From 8cb23a6b2950d7419767845b6097470f76f348a7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 31 Oct 2008 16:54:22 -0700 Subject: Remove unused variable. Jeremy. --- source3/printing/nt_printing.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 9c1323eaa2..41383a0a57 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -5768,7 +5768,6 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum, SEC_DESC_BUF *secdesc = NULL; uint32 access_granted; NTSTATUS status; - bool result; const char *pname; TALLOC_CTX *mem_ctx = NULL; SE_PRIV se_printop = SE_PRINT_OPERATOR; -- cgit From d93041e3363a6e0c6ebba63e6d8c92948be4f953 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 5 Nov 2008 19:11:40 -0800 Subject: Add reference to bug #4308 to remind me to add regression test to smbtorture. Jeremy. --- source3/smbd/posix_acls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index cccf3087f7..97b87cc3a9 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3511,7 +3511,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx - * for details. JRA. + * for details and also the log trace in bug #4308. JRA. */ if ((security_info_sent & DACL_SECURITY_INFORMATION) && -- cgit From f640135d125e84ad59e0b3920992d7b0fcbe0498 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 00:50:56 -0800 Subject: Fix crash in module, get more of the NULL acl test right. Jeremy. --- source3/modules/vfs_acl_xattr.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 5dfe43e55b..1619de4fd2 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -366,26 +366,26 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, parent_name, DACL_SECURITY_INFORMATION, &parent_desc); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("inherit_new_acl: directory %s failed " - "to get acl %s\n", - parent_name, - nt_errstr(status) )); - return status; - } - - /* Create an inherited descriptor from the parent. */ - status = se_create_child_secdesc(ctx, + if (NT_STATUS_IS_OK(status)) { + /* Create an inherited descriptor from the parent. */ + status = se_create_child_secdesc(ctx, &psd, &size, parent_desc, &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], container); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + DEBUG(10,("inherit_new_acl: directory %s failed " + "to get acl %s\n", + parent_name, + nt_errstr(status) )); } - if (psd->dacl == NULL) { + + if (!psd || psd->dacl == NULL) { SMB_STRUCT_STAT sbuf; int ret; @@ -393,7 +393,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { ret = SMB_VFS_FSTAT(fsp, &sbuf); } else { - ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + ret = SMB_VFS_STAT(handle->conn,fname, &sbuf); } if (ret == -1) { return map_nt_error_from_unix(errno); @@ -528,6 +528,10 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } + if (!psd->owner_sid && !psd->group_sid && !(psd->type & SEC_DESC_DACL_PRESENT)) { + return NT_STATUS_OK; + } + status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit From 4af3c2830ab61e2c93faf41a7472d6132687c7c3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:01:01 -0800 Subject: Only one more issue with NULL ACL test left to solve. Jeremy. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 1619de4fd2..9d9ea01375 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -74,7 +74,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, } #endif - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) ? xacl.info.sd_ts->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) -- cgit From 24c598b1b95742961d43ff5bd61831405b561dfe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:40:21 -0800 Subject: Don't call FSET_NT_ACL on file create if there's no SD to set. Leave the default ACL in place. Jeremy. --- source3/modules/vfs_acl_xattr.c | 4 ---- source3/smbd/open.c | 7 ++++++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 9d9ea01375..c6fb0b5907 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -528,10 +528,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } - if (!psd->owner_sid && !psd->group_sid && !(psd->type & SEC_DESC_DACL_PRESENT)) { - return NT_STATUS_OK; - } - status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 480352beda..3fd0d1a03a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2923,7 +2923,12 @@ NTSTATUS create_file_unixpath(connection_struct *conn, security_acl_map_generic(sd->dacl, &file_generic_mapping); security_acl_map_generic(sd->sacl, &file_generic_mapping); - status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); + if (sec_info_sent & (OWNER_SECURITY_INFORMATION| + GROUP_SECURITY_INFORMATION| + DACL_SECURITY_INFORMATION| + SACL_SECURITY_INFORMATION)) { + status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); + } fsp->access_mask = saved_access_mask; -- cgit From 7522ef15aca2429ef57c75d8297dd8121e79c9da Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:45:40 -0800 Subject: Final fix to make us pass NULL SD test in RAW-ACLs. Not sure if this is 100% right. Only inheritance left to fix. Jeremy. --- source3/smbd/nttrans.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f711b588c5..50a3aea856 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -725,6 +725,9 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, if (psd->sacl==0) { security_info_sent &= ~SACL_SECURITY_INFORMATION; } + if (security_info_sent & DACL_SECURITY_INFORMATION) { + psd->type |= SEC_DESC_DACL_PRESENT; + } if (psd->dacl==0) { security_info_sent &= ~DACL_SECURITY_INFORMATION; } -- cgit From 87f563c2308b761bc9c42caf5ab240746004e908 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:58:56 -0800 Subject: Start factoring out the inheritance differences. Jeremy. --- source3/lib/secdesc.c | 3 +-- source3/modules/vfs_acl_xattr.c | 3 +-- source4/torture/raw/acls.c | 4 +++- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 2987306066..94d249564f 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -574,8 +574,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| - SEC_DESC_DACL_DEFAULTED, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, owner_sid, group_sid, NULL, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index c6fb0b5907..209209d287 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -326,8 +326,7 @@ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, } return make_sec_desc(mem_ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| - SEC_DESC_DACL_DEFAULTED, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, &owner_sid, &group_sid, NULL, diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index 862b96ac17..d76454d1ff 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1410,7 +1410,9 @@ static bool test_inheritance(struct torture_context *tctx, if (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT)) { if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) { - printf("Expected default sd at %d - got:\n", i); + printf("Expected default sd:\n"); + NDR_PRINT_DEBUG(security_descriptor, sd_def); + printf("at %d - got:\n", i); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); } goto check_dir; -- cgit From 0be668f147e65cdd8614c6308c7d5ea1bc25f8f5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 13:31:27 +0100 Subject: doserr: add WERR_NO_TRUST_SAM_ACCOUNT. Guenther --- libcli/util/doserr.c | 1 + libcli/util/werror.h | 1 + 2 files changed, 2 insertions(+) diff --git a/libcli/util/doserr.c b/libcli/util/doserr.c index 2ab39125df..160e7bc3e0 100644 --- a/libcli/util/doserr.c +++ b/libcli/util/doserr.c @@ -135,6 +135,7 @@ static const struct werror_code_struct dos_errs[] = { "WERR_INVALID_FLAGS", WERR_INVALID_FLAGS }, { "WERR_NOT_FOUND", WERR_NOT_FOUND }, { "WERR_SERVER_UNAVAILABLE", WERR_SERVER_UNAVAILABLE }, + { "WERR_NO_TRUST_SAM_ACCOUNT", WERR_NO_TRUST_SAM_ACCOUNT }, { "WERR_CLASS_NOT_REGISTERED", WERR_CLASS_NOT_REGISTERED }, { "WERR_NO_SHUTDOWN_IN_PROGRESS", WERR_NO_SHUTDOWN_IN_PROGRESS }, { "WERR_SHUTDOWN_ALREADY_IN_PROGRESS", WERR_SHUTDOWN_ALREADY_IN_PROGRESS }, diff --git a/libcli/util/werror.h b/libcli/util/werror.h index fe819fce5e..0d99c7bb31 100644 --- a/libcli/util/werror.h +++ b/libcli/util/werror.h @@ -136,6 +136,7 @@ typedef uint32_t WERROR; #define WERR_TIME_SKEW W_ERROR(1398) #define WERR_EVENTLOG_FILE_CORRUPT W_ERROR(1500) #define WERR_SERVER_UNAVAILABLE W_ERROR(1722) +#define WERR_NO_TRUST_SAM_ACCOUNT W_ERROR(1787) #define WERR_INVALID_FORM_NAME W_ERROR(1902) #define WERR_INVALID_FORM_SIZE W_ERROR(1903) #define WERR_PASSWORD_MUST_CHANGE W_ERROR(1907) -- cgit From 8d69a6511018390cc11a5020676e7cf14cdb000a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 12:53:00 +0100 Subject: s3-dsgetdcname: fix reply generation (forgot to map nt1 to nt5ex). Guenther --- source3/libsmb/dsgetdcname.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index ff0a8f9808..d8c2b70175 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -1040,6 +1040,8 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, r->data.nt4 = logon1; r->ntver = nt_version; + map_netlogon_samlogon_response(r); + namecache_store(tmp_dc_name, NBT_NAME_SERVER, 1, &ip_list); goto make_reply; -- cgit From 0db0ce4974b7371891472f75080b1da2d5538b07 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 06:42:04 -0800 Subject: Fix bug #5825 - Account locking out doesnt work with an LDAP backend.Based on a problem found by Boyang. Only the pdb_nds backend implements login attempts so this was broken for tdbsam and ldap. Jeremy. --- source3/passdb/pdb_interface.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 2a1024cc56..fcb38b464b 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1150,7 +1150,9 @@ static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, str static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success) { - return NT_STATUS_NOT_IMPLEMENTED; + /* Only the pdb_nds backend implements this, by + * default just return ok. */ + return NT_STATUS_OK; } static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) -- cgit From 66abdaac95f4782e6e4395d3837f213a46afa2a7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 30 Oct 2008 10:54:25 +0100 Subject: netlogon-idl: add netr_ChangeLogEntry. Guenther --- librpc/idl/netlogon.idl | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 0561f5becd..b2ece7bd27 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -958,6 +958,18 @@ interface netlogon /* i'm not at all sure how this call works */ + typedef [public] struct { + uint32 serial_number1; + uint32 serial_number2; + uint32 object_rid; + uint16 flags; + uint8 db_index; + uint8 delta_type; + [value(ndr_size_dom_sid0(&object_sid, ndr->flags))] uint32 sid_size; + [subcontext(0),subcontext_size(sid_size)] dom_sid0 object_sid; + [string,charset(UTF16)] uint16 *object_name; + } netr_ChangeLogEntry; + NTSTATUS netr_DatabaseRedo( [in] [string,charset(UTF16)] uint16 logon_server[], [in] [string,charset(UTF16)] uint16 computername[], -- cgit From bc6cb550ed116191676e04ca9e202c1b2b35d6c4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 3 Nov 2008 13:38:20 +0100 Subject: netlogon-idl: add netr_ChangeLogFlags. Guenther --- librpc/idl/netlogon.idl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index b2ece7bd27..f59436bb27 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -958,11 +958,19 @@ interface netlogon /* i'm not at all sure how this call works */ + typedef [bitmap16bit] bitmap { + NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED = 0x0001, + NETR_CHANGELOG_CHANGED_PASSWORD = 0x0002, + NETR_CHANGELOG_SID_INCLUDED = 0x0004, + NETR_CHANGELOG_NAME_INCLUDED = 0x0008, + NETR_CHANGELOG_FIRST_PROMOTION_OBJ = 0x0010 + } netr_ChangeLogFlags; + typedef [public] struct { uint32 serial_number1; uint32 serial_number2; uint32 object_rid; - uint16 flags; + netr_ChangeLogFlags flags; uint8 db_index; uint8 delta_type; [value(ndr_size_dom_sid0(&object_sid, ndr->flags))] uint32 sid_size; -- cgit From 64fff239e0f378ce76946dc433d58545480d6dc0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 11:34:35 +0100 Subject: netlogon-idl: add netr_ChangeLogObject union. Guenther --- librpc/idl/netlogon.idl | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index f59436bb27..7b68a8b540 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -966,6 +966,12 @@ interface netlogon NETR_CHANGELOG_FIRST_PROMOTION_OBJ = 0x0010 } netr_ChangeLogFlags; + typedef [nodiscriminant] union { + [case(NETR_CHANGELOG_SID_INCLUDED)] dom_sid object_sid; + [case(NETR_CHANGELOG_NAME_INCLUDED)] nstring object_name; + [default]; + } netr_ChangeLogObject; + typedef [public] struct { uint32 serial_number1; uint32 serial_number2; @@ -973,9 +979,7 @@ interface netlogon netr_ChangeLogFlags flags; uint8 db_index; uint8 delta_type; - [value(ndr_size_dom_sid0(&object_sid, ndr->flags))] uint32 sid_size; - [subcontext(0),subcontext_size(sid_size)] dom_sid0 object_sid; - [string,charset(UTF16)] uint16 *object_name; + [switch_is(flags & (NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] netr_ChangeLogObject object; } netr_ChangeLogEntry; NTSTATUS netr_DatabaseRedo( -- cgit From e721e3b7f57bebc0367fa9748db574c428283780 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 11:35:48 +0100 Subject: netlogon-idl: use netr_ChangeLogEntry subcontext in netr_DatabaseRedo. Guenther --- librpc/idl/netlogon.idl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 7b68a8b540..fb26a8e18c 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -972,7 +972,7 @@ interface netlogon [default]; } netr_ChangeLogObject; - typedef [public] struct { + typedef [public,gensize] struct { uint32 serial_number1; uint32 serial_number2; uint32 object_rid; @@ -987,8 +987,8 @@ interface netlogon [in] [string,charset(UTF16)] uint16 computername[], [in] netr_Authenticator *credential, [in,out,ref] netr_Authenticator *return_authenticator, - [in,ref][size_is(change_log_entry_size)] uint8 *change_log_entry, - [in] uint32 change_log_entry_size, + [in] [subcontext(4),subcontext_size(change_log_entry_size)] netr_ChangeLogEntry change_log_entry, + [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry, ndr->flags))] uint32 change_log_entry_size, [out,ref] netr_DELTA_ENUM_ARRAY **delta_enum_array ); -- cgit From c353c53692aa683a619d7c0a0689e71080574c7b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 16:47:38 +0100 Subject: netlogon: add 8bit varients of netr_SamDatabaseID8Bit and netr_DeltaEnum. Guenther --- librpc/idl/misc.idl | 3 +++ librpc/idl/netlogon.idl | 4 +++ librpc/ndr/ndr_netlogon.c | 64 +++++++++++++++++++++++++++++++++++++++++++++++ librpc/ndr/ndr_netlogon.h | 28 +++++++++++++++++++++ source3/Makefile.in | 3 ++- source4/librpc/config.mk | 2 +- 6 files changed, 102 insertions(+), 2 deletions(-) create mode 100644 librpc/ndr/ndr_netlogon.c create mode 100644 librpc/ndr/ndr_netlogon.h diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl index ff548fe804..1182ef1fc2 100644 --- a/librpc/idl/misc.idl +++ b/librpc/idl/misc.idl @@ -2,12 +2,15 @@ miscellaneous IDL structures */ +cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID") [ pointer_default(unique) ] interface misc { + typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit; + typedef [public,noprint,gensize,noejs] struct { uint32 time_low; uint16 time_mid; diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index fb26a8e18c..e3481d4141 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -8,10 +8,13 @@ import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl"; #include "idl_types.h" +cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum") + [ uuid("12345678-1234-abcd-ef00-01234567cffb"), version(1.0), endpoint("ncacn_np:[\\pipe\\netlogon]","ncacn_ip_tcp:","ncalrpc:"), + helper("../librpc/ndr/ndr_netlogon.h"), pointer_default(unique) ] @@ -19,6 +22,7 @@ interface netlogon { typedef bitmap samr_AcctFlags samr_AcctFlags; typedef bitmap samr_GroupAttrs samr_GroupAttrs; + typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit; /*****************/ /* Function 0x00 */ diff --git a/librpc/ndr/ndr_netlogon.c b/librpc/ndr/ndr_netlogon.c new file mode 100644 index 0000000000..61a88c7a47 --- /dev/null +++ b/librpc/ndr/ndr_netlogon.c @@ -0,0 +1,64 @@ +/* + Unix SMB/CIFS implementation. + + routines for marshalling/unmarshalling special netlogon types + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_netlogon.h" +#include "librpc/gen_ndr/ndr_misc.h" + +_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit r) +{ + if (r > 0xff) return NDR_ERR_BUFSIZE; + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit *r) +{ + uint8_t v; + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_SamDatabaseID8Bit(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID8Bit r) +{ + ndr_print_netr_SamDatabaseID(ndr, name, r); +} + +_PUBLIC_ enum ndr_err_code ndr_push_netr_DeltaEnum8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_DeltaEnum8Bit r) +{ + if (r > 0xff) return NDR_ERR_BUFSIZE; + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_DeltaEnum8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_DeltaEnum8Bit *r) +{ + uint8_t v; + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_DeltaEnum8Bit(struct ndr_print *ndr, const char *name, enum netr_DeltaEnum8Bit r) +{ + ndr_print_netr_DeltaEnum(ndr, name, r); +} diff --git a/librpc/ndr/ndr_netlogon.h b/librpc/ndr/ndr_netlogon.h new file mode 100644 index 0000000000..0e6bd6a410 --- /dev/null +++ b/librpc/ndr/ndr_netlogon.h @@ -0,0 +1,28 @@ +/* + Unix SMB/CIFS implementation. + + routines for marshalling/unmarshalling special netlogon types + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit r); +_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit *r); +_PUBLIC_ void ndr_print_netr_SamDatabaseID8Bit(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID8Bit r); + +_PUBLIC_ enum ndr_err_code ndr_push_netr_DeltaEnum8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_DeltaEnum8Bit r); +_PUBLIC_ enum ndr_err_code ndr_pull_netr_DeltaEnum8Bit(struct ndr_pull *ndr, int ndr_flags, enum netr_DeltaEnum8Bit *r); +_PUBLIC_ void ndr_print_netr_DeltaEnum8Bit(struct ndr_print *ndr, const char *name, enum netr_DeltaEnum8Bit r); diff --git a/source3/Makefile.in b/source3/Makefile.in index ce24001fd2..55306f13d6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -278,7 +278,8 @@ RPCCLIENT_NDR_OBJ = rpc_client/ndr.o LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \ librpc/gen_ndr/ndr_lsa.o -LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o +LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o \ + ../librpc/ndr/ndr_netlogon.o LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ $(LIBNDR_GEN_OBJ0) \ diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index b2b9f2e7a7..75a611e4cd 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -299,7 +299,7 @@ NDR_NTSVCS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_ntsvcs.o [SUBSYSTEM::NDR_NETLOGON] PUBLIC_DEPENDENCIES = LIBNDR NDR_SAMR NDR_LSA NDR_SECURITY -NDR_NETLOGON_OBJ_FILES = $(gen_ndrsrcdir)/ndr_netlogon.o +NDR_NETLOGON_OBJ_FILES = $(gen_ndrsrcdir)/ndr_netlogon.o ../librpc/ndr/ndr_netlogon.o PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, gen_ndr/netlogon.h) -- cgit From 7bd12a878bfa6f23522c71083b2d5565c43f5712 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 16:50:39 +0100 Subject: netlogon: use 8bit SamDatabaseID and DeltaEnum in netr_ChangeLogEntry. Guenther --- librpc/idl/netlogon.idl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index e3481d4141..764958937f 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -981,8 +981,8 @@ interface netlogon uint32 serial_number2; uint32 object_rid; netr_ChangeLogFlags flags; - uint8 db_index; - uint8 delta_type; + netr_SamDatabaseID8Bit db_index; + netr_DeltaEnum8Bit delta_type; [switch_is(flags & (NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] netr_ChangeLogObject object; } netr_ChangeLogEntry; -- cgit From 884c3b301cef274e8cc0e3c2beecf9200f5cc564 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 31 Oct 2008 10:05:10 +0100 Subject: s3-build: rerun make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_netlogon.c | 4 +- source3/librpc/gen_ndr/cli_netlogon.h | 4 +- source3/librpc/gen_ndr/misc.h | 3 + source3/librpc/gen_ndr/ndr_netlogon.c | 216 +++++++++++++++++++++++++++++++--- source3/librpc/gen_ndr/ndr_netlogon.h | 7 ++ source3/librpc/gen_ndr/netlogon.h | 29 ++++- 6 files changed, 240 insertions(+), 23 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 275c83a450..1af3249473 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -892,8 +892,8 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, const char *computername /* [in] [charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, - uint32_t change_log_entry_size /* [in] */, + struct netr_ChangeLogEntry change_log_entry /* [in] [subcontext_size(change_log_entry_size),subcontext(4)] */, + uint32_t change_log_entry_size /* [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */, struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */) { struct netr_DatabaseRedo r; diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index 5adf8e8cad..9f5eac15b2 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -158,8 +158,8 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, const char *computername /* [in] [charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, - uint32_t change_log_entry_size /* [in] */, + struct netr_ChangeLogEntry change_log_entry /* [in] [subcontext_size(change_log_entry_size),subcontext(4)] */, + uint32_t change_log_entry_size /* [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */, struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */); NTSTATUS rpccli_netr_LogonControl2Ex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index b3740faf34..e439f7f43d 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -2,9 +2,12 @@ #include +#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_misc #define _HEADER_misc +enum netr_SamDatabaseID8Bit; + struct GUID { uint32_t time_low; uint16_t time_mid; diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index 12ab98e610..6575dbcb91 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -6232,6 +6232,192 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n ndr->depth--; } +static enum ndr_err_code ndr_push_netr_ChangeLogFlags(struct ndr_push *ndr, int ndr_flags, uint16_t r) +{ + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_ChangeLogFlags(struct ndr_pull *ndr, int ndr_flags, uint16_t *r) +{ + uint16_t v; + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogFlags(struct ndr_print *ndr, const char *name, uint16_t r) +{ + ndr_print_uint16(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED", NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_CHANGED_PASSWORD", NETR_CHANGELOG_CHANGED_PASSWORD, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_SID_INCLUDED", NETR_CHANGELOG_SID_INCLUDED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_NAME_INCLUDED", NETR_CHANGELOG_NAME_INCLUDED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_FIRST_PROMOTION_OBJ", NETR_CHANGELOG_FIRST_PROMOTION_OBJ, r); + ndr->depth--; +} + +static enum ndr_err_code ndr_push_netr_ChangeLogObject(struct ndr_push *ndr, int ndr_flags, const union netr_ChangeLogObject *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: { + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->object_sid)); + break; } + + case NETR_CHANGELOG_NAME_INCLUDED: { + { + uint32_t _flags_save_string = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->object_name)); + ndr->flags = _flags_save_string; + } + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->object_sid)); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_ChangeLogObject(struct ndr_pull *ndr, int ndr_flags, union netr_ChangeLogObject *r) +{ + int level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: { + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->object_sid)); + break; } + + case NETR_CHANGELOG_NAME_INCLUDED: { + { + uint32_t _flags_save_string = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->object_name)); + ndr->flags = _flags_save_string; + } + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->object_sid)); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogObject(struct ndr_print *ndr, const char *name, const union netr_ChangeLogObject *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "netr_ChangeLogObject"); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + ndr_print_dom_sid(ndr, "object_sid", &r->object_sid); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + ndr_print_string(ndr, "object_name", r->object_name); + break; + + default: + break; + + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_netr_ChangeLogEntry(struct ndr_push *ndr, int ndr_flags, const struct netr_ChangeLogEntry *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->serial_number1)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->serial_number2)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->object_rid)); + NDR_CHECK(ndr_push_netr_ChangeLogFlags(ndr, NDR_SCALARS, r->flags)); + NDR_CHECK(ndr_push_netr_SamDatabaseID8Bit(ndr, NDR_SCALARS, r->db_index)); + NDR_CHECK(ndr_push_netr_DeltaEnum8Bit(ndr, NDR_SCALARS, r->delta_type)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED))); + NDR_CHECK(ndr_push_netr_ChangeLogObject(ndr, NDR_SCALARS, &r->object)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_netr_ChangeLogObject(ndr, NDR_BUFFERS, &r->object)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_ChangeLogEntry(struct ndr_pull *ndr, int ndr_flags, struct netr_ChangeLogEntry *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number1)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->object_rid)); + NDR_CHECK(ndr_pull_netr_ChangeLogFlags(ndr, NDR_SCALARS, &r->flags)); + NDR_CHECK(ndr_pull_netr_SamDatabaseID8Bit(ndr, NDR_SCALARS, &r->db_index)); + NDR_CHECK(ndr_pull_netr_DeltaEnum8Bit(ndr, NDR_SCALARS, &r->delta_type)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED))); + NDR_CHECK(ndr_pull_netr_ChangeLogObject(ndr, NDR_SCALARS, &r->object)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_netr_ChangeLogObject(ndr, NDR_BUFFERS, &r->object)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogEntry(struct ndr_print *ndr, const char *name, const struct netr_ChangeLogEntry *r) +{ + ndr_print_struct(ndr, name, "netr_ChangeLogEntry"); + ndr->depth++; + ndr_print_uint32(ndr, "serial_number1", r->serial_number1); + ndr_print_uint32(ndr, "serial_number2", r->serial_number2); + ndr_print_uint32(ndr, "object_rid", r->object_rid); + ndr_print_netr_ChangeLogFlags(ndr, "flags", r->flags); + ndr_print_netr_SamDatabaseID8Bit(ndr, "db_index", r->db_index); + ndr_print_netr_DeltaEnum8Bit(ndr, "delta_type", r->delta_type); + ndr_print_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED)); + ndr_print_netr_ChangeLogObject(ndr, "object", &r->object); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_netr_ChangeLogEntry(const struct netr_ChangeLogEntry *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_netr_ChangeLogEntry); +} + static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r) { if (ndr_flags & NDR_SCALARS) { @@ -11307,12 +11493,13 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.return_authenticator)); - if (r->in.change_log_entry == NULL) { - return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + { + struct ndr_push *_ndr_change_log_entry; + NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_change_log_entry, 4, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); + NDR_CHECK(ndr_push_netr_ChangeLogEntry(_ndr_change_log_entry, NDR_SCALARS|NDR_BUFFERS, &r->in.change_log_entry)); + NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_change_log_entry, 4, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.change_log_entry_size)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->in.change_log_entry, r->in.change_log_entry_size)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.change_log_entry_size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); } if (flags & NDR_OUT) { if (r->out.return_authenticator == NULL) { @@ -11369,19 +11556,17 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.return_authenticator, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.return_authenticator)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_array_size(ndr, &r->in.change_log_entry)); - if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.change_log_entry, ndr_get_array_size(ndr, &r->in.change_log_entry)); + { + struct ndr_pull *_ndr_change_log_entry; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_change_log_entry, 4, r->in.change_log_entry_size)); + NDR_CHECK(ndr_pull_netr_ChangeLogEntry(_ndr_change_log_entry, NDR_SCALARS|NDR_BUFFERS, &r->in.change_log_entry)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_change_log_entry, 4, r->in.change_log_entry_size)); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.change_log_entry, ndr_get_array_size(ndr, &r->in.change_log_entry))); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.change_log_entry_size)); NDR_PULL_ALLOC(ndr, r->out.return_authenticator); *r->out.return_authenticator = *r->in.return_authenticator; NDR_PULL_ALLOC(ndr, r->out.delta_enum_array); ZERO_STRUCTP(r->out.delta_enum_array); - if (r->in.change_log_entry) { - NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.change_log_entry, r->in.change_log_entry_size)); - } } if (flags & NDR_OUT) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -11434,11 +11619,8 @@ _PUBLIC_ void ndr_print_netr_DatabaseRedo(struct ndr_print *ndr, const char *nam ndr->depth++; ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator); ndr->depth--; - ndr_print_ptr(ndr, "change_log_entry", r->in.change_log_entry); - ndr->depth++; - ndr_print_array_uint8(ndr, "change_log_entry", r->in.change_log_entry, r->in.change_log_entry_size); - ndr->depth--; - ndr_print_uint32(ndr, "change_log_entry_size", r->in.change_log_entry_size); + ndr_print_netr_ChangeLogEntry(ndr, "change_log_entry", &r->in.change_log_entry); + ndr_print_uint32(ndr, "change_log_entry_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags):r->in.change_log_entry_size); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h index 8561a5b5ca..be20448636 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.h +++ b/source3/librpc/gen_ndr/ndr_netlogon.h @@ -6,6 +6,7 @@ #ifndef _HEADER_NDR_netlogon #define _HEADER_NDR_netlogon +#include "../librpc/ndr/ndr_netlogon.h" #define NDR_NETLOGON_UUID "12345678-1234-abcd-ef00-01234567cffb" #define NDR_NETLOGON_VERSION 1.0 #define NDR_NETLOGON_NAME "netlogon" @@ -190,6 +191,12 @@ void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r); void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r); void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r); +void ndr_print_netr_ChangeLogFlags(struct ndr_print *ndr, const char *name, uint16_t r); +void ndr_print_netr_ChangeLogObject(struct ndr_print *ndr, const char *name, const union netr_ChangeLogObject *r); +enum ndr_err_code ndr_push_netr_ChangeLogEntry(struct ndr_push *ndr, int ndr_flags, const struct netr_ChangeLogEntry *r); +enum ndr_err_code ndr_pull_netr_ChangeLogEntry(struct ndr_pull *ndr, int ndr_flags, struct netr_ChangeLogEntry *r); +void ndr_print_netr_ChangeLogEntry(struct ndr_print *ndr, const char *name, const struct netr_ChangeLogEntry *r); +size_t ndr_size_netr_ChangeLogEntry(const struct netr_ChangeLogEntry *r, int flags); void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r); void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index fd9e08b461..e1dc69cca0 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -7,11 +7,14 @@ #include "librpc/gen_ndr/samr.h" #include "librpc/gen_ndr/security.h" #include "librpc/gen_ndr/nbt.h" +#define netr_DeltaEnum8Bit netr_DeltaEnum #ifndef _HEADER_netlogon #define _HEADER_netlogon #define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) ) #define DS_GFTI_UPDATE_TDO ( 0x1 ) +enum netr_DeltaEnum8Bit; + struct netr_UasInfo { const char *account_name;/* [unique,charset(UTF16)] */ uint32_t priv; @@ -712,6 +715,28 @@ union netr_CONTROL_DATA_INFORMATION { #define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 ) #define NETLOGON_NEG_SCHANNEL ( 0x40000000 ) +/* bitmap netr_ChangeLogFlags */ +#define NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED ( 0x0001 ) +#define NETR_CHANGELOG_CHANGED_PASSWORD ( 0x0002 ) +#define NETR_CHANGELOG_SID_INCLUDED ( 0x0004 ) +#define NETR_CHANGELOG_NAME_INCLUDED ( 0x0008 ) +#define NETR_CHANGELOG_FIRST_PROMOTION_OBJ ( 0x0010 ) + +union netr_ChangeLogObject { + struct dom_sid object_sid;/* [case(NETR_CHANGELOG_SID_INCLUDED)] */ + const char * object_name;/* [flag(LIBNDR_FLAG_STR_NULLTERM),case(NETR_CHANGELOG_NAME_INCLUDED)] */ +}/* [nodiscriminant] */; + +struct netr_ChangeLogEntry { + uint32_t serial_number1; + uint32_t serial_number2; + uint32_t object_rid; + uint16_t flags; + enum netr_SamDatabaseID8Bit db_index; + enum netr_DeltaEnum8Bit delta_type; + union netr_ChangeLogObject object;/* [switch_is(flags&(NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] */ +}/* [gensize,public] */; + struct netr_Blob { uint32_t length; uint8_t *data;/* [unique,size_is(length)] */ @@ -1252,8 +1277,8 @@ struct netr_DatabaseRedo { const char *logon_server;/* [charset(UTF16)] */ const char *computername;/* [charset(UTF16)] */ struct netr_Authenticator *credential;/* [ref] */ - uint8_t *change_log_entry;/* [ref,size_is(change_log_entry_size)] */ - uint32_t change_log_entry_size; + struct netr_ChangeLogEntry change_log_entry;/* [subcontext_size(change_log_entry_size),subcontext(4)] */ + uint32_t change_log_entry_size;/* [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */ struct netr_Authenticator *return_authenticator;/* [ref] */ } in; -- cgit From 008ac81b31455b1fad2f0c724e86c0848d452f0f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 31 Oct 2008 10:00:28 +0100 Subject: s3-rpcclient: add database_redo command. Guenther --- source3/rpcclient/cmd_netlogon.c | 67 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 9e3f35545c..9955d2d3fa 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -1040,6 +1040,72 @@ static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli, return werr; } +static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + const char *server_name = cli->desthost; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct netr_Authenticator clnt_creds, srv_cred; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + unsigned char trust_passwd_hash[16]; + uint32_t sec_channel_type = 0; + struct netr_ChangeLogEntry e; + uint32_t rid = 500; + + if (argc > 2) { + fprintf(stderr, "Usage: %s \n", argv[0]); + return NT_STATUS_OK; + } + + if (argc == 2) { + sscanf(argv[1], "%d", &rid); + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd_hash, + NULL, &sec_channel_type)) { + return NT_STATUS_UNSUCCESSFUL; + } + + status = rpccli_netlogon_setup_creds(cli, + server_name, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + ZERO_STRUCT(e); + + e.object_rid = rid; + e.db_index = SAM_DATABASE_DOMAIN; + e.delta_type = NETR_DELTA_USER; + + status = rpccli_netr_DatabaseRedo(cli, mem_ctx, + server_name, + global_myname(), + &clnt_creds, + &srv_cred, + e, + 0, /* is calculated automatically */ + &delta_enum_array); + + if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return status; +} /* List of commands exported by this module */ @@ -1067,6 +1133,7 @@ struct cmd_set netlogon_commands[] = { { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" }, { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" }, { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon.syntax_id, NULL, "Get the Site-Coverage from a DC", "" }, + { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon.syntax_id, NULL, "Replicate single object from a DC", "" }, { NULL } }; -- cgit From db26f7b7c49b6d4254ce5da7097e062b7dbd0409 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 30 Oct 2008 10:54:59 +0100 Subject: s4-smbtorture: add test for netr_DatabaseRedo. Guenther --- source4/torture/rpc/netlogon.c | 535 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 535 insertions(+) diff --git a/source4/torture/rpc/netlogon.c b/source4/torture/rpc/netlogon.c index 96cab0bf02..953f9d126d 100644 --- a/source4/torture/rpc/netlogon.c +++ b/source4/torture/rpc/netlogon.c @@ -32,8 +32,10 @@ #include "../lib/crypto/crypto.h" #include "libcli/auth/libcli_auth.h" #include "librpc/gen_ndr/ndr_netlogon_c.h" +#include "librpc/gen_ndr/ndr_netlogon.h" #include "librpc/gen_ndr/ndr_lsa_c.h" #include "param/param.h" +#include "libcli/security/security.h" #define TEST_MACHINE_NAME "torturetest" @@ -831,6 +833,538 @@ static bool test_DatabaseDeltas(struct torture_context *tctx, return true; } +static bool test_DatabaseRedo(struct torture_context *tctx, + struct dcerpc_pipe *p, + struct cli_credentials *machine_credentials) +{ + NTSTATUS status; + struct netr_DatabaseRedo r; + struct creds_CredentialState *creds; + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + struct netr_ChangeLogEntry e; + struct dom_sid null_sid, *sid; + int i,d; + + ZERO_STRUCT(null_sid); + + sid = dom_sid_parse_talloc(tctx, "S-1-5-21-1111111111-2222222222-333333333-500"); + + { + + struct { + uint32_t rid; + uint16_t flags; + uint8_t db_index; + uint8_t delta_type; + struct dom_sid sid; + const char *name; + NTSTATUS expected_error; + uint32_t expected_num_results; + uint8_t expected_delta_type_1; + uint8_t expected_delta_type_2; + const char *comment; + } changes[] = { + + /* SAM_DATABASE_DOMAIN */ + + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_MODIFY_COUNT, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, + .expected_num_results = 0, + .comment = "NETR_DELTA_MODIFY_COUNT" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = 0, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DOMAIN, + .comment = "NULL DELTA" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_DOMAIN, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DOMAIN, + .comment = "NETR_DELTA_DOMAIN" + }, + { + .rid = DOMAIN_RID_ADMINISTRATOR, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_USER, + .comment = "NETR_DELTA_USER by rid 500" + }, + { + .rid = DOMAIN_RID_GUEST, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_USER, + .comment = "NETR_DELTA_USER by rid 501" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_USER, + .sid = *sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_USER, + .comment = "NETR_DELTA_USER by sid and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_USER, + .comment = "NETR_DELTA_USER by null_sid and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_NAME_INCLUDED, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = "administrator", + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_USER, + .comment = "NETR_DELTA_USER by name 'administrator'" + }, + { + .rid = DOMAIN_RID_ADMINS, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_GROUP, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 2, + .expected_delta_type_1 = NETR_DELTA_GROUP, + .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER, + .comment = "NETR_DELTA_GROUP by rid 512" + }, + { + .rid = DOMAIN_RID_ADMINS, + .flags = 0, + .db_index = SAM_DATABASE_DOMAIN, + .delta_type = NETR_DELTA_GROUP_MEMBER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 2, + .expected_delta_type_1 = NETR_DELTA_GROUP, + .expected_delta_type_2 = NETR_DELTA_GROUP_MEMBER, + .comment = "NETR_DELTA_GROUP_MEMBER by rid 512" + }, + + + /* SAM_DATABASE_BUILTIN */ + + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_MODIFY_COUNT, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, + .expected_num_results = 0, + .comment = "NETR_DELTA_MODIFY_COUNT" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_DOMAIN, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DOMAIN, + .comment = "NETR_DELTA_DOMAIN" + }, + { + .rid = DOMAIN_RID_ADMINISTRATOR, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_USER, + .comment = "NETR_DELTA_USER by rid 500" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_USER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_USER, + .comment = "NETR_DELTA_USER" + }, + { + .rid = 544, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_ALIAS, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 2, + .expected_delta_type_1 = NETR_DELTA_ALIAS, + .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER, + .comment = "NETR_DELTA_ALIAS by rid 544" + }, + { + .rid = 544, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_ALIAS_MEMBER, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 2, + .expected_delta_type_1 = NETR_DELTA_ALIAS, + .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER, + .comment = "NETR_DELTA_ALIAS_MEMBER by rid 544" + }, + { + .rid = 544, + .flags = 0, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = 0, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DOMAIN, + .comment = "NULL DELTA by rid 544" + }, + { + .rid = 544, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = 0, + .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DOMAIN, + .comment = "NULL DELTA by rid 544 sid S-1-5-32-544 and flags" + }, + { + .rid = 544, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_ALIAS, + .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 2, + .expected_delta_type_1 = NETR_DELTA_ALIAS, + .expected_delta_type_2 = NETR_DELTA_ALIAS_MEMBER, + .comment = "NETR_DELTA_ALIAS by rid 544 and sid S-1-5-32-544 and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_BUILTIN, + .delta_type = NETR_DELTA_ALIAS, + .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32-544"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_ALIAS, + .comment = "NETR_DELTA_ALIAS by sid S-1-5-32-544 and flags" + }, + + /* SAM_DATABASE_PRIVS */ + + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = 0, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_ACCESS_DENIED, + .expected_num_results = 0, + .comment = "NULL DELTA" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_MODIFY_COUNT, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, + .expected_num_results = 0, + .comment = "NETR_DELTA_MODIFY_COUNT" + }, + { + .rid = 0, + .flags = 0, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_POLICY, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_POLICY, + .comment = "NETR_DELTA_POLICY" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_POLICY, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_POLICY, + .comment = "NETR_DELTA_POLICY by null sid and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_POLICY, + .sid = *dom_sid_parse_talloc(tctx, "S-1-5-32"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_POLICY, + .comment = "NETR_DELTA_POLICY by sid S-1-5-32 and flags" + }, + { + .rid = DOMAIN_RID_ADMINISTRATOR, + .flags = 0, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_ACCOUNT, + .sid = null_sid, + .name = NULL, + .expected_error = NT_STATUS_SYNCHRONIZATION_REQUIRED, /* strange */ + .expected_num_results = 0, + .comment = "NETR_DELTA_ACCOUNT by rid 500" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_ACCOUNT, + .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_ACCOUNT, + .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED | + NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_ACCOUNT, + .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"), + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_ACCOUNT, + .