCESS mask; size_t i = 0; SEC_DESC *sd = NULL; SEC_ACL *acl = NULL; @@ -97,15 +96,16 @@ static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx ) /* basic access for Everyone */ - init_sec_access(&mask, SERVICE_READ_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0); - init_sec_access(&mask,SERVICE_EXECUTE_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0); - init_sec_access(&mask,SERVICE_ALL_ACCESS ); - init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); - init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, SEC_ACE_TYPE_ACCESS_ALLOWED, mask, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); + init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, + SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); /* create the security descriptor */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index da17e53b2c..4e35e9deaa 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -890,13 +890,12 @@ static bool nt4_compatible_acls(void) not get. Deny entries are implicit on get with ace->perms = 0. ****************************************************************************/ -static SEC_ACCESS map_canon_ace_perms(int snum, +static uint32_t map_canon_ace_perms(int snum, enum security_ace_type *pacl_type, mode_t perms, bool directory_ace) { - SEC_ACCESS sa; - uint32 nt_mask = 0; + uint32_t nt_mask = 0; *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED; @@ -935,8 +934,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum, DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n", (unsigned int)perms, (unsigned int)nt_mask )); - init_sec_access(&sa,nt_mask); - return sa; + return nt_mask; } /**************************************************************************** @@ -2962,9 +2960,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, */ for (ace = file_ace; ace != NULL; ace = ace->next) { - SEC_ACCESS acc; - - acc = map_canon_ace_perms(SNUM(conn), + uint32_t acc = map_canon_ace_perms(SNUM(conn), &nt_acl_type, ace->perms, S_ISDIR(sbuf->st_mode)); @@ -2979,19 +2975,14 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, /* The User must have access to a profile share - even * if we can't map the SID. */ if (lp_profile_acls(SNUM(conn))) { - SEC_ACCESS acc; - - init_sec_access(&acc,FILE_GENERIC_ALL); init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, - acc, 0); + FILE_GENERIC_ALL, 0); } for (ace = dir_ace; ace != NULL; ace = ace->next) { - SEC_ACCESS acc; - - acc = map_canon_ace_perms(SNUM(conn), + uint32_t acc = map_canon_ace_perms(SNUM(conn), &nt_acl_type, ace->perms, S_ISDIR(sbuf->st_mode)); @@ -3009,10 +3000,7 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, /* The User must have access to a profile share - even * if we can't map the SID. */ if (lp_profile_acls(SNUM(conn))) { - SEC_ACCESS acc; - - init_sec_access(&acc,FILE_GENERIC_ALL); - init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc, + init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_ALL, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| SEC_ACE_FLAG_INHERIT_ONLY|0); } diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c index 46f9ecdc7d..3ad949a6d3 100644 --- a/source3/utils/sharesec.c +++ b/source3/utils/sharesec.c @@ -153,7 +153,7 @@ static bool parse_ace(SEC_ACE *ace, const char *orig_str) unsigned int aflags = 0; unsigned int amask = 0; DOM_SID sid; - SEC_ACCESS mask; + uint32_t mask; const struct perm_value *v; char *str = SMB_STRDUP(orig_str); TALLOC_CTX *frame = talloc_stackframe(); diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c index d488ce2187..eda8732c89 100644 --- a/source3/utils/smbcacls.c +++ b/source3/utils/smbcacls.c @@ -275,7 +275,7 @@ static bool parse_ace(struct cli_state *cli, SEC_ACE *ace, unsigned int aflags = 0; unsigned int amask = 0; DOM_SID sid; - SEC_ACCESS mask; + uint32_t mask; const struct perm_value *v; char *str = SMB_STRDUP(orig_str); TALLOC_CTX *frame = talloc_stackframe(); -- cgit From decd04d946287729866f6b43648d34650211b073 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 9 Oct 2008 15:40:00 -0700 Subject: Ensure we handle signals correctly during the async calls. Jeremy. --- source3/libsmb/async_smb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/libsmb/async_smb.c b/source3/libsmb/async_smb.c index fb35ecbe1f..68495076b6 100644 --- a/source3/libsmb/async_smb.c +++ b/source3/libsmb/async_smb.c @@ -924,7 +924,7 @@ static void cli_state_handler(struct event_context *event_ctx, } cli->evt_inbuf = tmp; - res = recv(cli->fd, cli->evt_inbuf + old_size, available, 0); + res = sys_recv(cli->fd, cli->evt_inbuf + old_size, available, 0); if (res == -1) { DEBUG(10, ("recv failed: %s\n", strerror(errno))); status = map_nt_error_from_unix(errno); @@ -970,7 +970,7 @@ static void cli_state_handler(struct event_context *event_ctx, return; } - sent = send(cli->fd, req->outbuf + req->sent, + sent = sys_send(cli->fd, req->outbuf + req->sent, to_send - req->sent, 0); if (sent < 0) { -- cgit From 9b331df4124118f3957c281023fe8dd11edd44be Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 8 Oct 2008 11:48:01 -0700 Subject: Add support for autogen to take a --version-file argument --- source3/autogen.sh | 14 +++++++++++++- source4/autogen.sh | 14 +++++++++++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/source3/autogen.sh b/source3/autogen.sh index deed774b39..61316a8f70 100755 --- a/source3/autogen.sh +++ b/source3/autogen.sh @@ -2,6 +2,18 @@ # Run this script to build samba from GIT. +while true; do + case $1 in + (--version-file) + VERSION_FILE=$2 + shift 2 + ;; + (*) + break + ;; + esac +done + ## insert all possible names (only works with ## autoconf 2.x) TESTAUTOHEADER="autoheader autoheader-2.53 autoheader2.50 autoheader259 autoheader253" @@ -48,7 +60,7 @@ if test "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0"; then fi echo "$0: running script/mkversion.sh" -./script/mkversion.sh || exit 1 +./script/mkversion.sh $VERSION_FILE || exit 1 rm -rf autom4te*.cache rm -f configure include/config.h* diff --git a/source4/autogen.sh b/source4/autogen.sh index a56c5a2238..9984712caf 100755 --- a/source4/autogen.sh +++ b/source4/autogen.sh @@ -2,6 +2,18 @@ # Run this script to build samba from git. +while true; do + case $1 in + (--version-file) + VERSION_FILE=$2 + shift 2 + ;; + (*) + break + ;; + esac +done + ## insert all possible names (only works with ## autoconf 2.x) TESTAUTOHEADER="autoheader autoheader-2.53 autoheader2.50 autoheader259 autoheader253" @@ -48,7 +60,7 @@ if test "$AUTOCONFFOUND" = "0" -o "$AUTOHEADERFOUND" = "0"; then fi echo "$0: running script/mkversion.sh" -./script/mkversion.sh || exit 1 +./script/mkversion.sh $VERSION_FILE || exit 1 rm -rf autom4te*.cache rm -f configure include/config_tmp.h* -- cgit From 10f65cc4ca5a48b6f4dc8c4de23e59628b6f95b2 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 8 Oct 2008 11:06:18 -0700 Subject: remove common lib object files on make cleanlib from source3 source4 already cleans up the object files on make clean. This patch modifies source3 to also do this. --- source3/Makefile.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/Makefile.in b/source3/Makefile.in index 18581badea..175dcb36be 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2660,6 +2660,10 @@ uninstallpammodules:: # Toplevel clean files TOPFILES=dynconfig.o +cleanlibs:: + -rm -f ../lib/*/*.o ../lib/*/*/*.o \ + ../libcli/*.o ../libcli/*/*.o + clean:: cleanlibs -rm -f include/build_env.h -rm -f smbd/build_options.c -- cgit From 83f55e07557579cd0b9fe3972947fb2327990014 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 7 Oct 2008 18:54:08 +0200 Subject: krb5_locator: use wbcLookupDomainControllerEx() for query. Guenther --- source3/Makefile.in | 6 ++--- source3/nsswitch/winbind_krb5_locator.c | 39 +++++++++++++++------------------ 2 files changed, 21 insertions(+), 24 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 175dcb36be..3ef197bcf2 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1078,7 +1078,7 @@ LDBDEL_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbdel.o LDBMODIFY_OBJ = $(LDB_CMDLINE_OBJ) lib/ldb/tools/ldbmodify.o WINBIND_KRB5_LOCATOR_OBJ1 = nsswitch/winbind_krb5_locator.o -WINBIND_KRB5_LOCATOR_OBJ = $(WINBIND_KRB5_LOCATOR_OBJ1) $(WBCOMMON_OBJ) $(LIBREPLACE_OBJ) +WINBIND_KRB5_LOCATOR_OBJ = $(WINBIND_KRB5_LOCATOR_OBJ1) $(LIBREPLACE_OBJ) POPT_OBJ=../lib/popt/findme.o ../lib/popt/popt.o ../lib/popt/poptconfig.o \ ../lib/popt/popthelp.o ../lib/popt/poptparse.o @@ -2177,9 +2177,9 @@ bin/vlp@EXEEXT@: $(BINARY_PREREQS) $(VLP_OBJ) @LIBTALLOC_SHARED@ @LIBTDB_SHARED@ $(LDAP_LIBS) $(KRB5LIBS) $(LIBS) $(LIBTALLOC_LIBS) $(LIBTDB_LIBS) \ @SONAMEFLAG@`basename $@`@NSSSONAMEVERSIONSUFFIX@ -bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) +bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OBJ) @LIBWBCLIENT_SHARED@ @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) \ + @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \ @SONAMEFLAG@`basename $@` bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) diff --git a/source3/nsswitch/winbind_krb5_locator.c b/source3/nsswitch/winbind_krb5_locator.c index 7eecd13b70..b9e35bdec5 100644 --- a/source3/nsswitch/winbind_krb5_locator.c +++ b/source3/nsswitch/winbind_krb5_locator.c @@ -18,6 +18,7 @@ */ #include "nsswitch/winbind_client.h" +#include "libwbclient/wbclient.h" #ifndef DEBUG_KRB5 #undef DEBUG_KRB5 @@ -244,54 +245,50 @@ static void smb_krb5_locator_close(void *private_data) static bool ask_winbind(const char *realm, char **dcname) { - NSS_STATUS status; - struct winbindd_request request; - struct winbindd_response response; + wbcErr wbc_status; const char *dc = NULL; + struct wbcDomainControllerInfoEx *dc_info = NULL; + uint32_t flags; - ZERO_STRUCT(request); - ZERO_STRUCT(response); + flags = WBC_LOOKUP_DC_KDC_REQUIRED | + WBC_LOOKUP_DC_IS_DNS_NAME | + WBC_LOOKUP_DC_RETURN_DNS_NAME | + WBC_LOOKUP_DC_IP_REQUIRED; - request.data.dsgetdcname.flags = 0x40020600; - /* DS_KDC_REQUIRED | - DS_IS_DNS_NAME | - DS_RETURN_DNS_NAME | - DS_IP_REQUIRED */ + wbc_status = wbcLookupDomainControllerEx(realm, NULL, NULL, flags, &dc_info); - strncpy(request.data.dsgetdcname.domain_name, realm, - sizeof(request.data.dsgetdcname.domain_name)-1); - - status = winbindd_request_response(WINBINDD_DSGETDCNAME, - &request, &response); - if (status != NSS_STATUS_SUCCESS) { + if (!WBC_ERROR_IS_OK(wbc_status)) { #ifdef DEBUG_KRB5 fprintf(stderr,"[%5u]: smb_krb5_locator_lookup: failed with: %s\n", - (unsigned int)getpid(), nss_err_str(status)); + (unsigned int)getpid(), wbcErrorString(wbc_status)); #endif return false; } - if (response.data.dsgetdcname.dc_address[0] != '\0') { - dc = response.data.dsgetdcname.dc_address; + if (dc_info->dc_address) { + dc = dc_info->dc_address; if (dc[0] == '\\') dc++; if (dc[0] == '\\') dc++; } - if (!dc && response.data.dsgetdcname.dc_unc[0] != '\0') { - dc = response.data.dsgetdcname.dc_unc; + if (!dc && dc_info->dc_unc) { + dc = dc_info->dc_unc; if (dc[0] == '\\') dc++; if (dc[0] == '\\') dc++; } if (!dc) { + wbcFreeMemory(dc_info); return false; } *dcname = strdup(dc); if (!*dcname) { + wbcFreeMemory(dc_info); return false; } + wbcFreeMemory(dc_info); return true; } -- cgit From aa22ab1404d6af50cd92c2ad9278c4b551497d24 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 17:09:42 +0200 Subject: Fix executability of samba3-srv. --- pidl/TODO | 3 --- pidl/tests/samba3-srv.pl | 0 2 files changed, 3 deletions(-) mode change 100644 => 100755 pidl/tests/samba3-srv.pl diff --git a/pidl/TODO b/pidl/TODO index 8886441a75..87ae0c5fd3 100644 --- a/pidl/TODO +++ b/pidl/TODO @@ -1,8 +1,5 @@ - warn when union instances don't have a discriminant -- EJS output backend shouldn't use the NDR levels stuff but instead - as the "C levels" and NDR levels don't necessarily match. - - true multiple dimension array / strings in arrays support - compatibility mode for generating MIDL-readable data: diff --git a/pidl/tests/samba3-srv.pl b/pidl/tests/samba3-srv.pl old mode 100644 new mode 100755 -- cgit From 63291018df809296479147a91c055e296b9ce772 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 8 Oct 2008 17:19:46 +0200 Subject: Use const. --- source4/torture/raw/chkpath.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/source4/torture/raw/chkpath.c b/source4/torture/raw/chkpath.c index 2ed83d308c..68ef8e226d 100644 --- a/source4/torture/raw/chkpath.c +++ b/source4/torture/raw/chkpath.c @@ -147,11 +147,11 @@ static bool test_chkpath(struct smbcli_state *cli, struct torture_context *tctx) } ret &= test_path_ex(cli, tctx, BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR) + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\foo\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\f\\o\\o\\..\\..\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); - ret &= test_path_ex(cli, tctx, ((char *)BASEDIR"\\foo\\\\..\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR) + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\f\\o\\o\\..\\..\\..") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); + ret &= test_path_ex(cli, tctx, ((const char *)BASEDIR"\\foo\\\\..\\\\") + 1, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\\\..\\"BASEDIR, BASEDIR, NT_STATUS_OK, NT_STATUS_OK); ret &= test_path_ex(cli, tctx, BASEDIR"\\\\\\", BASEDIR, NT_STATUS_OK, NT_STATUS_OK); -- cgit From 08d3918cf8773f1a3f67a82123ebe006ea581e4e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Oct 2008 15:13:14 +0200 Subject: libwbclient: fix wbcAuthenticateUserEx() to not ignore provided flags field. Guenther --- source3/nsswitch/libwbclient/wbc_pam.