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and 2 flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_SID_INCLUDED | + NETR_CHANGELOG_NAME_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_ACCOUNT, + .sid = *dom_sid_parse_talloc(tctx, "S-1-1-0"), + .name = NULL, + .expected_error = NT_STATUS_INVALID_PARAMETER, + .expected_num_results = 0, + .comment = "NETR_DELTA_ACCOUNT by sid S-1-1-0 and invalid flags" + }, + { + .rid = DOMAIN_RID_ADMINISTRATOR, + .flags = NETR_CHANGELOG_SID_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_ACCOUNT, + .sid = *sid, + .name = NULL, + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_ACCOUNT, + .comment = "NETR_DELTA_ACCOUNT by rid 500, sid and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_NAME_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_SECRET, + .sid = null_sid, + .name = "IsurelydontexistIhope", + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_DELETE_SECRET, + .comment = "NETR_DELTA_SECRET by name 'IsurelydontexistIhope' and flags" + }, + { + .rid = 0, + .flags = NETR_CHANGELOG_NAME_INCLUDED, + .db_index = SAM_DATABASE_PRIVS, + .delta_type = NETR_DELTA_SECRET, + .sid = null_sid, + .name = "G$BCKUPKEY_P", + .expected_error = NT_STATUS_OK, + .expected_num_results = 1, + .expected_delta_type_1 = NETR_DELTA_SECRET, + .comment = "NETR_DELTA_SECRET by name 'G$BCKUPKEY_P' and flags" + } + }; + + ZERO_STRUCT(return_authenticator); + + r.in.logon_server = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p)); + r.in.computername = TEST_MACHINE_NAME; + r.in.return_authenticator = &return_authenticator; + r.out.return_authenticator = &return_authenticator; + r.out.delta_enum_array = &delta_enum_array; + + for (d=0; d<3; d++) { + + const char *database; + + switch (d) { + case 0: + database = "SAM"; + break; + case 1: + database = "BUILTIN"; + break; + case 2: + database = "LSA"; + break; + default: + break; + } + + torture_comment(tctx, "Testing DatabaseRedo\n"); + + if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) { + return false; + } + + for (i=0;inum_deltas, + changes[i].expected_num_results, + changes[i].comment); + if (delta_enum_array->num_deltas > 0) { + torture_assert_int_equal(tctx, + delta_enum_array->delta_enum[0].delta_type, + changes[i].expected_delta_type_1, + changes[i].comment); + } + if (delta_enum_array->num_deltas > 1) { + torture_assert_int_equal(tctx, + delta_enum_array->delta_enum[1].delta_type, + changes[i].expected_delta_type_2, + changes[i].comment); + } + } + + if (!creds_client_check(creds, &return_authenticator.cred)) { + torture_comment(tctx, "Credential chaining failed\n"); + if (!test_SetupCredentials(p, tctx, machine_credentials, &creds)) { + return false; + } + } + } + } + } + + return true; +} /* try a netlogon AccountDeltas @@ -1761,6 +2295,7 @@ struct torture_suite *torture_rpc_netlogon(TALLOC_CTX *mem_ctx) torture_rpc_tcase_add_test_creds(tcase, "GetDomainInfo", test_GetDomainInfo); torture_rpc_tcase_add_test_creds(tcase, "DatabaseSync", test_DatabaseSync); torture_rpc_tcase_add_test_creds(tcase, "DatabaseDeltas", test_DatabaseDeltas); + torture_rpc_tcase_add_test_creds(tcase, "DatabaseRedo", test_DatabaseRedo); torture_rpc_tcase_add_test_creds(tcase, "AccountDeltas", test_AccountDeltas); torture_rpc_tcase_add_test_creds(tcase, "AccountSync", test_AccountSync); torture_rpc_tcase_add_test(tcase, "GetDcName", test_GetDcName); -- cgit From 32695912dd3ed7c02da68209328d630c89d395ba Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 6 Nov 2008 15:07:07 -0500 Subject: mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog The util-linux-ng sources have a good, but rather complex scheme for locking the mtab before updating it. Mount helpers need to follow the same scheme. Advisory locking only works if everyone is using the same locking scheme. Copy the routines we need from util-linux-ng into a separate source file and then have mount.cifs and umount.cifs link in this object. The long term goal is to have these routines in a separate helper library (libmount). Mount helpers can then dynamically link in that lib. Until that happens, this should serve as a suitable stopgap solution. Signed-off-by: Jeff Layton --- source3/Makefile.in | 4 +- source3/client/mount.cifs.c | 97 +++++++++---------- source3/client/mount.h | 38 ++++++++ source3/client/mtab.c | 219 +++++++++++++++++++++++++++++++++++++++++++ source3/client/umount.cifs.c | 22 +---- 5 files changed, 311 insertions(+), 69 deletions(-) create mode 100644 source3/client/mount.h create mode 100644 source3/client/mtab.c diff --git a/source3/Makefile.in b/source3/Makefile.in index 55306f13d6..4f757e9ebf 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -904,9 +904,9 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ $(LIBNDR_GEN_OBJ0) -CIFS_MOUNT_OBJ = client/mount.cifs.o +CIFS_MOUNT_OBJ = client/mount.cifs.o client/mtab.o -CIFS_UMOUNT_OBJ = client/umount.cifs.o +CIFS_UMOUNT_OBJ = client/umount.cifs.o client/mtab.o CIFS_UPCALL_OBJ = client/cifs.upcall.o diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index 2a9c2b7304..da2f98bff8 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -39,9 +39,10 @@ #include #include #include +#include "mount.h" #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "11" +#define MOUNT_CIFS_VERSION_MINOR "12" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #ifdef _SAMBA_BUILD_ @@ -79,15 +80,6 @@ #define MOUNT_PASSWD_SIZE 64 #define DOMAIN_SIZE 64 -/* exit status - bits below are ORed */ -#define EX_USAGE 1 /* incorrect invocation or permission */ -#define EX_SYSERR 2 /* out of memory, cannot fork, ... */ -#define EX_SOFTWARE 4 /* internal mount bug or wrong version */ -#define EX_USER 8 /* user interrupt */ -#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */ -#define EX_FAIL 32 /* mount failure */ -#define EX_SOMEOK 64 /* some mount succeeded */ - const char *thisprogram; int verboseflag = 0; static int got_password = 0; @@ -1424,48 +1416,57 @@ mount_retry: printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); rc = EX_FAIL; } else { + atexit(unlock_mtab); + rc = lock_mtab(); + if (rc) { + printf("cannot lock mtab"); + goto mount_exit; + } pmntfile = setmntent(MOUNTED, "a+"); - if(pmntfile) { - mountent.mnt_fsname = dev_name; - mountent.mnt_dir = mountpoint; - mountent.mnt_type = CONST_DISCARD(char *,"cifs"); - mountent.mnt_opts = (char *)malloc(220); - if(mountent.mnt_opts) { - char * mount_user = getusername(); - memset(mountent.mnt_opts,0,200); - if(flags & MS_RDONLY) - strlcat(mountent.mnt_opts,"ro",220); - else - strlcat(mountent.mnt_opts,"rw",220); - if(flags & MS_MANDLOCK) - strlcat(mountent.mnt_opts,",mand",220); - if(flags & MS_NOEXEC) - strlcat(mountent.mnt_opts,",noexec",220); - if(flags & MS_NOSUID) - strlcat(mountent.mnt_opts,",nosuid",220); - if(flags & MS_NODEV) - strlcat(mountent.mnt_opts,",nodev",220); - if(flags & MS_SYNCHRONOUS) - strlcat(mountent.mnt_opts,",synch",220); - if(mount_user) { - if(getuid() != 0) { - strlcat(mountent.mnt_opts,",user=",220); - strlcat(mountent.mnt_opts,mount_user,220); - } - /* free(mount_user); do not free static mem */ - } - } - mountent.mnt_freq = 0; - mountent.mnt_passno = 0; - rc = addmntent(pmntfile,&mountent); - endmntent(pmntfile); - SAFE_FREE(mountent.mnt_opts); - if (rc) - rc = EX_FILEIO; - } else { + if (!pmntfile) { printf("could not update mount table\n"); + unlock_mtab(); rc = EX_FILEIO; + goto mount_exit; } + mountent.mnt_fsname = dev_name; + mountent.mnt_dir = mountpoint; + mountent.mnt_type = CONST_DISCARD(char *,"cifs"); + mountent.mnt_opts = (char *)malloc(220); + if(mountent.mnt_opts) { + char * mount_user = getusername(); + memset(mountent.mnt_opts,0,200); + if(flags & MS_RDONLY) + strlcat(mountent.mnt_opts,"ro",220); + else + strlcat(mountent.mnt_opts,"rw",220); + if(flags & MS_MANDLOCK) + strlcat(mountent.mnt_opts,",mand",220); + if(flags & MS_NOEXEC) + strlcat(mountent.mnt_opts,",noexec",220); + if(flags & MS_NOSUID) + strlcat(mountent.mnt_opts,",nosuid",220); + if(flags & MS_NODEV) + strlcat(mountent.mnt_opts,",nodev",220); + if(flags & MS_SYNCHRONOUS) + strlcat(mountent.mnt_opts,",sync",220); + if(mount_user) { + if(getuid() != 0) { + strlcat(mountent.mnt_opts, + ",user=", 220); + strlcat(mountent.mnt_opts, + mount_user, 220); + } + } + } + mountent.mnt_freq = 0; + mountent.mnt_passno = 0; + rc = addmntent(pmntfile,&mountent); + endmntent(pmntfile); + unlock_mtab(); + SAFE_FREE(mountent.mnt_opts); + if (rc) + rc = EX_FILEIO; } mount_exit: if(mountpassword) { diff --git a/source3/client/mount.h b/source3/client/mount.h new file mode 100644 index 0000000000..23ea4f0cbd --- /dev/null +++ b/source3/client/mount.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2008 Jeff Layton (jlayton@samba.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* most of this info was taken from the util-linux-ng sources */ + +#ifndef _MOUNT_H_ +#define _MOUNT_H_ + +/* exit status - bits below are ORed */ +#define EX_USAGE 1 /* incorrect invocation or permission */ +#define EX_SYSERR 2 /* out of memory, cannot fork, ... */ +#define EX_SOFTWARE 4 /* internal mount bug or wrong version */ +#define EX_USER 8 /* user interrupt */ +#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */ +#define EX_FAIL 32 /* mount failure */ +#define EX_SOMEOK 64 /* some mount succeeded */ + +#define _PATH_MOUNTED_LOCK _PATH_MOUNTED "~" +#define _PATH_MOUNTED_TMP _PATH_MOUNTED ".tmp" + +extern int lock_mtab(void); +extern void unlock_mtab(void); + +#endif /* ! _MOUNT_H_ */ diff --git a/source3/client/mtab.c b/source3/client/mtab.c new file mode 100644 index 0000000000..93fbd11359 --- /dev/null +++ b/source3/client/mtab.c @@ -0,0 +1,219 @@ +/* + * mtab locking routines for use with mount.cifs and umount.cifs + * Copyright (C) 2008 Jeff Layton (jlayton@samba.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . +*/ + +/* + * This code was copied from the util-linux-ng sources and modified: + * + * git://git.kernel.org/pub/scm/utils/util-linux-ng/util-linux-ng.git + * + * ...specifically from mount/fstab.c. That file has no explicit license. The + * "default" license for anything in that tree is apparently GPLv2+, so I + * believe we're OK to copy it here. + * + * Jeff Layton + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "mount.h" + + +/* Updating mtab ----------------------------------------------*/ + +/* Flag for already existing lock file. */ +static int we_created_lockfile = 0; +static int lockfile_fd = -1; + +/* Flag to indicate that signals have been set up. */ +static int signals_have_been_setup = 0; + +static void +handler (int sig) { + exit(EX_USER); +} + +static void +setlkw_timeout (int sig) { + /* nothing, fcntl will fail anyway */ +} + +/* Remove lock file. */ +void +unlock_mtab (void) { + if (we_created_lockfile) { + close(lockfile_fd); + lockfile_fd = -1; + unlink (_PATH_MOUNTED_LOCK); + we_created_lockfile = 0; + } +} + +/* Create the lock file. + The lock file will be removed if we catch a signal or when we exit. */ +/* The old code here used flock on a lock file /etc/mtab~ and deleted + this lock file afterwards. However, as rgooch remarks, that has a + race: a second mount may be waiting on the lock and proceed as + soon as the lock file is deleted by the first mount, and immediately + afterwards a third mount comes, creates a new /etc/mtab~, applies + flock to that, and also proceeds, so that the second and third mount + now both are scribbling in /etc/mtab. + The new code uses a link() instead of a creat(), where we proceed + only if it was us that created the lock, and hence we always have + to delete the lock afterwards. Now the use of flock() is in principle + superfluous, but avoids an arbitrary sleep(). */ + +/* Where does the link point to? Obvious choices are mtab and mtab~~. + HJLu points out that the latter leads to races. Right now we use + mtab~. instead. Use 20 as upper bound for the length of %d. */ +#define MOUNTLOCK_LINKTARGET _PATH_MOUNTED_LOCK "%d" +#define MOUNTLOCK_LINKTARGET_LTH (sizeof(_PATH_MOUNTED_LOCK)+20) + +/* + * The original mount locking code has used sleep(1) between attempts and + * maximal number of attemps has been 5. + * + * There was very small number of attempts and extremely long waiting (1s) + * that is useless on machines with large number of concurret mount processes. + * + * Now we wait few thousand microseconds between attempts and we have global + * time limit (30s) rather than limit for number of attempts. The advantage + * is that this method also counts time which we spend in fcntl(F_SETLKW) and + * number of attempts is not so much restricted. + * + * -- kzak@redhat.com [2007-Mar-2007] + */ + +/* maximum seconds between first and last attempt */ +#define MOUNTLOCK_MAXTIME 30 + +/* sleep time (in microseconds, max=999999) between attempts */ +#define MOUNTLOCK_WAITTIME 5000 + +int +lock_mtab (void) { + int i; + struct timespec waittime; + struct timeval maxtime; + char linktargetfile[MOUNTLOCK_LINKTARGET_LTH]; + + if (!signals_have_been_setup) { + int sig = 0; + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = 0; + sigfillset (&sa.sa_mask); + + while (sigismember (&sa.sa_mask, ++sig) != -1 + && sig != SIGCHLD) { + if (sig == SIGALRM) + sa.sa_handler = setlkw_timeout; + else + sa.sa_handler = handler; + sigaction (sig, &sa, (struct sigaction *) 0); + } + signals_have_been_setup = 1; + } + + sprintf(linktargetfile, MOUNTLOCK_LINKTARGET, getpid ()); + + i = open (linktargetfile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR); + if (i < 0) { + /* linktargetfile does not exist (as a file) + and we cannot create it. Read-only filesystem? + Too many files open in the system? + Filesystem full? */ + return EX_FILEIO; + } + close(i); + + gettimeofday(&maxtime, NULL); + maxtime.tv_sec += MOUNTLOCK_MAXTIME; + + waittime.tv_sec = 0; + waittime.tv_nsec = (1000 * MOUNTLOCK_WAITTIME); + + /* Repeat until it was us who made the link */ + while (!we_created_lockfile) { + struct timeval now; + struct flock flock; + int errsv, j; + + j = link(linktargetfile, _PATH_MOUNTED_LOCK); + errsv = errno; + + if (j == 0) + we_created_lockfile = 1; + + if (j < 0 && errsv != EEXIST) { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + + lockfile_fd = open (_PATH_MOUNTED_LOCK, O_WRONLY); + + if (lockfile_fd < 0) { + /* Strange... Maybe the file was just deleted? */ + gettimeofday(&now, NULL); + if (errno == ENOENT && now.tv_sec < maxtime.tv_sec) { + we_created_lockfile = 0; + continue; + } + (void) unlink(linktargetfile); + return EX_FILEIO; + } + + flock.l_type = F_WRLCK; + flock.l_whence = SEEK_SET; + flock.l_start = 0; + flock.l_len = 0; + + if (j == 0) { + /* We made the link. Now claim the lock. If we can't + * get it, continue anyway + */ + fcntl (lockfile_fd, F_SETLK, &flock); + (void) unlink(linktargetfile); + } else { + /* Someone else made the link. Wait. */ + gettimeofday(&now, NULL); + if (now.tv_sec < maxtime.tv_sec) { + alarm(maxtime.tv_sec - now.tv_sec); + if (fcntl (lockfile_fd, F_SETLKW, &flock) == -1) { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + alarm(0); + nanosleep(&waittime, NULL); + } else { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + close(lockfile_fd); + } + } + return 0; +} + diff --git a/source3/client/umount.cifs.c b/source3/client/umount.cifs.c index 3e2415ad00..aff7cea397 100644 --- a/source3/client/umount.cifs.c +++ b/source3/client/umount.cifs.c @@ -33,9 +33,10 @@ #include #include #include +#include "mount.h" #define UNMOUNT_CIFS_VERSION_MAJOR "0" -#define UNMOUNT_CIFS_VERSION_MINOR "5" +#define UNMOUNT_CIFS_VERSION_MINOR "6" #ifndef UNMOUNT_CIFS_VENDOR_SUFFIX #ifdef _SAMBA_BUILD_ @@ -137,24 +138,6 @@ static int umount_check_perm(char * dir) return rc; } -static int lock_mtab(void) -{ - int rc; - - rc = mknod(MOUNTED_LOCK , 0600, 0); - if(rc == -1) - printf("\ngetting lock file %s failed with %s\n",MOUNTED_LOCK, - strerror(errno)); - - return rc; - -} - -static void unlock_mtab(void) -{ - unlink(MOUNTED_LOCK); -} - static int remove_from_mtab(char * mountpoint) { int rc; @@ -168,6 +151,7 @@ static int remove_from_mtab(char * mountpoint) /* Do we first need to check if it is writable? */ + atexit(unlock_mtab); if (lock_mtab()) { printf("Mount table locked\n"); return -EACCES; -- cgit From 1a60fc02d8dce6ce7bfc8488286f3f3104a69984 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 29 Oct 2008 12:05:10 +0100 Subject: librpc/idl: Add named_pipe_auth.idl to Samba4 metze --- librpc/idl/named_pipe_auth.idl | 44 ++++++++++++++++++++++++++++++++++++++++++ source4/librpc/config.mk | 7 ++++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 librpc/idl/named_pipe_auth.idl diff --git a/librpc/idl/named_pipe_auth.idl b/librpc/idl/named_pipe_auth.idl new file mode 100644 index 0000000000..7d85eba9eb --- /dev/null +++ b/librpc/idl/named_pipe_auth.idl @@ -0,0 +1,44 @@ +#include "idl_types.h" +/* + miscellaneous IDL structures +*/ + +import "netlogon.idl"; + +[ + pointer_default(unique) +] +interface named_pipe_auth +{ + const char *NAMED_PIPE_AUTH_MAGIC = "NPAM"; + + typedef [switch_type(uint32)] union { + [case(0)] ;/* anonymous */ + [case(1)] netr_SamInfo3 info1; + } named_pipe_auth_req_info; + + typedef [public,gensize] struct { + [flag(NDR_BIG_ENDIAN), + value(ndr_size_named_pipe_auth_req(r,ndr->flags)-4)] + uint32 length; + [charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4]; + uint32 level; + [switch_is(level)] named_pipe_auth_req_info info; + } named_pipe_auth_req; + + typedef [switch_type(uint32)] union { + [case(0)] ; + [case(1)] ; + } named_pipe_auth_rep_info; + + typedef [public,gensize] struct { + [flag(NDR_BIG_ENDIAN), + value(ndr_size_named_pipe_auth_rep(r,ndr->flags)-4)] + uint32 length; + [charset(DOS),value(NAMED_PIPE_AUTH_MAGIC)] uint8 magic[4]; + uint32 level; + [switch_is(level)] named_pipe_auth_rep_info info; + NTSTATUS status; + } named_pipe_auth_rep; +} + diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 75a611e4cd..fb0ee6f816 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -60,6 +60,11 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_AUDIOSRV_OBJ_FILES = $(gen_ndrsrcdir)/ndr_audiosrv.o +[SUBSYSTEM::NDR_NAMED_PIPE_AUTH] +PUBLIC_DEPENDENCIES = LIBNDR + +NDR_NAMED_PIPE_AUTH_OBJ_FILES = $(gen_ndrsrcdir)/ndr_named_pipe_auth.o + [SUBSYSTEM::NDR_DNSSERVER] PUBLIC_DEPENDENCIES = LIBNDR @@ -386,7 +391,7 @@ PUBLIC_DEPENDENCIES = \ NDR_ROT NDR_DRSBLOBS NDR_SVCCTL NDR_NBT NDR_WINSREPL NDR_SECURITY \ NDR_INITSHUTDOWN NDR_DNSSERVER NDR_WINSTATION NDR_IRPC NDR_OPENDB \ NDR_SASL_HELPERS NDR_NOTIFY NDR_WINBIND NDR_FRSRPC NDR_FRSAPI NDR_NFS4ACL NDR_NTP_SIGND \ - NDR_DCOM NDR_WMI + NDR_DCOM NDR_WMI NDR_NAMED_PIPE_AUTH NDR_TABLE_OBJ_FILES = ../librpc/ndr/ndr_table.o $(gen_ndrsrcdir)/tables.o -- cgit From 21aa4ea6b9b3d4ad5775f01aae8df6132043fd39 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 17 May 2008 01:52:47 +0200 Subject: s4: smbd: implement stream_socket_named_pipe() For now implement just a very simple protocol to negotiate the transport session info. We may need to pass more info later, e.g. client ip or name... metze --- source4/smbd/config.mk | 3 +- source4/smbd/service_named_pipe.c | 366 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 368 insertions(+), 1 deletion(-) create mode 100644 source4/smbd/service_named_pipe.c diff --git a/source4/smbd/config.mk b/source4/smbd/config.mk index b5babd4d69..63105d368c 100644 --- a/source4/smbd/config.mk +++ b/source4/smbd/config.mk @@ -2,11 +2,12 @@ [SUBSYSTEM::service] PRIVATE_DEPENDENCIES = \ - MESSAGING samba-socket + MESSAGING samba-socket NDR_NAMED_PIPE_AUTH service_OBJ_FILES = $(addprefix $(smbdsrcdir)/, \ service.o \ service_stream.o \ + service_named_pipe.o \ service_task.o) $(eval $(call proto_header_template,$(smbdsrcdir)/service_proto.h,$(service_OBJ_FILES:.o=.c))) diff --git a/source4/smbd/service_named_pipe.c b/source4/smbd/service_named_pipe.c new file mode 100644 index 0000000000..b2b102c01f --- /dev/null +++ b/source4/smbd/service_named_pipe.c @@ -0,0 +1,366 @@ +/* + Unix SMB/CIFS implementation. + + helper functions for NAMED PIPE servers + + Copyright (C) Stefan (metze) Metzmacher 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "lib/socket/socket.h" +#include "smbd/service.h" +#include "param/param.h" +#include "auth/session.h" +#include "lib/stream/packet.h" +#include "librpc/gen_ndr/ndr_named_pipe_auth.h" +#include "system/passwd.h" + +struct named_pipe_socket { + const char *pipe_name; + const char *pipe_path; + const struct stream_server_ops *ops; + void *private_data; +}; + +struct named_pipe_connection { + struct stream_connection *connection; + struct packet_context *packet; + const struct named_pipe_socket *pipe_sock; + NTSTATUS status; +}; + +static void named_pipe_handover_connection(void *private_data) +{ + struct named_pipe_connection *pipe_conn = talloc_get_type( + private_data, struct named_pipe_connection); + struct stream_connection *conn = pipe_conn->connection; + + EVENT_FD_NOT_WRITEABLE(conn->event.fde); + + if (!NT_STATUS_IS_OK(pipe_conn->status)) { + stream_terminate_connection(conn, nt_errstr(pipe_conn->status)); + return; + } + + /* + * remove the named_pipe layer together with its packet layer + */ + conn->ops = pipe_conn->pipe_sock->ops; + conn->private = pipe_conn->pipe_sock->private_data; + talloc_free(pipe_conn); + + /* we're now ready to start receiving events on this stream */ + EVENT_FD_READABLE(conn->event.fde); + + /* + * hand over to the real pipe implementation, + * now that we have setup the transport session_info + */ + conn->ops->accept_connection(conn); + + DEBUG(10,("named_pipe_handover_connection[%s]: succeeded\n", + conn->ops->name)); +} + +static NTSTATUS named_pipe_recv_auth_request(void *private_data, + DATA_BLOB req_blob) +{ + struct named_pipe_connection *pipe_conn = talloc_get_type( + private_data, struct named_pipe_connection); + struct stream_connection *conn = pipe_conn->connection; + enum ndr_err_code ndr_err; + struct named_pipe_auth_req req; + union netr_Validation val; + struct auth_serversupplied_info *server_info; + struct named_pipe_auth_rep rep; + DATA_BLOB rep_blob; + NTSTATUS status; + + /* + * make sure nothing happens on the socket untill the + * real implemenation takes over + */ + packet_recv_disable(pipe_conn->packet); + + /* + * TODO: check it's a root (uid == 0) pipe + */ + + ZERO_STRUCT(rep); + rep.level = 0; + rep.status = NT_STATUS_INTERNAL_ERROR; + + DEBUG(10,("named_pipe_auth: req_blob.length[%u]\n", + (unsigned int)req_blob.length)); + dump_data(10, req_blob.data, req_blob.length); + + /* parse the passed credentials */ + ndr_err = ndr_pull_struct_blob_all( + &req_blob, + pipe_conn, + lp_iconv_convenience(conn->lp_ctx), + &req, + (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_req); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + rep.status = ndr_map_error2ntstatus(ndr_err); + DEBUG(2, ("Could not unmarshall named_pipe_auth_req: %s\n", + nt_errstr(rep.status))); + goto reply; + } + + if (strcmp(NAMED_PIPE_AUTH_MAGIC, req.magic) != 0) { + DEBUG(2, ("named_pipe_auth_req: invalid magic '%s' != %s\n", + req.magic, NAMED_PIPE_AUTH_MAGIC)); + rep.status = NT_STATUS_INVALID_PARAMETER; + goto reply; + } + + switch (req.level) { + case 0: + /* + * anon connection, we don't create a session info + * and leave it NULL + */ + rep.level = 0; + rep.status = NT_STATUS_OK; + break; + case 1: + val.sam3 = &req.info.info1; + + rep.level = 1; + rep.status = make_server_info_netlogon_validation(pipe_conn, + "TODO", + 3, &val, + &server_info); + if (!NT_STATUS_IS_OK(rep.status)) { + DEBUG(2, ("make_server_info_netlogon_validation returned " + "%s\n", nt_errstr(rep.status))); + goto reply; + } + + /* setup the session_info on the connection */ + rep.status = auth_generate_session_info(conn, + conn->event.ctx, + conn->lp_ctx, + server_info, + &conn->session_info); + if (!NT_STATUS_IS_OK(rep.status)) { + DEBUG(2, ("auth_generate_session_info failed: %s\n", + nt_errstr(rep.status))); + goto reply; + } + + break; + default: + DEBUG(2, ("named_pipe_auth_req: unknown level %u\n", + req.level)); + rep.level = 0; + rep.status = NT_STATUS_INVALID_LEVEL; + goto reply; + } + +reply: + /* create the output */ + ndr_err = ndr_push_struct_blob(&rep_blob, pipe_conn, + lp_iconv_convenience(conn->lp_ctx), + &rep, + (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + DEBUG(2, ("Could not marshall named_pipe_auth_rep: %s\n", + nt_errstr(status))); + return status; + } + + pipe_conn->status = rep.status; + + DEBUG(10,("named_pipe_auth reply[%u]\n", rep_blob.length)); + dump_data(10, rep_blob.data, rep_blob.length); + status = packet_send_callback(pipe_conn->packet, rep_blob, + named_pipe_handover_connection, + pipe_conn); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0, ("packet_send_callback returned %s\n", + nt_errstr(status))); + return status; + } + + return NT_STATUS_OK; +} + +/* + called when a pipe socket becomes readable +*/ +static void named_pipe_recv(struct stream_connection *conn, uint16_t flags) +{ + struct named_pipe_connection *pipe_conn = talloc_get_type( + conn->private, struct named_pipe_connection); + + DEBUG(10,("named_pipe_recv\n")); + + packet_recv(pipe_conn->packet); +} + +/* + called when a pipe socket becomes writable +*/ +static void named_pipe_send(struct stream_connection *conn, uint16_t flags) +{ + struct named_pipe_connection *pipe_conn = talloc_get_type( + conn->private, struct named_pipe_connection); + + packet_queue_run(pipe_conn->packet); +} + +/* + handle socket recv errors +*/ +static void named_pipe_recv_error(void *private_data, NTSTATUS status) +{ + struct named_pipe_connection *pipe_conn = talloc_get_type( + private_data, struct named_pipe_connection); + + stream_terminate_connection(pipe_conn->connection, nt_errstr(status)); +} + +static NTSTATUS named_pipe_full_request(void *private, DATA_BLOB blob, size_t *size) +{ + if (blob.length < 8) { + return STATUS_MORE_ENTRIES; + } + + if (memcmp(NAMED_PIPE_AUTH_MAGIC, &blob.data[4], 4) != 0) { + DEBUG(0,("named_pipe_full_request: wrong protocol\n")); + *size = blob.length; + /* the error will be handled in named_pipe_recv_auth_request */ + return NT_STATUS_OK; + } + + *size = 4 + RIVAL(blob.data, 0); + if (*size > blob.length) { + return STATUS_MORE_ENTRIES; + } + + return NT_STATUS_OK; +} + +static void named_pipe_accept(struct stream_connection *conn) +{ + struct named_pipe_socket *pipe_sock = talloc_get_type( + conn->private, struct named_pipe_socket); + struct named_pipe_connection *pipe_conn; + + DEBUG(5,("named_pipe_accept\n")); + + pipe_conn = talloc_zero(conn, struct named_pipe_connection); + if (!pipe_conn) { + stream_terminate_connection(conn, "out of memory"); + return; + } + + pipe_conn->packet = packet_init(pipe_conn); + if (!pipe_conn->packet) { + stream_terminate_connection(conn, "out of memory"); + return; + } + packet_set_private(pipe_conn->packet, pipe_conn); + packet_set_socket(pipe_conn->packet, conn->socket); + packet_set_callback(pipe_conn->packet, named_pipe_recv_auth_request); + packet_set_full_request(pipe_conn->packet, named_pipe_full_request); + packet_set_error_handler(pipe_conn->packet, named_pipe_recv_error); + packet_set_event_context(pipe_conn->packet, conn->event.ctx); + packet_set_fde(pipe_conn->packet, conn->event.fde); + packet_set_serialise(pipe_conn->packet); + packet_set_initial_read(pipe_conn->packet, 8); + + pipe_conn->pipe_sock = pipe_sock; + + pipe_conn->connection = conn; + conn->private = pipe_conn; +} + +static const struct stream_server_ops named_pipe_stream_ops = { + .name = "named_pipe", + .accept_connection = named_pipe_accept, + .recv_handler = named_pipe_recv, + .send_handler = named_pipe_send, +}; + +NTSTATUS stream_setup_named_pipe(struct event_context *event_context, + struct loadparm_context *lp_ctx, + const struct model_ops *model_ops, + const struct stream_server_ops *stream_ops, + const char *pipe_name, + void *private_data) +{ + char *dirname; + struct named_pipe_socket *pipe_sock; + NTSTATUS status = NT_STATUS_NO_MEMORY;; + + pipe_sock = talloc(event_context, struct named_pipe_socket); + if (pipe_sock == NULL) { + goto fail; + } + + /* remember the details about the pipe */ + pipe_sock->pipe_name = talloc_strdup(pipe_sock, pipe_name); + if (pipe_sock->pipe_name == NULL) { + goto fail; + } + + dirname = talloc_asprintf(pipe_sock, "%s/np", lp_ncalrpc_dir(lp_ctx)); + if (dirname == NULL) { + goto fail; + } + + if (!directory_create_or_exist(dirname, geteuid(), 0700)) { + status = map_nt_error_from_unix(errno); + goto fail; + } + + if (strncmp(pipe_name, "\\pipe\\", 6) == 0) { + pipe_name += 6; + } + + pipe_sock->pipe_path = talloc_asprintf(pipe_sock, "%s/%s", dirname, + pipe_name); + if (pipe_sock->pipe_path == NULL) { + goto fail; + } + + talloc_free(dirname); + + pipe_sock->ops = stream_ops; + pipe_sock->private_data = talloc_reference(pipe_sock, private_data); + + status = stream_setup_socket(event_context, + lp_ctx, + model_ops, + &named_pipe_stream_ops, + "unix", + pipe_sock->pipe_path, + NULL, + NULL, + pipe_sock); + if (!NT_STATUS_IS_OK(status)) { + goto fail; + } + return NT_STATUS_OK; + + fail: + talloc_free(pipe_sock); + return status; +} -- cgit From 9666582b50b18e81816fcf8a0a17c343ea277801 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 17 May 2008 02:39:57 +0200 Subject: s4: rpc_server: listen on named_pipes metze --- source4/rpc_server/service_rpc.c | 36 ++++++++++-------------------------- 1 file changed, 10 insertions(+), 26 deletions(-) diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index f168614ad5..e526b17db1 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -287,12 +287,10 @@ static NTSTATUS dcesrv_add_ep_ncalrpc(struct dcesrv_context *dce_ctx, return status; } - -/* - add a socket address to the list of events, one event per dcerpc endpoint -*/ -static NTSTATUS add_socket_rpc_pipe_iface(struct dcesrv_context *dce_ctx, struct dcesrv_endpoint *e, - struct event_context *event_ctx, const struct model_ops *model_ops) +static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx, + struct loadparm_context *lp_ctx, + struct dcesrv_endpoint *e, + struct event_context *event_ctx, const struct model_ops *model_ops) { struct dcesrv_socket_context *dcesrv_sock; NTSTATUS status; @@ -309,30 +307,16 @@ static NTSTATUS add_socket_rpc_pipe_iface(struct dcesrv_context *dce_ctx, struct dcesrv_sock->endpoint = e; dcesrv_sock->dcesrv_ctx = talloc_reference(dcesrv_sock, dce_ctx); - status = NT_STATUS_OK; -#if 0 - - status = stream_setup_smb_pipe(event_ctx, model_ops, &dcesrv_stream_ops, - e->ep_description->endpoint, dcesrv_sock); + status = stream_setup_named_pipe(event_ctx, lp_ctx, + model_ops, &dcesrv_stream_ops, + e->ep_description->endpoint, dcesrv_sock); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("service_setup_stream_socket(path=%s) failed - %s\n", + DEBUG(0,("stream_setup_named_pipe(pipe=%s) failed - %s\n", e->ep_description->endpoint, nt_errstr(status))); + return status; } -#endif - return status; -} -static NTSTATUS dcesrv_add_ep_np(struct dcesrv_context *dce_ctx, - struct loadparm_context *lp_ctx, - struct dcesrv_endpoint *e, - struct event_context *event_ctx, const struct model_ops *model_ops) -{ - NTSTATUS status; - - status = add_socket_rpc_pipe_iface(dce_ctx, e, event_ctx, model_ops); - NT_STATUS_NOT_OK_RETURN(status); - - return status; + return NT_STATUS_OK; } /* -- cgit From 6815fd173077b02a80674a942225bd7cad6112c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 6 Nov 2008 10:19:20 +0100 Subject: s3: rpc: let serverinfo_to_SamInfo3() work with no pipe_session_key metze --- source3/include/proto.h | 3 ++- source3/rpc_client/init_netlogon.c | 18 +++++++++++++++--- source3/rpc_server/srv_netlog_nt.c | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index ac55a67c19..49c9aff349 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5549,7 +5549,8 @@ void init_netr_SamInfo3(struct netr_SamInfo3 *r, uint32_t sidcount, struct netr_SidAttr *sids); NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, - uint8_t pipe_session_key[16], + uint8_t *pipe_session_key, + size_t pipe_session_key_len, struct netr_SamInfo3 *sam3); void init_netr_IdentityInfo(struct netr_IdentityInfo *r, const char *domain_name, diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index e4c39e739e..4318a94076 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -172,7 +172,8 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, *****************************************************************************/ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, - uint8_t pipe_session_key[16], + uint8_t *pipe_session_key, + size_t pipe_session_key_len, struct netr_SamInfo3 *sam3) { struct samu *sampw; @@ -203,6 +204,13 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, user_sid = pdb_get_user_sid(sampw); group_sid = pdb_get_group_sid(sampw); + if (pipe_session_key && pipe_session_key_len != 16) { + DEBUG(0,("serverinfo_to_SamInfo3: invalid " + "pipe_session_key_len[%u] != 16\n", + pipe_session_key_len)); + return NT_STATUS_INTERNAL_ERROR; + } + if ((user_sid == NULL) || (group_sid == NULL)) { DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n")); return NT_STATUS_UNSUCCESSFUL; @@ -248,14 +256,18 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, server_info->user_session_key.data, MIN(sizeof(user_session_key.key), server_info->user_session_key.length)); - SamOEMhash(user_session_key.key, pipe_session_key, 16); + if (pipe_session_key) { + SamOEMhash(user_session_key.key, pipe_session_key, 16); + } } if (server_info->lm_session_key.length) { memcpy(lm_session_key.key, server_info->lm_session_key.data, MIN(sizeof(lm_session_key.key), server_info->lm_session_key.length)); - SamOEMhash(lm_session_key.key, pipe_session_key, 8); + if (pipe_session_key) { + SamOEMhash(lm_session_key.key, pipe_session_key, 8); + } } groups.count = num_gids; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 75fc99401e..45acd3ed48 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -981,7 +981,7 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16); } - status = serverinfo_to_SamInfo3(server_info, pipe_session_key, sam3); + status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, sam3); TALLOC_FREE(server_info); return status; } -- cgit From e9b8dd561fb3d2c6daf2e18887d6b324eb0c9175 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 29 Oct 2008 12:20:02 +0100 Subject: s3: build ndr_named_pipe_auth.c metze --- source3/Makefile.in | 4 +- source3/librpc/gen_ndr/named_pipe_auth.h | 32 +++ source3/librpc/gen_ndr/ndr_named_pipe_auth.c | 302 +++++++++++++++++++++++++++ source3/librpc/gen_ndr/ndr_named_pipe_auth.h | 20 ++ 4 files changed, 357 insertions(+), 1 deletion(-) create mode 100644 source3/librpc/gen_ndr/named_pipe_auth.h create mode 100644 source3/librpc/gen_ndr/ndr_named_pipe_auth.c create mode 100644 source3/librpc/gen_ndr/ndr_named_pipe_auth.h diff --git a/source3/Makefile.in b/source3/Makefile.in index 4f757e9ebf..b8646aa931 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -294,6 +294,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ librpc/gen_ndr/ndr_notify.o \ librpc/gen_ndr/ndr_xattr.o \ librpc/gen_ndr/ndr_epmapper.o \ + librpc/gen_ndr/ndr_named_pipe_auth.o \ librpc/gen_ndr/ndr_ntsvcs.o RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o @@ -1223,7 +1224,8 @@ samba3-idl:: ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ - ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl + ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ + ../librpc/idl/named_pipe_auth.idl librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h @echo "Generating $@" diff --git a/source3/librpc/gen_ndr/named_pipe_auth.h b/source3/librpc/gen_ndr/named_pipe_auth.h new file mode 100644 index 0000000000..5f4ba9afb1 --- /dev/null +++ b/source3/librpc/gen_ndr/named_pipe_auth.h @@ -0,0 +1,32 @@ +/* header auto-generated by pidl */ + +#include + +#include "librpc/gen_ndr/netlogon.h" +#ifndef _HEADER_named_pipe_auth +#define _HEADER_named_pipe_auth + +#define NAMED_PIPE_AUTH_MAGIC ( "NPAM" ) +union named_pipe_auth_req_info { + struct netr_SamInfo3 info1;/* [case] */ +}/* [switch_type(uint32)] */; + +struct named_pipe_auth_req { + uint32_t length;/* [value(ndr_size_named_pipe_auth_req(r,ndr->flags)-4),flag(LIBNDR_FLAG_BIGENDIAN)] */ + const char *magic;/* [value(NAMED_PIPE_AUTH_MAGIC),charset(DOS)] */ + uint32_t level; + union named_pipe_auth_req_info info;/* [switch_is(level)] */ +}/* [gensize,public] */; + +union named_pipe_auth_rep_info { +}/* [switch_type(uint32)] */; + +struct named_pipe_auth_rep { + uint32_t length;/* [value(ndr_size_named_pipe_auth_rep(r,ndr->flags)-4),flag(LIBNDR_FLAG_BIGENDIAN)] */ + const char *magic;/* [value(NAMED_PIPE_AUTH_MAGIC),charset(DOS)] */ + uint32_t level; + union named_pipe_auth_rep_info info;/* [switch_is(level)] */ + NTSTATUS status; +}/* [gensize,public] */; + +#endif /* _HEADER_named_pipe_auth */ diff --git a/source3/librpc/gen_ndr/ndr_named_pipe_auth.c b/source3/librpc/gen_ndr/ndr_named_pipe_auth.c new file mode 100644 index 0000000000..69412bf427 --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_named_pipe_auth.c @@ -0,0 +1,302 @@ +/* parser auto-generated by pidl */ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_named_pipe_auth.h" + +#include "librpc/gen_ndr/ndr_netlogon.h" +static enum ndr_err_code ndr_push_named_pipe_auth_req_info(struct ndr_push *ndr, int ndr_flags, const union named_pipe_auth_req_info *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level)); + switch (level) { + case 0: { + break; } + + case 1: { + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_SCALARS, &r->info1)); + break; } + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case 0: + break; + + case 1: + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info1)); + break; + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_named_pipe_auth_req_info(struct ndr_pull *ndr, int ndr_flags, union named_pipe_auth_req_info *r) +{ + int level; + uint32_t _level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); + if (_level != level) { + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level); + } + switch (level) { + case 0: { + break; } + + case 1: { + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_SCALARS, &r->info1)); + break; } + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case 0: + break; + + case 1: + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info1)); + break; + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_req_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_req_info *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "named_pipe_auth_req_info"); + switch (level) { + case 0: + break; + + case 1: + ndr_print_netr_SamInfo3(ndr, "info1", &r->info1); + break; + + default: + ndr_print_bad_level(ndr, name, level); + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_req *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_named_pipe_auth_req(r, ndr->flags) - 4)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, NAMED_PIPE_AUTH_MAGIC, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->level)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_push_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_named_pipe_auth_req_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_req(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_req *r) +{ + ndr_print_struct(ndr, name, "named_pipe_auth_req"); + ndr->depth++; + ndr_print_uint32(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_named_pipe_auth_req(r, ndr->flags) - 4:r->length); + ndr_print_string(ndr, "magic", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NAMED_PIPE_AUTH_MAGIC:r->magic); + ndr_print_uint32(ndr, "level", r->level); + ndr_print_set_switch_value(ndr, &r->info, r->level); + ndr_print_named_pipe_auth_req_info(ndr, "info", &r->info); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_named_pipe_auth_req(const struct named_pipe_auth_req *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req); +} + +static enum ndr_err_code ndr_push_named_pipe_auth_rep_info(struct ndr_push *ndr, int ndr_flags, const union named_pipe_auth_rep_info *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level)); + switch (level) { + case 0: { + break; } + + case 1: { + break; } + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case 0: + break; + + case 1: + break; + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_named_pipe_auth_rep_info(struct ndr_pull *ndr, int ndr_flags, union named_pipe_auth_rep_info *r) +{ + int level; + uint32_t _level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); + if (_level != level) { + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level); + } + switch (level) { + case 0: { + break; } + + case 1: { + break; } + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case 0: + break; + + case 1: + break; + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_rep_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_rep_info *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "named_pipe_auth_rep_info"); + switch (level) { + case 0: + break; + + case 1: + break; + + default: + ndr_print_bad_level(ndr, name, level); + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_rep *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_named_pipe_auth_rep(r, ndr->flags) - 4)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, NAMED_PIPE_AUTH_MAGIC, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->level)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_push_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->status)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_named_pipe_auth_rep_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->status)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_rep(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_rep *r) +{ + ndr_print_struct(ndr, name, "named_pipe_auth_rep"); + ndr->depth++; + ndr_print_uint32(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_named_pipe_auth_rep(r, ndr->flags) - 4:r->length); + ndr_print_string(ndr, "magic", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NAMED_PIPE_AUTH_MAGIC:r->magic); + ndr_print_uint32(ndr, "level", r->level); + ndr_print_set_switch_value(ndr, &r->info, r->level); + ndr_print_named_pipe_auth_rep_info(ndr, "info", &r->info); + ndr_print_NTSTATUS(ndr, "status", r->status); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_named_pipe_auth_rep(const struct named_pipe_auth_rep *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep); +} + diff --git a/source3/librpc/gen_ndr/ndr_named_pipe_auth.h b/source3/librpc/gen_ndr/ndr_named_pipe_auth.h new file mode 100644 index 0000000000..fbef9d5f1c --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_named_pipe_auth.h @@ -0,0 +1,20 @@ +/* header auto-generated by pidl */ + +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/named_pipe_auth.h" + +#ifndef _HEADER_NDR_named_pipe_auth +#define _HEADER_NDR_named_pipe_auth + +#define NDR_NAMED_PIPE_AUTH_CALL_COUNT (0) +void ndr_print_named_pipe_auth_req_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_req_info *r); +enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_req *r); +enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r); +void ndr_print_named_pipe_auth_req(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_req *r); +size_t ndr_size_named_pipe_auth_req(const struct named_pipe_auth_req *r, int flags); +void ndr_print_named_pipe_auth_rep_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_rep_info *r); +enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_rep *r); +enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r); +void ndr_print_named_pipe_auth_rep(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_rep *r); +size_t ndr_size_named_pipe_auth_rep(const struct named_pipe_auth_rep *r, int flags); +#endif /* _HEADER_NDR_named_pipe_auth */ -- cgit From ace87f16c0f75d5d7685f3b4f187be539ca8ede4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 26 Oct 2008 18:56:29 +0100 Subject: For proxied named pipes, connect to np/ and send auth info Signed-off-by: Stefan Metzmacher --- source3/rpc_server/srv_pipe_hnd.c | 109 +++++++++++++++++++++++++++++++++++++- 1 file changed, 107 insertions(+), 2 deletions(-) diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 92f89282cf..d359b9b339 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/ndr_named_pipe_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -944,6 +945,17 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, struct np_proxy_state *result; struct sockaddr_un addr; char *socket_path; + const char *socket_dir; + + DATA_BLOB req_blob; + struct netr_SamInfo3 *info3; + struct named_pipe_auth_req req; + DATA_BLOB rep_blob; + uint8 rep_buf[20]; + struct named_pipe_auth_rep rep; + enum ndr_err_code ndr_err; + NTSTATUS status; + ssize_t written; result = talloc(mem_ctx, struct np_proxy_state); if (result == NULL) { @@ -961,8 +973,16 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, ZERO_STRUCT(addr); addr.sun_family = AF_UNIX; - socket_path = talloc_asprintf(talloc_tos(), "%s/%s", - get_dyn_NCALRPCDIR(), "DEFAULT"); + socket_dir = lp_parm_const_string( + GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir", + get_dyn_NCALRPCDIR()); + if (socket_dir == NULL) { + DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n")); + goto fail; + } + + socket_path = talloc_asprintf(talloc_tos(), "%s/np/%s", + socket_dir, pipe_name); if (socket_path == NULL) { DEBUG(0, ("talloc_asprintf failed\n")); goto fail; @@ -970,11 +990,96 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path)); TALLOC_FREE(socket_path); + become_root(); if (sys_connect(result->fd, (struct sockaddr *)&addr) == -1) { + unbecome_root(); DEBUG(0, ("connect(%s) failed: %s\n", addr.sun_path, strerror(errno))); goto fail; } + unbecome_root(); + + info3 = talloc(talloc_tos(), struct netr_SamInfo3); + if (info3 == NULL) { + DEBUG(0, ("talloc failed\n")); + goto fail; + } + + status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(info3); + DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n", + nt_errstr(status))); + goto fail; + } + + req.level = 1; + req.info.info1 = *info3; + + ndr_err = ndr_push_struct_blob( + &req_blob, talloc_tos(), NULL, &req, + (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(10, ("ndr_push_named_pipe_auth_req failed: %s\n", + ndr_errstr(ndr_err))); + goto fail; + } + + DEBUG(10, ("named_pipe_auth_req(client)[%u]\n", (uint32_t)req_blob.length)); + dump_data(10, req_blob.data, req_blob.length); + + written = write_data(result->fd, (char *)req_blob.data, + req_blob.length); + if (written == -1) { + DEBUG(3, ("Could not write auth req data to RPC server\n")); + goto fail; + } + + status = read_data(result->fd, (char *)rep_buf, sizeof(rep_buf)); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("Could not read auth result\n")); + goto fail; + } + + rep_blob = data_blob_const(rep_buf, sizeof(rep_buf)); + + DEBUG(10,("name_pipe_auth_rep(client)[%u]\n", (uint32_t)rep_blob.length)); + dump_data(10, rep_blob.data, rep_blob.length); + + ndr_err = ndr_pull_struct_blob( + &rep_blob, talloc_tos(), NULL, &rep, + (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n", + ndr_errstr(ndr_err))); + goto fail; + } + + if (rep.length != 16) { + DEBUG(0, ("req invalid length: %u != 16\n", + rep.length)); + goto fail; + } + + if (strcmp(NAMED_PIPE_AUTH_MAGIC, rep.magic) != 0) { + DEBUG(0, ("req invalid magic: %s != %s\n", + rep.magic, NAMED_PIPE_AUTH_MAGIC)); + goto fail; + } + + if (!NT_STATUS_IS_OK(rep.status)) { + DEBUG(0, ("req failed: %s\n", + nt_errstr(rep.status))); + goto fail; + } + + if (rep.level != 1) { + DEBUG(0, ("req invalid level: %u != 1\n", + rep.level)); + goto fail; + } return result; -- cgit From 2c5a9f0a57774b861439390ab86b48c3f0475af8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 23:25:11 +0100 Subject: s4-test: skip netr_DatabaseRedo test. Guenther --- source4/selftest/knownfail | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail index f99db4fb1b..9649a1f644 100644 --- a/source4/selftest/knownfail +++ b/source4/selftest/knownfail @@ -35,6 +35,7 @@ rpc.netlogon.*.DsRAddressToSitenamesW rpc.netlogon.*.DsRAddressToSitenamesExW rpc.netlogon.*.GetPassword rpc.netlogon.*.GetTrustPasswords +rpc.netlogon.*.DatabaseRedo base.charset.*.Testing partial surrogate .*net.api.delshare.* # DelShare isn't implemented yet rap.*netservergetinfo -- cgit From 8b4b5c3a92be83e99d9177b04f0da56f610025de Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 18:53:00 -0800 Subject: Add wrapper str_list_make_v3() to replace the old S3 behavior of str_list_make(). From Dan Sledz : In samba 3.2 passing NULL or an empty string returned NULL. In master, it now returns a list of length 1 with the first string set to NULL (an empty list). Jeremy. --- source3/auth/auth.c | 16 ++++++++-------- source3/include/proto.h | 1 + source3/lib/debug.c | 2 +- source3/lib/util_str.c | 16 ++++++++++++++++ source3/libgpo/gpo_ldap.c | 6 +++--- source3/param/loadparm.c | 8 ++++---- source3/smbd/map_username.c | 2 +- source3/smbd/password.c | 2 +- source3/web/neg_lang.c | 2 +- 9 files changed, 36 insertions(+), 19 deletions(-) diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 7f95656bef..505098c76a 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -469,13 +469,13 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam smbserver", NULL); break; @@ -483,36 +483,36 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) if (lp_encrypted_passwords()) { if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:trustdomain", NULL); } else { DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); } } else { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; case SEC_SHARE: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); } else { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; diff --git a/source3/include/proto.h b/source3/include/proto.h index 49c9aff349..482027e8dc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1582,6 +1582,7 @@ bool validate_net_name( const char *name, const char *invalid_chars, int max_len); char *escape_shell_string(const char *src); +char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep); /* The following definitions come from lib/util_unistr.c */ diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 986dff48d7..d64fcb66d9 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -472,7 +472,7 @@ bool debug_parse_levels(const char *params_str) if (AllowDebugChange == False) return True; - params = str_list_make(talloc_tos(), params_str, NULL); + params = str_list_make_v3(talloc_tos(), params_str, NULL); if (debug_parse_params(params)) { debug_dump_status(5); diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 046ce61ea3..fde4f825e8 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -2532,3 +2532,19 @@ char *escape_shell_string(const char *src) *dest++ = '\0'; return ret; } + +/*************************************************** + Wrapper for str_list_make() to restore the s3 behavior. + In samba 3.2 passing NULL or an empty string returned NULL. + + In master, it now returns a list of length 1 with the first string set + to NULL (an empty list) +***************************************************/ + +char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep) +{ + if (!string || !*string) { + return NULL; + } + return str_list_make(mem_ctx, string, sep); +} diff --git a/source3/libgpo/gpo_ldap.c b/source3/libgpo/gpo_ldap.c index 0e77f0a856..26813864e5 100644 --- a/source3/libgpo/gpo_ldap.c +++ b/source3/libgpo/gpo_ldap.c @@ -44,7 +44,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, goto parse_error; } - ext_list = str_list_make(mem_ctx, extension_raw, "]"); + ext_list = str_list_make_v3(mem_ctx, extension_raw, "]"); if (!ext_list) { goto parse_error; } @@ -87,7 +87,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, p++; } - ext_strings = str_list_make(mem_ctx, p, "}"); + ext_strings = str_list_make_v3(mem_ctx, p, "}"); if (ext_strings == NULL) { goto parse_error; } @@ -162,7 +162,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx, DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw)); - link_list = str_list_make(mem_ctx, gp_link_raw, "]"); + link_list = str_list_make_v3(mem_ctx, gp_link_raw, "]"); if (!link_list) { goto parse_error; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 84f6fb907a..fae6cb38dc 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4899,7 +4899,7 @@ static void init_globals(bool first_time_only) Globals.bWinbindTrustedDomainsOnly = False; Globals.bWinbindNestedGroups = True; Globals.winbind_expand_groups = 1; - Globals.szWinbindNssInfo = str_list_make(NULL, "template", NULL); + Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); Globals.bWinbindRefreshTickets = False; Globals.bWinbindOfflineLogon = False; @@ -5615,7 +5615,7 @@ const char **lp_parm_string_list(int snum, const char *type, const char *option, return (const char **)def; if (data->list==NULL) { - data->list = str_list_make(NULL, data->value, NULL); + data->list = str_list_make_v3(NULL, data->value, NULL); } return (const char **)data->list; @@ -6859,7 +6859,7 @@ static bool handle_netbios_scope(int snum, const char *pszParmValue, char **ptr) static bool handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr) { TALLOC_FREE(Globals.szNetbiosAliases); - Globals.szNetbiosAliases = str_list_make(NULL, pszParmValue, NULL); + Globals.szNetbiosAliases = str_list_make_v3(NULL, pszParmValue, NULL); return set_netbios_aliases((const char **)Globals.szNetbiosAliases); } @@ -7261,7 +7261,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue case P_LIST: TALLOC_FREE(*((char ***)parm_ptr)); - *(char ***)parm_ptr = str_list_make( + *(char ***)parm_ptr = str_list_make_v3( NULL, pszParmValue, NULL); break; diff --git a/source3/smbd/map_username.c b/source3/smbd/map_username.c index a8899dd538..f549f0c9f3 100644 --- a/source3/smbd/map_username.c +++ b/source3/smbd/map_username.c @@ -178,7 +178,7 @@ bool map_username(fstring user) /* skip lines like 'user = ' */ - dosuserlist = str_list_make(talloc_tos(), dosname, NULL); + dosuserlist = str_list_make_v3(talloc_tos(), dosname, NULL); if (!dosuserlist) { DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n")); continue; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 88e7b766be..84b40f28cc 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -576,7 +576,7 @@ static bool user_ok(const char *user, int snum) TALLOC_FREE(valid); if (ret && lp_onlyuser(snum)) { - char **user_list = str_list_make( + char **user_list = str_list_make_v3( talloc_tos(), lp_username(snum), NULL); if (user_list && str_list_substitute(user_list, "%S", diff --git a/source3/web/neg_lang.c b/source3/web/neg_lang.c index 82411000cd..491ca9eedd 100644 --- a/source3/web/neg_lang.c +++ b/source3/web/neg_lang.c @@ -74,7 +74,7 @@ void web_set_lang(const char *lang_string) int lang_num, i; /* build the lang list */ - lang_list = str_list_make(talloc_tos(), lang_string, ", \t\r\n"); + lang_list = str_list_make_v3(talloc_tos(), lang_string, ", \t\r\n"); if (!lang_list) return; /* sort the list by priority */ -- cgit From 7ae625345536572aa946f0715542a5cf2dbc2169 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Thu, 6 Nov 2008 20:40:20 -0800 Subject: Convert to use VFS layer. --- source3/smbd/posix_acls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 97b87cc3a9..7ca2ed787b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4301,7 +4301,7 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) finfo.fh->fd = -1; finfo.fsp_name = CONST_DISCARD(char *,fname); - if (!NT_STATUS_IS_OK(posix_fget_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd))) { + if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) { DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); conn_free_internal( conn ); return NULL; -- cgit From 8962be69c700224983af4effd2cd086f7f5800b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 20:48:13 -0800 Subject: Make us clean under valgrind --leak-check=full by using talloc_autofree_context() instead of NULL. Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should be deleted when their parent context is deleted, so freeing them at some arbitrary point later will be a double-free. Jeremy. --- source3/auth/token_util.c | 2 +- source3/lib/memcache.c | 26 -------------------------- source3/lib/util.c | 6 +++--- source3/lib/util_pw.c | 2 +- source3/param/loadparm.c | 8 ++++---- source3/passdb/passdb.c | 2 +- source3/passdb/pdb_interface.c | 4 ++-- source3/passdb/util_unixsids.c | 2 +- source3/smbd/server.c | 6 +++--- source3/smbd/uid.c | 2 +- source3/utils/net_sam.c | 2 +- source3/utils/pdbedit.c | 4 ++-- source3/utils/smbpasswd.c | 4 ++-- source3/web/cgi.c | 4 ++-- 14 files changed, 24 insertions(+), 50 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index e739fdaabe..6c00aa0943 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -102,7 +102,7 @@ NT_USER_TOKEN *get_root_nt_token( void ) uid_to_sid(&u_sid, pw->pw_uid); gid_to_sid(&g_sid, pw->pw_gid); - token = create_local_nt_token(NULL, &u_sid, False, + token = create_local_nt_token(talloc_autofree_context(), &u_sid, False, 1, &global_sid_Builtin_Administrators); token->privileges = se_disk_operators; diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index 9c892fedfa..d586f707fa 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -40,37 +40,11 @@ struct memcache { static void memcache_element_parse(struct memcache_element *e, DATA_BLOB *key, DATA_BLOB *value); -static bool memcache_is_talloc(enum memcache_number n) -{ - bool result; - - switch (n) { - case GETPWNAM_CACHE: - case PDB_GETPWSID_CACHE: - case SINGLETON_CACHE_TALLOC: - result = true; - break; - default: - result = false; - break; - } - - return result; -} - static int memcache_destructor(struct memcache *cache) { struct memcache_element *e, *next; for (e = cache->mru; e != NULL; e = next) { next = e->next; - if (memcache_is_talloc((enum memcache_number)e->n) - && (e->valuelength == sizeof(void *))) { - DATA_BLOB key, value; - void *ptr; - memcache_element_parse(e, &key, &value); - memcpy(&ptr, value.data, sizeof(ptr)); - TALLOC_FREE(ptr); - } SAFE_FREE(e); } return 0; diff --git a/source3/lib/util.c b/source3/lib/util.c index 820cf376be..5007fb72ef 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1497,7 +1497,7 @@ uid_t nametouid(const char *name) char *p; uid_t u; - pass = getpwnam_alloc(NULL, name); + pass = getpwnam_alloc(talloc_autofree_context(), name); if (pass) { u = pass->pw_uid; TALLOC_FREE(pass); @@ -2255,8 +2255,8 @@ char *myhostname(void) static char *ret; if (ret == NULL) { /* This is cached forever so - * use NULL talloc ctx. */ - ret = talloc_get_myname(NULL); + * use talloc_autofree_context() ctx. */ + ret = talloc_get_myname(talloc_autofree_context()); } return ret; } diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index c0d37f1094..e0dbc97f00 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -57,7 +57,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) return NULL; } - cached = tcopy_passwd(NULL, temp); + cached = tcopy_passwd(talloc_autofree_context(), temp); if (cached == NULL) { /* * Just don't add this into the cache, ignore the failure diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index fae6cb38dc..217957ab37 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4899,7 +4899,7 @@ static void init_globals(bool first_time_only) Globals.bWinbindTrustedDomainsOnly = False; Globals.bWinbindNestedGroups = True; Globals.winbind_expand_groups = 1; - Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); + Globals.szWinbindNssInfo = str_list_make_v3(talloc_autofree_context(), "template", NULL); Globals.bWinbindRefreshTickets = False; Globals.bWinbindOfflineLogon = False; @@ -5615,7 +5615,7 @@ const char **lp_parm_string_list(int snum, const char *type, const char *option, return (const char **)def; if (data->list==NULL) { - data->list = str_list_make_v3(NULL, data->value, NULL); + data->list = str_list_make_v3(talloc_autofree_context(), data->value, NULL); } return (const char **)data->list; @@ -6859,7 +6859,7 @@ static bool handle_netbios_scope(int snum, const char *pszParmValue, char **ptr) static bool handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr) { TALLOC_FREE(Globals.szNetbiosAliases); - Globals.szNetbiosAliases = str_list_make_v3(NULL, pszParmValue, NULL); + Globals.szNetbiosAliases = str_list_make_v3(talloc_autofree_context(), pszParmValue, NULL); return set_netbios_aliases((const char **)Globals.szNetbiosAliases); } @@ -7262,7 +7262,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue case P_LIST: TALLOC_FREE(*((char ***)parm_ptr)); *(char ***)parm_ptr = str_list_make_v3( - NULL, pszParmValue, NULL); + talloc_autofree_context(), pszParmValue, NULL); break; case P_STRING: diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 60699615f0..8367d6a9ad 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -665,7 +665,7 @@ NTSTATUS local_password_change(const char *user_name, DEBUGLEVEL = 1; } - if ( !(pwd = getpwnam_alloc( NULL, user_name)) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), user_name)) ) { return NT_STATUS_NO_SUCH_USER; } diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index fcb38b464b..6fe105854f 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -242,7 +242,7 @@ bool guest_user_info( struct samu *user ) NTSTATUS result; const char *guestname = lp_guestaccount(); - if ( !(pwd = getpwnam_alloc( NULL, guestname ) ) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) { DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n", guestname)); return False; @@ -2016,7 +2016,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) { /* allocate memory for the structure as its own talloc CTX */ - if ( !(*methods = TALLOC_ZERO_P(NULL, struct pdb_methods) ) ) { + if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c index 1b674d02a2..ad4e70256d 100644 --- a/source3/passdb/util_unixsids.c +++ b/source3/passdb/util_unixsids.c @@ -56,7 +56,7 @@ bool lookup_unix_user_name(const char *name, DOM_SID *sid) { struct passwd *pwd; - pwd = getpwnam_alloc(NULL, name); + pwd = getpwnam_alloc(talloc_autofree_context(), name); if (pwd == NULL) { return False; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7583da65a5..fff05a3aac 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -80,7 +80,7 @@ struct event_context *smbd_event_context(void) { static struct event_context *ctx; - if (!ctx && !(ctx = event_context_init(NULL))) { + if (!ctx && !(ctx = event_context_init(talloc_autofree_context()))) { smb_panic("Could not init smbd event context"); } return ctx; @@ -91,7 +91,7 @@ struct messaging_context *smbd_messaging_context(void) static struct messaging_context *ctx; if (ctx == NULL) { - ctx = messaging_init(NULL, server_id_self(), + ctx = messaging_init(talloc_autofree_context(), server_id_self(), smbd_event_context()); } if (ctx == NULL) { @@ -105,7 +105,7 @@ struct memcache *smbd_memcache(void) static struct memcache *cache; if (!cache - && !(cache = memcache_init(NULL, + && !(cache = memcache_init(talloc_autofree_context(), lp_max_stat_cache_size()*1024))) { smb_panic("Could not init smbd memcache"); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 8998f6a371..045de6f2d3 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -32,7 +32,7 @@ bool change_to_guest(void) if (!pass) { /* Don't need to free() this as its stored in a static */ - pass = getpwnam_alloc(NULL, lp_guestaccount()); + pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount()); if (!pass) return(False); } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index ce132131f7..e8ebb60205 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1735,7 +1735,7 @@ doma_done: d_printf("Checking Guest's group.\n"); - pwd = getpwnam_alloc(NULL, lp_guestaccount()); + pwd = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount()); if (!pwd) { d_fprintf(stderr, "Failed to find just created Guest account!\n" " Is nss properly configured?!\n"); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index fe99b6fc9e..50cbc43d6d 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -571,7 +571,7 @@ static int new_user (struct pdb_methods *in, const char *username, get_global_sam_sid(); - if ( !(pwd = getpwnam_alloc( NULL, username )) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), username )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", username)); return -1; } @@ -675,7 +675,7 @@ static int new_machine (struct pdb_methods *in, const char *machine_in) fstrcpy(machineaccount, machinename); fstrcat(machineaccount, "$"); - if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), machineaccount )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", machineaccount)); return -1; } diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 600fe52f0d..d2652ad95a 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -337,7 +337,7 @@ static int process_root(int local_flags) load_interfaces(); } - if (!user_name[0] && (pwd = getpwuid_alloc(NULL, geteuid()))) { + if (!user_name[0] && (pwd = getpwuid_alloc(talloc_autofree_context(), geteuid()))) { fstrcpy(user_name, pwd->pw_name); TALLOC_FREE(pwd); } @@ -498,7 +498,7 @@ static int process_nonroot(int local_flags) } if (!user_name[0]) { - pwd = getpwuid_alloc(NULL, getuid()); + pwd = getpwuid_alloc(talloc_autofree_context(), getuid()); if (pwd) { fstrcpy(user_name,pwd->pw_name); TALLOC_FREE(pwd); diff --git a/source3/web/cgi.c b/source3/web/cgi.c index ce36bd9310..49e83717c3 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -314,7 +314,7 @@ static void cgi_web_auth(void) exit(0); } - pwd = getpwnam_alloc(NULL, user); + pwd = getpwnam_alloc(talloc_autofree_context(), user); if (!pwd) { printf("%sCannot find user %s
%s\n", head, user, tail); exit(0); @@ -367,7 +367,7 @@ static bool cgi_handle_authorization(char *line) * Try and get the user from the UNIX password file. */ - pass = getpwnam_alloc(NULL, user); + pass = getpwnam_alloc(talloc_autofree_context(), user); /* * Validate the password they have given. -- cgit From 5a2feed9dc4e7d28dee619a6941aa49be76fb298 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 23:29:20 -0800 Subject: If we didn't inherit any ACE's the ACE pointer should be NULL. Jeremy. --- source3/lib/secdesc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 94d249564f..de547d815f 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -563,15 +563,17 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* Create child security descriptor to return */ - - new_dacl = make_sec_acl(ctx, + if (new_ace_list_ndx) { + new_dacl = make_sec_acl(ctx, NT4_ACL_REVISION, new_ace_list_ndx, new_ace_list); - if (!new_dacl) { - return NT_STATUS_NO_MEMORY; + if (!new_dacl) { + return NT_STATUS_NO_MEMORY; + } } + *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, -- cgit From 616bc99b141b54abba9d377d7056dccfd49d4717 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 16:45:37 +0100 Subject: s4: security.idl: split of dom_sid stuff into dom_sid.idl This prepares having a shared security.idl file metze --- source4/librpc/config.mk | 8 +- source4/librpc/idl/dom_sid.idl | 34 ++++++ source4/librpc/idl/security.idl | 31 +----- source4/librpc/ndr/ndr_dom_sid.c | 217 ++++++++++++++++++++++++++++++++++++ source4/librpc/ndr/ndr_sec_helper.c | 191 +------------------------------ 5 files changed, 260 insertions(+), 221 deletions(-) create mode 100644 source4/librpc/idl/dom_sid.idl create mode 100644 source4/librpc/ndr/ndr_dom_sid.c diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index fb0ee6f816..37c12d8891 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -51,7 +51,10 @@ NDR_COMPRESSION_OBJ_FILES = ../librpc/ndr/ndr_compression.o [SUBSYSTEM::NDR_SECURITY] PUBLIC_DEPENDENCIES = NDR_MISC LIBSECURITY -NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o $(ndrsrcdir)/ndr_sec_helper.o +NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ + $(ndrsrcdir)/ndr_sec_helper.o \ + $(gen_ndrsrcdir)/ndr_dom_sid.o \ + $(ndrsrcdir)/ndr_dom_sid.o PUBLIC_HEADERS += $(gen_ndrsrcdir)/security.h @@ -738,7 +741,8 @@ python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT) PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc -python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o +python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o \ + $(gen_ndrsrcdir)/py_dom_sid.o $(IDL_HEADER_FILES) $(IDL_NDR_PARSE_H_FILES) $(IDL_NDR_PARSE_C_FILES) \ $(IDL_NDR_CLIENT_C_FILES) $(IDL_NDR_CLIENT_H_FILES) \ diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl new file mode 100644 index 0000000000..59faabae3a --- /dev/null +++ b/source4/librpc/idl/dom_sid.idl @@ -0,0 +1,34 @@ +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + +[ + pointer_default(unique) +] +interface dom_sid +{ + /* a domain SID. Note that unlike Samba3 this contains a pointer, + so you can't copy them using assignment */ + typedef [public,gensize,noprint,noejs,nosize] struct { + uint8 sid_rev_num; /**< SID revision number */ + [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ + uint8 id_auth[6]; /**< Identifier Authority */ + uint32 sub_auths[num_auths]; + } dom_sid; +} + diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 40aa698176..964e0b9e42 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -5,27 +5,10 @@ */ import "misc.idl"; - -/* - use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really - just a dom sid, but with the sub_auths represented as a conformant - array. As with all in-structure conformant arrays, the array length - is placed before the start of the structure. That's what gives rise - to the extra num_auths elemenent. We don't want the Samba code to - have to bother with such esoteric NDR details, so its easier to just - define it as a dom_sid and use pidl magic to make it all work. It - just means you need to mark a sid as a "dom_sid2" in the IDL when you - know it is of the conformant array variety -*/ -cpp_quote("#define dom_sid2 dom_sid") - -/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ -cpp_quote("#define dom_sid28 dom_sid") - -/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ -cpp_quote("#define dom_sid0 dom_sid") +import "dom_sid.idl"; [ + helper("librpc/gen_ndr/ndr_dom_sid.h"), pointer_default(unique) ] interface security @@ -242,16 +225,6 @@ interface security SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 } sec_privilege; - - /* a domain SID. Note that unlike Samba3 this contains a pointer, - so you can't copy them using assignment */ - typedef [public,gensize,noprint,noejs,nosize] struct { - uint8 sid_rev_num; /**< SID revision number */ - [range(0,15)] int8 num_auths; /**< Number of sub-authorities */ - uint8 id_auth[6]; /**< Identifier Authority */ - uint32 sub_auths[num_auths]; - } dom_sid; - /* id used to identify a endpoint, possibly in a cluster */ typedef [public] struct { hyper id; diff --git a/source4/librpc/ndr/ndr_dom_sid.c b/source4/librpc/ndr/ndr_dom_sid.c new file mode 100644 index 0000000000..b986231b4f --- /dev/null +++ b/source4/librpc/ndr/ndr_dom_sid.c @@ -0,0 +1,217 @@ +/* + Unix SMB/CIFS implementation. + + fast routines for getting the wire size of security objects + + Copyright (C) Andrew Tridgell 2003 + Copyright (C) Stefan Metzmacher 2006-2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include "includes.h" +#include "librpc/gen_ndr/ndr_security.h" +#include "libcli/security/security.h" + +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) +{ + struct dom_sid zero_sid; + + if (!sid) return 0; + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return 0; + } + + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + uint32_t num_auths; + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); + NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); + if (sid->num_auths != num_auths) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, + "Bad array size %u should exceed %u", + num_auths, sid->num_auths); + } + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field +*/ +enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + +/* + parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth +*/ +enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + enum ndr_err_code status; + struct ndr_pull *subndr; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + subndr = talloc_zero(ndr, struct ndr_pull); + NDR_ERR_HAVE_NO_MEMORY(subndr); + subndr->flags = ndr->flags; + subndr->current_mem_ctx = ndr->current_mem_ctx; + + subndr->data = ndr->data + ndr->offset; + subndr->data_size = 28; + subndr->offset = 0; + + NDR_CHECK(ndr_pull_advance(ndr, 28)); + + status = ndr_pull_dom_sid(subndr, ndr_flags, sid); + if (!NDR_ERR_CODE_IS_SUCCESS(status)) { + /* handle a w2k bug which send random data in the buffer */ + ZERO_STRUCTP(sid); + } else if (sid->num_auths == 0 && sid->sub_auths) { + talloc_free(sid->sub_auths); + sid->sub_auths = NULL; + } + + return NDR_ERR_SUCCESS; +} + +/* + push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer +*/ +enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + uint32_t old_offset; + uint32_t padding; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (sid->num_auths > 5) { + return ndr_push_error(ndr, NDR_ERR_RANGE, + "dom_sid28 allows only upto 5 sub auth [%u]", + sid->num_auths); + } + + old_offset = ndr->offset; + NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); + + padding = 28 - (ndr->offset - old_offset); + + if (padding > 0) { + NDR_CHECK(ndr_push_zero(ndr, padding)); + } + + return NDR_ERR_SUCCESS; +} + +/* + parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) +{ + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (ndr->data_size == ndr->offset) { + ZERO_STRUCTP(sid); + return NDR_ERR_SUCCESS; + } + + return ndr_pull_dom_sid(ndr, ndr_flags, sid); +} + +/* + push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty +*/ +enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) +{ + struct dom_sid zero_sid; + + if (!(ndr_flags & NDR_SCALARS)) { + return NDR_ERR_SUCCESS; + } + + if (!sid) { + return NDR_ERR_SUCCESS; + } + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return NDR_ERR_SUCCESS; + } + + return ndr_push_dom_sid(ndr, ndr_flags, sid); +} + diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c index 1256d7dd2d..a13c11510b 100644 --- a/source4/librpc/ndr/ndr_sec_helper.c +++ b/source4/librpc/ndr/ndr_sec_helper.c @@ -4,6 +4,7 @@ fast routines for getting the wire size of security objects Copyright (C) Andrew Tridgell 2003 + Copyright (C) Stefan Metzmacher 2006-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -24,35 +25,6 @@ #include "librpc/gen_ndr/ndr_security.h" #include "libcli/security/security.h" -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - /* return the wire size of a security_ace */ @@ -115,164 +87,3 @@ size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int fl return ret; } -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - uint32_t num_auths; - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &num_auths)); - NDR_CHECK(ndr_pull_dom_sid(ndr, ndr_flags, sid)); - if (sid->num_auths != num_auths) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, - "Bad array size %u should exceed %u", - num_auths, sid->num_auths); - } - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid2 - this is a dom_sid but with an extra copy of the num_auths field -*/ -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, sid->num_auths)); - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -/* - parse a dom_sid28 - this is a dom_sid in a fixed 28 byte buffer, so we need to ensure there are only upto 5 sub_auth -*/ -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - enum ndr_err_code status; - struct ndr_pull *subndr; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - subndr = talloc_zero(ndr, struct ndr_pull); - NDR_ERR_HAVE_NO_MEMORY(subndr); - subndr->flags = ndr->flags; - subndr->current_mem_ctx = ndr->current_mem_ctx; - - subndr->data = ndr->data + ndr->offset; - subndr->data_size = 28; - subndr->offset = 0; - - NDR_CHECK(ndr_pull_advance(ndr, 28)); - - status = ndr_pull_dom_sid(subndr, ndr_flags, sid); - if (!NDR_ERR_CODE_IS_SUCCESS(status)) { - /* handle a w2k bug which send random data in the buffer */ - ZERO_STRUCTP(sid); - } else if (sid->num_auths == 0 && sid->sub_auths) { - talloc_free(sid->sub_auths); - sid->sub_auths = NULL; - } - - return NDR_ERR_SUCCESS; -} - -/* - push a dom_sid28 - this is a dom_sid in a 28 byte fixed buffer -*/ -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - uint32_t old_offset; - uint32_t padding; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (sid->num_auths > 5) { - return ndr_push_error(ndr, NDR_ERR_RANGE, - "dom_sid28 allows only upto 5 sub auth [%u]", - sid->num_auths); - } - - old_offset = ndr->offset; - NDR_CHECK(ndr_push_dom_sid(ndr, ndr_flags, sid)); - - padding = 28 - (ndr->offset - old_offset); - - if (padding > 0) { - NDR_CHECK(ndr_push_zero(ndr, padding)); - } - - return NDR_ERR_SUCCESS; -} - -/* - parse a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_pull_dom_sid0(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid) -{ - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (ndr->data_size == ndr->offset) { - ZERO_STRUCTP(sid); - return NDR_ERR_SUCCESS; - } - - return ndr_pull_dom_sid(ndr, ndr_flags, sid); -} - -/* - push a dom_sid0 - this is a dom_sid in a variable byte buffer, which is maybe empty -*/ -enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid) -{ - struct dom_sid zero_sid; - - if (!(ndr_flags & NDR_SCALARS)) { - return NDR_ERR_SUCCESS; - } - - if (!sid) { - return NDR_ERR_SUCCESS; - } - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return NDR_ERR_SUCCESS; - } - - return ndr_push_dom_sid(ndr, ndr_flags, sid); -} - -- cgit From c6e5788435d2141f9161f3dc2ae75d1283193a25 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 17:52:01 +0100 Subject: s4: security.idl: for now move server_id also to dom_sid.idl We should move server_id somewhere else... metze --- source4/librpc/idl/dom_sid.idl | 8 ++++++++ source4/librpc/idl/security.idl | 7 ------- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/source4/librpc/idl/dom_sid.idl b/source4/librpc/idl/dom_sid.idl index 59faabae3a..80df11dbfe 100644 --- a/source4/librpc/idl/dom_sid.idl +++ b/source4/librpc/idl/dom_sid.idl @@ -30,5 +30,13 @@ interface dom_sid uint8 id_auth[6]; /**< Identifier Authority */ uint32 sub_auths[num_auths]; } dom_sid; + + /* id used to identify a endpoint, possibly in a cluster */ + typedef [public] struct { + hyper id; + uint32 id2; + uint32 node; + } server_id; + } diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl index 964e0b9e42..2c8edac2b3 100644 --- a/source4/librpc/idl/security.idl +++ b/source4/librpc/idl/security.idl @@ -225,13 +225,6 @@ interface security SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 } sec_privilege; - /* id used to identify a endpoint, possibly in a cluster */ - typedef [public] struct { - hyper id; - uint32 id2; - uint32 node; - } server_id; - typedef [bitmap8bit] bitmap { SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02, -- cgit From da9f41dde201d747c50ac2f5bf7973818f168855 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 22:33:45 +0100 Subject: s4: ndr_sec_helper: remove unused include metze --- source4/librpc/ndr/ndr_sec_helper.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c index a13c11510b..009e3524a7 100644 --- a/source4/librpc/ndr/ndr_sec_helper.c +++ b/source4/librpc/ndr/ndr_sec_helper.c @@ -23,7 +23,6 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_security.h" -#include "libcli/security/security.h" /* return the wire size of a security_ace -- cgit From ff5c58da55ae359496480e66f209d9ef3e2a05cb Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 22:41:12 +0100 Subject: librpc/ndr: move ndr_sec_helper.c to the toplevel metze --- librpc/ndr/ndr_sec_helper.c | 88 +++++++++++++++++++++++++++++++++++++ source4/librpc/config.mk | 2 +- source4/librpc/ndr/ndr_sec_helper.c | 88 ------------------------------------- 3 files changed, 89 insertions(+), 89 deletions(-) create mode 100644 librpc/ndr/ndr_sec_helper.c delete mode 100644 source4/librpc/ndr/ndr_sec_helper.c diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c new file mode 100644 index 0000000000..009e3524a7 --- /dev/null +++ b/librpc/ndr/ndr_sec_helper.c @@ -0,0 +1,88 @@ +/* + Unix SMB/CIFS implementation. + + fast routines for getting the wire size of security objects + + Copyright (C) Andrew Tridgell 2003 + Copyright (C) Stefan Metzmacher 2006-2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include "includes.h" +#include "librpc/gen_ndr/ndr_security.h" + +/* + return the wire size of a security_ace +*/ +size_t ndr_size_security_ace(const struct security_ace *ace, int flags) +{ + size_t ret; + + if (!ace) return 0; + + ret = 8 + ndr_size_dom_sid(&ace->trustee, flags); + + switch (ace->type) { + case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: + case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: + case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: + case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: + ret += 4; /* uint32 bitmap ace->object.object.flags */ + if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { + ret += 16; /* GUID ace->object.object.type.type */ + } + if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { + ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */ + } + break; + default: + break; + } + + return ret; +} + +/* + return the wire size of a security_acl +*/ +size_t ndr_size_security_acl(const struct security_acl *acl, int flags) +{ + size_t ret; + int i; + if (!acl) return 0; + ret = 8; + for (i=0;inum_aces;i++) { + ret += ndr_size_security_ace(&acl->aces[i], flags); + } + return ret; +} + +/* + return the wire size of a security descriptor +*/ +size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags) +{ + size_t ret; + if (!sd) return 0; + + ret = 20; + ret += ndr_size_dom_sid(sd->owner_sid, flags); + ret += ndr_size_dom_sid(sd->group_sid, flags); + ret += ndr_size_security_acl(sd->dacl, flags); + ret += ndr_size_security_acl(sd->sacl, flags); + return ret; +} + diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 37c12d8891..f9412a6851 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -52,7 +52,7 @@ NDR_COMPRESSION_OBJ_FILES = ../librpc/ndr/ndr_compression.o PUBLIC_DEPENDENCIES = NDR_MISC LIBSECURITY NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ - $(ndrsrcdir)/ndr_sec_helper.o \ + ../librpc/ndr/ndr_sec_helper.o \ $(gen_ndrsrcdir)/ndr_dom_sid.o \ $(ndrsrcdir)/ndr_dom_sid.o diff --git a/source4/librpc/ndr/ndr_sec_helper.c b/source4/librpc/ndr/ndr_sec_helper.c deleted file mode 100644 index 009e3524a7..0000000000 --- a/source4/librpc/ndr/ndr_sec_helper.c +++ /dev/null @@ -1,88 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - Copyright (C) Stefan Metzmacher 2006-2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include "includes.h" -#include "librpc/gen_ndr/ndr_security.h" - -/* - return the wire size of a security_ace -*/ -size_t ndr_size_security_ace(const struct security_ace *ace, int flags) -{ - size_t ret; - - if (!ace) return 0; - - ret = 8 + ndr_size_dom_sid(&ace->trustee, flags); - - switch (ace->type) { - case SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT: - case SEC_ACE_TYPE_ACCESS_DENIED_OBJECT: - case SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT: - case SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT: - ret += 4; /* uint32 bitmap ace->object.object.flags */ - if (ace->object.object.flags & SEC_ACE_OBJECT_TYPE_PRESENT) { - ret += 16; /* GUID ace->object.object.type.type */ - } - if (ace->object.object.flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT) { - ret += 16; /* GUID ace->object.object.inherited_typeinherited_type */ - } - break; - default: - break; - } - - return ret; -} - -/* - return the wire size of a security_acl -*/ -size_t ndr_size_security_acl(const struct security_acl *acl, int flags) -{ - size_t ret; - int i; - if (!acl) return 0; - ret = 8; - for (i=0;inum_aces;i++) { - ret += ndr_size_security_ace(&acl->aces[i], flags); - } - return ret; -} - -/* - return the wire size of a security descriptor -*/ -size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags) -{ - size_t ret; - if (!sd) return 0; - - ret = 20; - ret += ndr_size_dom_sid(sd->owner_sid, flags); - ret += ndr_size_dom_sid(sd->group_sid, flags); - ret += ndr_size_security_acl(sd->dacl, flags); - ret += ndr_size_security_acl(sd->sacl, flags); - return ret; -} - -- cgit From 9579036dc5ce74820d12dc3a1ec2f1cd4a93e246 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 8 Nov 2008 08:01:19 +0100 Subject: s4: fix samba4.samba3sam.python test metze --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 4 ++-- source4/librpc/config.mk | 11 ++++++++--- 2 files changed, 10 insertions(+), 5 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 1fc531902d..7162edcb3d 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -27,7 +27,7 @@ import ldb from ldb import SCOPE_DEFAULT, SCOPE_BASE, SCOPE_SUBTREE from samba import Ldb, substitute_var from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm -import samba.dcerpc.security +import samba.dcerpc.dom_sid import samba.security import samba.ndr @@ -116,7 +116,7 @@ class MapBaseTestCase(TestCaseInTempDir): super(MapBaseTestCase, self).tearDown() def assertSidEquals(self, text, ndr_sid): - sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.security.dom_sid, + sid_obj1 = samba.ndr.ndr_unpack(samba.dcerpc.dom_sid.dom_sid, str(ndr_sid[0])) sid_obj2 = samba.security.Sid(text) # For now, this is the only way we can compare these since the diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index f9412a6851..239acbe03a 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -737,12 +737,17 @@ PRIVATE_DEPENDENCIES = RPC_NDR_DRSUAPI PYTALLOC param swig_credentials python_dc python_drsuapi_OBJ_FILES = $(gen_ndrsrcdir)/py_drsuapi.o +[PYTHON::python_dcerpc_dom_sid] +LIBRARY_REALNAME = samba/dcerpc/dom_sid.$(SHLIBEXT) +PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc + +python_dcerpc_dom_sid_OBJ_FILES = $(gen_ndrsrcdir)/py_dom_sid.o + [PYTHON::python_dcerpc_security] LIBRARY_REALNAME = samba/dcerpc/security.$(SHLIBEXT) -PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc +PRIVATE_DEPENDENCIES = PYTALLOC python_dcerpc_misc python_dcerpc_dom_sid python_dcerpc -python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o \ - $(gen_ndrsrcdir)/py_dom_sid.o +python_dcerpc_security_OBJ_FILES = $(gen_ndrsrcdir)/py_security.o $(IDL_HEADER_FILES) $(IDL_NDR_PARSE_H_FILES) $(IDL_NDR_PARSE_C_FILES) \ $(IDL_NDR_CLIENT_C_FILES) $(IDL_NDR_CLIENT_H_FILES) \ -- cgit From 0d2551772301e9c25e63bb02479e09fc45fdaa26 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 21:31:04 +0100 Subject: s3: security.idl: split of dom_sid stuff into dom_sid.idl And use the toplevel ndr_sec_helper.c metze --- librpc/idl/security.idl | 21 +----- source3/Makefile.in | 4 +- source3/librpc/gen_ndr/dom_sid.h | 15 +++++ source3/librpc/gen_ndr/ndr_security.c | 1 + source3/librpc/gen_ndr/ndr_security.h | 1 + source3/librpc/gen_ndr/security.h | 4 +- source3/librpc/idl/dom_sid.idl | 29 +++++++++ source3/librpc/ndr/ndr_sec.h | 35 ---------- source3/librpc/ndr/ndr_sec_helper.c | 117 ---------------------------------- source3/librpc/ndr/sid.c | 53 +++++++++++++++ 10 files changed, 104 insertions(+), 176 deletions(-) create mode 100644 source3/librpc/gen_ndr/dom_sid.h create mode 100644 source3/librpc/idl/dom_sid.idl delete mode 100644 source3/librpc/ndr/ndr_sec.h delete mode 100644 source3/librpc/ndr/ndr_sec_helper.c diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 690f406081..a9c9392c53 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -5,27 +5,10 @@ */ import "misc.idl"; - -/* - use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really - just a dom sid, but with the sub_auths represented as a conformant - array. As with all in-structure conformant arrays, the array length - is placed before the start of the structure. That's what gives rise - to the extra num_auths elemenent. We don't want the Samba code to - have to bother with such esoteric NDR details, so its easier to just - define it as a dom_sid and use pidl magic to make it all work. It - just means you need to mark a sid as a "dom_sid2" in the IDL when you - know it is of the conformant array variety -*/ -cpp_quote("#define dom_sid2 dom_sid") - -/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ -cpp_quote("#define dom_sid28 dom_sid") - -/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ -cpp_quote("#define dom_sid0 dom_sid") +import "dom_sid.idl"; [ + helper("librpc/gen_ndr/ndr_dom_sid.h"), pointer_default(unique) ] interface security diff --git a/source3/Makefile.in b/source3/Makefile.in index b8646aa931..a644eeae64 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -267,7 +267,7 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \ ../librpc/ndr/ndr_misc.o \ librpc/gen_ndr/ndr_misc.o \ librpc/gen_ndr/ndr_security.o \ - librpc/ndr/ndr_sec_helper.o \ + ../librpc/ndr/ndr_sec_helper.o \ librpc/ndr/ndr_string.o \ librpc/ndr/sid.o \ ../librpc/ndr/uuid.o \ @@ -1225,7 +1225,7 @@ samba3-idl:: ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ - ../librpc/idl/named_pipe_auth.idl + ../librpc/idl/named_pipe_auth.idl librpc/idl/dom_sid.idl librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h @echo "Generating $@" diff --git a/source3/librpc/gen_ndr/dom_sid.h b/source3/librpc/gen_ndr/dom_sid.h new file mode 100644 index 0000000000..57dd16855a --- /dev/null +++ b/source3/librpc/gen_ndr/dom_sid.h @@ -0,0 +1,15 @@ +/* header auto-generated by pidl */ + +#include + +#define dom_sid2 dom_sid +#define dom_sid28 dom_sid +#define dom_sid0 dom_sid +#ifndef _HEADER_dom_sid +#define _HEADER_dom_sid + +struct _dummy_domsid { + uint8_t dummy; +}; + +#endif /* _HEADER_dom_sid */ diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index de899241ab..b93a051d7a 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -4,6 +4,7 @@ #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_dom_sid.h" static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index 7a2ff74309..90800d3d1b 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -6,6 +6,7 @@ #ifndef _HEADER_NDR_security #define _HEADER_NDR_security +#include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r); diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index bb06dc2584..59b00a56a9 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -3,9 +3,7 @@ #include #include "librpc/gen_ndr/misc.h" -#define dom_sid2 dom_sid -#define dom_sid28 dom_sid -#define dom_sid0 dom_sid +#include "librpc/gen_ndr/dom_sid.h" #ifndef _HEADER_security #define _HEADER_security diff --git a/source3/librpc/idl/dom_sid.idl b/source3/librpc/idl/dom_sid.idl new file mode 100644 index 0000000000..c405c18726 --- /dev/null +++ b/source3/librpc/idl/dom_sid.idl @@ -0,0 +1,29 @@ +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + +[ + pointer_default(unique) +] +interface dom_sid +{ + struct _dummy_domsid { + uint8 dummy; + }; +} + diff --git a/source3/librpc/ndr/ndr_sec.h b/source3/librpc/ndr/ndr_sec.h deleted file mode 100644 index 8034367223..0000000000 --- a/source3/librpc/ndr/ndr_sec.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef __LIBRPC_NDR_NDR_SEC_H__ -#define __LIBRPC_NDR_NDR_SEC_H__ - -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) -/* This file was automatically generated by mkproto.pl. DO NOT EDIT */ - -#ifndef _PUBLIC_ -#define _PUBLIC_ -#endif - - -/* The following definitions come from librpc/ndr/ndr_sec_helper.c */ - -size_t ndr_size_dom_sid(const struct dom_sid *sid); -size_t ndr_length_dom_sid(const struct dom_sid *sid); -size_t ndr_size_security_ace(const struct security_ace *ace); -size_t ndr_size_security_acl(const struct security_acl *acl); -size_t ndr_size_security_descriptor(const struct security_descriptor *sd); -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); - -/* The following definitions come from librpc/ndr/ndr_sec.c */ - -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) - -#endif /* __LIBRPC_NDR_NDR_SEC_H__ */ - diff --git a/source3/librpc/ndr/ndr_sec_helper.c b/source3/librpc/ndr/ndr_sec_helper.c deleted file mode 100644 index 18d343799e..0000000000 --- a/source3/librpc/ndr/ndr_sec_helper.