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 70e2aa60a5..91ea72f05f 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -332,6 +332,7 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, params->account_name, sizeof(request.data.auth.user)-1); } + strncpy(request.data.auth.pass, params->password.plaintext, sizeof(request.data.auth.pass)-1); @@ -417,6 +418,10 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, BAIL_ON_WBC_ERROR(wbc_status); } + if (params->flags) { + request.flags |= params->flags; + } + wbc_status = wbcRequestResponse(cmd, &request, &response); -- cgit From 4464011ceaca803349052ed43217710fc3c33a9e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Oct 2008 10:54:06 +0200 Subject: libwbclient: add wbcBlob and wbcNamedBlob. Guenther --- source3/nsswitch/libwbclient/wbclient.h | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 327dafdae4..5f6e3be966 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -218,6 +218,25 @@ struct wbcAuthUserParams { } password; }; +/** + * @brief Generic Blob + **/ + +struct wbcBlob { + uint8_t *data; + size_t length; +}; + +/** + * @brief Named Blob + **/ + +struct wbcNamedBlob { + const char *name; + uint32_t flags; + struct wbcBlob blob; +}; + /** * @brief ChangePassword Parameters **/ -- cgit From be6e21f9ead06da64f6f96c125612dd4854c0fc4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 25 Sep 2008 01:31:12 +0200 Subject: libwbclient: add wbcAddNamedBlob. Guenther --- source3/nsswitch/libwbclient/wbc_util.c | 45 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 10 +++++++- 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/source3/nsswitch/libwbclient/wbc_util.c b/source3/nsswitch/libwbclient/wbc_util.c index 5aea884272..b4868748ae 100644 --- a/source3/nsswitch/libwbclient/wbc_util.c +++ b/source3/nsswitch/libwbclient/wbc_util.c @@ -689,3 +689,48 @@ wbcErr wbcLookupDomainControllerEx(const char *domain, done: return wbc_status; } + +/** @brief Initialize a named blob and add to list of blobs + * + * @param[in,out] num_blobs Pointer to the number of blobs + * @param[in,out] blobs Pointer to an array of blobs + * @param[in] name Name of the new named blob + * @param[in] flags Flags of the new named blob + * @param[in] data Blob data of new blob + * @param[in] length Blob data length of new blob + * + * @return #wbcErr + * + **/ + +wbcErr wbcAddNamedBlob(size_t *num_blobs, + struct wbcNamedBlob **blobs, + const char *name, + uint32_t flags, + uint8_t *data, + size_t length) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcNamedBlob blob; + + *blobs = talloc_realloc(NULL, *blobs, struct wbcNamedBlob, + *(num_blobs)+1); + BAIL_ON_PTR_ERROR(*blobs, wbc_status); + + blob.name = talloc_strdup(*blobs, name); + BAIL_ON_PTR_ERROR(blob.name, wbc_status); + blob.flags = flags; + blob.blob.length = length; + blob.blob.data = (uint8_t *)talloc_memdup(*blobs, data, length); + BAIL_ON_PTR_ERROR(blob.blob.data, wbc_status); + + (*(blobs))[*num_blobs] = blob; + *(num_blobs) += 1; + + wbc_status = WBC_ERR_SUCCESS; +done: + if (!WBC_ERROR_IS_OK(wbc_status) && blobs) { + wbcFreeMemory(*blobs); + } + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 5f6e3be966..5c184ebe46 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -627,6 +627,14 @@ wbcErr wbcResolveWinsByIP(const char *ip, char **name); */ wbcErr wbcCheckTrustCredentials(const char *domain, struct wbcAuthErrorInfo **error); - +/* + * Helper functions + */ +wbcErr wbcAddNamedBlob(size_t *num_blobs, + struct wbcNamedBlob **blobs, + const char *name, + uint32_t flags, + uint8_t *data, + size_t length); #endif /* _WBCLIENT_H */ -- cgit From f33f888de708767b9682202701063fb86250a36e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Aug 2008 13:53:23 +0200 Subject: libwbclient: add wbcLogoffUserEx(). Guenther --- source3/nsswitch/libwbclient/wbc_pam.c | 95 +++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 13 +++++ 2 files changed, 108 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 91ea72f05f..b59e3077bd 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -503,6 +503,101 @@ wbcErr wbcCheckTrustCredentials(const char *domain, return wbc_status; } +/** @brief Trigger an extended logoff notification to Winbind for a specific user + * + * @param params A wbcLogoffUserParams structure + * @param error User output details on error + * + * @return #wbcErr + * + **/ + +wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int i; + + /* validate input */ + + if (!params || !params->username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if ((params->num_blobs > 0) && (params->blobs == NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if ((params->num_blobs == 0) && (params->blobs != NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + strncpy(request.data.logoff.user, params->username, + sizeof(request.data.logoff.user)-1); + + for (i=0; inum_blobs; i++) { + + if (strcasecmp(params->blobs[i].name, "ccfilename") == 0) { + if (params->blobs[i].blob.data) { + strncpy(request.data.logoff.krb5ccname, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.logoff.krb5ccname) - 1); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "user_uid") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.data.logoff.uid, + params->blobs[i].blob.data, + MIN(params->blobs[i].blob.length, + sizeof(request.data.logoff.uid))); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "flags") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.flags, + params->blobs[i].blob.data, + MIN(params->blobs[i].blob.length, + sizeof(request.flags))); + } + continue; + } + } + + /* Send request */ + + wbc_status = wbcRequestResponse(WINBINDD_PAM_LOGOFF, + &request, + &response); + + /* Take the response above and return it to the caller */ + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /** @brief Trigger a logoff notification to Winbind for a specific user * * @param username Name of user to remove from Winbind's list of diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 5c184ebe46..c8e62daf72 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -404,6 +404,16 @@ enum wbcPasswordChangeRejectReason { WBC_PWD_CHANGE_REJECT_COMPLEXITY=5 }; +/** + * @brief Logoff User Parameters + **/ + +struct wbcLogoffUserParams { + const char *username; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + /* * DomainControllerInfo struct */ @@ -607,6 +617,9 @@ wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename); +wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, + struct wbcAuthErrorInfo **error); + wbcErr wbcChangeUserPassword(const char *username, const char *old_password, const char *new_password); -- cgit From 65dc0c3e2fa2b557d1542a14641381a3d1973831 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Oct 2008 15:18:02 +0200 Subject: libwbclient: add wbcLogonUser(). Guenther --- source3/nsswitch/libwbclient/wbc_pam.c | 200 ++++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 28 +++++ 2 files changed, 228 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index b59e3077bd..713ba2e65b 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -261,6 +261,50 @@ done: return wbc_status; } +static wbcErr wbc_create_logon_info(TALLOC_CTX *mem_ctx, + const struct winbindd_response *resp, + struct wbcLogonUserInfo **_i) +{ + wbcErr wbc_status = WBC_ERR_SUCCESS; + struct wbcLogonUserInfo *i; + + i = talloc_zero(mem_ctx, struct wbcLogonUserInfo); + BAIL_ON_PTR_ERROR(i, wbc_status); + + wbc_status = wbc_create_auth_info(i, resp, &i->info); + BAIL_ON_WBC_ERROR(wbc_status); + + if (resp->data.auth.krb5ccname) { + wbc_status = wbcAddNamedBlob(&i->num_blobs, + &i->blobs, + "krb5ccname", + 0, + (uint8_t *)resp->data.auth.krb5ccname, + strlen(resp->data.auth.krb5ccname)+1); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (resp->data.auth.unix_username) { + wbc_status = wbcAddNamedBlob(&i->num_blobs, + &i->blobs, + "unix_username", + 0, + (uint8_t *)resp->data.auth.unix_username, + strlen(resp->data.auth.unix_username)+1); + BAIL_ON_WBC_ERROR(wbc_status); + } + + *_i = i; + i = NULL; +done: + if (!WBC_ERROR_IS_OK(wbc_status) && i) { + wbcFreeMemory(i->blobs); + } + + talloc_free(i); + return wbc_status; +} + /** @brief Authenticate with more detailed information * * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH @@ -895,3 +939,159 @@ wbcErr wbcChangeUserPassword(const char *username, done: return wbc_status; } + +/** @brief Logon a User + * + * @param[in] params Pointer to a wbcLogonUserParams structure + * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure + * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure + * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure + * + * @return #wbcErr + * + **/ + +wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + int cmd = 0; + struct winbindd_request request; + struct winbindd_response response; + uint32_t i; + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + if (info) { + *info = NULL; + } + if (error) { + *error = NULL; + } + if (policy) { + *policy = NULL; + } + + if (!params) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (!params->username) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + if ((params->num_blobs > 0) && (params->blobs == NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + if ((params->num_blobs == 0) && (params->blobs != NULL)) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + /* Initialize request */ + + cmd = WINBINDD_PAM_AUTH; + request.flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_USER_SESSION_KEY | + WBFLAG_PAM_LMKEY; + + if (!params->password) { + wbc_status = WBC_ERR_INVALID_PARAM; + BAIL_ON_WBC_ERROR(wbc_status); + } + + strncpy(request.data.auth.user, + params->username, + sizeof(request.data.auth.user)-1); + + strncpy(request.data.auth.pass, + params->password, + sizeof(request.data.auth.pass)-1); + + for (i=0; inum_blobs; i++) { + + if (strcasecmp(params->blobs[i].name, "krb5_cc_type") == 0) { + if (params->blobs[i].blob.data) { + strncpy(request.data.auth.krb5_cc_type, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.auth.krb5_cc_type) - 1); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "user_uid") == 0) { + if (params->blobs[i].blob.data) { + memcpy(&request.data.auth.uid, + params->blobs[i].blob.data, + MIN(sizeof(request.data.auth.uid), + params->blobs[i].blob.length)); + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "flags") == 0) { + if (params->blobs[i].blob.data) { + uint32_t flags; + memcpy(&flags, + params->blobs[i].blob.data, + MIN(sizeof(flags), + params->blobs[i].blob.length)); + request.flags |= flags; + } + continue; + } + + if (strcasecmp(params->blobs[i].name, "membership_of") == 0) { + if (params->blobs[i].blob.data && + params->blobs[i].blob.data[0] > 0) { + strncpy(request.data.auth.require_membership_of_sid, + (const char *)params->blobs[i].blob.data, + sizeof(request.data.auth.require_membership_of_sid) - 1); + } + continue; + } + } + + wbc_status = wbcRequestResponse(cmd, + &request, + &response); + + if (response.data.auth.nt_status != 0) { + if (error) { + wbc_status = wbc_create_error_info(NULL, + &response, + error); + BAIL_ON_WBC_ERROR(wbc_status); + } + + wbc_status = WBC_ERR_AUTH_ERROR; + BAIL_ON_WBC_ERROR(wbc_status); + } + BAIL_ON_WBC_ERROR(wbc_status); + + if (info) { + wbc_status = wbc_create_logon_info(NULL, + &response, + info); + BAIL_ON_WBC_ERROR(wbc_status); + } + + if (policy) { + wbc_status = wbc_create_password_policy_info(NULL, + &response, + policy); + BAIL_ON_WBC_ERROR(wbc_status); + } + +done: + if (response.extra_data.data) + free(response.extra_data.data); + + return wbc_status; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index c8e62daf72..00a3c98966 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -237,6 +237,17 @@ struct wbcNamedBlob { struct wbcBlob blob; }; +/** + * @brief Logon User Parameters + **/ + +struct wbcLogonUserParams { + const char *username; + const char *password; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + /** * @brief ChangePassword Parameters **/ @@ -329,6 +340,18 @@ struct wbcAuthUserInfo { struct wbcSidWithAttr *sids; }; +/** + * @brief Logon User Information + * + * Some of the strings are maybe NULL + **/ + +struct wbcLogonUserInfo { + struct wbcAuthUserInfo *info; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + /* wbcAuthUserInfo->user_flags */ #define WBC_AUTH_USER_INFO_GUEST 0x00000001 @@ -613,6 +636,11 @@ wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, struct wbcAuthUserInfo **info, struct wbcAuthErrorInfo **error); +wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, + struct wbcLogonUserInfo **info, + struct wbcAuthErrorInfo **error, + struct wbcUserPasswordPolicyInfo **policy); + wbcErr wbcLogoffUser(const char *username, uid_t uid, const char *ccfilename); -- cgit From 3bbffb96646bda732c21c7c418e80ddc63f16de4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 16:53:51 +0200 Subject: pam_winbind: convert to use talloc. Guenther --- source3/Makefile.in | 4 +- source3/nsswitch/pam_winbind.c | 107 +++++++++++++++++++---------------------- source3/nsswitch/pam_winbind.h | 6 +++ 3 files changed, 58 insertions(+), 59 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 3ef197bcf2..d3cb86e5d7 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2182,10 +2182,10 @@ bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OB @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \ @SONAMEFLAG@`basename $@` -bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) +bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @echo "Linking shared library $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ \ - $(PAM_WINBIND_EXTRA_LIBS) @SONAMEFLAG@`basename $@` + $(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) @SONAMEFLAG@`basename $@` bin/builtin.