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include "includes.h" - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -/* - return the wire size of a security_ace -*/ -size_t ndr_size_security_ace(const struct security_ace *ace, int flags) -{ - if (!ace) return 0; - return 8 + ndr_size_dom_sid(&ace->trustee, flags); -} - - -/* - return the wire size of a security_acl -*/ -size_t ndr_size_security_acl(const struct security_acl *acl, int flags) -{ - size_t ret; - int i; - if (!acl) return 0; - ret = 8; - for (i=0;inum_aces;i++) { - ret += ndr_size_security_ace(&acl->aces[i], flags); - } - return ret; -} - -/* - return the wire size of a security descriptor -*/ -size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags) -{ - size_t ret; - if (!sd) return 0; - - ret = 20; - ret += ndr_size_dom_sid(sd->owner_sid, flags); - ret += ndr_size_dom_sid(sd->group_sid, flags); - ret += ndr_size_security_acl(sd->dacl, flags); - ret += ndr_size_security_acl(sd->sacl, flags); - return ret; -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index ed27375de1..39b7e3cd59 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -21,6 +21,35 @@ #include "includes.h" +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) +{ + struct dom_sid zero_sid; + + if (!sid) return 0; + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return 0; + } + + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) { uint32_t cntr_sub_auths_0; @@ -228,3 +257,27 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s return ndr_push_dom_sid(ndr, ndr_flags, sid); } + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + -- cgit From 03b9547b478265c542f6a19b8677426bedeeb611 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 23:16:27 +0100 Subject: s4: use toplevel security.idl metze --- source4/librpc/config.mk | 2 +- source4/librpc/idl/security.idl | 376 ---------------------------------------- 2 files changed, 1 insertion(+), 377 deletions(-) delete mode 100644 source4/librpc/idl/security.idl diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 239acbe03a..ba4793cc8e 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -370,7 +370,7 @@ NDR_WINBIND_OBJ_FILES = $(gen_ndrsrcdir)/ndr_winbind.o #PUBLIC_HEADERS += $(gen_ndrsrcdir)/winbind.h $(librpcsrcdir)/idl-deps: - $(PERL) $(librpcsrcdir)/idl-deps.pl $(filter-out ../librpc/idl/security.idl,$(wildcard $(librpcsrcdir)/idl/*.idl ../librpc/idl/*.idl)) >$@ + $(PERL) $(librpcsrcdir)/idl-deps.pl $(wildcard $(librpcsrcdir)/idl/*.idl ../librpc/idl/*.idl) >$@ clean:: rm -f $(librpcsrcdir)/idl-deps diff --git a/source4/librpc/idl/security.idl b/source4/librpc/idl/security.idl deleted file mode 100644 index 2c8edac2b3..0000000000 --- a/source4/librpc/idl/security.idl +++ /dev/null @@ -1,376 +0,0 @@ -#include "idl_types.h" - -/* - security IDL structures -*/ - -import "misc.idl"; -import "dom_sid.idl"; - -[ - helper("librpc/gen_ndr/ndr_dom_sid.h"), - pointer_default(unique) -] -interface security -{ - /* - access masks are divided up like this: - 0xabccdddd - where - a = generic rights bits SEC_GENERIC_ - b = flags SEC_FLAG_ - c = standard rights bits SEC_STD_ - d = object type specific bits SEC_{FILE,DIR,REG,xxx}_ - - common combinations of bits are prefixed with SEC_RIGHTS_ - */ - const int SEC_MASK_GENERIC = 0xF0000000; - const int SEC_MASK_FLAGS = 0x0F000000; - const int SEC_MASK_STANDARD = 0x00FF0000; - const int SEC_MASK_SPECIFIC = 0x0000FFFF; - - /* generic bits */ - const int SEC_GENERIC_ALL = 0x10000000; - const int SEC_GENERIC_EXECUTE = 0x20000000; - const int SEC_GENERIC_WRITE = 0x40000000; - const int SEC_GENERIC_READ = 0x80000000; - - /* flag bits */ - const int SEC_FLAG_SYSTEM_SECURITY = 0x01000000; - const int SEC_FLAG_MAXIMUM_ALLOWED = 0x02000000; - - /* standard bits */ - const int SEC_STD_DELETE = 0x00010000; - const int SEC_STD_READ_CONTROL = 0x00020000; - const int SEC_STD_WRITE_DAC = 0x00040000; - const int SEC_STD_WRITE_OWNER = 0x00080000; - const int SEC_STD_SYNCHRONIZE = 0x00100000; - const int SEC_STD_REQUIRED = 0x000F0000; - const int SEC_STD_ALL = 0x001F0000; - - /* file specific bits */ - const int SEC_FILE_READ_DATA = 0x00000001; - const int SEC_FILE_WRITE_DATA = 0x00000002; - const int SEC_FILE_APPEND_DATA = 0x00000004; - const int SEC_FILE_READ_EA = 0x00000008; - const int SEC_FILE_WRITE_EA = 0x00000010; - const int SEC_FILE_EXECUTE = 0x00000020; - const int SEC_FILE_READ_ATTRIBUTE = 0x00000080; - const int SEC_FILE_WRITE_ATTRIBUTE = 0x00000100; - const int SEC_FILE_ALL = 0x000001ff; - - /* directory specific bits */ - const int SEC_DIR_LIST = 0x00000001; - const int SEC_DIR_ADD_FILE = 0x00000002; - const int SEC_DIR_ADD_SUBDIR = 0x00000004; - const int SEC_DIR_READ_EA = 0x00000008; - const int SEC_DIR_WRITE_EA = 0x00000010; - const int SEC_DIR_TRAVERSE = 0x00000020; - const int SEC_DIR_DELETE_CHILD = 0x00000040; - const int SEC_DIR_READ_ATTRIBUTE = 0x00000080; - const int SEC_DIR_WRITE_ATTRIBUTE = 0x00000100; - - /* registry entry specific bits */ - const int SEC_REG_QUERY_VALUE = 0x00000001; - const int SEC_REG_SET_VALUE = 0x00000002; - const int SEC_REG_CREATE_SUBKEY = 0x00000004; - const int SEC_REG_ENUM_SUBKEYS = 0x00000008; - const int SEC_REG_NOTIFY = 0x00000010; - const int SEC_REG_CREATE_LINK = 0x00000020; - - /* ldap specific access bits */ - const int SEC_ADS_CREATE_CHILD = 0x00000001; - const int SEC_ADS_DELETE_CHILD = 0x00000002; - const int SEC_ADS_LIST = 0x00000004; - const int SEC_ADS_SELF_WRITE = 0x00000008; - const int SEC_ADS_READ_PROP = 0x00000010; - const int SEC_ADS_WRITE_PROP = 0x00000020; - const int SEC_ADS_DELETE_TREE = 0x00000040; - const int SEC_ADS_LIST_OBJECT = 0x00000080; - const int SEC_ADS_CONTROL_ACCESS = 0x00000100; - - /* invalid bits */ - const int SEC_MASK_INVALID = 0x0ce0fe00; - - /* generic->specific mappings for files */ - const int SEC_RIGHTS_FILE_READ = SEC_STD_READ_CONTROL | - SEC_STD_SYNCHRONIZE | - SEC_FILE_READ_DATA | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_READ_EA; - - const int SEC_RIGHTS_FILE_WRITE = SEC_STD_READ_CONTROL | - SEC_STD_SYNCHRONIZE | - SEC_FILE_WRITE_DATA | - SEC_FILE_WRITE_ATTRIBUTE | - SEC_FILE_WRITE_EA | - SEC_FILE_APPEND_DATA; - - const int SEC_RIGHTS_FILE_EXECUTE = SEC_STD_SYNCHRONIZE | - SEC_STD_READ_CONTROL | - SEC_FILE_READ_ATTRIBUTE | - SEC_FILE_EXECUTE; - - const int SEC_RIGHTS_FILE_ALL = SEC_STD_ALL | SEC_FILE_ALL; - - /* generic->specific mappings for directories (same as files) */ - const int SEC_RIGHTS_DIR_READ = SEC_RIGHTS_FILE_READ; - const int SEC_RIGHTS_DIR_WRITE = SEC_RIGHTS_FILE_WRITE; - const int SEC_RIGHTS_DIR_EXECUTE = SEC_RIGHTS_FILE_EXECUTE; - const int SEC_RIGHTS_DIR_ALL = SEC_RIGHTS_FILE_ALL; - - - /***************************************************************/ - /* WELL KNOWN SIDS */ - - /* a NULL sid */ - const string SID_NULL = "S-1-0-0"; - - /* the world domain */ - const string NAME_WORLD = "WORLD"; - - const string SID_WORLD_DOMAIN = "S-1-1"; - const string SID_WORLD = "S-1-1-0"; - - /* SECURITY_CREATOR_SID_AUTHORITY */ - const string SID_CREATOR_OWNER_DOMAIN = "S-1-3"; - const string SID_CREATOR_OWNER = "S-1-3-0"; - const string SID_CREATOR_GROUP = "S-1-3-1"; - const string SID_OWNER_RIGHTS = "S-1-3-4"; - - /* SECURITY_NT_AUTHORITY */ - const string NAME_NT_AUTHORITY = "NT AUTHORITY"; - - const string SID_NT_AUTHORITY = "S-1-5"; - const string SID_NT_DIALUP = "S-1-5-1"; - const string SID_NT_NETWORK = "S-1-5-2"; - const string SID_NT_BATCH = "S-1-5-3"; - const string SID_NT_INTERACTIVE = "S-1-5-4"; - const string SID_NT_SERVICE = "S-1-5-6"; - const string SID_NT_ANONYMOUS = "S-1-5-7"; - const string SID_NT_PROXY = "S-1-5-8"; - const string SID_NT_ENTERPRISE_DCS = "S-1-5-9"; - const string SID_NT_SELF = "S-1-5-10"; - const string SID_NT_AUTHENTICATED_USERS = "S-1-5-11"; - const string SID_NT_RESTRICTED = "S-1-5-12"; - const string SID_NT_TERMINAL_SERVER_USERS = "S-1-5-13"; - const string SID_NT_REMOTE_INTERACTIVE = "S-1-5-14"; - const string SID_NT_THIS_ORGANISATION = "S-1-5-15"; - const string SID_NT_IUSR = "S-1-5-17"; - const string SID_NT_SYSTEM = "S-1-5-18"; - const string SID_NT_LOCAL_SERVICE = "S-1-5-19"; - const string SID_NT_NETWORK_SERVICE = "S-1-5-20"; - const string SID_NT_DIGEST_AUTHENTICATION = "S-1-5-64-21"; - const string SID_NT_NTLM_AUTHENTICATION = "S-1-5-64-10"; - const string SID_NT_SCHANNEL_AUTHENTICATION = "S-1-5-64-14"; - const string SID_NT_OTHER_ORGANISATION = "S-1-5-1000"; - - /* SECURITY_BUILTIN_DOMAIN_RID */ - const string NAME_BUILTIN = "BUILTIN"; - - const string SID_BUILTIN = "S-1-5-32"; - const string SID_BUILTIN_ADMINISTRATORS = "S-1-5-32-544"; - const string SID_BUILTIN_USERS = "S-1-5-32-545"; - const string SID_BUILTIN_GUESTS = "S-1-5-32-546"; - const string SID_BUILTIN_POWER_USERS = "S-1-5-32-547"; - const string SID_BUILTIN_ACCOUNT_OPERATORS = "S-1-5-32-548"; - const string SID_BUILTIN_SERVER_OPERATORS = "S-1-5-32-549"; - const string SID_BUILTIN_PRINT_OPERATORS = "S-1-5-32-550"; - const string SID_BUILTIN_BACKUP_OPERATORS = "S-1-5-32-551"; - const string SID_BUILTIN_REPLICATOR = "S-1-5-32-552"; - const string SID_BUILTIN_RAS_SERVERS = "S-1-5-32-553"; - const string SID_BUILTIN_PREW2K = "S-1-5-32-554"; - - /* well-known domain RIDs */ - const int DOMAIN_RID_LOGON = 9; - const int DOMAIN_RID_ADMINISTRATOR = 500; - const int DOMAIN_RID_GUEST = 501; - const int DOMAIN_RID_ADMINS = 512; - const int DOMAIN_RID_USERS = 513; - const int DOMAIN_RID_DOMAIN_MEMBERS = 515; - const int DOMAIN_RID_DCS = 516; - const int DOMAIN_RID_CERT_ADMINS = 517; - const int DOMAIN_RID_SCHEMA_ADMINS = 518; - const int DOMAIN_RID_ENTERPRISE_ADMINS = 519; - - - /* - privilege IDs. Please keep the IDs below 64. If we get more - than 64 then we need to change security_token - */ - typedef enum { - SEC_PRIV_SECURITY = 1, - SEC_PRIV_BACKUP = 2, - SEC_PRIV_RESTORE = 3, - SEC_PRIV_SYSTEMTIME = 4, - SEC_PRIV_SHUTDOWN = 5, - SEC_PRIV_REMOTE_SHUTDOWN = 6, - SEC_PRIV_TAKE_OWNERSHIP = 7, - SEC_PRIV_DEBUG = 8, - SEC_PRIV_SYSTEM_ENVIRONMENT = 9, - SEC_PRIV_SYSTEM_PROFILE = 10, - SEC_PRIV_PROFILE_SINGLE_PROCESS = 11, - SEC_PRIV_INCREASE_BASE_PRIORITY = 12, - SEC_PRIV_LOAD_DRIVER = 13, - SEC_PRIV_CREATE_PAGEFILE = 14, - SEC_PRIV_INCREASE_QUOTA = 15, - SEC_PRIV_CHANGE_NOTIFY = 16, - SEC_PRIV_UNDOCK = 17, - SEC_PRIV_MANAGE_VOLUME = 18, - SEC_PRIV_IMPERSONATE = 19, - SEC_PRIV_CREATE_GLOBAL = 20, - SEC_PRIV_ENABLE_DELEGATION = 21, - SEC_PRIV_INTERACTIVE_LOGON = 22, - SEC_PRIV_NETWORK_LOGON = 23, - SEC_PRIV_REMOTE_INTERACTIVE_LOGON = 24 - } sec_privilege; - - typedef [bitmap8bit] bitmap { - SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, - SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02, - SEC_ACE_FLAG_NO_PROPAGATE_INHERIT = 0x04, - SEC_ACE_FLAG_INHERIT_ONLY = 0x08, - SEC_ACE_FLAG_INHERITED_ACE = 0x10, - SEC_ACE_FLAG_VALID_INHERIT = 0x0f, - SEC_ACE_FLAG_SUCCESSFUL_ACCESS = 0x40, - SEC_ACE_FLAG_FAILED_ACCESS = 0x80 - } security_ace_flags; - - typedef [enum8bit] enum { - SEC_ACE_TYPE_ACCESS_ALLOWED = 0, - SEC_ACE_TYPE_ACCESS_DENIED = 1, - SEC_ACE_TYPE_SYSTEM_AUDIT = 2, - SEC_ACE_TYPE_SYSTEM_ALARM = 3, - SEC_ACE_TYPE_ALLOWED_COMPOUND = 4, - SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT = 5, - SEC_ACE_TYPE_ACCESS_DENIED_OBJECT = 6, - SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT = 7, - SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT = 8 - } security_ace_type; - - typedef [bitmap32bit] bitmap { - SEC_ACE_OBJECT_TYPE_PRESENT = 0x00000001, - SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT = 0x00000002 - } security_ace_object_flags; - - typedef [nodiscriminant] union { - /* this is the 'schemaIDGUID' attribute of the attribute object in the schema naming context */ - [case(SEC_ACE_OBJECT_TYPE_PRESENT)] GUID type; - [default]; - } security_ace_object_type; - - typedef [nodiscriminant] union { - /* this is the 'schemaIDGUID' attribute of the objectclass object in the schema naming context - * (of the parent container) - */ - [case(SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] GUID inherited_type; - [default]; - } security_ace_object_inherited_type; - - typedef struct { - security_ace_object_flags flags; - [switch_is(flags & SEC_ACE_OBJECT_TYPE_PRESENT)] security_ace_object_type type; - [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type; - } security_ace_object; - - typedef [nodiscriminant] union { - [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object; - [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object; - [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object; - [case(SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT)] security_ace_object object; - [default]; - } security_ace_object_ctr; - - typedef [public,gensize,nosize] struct { - security_ace_type type; /* SEC_ACE_TYPE_* */ - security_ace_flags flags; /* SEC_ACE_FLAG_* */ - [value(ndr_size_security_ace(r,ndr->flags))] uint16 size; - uint32 access_mask; - [switch_is(type)] security_ace_object_ctr object; - dom_sid trustee; - } security_ace; - - typedef enum { - SECURITY_ACL_REVISION_NT4 = 2, - SECURITY_ACL_REVISION_ADS = 4 - } security_acl_revision; - - const uint NT4_ACL_REVISION = SECURITY_ACL_REVISION_NT4; - - typedef [public,gensize,nosize] struct { - security_acl_revision revision; - [value(ndr_size_security_acl(r,ndr->flags))] uint16 size; - [range(0,1000)] uint32 num_aces; - security_ace aces[num_aces]; - } security_acl; - - /* default revision for new ACLs */ - typedef [enum8bit] enum { - SECURITY_DESCRIPTOR_REVISION_1 = 1 - } security_descriptor_revision; - - const int SD_REVISION = SECURITY_DESCRIPTOR_REVISION_1; - - /* security_descriptor->type bits */ - typedef [bitmap16bit] bitmap { - SEC_DESC_OWNER_DEFAULTED = 0x0001, - SEC_DESC_GROUP_DEFAULTED = 0x0002, - SEC_DESC_DACL_PRESENT = 0x0004, - SEC_DESC_DACL_DEFAULTED = 0x0008, - SEC_DESC_SACL_PRESENT = 0x0010, - SEC_DESC_SACL_DEFAULTED = 0x0020, - SEC_DESC_DACL_TRUSTED = 0x0040, - SEC_DESC_SERVER_SECURITY = 0x0080, - SEC_DESC_DACL_AUTO_INHERIT_REQ = 0x0100, - SEC_DESC_SACL_AUTO_INHERIT_REQ = 0x0200, - SEC_DESC_DACL_AUTO_INHERITED = 0x0400, - SEC_DESC_SACL_AUTO_INHERITED = 0x0800, - SEC_DESC_DACL_PROTECTED = 0x1000, - SEC_DESC_SACL_PROTECTED = 0x2000, - SEC_DESC_RM_CONTROL_VALID = 0x4000, - SEC_DESC_SELF_RELATIVE = 0x8000 - } security_descriptor_type; - - typedef [gensize,nosize,public,flag(NDR_LITTLE_ENDIAN)] struct { - security_descriptor_revision revision; - security_descriptor_type type; /* SEC_DESC_xxxx flags */ - [relative] dom_sid *owner_sid; - [relative] dom_sid *group_sid; - [relative] security_acl *sacl; /* system ACL */ - [relative] security_acl *dacl; /* user (discretionary) ACL */ - } security_descriptor; - - typedef [public] struct { - [range(0,0x40000),value(ndr_size_security_descriptor(sd,ndr->flags))] uint32 sd_size; - [subcontext(4)] security_descriptor *sd; - } sec_desc_buf; - - typedef [public] struct { - dom_sid *user_sid; - dom_sid *group_sid; - uint32 num_sids; - [size_is(num_sids)] dom_sid *sids[*]; - udlong privilege_mask; - } security_token; - - /* bits that determine which parts of a security descriptor - are being queried/set */ - typedef [public,bitmap32bit] bitmap { - SECINFO_OWNER = 0x00000001, - SECINFO_GROUP = 0x00000002, - SECINFO_DACL = 0x00000004, - SECINFO_SACL = 0x00000008, - SECINFO_UNPROTECTED_SACL = 0x10000000, - SECINFO_UNPROTECTED_DACL = 0x20000000, - SECINFO_PROTECTED_SACL = 0x40000000, - SECINFO_PROTECTED_DACL = 0x80000000 - } security_secinfo; - - typedef [public,bitmap32bit] bitmap { - KERB_ENCTYPE_DES_CBC_CRC = 0x00000001, - KERB_ENCTYPE_DES_CBC_MD5 = 0x00000002, - KERB_ENCTYPE_RC4_HMAC_MD5 = 0x00000004, - KERB_ENCTYPE_AES128_CTS_HMAC_SHA1_96 = 0x00000008, - KERB_ENCTYPE_AES256_CTS_HMAC_SHA1_96 = 0x00000010 - } kerb_EncTypes; -} -- cgit From 1e80221b2340de5ef5e2a17f10511bbc2c041163 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 10:49:59 +0100 Subject: security.idl: sometimes ACEs have some padding at the end metze --- librpc/idl/security.idl | 2 +- librpc/ndr/ndr_sec_helper.c | 30 ++++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index a9c9392c53..c869eef01c 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -296,7 +296,7 @@ interface security [default]; } security_ace_object_ctr; - typedef [public,gensize,nosize] struct { + typedef [public,nopull,gensize,nosize] struct { security_ace_type type; /* SEC_ACE_TYPE_* */ security_ace_flags flags; /* SEC_ACE_FLAG_* */ [value(ndr_size_security_ace(r,ndr->flags))] uint16 size; diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index 009e3524a7..4b135505d8 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -55,6 +55,36 @@ size_t ndr_size_security_ace(const struct security_ace *ace, int flags) return ret; } +enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r) +{ + if (ndr_flags & NDR_SCALARS) { + uint32_t start_ofs = ndr->offset; + uint32_t size = 0; + uint32_t pad = 0; + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type)); + NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags)); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type)); + NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object)); + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee)); + size = ndr->offset - start_ofs; + if (r->size < size) { + return ndr_pull_error(ndr, NDR_ERR_BUFSIZE, + "ndr_pull_security_ace: r->size %u < size %u", + (unsigned)r->size, size); + } + pad = r->size - size; + NDR_PULL_NEED_BYTES(ndr, pad); + ndr->offset += pad; + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); + } + return NDR_ERR_SUCCESS; +} + /* return the wire size of a security_acl */ -- cgit From 07ee1a6e146b0639e3f00020a7bf763744cbc61f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 23:32:28 +0100 Subject: s3: make idl metze --- librpc/idl/security.idl | 6 +++--- source3/librpc/gen_ndr/ndr_security.c | 31 ++++++------------------------- source3/librpc/gen_ndr/ndr_security.h | 6 ++++++ source3/librpc/gen_ndr/security.h | 4 ++-- 4 files changed, 17 insertions(+), 30 deletions(-) diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index c869eef01c..3f70e2c36e 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -240,7 +240,7 @@ interface security } sec_privilege; - typedef [bitmap8bit] bitmap { + typedef [public,bitmap8bit] bitmap { SEC_ACE_FLAG_OBJECT_INHERIT = 0x01, SEC_ACE_FLAG_CONTAINER_INHERIT = 0x02, SEC_ACE_FLAG_NO_PROPAGATE_INHERIT = 0x04, @@ -251,7 +251,7 @@ interface security SEC_ACE_FLAG_FAILED_ACCESS = 0x80 } security_ace_flags; - typedef [enum8bit] enum { + typedef [public,enum8bit] enum { SEC_ACE_TYPE_ACCESS_ALLOWED = 0, SEC_ACE_TYPE_ACCESS_DENIED = 1, SEC_ACE_TYPE_SYSTEM_AUDIT = 2, @@ -288,7 +288,7 @@ interface security [switch_is(flags & SEC_ACE_INHERITED_OBJECT_TYPE_PRESENT)] security_ace_object_inherited_type inherited_type; } security_ace_object; - typedef [nodiscriminant] union { + typedef [public,nodiscriminant] union { [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] security_ace_object object; [case(SEC_ACE_TYPE_ACCESS_DENIED_OBJECT)] security_ace_object object; [case(SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT)] security_ace_object object; diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index b93a051d7a..108f2f689c 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -5,13 +5,13 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dom_sid.h" -static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r) { uint8_t v; NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); @@ -34,13 +34,13 @@ _PUBLIC_ void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *na ndr->depth--; } -static enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r) { uint8_t v; NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); @@ -279,7 +279,7 @@ _PUBLIC_ void ndr_print_security_ace_object(struct ndr_print *ndr, const char *n ndr->depth--; } -static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r) { if (ndr_flags & NDR_SCALARS) { int level = ndr_push_get_switch_value(ndr, r); @@ -332,7 +332,7 @@ static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r) { int level; level = ndr_pull_get_switch_value(ndr, r); @@ -432,25 +432,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f return NDR_ERR_SUCCESS; } -_PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r) -{ - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type)); - NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags)); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask)); - NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type)); - NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object)); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee)); - } - if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->trustee)); - } - return NDR_ERR_SUCCESS; -} - _PUBLIC_ void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r) { ndr_print_struct(ndr, name, "security_ace"); diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index 90800d3d1b..bddf1bd2b7 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -8,12 +8,18 @@ #include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) +enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r); +enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r); void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); +enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r); +enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r); void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r); void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r); void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r); void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r); +enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r); +enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r); void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r); enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r); enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r); diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index 59b00a56a9..fe23347fdf 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -243,7 +243,7 @@ struct security_ace_object { union security_ace_object_ctr { struct security_ace_object object;/* [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] */ -}/* [nodiscriminant] */; +}/* [public,nodiscriminant] */; struct security_ace { enum security_ace_type type; @@ -252,7 +252,7 @@ struct security_ace { uint32_t access_mask; union security_ace_object_ctr object;/* [switch_is(type)] */ struct dom_sid trustee; -}/* [gensize,public,nosize] */; +}/* [gensize,public,nopull,nosize] */; enum security_acl_revision #ifndef USE_UINT_ENUMS -- cgit From f0b3f98b4f8c61150d2f3ebb1c2a3b9f7f38f29a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 16:49:52 +0100 Subject: s4: dsdb/schema: fix the equality and comment of DN+String syntax metze --- source4/dsdb/schema/schema_syntax.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c index e0e6b3fc77..cee74c0593 100644 --- a/source4/dsdb/schema/schema_syntax.c +++ b/source4/dsdb/schema/schema_syntax.c @@ -1322,9 +1322,6 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.14", .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, - .equality = "distinguishedNameMatch", - .comment = "OctetString: String+DN", - .ldb_syntax = LDB_SYNTAX_DN, },{ /* not used in w2k3 schema */ .name = "Object(DN-String)", @@ -1334,6 +1331,8 @@ static const struct dsdb_syntax dsdb_syntaxes[] = { .attributeSyntax_oid = "2.5.5.14", .drsuapi_to_ldb = dsdb_syntax_FOOBAR_drsuapi_to_ldb, .ldb_to_drsuapi = dsdb_syntax_FOOBAR_ldb_to_drsuapi, + .equality = "distinguishedNameMatch", + .comment = "OctetString: String+DN", .ldb_syntax = LDB_SYNTAX_DN, } }; -- cgit From 8d4aaefd86915309cf0674afecfad8e923e80522 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 8 Nov 2008 09:15:51 +0100 Subject: s3: add missing librpc/gen_ndr/ndr_dom_sid.h metze --- source3/librpc/gen_ndr/ndr_dom_sid.h | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 source3/librpc/gen_ndr/ndr_dom_sid.h diff --git a/source3/librpc/gen_ndr/ndr_dom_sid.h b/source3/librpc/gen_ndr/ndr_dom_sid.h new file mode 100644 index 0000000000..145ec1db46 --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_dom_sid.h @@ -0,0 +1,10 @@ +/* header auto-generated by pidl */ + +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/dom_sid.h" + +#ifndef _HEADER_NDR_dom_sid +#define _HEADER_NDR_dom_sid + +#define NDR_DOM_SID_CALL_COUNT (0) +#endif /* _HEADER_NDR_dom_sid */ -- cgit From 87d4138d095bd6554ded80a94fb706bb754ae4c6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 4 Nov 2008 22:04:58 +0100 Subject: Converting notify.c to store a request, not an inbuf --- source3/include/proto.h | 4 +-- source3/smbd/notify.c | 83 +++++++++++++++++-------------------------------- source3/smbd/nttrans.c | 3 +- 3 files changed, 32 insertions(+), 58 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 482027e8dc..96ed71657d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7973,11 +7973,11 @@ void reply_negprot(struct smb_request *req); /* The following definitions come from smbd/notify.c */ void change_notify_reply(connection_struct *conn, - const uint8 *request_buf, uint32 max_param, + struct smb_request *req, uint32 max_param, struct notify_change_buf *notify_buf); NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter, bool recursive); -NTSTATUS change_notify_add_request(const struct smb_request *req, +NTSTATUS change_notify_add_request(struct smb_request *req, uint32 max_param, uint32 filter, bool recursive, struct files_struct *fsp); diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index b2d0f20f89..5a517654bf 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -24,7 +24,7 @@ struct notify_change_request { struct notify_change_request *prev, *next; struct files_struct *fsp; /* backpointer for cancel by mid */ - uint8 request_buf[smb_size]; + struct smb_request *req; uint32 filter; uint32 max_param; struct notify_mid_map *mid_map; @@ -133,40 +133,33 @@ static bool notify_marshall_changes(int num_changes, *****************************************************************************/ static void change_notify_reply_packet(connection_struct *conn, - const uint8 *request_buf, + struct smb_request *req, NTSTATUS error_code) { - char outbuf[smb_size+38]; + reply_outbuf(req, 18, 0); - memset(outbuf, '\0', sizeof(outbuf)); - construct_reply_common((char *)request_buf, outbuf); - - ERROR_NT(error_code); - - /* - * Seems NT needs a transact command with an error code - * in it. This is a longer packet than a simple error. - */ - srv_set_message(outbuf,18,0,False); + if (!NT_STATUS_IS_OK(error_code)) { + error_packet_set((char *)req->outbuf, 0, 0, error_code, + __LINE__,__FILE__); + } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), - outbuf, - IS_CONN_ENCRYPTED(conn))) + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, + req->encrypted)) { exit_server_cleanly("change_notify_reply_packet: srv_send_smb " "failed."); + } + TALLOC_FREE(req->outbuf); } void change_notify_reply(connection_struct *conn, - const uint8 *request_buf, uint32 max_param, + struct smb_request *req, uint32 max_param, struct notify_change_buf *notify_buf) { prs_struct ps; - struct smb_request *req = NULL; - uint8 tmp_request[smb_size]; if (notify_buf->num_changes == -1) { - change_notify_reply_packet(conn, request_buf, NT_STATUS_OK); + change_notify_reply_packet(conn, req, NT_STATUS_OK); notify_buf->num_changes = 0; return; } @@ -179,32 +172,14 @@ void change_notify_reply(connection_struct *conn, * We exceed what the client is willing to accept. Send * nothing. */ - change_notify_reply_packet(conn, request_buf, NT_STATUS_OK); - goto done; - } - - if (!(req = talloc(talloc_tos(), struct smb_request))) { - change_notify_reply_packet(conn, request_buf, NT_STATUS_NO_MEMORY); + change_notify_reply_packet(conn, req, NT_STATUS_OK); goto done; } - memcpy(tmp_request, request_buf, smb_size); - - /* - * We're only interested in the header fields here - */ - - smb_setlen((char *)tmp_request, smb_size); - SCVAL(tmp_request, smb_wct, 0); - - init_smb_request(req, tmp_request,0, conn->encrypted_tid); - req->inbuf = tmp_request; - send_nt_replies(conn, req, NT_STATUS_OK, prs_data_p(&ps), prs_offset(&ps), NULL, 0); done: - TALLOC_FREE(req); prs_mem_free(&ps); TALLOC_FREE(notify_buf->changes); @@ -252,7 +227,7 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter, return status; } -NTSTATUS change_notify_add_request(const struct smb_request *req, +NTSTATUS change_notify_add_request(struct smb_request *req, uint32 max_param, uint32 filter, bool recursive, struct files_struct *fsp) @@ -263,16 +238,16 @@ NTSTATUS change_notify_add_request(const struct smb_request *req, DEBUG(10, ("change_notify_add_request: Adding request for %s: " "max_param = %d\n", fsp->fsp_name, (int)max_param)); - if (!(request = SMB_MALLOC_P(struct notify_change_request)) - || !(map = SMB_MALLOC_P(struct notify_mid_map))) { - SAFE_FREE(request); + if (!(request = talloc(NULL, struct notify_change_request)) + || !(map = talloc(request, struct notify_mid_map))) { + TALLOC_FREE(request); return NT_STATUS_NO_MEMORY; } request->mid_map = map; map->req = request; - memcpy(request->request_buf, req->inbuf, sizeof(request->request_buf)); + request->req = talloc_move(request, &req); request->max_param = max_param; request->filter = filter; request->fsp = fsp; @@ -281,11 +256,11 @@ NTSTATUS change_notify_add_request(const struct smb_request *req, DLIST_ADD_END(fsp->notify->requests, request, struct notify_change_request *); - map->mid = SVAL(req->inbuf, smb_mid); + map->mid = request->req->mid; DLIST_ADD(notify_changes_by_mid, map); /* Push the MID of this packet on the signing queue. */ - srv_defer_sign_response(SVAL(req->inbuf,smb_mid)); + srv_defer_sign_response(request->req->mid); return NT_STATUS_OK; } @@ -315,9 +290,7 @@ static void change_notify_remove_request(struct notify_change_request *remove_re DLIST_REMOVE(fsp->notify->requests, req); DLIST_REMOVE(notify_changes_by_mid, req->mid_map); - SAFE_FREE(req->mid_map); - TALLOC_FREE(req->backend_data); - SAFE_FREE(req); + TALLOC_FREE(req); } /**************************************************************************** @@ -338,8 +311,8 @@ void remove_pending_change_notify_requests_by_mid(uint16 mid) return; } - change_notify_reply_packet(map->req->fsp->conn, - map->req->request_buf, NT_STATUS_CANCELLED); + change_notify_reply_packet(map->req->fsp->conn, map->req->req, + NT_STATUS_CANCELLED); change_notify_remove_request(map->req); } @@ -355,8 +328,8 @@ void remove_pending_change_notify_requests_by_fid(files_struct *fsp, } while (fsp->notify->requests != NULL) { - change_notify_reply_packet(fsp->conn, - fsp->notify->requests->request_buf, status); + change_notify_reply_packet( + fsp->conn, fsp->notify->requests->req, status); change_notify_remove_request(fsp->notify->requests); } } @@ -450,7 +423,7 @@ static void notify_fsp(files_struct *fsp, uint32 action, const char *name) */ change_notify_reply(fsp->conn, - fsp->notify->requests->request_buf, + fsp->notify->requests->req, fsp->notify->requests->max_param, fsp->notify); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 50a3aea856..565f2cbb5f 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1443,7 +1443,8 @@ static void call_nt_transact_notify_change(connection_struct *conn, * here. */ - change_notify_reply(fsp->conn, req->inbuf, max_param_count, fsp->notify); + change_notify_reply(fsp->conn, req, max_param_count, + fsp->notify); /* * change_notify_reply() above has independently sent its -- cgit From 5e2956557b06b5b55dc8810b51bdbcf3e7f03c98 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 5 Nov 2008 19:16:06 +0100 Subject: Remove the change to the user context in process_blocking_lock_queue() --- source3/smbd/blocking.c | 84 +++++-------------------------------------------- 1 file changed, 8 insertions(+), 76 deletions(-) diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 555033b7df..87ae3ca272 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -666,78 +666,9 @@ static void process_blocking_lock_queue(void) */ for (blr = blocking_lock_queue; blr; blr = next) { - connection_struct *conn = NULL; - uint16 vuid; - files_struct *fsp = NULL; next = blr->next; - /* - * Ensure we don't have any old chain_fsp values - * sitting around.... - */ - chain_size = 0; - fsp = blr->fsp; - - conn = conn_find(blr->req->tid); - vuid = (lp_security() == SEC_SHARE) - ? UID_FIELD_INVALID : blr->req->vuid; - - DEBUG(5,("process_blocking_lock_queue: examining pending lock fnum = %d for file %s\n", - fsp->fnum, fsp->fsp_name )); - - if(!change_to_user(conn,vuid)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); - - /* - * Remove the entry and return an error to the client. - */ - - if (br_lck) { - brl_lock_cancel(br_lck, - blr->lock_pid, - procid_self(), - blr->offset, - blr->count, - blr->lock_flav); - TALLOC_FREE(br_lck); - } - - DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n", - vuid )); - blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); - DLIST_REMOVE(blocking_lock_queue, blr); - TALLOC_FREE(blr); - recalc_timeout = True; - continue; - } - - if(!set_current_service(conn,SVAL(blr->req->inbuf,smb_flg),True)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); - - /* - * Remove the entry and return an error to the client. - */ - - if (br_lck) { - brl_lock_cancel(br_lck, - blr->lock_pid, - procid_self(), - blr->offset, - blr->count, - blr->lock_flav); - TALLOC_FREE(br_lck); - } - - DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) )); - blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); - DLIST_REMOVE(blocking_lock_queue, blr); - TALLOC_FREE(blr); - recalc_timeout = True; - change_to_root_user(); - continue; - } - /* * Go through the remaining locks and try and obtain them. * The call returns True if all locks were obtained successfully @@ -745,7 +676,8 @@ static void process_blocking_lock_queue(void) */ if(blocking_lock_record_process(blr)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); + struct byte_range_lock *br_lck = brl_get_locks( + talloc_tos(), blr->fsp); if (br_lck) { brl_lock_cancel(br_lck, @@ -760,19 +692,17 @@ static void process_blocking_lock_queue(void) DLIST_REMOVE(blocking_lock_queue, blr); TALLOC_FREE(blr); recalc_timeout = True; - change_to_root_user(); continue; } - change_to_root_user(); - /* * We couldn't get the locks for this record on the list. * If the time has expired, return a lock error. */ if (!timeval_is_zero(&blr->expire_time) && timeval_compare(&blr->expire_time, &tv_curr) <= 0) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); + struct byte_range_lock *br_lck = brl_get_locks( + talloc_tos(), blr->fsp); /* * Lock expired - throw away all previously @@ -780,8 +710,10 @@ static void process_blocking_lock_queue(void) */ if (br_lck) { - DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n", - fsp->fnum, fsp->fsp_name )); + DEBUG(5,("process_blocking_lock_queue: " + "pending lock fnum = %d for file %s " + "timed out.\n", blr->fsp->fnum, + blr->fsp->fsp_name )); brl_lock_cancel(br_lck, blr->lock_pid, -- cgit From 52958ea115ab3d1d8cebaad47b5ffff7fc86a4cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 5 Nov 2008 19:19:17 +0100 Subject: Remove a direct inbuf reference (should have been removed with 8987641d...) --- source3/smbd/aio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index fd553c3fc4..8beed0744c 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -506,7 +506,7 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) ERROR_BOTH(map_nt_error_from_unix(ret), ERRHRD, ERRdiskfull); srv_set_message(outbuf,0,0,true); } else { - bool write_through = BITSETW(aio_ex->req->inbuf+smb_vwv7,0); + bool write_through = BITSETW(aio_ex->req->vwv+7,0); NTSTATUS status; SSVAL(outbuf,smb_vwv2,nwritten); -- cgit From 807ad174b288e4c3d36ed02e5ef02cd7a848ce0e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 6 Nov 2008 12:14:08 +0100 Subject: Remove a direct inbuf reference from reply_nttrans() --- source3/smbd/nttrans.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 565f2cbb5f..c7a8bf7650 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2689,8 +2689,7 @@ void reply_nttrans(struct smb_request *req) goto bad_param; } - memcpy( state->setup, &req->inbuf[smb_nt_SetupStart], - state->setup_count); + memcpy(state->setup, req->vwv+19, state->setup_count); dump_data(10, (uint8 *)state->setup, state->setup_count); } -- cgit From 8637dd12325369e0056d77924cac577a67f2a0ab Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 6 Nov 2008 20:16:04 +0100 Subject: change CHECK_READ to use smb_request instead of inbuf --- source3/include/smb_macros.h | 4 ++-- source3/smbd/reply.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 46ca236553..119ceeb158 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -52,8 +52,8 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ } while(0) -#define CHECK_READ(fsp,inbuf) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \ - ((SVAL((inbuf),smb_flg2) & FLAGS2_READ_PERMIT_EXECUTE) && \ +#define CHECK_READ(fsp,req) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \ + ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \ (fsp->access_mask & FILE_EXECUTE)))) #define CHECK_WRITE(fsp) ((fsp)->can_write && ((fsp)->fh->fd != -1)) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 377ba4e530..be39fd464d 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2894,7 +2894,7 @@ void reply_lockread(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBlockread); return; @@ -3002,7 +3002,7 @@ void reply_read(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBread); return; @@ -3255,7 +3255,7 @@ void reply_read_and_X(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS,ERRbadaccess); END_PROFILE(SMBreadX); return; -- cgit From 7a35506bb87fd784a4a7a5b81c2d2ab5c32b233b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 12:29:24 +0100 Subject: Remove direct inbuf refs from send_trans_reply --- source3/smbd/ipc.c | 72 ++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 37 deletions(-) diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b9460e5211..c7a44270f5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -91,7 +91,6 @@ void send_trans_reply(connection_struct *conn, int tot_data_sent = 0; int tot_param_sent = 0; int align; - char *outbuf; int ldata = rdata ? rdata_len : 0; int lparam = rparam ? rparam_len : 0; @@ -104,38 +103,37 @@ void send_trans_reply(connection_struct *conn, align = ((this_lparam)%4); - if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, - 10, 1+align+this_ldata+this_lparam)) { - smb_panic("could not allocate outbuf"); - } + reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv0,lparam); - SSVAL(outbuf,smb_vwv1,ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,0); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align, - outbuf)); - SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,0); + SSVAL(req->outbuf,smb_vwv0,lparam); + SSVAL(req->outbuf,smb_vwv1,ldata); + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4, + smb_offset(smb_buf(req->outbuf)+1, req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,0); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7, + smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,0); + SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set((char *)outbuf, ERRDOS, ERRmoredata, + error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, IS_CONN_ENCRYPTED(conn))) { exit_server_cleanly("send_trans_reply: srv_send_smb failed."); } - TALLOC_FREE(outbuf); + TALLOC_FREE(req->outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -155,39 +153,39 @@ void send_trans_reply(connection_struct *conn, align = (this_lparam%4); - if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, - 10, 1+align+this_ldata+this_lparam)) { - smb_panic("could not allocate outbuf"); - } + reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,tot_param_sent); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7, - smb_offset(smb_buf(outbuf)+1+this_lparam+align, outbuf)); - SSVAL(outbuf,smb_vwv8,tot_data_sent); - SSVAL(outbuf,smb_vwv9,0); + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4, + smb_offset(smb_buf(req->outbuf)+1,req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,tot_param_sent); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7, + smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,tot_data_sent); + SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set(outbuf, ERRDOS, ERRmoredata, + error_packet_set((char *)req->outbuf, + ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), outbuf, + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, IS_CONN_ENCRYPTED(conn))) exit_server_cleanly("send_trans_reply: srv_send_smb " "failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; - TALLOC_FREE(outbuf); + TALLOC_FREE(req->outbuf); } } -- cgit From 8315677ca3ca9eed62fe6e24bac333b9b5dc763b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 20:38:05 +0100 Subject: Do not write into inbuf for the transs request Instead, fix up the outbuf in send_xx_reply. In those routines, we know what we are returning. --- source3/smbd/blocking.c | 1 - source3/smbd/ipc.c | 18 ++++++++++++------ source3/smbd/nttrans.c | 11 +++++------ source3/smbd/trans2.c | 12 ++++++------ 4 files changed, 23 insertions(+), 19 deletions(-) diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 87ae3ca272..2237a89ace 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -505,7 +505,6 @@ static bool process_trans2(blocking_lock_record *blr) /* We finally got the lock, return success. */ - SCVAL(blr->req->inbuf, smb_com, SMBtrans2); SSVAL(params,0,0); /* Fake up max_data_bytes here - we know it fits. */ send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c7a44270f5..26a4212ec9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the outbuf, + * fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the + * outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans); - handle_trans(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c7a8bf7650..1a13d962f0 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -119,6 +119,11 @@ void send_nt_replies(connection_struct *conn, total_sent_thistime + alignment_offset + data_alignment_offset); + /* + * We might have had SMBnttranss in req->inbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBnttrans); + /* * Set total params and data to be sent. */ @@ -2829,12 +2834,6 @@ void reply_nttranss(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBnttranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBnttrans); - handle_nttrans(conn, state, req); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d0e3a68e8a..c385c6ccb1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -768,6 +768,12 @@ void send_trans2_replies(connection_struct *conn, reply_outbuf(req, 10, total_sent_thistime + alignment_offset + data_alignment_offset); + /* + * We might have SMBtrans2s in req which was transferred to + * the outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans2); + /* Set total params and data to be sent */ SSVAL(req->outbuf,smb_tprcnt,paramsize); SSVAL(req->outbuf,smb_tdrcnt,datasize); @@ -7822,12 +7828,6 @@ void reply_transs2(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss2 is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans2); - handle_trans2(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); -- cgit From 5a33e906f651ea84ec909fd6453e13a9489bd391 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 21:02:11 +0100 Subject: Make "construct_reply_common" static --- source3/include/proto.h | 1 - source3/smbd/process.c | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 96ed71657d..5f9203a21f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8233,7 +8233,6 @@ void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes); const char *smb_fn_name(int type); void add_to_common_flags2(uint32 v); void remove_from_common_flags2(uint32 v); -void construct_reply_common(const char *inbuf, char *outbuf); void construct_reply_common_req(struct smb_request *req, char *outbuf); void chain_reply(struct smb_request *req); void check_reload(time_t t); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 7931fbebab..b3cd2f26c8 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -37,6 +37,8 @@ SIG_ATOMIC_T got_sig_term = 0; extern bool global_machine_password_needs_changing; extern int max_send; +static void construct_reply_common(const char *inbuf, char *outbuf); + /* Accessor function for smb_read_error for smbd functions. */ /**************************************************************************** @@ -1590,7 +1592,7 @@ void remove_from_common_flags2(uint32 v) common_flags2 &= ~v; } -void construct_reply_common(const char *inbuf, char *outbuf) +static void construct_reply_common(const char *inbuf, char *outbuf) { srv_set_message(outbuf,0,0,false); -- cgit From 813bf8b4f463199b7c2d3cddab7056b8a68a0b70 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 8 Nov 2008 22:57:57 -0800 Subject: Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix. Jeremy. --- source3/lib/secdesc.c | 3 +++ source3/modules/vfs_acl_xattr.c | 21 ++++++++++++++++++++- source4/torture/raw/acls.c | 23 ++++++++++++++++++----- 3 files changed, 41 insertions(+), 6 deletions(-) diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index de547d815f..df85336603 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, ptrustee = creator; new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } else if (container && + !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + ptrustee = &ace->trustee; } init_sec_ace(new_ace, ptrustee, ace->type, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 209209d287..a5d93950f6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -363,10 +363,18 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, status = get_nt_acl_xattr_internal(handle, NULL, parent_name, - DACL_SECURITY_INFORMATION, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), &parent_desc); if (NT_STATUS_IS_OK(status)) { /* Create an inherited descriptor from the parent. */ + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: parent acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, parent_desc); + } + status = se_create_child_secdesc(ctx, &psd, &size, @@ -377,6 +385,12 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!NT_STATUS_IS_OK(status)) { return status; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: child acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + } else { DEBUG(10,("inherit_new_acl: directory %s failed " "to get acl %s\n", @@ -401,6 +415,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!psd) { return NT_STATUS_NO_MEMORY; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: default acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } } status = create_acl_blob(psd, &blob); diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index d76454d1ff..f6c690bb56 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1457,7 +1457,9 @@ static bool test_inheritance(struct torture_context *tctx, (!(test_flags[i].parent_flags & SEC_ACE_FLAG_OBJECT_INHERIT) || (test_flags[i].parent_flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT))) { if (!security_descriptor_equal(q.query_secdesc.out.sd, sd_def)) { - printf("Expected default sd for dir at %d - got:\n", i); + printf("Expected default sd for dir at %d:\n", i); + NDR_PRINT_DEBUG(security_descriptor, sd_def); + printf("got:\n"); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); } continue; @@ -1471,7 +1473,7 @@ static bool test_inheritance(struct torture_context *tctx, !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, sd_orig->owner_sid) || q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", + printf("(CI & NP) Bad sd in child dir at %d (parent 0x%x)\n", i, test_flags[i].parent_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; @@ -1489,7 +1491,7 @@ static bool test_inheritance(struct torture_context *tctx, q.query_secdesc.out.sd->dacl->aces[0].flags != 0 || q.query_secdesc.out.sd->dacl->aces[1].flags != (test_flags[i].dir_flags | SEC_ACE_FLAG_INHERIT_ONLY)) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", + printf("(CI) Bad sd in child dir at %d (parent 0x%x)\n", i, test_flags[i].parent_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; @@ -1502,8 +1504,19 @@ static bool test_inheritance(struct torture_context *tctx, !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, creator_owner) || q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { - printf("Bad sd in child dir at %d (parent 0x%x)\n", - i, test_flags[i].parent_flags); + printf("FAIL. t1 = %d, t2 = %d, t3 = %d, t4 = %d, t5 = %d\n", + q.query_secdesc.out.sd->dacl == NULL, + q.query_secdesc.out.sd->dacl->num_aces != 1, + q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA, + !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, + creator_owner), + q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags); + + printf("(0) Bad sd in child dir at %d (parent 0x%x) flags = 0x%x dir_flags=0x%x\n", + i, + test_flags[i].parent_flags, + q.query_secdesc.out.sd->dacl->aces[0].flags, + test_flags[i].dir_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; continue; -- cgit From d64caaf593201ca02ab9eac86e98c5adab3faf72 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 8 Nov 2008 23:06:21 -0800 Subject: Remove debug code added in error. Jeremy. --- source4/torture/raw/acls.c | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/source4/torture/raw/acls.c b/source4/torture/raw/acls.c index f6c690bb56..48dec6e561 100644 --- a/source4/torture/raw/acls.c +++ b/source4/torture/raw/acls.c @@ -1504,19 +1504,8 @@ static bool test_inheritance(struct torture_context *tctx, !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, creator_owner) || q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags) { - printf("FAIL. t1 = %d, t2 = %d, t3 = %d, t4 = %d, t5 = %d\n", - q.query_secdesc.out.sd->dacl == NULL, - q.query_secdesc.out.sd->dacl->num_aces != 1, - q.query_secdesc.out.sd->dacl->aces[0].access_mask != SEC_FILE_WRITE_DATA, - !dom_sid_equal(&q.query_secdesc.out.sd->dacl->aces[0].trustee, - creator_owner), - q.query_secdesc.out.sd->dacl->aces[0].flags != test_flags[i].dir_flags); - - printf("(0) Bad sd in child dir at %d (parent 0x%x) flags = 0x%x dir_flags=0x%x\n", - i, - test_flags[i].parent_flags, - q.query_secdesc.out.sd->dacl->aces[0].flags, - test_flags[i].dir_flags); + printf("(0) Bad sd in child dir at %d (parent 0x%x)\n", + i, test_flags[i].parent_flags); NDR_PRINT_DEBUG(security_descriptor, q.query_secdesc.out.sd); ret = false; continue; -- cgit From 7d8787c915b97f44851d2ca4c854c5f3aca8a3c6 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 7 Nov 2008 09:13:26 +0100 Subject: ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth. This fixes bug #5865 --- source3/nsswitch/winbind_struct_protocol.h | 4 +++- source3/utils/ntlm_auth.c | 18 +++++++++++++++--- source3/winbindd/winbindd_pam.c | 25 ++++++++++++++++++------- 3 files changed, 36 insertions(+), 11 deletions(-) diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index ff52dbddaf..169b4a8c95 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -202,7 +202,9 @@ typedef struct winbindd_gr { #define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */ /* Flag to say this is a winbindd internal send - don't recurse. */ #define WBFLAG_RECURSE 0x00000800 - +/* Flag to tell winbind the NTLMv2 blob is too big for the struct and is in the + * extra_data field */ +#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000 #define WINBINDD_MAX_EXTRA_DATA (128*1024) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 0a76761cb2..fbb105bfe6 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -380,13 +380,25 @@ NTSTATUS contact_winbind_auth_crap(const char *username, } if (nt_response && nt_response->length) { - memcpy(request.data.auth_crap.nt_resp, - nt_response->data, - MIN(nt_response->length, sizeof(request.data.auth_crap.nt_resp))); + if (nt_response->length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags = request.flags | WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = nt_response->length; + request.extra_data.data = SMB_MALLOC_ARRAY(char, request.extra_len); + if (request.extra_data.data == NULL) { + return NT_STATUS_NO_MEMORY; + } + memcpy(request.extra_data.data, nt_response->data, + nt_response->length); + + } else { + memcpy(request.data.auth_crap.nt_resp, + nt_response->data, nt_response->length); + } request.data.auth_crap.nt_resp_len = nt_response->length; } result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); + SAFE_FREE(request.extra_data.data); /* Display response */ diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 9ff3899661..7de28b08a9 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1854,17 +1854,28 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { - DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", - state->request.data.auth_crap.lm_resp_len, - state->request.data.auth_crap.nt_resp_len)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; + if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB || + state->request.extra_len != state->request.data.auth_crap.nt_resp_len) { + DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", + state->request.data.auth_crap.lm_resp_len, + state->request.data.auth_crap.nt_resp_len)); + result = NT_STATUS_INVALID_PARAMETER; + goto done; + } } lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); - nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp, - state->request.data.auth_crap.nt_resp_len); + + if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.extra_data.data, + state->request.data.auth_crap.nt_resp_len); + } else { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.data.auth_crap.nt_resp, + state->request.data.auth_crap.nt_resp_len); + } /* what domain should we contact? */ -- cgit From 4c391c94f47458a64bf71d17fc3d7c0507ebfd9b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 15:10:37 +0100 Subject: [s3]build: build cifs.upcall at build time instead of at install time. This is to prevent problems with packaging scripts that pass CFLAGS to make but not to make install... Based on a patch for v3-2 by Martin Schwenke . Michael --- source3/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index a644eeae64..d11094d621 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1158,7 +1158,8 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ # now the rules... ###################################################################### all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \ - $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@ + $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \ + @EXTRA_ALL_TARGETS@ basics:: -- cgit From 951cf45ee7014e4099adf4efdfbb6eb71d7e8419 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 15:13:15 +0100 Subject: [s3]build: prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty picky make implementations don't like lines with only tabs in rules or dependencie Michael --- source3/Makefile.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index d11094d621..d216e1c11e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -224,6 +224,8 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \ $(CHARSET_MODULES) $(AUTH_MODULES) $(NSS_INFO_MODULES) \ $(GPEXT_MODULES) +EXTRA_ALL_TARGETS = @EXTRA_ALL_TARGETS@ + ###################################################################### # object file lists ###################################################################### @@ -1159,7 +1161,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ ###################################################################### all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \ $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \ - @EXTRA_ALL_TARGETS@ + $(EXTRA_ALL_TARGETS) basics:: -- cgit From 0474c8665d47ca6f89e483ff20f6401698095b55 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 12:55:12 +0100 Subject: nterrors: add NT_STATUS_DS_BUSY. Guenther --- libcli/util/ntstatus.h | 1 + source3/libsmb/nterr.c | 1 + source4/libcli/util/nterr.c | 1 + 3 files changed, 3 insertions(+) diff --git a/libcli/util/ntstatus.h b/libcli/util/ntstatus.h index fa4553df1e..139562d8c2 100644 --- a/libcli/util/ntstatus.h +++ b/libcli/util/ntstatus.h @@ -592,6 +592,7 @@ typedef uint32_t NTSTATUS; #define NT_STATUS_TOO_MANY_LINKS NT_STATUS(0xC0000000 | 0x0265) #define NT_STATUS_QUOTA_LIST_INCONSISTENT NT_STATUS(0xC0000000 | 0x0266) #define NT_STATUS_FILE_IS_OFFLINE NT_STATUS(0xC0000000 | 0x0267) +#define NT_STATUS_DS_BUSY NT_STATUS(0xC0000000 | 0x02a5) #define NT_STATUS_DS_NO_MORE_RIDS NT_STATUS(0xC0000000 | 0x02a8) #define NT_STATUS_NOT_A_REPARSE_POINT NT_STATUS(0xC0000000 | 0x0275) #define NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED NT_STATUS(0xC0000000 | 0x02E9) diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 1ba230cefe..465d88a9b6 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -532,6 +532,7 @@ static const nt_err_code_struct nt_errs[] = { "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS }, { "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT }, { "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE }, + { "NT_STATUS_DS_BUSY", NT_STATUS_DS_BUSY }, { "NT_STATUS_DS_NO_MORE_RIDS", NT_STATUS_DS_NO_MORE_RIDS }, { "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT }, { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED }, diff --git a/source4/libcli/util/nterr.c b/source4/libcli/util/nterr.c index e95f0228c1..e94ed36d39 100644 --- a/source4/libcli/util/nterr.c +++ b/source4/libcli/util/nterr.c @@ -548,6 +548,7 @@ static const nt_err_code_struct nt_errs[] = { "NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED", NT_STATUS_CURRENT_DOMAIN_NOT_ALLOWED }, { "NT_STATUS_OBJECTID_NOT_FOUND", NT_STATUS_OBJECTID_NOT_FOUND }, { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED }, + { "NT_STATUS_DS_BUSY", NT_STATUS_DS_BUSY }, { "STATUS_MORE_ENTRIES", STATUS_MORE_ENTRIES }, { "STATUS_SOME_UNMAPPED", STATUS_SOME_UNMAPPED }, { "STATUS_NOTIFY_CLEANUP", STATUS_NOTIFY_CLEANUP }, -- cgit From e78379be0b829da3d41971182f468892a623dd7e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 20:35:32 +0100 Subject: s4-dsdb: add samdb_result_parameters. Guenther --- source4/dsdb/common/util.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index 69e456274c..de2073fee0 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -657,6 +657,28 @@ uint32_t samdb_result_acct_flags(struct ldb_context *sam_ctx, TALLOC_CTX *mem_ct return acct_flags; } +struct lsa_BinaryString samdb_result_parameters(TALLOC_CTX *mem_ctx, + struct ldb_message *msg, + const char *attr) +{ + struct lsa_BinaryString s; + const struct ldb_val *val = ldb_msg_find_ldb_val(msg, attr); + + ZERO_STRUCT(s); + + if (!val) { + return s; + } + + s.array = talloc_array(mem_ctx, uint16_t, val->length/2); + if (!s.array) { + return s; + } + s.length = s.size = val->length/2; + memcpy(s.array, val->data, val->length); + + return s; +} /* Find an attribute, with a particular value */ -- cgit From c8a8c2388b32977a54daf854f14c278a18824594 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 20:35:41 +0100 Subject: s4-dsdb: add samdb_msg_add_parameters. Guenther --- source4/dsdb/common/util.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c index de2073fee0..2161286e08 100644 --- a/source4/dsdb/common/util.c +++ b/source4/dsdb/common/util.c @@ -918,6 +918,17 @@ int samdb_msg_add_logon_hours(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, return ldb_msg_add_value(msg, attr_name, &val, NULL); } +/* + add a parameters element to a message +*/ +int samdb_msg_add_parameters(struct ldb_context *sam_ldb, TALLOC_CTX *mem_ctx, struct ldb_message *msg, + const char *attr_name, struct lsa_BinaryString *parameters) +{ + struct ldb_val val; + val.length = parameters->length * 2; + val.data = (uint8_t *)parameters->array; + return ldb_msg_add_value(msg, attr_name, &val, NULL); +} /* add a general value element to a message */ -- cgit From e004307000d40fbe235827bc71229f4a5757c313 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 12:30:35 +0100 Subject: s4-netlogon: change parameters string to lsa_BinaryString. Guenther --- librpc/idl/netlogon.idl | 2 +- source4/libnet/libnet_samsync_ldb.c | 6 +++++- source4/torture/rpc/samsync.c | 11 ++++++++++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index 764958937f..e9b5170e9d 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -436,7 +436,7 @@ interface netlogon boolean8 lm_password_present; boolean8 password_expired; lsa_String comment; - lsa_String parameters; + lsa_BinaryString parameters; uint16 country_code; uint16 code_page; netr_USER_PRIVATE_INFO user_private_info; diff --git a/source4/libnet/libnet_samsync_ldb.c b/source4/libnet/libnet_samsync_ldb.c index 8b7dd1f598..160b4b3e19 100644 --- a/source4/libnet/libnet_samsync_ldb.c +++ b/source4/libnet/libnet_samsync_ldb.c @@ -384,7 +384,11 @@ static NTSTATUS samsync_ldb_handle_user(TALLOC_CTX *mem_ctx, } ADD_OR_DEL(string, "comment", comment.string); - ADD_OR_DEL(string, "userParameters", parameters.string); + + if (samdb_msg_add_parameters(state->sam_ldb, mem_ctx, msg, "userParameters", &user->parameters) != 0) { + return NT_STATUS_NO_MEMORY; + } + ADD_OR_DEL(uint, "countryCode", country_code); ADD_OR_DEL(uint, "codePage", code_page); diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 12ddc934c9..d97b9ba498 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -260,6 +260,15 @@ static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, } \ } while (0) +#define TEST_BINARY_STRING_EQUAL(s1, s2) do {\ + if (!((!s1.array || s1.array[0]=='\0') && (!s2.array || s2.array[0]=='\0')) \ + && memcmp(s1.array, s2.array, s1.length * 2) != 0) {\ + printf("%s: string mismatch: " #s1 ":%s != " #s2 ": %s\n", \ + __location__, (const char *)s1.array, (const char *)s2.array);\ + ret = false;\ + } \ +} while (0) + #define TEST_SID_EQUAL(s1, s2) do {\ if (!dom_sid_equal(s1, s2)) {\ printf("%s: dom_sid mismatch: " #s1 ":%s != " #s2 ": %s\n", \ @@ -535,7 +544,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct TEST_INT_EQUAL(q.out.info->info21.password_expired, user->password_expired); TEST_STRING_EQUAL(q.out.info->info21.comment, user->comment); - TEST_STRING_EQUAL(q.out.info->info21.parameters, user->parameters); + TEST_BINARY_STRING_EQUAL(q.out.info->info21.parameters, user->parameters); TEST_INT_EQUAL(q.out.info->info21.country_code, user->country_code); TEST_INT_EQUAL(q.out.info->info21.code_page, user->code_page); -- cgit From fdc28cf8a57f652c2ff897f1624b43bb96e5b8cd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 12:32:26 +0100 Subject: s3-netlogon: fix type of parameters string in user delta. Guenther --- source3/libnet/libnet_samsync_passdb.c | 6 +++--- source3/librpc/gen_ndr/ndr_netlogon.c | 10 +++++----- source3/librpc/gen_ndr/netlogon.h | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 1faef7b3eb..7ace77cace 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -118,12 +118,12 @@ static NTSTATUS sam_account_from_delta(struct samu *account, pdb_set_profile_path(account, new_string, PDB_CHANGED); } - if (r->parameters.string) { + if (r->parameters.array) { DATA_BLOB mung; char *newstr; old_string = pdb_get_munged_dial(account); - mung.length = r->parameters.length; - mung.data = (uint8 *) r->parameters.string; + mung.length = r->parameters.length * 2; + mung.data = (uint8_t *) r->parameters.array; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index 6575dbcb91..ac23c36a7c 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -2513,7 +2513,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_password_present)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->parameters)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_SCALARS, &r->user_private_info)); @@ -2540,7 +2540,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->parameters)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_BUFFERS, &r->sdbuf)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path)); @@ -2578,7 +2578,7 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_password_present)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->parameters)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_SCALARS, &r->user_private_info)); @@ -2605,7 +2605,7 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->parameters)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->sdbuf)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path)); @@ -2643,7 +2643,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_USER(struct ndr_print *ndr, const char *name, ndr_print_uint8(ndr, "lm_password_present", r->lm_password_present); ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr_print_lsa_String(ndr, "comment", &r->comment); - ndr_print_lsa_String(ndr, "parameters", &r->parameters); + ndr_print_lsa_BinaryString(ndr, "parameters", &r->parameters); ndr_print_uint16(ndr, "country_code", r->country_code); ndr_print_uint16(ndr, "code_page", r->code_page); ndr_print_netr_USER_PRIVATE_INFO(ndr, "user_private_info", &r->user_private_info); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index e1dc69cca0..51cca4083b 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -327,7 +327,7 @@ struct netr_DELTA_USER { uint8_t lm_password_present; uint8_t password_expired; struct lsa_String comment; - struct lsa_String parameters; + struct lsa_BinaryString parameters; uint16_t country_code; uint16_t code_page; struct netr_USER_PRIVATE_INFO user_private_info; -- cgit From 843135c8411662ecdad65d613fb7855628ab94d8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 15:53:19 +0100 Subject: s4-samr: move samr.idl to toplevel idl directory. Guenther --- librpc/idl/samr.idl | 1424 +++++++++++++++++++++++++++++++++++++++++++ source4/librpc/idl/samr.idl | 1424 ------------------------------------------- 2 files changed, 1424 insertions(+), 1424 deletions(-) create mode 100644 librpc/idl/samr.idl delete mode 100644 source4/librpc/idl/samr.idl diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl new file mode 100644 index 0000000000..b4b4cc4a64 --- /dev/null +++ b/librpc/idl/samr.idl @@ -0,0 +1,1424 @@ +#include "idl_types.h" + +/* + samr interface definition +*/ +import "misc.idl", "lsa.idl", "security.idl"; + +/* + Thanks to Todd Sabin for some information from his samr.idl in acltools +*/ + +[ uuid("12345778-1234-abcd-ef00-0123456789ac"), + version(1.0), + endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), + pointer_default(unique) +] interface samr +{ + typedef bitmap security_secinfo security_secinfo; + + /* account control (acct_flags) bits */ + typedef [public,bitmap32bit] bitmap { + ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ + ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ + ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ + ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ + ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ + ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ + ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ + ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ + ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ + ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ + ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ + ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ + ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ + ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ + ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ + ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ + ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ + ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ + ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ + } samr_AcctFlags; + + typedef [bitmap32bit] bitmap { + SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, + SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, + SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, + SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, + SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, + SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 + } samr_ConnectAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, + SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, + SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, + SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, + SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, + SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, + SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, + SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, + SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, + SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, + SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 + } samr_UserAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, + SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, + SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, + SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, + SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, + SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, + SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, + SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, + SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 + } samr_DomainAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, + SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, + SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, + SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, + SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 + } samr_GroupAccessMask; + + typedef [bitmap32bit] bitmap { + SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, + SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, + SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, + SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, + SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 + } samr_AliasAccessMask; + + /******************/ + /* Function: 0x00 */ + NTSTATUS samr_Connect ( + /* notice the lack of [string] */ + [in,unique] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, + [out,ref] policy_handle *connect_handle + ); + + + /******************/ + /* Function: 0x01 */ + [public] NTSTATUS samr_Close ( + [in,out,ref] policy_handle *handle + ); + + /******************/ + /* Function: 0x02 */ + + NTSTATUS samr_SetSecurity ( + [in,ref] policy_handle *handle, + [in] security_secinfo sec_info, + [in,ref] sec_desc_buf *sdbuf + ); + + /******************/ + /* Function: 0x03 */ + + NTSTATUS samr_QuerySecurity ( + [in,ref] policy_handle *handle, + [in] security_secinfo sec_info, + [out,unique] sec_desc_buf *sdbuf + ); + + /******************/ + /* Function: 0x04 */ + + /* + shutdown the SAM - once you call this the SAM will be dead + */ + NTSTATUS samr_Shutdown ( + [in,ref] policy_handle *connect_handle + ); + + /******************/ + /* Function: 0x05 */ + NTSTATUS samr_LookupDomain ( + [in,ref] policy_handle *connect_handle, + [in,ref] lsa_String *domain_name, + [out,unique] dom_sid2 *sid + ); + + + /******************/ + /* Function: 0x06 */ + + typedef struct { + uint32 idx; + lsa_String name; + } samr_SamEntry; + + typedef struct { + uint32 count; + [size_is(count)] samr_SamEntry *entries; + } samr_SamArray; + + NTSTATUS samr_EnumDomains ( + [in,ref] policy_handle *connect_handle, + [in,out,ref] uint32 *resume_handle, + [in] uint32 buf_size, + [out,unique] samr_SamArray *sam, + [out] uint32 num_entries + ); + + + /************************/ + /* Function 0x07 */ + [public] NTSTATUS samr_OpenDomain( + [in,ref] policy_handle *connect_handle, + [in] samr_DomainAccessMask access_mask, + [in,ref] dom_sid2 *sid, + [out,ref] policy_handle *domain_handle + ); + + /************************/ + /* Function 0x08 */ + /* server roles */ + typedef [v1_enum] enum { + SAMR_ROLE_STANDALONE = 0, + SAMR_ROLE_DOMAIN_MEMBER = 1, + SAMR_ROLE_DOMAIN_BDC = 2, + SAMR_ROLE_DOMAIN_PDC = 3 + } samr_Role; + + /* password properties flags */ + typedef [public,bitmap32bit] bitmap { + DOMAIN_PASSWORD_COMPLEX = 0x00000001, + DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, + DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, + DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, + DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, + DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 + } samr_PasswordProperties; + + typedef struct { + uint16 min_password_length; + uint16 password_history_length; + samr_PasswordProperties password_properties; + /* yes, these are signed. They are in negative 100ns */ + dlong max_password_age; + dlong min_password_age; + } samr_DomInfo1; + + typedef struct { + NTTIME force_logoff_time; + lsa_String oem_information; /* comment */ + lsa_String domain_name; + lsa_String primary; /* PDC name if this is a BDC */ + udlong sequence_num; + uint32 unknown2; + samr_Role role; + uint32 unknown3; + uint32 num_users; + uint32 num_groups; + uint32 num_aliases; + } samr_DomGeneralInformation; + + typedef struct { + NTTIME force_logoff_time; + } samr_DomInfo3; + + typedef struct { + lsa_String oem_information; /* comment */ + } samr_DomOEMInformation; + + typedef struct { + lsa_String domain_name; + } samr_DomInfo5; + + typedef struct { + lsa_String primary; + } samr_DomInfo6; + + typedef struct { + samr_Role role; + } samr_DomInfo7; + + typedef struct { + hyper sequence_num; + NTTIME domain_create_time; + } samr_DomInfo8; + + typedef struct { + uint32 unknown; /* w2k3 returns 1 */ + } samr_DomInfo9; + + typedef struct { + samr_DomGeneralInformation general; + hyper lockout_duration; + hyper lockout_window; + uint16 lockout_threshold; + } samr_DomGeneralInformation2; + + typedef struct { + hyper lockout_duration; + hyper lockout_window; + uint16 lockout_threshold; + } samr_DomInfo12; + + typedef struct { + hyper sequence_num; + NTTIME domain_create_time; + uint32 unknown1; + uint32 unknown2; + } samr_DomInfo13; + + typedef [switch_type(uint16)] union { + [case(1)] samr_DomInfo1 info1; + [case(2)] samr_DomGeneralInformation general; + [case(3)] samr_DomInfo3 info3; + [case(4)] samr_DomOEMInformation oem; + [case(5)] samr_DomInfo5 info5; + [case(6)] samr_DomInfo6 info6; + [case(7)] samr_DomInfo7 info7; + [case(8)] samr_DomInfo8 info8; + [case(9)] samr_DomInfo9 info9; + [case(11)] samr_DomGeneralInformation2 general2; + [case(12)] samr_DomInfo12 info12; + [case(13)] samr_DomInfo13 info13; + } samr_DomainInfo; + + NTSTATUS samr_QueryDomainInfo( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [out,switch_is(level),unique] samr_DomainInfo *info + ); + + /************************/ + /* Function 0x09 */ + /* + only levels 1, 3, 4, 6, 7, 9, 12 are valid for this + call in w2k3 + */ + NTSTATUS samr_SetDomainInfo( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in,switch_is(level),ref] samr_DomainInfo *info + ); + + + /************************/ + /* Function 0x0a */ + NTSTATUS samr_CreateDomainGroup( + [in,ref] policy_handle *domain_handle, + [in,ref] lsa_String *name, + [in] samr_GroupAccessMask access_mask, + [out,ref] policy_handle *group_handle, + [out,ref] uint32 *rid + ); + + + /************************/ + /* Function 0x0b */ + NTSTATUS samr_EnumDomainGroups( + [in,ref] policy_handle *domain_handle, + [in,out,ref] uint32 *resume_handle, + [in] uint32 max_size, + [out,unique] samr_SamArray *sam, + [out] uint32 num_entries + ); + + /************************/ + /* Function 0x0c */ + NTSTATUS samr_CreateUser( + [in,ref] policy_handle *domain_handle, + [in,ref] lsa_String *account_name, + [in] samr_UserAccessMask access_mask, + [out,ref] policy_handle *user_handle, + [out,ref] uint32 *rid + ); + + /************************/ + /* Function 0x0d */ + + + /* w2k3 treats max_size as max_users*54 and sets the + resume_handle as the rid of the last user sent + */ + const int SAMR_ENUM_USERS_MULTIPLIER = 54; + + NTSTATUS samr_EnumDomainUsers( + [in,ref] policy_handle *domain_handle, + [in,out,ref] uint32 *resume_handle, + [in] samr_AcctFlags acct_flags, + [in] uint32 max_size, + [out,unique] samr_SamArray *sam, + [out] uint32 num_entries + ); + + /************************/ + /* Function 0x0e */ + NTSTATUS samr_CreateDomAlias( + [in,ref] policy_handle *domain_handle, + [in,ref] lsa_String *alias_name, + [in] samr_AliasAccessMask access_mask, + [out,ref] policy_handle *alias_handle, + [out,ref] uint32 *rid + ); + + /************************/ + /* Function 0x0f */ + NTSTATUS samr_EnumDomainAliases( + [in,ref] policy_handle *domain_handle, + [in,out,ref] uint32 *resume_handle, + [in] samr_AcctFlags acct_flags, + [out,unique] samr_SamArray *sam, + [out] uint32 num_entries + ); + + /************************/ + /* Function 0x10 */ + + typedef struct { + [range(0,1024)] uint32 count; + [size_is(count)] uint32 *ids; + } samr_Ids; + + NTSTATUS samr_GetAliasMembership( + [in,ref] policy_handle *domain_handle, + [in,ref] lsa_SidArray *sids, + [out,ref] samr_Ids *rids + ); + + /************************/ + /* Function 0x11 */ + + [public] NTSTATUS samr_LookupNames( + [in,ref] policy_handle *domain_handle, + [in,range(0,1000)] uint32 num_names, + [in,size_is(1000),length_is(num_names)] lsa_String names[], + [out] samr_Ids rids, + [out] samr_Ids types + ); + + + /************************/ + /* Function 0x12 */ + NTSTATUS samr_LookupRids( + [in,ref] policy_handle *domain_handle, + [in,range(0,1000)] uint32 num_rids, + [in,size_is(1000),length_is(num_rids)] uint32 rids[], + [out] lsa_Strings names, + [out] samr_Ids types + ); + + /************************/ + /* Function 0x13 */ + NTSTATUS samr_OpenGroup( + [in,ref] policy_handle *domain_handle, + [in] samr_GroupAccessMask access_mask, + [in] uint32 rid, + [out,ref] policy_handle *group_handle + ); + + /* Group attributes */ + typedef [public,bitmap32bit] bitmap { + SE_GROUP_MANDATORY = 0x00000001, + SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002, + SE_GROUP_ENABLED = 0x00000004, + SE_GROUP_OWNER = 0x00000008, + SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010, + SE_GROUP_RESOURCE = 0x20000000, + SE_GROUP_LOGON_ID = 0xC0000000 + } samr_GroupAttrs; + + /************************/ + /* Function 0x14 */ + + typedef struct { + lsa_String name; + samr_GroupAttrs attributes; + uint32 num_members; + lsa_String description; + } samr_GroupInfoAll; + + typedef struct { + samr_GroupAttrs attributes; + } samr_GroupInfoAttributes; + + typedef struct { + lsa_String description; + } samr_GroupInfoDescription; + + typedef enum { + GROUPINFOALL = 1, + GROUPINFONAME = 2, + GROUPINFOATTRIBUTES = 3, + GROUPINFODESCRIPTION = 4, + GROUPINFOALL2 = 5 + } samr_GroupInfoEnum; + + typedef [switch_type(samr_GroupInfoEnum)] union { + [case(GROUPINFOALL)] samr_GroupInfoAll all; + [case(GROUPINFONAME)] lsa_String name; + [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; + [case(GROUPINFODESCRIPTION)] lsa_String description; + [case(GROUPINFOALL2)] samr_GroupInfoAll all2; + } samr_GroupInfo; + + NTSTATUS samr_QueryGroupInfo( + [in,ref] policy_handle *group_handle, + [in] samr_GroupInfoEnum level, + [out,switch_is(level),unique] samr_GroupInfo *info + ); + + /************************/ + /* Function 0x15 */ + NTSTATUS samr_SetGroupInfo( + [in,ref] policy_handle *group_handle, + [in] samr_GroupInfoEnum level, + [in,switch_is(level),ref] samr_GroupInfo *info + ); + + /************************/ + /* Function 0x16 */ + NTSTATUS samr_AddGroupMember( + [in,ref] policy_handle *group_handle, + [in] uint32 rid, + [in] uint32 flags + ); + + /************************/ + /* Function 0x17 */ + NTSTATUS samr_DeleteDomainGroup( + [in,out,ref] policy_handle *group_handle + ); + + /************************/ + /* Function 0x18 */ + NTSTATUS samr_DeleteGroupMember( + [in,ref] policy_handle *group_handle, + [in] uint32 rid + ); + + + /************************/ + /* Function 0x19 */ + typedef struct { + uint32 count; + [size_is(count)] uint32 *rids; + [size_is(count)] uint32 *types; + } samr_RidTypeArray; + + NTSTATUS samr_QueryGroupMember( + [in,ref] policy_handle *group_handle, + [out,unique] samr_RidTypeArray *rids + ); + + + /************************/ + /* Function 0x1a */ + + /* + win2003 seems to accept any data at all for the two integers + below, and doesn't seem to do anything with them that I can + see. Weird. I really expected the first integer to be a rid + and the second to be the attributes for that rid member. + */ + NTSTATUS samr_SetMemberAttributesOfGroup( + [in,ref] policy_handle *group_handle, + [in] uint32 unknown1, + [in] uint32 unknown2 + ); + + + /************************/ + /* Function 0x1b */ + NTSTATUS samr_OpenAlias ( + [in,ref] policy_handle *domain_handle, + [in] samr_AliasAccessMask access_mask, + [in] uint32 rid, + [out,ref] policy_handle *alias_handle + ); + + + /************************/ + /* Function 0x1c */ + + typedef struct { + lsa_String name; + uint32 num_members; + lsa_String description; + } samr_AliasInfoAll; + + typedef enum { + ALIASINFOALL = 1, + ALIASINFONAME = 2, + ALIASINFODESCRIPTION = 3 + } samr_AliasInfoEnum; + + typedef [switch_type(samr_AliasInfoEnum)] union { + [case(ALIASINFOALL)] samr_AliasInfoAll all; + [case(ALIASINFONAME)] lsa_String name; + [case(ALIASINFODESCRIPTION)] lsa_String description; + } samr_AliasInfo; + + NTSTATUS samr_QueryAliasInfo( + [in,ref] policy_handle *alias_handle, + [in] samr_AliasInfoEnum level, + [out,switch_is(level),unique] samr_AliasInfo *info + ); + + /************************/ + /* Function 0x1d */ + NTSTATUS samr_SetAliasInfo( + [in,ref] policy_handle *alias_handle, + [in] samr_AliasInfoEnum level, + [in,switch_is(level),ref] samr_AliasInfo *info + ); + + /************************/ + /* Function 0x1e */ + NTSTATUS samr_DeleteDomAlias( + [in,out,ref] policy_handle *alias_handle + ); + + /************************/ + /* Function 0x1f */ + NTSTATUS samr_AddAliasMember( + [in,ref] policy_handle *alias_handle, + [in,ref] dom_sid2 *sid + ); + + /************************/ + /* Function 0x20 */ + NTSTATUS samr_DeleteAliasMember( + [in,ref] policy_handle *alias_handle, + [in,ref] dom_sid2 *sid + ); + + /************************/ + /* Function 0x21 */ + NTSTATUS samr_GetMembersInAlias( + [in,ref] policy_handle *alias_handle, + [out,ref] lsa_SidArray *sids + ); + + /************************/ + /* Function 0x22 */ + [public] NTSTATUS samr_OpenUser( + [in,ref] policy_handle *domain_handle, + [in] samr_UserAccessMask access_mask, + [in] uint32 rid, + [out,ref] policy_handle *user_handle + ); + + /************************/ + /* Function 0x23 */ + NTSTATUS samr_DeleteUser( + [in,out,ref] policy_handle *user_handle + ); + + /************************/ + /* Function 0x24 */ + typedef struct { + lsa_String account_name; + lsa_String full_name; + uint32 primary_gid; + lsa_String description; + lsa_String comment; + } samr_UserInfo1; + + typedef struct { + lsa_String comment; + lsa_String unknown; /* settable, but doesn't stick. probably obsolete */ + uint16 country_code; + uint16 code_page; + } samr_UserInfo2; + + /* this is also used in samr and netlogon */ + typedef [public, flag(NDR_PAHEX)] struct { + uint16 units_per_week; + [size_is(1260), length_is(units_per_week/8)] uint8 *bits; + } samr_LogonHours; + + typedef struct { + lsa_String account_name; + lsa_String full_name; + uint32 rid; + uint32 primary_gid; + lsa_String home_directory; + lsa_String home_drive; + lsa_String logon_script; + lsa_String profile_path; + lsa_String workstations; + NTTIME last_logon; + NTTIME last_logoff; + NTTIME last_password_change; + NTTIME allow_password_change; + NTTIME force_password_change; + samr_LogonHours logon_hours; + uint16 bad_password_count; + uint16 logon_count; + samr_AcctFlags acct_flags; + } samr_UserInfo3; + + typedef struct { + samr_LogonHours logon_hours; + } samr_UserInfo4; + + typedef struct { + lsa_String account_name; + lsa_String full_name; + uint32 rid; + uint32 primary_gid; + lsa_String home_directory; + lsa_String home_drive; + lsa_String logon_script; + lsa_String profile_path; + lsa_String description; + lsa_String workstations; + NTTIME last_logon; + NTTIME last_logoff; + samr_LogonHours logon_hours; + uint16 bad_password_count; + uint16 logon_count; + NTTIME last_password_change; + NTTIME acct_expiry; + samr_AcctFlags acct_flags; + } samr_UserInfo5; + + typedef struct { + lsa_String account_name; + lsa_String full_name; + } samr_UserInfo6; + + typedef struct { + lsa_String account_name; + } samr_UserInfo7; + + typedef struct { + lsa_String full_name; + } samr_UserInfo8; + + typedef struct { + uint32 primary_gid; + } samr_UserInfo9; + + typedef struct { + lsa_String home_directory; + lsa_String home_drive; + } samr_UserInfo10; + + typedef struct { + lsa_String logon_script; + } samr_UserInfo11; + + typedef struct { + lsa_String profile_path; + } samr_UserInfo12; + + typedef struct { + lsa_String description; + } samr_UserInfo13; + + typedef struct { + lsa_String workstations; + } samr_UserInfo14; + + typedef struct { + samr_AcctFlags acct_flags; + } samr_UserInfo16; + + typedef struct { + NTTIME acct_expiry; + } samr_UserInfo17; + + typedef [public, flag(NDR_PAHEX)] struct { + uint8 hash[16]; + } samr_Password; + + typedef struct { + samr_Password lm_pwd; + samr_Password nt_pwd; + boolean8 lm_pwd_active; + boolean8 nt_pwd_active; + } samr_UserInfo18; + + typedef struct { + lsa_String parameters; + } samr_UserInfo20; + + /* this defines the bits used for fields_present in info21 */ + typedef [bitmap32bit] bitmap { + SAMR_FIELD_ACCOUNT_NAME = 0x00000001, + SAMR_FIELD_FULL_NAME = 0x00000002, + SAMR_FIELD_RID = 0x00000004, + SAMR_FIELD_PRIMARY_GID = 0x00000008, + SAMR_FIELD_DESCRIPTION = 0x00000010, + SAMR_FIELD_COMMENT = 0x00000020, + SAMR_FIELD_HOME_DIRECTORY = 0x00000040, + SAMR_FIELD_HOME_DRIVE = 0x00000080, + SAMR_FIELD_LOGON_SCRIPT = 0x00000100, + SAMR_FIELD_PROFILE_PATH = 0x00000200, + SAMR_FIELD_WORKSTATIONS = 0x00000400, + SAMR_FIELD_LAST_LOGON = 0x00000800, + SAMR_FIELD_LAST_LOGOFF = 0x00001000, + SAMR_FIELD_LOGON_HOURS = 0x00002000, + SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, + SAMR_FIELD_NUM_LOGONS = 0x00008000, + SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, + SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, + SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, + SAMR_FIELD_ACCT_EXPIRY = 0x00080000, + SAMR_FIELD_ACCT_FLAGS = 0x00100000, + SAMR_FIELD_PARAMETERS = 0x00200000, + SAMR_FIELD_COUNTRY_CODE = 0x00400000, + SAMR_FIELD_CODE_PAGE = 0x00800000, + SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ + SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ + SAMR_FIELD_PRIVATE_DATA = 0x04000000, + SAMR_FIELD_EXPIRED_FLAG = 0x08000000, + SAMR_FIELD_SEC_DESC = 0x10000000, + SAMR_FIELD_OWF_PWD = 0x20000000 + } samr_FieldsPresent; + + /* used for 'password_expired' in samr_UserInfo21 */ + const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; + const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; + + typedef struct { + NTTIME last_logon; + NTTIME last_logoff; + NTTIME last_password_change; + NTTIME acct_expiry; + NTTIME allow_password_change; + NTTIME force_password_change; + lsa_String account_name; + lsa_String full_name; + lsa_String home_directory; + lsa_String home_drive; + lsa_String logon_script; + lsa_String profile_path; + lsa_String description; + lsa_String workstations; + lsa_String comment; + lsa_String parameters; + lsa_String unknown1; + lsa_String unknown2; + lsa_String unknown3; + uint32 buf_count; + [size_is(buf_count)] uint8 *buffer; + uint32 rid; + uint32 primary_gid; + samr_AcctFlags acct_flags; + samr_FieldsPresent fields_present; + samr_LogonHours logon_hours; + uint16 bad_password_count; + uint16 logon_count; + uint16 country_code; + uint16 code_page; + uint8 nt_password_set; + uint8 lm_password_set; + uint8 password_expired; + uint8 unknown4; + } samr_UserInfo21; + + typedef [public, flag(NDR_PAHEX)] struct { + uint8 data[516]; + } samr_CryptPassword; + + typedef struct { + samr_UserInfo21 info; + samr_CryptPassword password; + } samr_UserInfo23; + + typedef struct { + samr_CryptPassword password; + uint8 pw_len; + } samr_UserInfo24; + + typedef [flag(NDR_PAHEX)] struct { + uint8 data[532]; + } samr_CryptPasswordEx; + + typedef struct { + samr_UserInfo21 info; + samr_CryptPasswordEx password; + } samr_UserInfo25; + + typedef struct { + samr_CryptPasswordEx password; + uint8 pw_len; + } samr_UserInfo26; + + typedef [switch_type(uint16)] union { + [case(1)] samr_UserInfo1 info1; + [case(2)] samr_UserInfo2 info2; + [case(3)] samr_UserInfo3 info3; + [case(4)] samr_UserInfo4 info4; + [case(5)] samr_UserInfo5 info5; + [case(6)] samr_UserInfo6 info6; + [case(7)] samr_UserInfo7 info7; + [case(8)] samr_UserInfo8 info8; + [case(9)] samr_UserInfo9 info9; + [case(10)] samr_UserInfo10 info10; + [case(11)] samr_UserInfo11 info11; + [case(12)] samr_UserInfo12 info12; + [case(13)] samr_UserInfo13 info13; + [case(14)] samr_UserInfo14 info14; + [case(16)] samr_UserInfo16 info16; + [case(17)] samr_UserInfo17 info17; + [case(18)] samr_UserInfo18 info18; + [case(20)] samr_UserInfo20 info20; + [case(21)] samr_UserInfo21 info21; + [case(23)] samr_UserInfo23 info23; + [case(24)] samr_UserInfo24 info24; + [case(25)] samr_UserInfo25 info25; + [case(26)] samr_UserInfo26 info26; + } samr_UserInfo; + + [public] NTSTATUS samr_QueryUserInfo( + [in,ref] policy_handle *user_handle, + [in] uint16 level, + [out,unique,switch_is(level)] samr_UserInfo *info + ); + + + /************************/ + /* Function 0x25 */ + [public] NTSTATUS samr_SetUserInfo( + [in,ref] policy_handle *user_handle, + [in] uint16 level, + [in,ref,switch_is(level)] samr_UserInfo *info + ); + + /************************/ + /* Function 0x26 */ + /* + this is a password change interface that doesn't give + the server the plaintext password. Depricated. + */ + NTSTATUS samr_ChangePasswordUser( + [in,ref] policy_handle *user_handle, + [in] boolean8 lm_present, + [in,unique] samr_Password *old_lm_crypted, + [in,unique] samr_Password *new_lm_crypted, + [in] boolean8 nt_present, + [in,unique] samr_Password *old_nt_crypted, + [in,unique] samr_Password *new_nt_crypted, + [in] boolean8 cross1_present, + [in,unique] samr_Password *nt_cross, + [in] boolean8 cross2_present, + [in,unique] samr_Password *lm_cross + ); + + /************************/ + /* Function 0x27 */ + + typedef [public] struct { + uint32 rid; + samr_GroupAttrs attributes; + } samr_RidWithAttribute; + + typedef [public] struct { + uint32 count; + [size_is(count)] samr_RidWithAttribute *rids; + } samr_RidWithAttributeArray; + + NTSTATUS samr_GetGroupsForUser( + [in,ref] policy_handle *user_handle, + [out,unique] samr_RidWithAttributeArray *rids + ); + + /************************/ + /* Function 0x28 */ + + typedef struct { + uint32 idx; + uint32 rid; + samr_AcctFlags acct_flags; + lsa_String account_name; + lsa_String description; + lsa_String full_name; + } samr_DispEntryGeneral; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryGeneral *entries; + } samr_DispInfoGeneral; + + typedef struct { + uint32 idx; + uint32 rid; + samr_AcctFlags acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFull; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFull *entries; + } samr_DispInfoFull; + + typedef struct { + uint32 idx; + uint32 rid; + samr_GroupAttrs acct_flags; + lsa_String account_name; + lsa_String description; + } samr_DispEntryFullGroup; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryFullGroup *entries; + } samr_DispInfoFullGroups; + + typedef struct { + uint32 idx; + lsa_AsciiStringLarge account_name; + } samr_DispEntryAscii; + + typedef struct { + uint32 count; + [size_is(count)] samr_DispEntryAscii *entries; + } samr_DispInfoAscii; + + typedef [switch_type(uint16)] union { + [case(1)] samr_DispInfoGeneral info1;/* users */ + [case(2)] samr_DispInfoFull info2; /* trust accounts? */ + [case(3)] samr_DispInfoFullGroups info3; /* groups */ + [case(4)] samr_DispInfoAscii info4; /* users */ + [case(5)] samr_DispInfoAscii info5; /* groups */ + } samr_DispInfo; + + NTSTATUS samr_QueryDisplayInfo( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in] uint32 start_idx, + [in] uint32 max_entries, + [in] uint32 buf_size, + [out] uint32 total_size, + [out] uint32 returned_size, + [out,switch_is(level)] samr_DispInfo info + ); + + + /************************/ + /* Function 0x29 */ + + /* + this seems to be an alphabetic search function. The returned index + is the index for samr_QueryDisplayInfo needed to get names occurring + after the specified name. The supplied name does not need to exist + in the database (for example you can supply just a first letter for + searching starting at that letter) + + The level corresponds to the samr_QueryDisplayInfo level + */ + NTSTATUS samr_GetDisplayEnumerationIndex( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in] lsa_String name, + [out] uint32 idx + ); + + + + /************************/ + /* Function 0x2a */ + + /* + w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this + */ + NTSTATUS samr_TestPrivateFunctionsDomain( + [in,ref] policy_handle *domain_handle + ); + + + /************************/ + /* Function 0x2b */ + + /* + w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this + */ + NTSTATUS samr_TestPrivateFunctionsUser( + [in,ref] policy_handle *user_handle + ); + + + /************************/ + /* Function 0x2c */ + + typedef struct { + uint16 min_password_length; + samr_PasswordProperties password_properties; + } samr_PwInfo; + + [public] NTSTATUS samr_GetUserPwInfo( + [in,ref] policy_handle *user_handle, + [out] samr_PwInfo info + ); + + /************************/ + /* Function 0x2d */ + NTSTATUS samr_RemoveMemberFromForeignDomain( + [in,ref] policy_handle *domain_handle, + [in,ref] dom_sid2 *sid + ); + + /************************/ + /* Function 0x2e */ + + /* + how is this different