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ) @echo "Building plugin $@" diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index beb0d47baa..cdb30edad4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -452,13 +452,17 @@ config_from_pam: return ctrl; }; -static void _pam_winbind_free_context(struct pwb_context *ctx) +static int _pam_winbind_free_context(struct pwb_context *ctx) { + if (!ctx) { + return 0; + } + if (ctx->dict) { iniparser_freedict(ctx->dict); } - SAFE_FREE(ctx); + return 0; } static int _pam_winbind_init_context(pam_handle_t *pamh, @@ -469,12 +473,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, { struct pwb_context *r = NULL; - r = (struct pwb_context *)malloc(sizeof(struct pwb_context)); + r = TALLOC_ZERO_P(NULL, struct pwb_context); if (!r) { return PAM_BUF_ERR; } - ZERO_STRUCTP(r); + talloc_set_destructor(r, _pam_winbind_free_context); r->pamh = pamh; r->flags = flags; @@ -482,7 +486,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, r->argv = argv; r->ctrl = _pam_parse(pamh, flags, argc, argv, &r->dict); if (r->ctrl == -1) { - _pam_winbind_free_context(r); + TALLOC_FREE(r); return PAM_SYSTEM_ERR; } @@ -502,7 +506,7 @@ static void _pam_winbind_cleanup_func(pam_handle_t *pamh, "(error_status = %d)", pamh, data, error_status); } - SAFE_FREE(data); + TALLOC_FREE(data); } @@ -1104,14 +1108,13 @@ static void _pam_set_data_string(struct pwb_context *ctx, return; } - ret = pam_set_data(ctx->pamh, data_name, (void *)strdup(value), + ret = pam_set_data(ctx->pamh, data_name, talloc_strdup(NULL, value), _pam_winbind_cleanup_func); if (ret) { _pam_log_debug(ctx, LOG_DEBUG, "Could not set data %s: %s\n", data_name, pam_strerror(ctx->pamh, ret)); } - } /** @@ -1224,69 +1227,59 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx, * @return string (caller needs to free). */ -static char *_pam_compose_pwd_restriction_string(struct winbindd_response *response) +static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, + struct winbindd_response *response) { char *str = NULL; - size_t offset = 0, ret = 0, str_size = 1024; - str = (char *)malloc(str_size); + str = talloc_asprintf(ctx, "Your password "); if (!str) { - return NULL; - } - - memset(str, '\0', str_size); - - offset = snprintf(str, str_size, "Your password "); - if (offset == -1) { goto failed; } if (response->data.auth.policy.min_length_password > 0) { - ret = snprintf(str+offset, str_size-offset, + str = talloc_asprintf_append(str, "must be at least %d characters; ", response->data.auth.policy.min_length_password); - if (ret == -1) { + if (!str) { goto failed; } - offset += ret; } if (response->data.auth.policy.password_history > 0) { - ret = snprintf(str+offset, str_size-offset, + str = talloc_asprintf_append(str, "cannot repeat any of your previous %d " "passwords; ", response->data.auth.policy.password_history); - if (ret == -1) { + if (!str) { goto failed; } - offset += ret; } if (response->data.auth.policy.password_properties & DOMAIN_PASSWORD_COMPLEX) { - ret = snprintf(str+offset, str_size-offset, + str = talloc_asprintf_append(str, "must contain capitals, numerals " "or punctuation; " "and cannot contain your account " "or full name; "); - if (ret == -1) { + if (!str) { goto failed; } - offset += ret; } - ret = snprintf(str+offset, str_size-offset, + str = talloc_asprintf_append(str, "Please type a different password. " "Type a password which meets these requirements in " "both text boxes."); - if (ret == -1) { + if (!str) { goto failed; } return str; failed: - SAFE_FREE(str); + TALLOC_FREE(str); return NULL; } @@ -1590,11 +1583,11 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, } pwd_restriction_string = - _pam_compose_pwd_restriction_string(&response); + _pam_compose_pwd_restriction_string(ctx, &response); if (pwd_restriction_string) { _make_remark(ctx, PAM_ERROR_MSG, pwd_restriction_string); - SAFE_FREE(pwd_restriction_string); + TALLOC_FREE(pwd_restriction_string); } } @@ -1846,12 +1839,13 @@ static const char *get_conf_item_string(struct pwb_context *ctx, if (ctx->dict) { char *key = NULL; - if (!asprintf(&key, "global:%s", item)) { + key = talloc_asprintf(ctx, "global:%s", item); + if (!key) { goto out; } parm_opt = iniparser_getstr(ctx->dict, key); - SAFE_FREE(key); + TALLOC_FREE(key); _pam_log_debug(ctx, LOG_INFO, "CONFIG file: %s '%s'\n", item, parm_opt); @@ -1893,12 +1887,13 @@ static int get_config_item_int(struct pwb_context *ctx, if (ctx->dict) { char *key = NULL; - if (!asprintf(&key, "global:%s", item)) { + key = talloc_asprintf(ctx, "global:%s", item); + if (!key) { goto out; } parm_opt = iniparser_getint(ctx->dict, key, -1); - SAFE_FREE(key); + TALLOC_FREE(key); _pam_log_debug(ctx, LOG_INFO, "CONFIG file: %s '%d'\n", @@ -1977,8 +1972,6 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, struct winbindd_request req; struct winbindd_response resp; int retval; - char *account_name; - int account_name_len; char sep; /* This cannot work when the winbind separator = @ */ @@ -2014,11 +2007,9 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, return NULL; } - account_name_len = asprintf(&account_name, "%s\\%s", - resp.data.name.dom_name, - resp.data.name.name); - - return account_name; + return talloc_asprintf(ctx, "%s\\%s", + resp.data.name.dom_name, + resp.data.name.name); } PAM_EXTERN @@ -2087,7 +2078,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, real_username); if (samaccountname) { free(real_username); - real_username = samaccountname; + real_username = strdup(samaccountname); } } @@ -2127,7 +2118,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, char *new_authtok_required_during_auth = NULL; - if (!asprintf(&new_authtok_required, "%d", retval)) { + new_authtok_required = talloc_asprintf(NULL, "%d", retval); + if (!new_authtok_required) { retval = PAM_BUF_ERR; goto out; } @@ -2138,7 +2130,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, retval = PAM_SUCCESS; - if (!asprintf(&new_authtok_required_during_auth, "%d", true)) { + new_authtok_required_during_auth = talloc_asprintf(NULL, "%d", true); + if (!new_authtok_required_during_auth) { retval = PAM_BUF_ERR; goto out; } @@ -2172,7 +2165,7 @@ out: _PAM_LOG_FUNCTION_LEAVE("pam_sm_authenticate", ctx, retval); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return retval; } @@ -2220,7 +2213,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, _PAM_LOG_FUNCTION_LEAVE("pam_sm_setcred", ctx, ret); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return ret; } @@ -2321,7 +2314,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, _PAM_LOG_FUNCTION_LEAVE("pam_sm_acct_mgmt", ctx, ret); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return ret; } @@ -2345,7 +2338,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, out: _PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return ret; } @@ -2431,7 +2424,7 @@ out: _PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, retval); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return retval; } @@ -2560,16 +2553,15 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, time_t pwdlastset_prelim = 0; /* instruct user what is happening */ -#define greeting "Changing password for " - Announce = (char *) malloc(sizeof(greeting) + strlen(user)); - if (Announce == NULL) { + +#define greeting "Changing password for" + Announce = talloc_asprintf(ctx, "%s %s", greeting, user); + if (!Announce) { _pam_log(ctx, LOG_CRIT, "password - out of memory"); ret = PAM_BUF_ERR; goto out; } - (void) strcpy(Announce, greeting); - (void) strcpy(Announce + sizeof(greeting) - 1, user); #undef greeting lctrl = ctx->ctrl | WINBIND__OLD_PASSWORD; @@ -2578,6 +2570,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, "(current) NT password: ", NULL, (const char **) &pass_old); + TALLOC_FREE(Announce); if (ret != PAM_SUCCESS) { _pam_log(ctx, LOG_NOTICE, "password - (old) token not obtained"); @@ -2760,7 +2753,7 @@ out: _PAM_LOG_FUNCTION_LEAVE("pam_sm_chauthtok", ctx, ret); - _pam_winbind_free_context(ctx); + TALLOC_FREE(ctx); return ret; } diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index 6dba127cdc..425471d0d6 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -7,6 +7,7 @@ #include "../lib/replace/replace.h" #include "system/syslog.h" #include "system/time.h" +#include #define MODULE_NAME "pam_winbind" #define PAM_SM_AUTH @@ -209,3 +210,8 @@ struct pwb_context { dictionary *dict; uint32_t ctrl; }; + +#define TALLOC_FREE(ctx) do { if ((ctx) != NULL) {talloc_free(ctx); ctx=NULL;} } while(0) +#define TALLOC_ZERO_P(ctx, type) (type *)_talloc_zero(ctx, sizeof(type), #type) +#define TALLOC_P(ctx, type) (type *)talloc_named_const(ctx, sizeof(type), #type) + -- cgit From 7817ad4ae0c462429f176ddf94bebcd44a3d6619 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 18:15:00 +0200 Subject: pam_winbind: prepare to use libwbclient inside pam_winbind. Guenther --- source3/Makefile.in | 4 ++-- source3/nsswitch/pam_winbind.h | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index d3cb86e5d7..8bee54d075 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2182,10 +2182,10 @@ bin/winbind_krb5_locator.@SHLIBEXT@: $(BINARY_PREREQS) $(WINBIND_KRB5_LOCATOR_OB @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_KRB5_LOCATOR_OBJ) $(WINBIND_LIBS) \ @SONAMEFLAG@`basename $@` -bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ +bin/pam_winbind.@SHLIBEXT@: $(BINARY_PREREQS) $(PAM_WINBIND_OBJ) @LIBTALLOC_SHARED@ @LIBWBCLIENT_SHARED@ @echo "Linking shared library $@" @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) -lpam @INIPARSERLIBS@ \ - $(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) @SONAMEFLAG@`basename $@` + $(PAM_WINBIND_EXTRA_LIBS) $(LIBTALLOC_LIBS) $(WINBIND_LIBS) @SONAMEFLAG@`basename $@` bin/builtin.@SHLIBEXT@: $(BINARY_PREREQS) $(AUTH_BUILTIN_OBJ) @echo "Building plugin $@" diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index 425471d0d6..ea7055ae19 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -8,6 +8,7 @@ #include "system/syslog.h" #include "system/time.h" #include +#include "libwbclient/wbclient.h" #define MODULE_NAME "pam_winbind" #define PAM_SM_AUTH -- cgit From 0532291fe9650f968aab0fb6b60e08f41b334c24 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Aug 2008 03:13:18 +0200 Subject: pam_winbind: add wbc_error_to_pam_error(). Guenther --- source3/nsswitch/pam_winbind.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index cdb30edad4..e8f2459568 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -12,6 +12,42 @@ #include "pam_winbind.h" +static int wbc_error_to_pam_error(wbcErr status) +{ + switch (status) { + case WBC_ERR_SUCCESS: + return PAM_SUCCESS; + case WBC_ERR_NOT_IMPLEMENTED: + return PAM_SERVICE_ERR; + case WBC_ERR_UNKNOWN_FAILURE: + break; + case WBC_ERR_NO_MEMORY: + return PAM_BUF_ERR; + case WBC_ERR_INVALID_SID: + case WBC_ERR_INVALID_PARAM: + break; + case WBC_ERR_WINBIND_NOT_AVAILABLE: + return PAM_AUTHINFO_UNAVAIL; + case WBC_ERR_DOMAIN_NOT_FOUND: + return PAM_AUTHINFO_UNAVAIL; + case WBC_ERR_INVALID_RESPONSE: + return PAM_BUF_ERR; + case WBC_ERR_NSS_ERROR: + return PAM_USER_UNKNOWN; + case WBC_ERR_AUTH_ERROR: + return PAM_AUTH_ERR; + case WBC_ERR_UNKNOWN_USER: + return PAM_USER_UNKNOWN; + case WBC_ERR_UNKNOWN_GROUP: + return PAM_USER_UNKNOWN; + case WBC_ERR_PWD_CHANGE_FAILED: + break; + } + + /* be paranoid */ + return PAM_AUTH_ERR; +} + static const char *_pam_error_code_str(int err) { switch (err) { -- cgit From 0566164db03a19b98d4aec5cca63ece2a01acbec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 19 Aug 2008 10:59:18 +0200 Subject: pam_winbind: add wbc_auth_error_to_pam_error(). Guenther --- source3/nsswitch/pam_winbind.c | 53 +++++++++++++++++++++++++++++++++++------- 1 file changed, 45 insertions(+), 8 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index e8f2459568..c840bba9d4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -749,15 +749,9 @@ static int pam_winbind_request(struct pwb_context *ctx, } static int pam_winbind_request_log(struct pwb_context *ctx, - enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response, + int retval, const char *user) { - int retval; - - retval = pam_winbind_request(ctx, req_type, request, response); - switch (retval) { case PAM_AUTH_ERR: /* incorrect password */ @@ -789,6 +783,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx, return retval; case PAM_SUCCESS: /* Otherwise, the authentication looked good */ +#if 0 switch (req_type) { case WINBINDD_INFO: break; @@ -805,7 +800,7 @@ static int pam_winbind_request_log(struct pwb_context *ctx, "user '%s' OK", user); break; } - +#endif return retval; default: /* we don't know anything about this return value */ @@ -816,6 +811,48 @@ static int pam_winbind_request_log(struct pwb_context *ctx, } } +static int wbc_auth_error_to_pam_error(struct pwb_context *ctx, + struct wbcAuthErrorInfo *e, + wbcErr status, + const char *username, + const char *fn) +{ + int ret = PAM_AUTH_ERR; + + if (WBC_ERROR_IS_OK(status)) { + _pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded", + fn); + ret = PAM_SUCCESS; + return pam_winbind_request_log(ctx, ret, username); + } + + if (e) { + if (e->pam_error != PAM_SUCCESS) { + _pam_log(ctx, LOG_ERR, + "request %s failed: %s, " + "PAM error: %s (%d), NTSTATUS: %s, " + "Error message was: %s", + fn, + wbcErrorString(status), + _pam_error_code_str(e->pam_error), + e->pam_error, + e->nt_string, + e->display_string); + ret = e->pam_error; + return pam_winbind_request_log(ctx, ret, username); + } + + _pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn); + + ret = PAM_SERVICE_ERR; + return pam_winbind_request_log(ctx, ret, username); + } + + ret = wbc_error_to_pam_error(status); + return pam_winbind_request_log(ctx, ret, username); +} + + /** * send a password expiry message if required * -- cgit From b1282d720cffeb4b89bc5276b827e60ccef3f110 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 19 Aug 2008 13:36:39 +0200 Subject: pam_winbind: add _pam_check_remark_auth_err(). Guenther --- source3/nsswitch/pam_winbind.c | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index c840bba9d4..41dacd7105 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1292,6 +1292,47 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx, } } +static bool _pam_check_remark_auth_err(struct pwb_context *ctx, + const struct wbcAuthErrorInfo *e, + const char *nt_status_string, + int *pam_error) +{ + const char *ntstatus = NULL; + const char *error_string = NULL; + + if (!e || !pam_error) { + return false; + } + + ntstatus = e->nt_string; + if (!ntstatus) { + return false; + } + + if (strcasecmp(ntstatus, nt_status_string) == 0) { + + error_string = _get_ntstatus_error_string(nt_status_string); + if (error_string) { + _make_remark(ctx, PAM_ERROR_MSG, error_string); + *pam_error = e->pam_error; + return true; + } + + if (e->display_string) { + _make_remark(ctx, PAM_ERROR_MSG, e->display_string); + *pam_error = e->pam_error; + return true; + } + + _make_remark(ctx, PAM_ERROR_MSG, nt_status_string); + *pam_error = e->pam_error; + + return true; + } + + return false; +}; + /** * Compose Password Restriction String for a PAM_ERROR_MSG conversation. * -- cgit From 377e4f929a4e0913fcc4b531437049db450659ea Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 18:15:29 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_GETPWNAM. Guenther --- source3/nsswitch/pam_winbind.c | 26 +++++++++++--------------- 1 file changed, 11 insertions(+), 15 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 41dacd7105..4f4f043df4 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -718,7 +718,6 @@ static int pam_winbind_request(struct pwb_context *ctx, /* no need to check for pam_error codes for getpwnam() */ switch (req_type) { - case WINBINDD_GETPWNAM: case WINBINDD_LOOKUPNAME: if (strlen(response->data.auth.nt_status_string) > 0) { _pam_log(ctx, LOG_ERR, @@ -1723,29 +1722,26 @@ static int valid_user(struct pwb_context *ctx, * sure it's really a winbind user, this is important when stacking PAM * modules in the 'account' or 'password' facility. */ + wbcErr wbc_status; struct passwd *pwd = NULL; - struct winbindd_request request; - struct winbindd_response response; - int ret; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); + struct passwd *wb_pwd = NULL; pwd = getpwnam(user); if (pwd == NULL) { return 1; } - strncpy(request.data.username, user, - sizeof(request.data.username) - 1); - - ret = pam_winbind_request_log(ctx, WINBINDD_GETPWNAM, - &request, &response, user); + wbc_status = wbcGetpwnam(user, &wb_pwd); + wbcFreeMemory(wb_pwd); + if (!WBC_ERROR_IS_OK(wbc_status)) { + _pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n", + wbcErrorString(wbc_status)); + } - switch (ret) { - case PAM_USER_UNKNOWN: + switch (wbc_status) { + case WBC_ERR_UNKNOWN_USER: return 1; - case PAM_SUCCESS: + case WBC_ERR_SUCCESS: return 0; default: break; -- cgit From d397bafa0ac00df862d6c2b165df6b7cf9d2d4bd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 18:17:00 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_INFO. Guenther --- source3/nsswitch/pam_winbind.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 4f4f043df4..14eea9f0d6 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -784,8 +784,6 @@ static int pam_winbind_request_log(struct pwb_context *ctx, /* Otherwise, the authentication looked good */ #if 0 switch (req_type) { - case WINBINDD_INFO: - break; case WINBINDD_PAM_AUTH: _pam_log(ctx, LOG_NOTICE, "user '%s' granted access", user); @@ -2053,20 +2051,25 @@ static int get_warn_pwd_expire_from_config(struct pwb_context *ctx) static char winbind_get_separator(struct pwb_context *ctx) { - struct winbindd_request request; - struct winbindd_response response; + wbcErr wbc_status; + static struct wbcInterfaceDetails *details = NULL; - ZERO_STRUCT(request); - ZERO_STRUCT(response); + wbc_status = wbcInterfaceDetails(&details); + if (!WBC_ERROR_IS_OK(wbc_status)) { + _pam_log(ctx, LOG_ERR, + "Could not retrieve winbind interface details: %s", + wbcErrorString(wbc_status)); + return '\0'; + } - if (pam_winbind_request_log(ctx, WINBINDD_INFO, - &request, &response, NULL)) { + if (!details) { return '\0'; } - return response.data.info.winbind_separator; + return details->winbind_separator; } + /** * Convert a upn to a name. * -- cgit From ed2b94c1a29017013a8eb773755c051f4c2a2eb0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 23:33:12 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_LOOKUPNAME/LOOKUPSID. Guenther --- source3/nsswitch/pam_winbind.c | 74 +++++++++++++----------------------------- 1 file changed, 23 insertions(+), 51 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 14eea9f0d6..9448890d28 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -715,22 +715,6 @@ static int pam_winbind_request(struct pwb_context *ctx, return PAM_SUCCESS; } - /* no need to check for pam_error codes for getpwnam() */ - switch (req_type) { - - case WINBINDD_LOOKUPNAME: - if (strlen(response->data.auth.nt_status_string) > 0) { - _pam_log(ctx, LOG_ERR, - "request failed, NT error was %s", - response->data.auth.nt_status_string); - } else { - _pam_log(ctx, LOG_ERR, "request failed"); - } - return PAM_USER_UNKNOWN; - default: - break; - } - if (response->data.auth.pam_error != PAM_SUCCESS) { _pam_log(ctx, LOG_ERR, "request failed: %s, " @@ -1018,33 +1002,33 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, int sid_list_buffer_size) { const char* sid_string; - struct winbindd_response sid_response; /* lookup name? */ if (IS_SID_STRING(name)) { sid_string = name; } else { - struct winbindd_request sid_request; - - ZERO_STRUCT(sid_request); - ZERO_STRUCT(sid_response); + wbcErr wbc_status; + struct wbcDomainSid sid; + enum wbcSidType type; + char *sid_str; _pam_log_debug(ctx, LOG_DEBUG, "no sid given, looking up: %s\n", name); - /* fortunatly winbindd can handle non-separated names */ - strncpy(sid_request.data.name.name, name, - sizeof(sid_request.data.name.name) - 1); - - if (pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME, - &sid_request, &sid_response, - user)) { + wbc_status = wbcLookupName("", name, &sid, &type); + if (!WBC_ERROR_IS_OK(wbc_status)) { _pam_log(ctx, LOG_INFO, "could not lookup name: %s\n", name); return false; } - sid_string = sid_response.data.sid.sid; + wbc_status = wbcSidToString(&sid, &sid_str); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbcFreeMemory(sid_str); + sid_string = sid_str; } if (!safe_append_string(sid_list_buffer, sid_string, @@ -2082,10 +2066,12 @@ static char winbind_get_separator(struct pwb_context *ctx) static char* winbind_upn_to_username(struct pwb_context *ctx, const char *upn) { - struct winbindd_request req; - struct winbindd_response resp; - int retval; char sep; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + enum wbcSidType type; + char *domain; + char *name; /* This cannot work when the winbind separator = @ */ @@ -2096,33 +2082,19 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, /* Convert the UPN to a SID */ - ZERO_STRUCT(req); - ZERO_STRUCT(resp); - - strncpy(req.data.name.dom_name, "", - sizeof(req.data.name.dom_name) - 1); - strncpy(req.data.name.name, upn, - sizeof(req.data.name.name) - 1); - retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPNAME, - &req, &resp, upn); - if (retval != PAM_SUCCESS) { + wbc_status = wbcLookupName("", upn, &sid, &type); + if (!WBC_ERROR_IS_OK(wbc_status)) { return NULL; } /* Convert the the SID back to the sAMAccountName */ - ZERO_STRUCT(req); - strncpy(req.data.sid, resp.data.sid.sid, sizeof(req.data.sid)-1); - ZERO_STRUCT(resp); - retval = pam_winbind_request_log(ctx, WINBINDD_LOOKUPSID, - &req, &resp, upn); - if (retval != PAM_SUCCESS) { + wbc_status = wbcLookupSid(&sid, &domain, &name, &type); + if (!WBC_ERROR_IS_OK(wbc_status)) { return NULL; } - return talloc_asprintf(ctx, "%s\\%s", - resp.data.name.dom_name, - resp.data.name.name); + return talloc_asprintf(ctx, "%s\\%s", domain, name); } PAM_EXTERN -- cgit From 3eae89dd7729c08a40d97dc1b095011bf2933dce Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Aug 2008 02:34:22 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_PAM_CHAUTHTOK. Guenther --- source3/nsswitch/pam_winbind.c | 144 ++++++++++++++++++++--------------------- source3/nsswitch/pam_winbind.h | 8 --- 2 files changed, 71 insertions(+), 81 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 9448890d28..4f9a27b721 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -772,10 +772,6 @@ static int pam_winbind_request_log(struct pwb_context *ctx, _pam_log(ctx, LOG_NOTICE, "user '%s' granted access", user); break; - case WINBINDD_PAM_CHAUTHTOK: - _pam_log(ctx, LOG_NOTICE, - "user '%s' password changed", user); - break; default: _pam_log(ctx, LOG_NOTICE, "user '%s' OK", user); @@ -1317,42 +1313,45 @@ static bool _pam_check_remark_auth_err(struct pwb_context *ctx, /** * Compose Password Restriction String for a PAM_ERROR_MSG conversation. * - * @param response The struct winbindd_response. + * @param i The wbcUserPasswordPolicyInfo struct. * - * @return string (caller needs to free). + * @return string (caller needs to talloc_free). */ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, - struct winbindd_response *response) + struct wbcUserPasswordPolicyInfo *i) { char *str = NULL; + if (!i) { + goto failed; + } + str = talloc_asprintf(ctx, "Your password "); if (!str) { goto failed; } - if (response->data.auth.policy.min_length_password > 0) { + if (i->min_length_password > 0) { str = talloc_asprintf_append(str, "must be at least %d characters; ", - response->data.auth.policy.min_length_password); + i->min_length_password); if (!str) { goto failed; } } - if (response->data.auth.policy.password_history > 0) { + if (i->password_history > 0) { str = talloc_asprintf_append(str, "cannot repeat any of your previous %d " "passwords; ", - response->data.auth.policy.password_history); + i->password_history); if (!str) { goto failed; } } - if (response->data.auth.policy.password_properties & - DOMAIN_PASSWORD_COMPLEX) { + if (i->password_properties & WBC_DOMAIN_PASSWORD_COMPLEX) { str = talloc_asprintf_append(str, "must contain capitals, numerals " "or punctuation; " @@ -1572,99 +1571,95 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, const char *newpass, time_t pwd_last_set) { - struct winbindd_request request; - struct winbindd_response response; - int ret; - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - if (request.data.chauthtok.user == NULL) { - return -2; - } - - strncpy(request.data.chauthtok.user, user, - sizeof(request.data.chauthtok.user) - 1); + wbcErr wbc_status; + struct wbcChangePasswordParams params; + struct wbcAuthErrorInfo *error = NULL; + struct wbcUserPasswordPolicyInfo *policy = NULL; + enum wbcPasswordChangeRejectReason reject_reason = -1; + uint32_t flags = 0; - if (oldpass != NULL) { - strncpy(request.data.chauthtok.oldpass, oldpass, - sizeof(request.data.chauthtok.oldpass) - 1); - } else { - request.data.chauthtok.oldpass[0] = '\0'; - } + int i; + const char *codes[] = { + "NT_STATUS_BACKUP_CONTROLLER", + "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", + "NT_STATUS_NO_LOGON_SERVERS", + "NT_STATUS_ACCESS_DENIED", + "NT_STATUS_PWD_TOO_SHORT", /* TODO: tell the min pwd length ? */ + "NT_STATUS_PWD_TOO_RECENT", /* TODO: tell the minage ? */ + "NT_STATUS_PWD_HISTORY_CONFLICT" /* TODO: tell the history length ? */ + }; + int ret = PAM_AUTH_ERR; - if (newpass != NULL) { - strncpy(request.data.chauthtok.newpass, newpass, - sizeof(request.data.chauthtok.newpass) - 1); - } else { - request.data.chauthtok.newpass[0] = '\0'; - } + ZERO_STRUCT(params); if (ctx->ctrl & WINBIND_KRB5_AUTH) { - request.flags = WBFLAG_PAM_KRB5 | - WBFLAG_PAM_CONTACT_TRUSTDOM; + flags |= WBFLAG_PAM_KRB5 | + WBFLAG_PAM_CONTACT_TRUSTDOM; } if (ctx->ctrl & WINBIND_CACHED_LOGIN) { - request.flags |= WBFLAG_PAM_CACHED_LOGIN; + flags |= WBFLAG_PAM_CACHED_LOGIN; } - ret = pam_winbind_request_log(ctx, WINBINDD_PAM_CHAUTHTOK, - &request, &response, user); - - if (ret == PAM_SUCCESS) { - return ret; - } + params.account_name = user; + params.level = WBC_AUTH_USER_LEVEL_PLAIN; + params.old_password.plaintext = oldpass; + params.new_password.plaintext = newpass; + params.flags = flags; - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_BACKUP_CONTROLLER"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_NO_LOGON_SERVERS"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_ACCESS_DENIED"); + wbc_status = wbcChangeUserPasswordEx(¶ms, &error, &reject_reason, &policy); + ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status, + user, "wbcChangeUserPasswordEx"); - /* TODO: tell the min pwd length ? */ - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_PWD_TOO_SHORT"); + if (WBC_ERROR_IS_OK(wbc_status)) { + _pam_log(ctx, LOG_NOTICE, + "user '%s' password changed", user); + return PAM_SUCCESS; + } - /* TODO: tell the minage ? */ - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_PWD_TOO_RECENT"); + if (!error) { + wbcFreeMemory(policy); + return ret; + } - /* TODO: tell the history length ? */ - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_PWD_HISTORY_CONFLICT"); + for (i=0; int_string, "NT_STATUS_PASSWORD_RESTRICTION")) { char *pwd_restriction_string = NULL; - SMB_TIME_T min_pwd_age; - uint32_t reject_reason = response.data.auth.reject_reason; - min_pwd_age = response.data.auth.policy.min_passwordage; + SMB_TIME_T min_pwd_age = 0; + + if (policy) { + min_pwd_age = policy->min_passwordage; + } /* FIXME: avoid to send multiple PAM messages after another */ switch (reject_reason) { case -1: break; - case SAMR_REJECT_OTHER: + case WBC_PWD_CHANGE_REJECT_OTHER: if ((min_pwd_age > 0) && (pwd_last_set + min_pwd_age > time(NULL))) { PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_TOO_RECENT"); } break; - case SAMR_REJECT_TOO_SHORT: + case WBC_PWD_CHANGE_REJECT_TOO_SHORT: PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_TOO_SHORT"); break; - case SAMR_REJECT_IN_HISTORY: + case WBC_PWD_CHANGE_REJECT_IN_HISTORY: PAM_WB_REMARK_DIRECT(ctx, "NT_STATUS_PWD_HISTORY_CONFLICT"); break; - case SAMR_REJECT_COMPLEXITY: + case WBC_PWD_CHANGE_REJECT_COMPLEXITY: _make_remark(ctx, PAM_ERROR_MSG, "Password does not meet " "complexity requirements"); @@ -1678,13 +1673,16 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, } pwd_restriction_string = - _pam_compose_pwd_restriction_string(ctx, &response); + _pam_compose_pwd_restriction_string(ctx, policy); if (pwd_restriction_string) { _make_remark(ctx, PAM_ERROR_MSG, pwd_restriction_string); TALLOC_FREE(pwd_restriction_string); } } + done: + wbcFreeMemory(error); + wbcFreeMemory(policy); return ret; } diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index ea7055ae19..f05f2d7018 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -182,14 +182,6 @@ do { \ };\ }; -/* from samr.idl */ -#define DOMAIN_PASSWORD_COMPLEX 0x00000001 - -#define SAMR_REJECT_OTHER 0x00000000 -#define SAMR_REJECT_TOO_SHORT 0x00000001 -#define SAMR_REJECT_IN_HISTORY 0x00000002 -#define SAMR_REJECT_COMPLEXITY 0x00000005 - #define ACB_PWNOEXP 0x00000200 /* from netlogon.idl */ -- cgit From d3afd534291fc7bb9ed7326c7ecf22433441191d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Aug 2008 14:00:20 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_PAM_LOGOFF. Guenther --- source3/nsswitch/pam_winbind.c | 75 +++++++++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 19 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 4f9a27b721..defdbdbd2c 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2432,6 +2432,7 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, { int retval = PAM_SUCCESS; struct pwb_context *ctx = NULL; + struct wbcLogoffUserParams logoff; retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); if (retval) { @@ -2448,15 +2449,15 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, if (ctx->ctrl & WINBIND_KRB5_AUTH) { /* destroy the ccache here */ - struct winbindd_request request; - struct winbindd_response response; + + wbcErr wbc_status; + struct wbcAuthErrorInfo *error = NULL; + + uint32_t flags = 0; const char *user; const char *ccname = NULL; struct passwd *pwd = NULL; - ZERO_STRUCT(request); - ZERO_STRUCT(response); - retval = pam_get_user(pamh, &user, "Username: "); if (retval) { _pam_log(ctx, LOG_ERR, @@ -2480,30 +2481,66 @@ int pam_sm_close_session(pam_handle_t *pamh, int flags, "user has no KRB5CCNAME environment"); } - strncpy(request.data.logoff.user, user, - sizeof(request.data.logoff.user) - 1); - - if (ccname) { - strncpy(request.data.logoff.krb5ccname, ccname, - sizeof(request.data.logoff.krb5ccname) - 1); - } - pwd = getpwnam(user); if (pwd == NULL) { retval = PAM_USER_UNKNOWN; goto out; } - request.data.logoff.uid = pwd->pw_uid; - request.flags = WBFLAG_PAM_KRB5 | - WBFLAG_PAM_CONTACT_TRUSTDOM; + flags = WBFLAG_PAM_KRB5 | + WBFLAG_PAM_CONTACT_TRUSTDOM; + + ZERO_STRUCT(logoff); + + logoff.username = user; + + wbc_status = wbcAddNamedBlob(&logoff.num_blobs, + &logoff.blobs, + "ccfilename", + 0, + (uint8_t *)ccname, + strlen(ccname)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto out; + } + + wbc_status = wbcAddNamedBlob(&logoff.num_blobs, + &logoff.blobs, + "flags", + 0, + (uint8_t *)&flags, + sizeof(flags)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto out; + } - retval = pam_winbind_request_log(ctx, - WINBINDD_PAM_LOGOFF, - &request, &response, user); + wbc_status = wbcAddNamedBlob(&logoff.num_blobs, + &logoff.blobs, + "user_uid", + 0, + (uint8_t *)&pwd->pw_uid, + sizeof(pwd->pw_uid)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto out; + } + + wbc_status = wbcLogoffUserEx(&logoff, &error); + retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status, + user, "wbcLogoffUser"); + wbcFreeMemory(error); + wbcFreeMemory(logoff.blobs); + + if (!WBC_ERROR_IS_OK(wbc_status)) { + _pam_log(ctx, LOG_INFO, + "failed to logoff user %s: %s\n", + user, wbcErrorString(wbc_status)); + } } out: + if (logoff.blobs) { + wbcFreeMemory(logoff.blobs); + } _PAM_LOG_FUNCTION_LEAVE("pam_sm_close_session", ctx, retval); -- cgit From dde8046489cde714a42694d2979bfa44dac71cd6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 19 Aug 2008 11:07:59 +0200 Subject: pam_winbind: use libwbclient for WINBINDD_PAM_AUTH. Guenther --- source3/nsswitch/pam_winbind.c | 367 ++++++++++++++++++++++++++++------------- 1 file changed, 251 insertions(+), 116 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index defdbdbd2c..f343967b3f 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -902,29 +902,34 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx, */ static void _pam_warn_password_expiry(struct pwb_context *ctx, - const struct winbindd_response *response, + const struct wbcAuthUserInfo *info, + const struct wbcUserPasswordPolicyInfo *policy, int warn_pwd_expire, bool *already_expired) { time_t now = time(NULL); time_t next_change = 0; + if (!info || !policy) { + return; + } + if (already_expired) { *already_expired = false; } /* accounts with ACB_PWNOEXP set never receive a warning */ - if (response->data.auth.info3.acct_flags & ACB_PWNOEXP) { + if (info->acct_flags & ACB_PWNOEXP) { return; } /* no point in sending a warning if this is a grace logon */ - if (PAM_WB_GRACE_LOGON(response->data.auth.info3.user_flgs)) { + if (PAM_WB_GRACE_LOGON(info->user_flags)) { return; } /* check if the info3 must change timestamp has been set */ - next_change = response->data.auth.info3.pass_must_change_time; + next_change = info->pass_must_change_time; if (_pam_send_password_expiry_message(ctx, next_change, now, warn_pwd_expire, @@ -935,12 +940,11 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx, /* now check for the global password policy */ /* good catch from Ralf Haferkamp: an expiry of "never" is translated * to -1 */ - if (response->data.auth.policy.expire <= 0) { + if (policy->expire <= 0) { return; } - next_change = response->data.auth.info3.pass_last_set_time + - response->data.auth.policy.expire; + next_change = info->pass_last_set_time + policy->expire; if (_pam_send_password_expiry_message(ctx, next_change, now, warn_pwd_expire, @@ -1109,15 +1113,28 @@ out: */ static void _pam_setup_krb5_env(struct pwb_context *ctx, - const char *krb5ccname) + struct wbcLogonUserInfo *info) { char var[PATH_MAX]; int ret; + uint32_t i; + const char *krb5ccname = NULL; if (off(ctx->ctrl, WINBIND_KRB5_AUTH)) { return; } + if (!info) { + return; + } + + for (i=0; i < info->num_blobs; i++) { + if (strcasecmp(info->blobs[i].name, "krb5ccname") == 0) { + krb5ccname = (const char *)info->blobs[i].blob.data; + break; + } + } + if (!krb5ccname || (strlen(krb5ccname) == 0)) { return; } @@ -1137,6 +1154,41 @@ static void _pam_setup_krb5_env(struct pwb_context *ctx, } } +/** + * Copy unix username if available (further processed in PAM). + * + * @param ctx PAM winbind context + * @param user_ret A pointer that holds a pointer to a string + * @param unix_username A username + * + * @return void. + */ + +static void _pam_setup_unix_username(struct pwb_context *ctx, + char **user_ret, + struct wbcLogonUserInfo *info) +{ + const char *unix_username = NULL; + uint32_t i; + + if (!user_ret || !info) { + return; + } + + for (i=0; i < info->num_blobs; i++) { + if (strcasecmp(info->blobs[i].name, "unix_username") == 0) { + unix_username = (const char *)info->blobs[i].blob.data; + break; + } + } + + if (!unix_username || !unix_username[0]) { + return; + } + + *user_ret = strdup(unix_username); +} + /** * Set string into the PAM stack. * @@ -1178,16 +1230,16 @@ static void _pam_set_data_string(struct pwb_context *ctx, */ static void _pam_set_data_info3(struct pwb_context *ctx, - struct winbindd_response *response) + const struct wbcAuthUserInfo *info) { _pam_set_data_string(ctx, PAM_WINBIND_HOMEDIR, - response->data.auth.info3.home_dir); + info->home_directory); _pam_set_data_string(ctx, PAM_WINBIND_LOGONSCRIPT, - response->data.auth.info3.logon_script); + info->logon_script); _pam_set_data_string(ctx, PAM_WINBIND_LOGONSERVER, - response->data.auth.info3.logon_srv); + info->logon_server); _pam_set_data_string(ctx, PAM_WINBIND_PROFILEPATH, - response->data.auth.info3.profile_path); + info->profile_path); } /** @@ -1384,37 +1436,52 @@ static int winbind_auth_request(struct pwb_context *ctx, const char *member, const char *cctype, const int warn_pwd_expire, - struct winbindd_response *p_response, + struct wbcAuthErrorInfo **p_error, + struct wbcLogonUserInfo **p_info, + struct wbcUserPasswordPolicyInfo **p_policy, time_t *pwd_last_set, char **user_ret) { - struct winbindd_request request; - struct winbindd_response response; - int ret; - bool already_expired = false; + wbcErr wbc_status; + + struct wbcLogonUserParams logon; + char membership_of[1024]; + uid_t user_uid = -1; + uint32_t flags = WBFLAG_PAM_INFO3_TEXT | + WBFLAG_PAM_GET_PWD_POLICY; - ZERO_STRUCT(request); - ZERO_STRUCT(response); + struct wbcLogonUserInfo *info = NULL; + struct wbcAuthUserInfo *user_info = NULL; + struct wbcAuthErrorInfo *error = NULL; + struct wbcUserPasswordPolicyInfo *policy = NULL; + + int ret = PAM_AUTH_ERR; + int i; + const char *codes[] = { + "NT_STATUS_PASSWORD_EXPIRED", + "NT_STATUS_PASSWORD_MUST_CHANGE", + "NT_STATUS_INVALID_WORKSTATION", + "NT_STATUS_INVALID_LOGON_HOURS", + "NT_STATUS_ACCOUNT_EXPIRED", + "NT_STATUS_ACCOUNT_DISABLED", + "NT_STATUS_ACCOUNT_LOCKED_OUT", + "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", + "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", + "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", + "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", + "NT_STATUS_NO_LOGON_SERVERS", + "NT_STATUS_WRONG_PASSWORD", + "NT_STATUS_ACCESS_DENIED" + }; if (pwd_last_set) { *pwd_last_set = 0; } - strncpy(request.data.auth.user, user, - sizeof(request.data.auth.user)-1); - - strncpy(request.data.auth.pass, pass, - sizeof(request.data.auth.pass)-1); - - request.data.auth.krb5_cc_type[0] = '\0'; - request.data.auth.uid = -1; - - request.flags = WBFLAG_PAM_INFO3_TEXT | WBFLAG_PAM_GET_PWD_POLICY; - /* Krb5 auth always has to go against the KDC of the user's realm */ if (ctx->ctrl & WINBIND_KRB5_AUTH) { - request.flags |= WBFLAG_PAM_CONTACT_TRUSTDOM; + flags |= WBFLAG_PAM_CONTACT_TRUSTDOM; } if (ctx->ctrl & (WINBIND_KRB5_AUTH|WINBIND_CACHED_LOGIN)) { @@ -1424,7 +1491,7 @@ static int winbind_auth_request(struct pwb_context *ctx, if (pwd == NULL) { return PAM_USER_UNKNOWN; } - request.data.auth.uid = pwd->pw_uid; + user_uid = pwd->pw_uid; } if (ctx->ctrl & WINBIND_KRB5_AUTH) { @@ -1432,38 +1499,34 @@ static int winbind_auth_request(struct pwb_context *ctx, _pam_log_debug(ctx, LOG_DEBUG, "enabling krb5 login flag\n"); - request.flags |= WBFLAG_PAM_KRB5 | - WBFLAG_PAM_FALLBACK_AFTER_KRB5; + flags |= WBFLAG_PAM_KRB5 | + WBFLAG_PAM_FALLBACK_AFTER_KRB5; } if (ctx->ctrl & WINBIND_CACHED_LOGIN) { _pam_log_debug(ctx, LOG_DEBUG, "enabling cached login flag\n"); - request.flags |= WBFLAG_PAM_CACHED_LOGIN; + flags |= WBFLAG_PAM_CACHED_LOGIN; } if (user_ret) { *user_ret = NULL; - request.flags |= WBFLAG_PAM_UNIX_NAME; + flags |= WBFLAG_PAM_UNIX_NAME; } if (cctype != NULL) { - strncpy(request.data.auth.krb5_cc_type, cctype, - sizeof(request.data.auth.krb5_cc_type) - 1); _pam_log_debug(ctx, LOG_DEBUG, "enabling request for a %s krb5 ccache\n", cctype); } - request.data.auth.require_membership_of_sid[0] = '\0'; - if (member != NULL) { - if (!winbind_name_list_to_sid_string_list(ctx, user, - member, - request.data.auth.require_membership_of_sid, - sizeof(request.data.auth.require_membership_of_sid))) { + ZERO_STRUCT(membership_of); + if (!winbind_name_list_to_sid_string_list(ctx, user, member, + membership_of, + sizeof(membership_of))) { _pam_log_debug(ctx, LOG_ERR, "failed to serialize membership of sid " "\"%s\"\n", member); @@ -1471,60 +1534,100 @@ static int winbind_auth_request(struct pwb_context *ctx, } } - ret = pam_winbind_request_log(ctx, WINBINDD_PAM_AUTH, - &request, &response, user); + ZERO_STRUCT(logon); - if (pwd_last_set) { - *pwd_last_set = response.data.auth.info3.pass_last_set_time; + logon.username = user; + logon.password = pass; + + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "krb5_cc_type", + 0, + (uint8_t *)cctype, + strlen(cctype)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; } - if (p_response) { - /* We want to process the response in the caller. */ - *p_response = response; + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "flags", + 0, + (uint8_t *)&flags, + sizeof(flags)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "user_uid", + 0, + (uint8_t *)&user_uid, + sizeof(user_uid)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "membership_of", + 0, + (uint8_t *)membership_of, + sizeof(membership_of)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } + + wbc_status = wbcLogonUser(&logon, &info, &error, &policy); + ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status, + user, "wbcLogonUser"); + wbcFreeMemory(logon.blobs); + logon.blobs = NULL; + + if (info && info->info) { + user_info = info->info; + } + + if (pwd_last_set && user_info) { + *pwd_last_set = user_info->pass_last_set_time; + } + + if (p_info && info) { + *p_info = info; + } + + if (p_policy && policy) { + *p_policy = policy; + } + + if (p_error && error) { + /* We want to process the error in the caller. */ + *p_error = error; return ret; } - if (ret) { - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_PASSWORD_EXPIRED"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_PASSWORD_MUST_CHANGE"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_INVALID_WORKSTATION"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_INVALID_LOGON_HOURS"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_ACCOUNT_EXPIRED"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_ACCOUNT_DISABLED"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_ACCOUNT_LOCKED_OUT"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_NO_LOGON_SERVERS"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_WRONG_PASSWORD"); - PAM_WB_REMARK_CHECK_RESPONSE_RET(ctx, response, - "NT_STATUS_ACCESS_DENIED"); - } - - if (ret == PAM_SUCCESS) { + for (i=0; ipass_last_set_time; + _pam_log_debug(ctx, LOG_DEBUG, "Password has expired " "(Password was last set: %lld, " @@ -1532,33 +1635,44 @@ static int winbind_auth_request(struct pwb_context *ctx, "%lld (now it's: %lu))\n", (long long int)last_set, (long long int)last_set + - response.data.auth.policy.expire, + policy->expire, time(NULL)); return PAM_AUTHTOK_EXPIRED; } /* inform about logon type */ - _pam_warn_logon_type(ctx, user, - response.data.auth.info3.user_flgs); + _pam_warn_logon_type(ctx, user, user_info->user_flags); /* inform about krb5 failures */ - _pam_warn_krb5_failure(ctx, user, - response.data.auth.info3.user_flgs); + _pam_warn_krb5_failure(ctx, user, user_info->user_flags); /* set some info3 info for other modules in the stack */ - _pam_set_data_info3(ctx, &response); + _pam_set_data_info3(ctx, user_info); /* put krb5ccname into env */ - _pam_setup_krb5_env(ctx, response.data.auth.krb5ccname); + _pam_setup_krb5_env(ctx, info); /* If winbindd returned a username, return the pointer to it * here. */ - if (user_ret && response.data.auth.unix_username[0]) { - /* We have to trust it's a null terminated string. */ - *user_ret = strndup(response.data.auth.unix_username, - sizeof(response.data.auth.unix_username) - 1); - } + _pam_setup_unix_username(ctx, user_ret, info); + } + + done: + if (logon.blobs) { + wbcFreeMemory(logon.blobs); + } + if (info && info->blobs) { + wbcFreeMemory(info->blobs); + } + if (error && !p_error) { + wbcFreeMemory(error); + } + if (info && !p_info) { + wbcFreeMemory(info); + } + if (policy && !p_policy) { + wbcFreeMemory(policy); } return ret; @@ -2193,7 +2307,8 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, /* Now use the username to look up password */ retval = winbind_auth_request(ctx, real_username, password, - member, cctype, warn_pwd_expire, NULL, + member, cctype, warn_pwd_expire, + NULL, NULL, NULL, NULL, &username_ret); if (retval == PAM_NEW_AUTHTOK_REQD || @@ -2616,11 +2731,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int retry = 0; char *username_ret = NULL; - struct winbindd_response response; + struct wbcAuthErrorInfo *error = NULL; struct pwb_context *ctx = NULL; - ZERO_STRUCT(response); - ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); if (ret) { goto out; @@ -2700,7 +2813,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* verify that this is the password for this user */ ret = winbind_auth_request(ctx, user, pass_old, - NULL, NULL, 0, &response, + NULL, NULL, 0, + &error, NULL, NULL, &pwdlastset_prelim, NULL); if (ret != PAM_ACCT_EXPIRED && @@ -2809,6 +2923,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, const char *member = NULL; const char *cctype = NULL; int warn_pwd_expire; + struct wbcLogonUserInfo *info = NULL; + struct wbcUserPasswordPolicyInfo *policy = NULL; member = get_member_from_config(ctx); cctype = get_krb5_cc_type_from_config(ctx); @@ -2823,7 +2939,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, * */ ret = winbind_auth_request(ctx, user, pass_new, - member, cctype, 0, &response, + member, cctype, 0, + &error, &info, &policy, NULL, &username_ret); _pam_overwrite(pass_new); _pam_overwrite(pass_old); @@ -2831,19 +2948,24 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, if (ret == PAM_SUCCESS) { + struct wbcAuthUserInfo *user_info = NULL; + + if (info && info->info) { + user_info = info->info; + } + /* warn a user if the password is about to * expire soon */ - _pam_warn_password_expiry(ctx, &response, + _pam_warn_password_expiry(ctx, user_info, policy, warn_pwd_expire, NULL); /* set some info3 info for other modules in the * stack */ - _pam_set_data_info3(ctx, &response); + _pam_set_data_info3(ctx, user_info); /* put krb5ccname into env */ - _pam_setup_krb5_env(ctx, - response.data.auth.krb5ccname); + _pam_setup_krb5_env(ctx, info); if (username_ret) { pam_set_item(pamh, PAM_USER, @@ -2853,6 +2975,9 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, username_ret); free(username_ret); } + + wbcFreeMemory(info); + wbcFreeMemory(policy); } goto out; @@ -2862,14 +2987,24 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, } out: + { + /* Deal with offline errors. */ + int i; + const char *codes[] = { + "NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", + "NT_STATUS_NO_LOGON_SERVERS", + "NT_STATUS_ACCESS_DENIED" + }; + + for (i=0; i Date: Tue, 19 Aug 2008 14:48:23 +0200 Subject: pam_winbind: remove ACB_PWNOEXP. Guenther --- source3/nsswitch/pam_winbind.c | 4 ++-- source3/nsswitch/pam_winbind.h | 2 -- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index f343967b3f..43157b7727 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -918,8 +918,8 @@ static void _pam_warn_password_expiry(struct pwb_context *ctx, *already_expired = false; } - /* accounts with ACB_PWNOEXP set never receive a warning */ - if (info->acct_flags & ACB_PWNOEXP) { + /* accounts with WBC_ACB_PWNOEXP set never receive a warning */ + if (info->acct_flags & WBC_ACB_PWNOEXP) { return; } diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index f05f2d7018..1b1d646643 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -182,8 +182,6 @@ do { \ };\ }; -#define ACB_PWNOEXP 0x00000200 - /* from netlogon.idl */ #define NETLOGON_CACHED_ACCOUNT 0x00000004 #define NETLOGON_GRACE_LOGON 0x01000000 -- cgit From 9a0860f93f8260040ac458b06d7a8609b7b5beab Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 19 Aug 2008 14:51:31 +0200 Subject: pam_winbind: remove NETLOGON_CACHED_ACCOUNT and NETLOGON_GRACE_LOGON. Guenther --- source3/nsswitch/pam_winbind.h | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index 1b1d646643..670120afde 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -182,16 +182,11 @@ do { \ };\ }; -/* from netlogon.idl */ -#define NETLOGON_CACHED_ACCOUNT 0x00000004 -#define NETLOGON_GRACE_LOGON 0x01000000 - -/* from include/rpc_netlogon.h */ #define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000 -#define PAM_WB_CACHED_LOGON(x) (x & NETLOGON_CACHED_ACCOUNT) +#define PAM_WB_CACHED_LOGON(x) (x & WBC_AUTH_USER_INFO_CACHED_ACCOUNT) #define PAM_WB_KRB5_CLOCK_SKEW(x) (x & LOGON_KRB5_FAIL_CLOCK_SKEW) -#define PAM_WB_GRACE_LOGON(x) ((NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON) == ( x & (NETLOGON_CACHED_ACCOUNT|NETLOGON_GRACE_LOGON))) +#define PAM_WB_GRACE_LOGON(x) ((WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON) == ( x & (WBC_AUTH_USER_INFO_CACHED_ACCOUNT|WBC_AUTH_USER_INFO_GRACE_LOGON))) struct pwb_context { pam_handle_t *pamh; -- cgit From 9448520828bbd78f34d027fd1801467395449b7c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 25 Aug 2008 14:35:42 +0200 Subject: pam_winbind: remove some unused macros. Guenther --- source3/nsswitch/pam_winbind.h | 47 ------------------------------------------ 1 file changed, 47 deletions(-) diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index 670120afde..e7c869c843 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -135,53 +135,6 @@ do { \ };\ }; -#define PAM_WB_REMARK_DIRECT_RET(h,f,x)\ -{\ - const char *error_string = NULL; \ - error_string = _get_ntstatus_error_string(x);\ - if (error_string != NULL) {\ - _make_remark(h, f, PAM_ERROR_MSG, error_string);\ - return ret;\ - };\ - _make_remark(h, f, PAM_ERROR_MSG, x);\ - return ret;\ -}; - -#define PAM_WB_REMARK_CHECK_RESPONSE(c,x,y)\ -{\ - const char *ntstatus = x.data.auth.nt_status_string; \ - const char *error_string = NULL; \ - if (!strcasecmp(ntstatus,y)) {\ - error_string = _get_ntstatus_error_string(y);\ - if (error_string != NULL) {\ - _make_remark(c, PAM_ERROR_MSG, error_string);\ - };\ - if (x.data.auth.error_string[0] != '\0') {\ - _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\ - };\ - _make_remark(c, PAM_ERROR_MSG, y);\ - };\ -}; - -#define PAM_WB_REMARK_CHECK_RESPONSE_RET(c,x,y)\ -{\ - const char *ntstatus = x.data.auth.nt_status_string; \ - const char *error_string = NULL; \ - if (!strcasecmp(ntstatus,y)) {\ - error_string = _get_ntstatus_error_string(y);\ - if (error_string != NULL) {\ - _make_remark(c, PAM_ERROR_MSG, error_string);\ - return ret;\ - };\ - if (x.data.auth.error_string[0] != '\0') {\ - _make_remark(c, PAM_ERROR_MSG, x.data.auth.error_string);\ - return ret;\ - };\ - _make_remark(c, PAM_ERROR_MSG, y);\ - return ret;\ - };\ -}; - #define LOGON_KRB5_FAIL_CLOCK_SKEW 0x02000000 #define PAM_WB_CACHED_LOGON(x) (x & WBC_AUTH_USER_INFO_CACHED_ACCOUNT) -- cgit From e8fe6661b4bbf338f46c52cb12c7bdb04037f297 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 19 Aug 2008 14:52:24 +0200 Subject: pam_winbind: fix wbc_auth_error_to_pam_error(). Guenther --- source3/nsswitch/pam_winbind.c | 32 ++++++++++++++------------------ 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 43157b7727..cac8550e60 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -733,7 +733,8 @@ static int pam_winbind_request(struct pwb_context *ctx, static int pam_winbind_request_log(struct pwb_context *ctx, int retval, - const char *user) + const char *user, + const char *fn) { switch (retval) { case PAM_AUTH_ERR: @@ -766,24 +767,19 @@ static int pam_winbind_request_log(struct pwb_context *ctx, return retval; case PAM_SUCCESS: /* Otherwise, the authentication looked good */ -#if 0 - switch (req_type) { - case WINBINDD_PAM_AUTH: - _pam_log(ctx, LOG_NOTICE, - "user '%s' granted access", user); - break; - default: - _pam_log(ctx, LOG_NOTICE, - "user '%s' OK", user); - break; + if (strcmp(fn, "wbcLogonUser") == 0) { + _pam_log(ctx, LOG_NOTICE, + "user '%s' granted access", user); + } else { + _pam_log(ctx, LOG_NOTICE, + "user '%s' OK", user); } -#endif return retval; default: /* we don't know anything about this return value */ _pam_log(ctx, LOG_ERR, - "internal module error (retval = %d, user = '%s')", - retval, user); + "internal module error (retval = %s(%d), user = '%s')", + _pam_error_code_str(retval), retval, user); return retval; } } @@ -800,7 +796,7 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx, _pam_log_debug(ctx, LOG_DEBUG, "request %s succeeded", fn); ret = PAM_SUCCESS; - return pam_winbind_request_log(ctx, ret, username); + return pam_winbind_request_log(ctx, ret, username, fn); } if (e) { @@ -816,17 +812,17 @@ static int wbc_auth_error_to_pam_error(struct pwb_context *ctx, e->nt_string, e->display_string); ret = e->pam_error; - return pam_winbind_request_log(ctx, ret, username); + return pam_winbind_request_log(ctx, ret, username, fn); } _pam_log(ctx, LOG_ERR, "request %s failed, but PAM error 0!", fn); ret = PAM_SERVICE_ERR; - return pam_winbind_request_log(ctx, ret, username); + return pam_winbind_request_log(ctx, ret, username, fn); } ret = wbc_error_to_pam_error(status); - return pam_winbind_request_log(ctx, ret, username); + return pam_winbind_request_log(ctx, ret, username, fn); } -- cgit From d9efd52fd09af752b3b7fae2a88a522e05e7f672 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 29 Aug 2008 16:12:04 +0200 Subject: pam_winbind: remove unused pam_winbind_request(). Guenther --- source3/nsswitch/pam_winbind.c | 47 ------------------------------------------ 1 file changed, 47 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index cac8550e60..a9d6aa650a 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -684,53 +684,6 @@ static int _make_remark_format(struct pwb_context *ctx, int type, const char *fo return ret; } -static int pam_winbind_request(struct pwb_context *ctx, - enum winbindd_cmd req_type, - struct winbindd_request *request, - struct winbindd_response *response) -{ - /* Fill in request and send down pipe */ - winbindd_init_request(request, req_type); - - if (winbind_write_sock(request, sizeof(*request), 0, 0) == -1) { - _pam_log(ctx, LOG_ERR, - "pam_winbind_request: write to socket failed!"); - winbind_close_sock(); - return PAM_SERVICE_ERR; - } - - /* Wait for reply */ - if (winbindd_read_reply(response) == -1) { - _pam_log(ctx, LOG_ERR, - "pam_winbind_request: read from socket failed!"); - winbind_close_sock(); - return PAM_SERVICE_ERR; - } - - /* We are done with the socket - close it and avoid mischeif */ - winbind_close_sock(); - - /* Copy reply data from socket */ - if (response->result == WINBINDD_OK) { - return PAM_SUCCESS; - } - - if (response->data.auth.pam_error != PAM_SUCCESS) { - _pam_log(ctx, LOG_ERR, - "request failed: %s, " - "PAM error was %s (%d), NT error was %s", - response->data.auth.error_string, - pam_strerror(ctx->pamh, response->data.auth.pam_error), - response->data.auth.pam_error, - response->data.auth.nt_status_string); - return response->data.auth.pam_error; - } - - _pam_log(ctx, LOG_ERR, "request failed, but PAM error 0!"); - - return PAM_SERVICE_ERR; -} - static int pam_winbind_request_log(struct pwb_context *ctx, int retval, const char *user, -- cgit From 042df7f0b78d60a721fa35c42e950774261cea1d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 14:39:52 +0200 Subject: pam_winbind: re-add mkhomedir option. Guenther --- examples/pam_winbind/pam_winbind.conf | 3 + source3/nsswitch/pam_winbind.c | 135 +++++++++++++++++++++++++++++++++- source3/nsswitch/pam_winbind.h | 1 + 3 files changed, 136 insertions(+), 3 deletions(-) diff --git a/examples/pam_winbind/pam_winbind.conf b/examples/pam_winbind/pam_winbind.conf index a9e02a833a..dd0b112f30 100644 --- a/examples/pam_winbind/pam_winbind.conf +++ b/examples/pam_winbind/pam_winbind.conf @@ -33,3 +33,6 @@ # omit pam conversations ;silent = no + +# create homedirectory on the fly +;mkhomedir = no diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index a9d6aa650a..8d8868d0ef 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -437,6 +437,10 @@ static int _pam_parse(const pam_handle_t *pamh, ctrl |= WINBIND_WARN_PWD_EXPIRE; } + if (iniparser_getboolean(d, "global:mkhomedir", false)) { + ctrl |= WINBIND_MKHOMEDIR; + } + config_from_pam: /* step through arguments */ for (i=argc,v=argv; i-- > 0; ++v) { @@ -469,6 +473,8 @@ config_from_pam: ctrl |= WINBIND_KRB5_CCACHE_TYPE; else if (!strcasecmp(*v, "cached_login")) ctrl |= WINBIND_CACHED_LOGIN; + else if (!strcasecmp(*v, "mkhomedir")) + ctrl |= WINBIND_MKHOMEDIR; else { __pam_log(pamh, ctrl, LOG_ERR, "pam_parse: unknown option: %s", *v); @@ -1378,6 +1384,127 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, return NULL; } +static int _pam_create_homedir(struct pwb_context *ctx, + const char *dirname, + mode_t mode) +{ + struct stat sbuf; + + if (stat(dirname, &sbuf) == 0) { + return PAM_SUCCESS; + } + + if (mkdir(dirname, mode) != 0) { + + _make_remark_format(ctx, PAM_TEXT_INFO, + "Creating directory: %s failed: %s", + dirname, strerror(errno)); + _pam_log(ctx, LOG_ERR, "could not create dir: %s (%s)", + dirname, strerror(errno)); + return PAM_PERM_DENIED; + } + + return PAM_SUCCESS; +} + +static int _pam_chown_homedir(struct pwb_context *ctx, + const char *dirname, + uid_t uid, + gid_t gid) +{ + if (chown(dirname, uid, gid) != 0) { + _pam_log(ctx, LOG_ERR, "failed to chown user homedir: %s (%s)", + dirname, strerror(errno)); + return PAM_PERM_DENIED; + } + + return PAM_SUCCESS; +} + +static int _pam_mkhomedir(struct pwb_context *ctx) +{ + struct passwd *pwd = NULL; + char *token = NULL; + char *create_dir = NULL; + char *user_dir = NULL; + int ret; + const char *username; + mode_t mode = 0700; + char *safe_ptr = NULL; + char *p = NULL; + + /* Get the username */ + ret = pam_get_user(ctx->pamh, &username, NULL); + if ((ret != PAM_SUCCESS) || (!username)) { + _pam_log_debug(ctx, LOG_DEBUG, "can not get the username"); + return PAM_SERVICE_ERR; + } + + pwd = getpwnam(username); + if (pwd == NULL) { + _pam_log_debug(ctx, LOG_DEBUG, "can not get the username"); + return PAM_USER_UNKNOWN; + } + _pam_log_debug(ctx, LOG_DEBUG, "homedir is: %s", pwd->pw_dir); + + ret = _pam_create_homedir(ctx, pwd->pw_dir, 0700); + if (ret == PAM_SUCCESS) { + ret = _pam_chown_homedir(ctx, pwd->pw_dir, + pwd->pw_uid, + pwd->pw_gid); + } + + if (ret == PAM_SUCCESS) { + return ret; + } + + /* maybe we need to create parent dirs */ + create_dir = talloc_strdup(ctx, "/"); + if (!create_dir) { + return PAM_BUF_ERR; + } + + /* find final directory */ + user_dir = strrchr(pwd->pw_dir, '/'); + if (!user_dir) { + return PAM_BUF_ERR; + } + user_dir++; + + _pam_log(ctx, LOG_DEBUG, "final directory: %s", user_dir); + + p = pwd->pw_dir; + + while ((token = strtok_r(p, "/", &safe_ptr)) != NULL) { + + mode = 0755; + + p = NULL; + + _pam_log_debug(ctx, LOG_DEBUG, "token is %s", token); + + create_dir = talloc_asprintf_append(create_dir, "%s/", token); + if (!create_dir) { + return PAM_BUF_ERR; + } + _pam_log_debug(ctx, LOG_DEBUG, "current_dir is %s", create_dir); + + if (strcmp(token, user_dir) == 0) { + _pam_log_debug(ctx, LOG_DEBUG, "assuming last directory: %s", token); + mode = 0700; + } + + ret = _pam_create_homedir(ctx, create_dir, mode); + if (ret) { + return ret; + } + } + + return _pam_chown_homedir(ctx, create_dir, + pwd->pw_uid, + pwd->pw_gid); +} + /* talk to winbindd */ static int winbind_auth_request(struct pwb_context *ctx, const char *user, @@ -2470,7 +2597,7 @@ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { - int ret = PAM_SYSTEM_ERR; + int ret = PAM_SUCCESS; struct pwb_context *ctx = NULL; ret = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); @@ -2480,8 +2607,10 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, _PAM_LOG_FUNCTION_ENTER("pam_sm_open_session", ctx); - ret = PAM_SUCCESS; - + if (ctx->ctrl & WINBIND_MKHOMEDIR) { + /* check and create homedir */ + ret = _pam_mkhomedir(ctx); + } out: _PAM_LOG_FUNCTION_LEAVE("pam_sm_open_session", ctx, ret); diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index e7c869c843..cb6f450ccb 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -99,6 +99,7 @@ do { \ #define WINBIND_SILENT 0x00000800 #define WINBIND_DEBUG_STATE 0x00001000 #define WINBIND_WARN_PWD_EXPIRE 0x00002000 +#define WINBIND_MKHOMEDIR 0x00004000 /* * here is the string to inform the user that the new passwords they -- cgit From 5b75aa34069d488d23e880393d4280cbe85cc5c6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 14 Aug 2008 14:41:50 +0200 Subject: pam_winbind: document mkhomedir option. Guenther --- docs-xml/manpages-3/pam_winbind.7.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs-xml/manpages-3/pam_winbind.7.xml b/docs-xml/manpages-3/pam_winbind.7.xml index cf7fd5a0f6..7f233c1386 100644 --- a/docs-xml/manpages-3/pam_winbind.7.xml +++ b/docs-xml/manpages-3/pam_winbind.7.xml @@ -134,6 +134,14 @@ + + mkhomedir + + Create homedirectory for a user on-the-fly, option is valid in + PAM session block. + + + -- cgit From eada8f8abe6e4b770b7a2e279fc897a4272b6fa5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Oct 2008 11:55:14 -0700 Subject: If you have a large number of cups printers, then scanning for print info can cause a client to timeout (it takes longer than 30 seconds to enumerate them). Make scanning for printers async with a callback from the main loop. This fixes a bug that was irritating *me* :-). Jeremy. --- source3/include/proto.h | 8 +- source3/include/smb.h | 1 + source3/param/loadparm.c | 2 +- source3/printing/load.c | 2 +- source3/printing/pcap.c | 77 +++++++++------ source3/printing/print_cups.c | 211 +++++++++++++++++++++++++++++++++++++++++- 6 files changed, 267 insertions(+), 34 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index b7a7ed5479..fc497b6966 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5995,7 +5995,7 @@ bool dump_a_parameter(int snum, char *parm_name, FILE * f, bool isGlobal); struct parm_struct *lp_get_parameter(const char *param_name); struct parm_struct *lp_next_parameter(int snum, int *i, int allparameters); bool lp_snum_ok(int iService); -void lp_add_one_printer(char *name, char *comment); +void lp_add_one_printer(const char *name, const char *comment, void *pdata); bool lp_loaded(void); void lp_killunused(bool (*snumused) (int)); void lp_kill_all_services(void); @@ -6568,11 +6568,15 @@ char* get_server_name( Printer_entry *printer ); /* The following definitions come from printing/pcap.c */ +bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment); +void pcap_cache_destroy_specific(struct pcap_cache **ppcache); bool pcap_cache_add(const char *name, const char *comment); bool pcap_cache_loaded(void); +void pcap_cache_replace(const struct pcap_cache *cache); void pcap_cache_reload(void); bool pcap_printername_ok(const char *printername); -void pcap_printer_fn(void (*fn)(char *, char *)); +void pcap_printer_fn_specific(const struct pcap_cache *, void (*fn)(const char *, const char *, void *), void *); +void pcap_printer_fn(void (*fn)(const char *, const char *, void *), void *); /* The following definitions come from printing/print_aix.c */ diff --git a/source3/include/smb.h b/source3/include/smb.h index c8c4f8c3cc..ef98b5e1b5 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -391,6 +391,7 @@ struct idle_event; struct share_mode_entry; struct uuid; struct named_mutex; +struct pcap_cache; struct vfs_fsp_data { struct vfs_fsp_data *next; diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 94660317f8..1191c3d3aa 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -7848,7 +7848,7 @@ static void lp_add_auto_services(char *str) Auto-load one printer. ***************************************************************************/ -void lp_add_one_printer(char *name, char *comment) +void lp_add_one_printer(const char *name, const char *comment, void *pdata) { int printers = lp_servicenumber(PRINTERS_NAME); int i; diff --git a/source3/printing/load.c b/source3/printing/load.c index 23144d5a95..fc21f271bd 100644 --- a/source3/printing/load.c +++ b/source3/printing/load.c @@ -60,5 +60,5 @@ void load_printers(void) /* load all printcap printers */ if (lp_load_printers() && lp_servicenumber(PRINTERS_NAME) >= 0) - pcap_printer_fn(lp_add_one_printer); + pcap_printer_fn(lp_add_one_printer, NULL); } diff --git a/source3/printing/pcap.c b/source3/printing/pcap.c index 30cb254a29..10c1a2d608 100644 --- a/source3/printing/pcap.c +++ b/source3/printing/pcap.c @@ -63,41 +63,51 @@ #include "includes.h" -typedef struct pcap_cache { +struct pcap_cache { char *name; char *comment; struct pcap_cache *next; -} pcap_cache_t; +}; -static pcap_cache_t *pcap_cache = NULL; +/* The systemwide printcap cache. */ +static struct pcap_cache *pcap_cache = NULL; -bool pcap_cache_add(const char *name, const char *comment) +bool pcap_cache_add_specific(struct pcap_cache **ppcache, const char *name, const char *comment) { - pcap_cache_t *p; + struct pcap_cache *p; - if (name == NULL || ((p = SMB_MALLOC_P(pcap_cache_t)) == NULL)) - return False; + if (name == NULL || ((p = SMB_MALLOC_P(struct pcap_cache)) == NULL)) + return false; p->name = SMB_STRDUP(name); p->comment = (comment && *comment) ? SMB_STRDUP(comment) : NULL; - p->next = pcap_cache; - pcap_cache = p; + DEBUG(11,("pcap_cache_add_specific: Adding name %s info %s\n", + p->name, p->comment ? p->comment : "")); + + p->next = *ppcache; + *ppcache = p; - return True; + return true; } -static void pcap_cache_destroy(pcap_cache_t *cache) +void pcap_cache_destroy_specific(struct pcap_cache **pp_cache) { - pcap_cache_t *p, *next; + struct pcap_cache *p, *next; - for (p = cache; p != NULL; p = next) { + for (p = *pp_cache; p != NULL; p = next) { next = p->next; SAFE_FREE(p->name); SAFE_FREE(p->comment); SAFE_FREE(p); } + *pp_cache = NULL; +} + +bool pcap_cache_add(const char *name, const char *comment) +{ + return pcap_cache_add_specific(&pcap_cache, name, comment); } bool pcap_cache_loaded(void) @@ -105,11 +115,21 @@ bool pcap_cache_loaded(void) return (pcap_cache != NULL); } +void pcap_cache_replace(const struct pcap_cache *pcache) +{ + const struct pcap_cache *p; + + pcap_cache_destroy_specific(&pcap_cache); + for (p = pcache; p; p = p->next) { + pcap_cache_add(p->name, p->comment); + } +} + void pcap_cache_reload(void) { const char *pcap_name = lp_printcapname(); bool pcap_reloaded = False; - pcap_cache_t *tmp_cache = NULL; + struct pcap_cache *tmp_cache = NULL; XFILE *pcap_file; char *pcap_line; @@ -223,9 +243,9 @@ done: DEBUG(3, ("reload status: %s\n", (pcap_reloaded) ? "ok" : "error")); if (pcap_reloaded) - pcap_cache_destroy(tmp_cache); + pcap_cache_destroy_specific(&tmp_cache); else { - pcap_cache_destroy(pcap_cache); + pcap_cache_destroy_specific(&pcap_cache); pcap_cache = tmp_cache; } @@ -235,7 +255,7 @@ done: bool pcap_printername_ok(const char *printername) { - pcap_cache_t *p; + struct pcap_cache *p; for (p = pcap_cache; p != NULL; p = p->next) if (strequal(p->name, printername)) @@ -245,19 +265,22 @@ bool pcap_printername_ok(const char *printername) } /*************************************************************************** -run a function on each printer name in the printcap file. The function is -passed the primary name and the comment (if possible). Note the fn() takes -strings in DOS codepage. This means the xxx_printer_fn() calls must be fixed -to return DOS codepage. FIXME !! JRA. - -XXX: I'm not sure if this comment still applies.. Anyone? -Rob +run a function on each printer name in the printcap file. ***************************************************************************/ -void pcap_printer_fn(void (*fn)(char *, char *)) + +void pcap_printer_fn_specific(const struct pcap_cache *pc, + void (*fn)(const char *, const char *, void *), + void *pdata) { - pcap_cache_t *p; + const struct pcap_cache *p; - for (p = pcap_cache; p != NULL; p = p->next) - fn(p->name, p->comment); + for (p = pc; p != NULL; p = p->next) + fn(p->name, p->comment, pdata); return; } + +void pcap_printer_fn(void (*fn)(const char *, const char *, void *), void *pdata) +{ + return pcap_printer_fn_specific(pcap_cache, fn, pdata); +} diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index b9bed7a138..6fe24e181e 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -106,9 +106,46 @@ static http_t *cups_connect(TALLOC_CTX *frame) return http; } -bool cups_cache_reload(void) +static void send_pcap_info(const char *name, const char *info, void *pd) +{ + int fd = *(int *)pd; + size_t namelen = name ? strlen(name)+1 : 0; + size_t infolen = info ? strlen(info)+1 : 0; + + DEBUG(11,("send_pcap_info: writing namelen %u\n", (unsigned int)namelen)); + if (sys_write(fd, &namelen, sizeof(namelen)) != sizeof(namelen)) { + DEBUG(10,("send_pcap_info: namelen write failed %s\n", + strerror(errno))); + return; + } + DEBUG(11,("send_pcap_info: writing infolen %u\n", (unsigned int)infolen)); + if (sys_write(fd, &infolen, sizeof(infolen)) != sizeof(infolen)) { + DEBUG(10,("send_pcap_info: infolen write failed %s\n", + strerror(errno))); + return; + } + if (namelen) { + DEBUG(11,("send_pcap_info: writing name %s\n", name)); + if (sys_write(fd, name, namelen) != namelen) { + DEBUG(10,("send_pcap_info: name write failed %s\n", + strerror(errno))); + return; + } + } + if (infolen) { + DEBUG(11,("send_pcap_info: writing info %s\n", info)); + if (sys_write(fd, info, infolen) != infolen) { + DEBUG(10,("send_pcap_info: info write failed %s\n", + strerror(errno))); + return; + } + } +} + +static bool cups_cache_reload_async(int fd) { TALLOC_CTX *frame = talloc_stackframe(); + struct pcap_cache *tmp_pcap_cache = NULL; http_t *http = NULL; /* HTTP connection to server */ ipp_t *request = NULL, /* IPP Request */ *response = NULL; /* IPP Response */ @@ -226,7 +263,7 @@ bool cups_cache_reload(void) if (name == NULL) break; - if (!pcap_cache_add(name, info)) { + if (!pcap_cache_add_specific(&tmp_pcap_cache, name, info)) { goto out; } } @@ -318,7 +355,7 @@ bool cups_cache_reload(void) if (name == NULL) break; - if (!pcap_cache_add(name, info)) { + if (!pcap_cache_add_specific(&tmp_pcap_cache, name, info)) { goto out; } } @@ -335,10 +372,178 @@ bool cups_cache_reload(void) if (http) httpClose(http); + /* Send all the entries up the pipe. */ + if (tmp_pcap_cache) { + pcap_printer_fn_specific(tmp_pcap_cache, + send_pcap_info, + (void *)&fd); + + pcap_cache_destroy_specific(&tmp_pcap_cache); + } TALLOC_FREE(frame); return ret; } +static struct pcap_cache *local_pcap_copy; +struct fd_event *cache_fd_event; + +static bool cups_pcap_load_async(int *pfd) +{ + int fds[2]; + pid_t pid; + + if (cache_fd_event) { + DEBUG(3,("cups_pcap_load_async: already waiting for " + "a refresh event\n" )); + return false; + } + + DEBUG(5,("cups_pcap_load_async: asynchronously loading cups printers\n")); + + if (pipe(fds) == -1) { + return false; + } + + pid = sys_fork(); + if (pid == (pid_t)-1) { + DEBUG(10,("cups_pcap_load_async: fork failed %s\n", + strerror(errno) )); + close(fds[0]); + close(fds[1]); + return false; + } + + if (pid) { + DEBUG(10,("cups_pcap_load_async: child pid = %u\n", + (unsigned int)pid )); + /* Parent. */ + close(fds[1]); + *pfd = fds[0]; + return true; + } + + /* Child. */ + close(fds[0]); + cups_cache_reload_async(fds[1]); + close(fds[1]); + _exit(0); +} + +static void cups_async_callback(struct event_context *event_ctx, + struct fd_event *event, + uint16 flags, + void *p) +{ + TALLOC_CTX *frame = talloc_stackframe(); + int fd = *(int *)p; + struct pcap_cache *tmp_pcap_cache = NULL; + + DEBUG(5,("cups_async_callback: callback received for printer data. " + "fd = %d\n", fd)); + + TALLOC_FREE(cache_fd_event); + + while (1) { + char *name = NULL, *info = NULL; + size_t namelen = 0, infolen = 0; + + if (sys_read(fd, &namelen, sizeof(namelen)) != + sizeof(namelen)) { + DEBUG(10,("cups_async_callback: namelen read failed %d %s\n", + errno, strerror(errno))); + break; + } + if (sys_read(fd, &infolen, sizeof(infolen)) != + sizeof(infolen)) { + DEBUG(10,("cups_async_callback: infolen read failed %s\n", + strerror(errno))); + break; + } + if (namelen) { + name = TALLOC_ARRAY(frame, char, namelen); + if (!name) { + break; + } + if (sys_read(fd, name, namelen) != namelen) { + DEBUG(10,("cups_async_callback: name read failed %s\n", + strerror(errno))); + break; + } + } else { + name = NULL; + } + if (infolen) { + info = TALLOC_ARRAY(frame, char, infolen); + if (!info) { + break; + } + if (sys_read(fd, info, infolen) != infolen) { + DEBUG(10,("cups_async_callback: info read failed %s\n", + strerror(errno))); + break; + } + } else { + info = NULL; + } + + /* Add to our local pcap cache. */ + pcap_cache_add_specific(&tmp_pcap_cache, name, info); + TALLOC_FREE(name); + TALLOC_FREE(info); + } + + TALLOC_FREE(frame); + if (tmp_pcap_cache) { + /* We got a namelist, replace our local cache. */ + pcap_cache_destroy_specific(&local_pcap_copy); + local_pcap_copy = tmp_pcap_cache; + + /* And the systemwide pcap cache. */ + pcap_cache_replace(local_pcap_copy); + } else { + DEBUG(2,("cups_async_callback: failed to read a new " + "printer list\n")); + } + close(fd); +} + +bool cups_cache_reload(void) +{ + int fd = -1; + + /* Set up an async refresh. */ + if (!cups_pcap_load_async(&fd)) { + return false; + } + if (!local_pcap_copy) { + /* We have no local cache, wait directly for + * async refresh to complete. + */ + cups_async_callback(smbd_event_context(), + NULL, + EVENT_FD_READ, + (void *)&fd); + if (!local_pcap_copy) { + return false; + } + } else { + /* Replace the system cache with our + * local copy. */ + pcap_cache_replace(local_pcap_copy); + + /* Trigger an event when the pipe can be read. */ + cache_fd_event = event_add_fd(smbd_event_context(), + NULL, fd, + EVENT_FD_READ, + cups_async_callback, + (void *)&fd); + if (!cache_fd_event) { + close(fd); + return false; + } + } + return true; +} /* * 'cups_job_delete()' - Delete a job. -- cgit From 430cc443901865a5c781ce4ac5cf65b450ccbe61 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Oct 2008 15:55:49 -0700 Subject: Async is trickier than it looks :-). Don't use a stack variable for a private data ptr. Jeremy. --- source3/printing/print_cups.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 6fe24e181e..14119626e5 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -505,24 +505,32 @@ static void cups_async_callback(struct event_context *event_ctx, "printer list\n")); } close(fd); + TALLOC_FREE(p); } bool cups_cache_reload(void) { - int fd = -1; + int *p_pipe_fd = TALLOC_P(NULL, int); + + if (!p_pipe_fd) { + return false; + } /* Set up an async refresh. */ - if (!cups_pcap_load_async(&fd)) { + if (!cups_pcap_load_async(p_pipe_fd)) { return false; } if (!local_pcap_copy) { /* We have no local cache, wait directly for * async refresh to complete. */ + DEBUG(10,("cups_cache_reload: sync read on fd %d\n", + *p_pipe_fd )); + cups_async_callback(smbd_event_context(), NULL, EVENT_FD_READ, - (void *)&fd); + (void *)p_pipe_fd); if (!local_pcap_copy) { return false; } @@ -531,14 +539,18 @@ bool cups_cache_reload(void) * local copy. */ pcap_cache_replace(local_pcap_copy); + DEBUG(10,("cups_cache_reload: async read on fd %d\n", + *p_pipe_fd )); + /* Trigger an event when the pipe can be read. */ cache_fd_event = event_add_fd(smbd_event_context(), - NULL, fd, + NULL, *p_pipe_fd, EVENT_FD_READ, cups_async_callback, - (void *)&fd); + (void *)p_pipe_fd); if (!cache_fd_event) { - close(fd); + close(*p_pipe_fd); + TALLOC_FREE(p_pipe_fd); return false; } } -- cgit From 4cbb3b23a4e1d5e800b900fe91860eb0a9add12e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Oct 2008 16:29:14 -0700 Subject: Allow data flow to be debugged and only log on error. All seems ok now. Jeremy. --- source3/printing/print_cups.c | 48 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 40 insertions(+), 8 deletions(-) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 14119626e5..6086bb858b 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -392,6 +392,8 @@ static bool cups_pcap_load_async(int *pfd) int fds[2]; pid_t pid; + *pfd = -1; + if (cache_fd_event) { DEBUG(3,("cups_pcap_load_async: already waiting for " "a refresh event\n" )); @@ -441,34 +443,56 @@ static void cups_async_callback(struct event_context *event_ctx, DEBUG(5,("cups_async_callback: callback received for printer data. " "fd = %d\n", fd)); - TALLOC_FREE(cache_fd_event); - while (1) { char *name = NULL, *info = NULL; size_t namelen = 0, infolen = 0; + ssize_t ret = -1; - if (sys_read(fd, &namelen, sizeof(namelen)) != - sizeof(namelen)) { + ret = sys_read(fd, &namelen, sizeof(namelen)); + if (ret == 0) { + /* EOF */ + break; + } + if (ret != sizeof(namelen)) { DEBUG(10,("cups_async_callback: namelen read failed %d %s\n", errno, strerror(errno))); break; } - if (sys_read(fd, &infolen, sizeof(infolen)) != - sizeof(infolen)) { + + DEBUG(11,("cups_async_callback: read namelen %u\n", + (unsigned int)namelen)); + + ret = sys_read(fd, &infolen, sizeof(infolen)); + if (ret == 0) { + /* EOF */ + break; + } + if (ret != sizeof(infolen)) { DEBUG(10,("cups_async_callback: infolen read failed %s\n", strerror(errno))); break; } + + DEBUG(11,("cups_async_callback: read infolen %u\n", + (unsigned int)infolen)); + if (namelen) { name = TALLOC_ARRAY(frame, char, namelen); if (!name) { break; } - if (sys_read(fd, name, namelen) != namelen) { + ret = sys_read(fd, name, namelen); + if (ret == 0) { + /* EOF */ + break; + } + if (ret != namelen) { DEBUG(10,("cups_async_callback: name read failed %s\n", strerror(errno))); break; } + DEBUG(11,("cups_async_callback: read name %s\n", + name)); } else { name = NULL; } @@ -477,11 +501,18 @@ static void cups_async_callback(struct event_context *event_ctx, if (!info) { break; } - if (sys_read(fd, info, infolen) != infolen) { + ret = sys_read(fd, info, infolen); + if (ret == 0) { + /* EOF */ + break; + } + if (ret != infolen) { DEBUG(10,("cups_async_callback: info read failed %s\n", strerror(errno))); break; } + DEBUG(11,("cups_async_callback: read info %s\n", + info)); } else { info = NULL; } @@ -506,6 +537,7 @@ static void cups_async_callback(struct event_context *event_ctx, } close(fd); TALLOC_FREE(p); + TALLOC_FREE(cache_fd_event); } bool cups_cache_reload(void) -- cgit From 1d151b3161b1bf82898baa9eb9dd1f212b79e2a1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Oct 2008 16:43:13 -0700 Subject: Ensure we do reinit_after_fork(). Jeremy. --- source3/printing/print_cups.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 6086bb858b..9326ac74a4 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -425,6 +425,11 @@ static bool cups_pcap_load_async(int *pfd) } /* Child. */ + if (!reinit_after_fork(smbd_messaging_context(), true)) { + DEBUG(0,("cups_pcap_load_async: reinit_after_fork() failed\n")); + smb_panic("cups_pcap_load_async: reinit_after_fork() failed"); + } + close(fds[0]); cups_cache_reload_async(fds[1]); close(fds[1]); -- cgit From 47f7ef8f39ba482a7d6578ab82c9e0670381c4f8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 10 Oct 2008 16:48:18 -0700 Subject: Initialize near creation of resource. Makes code clearer. Jeremy. --- source3/printing/print_cups.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c index 9326ac74a4..ca3415ca5a 100644 --- a/source3/printing/print_cups.c +++ b/source3/printing/print_cups.c @@ -553,6 +553,8 @@ bool cups_cache_reload(void) return false; } + *p_pipe_fd = -1; + /* Set up an async refresh. */ if (!cups_pcap_load_async(p_pipe_fd)) { return false; -- cgit From 80faa78a912cda4b3298b832e46c22c045ec85f9 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 10 Oct 2008 16:26:34 +0200 Subject: Fix a "nexted extern declaration" warning --- source3/smbd/nttrans.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 061855876c..43492bf8b6 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -22,6 +22,7 @@ extern int max_send; extern enum protocol_types Protocol; +extern const struct generic_mapping file_generic_mapping; static char *nttrans_realloc(char **ptr, size_t size) { @@ -713,7 +714,6 @@ static void do_nt_transact_create_pipe(connection_struct *conn, static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, uint32 security_info_sent) { - extern const struct generic_mapping file_generic_mapping; SEC_DESC *psd = NULL; NTSTATUS status; -- cgit From 200b0deaef4d399d321741ce76809beb628a5814 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 10 Oct 2008 17:50:09 +0200 Subject: Fix some nonempty blank lines --- source3/smbd/connection.c | 34 +++++++++++++++++----------------- source3/smbd/ipc.c | 12 ++++++------ 2 files changed, 23 insertions(+), 23 deletions(-) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 8dd5964f5f..3dd8ec90ee 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -2,17 +2,17 @@ Unix SMB/CIFS implementation. connection claim routines Copyright (C) Andrew Tridgell 1998 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -63,7 +63,7 @@ static int count_fn(struct db_record *rec, void *udp) { struct count_stat *cs = (struct count_stat *)udp; - + if (crec->cnum == -1) { return 0; } @@ -159,7 +159,7 @@ bool claim_connection(connection_struct *conn, const char *name, } crec.start = time(NULL); crec.bcast_msg_flags = msg_flags; - + strlcpy(crec.machine,get_remote_machine_name(),sizeof(crec.machine)); strlcpy(crec.addr,conn?conn->client_address: client_addr(get_client_fd(),addr,sizeof(addr)), @@ -232,17 +232,17 @@ static TDB_DATA* make_pipe_rec_key( struct pipe_open_rec *prec ) { TDB_DATA *kbuf = NULL; fstring key_string; - + if ( !prec ) return NULL; - + if ( (kbuf = TALLOC_P(prec, TDB_DATA)) == NULL ) { return NULL; } - + snprintf( key_string, sizeof(key_string), "%s/%d/%d", prec->name, procid_to_pid(&prec->pid), prec->pnum ); - + *kbuf = string_term_tdb_data(talloc_strdup(prec, key_string)); if (kbuf->dptr == NULL ) return NULL; @@ -273,17 +273,17 @@ bool store_pipe_opendb( smb_np_struct *p ) TDB_DATA *key; TDB_DATA data; bool ret = False; - + if ( (prec = TALLOC_P( NULL, struct pipe_open_rec)) == NULL ) { DEBUG(0,("store_pipe_opendb: talloc failed!\n")); return False; } - + fill_pipe_open_rec( prec, p ); if ( (key = make_pipe_rec_key( prec )) == NULL ) { goto done; } - + data.dptr = (uint8 *)prec; data.dsize = sizeof(struct pipe_open_rec); @@ -293,7 +293,7 @@ bool store_pipe_opendb( smb_np_struct *p ) } ret = NT_STATUS_IS_OK(dbrec->store(dbrec, data, TDB_REPLACE)); - + done: TALLOC_FREE( prec ); return ret; @@ -308,24 +308,24 @@ bool delete_pipe_opendb( smb_np_struct *p ) struct pipe_open_rec *prec; TDB_DATA *key; bool ret = False; - + if ( (prec = TALLOC_P( NULL, struct pipe_open_rec)) == NULL ) { DEBUG(0,("store_pipe_opendb: talloc failed!\n")); return False; } - + fill_pipe_open_rec( prec, p ); if ( (key = make_pipe_rec_key( prec )) == NULL ) { goto done; } - + if (!(dbrec = connections_fetch_record(prec, *key))) { DEBUG(0, ("connections_fetch_record failed\n")); goto done; } ret = NT_STATUS_IS_OK(dbrec->delete_rec(dbrec)); - + done: TALLOC_FREE( prec ); return ret; diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 0f2caad86f..a824ab7fd3 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -5,17 +5,17 @@ SMB Version handling Copyright (C) John H Terpstra 1995-1998 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -162,7 +162,7 @@ void send_trans_reply(connection_struct *conn, const uint8_t *inbuf, copy_trans_params_and_data(outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - + SSVAL(outbuf,smb_vwv3,this_lparam); SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); SSVAL(outbuf,smb_vwv5,tot_param_sent); @@ -735,11 +735,11 @@ void reply_transs(struct smb_request *req) state->received_param += pcnt; state->received_data += dcnt; - + if ((state->received_data > state->total_data) || (state->received_param > state->total_param)) goto bad_param; - + if (pcnt) { if (pdisp > state->total_param || pcnt > state->total_param || -- cgit From f0a27064869871806343648de3b5a0667118872f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 10 Oct 2008 23:40:50 +0200 Subject: Make use of talloc_tos() --- source3/smbd/connection.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/smbd/connection.c b/source3/smbd/connection.c index 3dd8ec90ee..fd83f77725 100644 --- a/source3/smbd/connection.c +++ b/source3/smbd/connection.c @@ -274,7 +274,7 @@ bool store_pipe_opendb( smb_np_struct *p ) TDB_DATA data; bool ret = False; - if ( (prec = TALLOC_P( NULL, struct pipe_open_rec)) == NULL ) { + if ( (prec = TALLOC_P( talloc_tos(), struct pipe_open_rec)) == NULL ) { DEBUG(0,("store_pipe_opendb: talloc failed!\n")); return False; } @@ -309,7 +309,7 @@ bool delete_pipe_opendb( smb_np_struct *p ) TDB_DATA *key; bool ret = False; - if ( (prec = TALLOC_P( NULL, struct pipe_open_rec)) == NULL ) { + if ( (prec = TALLOC_P( talloc_tos(), struct pipe_open_rec)) == NULL ) { DEBUG(0,("store_pipe_opendb: talloc failed!\n")); return False; } -- cgit