from QueryDomainInfo ?? + */ + NTSTATUS samr_QueryDomainInfo2( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [out,unique,switch_is(level)] samr_DomainInfo *info + ); + + /************************/ + /* Function 0x2f */ + + /* + how is this different from QueryUserInfo ?? + */ + NTSTATUS samr_QueryUserInfo2( + [in,ref] policy_handle *user_handle, + [in] uint16 level, + [out,unique,switch_is(level)] samr_UserInfo *info + ); + + /************************/ + /* Function 0x30 */ + + /* + how is this different from QueryDisplayInfo?? + */ + NTSTATUS samr_QueryDisplayInfo2( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in] uint32 start_idx, + [in] uint32 max_entries, + [in] uint32 buf_size, + [out] uint32 total_size, + [out] uint32 returned_size, + [out,switch_is(level)] samr_DispInfo info + ); + + /************************/ + /* Function 0x31 */ + + /* + how is this different from GetDisplayEnumerationIndex ?? + */ + NTSTATUS samr_GetDisplayEnumerationIndex2( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in] lsa_String name, + [out] uint32 idx + ); + + + /************************/ + /* Function 0x32 */ + NTSTATUS samr_CreateUser2( + [in,ref] policy_handle *domain_handle, + [in,ref] lsa_String *account_name, + [in] samr_AcctFlags acct_flags, + [in] samr_UserAccessMask access_mask, + [out,ref] policy_handle *user_handle, + [out,ref] uint32 *access_granted, + [out,ref] uint32 *rid + ); + + + /************************/ + /* Function 0x33 */ + + /* + another duplicate. There must be a reason .... + */ + NTSTATUS samr_QueryDisplayInfo3( + [in,ref] policy_handle *domain_handle, + [in] uint16 level, + [in] uint32 start_idx, + [in] uint32 max_entries, + [in] uint32 buf_size, + [out] uint32 total_size, + [out] uint32 returned_size, + [out,switch_is(level)] samr_DispInfo info + ); + + /************************/ + /* Function 0x34 */ + NTSTATUS samr_AddMultipleMembersToAlias( + [in,ref] policy_handle *alias_handle, + [in,ref] lsa_SidArray *sids + ); + + /************************/ + /* Function 0x35 */ + NTSTATUS samr_RemoveMultipleMembersFromAlias( + [in,ref] policy_handle *alias_handle, + [in,ref] lsa_SidArray *sids + ); + + /************************/ + /* Function 0x36 */ + + NTSTATUS samr_OemChangePasswordUser2( + [in,unique] lsa_AsciiString *server, + [in,ref] lsa_AsciiString *account, + [in,unique] samr_CryptPassword *password, + [in,unique] samr_Password *hash + ); + + /************************/ + /* Function 0x37 */ + NTSTATUS samr_ChangePasswordUser2( + [in,unique] lsa_String *server, + [in,ref] lsa_String *account, + [in,unique] samr_CryptPassword *nt_password, + [in,unique] samr_Password *nt_verifier, + [in] boolean8 lm_change, + [in,unique] samr_CryptPassword *lm_password, + [in,unique] samr_Password *lm_verifier + ); + + /************************/ + /* Function 0x38 */ + NTSTATUS samr_GetDomPwInfo( + [in,unique] lsa_String *domain_name, + [out] samr_PwInfo info + ); + + /************************/ + /* Function 0x39 */ + NTSTATUS samr_Connect2( + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, + [out,ref] policy_handle *connect_handle + ); + + /************************/ + /* Function 0x3a */ + /* + seems to be an exact alias for samr_SetUserInfo() + */ + [public] NTSTATUS samr_SetUserInfo2( + [in,ref] policy_handle *user_handle, + [in] uint16 level, + [in,ref,switch_is(level)] samr_UserInfo *info + ); + + /************************/ + /* Function 0x3b */ + /* + this one is mysterious. I have a few guesses, but nothing working yet + */ + NTSTATUS samr_SetBootKeyInformation( + [in,ref] policy_handle *connect_handle, + [in] uint32 unknown1, + [in] uint32 unknown2, + [in] uint32 unknown3 + ); + + /************************/ + /* Function 0x3c */ + NTSTATUS samr_GetBootKeyInformation( + [in,ref] policy_handle *domain_handle, + [out] uint32 unknown + ); + + /************************/ + /* Function 0x3d */ + NTSTATUS samr_Connect3( + [in,unique,string,charset(UTF16)] uint16 *system_name, + /* this unknown value seems to be completely ignored by w2k3 */ + [in] uint32 unknown, + [in] samr_ConnectAccessMask access_mask, + [out,ref] policy_handle *connect_handle + ); + + /************************/ + /* Function 0x3e */ + + typedef enum { + SAMR_CONNECT_PRE_W2K = 1, + SAMR_CONNECT_W2K = 2, + SAMR_CONNECT_AFTER_W2K = 3 + } samr_ConnectVersion; + + NTSTATUS samr_Connect4( + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectVersion client_version, + [in] samr_ConnectAccessMask access_mask, + [out,ref] policy_handle *connect_handle + ); + + /************************/ + /* Function 0x3f */ + + typedef enum samr_RejectReason samr_RejectReason; + + typedef struct { + samr_RejectReason reason; + uint32 unknown1; + uint32 unknown2; + } samr_ChangeReject; + + NTSTATUS samr_ChangePasswordUser3( + [in,unique] lsa_String *server, + [in,ref] lsa_String *account, + [in,unique] samr_CryptPassword *nt_password, + [in,unique] samr_Password *nt_verifier, + [in] boolean8 lm_change, + [in,unique] samr_CryptPassword *lm_password, + [in,unique] samr_Password *lm_verifier, + [in,unique] samr_CryptPassword *password3, + [out,unique] samr_DomInfo1 *dominfo, + [out,unique] samr_ChangeReject *reject + ); + + /************************/ + /* Function 0x40 */ + + typedef struct { + samr_ConnectVersion client_version; /* w2k3 gives 3 */ + uint32 unknown2; /* w2k3 gives 0 */ + } samr_ConnectInfo1; + + typedef union { + [case(1)] samr_ConnectInfo1 info1; + } samr_ConnectInfo; + + [public] NTSTATUS samr_Connect5( + [in,unique,string,charset(UTF16)] uint16 *system_name, + [in] samr_ConnectAccessMask access_mask, + [in,out] uint32 level, + [in,out,switch_is(level),ref] samr_ConnectInfo *info, + [out,ref] policy_handle *connect_handle + ); + + /************************/ + /* Function 0x41 */ + NTSTATUS samr_RidToSid( + [in,ref] policy_handle *domain_handle, + [in] uint32 rid, + [out,unique] dom_sid2 *sid + ); + + + /************************/ + /* Function 0x42 */ + + /* + this should set the DSRM password for the server, which is used + when booting into Directory Services Recovery Mode on a DC. Win2003 + gives me NT_STATUS_NOT_SUPPORTED + */ + + NTSTATUS samr_SetDsrmPassword( + [in,unique] lsa_String *name, + [in] uint32 unknown, + [in,unique] samr_Password *hash + ); + + + /************************/ + /* Function 0x43 */ + /************************/ + typedef [bitmap32bit] bitmap { + SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, + SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, + SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, + SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 + } samr_ValidateFieldsPresent; + + typedef enum { + NetValidateAuthentication = 1, + NetValidatePasswordChange= 2, + NetValidatePasswordReset = 3 + } samr_ValidatePasswordLevel; + + /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't + * identified the mapping of + * - NERR_PasswordFilterError + * - NERR_PasswordExpired and + * - NERR_PasswordCantChange + * yet - Guenther + */ + + typedef enum { + SAMR_VALIDATION_STATUS_SUCCESS = 0, + SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, + SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, + SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, + SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, + SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, + SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, + SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, + SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 + } samr_ValidationStatus; + + typedef struct { + uint32 length; + [size_is(length)] uint8 *data; + } samr_ValidationBlob; + + typedef struct { + samr_ValidateFieldsPresent fields_present; + NTTIME_hyper last_password_change; + NTTIME_hyper bad_password_time; + NTTIME_hyper lockout_time; + uint32 bad_pwd_count; + uint32 pwd_history_len; + [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; + } samr_ValidatePasswordInfo; + + typedef struct { + samr_ValidatePasswordInfo info; + samr_ValidationStatus status; + } samr_ValidatePasswordRepCtr; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordRepCtr ctr1; + [case(2)] samr_ValidatePasswordRepCtr ctr2; + [case(3)] samr_ValidatePasswordRepCtr ctr3; + } samr_ValidatePasswordRep; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 pwd_must_change_at_next_logon; + boolean8 clear_lockout; + } samr_ValidatePasswordReq3; + + typedef struct { + samr_ValidatePasswordInfo info; + lsa_StringLarge password; + lsa_StringLarge account; + samr_ValidationBlob hash; + boolean8 password_matched; + } samr_ValidatePasswordReq2; + + typedef struct { + samr_ValidatePasswordInfo info; + boolean8 password_matched; + } samr_ValidatePasswordReq1; + + typedef [switch_type(uint16)] union { + [case(1)] samr_ValidatePasswordReq1 req1; + [case(2)] samr_ValidatePasswordReq2 req2; + [case(3)] samr_ValidatePasswordReq3 req3; + } samr_ValidatePasswordReq; + + NTSTATUS samr_ValidatePassword( + [in] samr_ValidatePasswordLevel level, + [in,switch_is(level)] samr_ValidatePasswordReq req, + [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep + ); +} diff --git a/source4/librpc/idl/samr.idl b/source4/librpc/idl/samr.idl deleted file mode 100644 index 47882dfb84..0000000000 --- a/source4/librpc/idl/samr.idl +++ /dev/null @@ -1,1424 +0,0 @@ -#include "idl_types.h" - -/* - samr interface definition -*/ -import "misc.idl", "lsa.idl", "security.idl"; - -/* - Thanks to Todd Sabin for some information from his samr.idl in acltools -*/ - -[ uuid("12345778-1234-abcd-ef00-0123456789ac"), - version(1.0), - endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), - pointer_default(unique) -] interface samr -{ - typedef bitmap security_secinfo security_secinfo; - - /* account control (acct_flags) bits */ - typedef [public,bitmap32bit] bitmap { - ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ - ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ - ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ - ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ - ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ - ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ - ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ - ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ - ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ - ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ - ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ - ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ - ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ - ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ - ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ - ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ - ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ - ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ - ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ - } samr_AcctFlags; - - typedef [bitmap32bit] bitmap { - SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, - SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, - SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, - SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, - SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, - SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 - } samr_ConnectAccessMask; - - typedef [bitmap32bit] bitmap { - SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, - SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, - SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, - SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, - SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, - SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, - SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, - SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, - SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, - SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, - SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 - } samr_UserAccessMask; - - typedef [bitmap32bit] bitmap { - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, - SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, - SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, - SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, - SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, - SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, - SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, - SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 - } samr_DomainAccessMask; - - typedef [bitmap32bit] bitmap { - SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, - SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, - SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, - SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, - SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 - } samr_GroupAccessMask; - - typedef [bitmap32bit] bitmap { - SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, - SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, - SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, - SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, - SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 - } samr_AliasAccessMask; - - /******************/ - /* Function: 0x00 */ - NTSTATUS samr_Connect ( - /* notice the lack of [string] */ - [in,unique] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - - /******************/ - /* Function: 0x01 */ - [public] NTSTATUS samr_Close ( - [in,out,ref] policy_handle *handle - ); - - /******************/ - /* Function: 0x02 */ - - NTSTATUS samr_SetSecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [in,ref] sec_desc_buf *sdbuf - ); - - /******************/ - /* Function: 0x03 */ - - NTSTATUS samr_QuerySecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [out,unique] sec_desc_buf *sdbuf - ); - - /******************/ - /* Function: 0x04 */ - - /* - shutdown the SAM - once you call this the SAM will be dead - */ - NTSTATUS samr_Shutdown ( - [in,ref] policy_handle *connect_handle - ); - - /******************/ - /* Function: 0x05 */ - NTSTATUS samr_LookupDomain ( - [in,ref] policy_handle *connect_handle, - [in,ref] lsa_String *domain_name, - [out,unique] dom_sid2 *sid - ); - - - /******************/ - /* Function: 0x06 */ - - typedef struct { - uint32 idx; - lsa_String name; - } samr_SamEntry; - - typedef struct { - uint32 count; - [size_is(count)] samr_SamEntry *entries; - } samr_SamArray; - - NTSTATUS samr_EnumDomains ( - [in,ref] policy_handle *connect_handle, - [in,out,ref] uint32 *resume_handle, - [in] uint32 buf_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries - ); - - - /************************/ - /* Function 0x07 */ - [public] NTSTATUS samr_OpenDomain( - [in,ref] policy_handle *connect_handle, - [in] samr_DomainAccessMask access_mask, - [in,ref] dom_sid2 *sid, - [out,ref] policy_handle *domain_handle - ); - - /************************/ - /* Function 0x08 */ - /* server roles */ - typedef [v1_enum] enum { - SAMR_ROLE_STANDALONE = 0, - SAMR_ROLE_DOMAIN_MEMBER = 1, - SAMR_ROLE_DOMAIN_BDC = 2, - SAMR_ROLE_DOMAIN_PDC = 3 - } samr_Role; - - /* password properties flags */ - typedef [public,bitmap32bit] bitmap { - DOMAIN_PASSWORD_COMPLEX = 0x00000001, - DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, - DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, - DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, - DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, - DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 - } samr_PasswordProperties; - - typedef struct { - uint16 min_password_length; - uint16 password_history_length; - samr_PasswordProperties password_properties; - /* yes, these are signed. They are in negative 100ns */ - dlong max_password_age; - dlong min_password_age; - } samr_DomInfo1; - - typedef struct { - NTTIME force_logoff_time; - lsa_String oem_information; /* comment */ - lsa_String domain_name; - lsa_String primary; /* PDC name if this is a BDC */ - udlong sequence_num; - uint32 unknown2; - samr_Role role; - uint32 unknown3; - uint32 num_users; - uint32 num_groups; - uint32 num_aliases; - } samr_DomGeneralInformation; - - typedef struct { - NTTIME force_logoff_time; - } samr_DomInfo3; - - typedef struct { - lsa_String oem_information; /* comment */ - } samr_DomOEMInformation; - - typedef struct { - lsa_String domain_name; - } samr_DomInfo5; - - typedef struct { - lsa_String primary; - } samr_DomInfo6; - - typedef struct { - samr_Role role; - } samr_DomInfo7; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - } samr_DomInfo8; - - typedef struct { - uint32 unknown; /* w2k3 returns 1 */ - } samr_DomInfo9; - - typedef struct { - samr_DomGeneralInformation general; - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomGeneralInformation2; - - typedef struct { - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomInfo12; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - uint32 unknown1; - uint32 unknown2; - } samr_DomInfo13; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DomInfo1 info1; - [case(2)] samr_DomGeneralInformation general; - [case(3)] samr_DomInfo3 info3; - [case(4)] samr_DomOEMInformation oem; - [case(5)] samr_DomInfo5 info5; - [case(6)] samr_DomInfo6 info6; - [case(7)] samr_DomInfo7 info7; - [case(8)] samr_DomInfo8 info8; - [case(9)] samr_DomInfo9 info9; - [case(11)] samr_DomGeneralInformation2 general2; - [case(12)] samr_DomInfo12 info12; - [case(13)] samr_DomInfo13 info13; - } samr_DomainInfo; - - NTSTATUS samr_QueryDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,switch_is(level),unique] samr_DomainInfo *info - ); - - /************************/ - /* Function 0x09 */ - /* - only levels 1, 3, 4, 6, 7, 9, 12 are valid for this - call in w2k3 - */ - NTSTATUS samr_SetDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,switch_is(level),ref] samr_DomainInfo *info - ); - - - /************************/ - /* Function 0x0a */ - NTSTATUS samr_CreateDomainGroup( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *name, - [in] samr_GroupAccessMask access_mask, - [out,ref] policy_handle *group_handle, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x0b */ - NTSTATUS samr_EnumDomainGroups( - [in,ref] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [in] uint32 max_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries - ); - - /************************/ - /* Function 0x0c */ - NTSTATUS samr_CreateUser( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0d */ - - - /* w2k3 treats max_size as max_users*54 and sets the - resume_handle as the rid of the last user sent - */ - const int SAMR_ENUM_USERS_MULTIPLIER = 54; - - NTSTATUS samr_EnumDomainUsers( - [in,ref] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [in] uint32 max_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries - ); - - /************************/ - /* Function 0x0e */ - NTSTATUS samr_CreateDomAlias( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *alias_name, - [in] samr_AliasAccessMask access_mask, - [out,ref] policy_handle *alias_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0f */ - NTSTATUS samr_EnumDomainAliases( - [in,ref] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries - ); - - /************************/ - /* Function 0x10 */ - - typedef struct { - [range(0,1024)] uint32 count; - [size_is(count)] uint32 *ids; - } samr_Ids; - - NTSTATUS samr_GetAliasMembership( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_SidArray *sids, - [out,ref] samr_Ids *rids - ); - - /************************/ - /* Function 0x11 */ - - [public] NTSTATUS samr_LookupNames( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out] samr_Ids rids, - [out] samr_Ids types - ); - - - /************************/ - /* Function 0x12 */ - NTSTATUS samr_LookupRids( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_rids, - [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out] lsa_Strings names, - [out] samr_Ids types - ); - - /************************/ - /* Function 0x13 */ - NTSTATUS samr_OpenGroup( - [in,ref] policy_handle *domain_handle, - [in] samr_GroupAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *group_handle - ); - - /* Group attributes */ - typedef [public,bitmap32bit] bitmap { - SE_GROUP_MANDATORY = 0x00000001, - SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002, - SE_GROUP_ENABLED = 0x00000004, - SE_GROUP_OWNER = 0x00000008, - SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010, - SE_GROUP_RESOURCE = 0x20000000, - SE_GROUP_LOGON_ID = 0xC0000000 - } samr_GroupAttrs; - - /************************/ - /* Function 0x14 */ - - typedef struct { - lsa_String name; - samr_GroupAttrs attributes; - uint32 num_members; - lsa_String description; - } samr_GroupInfoAll; - - typedef struct { - samr_GroupAttrs attributes; - } samr_GroupInfoAttributes; - - typedef struct { - lsa_String description; - } samr_GroupInfoDescription; - - typedef enum { - GROUPINFOALL = 1, - GROUPINFONAME = 2, - GROUPINFOATTRIBUTES = 3, - GROUPINFODESCRIPTION = 4, - GROUPINFOALL2 = 5 - } samr_GroupInfoEnum; - - typedef [switch_type(samr_GroupInfoEnum)] union { - [case(GROUPINFOALL)] samr_GroupInfoAll all; - [case(GROUPINFONAME)] lsa_String name; - [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; - [case(GROUPINFODESCRIPTION)] lsa_String description; - [case(GROUPINFOALL2)] samr_GroupInfoAll all2; - } samr_GroupInfo; - - NTSTATUS samr_QueryGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [out,switch_is(level),unique] samr_GroupInfo *info - ); - - /************************/ - /* Function 0x15 */ - NTSTATUS samr_SetGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [in,switch_is(level),ref] samr_GroupInfo *info - ); - - /************************/ - /* Function 0x16 */ - NTSTATUS samr_AddGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid, - [in] uint32 flags - ); - - /************************/ - /* Function 0x17 */ - NTSTATUS samr_DeleteDomainGroup( - [in,out,ref] policy_handle *group_handle - ); - - /************************/ - /* Function 0x18 */ - NTSTATUS samr_DeleteGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid - ); - - - /************************/ - /* Function 0x19 */ - typedef struct { - uint32 count; - [size_is(count)] uint32 *rids; - [size_is(count)] uint32 *types; - } samr_RidTypeArray; - - NTSTATUS samr_QueryGroupMember( - [in,ref] policy_handle *group_handle, - [out,unique] samr_RidTypeArray *rids - ); - - - /************************/ - /* Function 0x1a */ - - /* - win2003 seems to accept any data at all for the two integers - below, and doesn't seem to do anything with them that I can - see. Weird. I really expected the first integer to be a rid - and the second to be the attributes for that rid member. - */ - NTSTATUS samr_SetMemberAttributesOfGroup( - [in,ref] policy_handle *group_handle, - [in] uint32 unknown1, - [in] uint32 unknown2 - ); - - - /************************/ - /* Function 0x1b */ - NTSTATUS samr_OpenAlias ( - [in,ref] policy_handle *domain_handle, - [in] samr_AliasAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *alias_handle - ); - - - /************************/ - /* Function 0x1c */ - - typedef struct { - lsa_String name; - uint32 num_members; - lsa_String description; - } samr_AliasInfoAll; - - typedef enum { - ALIASINFOALL = 1, - ALIASINFONAME = 2, - ALIASINFODESCRIPTION = 3 - } samr_AliasInfoEnum; - - typedef [switch_type(samr_AliasInfoEnum)] union { - [case(ALIASINFOALL)] samr_AliasInfoAll all; - [case(ALIASINFONAME)] lsa_String name; - [case(ALIASINFODESCRIPTION)] lsa_String description; - } samr_AliasInfo; - - NTSTATUS samr_QueryAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [out,switch_is(level),unique] samr_AliasInfo *info - ); - - /************************/ - /* Function 0x1d */ - NTSTATUS samr_SetAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [in,switch_is(level),ref] samr_AliasInfo *info - ); - - /************************/ - /* Function 0x1e */ - NTSTATUS samr_DeleteDomAlias( - [in,out,ref] policy_handle *alias_handle - ); - - /************************/ - /* Function 0x1f */ - NTSTATUS samr_AddAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x20 */ - NTSTATUS samr_DeleteAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x21 */ - NTSTATUS samr_GetMembersInAlias( - [in,ref] policy_handle *alias_handle, - [out,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x22 */ - [public] NTSTATUS samr_OpenUser( - [in,ref] policy_handle *domain_handle, - [in] samr_UserAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x23 */ - NTSTATUS samr_DeleteUser( - [in,out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x24 */ - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 primary_gid; - lsa_String description; - lsa_String comment; - } samr_UserInfo1; - - typedef struct { - lsa_String comment; - lsa_String unknown; /* settable, but doesn't stick. probably obsolete */ - uint16 country_code; - uint16 code_page; - } samr_UserInfo2; - - /* this is also used in samr and netlogon */ - typedef [public, flag(NDR_PAHEX)] struct { - uint16 units_per_week; - [size_is(1260), length_is(units_per_week/8)] uint8 *bits; - } samr_LogonHours; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME allow_password_change; - NTTIME force_password_change; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - samr_AcctFlags acct_flags; - } samr_UserInfo3; - - typedef struct { - samr_LogonHours logon_hours; - } samr_UserInfo4; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - NTTIME last_password_change; - NTTIME acct_expiry; - samr_AcctFlags acct_flags; - } samr_UserInfo5; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - } samr_UserInfo6; - - typedef struct { - lsa_String account_name; - } samr_UserInfo7; - - typedef struct { - lsa_String full_name; - } samr_UserInfo8; - - typedef struct { - uint32 primary_gid; - } samr_UserInfo9; - - typedef struct { - lsa_String home_directory; - lsa_String home_drive; - } samr_UserInfo10; - - typedef struct { - lsa_String logon_script; - } samr_UserInfo11; - - typedef struct { - lsa_String profile_path; - } samr_UserInfo12; - - typedef struct { - lsa_String description; - } samr_UserInfo13; - - typedef struct { - lsa_String workstations; - } samr_UserInfo14; - - typedef struct { - samr_AcctFlags acct_flags; - } samr_UserInfo16; - - typedef struct { - NTTIME acct_expiry; - } samr_UserInfo17; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 hash[16]; - } samr_Password; - - typedef struct { - samr_Password lm_pwd; - samr_Password nt_pwd; - boolean8 lm_pwd_active; - boolean8 nt_pwd_active; - } samr_UserInfo18; - - typedef struct { - lsa_String parameters; - } samr_UserInfo20; - - /* this defines the bits used for fields_present in info21 */ - typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_RID = 0x00000004, - SAMR_FIELD_PRIMARY_GID = 0x00000008, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_HOME_DIRECTORY = 0x00000040, - SAMR_FIELD_HOME_DRIVE = 0x00000080, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LAST_LOGON = 0x00000800, - SAMR_FIELD_LAST_LOGOFF = 0x00001000, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, - SAMR_FIELD_NUM_LOGONS = 0x00008000, - SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, - SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, - SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, - SAMR_FIELD_ACCT_EXPIRY = 0x00080000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ - SAMR_FIELD_PRIVATE_DATA = 0x04000000, - SAMR_FIELD_EXPIRED_FLAG = 0x08000000, - SAMR_FIELD_SEC_DESC = 0x10000000, - SAMR_FIELD_OWF_PWD = 0x20000000 - } samr_FieldsPresent; - - /* used for 'password_expired' in samr_UserInfo21 */ - const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; - const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; - - typedef struct { - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME acct_expiry; - NTTIME allow_password_change; - NTTIME force_password_change; - lsa_String account_name; - lsa_String full_name; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - lsa_String comment; - lsa_String parameters; - lsa_String unknown1; - lsa_String unknown2; - lsa_String unknown3; - uint32 buf_count; - [size_is(buf_count)] uint8 *buffer; - uint32 rid; - uint32 primary_gid; - samr_AcctFlags acct_flags; - samr_FieldsPresent fields_present; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - uint16 country_code; - uint16 code_page; - uint8 nt_password_set; - uint8 lm_password_set; - uint8 password_expired; - uint8 unknown4; - } samr_UserInfo21; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 data[516]; - } samr_CryptPassword; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPassword password; - } samr_UserInfo23; - - typedef struct { - samr_CryptPassword password; - uint8 pw_len; - } samr_UserInfo24; - - typedef [flag(NDR_PAHEX)] struct { - uint8 data[532]; - } samr_CryptPasswordEx; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPasswordEx password; - } samr_UserInfo25; - - typedef struct { - samr_CryptPasswordEx password; - uint8 pw_len; - } samr_UserInfo26; - - typedef [switch_type(uint16)] union { - [case(1)] samr_UserInfo1 info1; - [case(2)] samr_UserInfo2 info2; - [case(3)] samr_UserInfo3 info3; - [case(4)] samr_UserInfo4 info4; - [case(5)] samr_UserInfo5 info5; - [case(6)] samr_UserInfo6 info6; - [case(7)] samr_UserInfo7 info7; - [case(8)] samr_UserInfo8 info8; - [case(9)] samr_UserInfo9 info9; - [case(10)] samr_UserInfo10 info10; - [case(11)] samr_UserInfo11 info11; - [case(12)] samr_UserInfo12 info12; - [case(13)] samr_UserInfo13 info13; - [case(14)] samr_UserInfo14 info14; - [case(16)] samr_UserInfo16 info16; - [case(17)] samr_UserInfo17 info17; - [case(18)] samr_UserInfo18 info18; - [case(20)] samr_UserInfo20 info20; - [case(21)] samr_UserInfo21 info21; - [case(23)] samr_UserInfo23 info23; - [case(24)] samr_UserInfo24 info24; - [case(25)] samr_UserInfo25 info25; - [case(26)] samr_UserInfo26 info26; - } samr_UserInfo; - - [public] NTSTATUS samr_QueryUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,unique,switch_is(level)] samr_UserInfo *info - ); - - - /************************/ - /* Function 0x25 */ - [public] NTSTATUS samr_SetUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x26 */ - /* - this is a password change interface that doesn't give - the server the plaintext password. Depricated. - */ - NTSTATUS samr_ChangePasswordUser( - [in,ref] policy_handle *user_handle, - [in] boolean8 lm_present, - [in,unique] samr_Password *old_lm_crypted, - [in,unique] samr_Password *new_lm_crypted, - [in] boolean8 nt_present, - [in,unique] samr_Password *old_nt_crypted, - [in,unique] samr_Password *new_nt_crypted, - [in] boolean8 cross1_present, - [in,unique] samr_Password *nt_cross, - [in] boolean8 cross2_present, - [in,unique] samr_Password *lm_cross - ); - - /************************/ - /* Function 0x27 */ - - typedef [public] struct { - uint32 rid; - samr_GroupAttrs attributes; - } samr_RidWithAttribute; - - typedef [public] struct { - uint32 count; - [size_is(count)] samr_RidWithAttribute *rids; - } samr_RidWithAttributeArray; - - NTSTATUS samr_GetGroupsForUser( - [in,ref] policy_handle *user_handle, - [out,unique] samr_RidWithAttributeArray *rids - ); - - /************************/ - /* Function 0x28 */ - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - lsa_String full_name; - } samr_DispEntryGeneral; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryGeneral *entries; - } samr_DispInfoGeneral; - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFull; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFull *entries; - } samr_DispInfoFull; - - typedef struct { - uint32 idx; - uint32 rid; - samr_GroupAttrs acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFullGroup; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFullGroup *entries; - } samr_DispInfoFullGroups; - - typedef struct { - uint32 idx; - lsa_AsciiStringLarge account_name; - } samr_DispEntryAscii; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryAscii *entries; - } samr_DispInfoAscii; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DispInfoGeneral info1;/* users */ - [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFullGroups info3; /* groups */ - [case(4)] samr_DispInfoAscii info4; /* users */ - [case(5)] samr_DispInfoAscii info5; /* groups */ - } samr_DispInfo; - - NTSTATUS samr_QueryDisplayInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info - ); - - - /************************/ - /* Function 0x29 */ - - /* - this seems to be an alphabetic search function. The returned index - is the index for samr_QueryDisplayInfo needed to get names occurring - after the specified name. The supplied name does not need to exist - in the database (for example you can supply just a first letter for - searching starting at that letter) - - The level corresponds to the samr_QueryDisplayInfo level - */ - NTSTATUS samr_GetDisplayEnumerationIndex( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] lsa_String name, - [out] uint32 idx - ); - - - - /************************/ - /* Function 0x2a */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsDomain( - [in,ref] policy_handle *domain_handle - ); - - - /************************/ - /* Function 0x2b */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsUser( - [in,ref] policy_handle *user_handle - ); - - - /************************/ - /* Function 0x2c */ - - typedef struct { - uint16 min_password_length; - samr_PasswordProperties password_properties; - } samr_PwInfo; - - [public] NTSTATUS samr_GetUserPwInfo( - [in,ref] policy_handle *user_handle, - [out] samr_PwInfo info - ); - - /************************/ - /* Function 0x2d */ - NTSTATUS samr_RemoveMemberFromForeignDomain( - [in,ref] policy_handle *domain_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x2e */ - - /* - how is this different from QueryDomainInfo ?? - */ - NTSTATUS samr_QueryDomainInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,unique,switch_is(level)] samr_DomainInfo *info - ); - - /************************/ - /* Function 0x2f */ - - /* - how is this different from QueryUserInfo ?? - */ - NTSTATUS samr_QueryUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,unique,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x30 */ - - /* - how is this different from QueryDisplayInfo?? - */ - NTSTATUS samr_QueryDisplayInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info - ); - - /************************/ - /* Function 0x31 */ - - /* - how is this different from GetDisplayEnumerationIndex ?? - */ - NTSTATUS samr_GetDisplayEnumerationIndex2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] lsa_String name, - [out] uint32 idx - ); - - - /************************/ - /* Function 0x32 */ - NTSTATUS samr_CreateUser2( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_AcctFlags acct_flags, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *access_granted, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x33 */ - - /* - another duplicate. There must be a reason .... - */ - NTSTATUS samr_QueryDisplayInfo3( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info - ); - - /************************/ - /* Function 0x34 */ - NTSTATUS samr_AddMultipleMembersToAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x35 */ - NTSTATUS samr_RemoveMultipleMembersFromAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x36 */ - - NTSTATUS samr_OemChangePasswordUser2( - [in,unique] lsa_AsciiString *server, - [in,ref] lsa_AsciiString *account, - [in,unique] samr_CryptPassword *password, - [in,unique] samr_Password *hash - ); - - /************************/ - /* Function 0x37 */ - NTSTATUS samr_ChangePasswordUser2( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier - ); - - /************************/ - /* Function 0x38 */ - NTSTATUS samr_GetDomPwInfo( - [in,unique] lsa_String *domain_name, - [out] samr_PwInfo info - ); - - /************************/ - /* Function 0x39 */ - NTSTATUS samr_Connect2( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3a */ - /* - seems to be an exact alias for samr_SetUserInfo() - */ - [public] NTSTATUS samr_SetUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x3b */ - /* - this one is mysterious. I have a few guesses, but nothing working yet - */ - NTSTATUS samr_SetBootKeyInformation( - [in,ref] policy_handle *connect_handle, - [in] uint32 unknown1, - [in] uint32 unknown2, - [in] uint32 unknown3 - ); - - /************************/ - /* Function 0x3c */ - NTSTATUS samr_GetBootKeyInformation( - [in,ref] policy_handle *domain_handle, - [out] uint32 unknown - ); - - /************************/ - /* Function 0x3d */ - NTSTATUS samr_Connect3( - [in,unique,string,charset(UTF16)] uint16 *system_name, - /* this unknown value seems to be completely ignored by w2k3 */ - [in] uint32 unknown, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3e */ - - typedef enum { - SAMR_CONNECT_PRE_W2K = 1, - SAMR_CONNECT_W2K = 2, - SAMR_CONNECT_AFTER_W2K = 3 - } samr_ConnectVersion; - - NTSTATUS samr_Connect4( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectVersion client_version, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3f */ - - typedef enum samr_RejectReason samr_RejectReason; - - typedef struct { - samr_RejectReason reason; - uint32 unknown1; - uint32 unknown2; - } samr_ChangeReject; - - NTSTATUS samr_ChangePasswordUser3( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier, - [in,unique] samr_CryptPassword *password3, - [out,unique] samr_DomInfo1 *dominfo, - [out,unique] samr_ChangeReject *reject - ); - - /************************/ - /* Function 0x40 */ - - typedef struct { - samr_ConnectVersion client_version; /* w2k3 gives 3 */ - uint32 unknown2; /* w2k3 gives 0 */ - } samr_ConnectInfo1; - - typedef union { - [case(1)] samr_ConnectInfo1 info1; - } samr_ConnectInfo; - - [public] NTSTATUS samr_Connect5( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [in,out] uint32 level, - [in,out,switch_is(level),ref] samr_ConnectInfo *info, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x41 */ - NTSTATUS samr_RidToSid( - [in,ref] policy_handle *domain_handle, - [in] uint32 rid, - [out,unique] dom_sid2 *sid - ); - - - /************************/ - /* Function 0x42 */ - - /* - this should set the DSRM password for the server, which is used - when booting into Directory Services Recovery Mode on a DC. Win2003 - gives me NT_STATUS_NOT_SUPPORTED - */ - - NTSTATUS samr_SetDsrmPassword( - [in,unique] lsa_String *name, - [in] uint32 unknown, - [in,unique] samr_Password *hash - ); - - - /************************/ - /* Function 0x43 */ - /************************/ - typedef [bitmap32bit] bitmap { - SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, - SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 - } samr_ValidateFieldsPresent; - - typedef enum { - NetValidateAuthentication = 1, - NetValidatePasswordChange= 2, - NetValidatePasswordReset = 3 - } samr_ValidatePasswordLevel; - - /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't - * identified the mapping of - * - NERR_PasswordFilterError - * - NERR_PasswordExpired and - * - NERR_PasswordCantChange - * yet - Guenther - */ - - typedef enum { - SAMR_VALIDATION_STATUS_SUCCESS = 0, - SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, - SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, - SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, - SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, - SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, - SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, - SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, - SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 - } samr_ValidationStatus; - - typedef struct { - uint32 length; - [size_is(length)] uint8 *data; - } samr_ValidationBlob; - - typedef struct { - samr_ValidateFieldsPresent fields_present; - NTTIME_hyper last_password_change; - NTTIME_hyper bad_password_time; - NTTIME_hyper lockout_time; - uint32 bad_pwd_count; - uint32 pwd_history_len; - [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; - } samr_ValidatePasswordInfo; - - typedef struct { - samr_ValidatePasswordInfo info; - samr_ValidationStatus status; - } samr_ValidatePasswordRepCtr; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordRepCtr ctr1; - [case(2)] samr_ValidatePasswordRepCtr ctr2; - [case(3)] samr_ValidatePasswordRepCtr ctr3; - } samr_ValidatePasswordRep; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 pwd_must_change_at_next_logon; - boolean8 clear_lockout; - } samr_ValidatePasswordReq3; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 password_matched; - } samr_ValidatePasswordReq2; - - typedef struct { - samr_ValidatePasswordInfo info; - boolean8 password_matched; - } samr_ValidatePasswordReq1; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordReq1 req1; - [case(2)] samr_ValidatePasswordReq2 req2; - [case(3)] samr_ValidatePasswordReq3 req3; - } samr_ValidatePasswordReq; - - NTSTATUS samr_ValidatePassword( - [in] samr_ValidatePasswordLevel level, - [in,switch_is(level)] samr_ValidatePasswordReq req, - [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep - ); -} -- cgit From a4c24b4d3069698ae17bb57dc131f85b25a0c03d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 13:39:25 +0100 Subject: s3-samr-idl: cleanup. Guenther --- source3/librpc/idl/samr.idl | 4 ---- source3/rpc_server/srv_samr_nt.c | 3 +++ source3/winbindd/winbindd_rpc.c | 2 ++ 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index f47e0994dc..2f8657a0b1 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -441,9 +441,6 @@ import "misc.idl", "lsa.idl", "security.idl"; /************************/ /* Function 0x0b */ - const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */ - const int MAX_SAM_ENTRIES_W95 = 50; - NTSTATUS samr_EnumDomainGroups( [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, @@ -1437,7 +1434,6 @@ import "misc.idl", "lsa.idl", "security.idl"; [out,ref] dom_sid2 *sid ); - /************************/ /* Function 0x42 */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c573173900..62ac1cb5c3 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -45,6 +45,9 @@ #define DISP_INFO_CACHE_TIMEOUT 10 +#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ +#define MAX_SAM_ENTRIES_W95 50 + typedef struct disp_info { DOM_SID sid; /* identify which domain this is. */ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */ diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index d966e50159..7dea342a53 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -636,6 +636,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, return NT_STATUS_OK; } +#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ + NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 num_sids, const DOM_SID *sids, -- cgit From 1f846f6e617dfd10324004cf7fa76174a468bb16 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 16:09:11 +0100 Subject: s3-build: re-run make samba3-idl (after cleanup). Guenther --- source3/librpc/gen_ndr/samr.h | 2 -- 1 file changed, 2 deletions(-) diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 8c8f3f70f9..8ef6752dbf 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -33,8 +33,6 @@ #define GENERIC_RIGHTS_ALIAS_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) ) #define GENERIC_RIGHTS_ALIAS_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) ) #define GENERIC_RIGHTS_ALIAS_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) ) -#define MAX_SAM_ENTRIES_W2K ( 0x400 ) -#define MAX_SAM_ENTRIES_W95 ( 50 ) #define SAMR_ENUM_USERS_MULTIPLIER ( 54 ) #define PASS_MUST_CHANGE_AT_NEXT_LOGON ( 0x01 ) #define PASS_DONT_CHANGE_AT_NEXT_LOGON ( 0x00 ) -- cgit From 9888ed1d9ba127d4964ec2b04b506d9d026c3683 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Nov 2008 15:04:46 +0100 Subject: s4-samr: merge samr_UserInfo20 from s3 idl. This must not be treated as a normal string (strlen truncates it). Guenther --- librpc/idl/samr.idl | 4 ++-- source4/rpc_server/samr/dcesrv_samr.c | 24 ++++++++++++++++++------ 2 files changed, 20 insertions(+), 8 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index b4b4cc4a64..5a017e3175 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -742,7 +742,7 @@ import "misc.idl", "lsa.idl", "security.idl"; } samr_UserInfo18; typedef struct { - lsa_String parameters; + lsa_BinaryString parameters; } samr_UserInfo20; /* this defines the bits used for fields_present in info21 */ @@ -799,7 +799,7 @@ import "misc.idl", "lsa.idl", "security.idl"; lsa_String description; lsa_String workstations; lsa_String comment; - lsa_String parameters; + lsa_BinaryString parameters; lsa_String unknown1; lsa_String unknown2; lsa_String unknown3; diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index b3118d772d..1de46377c7 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -57,6 +57,8 @@ r->out.info->field = samdb_result_logon_hours(mem_ctx, msg, attr); #define QUERY_AFLAGS(msg, field, attr) \ r->out.info->field = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, a_state->domain_state->domain_dn); +#define QUERY_PARAMETERS(msg, field, attr) \ + r->out.info->field = samdb_result_parameters(mem_ctx, msg, attr); /* these are used to make the Set[User|Group]Info code easier to follow */ @@ -136,6 +138,16 @@ set_el->flags = LDB_FLAG_MOD_REPLACE; \ } while (0) +#define SET_PARAMETERS(msg, field, attr) do { \ + struct ldb_message_element *set_el; \ + if (samdb_msg_add_parameters(sam_ctx, mem_ctx, msg, attr, &r->in.info->field) != 0) { \ + return NT_STATUS_NO_MEMORY; \ + } \ + set_el = ldb_msg_find_element(msg, attr); \ + set_el->flags = LDB_FLAG_MOD_REPLACE; \ +} while (0) + + /* samr_Connect @@ -3290,7 +3302,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA break; case 20: - QUERY_STRING(msg, info20.parameters, "userParameters"); + QUERY_PARAMETERS(msg, info20.parameters, "userParameters"); break; case 21: @@ -3309,7 +3321,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_STRING(msg, info21.description, "description"); QUERY_STRING(msg, info21.workstations, "userWorkstations"); QUERY_STRING(msg, info21.comment, "comment"); - QUERY_STRING(msg, info21.parameters, "userParameters"); + QUERY_PARAMETERS(msg, info21.parameters, "userParameters"); QUERY_RID (msg, info21.rid, "objectSid"); QUERY_UINT (msg, info21.primary_gid, "primaryGroupID"); QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl"); @@ -3416,7 +3428,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL break; case 20: - SET_STRING(msg, info20.parameters, "userParameters"); + SET_PARAMETERS(msg, info20.parameters, "userParameters"); break; case 21: @@ -3446,7 +3458,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL IFSET(SAMR_FIELD_ACCT_FLAGS) SET_AFLAGS(msg, info21.acct_flags, "userAccountControl"); IFSET(SAMR_FIELD_PARAMETERS) - SET_STRING(msg, info21.parameters, "userParameters"); + SET_PARAMETERS(msg, info21.parameters, "userParameters"); IFSET(SAMR_FIELD_COUNTRY_CODE) SET_UINT (msg, info21.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) @@ -3477,7 +3489,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL IFSET(SAMR_FIELD_ACCT_FLAGS) SET_AFLAGS(msg, info23.info.acct_flags, "userAccountControl"); IFSET(SAMR_FIELD_PARAMETERS) - SET_STRING(msg, info23.info.parameters, "userParameters"); + SET_PARAMETERS(msg, info23.info.parameters, "userParameters"); IFSET(SAMR_FIELD_COUNTRY_CODE) SET_UINT (msg, info23.info.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) @@ -3533,7 +3545,7 @@ static NTSTATUS dcesrv_samr_SetUserInfo(struct dcesrv_call_state *dce_call, TALL IFSET(SAMR_FIELD_ACCT_FLAGS) SET_AFLAGS(msg, info25.info.acct_flags, "userAccountControl"); IFSET(SAMR_FIELD_PARAMETERS) - SET_STRING(msg, info25.info.parameters, "userParameters"); + SET_PARAMETERS(msg, info25.info.parameters, "userParameters"); IFSET(SAMR_FIELD_COUNTRY_CODE) SET_UINT (msg, info25.info.country_code, "countryCode"); IFSET(SAMR_FIELD_CODE_PAGE) -- cgit From 244dee6275c9fa72a5a736d5d3f5b94cd17f34d4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 11:26:43 +0100 Subject: s4-samr: prepare for Query.*Info calls: change macros. Guenther --- source4/rpc_server/samr/dcesrv_samr.c | 68 +++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 31 deletions(-) diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1de46377c7..86e4a52175 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -37,28 +37,28 @@ #include "../lib/util/util_ldb.h" #include "param/param.h" -/* these query macros make samr_Query[User|Group]Info a bit easier to read */ +/* these query macros make samr_Query[User|Group|Alias]Info a bit easier to read */ #define QUERY_STRING(msg, field, attr) \ - r->out.info->field.string = samdb_result_string(msg, attr, ""); + info->field.string = samdb_result_string(msg, attr, ""); #define QUERY_UINT(msg, field, attr) \ - r->out.info->field = samdb_result_uint(msg, attr, 0); + info->field = samdb_result_uint(msg, attr, 0); #define QUERY_RID(msg, field, attr) \ - r->out.info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0); + info->field = samdb_result_rid_from_sid(mem_ctx, msg, attr, 0); #define QUERY_UINT64(msg, field, attr) \ - r->out.info->field = samdb_result_uint64(msg, attr, 0); + info->field = samdb_result_uint64(msg, attr, 0); #define QUERY_APASSC(msg, field, attr) \ - r->out.info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \ - a_state->domain_state->domain_dn, msg, attr); + info->field = samdb_result_allow_password_change(sam_ctx, mem_ctx, \ + a_state->domain_state->domain_dn, msg, attr); #define QUERY_FPASSC(msg, field, attr) \ - r->out.info->field = samdb_result_force_password_change(sam_ctx, mem_ctx, \ - a_state->domain_state->domain_dn, msg); + info->field = samdb_result_force_password_change(sam_ctx, mem_ctx, \ + a_state->domain_state->domain_dn, msg); #define QUERY_LHOURS(msg, field, attr) \ - r->out.info->field = samdb_result_logon_hours(mem_ctx, msg, attr); + info->field = samdb_result_logon_hours(mem_ctx, msg, attr); #define QUERY_AFLAGS(msg, field, attr) \ - r->out.info->field = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, a_state->domain_state->domain_dn); + info->field = samdb_result_acct_flags(sam_ctx, mem_ctx, msg, a_state->domain_state->domain_dn); #define QUERY_PARAMETERS(msg, field, attr) \ - r->out.info->field = samdb_result_parameters(mem_ctx, msg, attr); + info->field = samdb_result_parameters(mem_ctx, msg, attr); /* these are used to make the Set[User|Group]Info code easier to follow */ @@ -2115,6 +2115,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T const char * const attrs[4] = { "sAMAccountName", "description", "numMembers", NULL }; int ret; + union samr_GroupInfo *info; r->out.info = NULL; @@ -2139,17 +2140,16 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T msg = res->msgs[0]; /* allocate the info structure */ - r->out.info = talloc(mem_ctx, union samr_GroupInfo); - if (r->out.info == NULL) { + info = talloc_zero(mem_ctx, union samr_GroupInfo); + if (info == NULL) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(r->out.info); /* Fill in the level */ switch (r->in.level) { case GROUPINFOALL: QUERY_STRING(msg, all.name, "sAMAccountName"); - r->out.info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ QUERY_UINT (msg, all.num_members, "numMembers") QUERY_STRING(msg, all.description, "description"); break; @@ -2157,22 +2157,24 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T QUERY_STRING(msg, name, "sAMAccountName"); break; case GROUPINFOATTRIBUTES: - r->out.info->attributes.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->attributes.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ break; case GROUPINFODESCRIPTION: QUERY_STRING(msg, description, "description"); break; case GROUPINFOALL2: QUERY_STRING(msg, all2.name, "sAMAccountName"); - r->out.info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ + info->all.attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_ENABLED; /* Do like w2k3 */ QUERY_UINT (msg, all2.num_members, "numMembers") QUERY_STRING(msg, all2.description, "description"); break; default: - r->out.info = NULL; + talloc_free(info); return NT_STATUS_INVALID_INFO_CLASS; } - + + r->out.info = info; + return NT_STATUS_OK; } @@ -2586,6 +2588,7 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T const char * const attrs[4] = { "sAMAccountName", "description", "numMembers", NULL }; int ret; + union samr_AliasInfo *info; r->out.info = NULL; @@ -2602,11 +2605,10 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T msg = res[0]; /* allocate the info structure */ - r->out.info = talloc(mem_ctx, union samr_AliasInfo); - if (r->out.info == NULL) { + info = talloc_zero(mem_ctx, union samr_AliasInfo); + if (info == NULL) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(r->out.info); switch(r->in.level) { case ALIASINFOALL: @@ -2621,10 +2623,12 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T QUERY_STRING(msg, description, "description"); break; default: - r->out.info = NULL; + talloc_free(info); return NT_STATUS_INVALID_INFO_CLASS; } - + + r->out.info = info; + return NT_STATUS_OK; } @@ -3001,6 +3005,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA struct ldb_context *sam_ctx; const char * const *attrs = NULL; + union samr_UserInfo *info; r->out.info = NULL; @@ -3187,11 +3192,10 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA msg = res[0]; /* allocate the info structure */ - r->out.info = talloc(mem_ctx, union samr_UserInfo); - if (r->out.info == NULL) { + info = talloc_zero(mem_ctx, union samr_UserInfo); + if (info == NULL) { return NT_STATUS_NO_MEMORY; } - ZERO_STRUCTP(r->out.info); /* fill in the reply */ switch (r->in.level) { @@ -3325,7 +3329,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA QUERY_RID (msg, info21.rid, "objectSid"); QUERY_UINT (msg, info21.primary_gid, "primaryGroupID"); QUERY_AFLAGS(msg, info21.acct_flags, "userAccountControl"); - r->out.info->info21.fields_present = 0x00FFFFFF; + info->info21.fields_present = 0x00FFFFFF; QUERY_LHOURS(msg, info21.logon_hours, "logonHours"); QUERY_UINT (msg, info21.bad_password_count, "badPwdCount"); QUERY_UINT (msg, info21.logon_count, "logonCount"); @@ -3335,10 +3339,12 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA default: - r->out.info = NULL; + talloc_free(info); return NT_STATUS_INVALID_INFO_CLASS; } - + + r->out.info = info; + return NT_STATUS_OK; } -- cgit From 7f58bba558394fb3bade56b3bafa875963ef9764 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 14:02:34 +0100 Subject: s4-samr: fix tests for binary parameter string. Guenther --- source4/torture/rpc/samr.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 42 insertions(+), 3 deletions(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 23c288bfcc..32df0c3ebc 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -59,6 +59,13 @@ static void init_lsa_String(struct lsa_String *string, const char *s) string->string = s; } +static void init_lsa_BinaryString(struct lsa_BinaryString *string, const char *s, uint32_t length) +{ + string->length = length; + string->size = length; + string->array = (uint16_t *)discard_const(s); +} + bool test_samr_handle_Close(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { @@ -204,6 +211,14 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx break; \ } +#define MEM_EQUAL(s1, s2, length, field) \ + if ((s1 && !s2) || (s2 && !s1) || memcmp(s1, s2, length)) { \ + torture_comment(tctx, "Failed to set %s to '%s' (%s)\n", \ + #field, (const char *)s2, __location__); \ + ret = false; \ + break; \ + } + #define INT_EQUAL(i1, i2, field) \ if (i1 != i2) { \ torture_comment(tctx, "Failed to set %s to 0x%llx - got 0x%llx (%s)\n", \ @@ -236,6 +251,30 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \ } while (0) +#define TEST_USERINFO_BINARYSTRING(lvl1, field1, lvl2, field2, value, fpval) do { \ + torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \ + q.in.level = lvl1; \ + TESTCALL(QueryUserInfo, q) \ + s.in.level = lvl1; \ + s2.in.level = lvl1; \ + u = *q.out.info; \ + if (lvl1 == 21) { \ + ZERO_STRUCT(u.info21); \ + u.info21.fields_present = fpval; \ + } \ + init_lsa_BinaryString(&u.info ## lvl1.field1, value, strlen(value)); \ + TESTCALL(SetUserInfo, s) \ + TESTCALL(SetUserInfo2, s2) \ + init_lsa_BinaryString(&u.info ## lvl1.field1, "", 1); \ + TESTCALL(QueryUserInfo, q); \ + u = *q.out.info; \ + MEM_EQUAL(u.info ## lvl1.field1.array, value, strlen(value), field1); \ + q.in.level = lvl2; \ + TESTCALL(QueryUserInfo, q) \ + u = *q.out.info; \ + MEM_EQUAL(u.info ## lvl2.field2.array, value, strlen(value), field2); \ + } while (0) + #define TEST_USERINFO_INT_EXP(lvl1, field1, lvl2, field2, value, exp_value, fpval) do { \ torture_comment(tctx, "field test %d/%s vs %d/%s\n", lvl1, #field1, lvl2, #field2); \ q.in.level = lvl1; \ @@ -359,10 +398,10 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TEST_USERINFO_STRING(21, workstations, 14, workstations, "21workstation14", SAMR_FIELD_WORKSTATIONS); - TEST_USERINFO_STRING(20, parameters, 21, parameters, "xx20-21 parameters", 0); - TEST_USERINFO_STRING(21, parameters, 21, parameters, "xx21-21 parameters", + TEST_USERINFO_BINARYSTRING(20, parameters, 21, parameters, "xx20-21 parameters", 0); + TEST_USERINFO_BINARYSTRING(21, parameters, 21, parameters, "xx21-21 parameters", SAMR_FIELD_PARAMETERS); - TEST_USERINFO_STRING(21, parameters, 20, parameters, "xx21-20 parameters", + TEST_USERINFO_BINARYSTRING(21, parameters, 20, parameters, "xx21-20 parameters", SAMR_FIELD_PARAMETERS); TEST_USERINFO_INT(2, country_code, 2, country_code, __LINE__, 0); -- cgit From 6548c88ba70a1a3d1231ae5883a82ba083aa3e86 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Oct 2008 19:00:21 +0200 Subject: s4-samr: merge SAM server specific access rights from s3 idl. Guenther --- librpc/idl/samr.idl | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 5a017e3175..87aeef3f41 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -40,6 +40,8 @@ import "misc.idl", "lsa.idl", "security.idl"; ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ } samr_AcctFlags; + /* SAM server specific access rights */ + typedef [bitmap32bit] bitmap { SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, @@ -49,6 +51,27 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 } samr_ConnectAccessMask; + const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F; + + const int GENERIC_RIGHTS_SAM_ALL_ACCESS = + (STANDARD_RIGHTS_REQUIRED_ACCESS | + SAMR_ACCESS_ALL_ACCESS); + + const int GENERIC_RIGHTS_SAM_READ = + (STANDARD_RIGHTS_READ_ACCESS | + SAMR_ACCESS_ENUM_DOMAINS); + + const int GENERIC_RIGHTS_SAM_WRITE = + (STANDARD_RIGHTS_WRITE_ACCESS | + SAMR_ACCESS_CREATE_DOMAIN | + SAMR_ACCESS_INITIALIZE_SERVER | + SAMR_ACCESS_SHUTDOWN_SERVER); + + const int GENERIC_RIGHTS_SAM_EXECUTE = + (STANDARD_RIGHTS_EXECUTE_ACCESS | + SAMR_ACCESS_OPEN_DOMAIN | + SAMR_ACCESS_CONNECT_TO_SERVER); + typedef [bitmap32bit] bitmap { SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, -- cgit From afba859be003e6afa69c83aab934b11f2227192f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Oct 2008 19:23:43 +0200 Subject: s4-samr: merge User Object specific access rights from s3 idl. Guenther --- librpc/idl/samr.idl | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 87aeef3f41..35cf29761a 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -72,6 +72,8 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_ACCESS_OPEN_DOMAIN | SAMR_ACCESS_CONNECT_TO_SERVER); + /* User Object specific access rights */ + typedef [bitmap32bit] bitmap { SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, @@ -86,6 +88,33 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 } samr_UserAccessMask; + const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF; + + const int GENERIC_RIGHTS_USER_ALL_ACCESS = + (STANDARD_RIGHTS_REQUIRED_ACCESS | + SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */ + + const int GENERIC_RIGHTS_USER_READ = + (STANDARD_RIGHTS_READ_ACCESS | + SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP | + SAMR_USER_ACCESS_GET_GROUPS | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_GET_LOGONINFO | + SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */ + + const int GENERIC_RIGHTS_USER_WRITE = + (STANDARD_RIGHTS_WRITE_ACCESS | + SAMR_USER_ACCESS_CHANGE_PASSWORD | + SAMR_USER_ACCESS_SET_LOC_COM | + SAMR_USER_ACCESS_SET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */ + + const int GENERIC_RIGHTS_USER_EXECUTE = + (STANDARD_RIGHTS_EXECUTE_ACCESS | + SAMR_USER_ACCESS_CHANGE_PASSWORD | + SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */ + typedef [bitmap32bit] bitmap { SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, -- cgit From b26433da9849789248176afaf447f4d9a6e68dd9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Oct 2008 19:38:21 +0200 Subject: s4-samr: merge Domain Object specific access rights from s3 idl. Guenther --- librpc/idl/samr.idl | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 35cf29761a..c959626b90 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -115,6 +115,8 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_USER_ACCESS_CHANGE_PASSWORD | SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */ + /* Domain Object specific access rights */ + typedef [bitmap32bit] bitmap { SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, @@ -129,6 +131,32 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 } samr_DomainAccessMask; + const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF; + + const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS = + (STANDARD_RIGHTS_REQUIRED_ACCESS | + SAMR_DOMAIN_ACCESS_ALL_ACCESS); + + const int GENERIC_RIGHTS_DOMAIN_READ = + (STANDARD_RIGHTS_READ_ACCESS | + SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS | + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2); + + const int GENERIC_RIGHTS_DOMAIN_WRITE = + (STANDARD_RIGHTS_WRITE_ACCESS | + SAMR_DOMAIN_ACCESS_SET_INFO_3 | + SAMR_DOMAIN_ACCESS_CREATE_ALIAS | + SAMR_DOMAIN_ACCESS_CREATE_GROUP | + SAMR_DOMAIN_ACCESS_CREATE_USER | + SAMR_DOMAIN_ACCESS_SET_INFO_2 | + SAMR_DOMAIN_ACCESS_SET_INFO_1); + + const int GENERIC_RIGHTS_DOMAIN_EXECUTE = + (STANDARD_RIGHTS_EXECUTE_ACCESS | + SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | + SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | + SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1); + typedef [bitmap32bit] bitmap { SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, -- cgit From 6ccd31b39386a3d5ea509320e33810445ad957e7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Oct 2008 19:45:17 +0200 Subject: s4-samr: merge Group Object specific access rights from s3 idl. Guenther --- librpc/idl/samr.idl | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index c959626b90..79acbd0f77 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -157,6 +157,8 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1); + /* Group Object specific access rights */ + typedef [bitmap32bit] bitmap { SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, @@ -165,6 +167,26 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 } samr_GroupAccessMask; + const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F; + + const int GENERIC_RIGHTS_GROUP_ALL_ACCESS = + (STANDARD_RIGHTS_REQUIRED_ACCESS | + SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */ + + const int GENERIC_RIGHTS_GROUP_READ = + (STANDARD_RIGHTS_READ_ACCESS | + SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */ + + const int GENERIC_RIGHTS_GROUP_WRITE = + (STANDARD_RIGHTS_WRITE_ACCESS | + SAMR_GROUP_ACCESS_REMOVE_MEMBER | + SAMR_GROUP_ACCESS_ADD_MEMBER | + SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */ + + const int GENERIC_RIGHTS_GROUP_EXECUTE = + (STANDARD_RIGHTS_EXECUTE_ACCESS | + SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */ + typedef [bitmap32bit] bitmap { SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, -- cgit From 27021fe4005aa98f6bcd5d1170b453b7e4eb005e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 23 Oct 2008 19:52:34 +0200 Subject: s4-samr: merge Alias Object specific access rights from s3 idl. Guenther --- librpc/idl/samr.idl | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 79acbd0f77..356141518d 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -187,6 +187,8 @@ import "misc.idl", "lsa.idl", "security.idl"; (STANDARD_RIGHTS_EXECUTE_ACCESS | SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */ + /* Alias Object specific access rights */ + typedef [bitmap32bit] bitmap { SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, @@ -195,6 +197,26 @@ import "misc.idl", "lsa.idl", "security.idl"; SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 } samr_AliasAccessMask; + const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F; + + const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS = + (STANDARD_RIGHTS_REQUIRED_ACCESS | + SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */ + + const int GENERIC_RIGHTS_ALIAS_READ = + (STANDARD_RIGHTS_READ_ACCESS | + SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */ + + const int GENERIC_RIGHTS_ALIAS_WRITE = + (STANDARD_RIGHTS_WRITE_ACCESS | + SAMR_ALIAS_ACCESS_REMOVE_MEMBER | + SAMR_ALIAS_ACCESS_ADD_MEMBER | + SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */ + + const int GENERIC_RIGHTS_ALIAS_EXECUTE = + (STANDARD_RIGHTS_EXECUTE_ACCESS | + SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */ + /******************/ /* Function: 0x00 */ NTSTATUS samr_Connect ( -- cgit From e0a6e3b23be2be33a18938e4a3fe58157711e805 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 19:40:24 +0100 Subject: s4-samr: merge samr_ChangePasswordUser3 from s3 idl. Guenther --- librpc/idl/samr.idl | 4 +- source4/libnet/libnet_passwd.c | 4 ++ source4/rpc_server/samr/samr_password.c | 11 ++++-- source4/torture/rpc/samr.c | 70 ++++++++++++++++++++------------- 4 files changed, 56 insertions(+), 33 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 356141518d..334ca05eba 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1399,8 +1399,8 @@ import "misc.idl", "lsa.idl", "security.idl"; [in,unique] samr_CryptPassword *lm_password, [in,unique] samr_Password *lm_verifier, [in,unique] samr_CryptPassword *password3, - [out,unique] samr_DomInfo1 *dominfo, - [out,unique] samr_ChangeReject *reject + [out,ref] samr_DomInfo1 **dominfo, + [out,ref] samr_ChangeReject **reject ); /************************/ diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index de2ed01abd..cbb3bfadff 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -50,6 +50,8 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT struct samr_Password nt_verifier, lm_verifier; uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; + struct samr_DomInfo1 *dominfo = NULL; + struct samr_ChangeReject *reject = NULL; /* prepare connect to the SAMR pipe of the users domain PDC */ c.level = LIBNET_RPC_CONNECT_PDC; @@ -92,6 +94,8 @@ static NTSTATUS libnet_ChangePassword_samr(struct libnet_context *ctx, TALLOC_CT pw3.in.lm_password = &lm_pass; pw3.in.lm_verifier = &lm_verifier; pw3.in.password3 = NULL; + pw3.out.dominfo = &dominfo; + pw3.out.reject = &reject; /* 2. try samr_ChangePasswordUser3 */ status = dcerpc_samr_ChangePasswordUser3(c.out.dcerpc_pipe, mem_ctx, &pw3); diff --git a/source4/rpc_server/samr/samr_password.c b/source4/rpc_server/samr/samr_password.c index 1eb6a4f37c..ff8215a673 100644 --- a/source4/rpc_server/samr/samr_password.c +++ b/source4/rpc_server/samr/samr_password.c @@ -352,7 +352,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser3(struct dcesrv_call_state *dce_call, uint8_t new_nt_hash[16], new_lm_hash[16]; struct samr_Password nt_verifier, lm_verifier; - ZERO_STRUCT(r->out); + *r->out.dominfo = NULL; + *r->out.reject = NULL; if (r->in.nt_password == NULL || r->in.nt_verifier == NULL) { @@ -495,8 +496,8 @@ failed: talloc_free(sam_ctx); reject = talloc(mem_ctx, struct samr_ChangeReject); - r->out.dominfo = dominfo; - r->out.reject = reject; + *r->out.dominfo = dominfo; + *r->out.reject = reject; if (reject == NULL) { return status; @@ -518,6 +519,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TAL struct samr_ChangePasswordUser2 *r) { struct samr_ChangePasswordUser3 r2; + struct samr_DomInfo1 *dominfo = NULL; + struct samr_ChangeReject *reject = NULL; r2.in.server = r->in.server; r2.in.account = r->in.account; @@ -527,6 +530,8 @@ NTSTATUS dcesrv_samr_ChangePasswordUser2(struct dcesrv_call_state *dce_call, TAL r2.in.lm_password = r->in.lm_password; r2.in.lm_verifier = r->in.lm_verifier; r2.in.password3 = NULL; + r2.out.dominfo = &dominfo; + r2.out.reject = &reject; return dcesrv_samr_ChangePasswordUser3(dce_call, mem_ctx, &r2); } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 32df0c3ebc..99164a23a3 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -1633,6 +1633,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct uint8_t old_nt_hash[16], new_nt_hash[16]; uint8_t old_lm_hash[16], new_lm_hash[16]; NTTIME t; + struct samr_DomInfo1 *dominfo = NULL; + struct samr_ChangeReject *reject = NULL; torture_comment(tctx, "Testing ChangePasswordUser3\n"); @@ -1680,6 +1682,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct r.in.lm_password = &lm_pass; r.in.lm_verifier = &lm_verifier; r.in.password3 = NULL; + r.out.dominfo = &dominfo; + r.out.reject = &reject; status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) && @@ -1709,6 +1713,8 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct r.in.lm_password = &lm_pass; r.in.lm_verifier = &lm_verifier; r.in.password3 = NULL; + r.out.dominfo = &dominfo; + r.out.reject = &reject; status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); if (!NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) && @@ -1751,21 +1757,23 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct r.in.lm_password = &lm_pass; r.in.lm_verifier = &lm_verifier; r.in.password3 = NULL; + r.out.dominfo = &dominfo; + r.out.reject = &reject; unix_to_nt_time(&t, time(NULL)); status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION) - && r.out.dominfo - && r.out.reject + && dominfo + && reject && handle_reject_reason - && (!null_nttime(last_password_change) || !r.out.dominfo->min_password_age)) { - if (r.out.dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) { + && (!null_nttime(last_password_change) || !dominfo->min_password_age)) { + if (dominfo->password_properties & DOMAIN_REFUSE_PASSWORD_CHANGE ) { - if (r.out.reject && (r.out.reject->reason != SAMR_REJECT_OTHER)) { + if (reject && (reject->reason != SAMR_REJECT_OTHER)) { printf("expected SAMR_REJECT_OTHER (%d), got %d\n", - SAMR_REJECT_OTHER, r.out.reject->reason); + SAMR_REJECT_OTHER, reject->reason); return false; } } @@ -1779,54 +1787,54 @@ bool test_ChangePasswordUser3(struct dcerpc_pipe *p, struct torture_context *tct Guenther */ - if ((r.out.dominfo->min_password_age > 0) && !null_nttime(last_password_change) && - (last_password_change + r.out.dominfo->min_password_age > t)) { + if ((dominfo->min_password_age > 0) && !null_nttime(last_password_change) && + (last_password_change + dominfo->min_password_age > t)) { - if (r.out.reject->reason != SAMR_REJECT_OTHER) { + if (reject->reason != SAMR_REJECT_OTHER) { printf("expected SAMR_REJECT_OTHER (%d), got %d\n", - SAMR_REJECT_OTHER, r.out.reject->reason); + SAMR_REJECT_OTHER, reject->reason); return false; } - } else if ((r.out.dominfo->min_password_length > 0) && - (strlen(newpass) < r.out.dominfo->min_password_length)) { + } else if ((dominfo->min_password_length > 0) && + (strlen(newpass) < dominfo->min_password_length)) { - if (r.out.reject->reason != SAMR_REJECT_TOO_SHORT) { + if (reject->reason != SAMR_REJECT_TOO_SHORT) { printf("expected SAMR_REJECT_TOO_SHORT (%d), got %d\n", - SAMR_REJECT_TOO_SHORT, r.out.reject->reason); + SAMR_REJECT_TOO_SHORT, reject->reason); return false; } - } else if ((r.out.dominfo->password_history_length > 0) && + } else if ((dominfo->password_history_length > 0) && strequal(oldpass, newpass)) { - if (r.out.reject->reason != SAMR_REJECT_IN_HISTORY) { + if (reject->reason != SAMR_REJECT_IN_HISTORY) { printf("expected SAMR_REJECT_IN_HISTORY (%d), got %d\n", - SAMR_REJECT_IN_HISTORY, r.out.reject->reason); + SAMR_REJECT_IN_HISTORY, reject->reason); return false; } - } else if (r.out.dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) { + } else if (dominfo->password_properties & DOMAIN_PASSWORD_COMPLEX) { - if (r.out.reject->reason != SAMR_REJECT_COMPLEXITY) { + if (reject->reason != SAMR_REJECT_COMPLEXITY) { printf("expected SAMR_REJECT_COMPLEXITY (%d), got %d\n", - SAMR_REJECT_COMPLEXITY, r.out.reject->reason); + SAMR_REJECT_COMPLEXITY, reject->reason); return false; } } - if (r.out.reject->reason == SAMR_REJECT_TOO_SHORT) { + if (reject->reason == SAMR_REJECT_TOO_SHORT) { /* retry with adjusted size */ return test_ChangePasswordUser3(p, tctx, account_string, - r.out.dominfo->min_password_length, + dominfo->min_password_length, password, NULL, 0, false); } } else if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { - if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) { + if (reject && reject->reason != SAMR_REJECT_OTHER) { printf("expected SAMR_REJECT_OTHER (%d), got %d\n", - SAMR_REJECT_OTHER, r.out.reject->reason); + SAMR_REJECT_OTHER, reject->reason); return false; } /* Perhaps the server has a 'min password age' set? */ @@ -1862,6 +1870,8 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex char *oldpass; uint8_t old_nt_hash[16], new_nt_hash[16]; NTTIME t; + struct samr_DomInfo1 *dominfo = NULL; + struct samr_ChangeReject *reject = NULL; new_random_pass = samr_very_rand_pass(tctx, 128); @@ -1928,15 +1938,17 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex r.in.lm_password = NULL; r.in.lm_verifier = NULL; r.in.password3 = NULL; + r.out.dominfo = &dominfo; + r.out.reject = &reject; unix_to_nt_time(&t, time(NULL)); status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { - if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) { + if (reject && reject->reason != SAMR_REJECT_OTHER) { printf("expected SAMR_REJECT_OTHER (%d), got %d\n", - SAMR_REJECT_OTHER, r.out.reject->reason); + SAMR_REJECT_OTHER, reject->reason); return false; } /* Perhaps the server has a 'min password age' set? */ @@ -1964,15 +1976,17 @@ bool test_ChangePasswordRandomBytes(struct dcerpc_pipe *p, struct torture_contex r.in.lm_password = NULL; r.in.lm_verifier = NULL; r.in.password3 = NULL; + r.out.dominfo = &dominfo; + r.out.reject = &reject; unix_to_nt_time(&t, time(NULL)); status = dcerpc_samr_ChangePasswordUser3(p, tctx, &r); if (NT_STATUS_EQUAL(status, NT_STATUS_PASSWORD_RESTRICTION)) { - if (r.out.reject && r.out.reject->reason != SAMR_REJECT_OTHER) { + if (reject && reject->reason != SAMR_REJECT_OTHER) { printf("expected SAMR_REJECT_OTHER (%d), got %d\n", - SAMR_REJECT_OTHER, r.out.reject->reason); + SAMR_REJECT_OTHER, reject->reason); return false; } /* Perhaps the server has a 'min password age' set? */ -- cgit From 5ae9ec3d4b0e8c272256994241ad3c82f3f88c31 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 19:46:24 +0100 Subject: s4-samr: merge samr_GetDisplayEnumerationIndex from s3 idl. Guenther --- librpc/idl/samr.idl | 4 ++-- source4/torture/rpc/samr.c | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 334ca05eba..0673b67b0a 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1139,8 +1139,8 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_GetDisplayEnumerationIndex( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [in] lsa_String name, - [out] uint32 idx + [in,ref] lsa_String *name, + [out,ref] uint32 *idx ); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 99164a23a3..e9daa63f6c 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3462,14 +3462,19 @@ static bool test_GetDisplayEnumerationIndex(struct dcerpc_pipe *p, TALLOC_CTX *m bool ret = true; uint16_t levels[] = {1, 2, 3, 4, 5}; uint16_t ok_lvl[] = {1, 1, 1, 0, 0}; + struct lsa_String name; + uint32_t idx = 0; int i; for (i=0;i Date: Tue, 4 Nov 2008 19:46:43 +0100 Subject: s4-samr: merge samr_GetDisplayEnumerationIndex2 from s3 idl. Guenther --- librpc/idl/samr.idl | 4 ++-- source4/torture/rpc/samr.c | 9 +++++++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 0673b67b0a..1c60d361de 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1237,8 +1237,8 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_GetDisplayEnumerationIndex2( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [in] lsa_String name, - [out] uint32 idx + [in,ref] lsa_String *name, + [out,ref] uint32 *idx ); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index e9daa63f6c..c52d08ac62 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3508,14 +3508,19 @@ static bool test_GetDisplayEnumerationIndex2(struct dcerpc_pipe *p, TALLOC_CTX * bool ret = true; uint16_t levels[] = {1, 2, 3, 4, 5}; uint16_t ok_lvl[] = {1, 1, 1, 0, 0}; + struct lsa_String name; + uint32_t idx = 0; int i; for (i=0;i Date: Wed, 5 Nov 2008 02:04:39 +0100 Subject: s4-samr: merge samr_ValidatePassword from s3 idl. Guenther --- librpc/idl/samr.idl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 1c60d361de..f5d3cdac7a 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1542,7 +1542,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_ValidatePassword( [in] samr_ValidatePasswordLevel level, - [in,switch_is(level)] samr_ValidatePasswordReq req, - [out,unique,switch_is(level)] samr_ValidatePasswordRep *rep + [in,switch_is(level)] samr_ValidatePasswordReq *req, + [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep ); } -- cgit From 93c6129c991dfb94496c0f7a9177a89fb275866d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 02:12:38 +0100 Subject: s4-samr: merge samr_LookupRids from s3 idl. Guenther --- librpc/idl/samr.idl | 4 ++-- source4/rpc_server/samr/dcesrv_samr.c | 12 ++++++------ source4/torture/rpc/samr.c | 5 +++++ 3 files changed, 13 insertions(+), 8 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index f5d3cdac7a..eb5b23e9ef 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -528,8 +528,8 @@ import "misc.idl", "lsa.idl", "security.idl"; [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_rids, [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out] lsa_Strings names, - [out] samr_Ids types + [out,ref] lsa_Strings *names, + [out,ref] samr_Ids *types ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 86e4a52175..9a45616a8b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1952,8 +1952,8 @@ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLO struct lsa_String *names; uint32_t *ids; - ZERO_STRUCT(r->out.names); - ZERO_STRUCT(r->out.types); + ZERO_STRUCTP(r->out.names); + ZERO_STRUCTP(r->out.types); DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -2014,11 +2014,11 @@ static NTSTATUS dcesrv_samr_LookupRids(struct dcesrv_call_state *dce_call, TALLO } } - r->out.names.names = names; - r->out.names.count = r->in.num_rids; + r->out.names->names = names; + r->out.names->count = r->in.num_rids; - r->out.types.ids = ids; - r->out.types.count = r->in.num_rids; + r->out.types->ids = ids; + r->out.types->count = r->in.num_rids; return status; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index c52d08ac62..b28877602c 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3276,6 +3276,9 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * bool ret = true; struct samr_LookupNames n; struct samr_LookupRids lr ; + struct lsa_Strings names; + struct samr_Ids types; + uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST, ACB_DISABLED, ACB_NORMAL | ACB_DISABLED, ACB_SVRTRUST | ACB_DOMTRUST | ACB_WSTRUST, @@ -3332,6 +3335,8 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * lr.in.domain_handle = handle; lr.in.num_rids = r.out.sam->count; lr.in.rids = talloc_array(tctx, uint32_t, r.out.sam->count); + lr.out.names = &names; + lr.out.types = &types; for (i=0;icount;i++) { lr.in.rids[i] = r.out.sam->entries[i].idx; } -- cgit From 5ce30d0f4db94e61ae469155b863b124587495a4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 27 Oct 2008 22:57:51 +0100 Subject: s4-samr: merge samr_QuerySecurity from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 4 ++-- source4/torture/rpc/samr.c | 6 ++++-- source4/torture/rpc/samr_accessmask.c | 9 +++++---- source4/torture/rpc/samsync.c | 4 +++- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index eb5b23e9ef..7b7d1f9092 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -248,7 +248,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QuerySecurity ( [in,ref] policy_handle *handle, [in] security_secinfo sec_info, - [out,unique] sec_desc_buf *sdbuf + [out,ref] sec_desc_buf **sdbuf ); /******************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 9a45616a8b..e8d800e23d 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -229,7 +229,7 @@ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TA struct dcesrv_handle *h; struct sec_desc_buf *sd; - r->out.sdbuf = NULL; + *r->out.sdbuf = NULL; DCESRV_PULL_HANDLE(h, r->in.handle, DCESRV_HANDLE_ANY); @@ -240,7 +240,7 @@ static NTSTATUS dcesrv_samr_QuerySecurity(struct dcesrv_call_state *dce_call, TA sd->sd = samdb_default_security_descriptor(mem_ctx); - r->out.sdbuf = sd; + *r->out.sdbuf = sd; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index b28877602c..9ea92037d0 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -138,18 +138,20 @@ static bool test_QuerySecurity(struct dcerpc_pipe *p, NTSTATUS status; struct samr_QuerySecurity r; struct samr_SetSecurity s; + struct sec_desc_buf *sdbuf = NULL; r.in.handle = handle; r.in.sec_info = 7; + r.out.sdbuf = &sdbuf; status = dcerpc_samr_QuerySecurity(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "QuerySecurity"); - torture_assert(tctx, r.out.sdbuf != NULL, "sdbuf is NULL"); + torture_assert(tctx, sdbuf != NULL, "sdbuf is NULL"); s.in.handle = handle; s.in.sec_info = 7; - s.in.sdbuf = r.out.sdbuf; + s.in.sdbuf = sdbuf; if (torture_setting_bool(tctx, "samba4", false)) { torture_skip(tctx, "skipping SetSecurity test against Samba4\n"); diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c index bfff8c9267..c45b12db60 100644 --- a/source4/torture/rpc/samr_accessmask.c +++ b/source4/torture/rpc/samr_accessmask.c @@ -236,7 +236,7 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, struct samr_SetSecurity ss; struct security_ace ace; struct security_descriptor *sd; - struct sec_desc_buf sdb; + struct sec_desc_buf sdb, *sdbuf = NULL; bool ret = true; int sd_size; struct dcerpc_pipe *test_p; @@ -255,6 +255,7 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, /* get the current ACL for the SAMR policy handle */ qs.in.handle = &ch; qs.in.sec_info = SECINFO_DACL; + qs.out.sdbuf = &sdbuf; status = dcerpc_samr_QuerySecurity(p, tctx, &qs); if (!NT_STATUS_IS_OK(status)) { printf("QuerySecurity failed - %s\n", nt_errstr(status)); @@ -262,13 +263,13 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, } /* how big is the security descriptor? */ - sd_size = qs.out.sdbuf->sd_size; + sd_size = sdbuf->sd_size; /* add an ACE to the security descriptor to deny the user the * 'connect to server' right */ - sd = qs.out.sdbuf->sd; + sd = sdbuf->sd; ace.type = SEC_ACE_TYPE_ACCESS_DENIED; ace.flags = 0; ace.access_mask = SAMR_ACCESS_CONNECT_TO_SERVER; @@ -314,7 +315,7 @@ static bool test_samr_connect_user_acl(struct torture_context *tctx, printf("QuerySecurity failed - %s\n", nt_errstr(status)); ret = false; } - if (sd_size != qs.out.sdbuf->sd_size) { + if (sd_size != sdbuf->sd_size) { printf("security descriptor changed\n"); ret = false; } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index d97b9ba498..c833f32559 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -192,10 +192,12 @@ static struct sec_desc_buf *samsync_query_samr_sec_desc(TALLOC_CTX *mem_ctx, struct policy_handle *handle) { struct samr_QuerySecurity r; + struct sec_desc_buf *sdbuf = NULL; NTSTATUS status; r.in.handle = handle; r.in.sec_info = 0x7; + r.out.sdbuf = &sdbuf; status = dcerpc_samr_QuerySecurity(samsync_state->p_samr, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -203,7 +205,7 @@ static struct sec_desc_buf *samsync_query_samr_sec_desc(TALLOC_CTX *mem_ctx, return NULL; } - return r.out.sdbuf; + return sdbuf; } static struct sec_desc_buf *samsync_query_lsa_sec_desc(TALLOC_CTX *mem_ctx, -- cgit From 94b7db1fb49e1811af002163f9818706e1ea7f7a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 28 Oct 2008 00:03:28 +0100 Subject: s4-samr: merge samr_RidToSid from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 3 +-- source3/librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 4 ++-- source4/torture/rpc/samr.c | 7 ++++--- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 7b7d1f9092..b0dacc91d4 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1428,10 +1428,9 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_RidToSid( [in,ref] policy_handle *domain_handle, [in] uint32 rid, - [out,unique] dom_sid2 *sid + [out,ref] dom_sid2 **sid ); - /************************/ /* Function 0x42 */ diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index 2f8657a0b1..8fbc132aa7 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -1431,7 +1431,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_RidToSid( [in,ref] policy_handle *domain_handle, [in] uint32 rid, - [out,ref] dom_sid2 *sid + [out,ref] dom_sid2 **sid ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index e8d800e23d..37446f5aa2 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -4307,8 +4307,8 @@ static NTSTATUS dcesrv_samr_RidToSid(struct dcesrv_call_state *dce_call, TALLOC_ d_state = h->data; /* form the users SID */ - r->out.sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid); - if (!r->out.sid) { + *r->out.sid = dom_sid_add_rid(mem_ctx, d_state->domain_sid, r->in.rid); + if (!*r->out.sid) { return NT_STATUS_NO_MEMORY; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 9ea92037d0..8e527d990b 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4146,7 +4146,7 @@ static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx, struct samr_RidToSid r; NTSTATUS status; bool ret = true; - struct dom_sid *calc_sid; + struct dom_sid *calc_sid, *out_sid; int rids[] = { 0, 42, 512, 10200 }; int i; @@ -4156,6 +4156,7 @@ static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx, calc_sid = dom_sid_dup(tctx, domain_sid); r.in.domain_handle = domain_handle; r.in.rid = rids[i]; + r.out.sid = &out_sid; status = dcerpc_samr_RidToSid(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -4164,9 +4165,9 @@ static bool test_RidToSid(struct dcerpc_pipe *p, struct torture_context *tctx, } else { calc_sid = dom_sid_add_rid(calc_sid, calc_sid, rids[i]); - if (!dom_sid_equal(calc_sid, r.out.sid)) { + if (!dom_sid_equal(calc_sid, out_sid)) { printf("RidToSid for %d failed - got %s, expected %s\n", rids[i], - dom_sid_string(tctx, r.out.sid), + dom_sid_string(tctx, out_sid), dom_sid_string(tctx, calc_sid)); ret = false; } -- cgit From f42f1ae5a8e914790a9ac8fefe7cee3ec8988508 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 01:28:49 +0100 Subject: s4-samr: merge samr_GetUserPwInfo from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/libnet/libnet_join.c | 4 +++- source4/rpc_server/samr/dcesrv_samr.c | 14 +++++++------- source4/torture/rpc/samr.c | 22 +++++++++++++++++----- source4/torture/rpc/testjoin.c | 4 +++- 5 files changed, 31 insertions(+), 15 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index b0dacc91d4..7fb3d95ea2 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1177,7 +1177,7 @@ import "misc.idl", "lsa.idl", "security.idl"; [public] NTSTATUS samr_GetUserPwInfo( [in,ref] policy_handle *user_handle, - [out] samr_PwInfo info + [out,ref] samr_PwInfo *info ); /************************/ diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index 0ed5e8ae26..e18797c3d5 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -451,6 +451,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru struct samr_UserInfo21 u_info21; union libnet_SetPassword r2; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; struct lsa_String samr_account_name; uint32_t acct_flags, old_acct_flags; @@ -778,10 +779,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru /* Find out what password policy this user has */ pwp.in.user_handle = u_handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(samr_pipe, tmp_ctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } /* Grab a password of that minimum length */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 37446f5aa2..2cd3f8896e 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3928,18 +3928,18 @@ static NTSTATUS dcesrv_samr_GetUserPwInfo(struct dcesrv_call_state *dce_call, TA struct dcesrv_handle *h; struct samr_account_state *a_state; - ZERO_STRUCT(r->out.info); + ZERO_STRUCTP(r->out.info); DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); a_state = h->data; - r->out.info.min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, - a_state->domain_state->domain_dn, "minPwdLength", - NULL); - r->out.info.password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, - a_state->account_dn, - "pwdProperties", NULL); + r->out.info->min_password_length = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, + a_state->domain_state->domain_dn, "minPwdLength", + NULL); + r->out.info->password_properties = samdb_search_uint(a_state->sam_ctx, mem_ctx, 0, + a_state->account_dn, + "pwdProperties", NULL); return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 8e527d990b..aebef28a19 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -553,12 +553,14 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx DATA_BLOB session_key; char *newpass; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; int policy_min_pw_len = 0; pwp.in.user_handle = handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); @@ -605,12 +607,14 @@ static bool test_SetUserPass_23(struct dcerpc_pipe *p, struct torture_context *t DATA_BLOB session_key; char *newpass; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; int policy_min_pw_len = 0; pwp.in.user_handle = handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); @@ -684,12 +688,14 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc char *newpass; struct MD5Context ctx; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; int policy_min_pw_len = 0; pwp.in.user_handle = handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } if (makeshort && policy_min_pw_len) { newpass = samr_rand_pass_fixed_len(tctx, policy_min_pw_len - 1); @@ -766,12 +772,14 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t uint8_t confounder[16]; char *newpass; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; int policy_min_pw_len = 0; pwp.in.user_handle = handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); @@ -934,10 +942,12 @@ static bool test_GetUserPwInfo(struct dcerpc_pipe *p, struct torture_context *tc { NTSTATUS status; struct samr_GetUserPwInfo r; + struct samr_PwInfo info; torture_comment(tctx, "Testing GetUserPwInfo\n"); r.in.user_handle = handle; + r.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "GetUserPwInfo"); @@ -1112,6 +1122,7 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex char *newpass; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; int policy_min_pw_len = 0; status = test_OpenUser_byname(p, tctx, handle, acct_name, &user_handle); @@ -1119,10 +1130,11 @@ static bool test_ChangePasswordUser(struct dcerpc_pipe *p, struct torture_contex return false; } pwp.in.user_handle = &user_handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 3408a1924c..d013340528 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -114,6 +114,7 @@ struct test_join *torture_create_testuser(struct torture_context *torture, struct samr_OpenDomain o; struct samr_LookupDomain l; struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; struct samr_SetUserInfo s; union samr_UserInfo u; struct policy_handle handle; @@ -224,10 +225,11 @@ again: join->user_sid = dom_sid_add_rid(join, join->dom_sid, rid); pwp.in.user_handle = &join->user_handle; + pwp.out.info = &info; status = dcerpc_samr_GetUserPwInfo(join->p, join, &pwp); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = pwp.out.info.min_password_length; + policy_min_pw_len = pwp.out.info->min_password_length; } random_pw = generate_random_str(join, MAX(8, policy_min_pw_len)); -- cgit From 8f1559c35032320a9a5e3f665ddfbfa41ab1a7d8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 01:34:55 +0100 Subject: s4-samr: merge samr_GetDomPwInfo from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 6 +++--- source4/torture/rpc/samr.c | 11 +++++++++-- source4/torture/rpc/schannel.c | 2 ++ 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 7fb3d95ea2..708ceabb5f 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1312,7 +1312,7 @@ import "misc.idl", "lsa.idl", "security.idl"; /* Function 0x38 */ NTSTATUS samr_GetDomPwInfo( [in,unique] lsa_String *domain_name, - [out] samr_PwInfo info + [out,ref] samr_PwInfo *info ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 2cd3f8896e..45998b9ebd 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -4156,7 +4156,7 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL const char * const attrs[] = {"minPwdLength", "pwdProperties", NULL }; struct ldb_context *sam_ctx; - ZERO_STRUCT(r->out.info); + ZERO_STRUCTP(r->out.info); sam_ctx = samdb_connect(mem_ctx, dce_call->event_ctx, dce_call->conn->dce_ctx->lp_ctx, dce_call->conn->auth_state.session_info); if (sam_ctx == NULL) { @@ -4174,8 +4174,8 @@ static NTSTATUS dcesrv_samr_GetDomPwInfo(struct dcesrv_call_state *dce_call, TAL return NT_STATUS_INTERNAL_DB_CORRUPTION; } - r->out.info.min_password_length = samdb_result_uint(msgs[0], "minPwdLength", 0); - r->out.info.password_properties = samdb_result_uint(msgs[0], "pwdProperties", 1); + r->out.info->min_password_length = samdb_result_uint(msgs[0], "minPwdLength", 0); + r->out.info->password_properties = samdb_result_uint(msgs[0], "pwdProperties", 1); talloc_free(msgs); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index aebef28a19..ce631283c2 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -909,8 +909,11 @@ static bool test_GetDomPwInfo(struct dcerpc_pipe *p, struct torture_context *tct { NTSTATUS status; struct samr_GetDomPwInfo r; + struct samr_PwInfo info; r.in.domain_name = domain_name; + r.out.info = &info; + torture_comment(tctx, "Testing GetDomPwInfo with name %s\n", r.in.domain_name->string); status = dcerpc_samr_GetDomPwInfo(p, tctx, &r); @@ -1399,12 +1402,14 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co uint8_t old_lm_hash[16], new_lm_hash[16]; struct samr_GetDomPwInfo dom_pw_info; + struct samr_PwInfo info; int policy_min_pw_len = 0; struct lsa_String domain_name; domain_name.string = ""; dom_pw_info.in.domain_name = &domain_name; + dom_pw_info.out.info = &info; torture_comment(tctx, "Testing OemChangePasswordUser2\n"); @@ -1415,7 +1420,7 @@ static bool test_OemChangePasswordUser2(struct dcerpc_pipe *p, struct torture_co status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = dom_pw_info.out.info.min_password_length; + policy_min_pw_len = dom_pw_info.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); @@ -1568,11 +1573,13 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte uint8_t old_lm_hash[16], new_lm_hash[16]; struct samr_GetDomPwInfo dom_pw_info; + struct samr_PwInfo info; struct lsa_String domain_name; domain_name.string = ""; dom_pw_info.in.domain_name = &domain_name; + dom_pw_info.out.info = &info; torture_comment(tctx, "Testing ChangePasswordUser2 on %s\n", acct_name); @@ -1584,7 +1591,7 @@ static bool test_ChangePasswordUser2(struct dcerpc_pipe *p, struct torture_conte int policy_min_pw_len = 0; status = dcerpc_samr_GetDomPwInfo(p, tctx, &dom_pw_info); if (NT_STATUS_IS_OK(status)) { - policy_min_pw_len = dom_pw_info.out.info.min_password_length; + policy_min_pw_len = dom_pw_info.out.info->min_password_length; } newpass = samr_rand_pass(tctx, policy_min_pw_len); diff --git a/source4/torture/rpc/schannel.c b/source4/torture/rpc/schannel.c index ca1655729b..451990a71b 100644 --- a/source4/torture/rpc/schannel.c +++ b/source4/torture/rpc/schannel.c @@ -128,6 +128,7 @@ static bool test_samr_ops(struct torture_context *tctx, { NTSTATUS status; struct samr_GetDomPwInfo r; + struct samr_PwInfo info; struct samr_Connect connect; struct samr_OpenDomain opendom; int i; @@ -137,6 +138,7 @@ static bool test_samr_ops(struct torture_context *tctx, name.string = lp_workgroup(tctx->lp_ctx); r.in.domain_name = &name; + r.out.info = &info; connect.in.system_name = 0; connect.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; -- cgit From 88ff1be03671376d88aa8b019313979244a9bdb7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 01:39:39 +0100 Subject: s4-samr: merge samr_GetBootKeyInformation from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/torture/rpc/samr.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 708ceabb5f..66b3f4bf0f 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1350,7 +1350,7 @@ import "misc.idl", "lsa.idl", "security.idl"; /* Function 0x3c */ NTSTATUS samr_GetBootKeyInformation( [in,ref] policy_handle *domain_handle, - [out] uint32 unknown + [out,ref] uint32 *unknown ); /************************/ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index ce631283c2..e07ebe9e3d 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4202,10 +4202,12 @@ static bool test_GetBootKeyInformation(struct dcerpc_pipe *p, struct torture_con struct samr_GetBootKeyInformation r; NTSTATUS status; bool ret = true; + uint32_t unknown = 0; torture_comment(tctx, "Testing GetBootKeyInformation\n"); r.in.domain_handle = domain_handle; + r.out.unknown = &unknown; status = dcerpc_samr_GetBootKeyInformation(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { -- cgit From a2a26da89981792ae0141d02ae40e598163c6b4d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 01:51:51 +0100 Subject: s4-samr: merge samr_Connect5 from s3 idl. (fixme python) Guenther --- librpc/idl/samr.idl | 6 ++++-- source4/rpc_server/samr/dcesrv_samr.c | 6 +++--- source4/torture/rpc/samr.c | 8 +++++--- source4/torture/rpc/samr_accessmask.c | 8 +++++--- 4 files changed, 17 insertions(+), 11 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 66b3f4bf0f..d3dd13d270 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1418,8 +1418,10 @@ import "misc.idl", "lsa.idl", "security.idl"; [public] NTSTATUS samr_Connect5( [in,unique,string,charset(UTF16)] uint16 *system_name, [in] samr_ConnectAccessMask access_mask, - [in,out] uint32 level, - [in,out,switch_is(level),ref] samr_ConnectInfo *info, + [in] uint32 level_in, + [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, + [out,ref] uint32 *level_out, + [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, [out,ref] policy_handle *connect_handle ); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 45998b9ebd..552a1b5e3e 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -4285,9 +4285,9 @@ static NTSTATUS dcesrv_samr_Connect5(struct dcesrv_call_state *dce_call, TALLOC_ status = dcesrv_samr_Connect(dce_call, mem_ctx, &c); - r->out.info->info1.client_version = SAMR_CONNECT_AFTER_W2K; - r->out.info->info1.unknown2 = 0; - r->out.level = r->in.level; + r->out.info_out->info1.client_version = SAMR_CONNECT_AFTER_W2K; + r->out.info_out->info1.unknown2 = 0; + *r->out.level_out = r->in.level_in; return status; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index e07ebe9e3d..259a19d0b9 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4565,6 +4565,7 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx, struct samr_Connect5 r5; union samr_ConnectInfo info; struct policy_handle h; + uint32_t level_out = 0; bool ret = true, got_handle = false; torture_comment(tctx, "testing samr_Connect\n"); @@ -4645,9 +4646,10 @@ static bool test_Connect(struct dcerpc_pipe *p, struct torture_context *tctx, r5.in.system_name = ""; r5.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r5.in.level = 1; - r5.in.info = &info; - r5.out.info = &info; + r5.in.level_in = 1; + r5.out.level_out = &level_out; + r5.in.info_in = &info; + r5.out.info_out = &info; r5.out.connect_handle = &h; status = dcerpc_samr_Connect5(p, tctx, &r5); diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c index c45b12db60..eb19c0caa4 100644 --- a/source4/torture/rpc/samr_accessmask.c +++ b/source4/torture/rpc/samr_accessmask.c @@ -52,13 +52,15 @@ static NTSTATUS torture_samr_Connect5(struct torture_context *tctx, NTSTATUS status; struct samr_Connect5 r5; union samr_ConnectInfo info; + uint32_t level_out = 0; info.info1.client_version = 0; info.info1.unknown2 = 0; r5.in.system_name = ""; - r5.in.level = 1; - r5.in.info = &info; - r5.out.info = &info; + r5.in.level_in = 1; + r5.in.info_in = &info; + r5.out.info_out = &info; + r5.out.level_out = &level_out; r5.out.connect_handle = h; r5.in.access_mask = mask; -- cgit From 9774927947039e3819827c52fc078cca3a323e6d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 02:00:12 +0100 Subject: s4-samr: merge samr_QueryGroupMember from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 2 +- source4/torture/rpc/samr.c | 4 ++++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index d3dd13d270..1021dd32e2 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -632,7 +632,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryGroupMember( [in,ref] policy_handle *group_handle, - [out,unique] samr_RidTypeArray *rids + [out,ref] samr_RidTypeArray **rids ); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 552a1b5e3e..1511d78243 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2481,7 +2481,7 @@ static NTSTATUS dcesrv_samr_QueryGroupMember(struct dcesrv_call_state *dce_call, } } - r->out.rids = array; + *r->out.rids = array; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 259a19d0b9..13ab01a0c7 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2978,11 +2978,13 @@ static bool test_QueryGroupMember(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryGroupMember r; + struct samr_RidTypeArray *rids = NULL; bool ret = true; printf("Testing QueryGroupMember\n"); r.in.group_handle = handle; + r.out.rids = &rids; status = dcerpc_samr_QueryGroupMember(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -4226,6 +4228,7 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t struct samr_AddGroupMember r; struct samr_DeleteGroupMember d; struct samr_QueryGroupMember q; + struct samr_RidTypeArray *rids = NULL; struct samr_SetMemberAttributesOfGroup s; uint32_t rid; @@ -4265,6 +4268,7 @@ static bool test_AddGroupMember(struct dcerpc_pipe *p, struct torture_context *t } q.in.group_handle = group_handle; + q.out.rids = &rids; status = dcerpc_samr_QueryGroupMember(p, tctx, &q); torture_assert_ntstatus_ok(tctx, status, "QueryGroupMember"); -- cgit From f7dfea32fcaede24af545fb2e2b1701ccc676be5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 02:59:51 +0100 Subject: s4-samr: merge samr_QueryDomainInfo from s3 idl. (fixme python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 42 ++++++++++++++++--------------- source4/torture/rpc/samr.c | 47 ++++++++++++++++++++--------------- source4/torture/rpc/samsync.c | 27 +++++++++++--------- 4 files changed, 65 insertions(+), 53 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 1021dd32e2..a295a0ce70 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -411,7 +411,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryDomainInfo( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,switch_is(level),unique] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo **info ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 1511d78243..bc21d9425a 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -777,18 +777,19 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, { struct dcesrv_handle *h; struct samr_domain_state *d_state; + union samr_DomainInfo *info; struct ldb_message **dom_msgs; const char * const *attrs = NULL; - r->out.info = NULL; + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); d_state = h->data; - r->out.info = talloc(mem_ctx, union samr_DomainInfo); - if (!r->out.info) { + info = talloc(mem_ctx, union samr_DomainInfo); + if (!info) { return NT_STATUS_NO_MEMORY; } @@ -893,47 +894,49 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo(struct dcesrv_call_state *dce_call, } } - ZERO_STRUCTP(r->out.info); + *r->out.info = info; + + ZERO_STRUCTP(info); switch (r->in.level) { case 1: return dcesrv_samr_info_DomInfo1(d_state, mem_ctx, dom_msgs, - &r->out.info->info1); + &info->info1); case 2: return dcesrv_samr_info_DomGeneralInformation(d_state, mem_ctx, dom_msgs, - &r->out.info->general); + &info->general); case 3: return dcesrv_samr_info_DomInfo3(d_state, mem_ctx, dom_msgs, - &r->out.info->info3); + &info->info3); case 4: return dcesrv_samr_info_DomOEMInformation(d_state, mem_ctx, dom_msgs, - &r->out.info->oem); + &info->oem); case 5: return dcesrv_samr_info_DomInfo5(d_state, mem_ctx, dom_msgs, - &r->out.info->info5); + &info->info5); case 6: return dcesrv_samr_info_DomInfo6(d_state, mem_ctx, dom_msgs, - &r->out.info->info6); + &info->info6); case 7: return dcesrv_samr_info_DomInfo7(d_state, mem_ctx, dom_msgs, - &r->out.info->info7); + &info->info7); case 8: return dcesrv_samr_info_DomInfo8(d_state, mem_ctx, dom_msgs, - &r->out.info->info8); + &info->info8); case 9: return dcesrv_samr_info_DomInfo9(d_state, mem_ctx, dom_msgs, - &r->out.info->info9); + &info->info9); case 11: return dcesrv_samr_info_DomGeneralInformation2(d_state, mem_ctx, dom_msgs, - &r->out.info->general2); + &info->general2); case 12: return dcesrv_samr_info_DomInfo12(d_state, mem_ctx, dom_msgs, - &r->out.info->info12); + &info->info12); case 13: return dcesrv_samr_info_DomInfo13(d_state, mem_ctx, dom_msgs, - &r->out.info->info13); + &info->info13); } - + return NT_STATUS_INVALID_INFO_CLASS; } @@ -4026,11 +4029,10 @@ static NTSTATUS dcesrv_samr_QueryDomainInfo2(struct dcesrv_call_state *dce_call, ZERO_STRUCT(r1.out); r1.in.domain_handle = r->in.domain_handle; r1.in.level = r->in.level; - + r1.out.info = r->out.info; + status = dcesrv_samr_QueryDomainInfo(dce_call, mem_ctx, &r1); - r->out.info = r1.out.info; - return status; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 13ab01a0c7..4c3bc52626 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2555,6 +2555,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, /* set samr_SetDomainInfo level 1 with min_length 5 */ { struct samr_QueryDomainInfo r; + union samr_DomainInfo *info = NULL; struct samr_SetDomainInfo s; uint16_t len_old, len; uint32_t pwd_prop_old; @@ -2565,6 +2566,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.domain_handle = domain_handle; r.in.level = 1; + r.out.info = &info; printf("testing samr_QueryDomainInfo level 1\n"); status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &r); @@ -2574,7 +2576,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, s.in.domain_handle = domain_handle; s.in.level = 1; - s.in.info = r.out.info; + s.in.info = info; /* remember the old min length, so we can reset it */ len_old = s.in.info->info1.min_password_length; @@ -3696,6 +3698,7 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_QueryDisplayInfo r; struct samr_QueryDomainInfo dom_info; + union samr_DomainInfo *info = NULL; bool ret = true; uint16_t levels[] = {1, 2, 3, 4, 5}; int i; @@ -3744,6 +3747,8 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, } dom_info.in.domain_handle = handle; dom_info.in.level = 2; + dom_info.out.info = &info; + /* Check number of users returned is correct */ status = dcerpc_samr_QueryDomainInfo(p, mem_ctx, &dom_info); if (!NT_STATUS_IS_OK(status)) { @@ -3755,17 +3760,17 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, switch (r.in.level) { case 1: case 4: - if (dom_info.out.info->general.num_users < r.in.start_idx) { + if (info->general.num_users < r.in.start_idx) { printf("QueryDomainInfo indicates that QueryDisplayInfo returned more users (%d/%d) than the domain %s is said to contain!\n", - r.in.start_idx, dom_info.out.info->general.num_groups, - dom_info.out.info->general.domain_name.string); + r.in.start_idx, info->general.num_groups, + info->general.domain_name.string); ret = false; } if (!seen_testuser) { struct policy_handle user_handle; if (NT_STATUS_IS_OK(test_OpenUser_byname(p, mem_ctx, handle, TEST_ACCOUNT_NAME, &user_handle))) { printf("Didn't find test user " TEST_ACCOUNT_NAME " in enumeration of %s\n", - dom_info.out.info->general.domain_name.string); + info->general.domain_name.string); ret = false; test_samr_handle_Close(p, mem_ctx, &user_handle); } @@ -3773,10 +3778,10 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, break; case 3: case 5: - if (dom_info.out.info->general.num_groups != r.in.start_idx) { + if (info->general.num_groups != r.in.start_idx) { printf("QueryDomainInfo indicates that QueryDisplayInfo didn't return all (%d/%d) the groups in %s\n", - r.in.start_idx, dom_info.out.info->general.num_groups, - dom_info.out.info->general.domain_name.string); + r.in.start_idx, info->general.num_groups, + info->general.domain_name.string); ret = false; } @@ -3892,6 +3897,7 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context * { NTSTATUS status; struct samr_QueryDomainInfo r; + union samr_DomainInfo *info = NULL; struct samr_SetDomainInfo s; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13}; uint16_t set_ok[] = {1, 0, 1, 1, 0, 1, 1, 0, 1, 0, 1, 0}; @@ -3918,6 +3924,7 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context * r.in.domain_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryDomainInfo(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3929,40 +3936,40 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context * switch (levels[i]) { case 2: - if (strcmp(r.out.info->general.oem_information.string, domain_comment) != 0) { + if (strcmp(info->general.oem_information.string, domain_comment) != 0) { printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n", - levels[i], r.out.info->general.oem_information.string, domain_comment); + levels[i], info->general.oem_information.string, domain_comment); ret = false; } - if (!r.out.info->general.primary.string) { + if (!info->general.primary.string) { printf("QueryDomainInfo level %u returned no PDC name\n", levels[i]); ret = false; - } else if (r.out.info->general.role == SAMR_ROLE_DOMAIN_PDC) { - if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), r.out.info->general.primary.string) != 0) { + } else if (info->general.role == SAMR_ROLE_DOMAIN_PDC) { + if (dcerpc_server_name(p) && strcasecmp_m(dcerpc_server_name(p), info->general.primary.string) != 0) { printf("QueryDomainInfo level %u returned different PDC name (%s) compared to server name (%s), despite claiming to be the PDC\n", - levels[i], r.out.info->general.primary.string, dcerpc_server_name(p)); + levels[i], info->general.primary.string, dcerpc_server_name(p)); } } break; case 4: - if (strcmp(r.out.info->oem.oem_information.string, domain_comment) != 0) { + if (strcmp(info->oem.oem_information.string, domain_comment) != 0) { printf("QueryDomainInfo level %u returned different oem_information (comment) (%s, expected %s)\n", - levels[i], r.out.info->oem.oem_information.string, domain_comment); + levels[i], info->oem.oem_information.string, domain_comment); ret = false; } break; case 6: - if (!r.out.info->info6.primary.string) { + if (!info->info6.primary.string) { printf("QueryDomainInfo level %u returned no PDC name\n", levels[i]); ret = false; } break; case 11: - if (strcmp(r.out.info->general2.general.oem_information.string, domain_comment) != 0) { + if (strcmp(info->general2.general.oem_information.string, domain_comment) != 0) { printf("QueryDomainInfo level %u returned different comment (%s, expected %s)\n", - levels[i], r.out.info->general2.general.oem_information.string, domain_comment); + levels[i], info->general2.general.oem_information.string, domain_comment); ret = false; } break; @@ -3972,7 +3979,7 @@ static bool test_QueryDomainInfo(struct dcerpc_pipe *p, struct torture_context * s.in.domain_handle = handle; s.in.level = levels[i]; - s.in.info = r.out.info; + s.in.info = info; status = dcerpc_samr_SetDomainInfo(p, tctx, &s); if (set_ok[i]) { diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index c833f32559..502b879584 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -305,6 +305,7 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam struct netr_DELTA_DOMAIN *domain = delta->delta_union.domain; struct dom_sid *dom_sid; struct samr_QueryDomainInfo q[14]; /* q[0] will be unused simple for clarity */ + union samr_DomainInfo *info[14]; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13}; NTSTATUS nt_status; int i; @@ -352,8 +353,10 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam (long long)samsync_state->seq_num[database_id]); for (i=0;idomain_handle[database_id]; q[levels[i]].in.level = levels[i]; + q[levels[i]].out.info = &info[levels[i]]; nt_status = dcerpc_samr_QueryDomainInfo(samsync_state->p_samr, mem_ctx, &q[levels[i]]); @@ -364,23 +367,23 @@ static bool samsync_handle_domain(TALLOC_CTX *mem_ctx, struct samsync_state *sam } } - TEST_STRING_EQUAL(q[5].out.info->info5.domain_name, domain->domain_name); + TEST_STRING_EQUAL(info[5]->info5.domain_name, domain->domain_name); - TEST_STRING_EQUAL(q[2].out.info->general.oem_information, domain->oem_information); - TEST_STRING_EQUAL(q[4].out.info->oem.oem_information, domain->oem_information); - TEST_TIME_EQUAL(q[2].out.info->general.force_logoff_time, domain->force_logoff_time); - TEST_TIME_EQUAL(q[3].out.info->info3.force_logoff_time, domain->force_logoff_time); + TEST_STRING_EQUAL(info[2]->general.oem_information, domain->oem_information); + TEST_STRING_EQUAL(info[4]->oem.oem_information, domain->oem_information); + TEST_TIME_EQUAL(info[2]->general.force_logoff_time, domain->force_logoff_time); + TEST_TIME_EQUAL(info[3]->info3.force_logoff_time, domain->force_logoff_time); - TEST_TIME_EQUAL(q[1].out.info->info1.min_password_length, domain->min_password_length); - TEST_TIME_EQUAL(q[1].out.info->info1.password_history_length, domain->password_history_length); - TEST_TIME_EQUAL(q[1].out.info->info1.max_password_age, domain->max_password_age); - TEST_TIME_EQUAL(q[1].out.info->info1.min_password_age, domain->min_password_age); + TEST_TIME_EQUAL(info[1]->info1.min_password_length, domain->min_password_length); + TEST_TIME_EQUAL(info[1]->info1.password_history_length, domain->password_history_length); + TEST_TIME_EQUAL(info[1]->info1.max_password_age, domain->max_password_age); + TEST_TIME_EQUAL(info[1]->info1.min_password_age, domain->min_password_age); - TEST_UINT64_EQUAL(q[8].out.info->info8.sequence_num, + TEST_UINT64_EQUAL(info[8]->info8.sequence_num, domain->sequence_num); - TEST_TIME_EQUAL(q[8].out.info->info8.domain_create_time, + TEST_TIME_EQUAL(info[8]->info8.domain_create_time, domain->domain_create_time); - TEST_TIME_EQUAL(q[13].out.info->info13.domain_create_time, + TEST_TIME_EQUAL(info[13]->info13.domain_create_time, domain->domain_create_time); TEST_SEC_DESC_EQUAL(domain->sdbuf, samr, samsync_state->domain_handle[database_id]); -- cgit From f20dd953ef902e3dcd2131df9f1cfaaa4436e857 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 03:02:37 +0100 Subject: s4-samr: merge samr_QueryDomainInfo2 from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/torture/rpc/samr.c | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index a295a0ce70..11beb7bac3 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1196,7 +1196,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryDomainInfo2( [in,ref] policy_handle *domain_handle, [in] uint16 level, - [out,unique,switch_is(level)] samr_DomainInfo *info + [out,ref,switch_is(level)] samr_DomainInfo **info ); /************************/ diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 4c3bc52626..b01abf1ba8 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4016,6 +4016,7 @@ static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, struct torture_context { NTSTATUS status; struct samr_QueryDomainInfo2 r; + union samr_DomainInfo *info = NULL; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 11, 12, 13}; int i; bool ret = true; @@ -4025,6 +4026,7 @@ static bool test_QueryDomainInfo2(struct dcerpc_pipe *p, struct torture_context r.in.domain_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryDomainInfo2(p, tctx, &r); if (!NT_STATUS_IS_OK(status)) { -- cgit From 68a2ca11dc6b99d9127e964642e7d018acac0881 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 10:58:35 +0100 Subject: s4-samr: merge samr_GetGroupsForUser from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 2 +- source4/torture/rpc/samr.c | 2 ++ source4/torture/rpc/samsync.c | 19 +++++++++++-------- source4/winbind/wb_async_helpers.c | 7 +++++-- 5 files changed, 20 insertions(+), 12 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 11beb7bac3..453908546d 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1048,7 +1048,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_GetGroupsForUser( [in,ref] policy_handle *user_handle, - [out,unique] samr_RidWithAttributeArray *rids + [out,ref] samr_RidWithAttributeArray **rids ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index bc21d9425a..0f16320a8c 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3671,7 +3671,7 @@ static NTSTATUS dcesrv_samr_GetGroupsForUser(struct dcesrv_call_state *dce_call, } } - r->out.rids = array; + *r->out.rids = array; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index b01abf1ba8..b3002c9ab3 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -891,11 +891,13 @@ static bool test_GetGroupsForUser(struct dcerpc_pipe *p, struct torture_context struct policy_handle *user_handle) { struct samr_GetGroupsForUser r; + struct samr_RidWithAttributeArray *rids = NULL; NTSTATUS status; torture_comment(tctx, "testing GetGroupsForUser\n"); r.in.user_handle = user_handle; + r.out.rids = &rids; status = dcerpc_samr_GetGroupsForUser(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "GetGroupsForUser"); diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 502b879584..ba5b9f78d7 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -442,6 +442,8 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct struct policy_handle user_handle; struct samr_GetGroupsForUser getgroups; + struct samr_RidWithAttributeArray *rids; + if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { printf("SamSync needs domain information before the users\n"); return false; @@ -471,6 +473,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct } getgroups.in.user_handle = &user_handle; + getgroups.out.rids = &rids; nt_status = dcerpc_samr_GetGroupsForUser(samsync_state->p_samr, mem_ctx, &getgroups); if (!NT_STATUS_IS_OK(nt_status)) { @@ -681,28 +684,28 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct TEST_TIME_EQUAL(user->last_logoff, info3->base.last_logoff); } - TEST_INT_EQUAL(getgroups.out.rids->count, info3->base.groups.count); - if (getgroups.out.rids->count == info3->base.groups.count) { + TEST_INT_EQUAL(rids->count, info3->base.groups.count); + if (rids->count == info3->base.groups.count) { int i, j; - int count = getgroups.out.rids->count; - bool *matched = talloc_zero_array(mem_ctx, bool, getgroups.out.rids->count); + int count = rids->count; + bool *matched = talloc_zero_array(mem_ctx, bool, rids->count); for (i = 0; i < count; i++) { for (j = 0; j < count; j++) { - if ((getgroups.out.rids->rids[i].rid == + if ((rids->rids[i].rid == info3->base.groups.rids[j].rid) - && (getgroups.out.rids->rids[i].attributes == + && (rids->rids[i].attributes == info3->base.groups.rids[j].attributes)) { matched[i] = true; } } } - for (i = 0; i < getgroups.out.rids->count; i++) { + for (i = 0; i < rids->count; i++) { if (matched[i] == false) { ret = false; printf("Could not find group RID %u found in getgroups in NETLOGON reply\n", - getgroups.out.rids->rids[i].rid); + rids->rids[i].rid); } } } diff --git a/source4/winbind/wb_async_helpers.c b/source4/winbind/wb_async_helpers.c index 48a2a4d882..a50a0fe473 100644 --- a/source4/winbind/wb_async_helpers.c +++ b/source4/winbind/wb_async_helpers.c @@ -325,6 +325,8 @@ struct samr_getuserdomgroups_state { int num_rids; uint32_t *rids; + struct samr_RidWithAttributeArray *rid_array; + struct policy_handle *user_handle; struct samr_OpenUser o; struct samr_GetGroupsForUser g; @@ -386,6 +388,7 @@ static void samr_usergroups_recv_open(struct rpc_request *req) if (!composite_is_ok(state->ctx)) return; state->g.in.user_handle = state->user_handle; + state->g.out.rids = &state->rid_array; req = dcerpc_samr_GetGroupsForUser_send(state->samr_pipe, state, &state->g); @@ -438,7 +441,7 @@ NTSTATUS wb_samr_userdomgroups_recv(struct composite_context *ctx, NTSTATUS status = composite_wait(ctx); if (!NT_STATUS_IS_OK(status)) goto done; - *num_rids = state->g.out.rids->count; + *num_rids = state->rid_array->count; *rids = talloc_array(mem_ctx, uint32_t, *num_rids); if (*rids == NULL) { status = NT_STATUS_NO_MEMORY; @@ -446,7 +449,7 @@ NTSTATUS wb_samr_userdomgroups_recv(struct composite_context *ctx, } for (i=0; i<*num_rids; i++) { - (*rids)[i] = state->g.out.rids->rids[i].rid; + (*rids)[i] = state->rid_array->rids[i].rid; } done: -- cgit From bab255f09b1f20a4bbb0ec6806af4551a187b4a1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 11:15:08 +0100 Subject: s4-samr: merge samr_QueryDisplayInfo3 from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +++--- source4/rpc_server/samr/dcesrv_samr.c | 6 +++--- source4/torture/rpc/samr.c | 6 ++++++ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 453908546d..f57571f0e1 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1267,9 +1267,9 @@ import "misc.idl", "lsa.idl", "security.idl"; [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 0f16320a8c..25c160135b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -4114,9 +4114,9 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q); - r->out.total_size = q.out.total_size; - r->out.returned_size = q.out.returned_size; - r->out.info = q.out.info; + *r->out.total_size = q.out.total_size; + *r->out.returned_size = q.out.returned_size; + *r->out.info = q.out.info; return result; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index b3002c9ab3..0858b48944 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3832,6 +3832,9 @@ static bool test_QueryDisplayInfo3(struct dcerpc_pipe *p, struct torture_context bool ret = true; uint16_t levels[] = {1, 2, 3, 4, 5}; int i; + uint32_t total_size; + uint32_t returned_size; + union samr_DispInfo info; for (i=0;i Date: Wed, 5 Nov 2008 11:17:22 +0100 Subject: s4-samr: merge samr_QueryDisplayInfo2 from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +++--- source4/rpc_server/samr/dcesrv_samr.c | 6 +++--- source4/torture/rpc/samr.c | 6 ++++++ 3 files changed, 12 insertions(+), 6 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index f57571f0e1..aa72c546a8 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1223,9 +1223,9 @@ import "misc.idl", "lsa.idl", "security.idl"; [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 25c160135b..b81559bfcf 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -4078,9 +4078,9 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q); - r->out.total_size = q.out.total_size; - r->out.returned_size = q.out.returned_size; - r->out.info = q.out.info; + *r->out.total_size = q.out.total_size; + *r->out.returned_size = q.out.returned_size; + *r->out.info = q.out.info; return result; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 0858b48944..8444ac3820 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3803,6 +3803,9 @@ static bool test_QueryDisplayInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, bool ret = true; uint16_t levels[] = {1, 2, 3, 4, 5}; int i; + uint32_t total_size; + uint32_t returned_size; + union samr_DispInfo info; for (i=0;i Date: Wed, 5 Nov 2008 12:32:24 +0100 Subject: s4-samr: merge samr_QueryDisplayInfo from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +-- source4/rpc_server/samr/dcesrv_samr.c | 64 ++++++++++++++---------------- source4/torture/rpc/samr.c | 73 ++++++++++++++++++++++------------- 3 files changed, 79 insertions(+), 64 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index aa72c546a8..f5e069b74b 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1118,9 +1118,9 @@ import "misc.idl", "lsa.idl", "security.idl"; [in] uint32 start_idx, [in] uint32 max_entries, [in] uint32 buf_size, - [out] uint32 total_size, - [out] uint32 returned_size, - [out,switch_is(level)] samr_DispInfo info + [out,ref] uint32 *total_size, + [out,ref] uint32 *returned_size, + [out,ref,switch_is(level)] samr_DispInfo *info ); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index b81559bfcf..fe001c30ef 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3829,65 +3829,65 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo(struct dcesrv_call_state *dce_call, count += 1; } - r->out.total_size = count; + *r->out.total_size = count; if (r->in.start_idx >= count) { - r->out.returned_size = 0; + *r->out.returned_size = 0; switch(r->in.level) { case 1: - r->out.info.info1.count = r->out.returned_size; - r->out.info.info1.entries = NULL; + r->out.info->info1.count = *r->out.returned_size; + r->out.info->info1.entries = NULL; break; case 2: - r->out.info.info2.count = r->out.returned_size; - r->out.info.info2.entries = NULL; + r->out.info->info2.count = *r->out.returned_size; + r->out.info->info2.entries = NULL; break; case 3: - r->out.info.info3.count = r->out.returned_size; - r->out.info.info3.entries = NULL; + r->out.info->info3.count = *r->out.returned_size; + r->out.info->info3.entries = NULL; break; case 4: - r->out.info.info4.count = r->out.returned_size; - r->out.info.info4.entries = NULL; + r->out.info->info4.count = *r->out.returned_size; + r->out.info->info4.entries = NULL; break; case 5: - r->out.info.info5.count = r->out.returned_size; - r->out.info.info5.entries = NULL; + r->out.info->info5.count = *r->out.returned_size; + r->out.info->info5.entries = NULL; break; } } else { - r->out.returned_size = MIN(count - r->in.start_idx, + *r->out.returned_size = MIN(count - r->in.start_idx, r->in.max_entries); switch(r->in.level) { case 1: - r->out.info.info1.count = r->out.returned_size; - r->out.info.info1.entries = + r->out.info->info1.count = *r->out.returned_size; + r->out.info->info1.entries = &(entriesGeneral[r->in.start_idx]); break; case 2: - r->out.info.info2.count = r->out.returned_size; - r->out.info.info2.entries = + r->out.info->info2.count = *r->out.returned_size; + r->out.info->info2.entries = &(entriesFull[r->in.start_idx]); break; case 3: - r->out.info.info3.count = r->out.returned_size; - r->out.info.info3.entries = + r->out.info->info3.count = *r->out.returned_size; + r->out.info->info3.entries = &(entriesFullGroup[r->in.start_idx]); break; case 4: - r->out.info.info4.count = r->out.returned_size; - r->out.info.info4.entries = + r->out.info->info4.count = *r->out.returned_size; + r->out.info->info4.entries = &(entriesAscii[r->in.start_idx]); break; case 5: - r->out.info.info5.count = r->out.returned_size; - r->out.info.info5.entries = + r->out.info->info5.count = *r->out.returned_size; + r->out.info->info5.entries = &(entriesAscii[r->in.start_idx]); break; } } - return (r->out.returned_size < (count - r->in.start_idx)) ? + return (*r->out.returned_size < (count - r->in.start_idx)) ? STATUS_MORE_ENTRIES : NT_STATUS_OK; } @@ -4074,14 +4074,12 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo2(struct dcesrv_call_state *dce_call q.in.start_idx = r->in.start_idx; q.in.max_entries = r->in.max_entries; q.in.buf_size = r->in.buf_size; - ZERO_STRUCT(q.out); + q.out.total_size = r->out.total_size; + q.out.returned_size = r->out.returned_size; + q.out.info = r->out.info; result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q); - *r->out.total_size = q.out.total_size; - *r->out.returned_size = q.out.returned_size; - *r->out.info = q.out.info; - return result; } @@ -4110,14 +4108,12 @@ static NTSTATUS dcesrv_samr_QueryDisplayInfo3(struct dcesrv_call_state *dce_call q.in.start_idx = r->in.start_idx; q.in.max_entries = r->in.max_entries; q.in.buf_size = r->in.buf_size; - ZERO_STRUCT(q.out); + q.out.total_size = r->out.total_size; + q.out.returned_size = r->out.returned_size; + q.out.info = r->out.info; result = dcesrv_samr_QueryDisplayInfo(dce_call, mem_ctx, &q); - *r->out.total_size = q.out.total_size; - *r->out.returned_size = q.out.returned_size; - *r->out.info = q.out.info; - return result; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 8444ac3820..17e81a93e0 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3605,16 +3605,16 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct for (i = 0; ; i++) { switch (querydisplayinfo->in.level) { case 1: - if (i >= querydisplayinfo->out.info.info1.count) { + if (i >= querydisplayinfo->out.info->info1.count) { return ret; } - r.in.rid = querydisplayinfo->out.info.info1.entries[i].rid; + r.in.rid = querydisplayinfo->out.info->info1.entries[i].rid; break; case 2: - if (i >= querydisplayinfo->out.info.info2.count) { + if (i >= querydisplayinfo->out.info->info2.count) { return ret; } - r.in.rid = querydisplayinfo->out.info.info2.entries[i].rid; + r.in.rid = querydisplayinfo->out.info->info2.entries[i].rid; break; case 3: /* Groups */ @@ -3649,29 +3649,29 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct if (seen_testuser && strcmp(q.out.info->info21.account_name.string, TEST_ACCOUNT_NAME) == 0) { *seen_testuser = true; } - STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].full_name, + STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].full_name, q.out.info->info21.full_name, q.out.info->info21.account_name); - STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].account_name, + STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].account_name, q.out.info->info21.account_name, q.out.info->info21.account_name); - STRING_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].description, + STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].description, q.out.info->info21.description, q.out.info->info21.account_name); - INT_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].rid, + INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].rid, q.out.info->info21.rid, q.out.info->info21.account_name); - INT_EQUAL_QUERY(querydisplayinfo->out.info.info1.entries[i].acct_flags, + INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].acct_flags, q.out.info->info21.acct_flags, q.out.info->info21.account_name); break; case 2: - STRING_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].account_name, + STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].account_name, q.out.info->info21.account_name, q.out.info->info21.account_name); - STRING_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].description, + STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].description, q.out.info->info21.description, q.out.info->info21.account_name); - INT_EQUAL_QUERY(querydisplayinfo->out.info.info2.entries[i].rid, + INT_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].rid, q.out.info->info21.rid, q.out.info->info21.account_name); - INT_EQUAL_QUERY((querydisplayinfo->out.info.info2.entries[i].acct_flags & ~ACB_NORMAL), + INT_EQUAL_QUERY((querydisplayinfo->out.info->info2.entries[i].acct_flags & ~ACB_NORMAL), q.out.info->info21.acct_flags, q.out.info->info21.account_name); - if (!(querydisplayinfo->out.info.info2.entries[i].acct_flags & ACB_NORMAL)) { + if (!(querydisplayinfo->out.info->info2.entries[i].acct_flags & ACB_NORMAL)) { printf("Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n", q.out.info->info21.account_name.string); } @@ -3679,7 +3679,7 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct if (!(q.out.info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) { printf("Found non-trust account %s in trust account listing: 0x%x 0x%x\n", q.out.info->info21.account_name.string, - querydisplayinfo->out.info.info2.entries[i].acct_flags, + querydisplayinfo->out.info->info2.entries[i].acct_flags, q.out.info->info21.acct_flags); return false; } @@ -3705,6 +3705,10 @@ static bool test_QueryDisplayInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, uint16_t levels[] = {1, 2, 3, 4, 5}; int i; bool seen_testuser = false; + uint32_t total_size; + uint32_t returned_size; + union samr_DispInfo disp_info; + for (i=0;iinfo1.count; break; case 2: if (!test_each_DisplayInfo_user(p, mem_ctx, &r, NULL)) { ret = false; } - r.in.start_idx += r.out.info.info2.count; + r.in.start_idx += r.out.info->info2.count; break; case 3: - r.in.start_idx += r.out.info.info3.count; + r.in.start_idx += r.out.info->info3.count; break; case 4: - r.in.start_idx += r.out.info.info4.count; + r.in.start_idx += r.out.info->info4.count; break; case 5: - r.in.start_idx += r.out.info.info5.count; + r.in.start_idx += r.out.info->info5.count; break; } } @@ -3872,6 +3879,9 @@ static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *me NTSTATUS status; struct samr_QueryDisplayInfo r; bool ret = true; + uint32_t total_size; + uint32_t returned_size; + union samr_DispInfo info; printf("Testing QueryDisplayInfo continuation\n"); @@ -3880,14 +3890,17 @@ static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *me r.in.start_idx = 0; r.in.max_entries = 1; r.in.buf_size = (uint32_t)-1; + r.out.total_size = &total_size; + r.out.returned_size = &returned_size; + r.out.info = &info; do { status = dcerpc_samr_QueryDisplayInfo(p, mem_ctx, &r); - if (NT_STATUS_IS_OK(status) && r.out.returned_size != 0) { - if (r.out.info.info1.entries[0].idx != r.in.start_idx + 1) { + if (NT_STATUS_IS_OK(status) && *r.out.returned_size != 0) { + if (r.out.info->info1.entries[0].idx != r.in.start_idx + 1) { printf("expected idx %d but got %d\n", r.in.start_idx + 1, - r.out.info.info1.entries[0].idx); + r.out.info->info1.entries[0].idx); break; } } @@ -3901,7 +3914,7 @@ static bool test_QueryDisplayInfo_continue(struct dcerpc_pipe *p, TALLOC_CTX *me r.in.start_idx++; } while ((NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_IS_OK(status)) && - r.out.returned_size != 0); + *r.out.returned_size != 0); return ret; } @@ -4065,6 +4078,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, uint32_t resume_handle=0; int i; bool ret = true; + uint32_t total_size; + uint32_t returned_size; + union samr_DispInfo info; int num_names = 0; const char **names = NULL; @@ -4100,6 +4116,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, q2.in.start_idx = 0; q2.in.max_entries = 5; q2.in.buf_size = (uint32_t)-1; + q2.out.total_size = &total_size; + q2.out.returned_size = &returned_size; + q2.out.info = &info; status = STATUS_MORE_ENTRIES; while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { @@ -4109,9 +4128,9 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break; - for (i=0; iinfo5.count; i++) { int j; - const char *name = q2.out.info.info5.entries[i].account_name.string; + const char *name = q2.out.info->info5.entries[i].account_name.string; bool found = false; for (j=0; jinfo5.count; } if (!NT_STATUS_IS_OK(status)) { -- cgit From 2efec54b8d8ae37b57747459ac7aa3c7a69cb6cc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 13:37:49 +0100 Subject: s4-samr: merge samr_EnumDomainAliases from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 8 ++++---- source4/rpc_server/samr/dcesrv_samr.c | 23 +++++++++++++---------- source4/torture/rpc/samr.c | 12 ++++++++---- 3 files changed, 25 insertions(+), 18 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index f5e069b74b..a84dc677bc 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -489,11 +489,11 @@ import "misc.idl", "lsa.idl", "security.idl"; /************************/ /* Function 0x0f */ NTSTATUS samr_EnumDomainAliases( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] samr_SamArray **sam, + [in] uint32 max_size, + [out,ref] uint32 *num_entries ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index fe001c30ef..956c1644e8 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1700,10 +1700,11 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call int ldb_cnt, count, i, first; struct samr_SamEntry *entries; const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL }; + struct samr_SamArray *sam; *r->out.resume_handle = 0; - r->out.sam = NULL; - r->out.num_entries = 0; + *r->out.sam = NULL; + *r->out.num_entries = 0; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -1763,20 +1764,22 @@ static NTSTATUS dcesrv_samr_EnumDomainAliases(struct dcesrv_call_state *dce_call return NT_STATUS_OK; } - r->out.num_entries = count - first; - r->out.num_entries = MIN(r->out.num_entries, 1000); + *r->out.num_entries = count - first; + *r->out.num_entries = MIN(*r->out.num_entries, 1000); - r->out.sam = talloc(mem_ctx, struct samr_SamArray); - if (!r->out.sam) { + sam = talloc(mem_ctx, struct samr_SamArray); + if (!sam) { return NT_STATUS_NO_MEMORY; } - r->out.sam->entries = entries+first; - r->out.sam->count = r->out.num_entries; + sam->entries = entries+first; + sam->count = *r->out.num_entries; - if (r->out.num_entries < count - first) { + *r->out.sam = sam; + + if (*r->out.num_entries < count - first) { *r->out.resume_handle = - entries[first+r->out.num_entries-1].idx; + entries[first+*r->out.num_entries-1].idx; return STATUS_MORE_ENTRIES; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 17e81a93e0..810f37ccb8 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3457,6 +3457,8 @@ static bool test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_EnumDomainAliases r; uint32_t resume_handle=0; + struct samr_SamArray *sam = NULL; + uint32_t num_entries = 0; int i; bool ret = true; @@ -3464,7 +3466,9 @@ static bool test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.domain_handle = handle; r.in.resume_handle = &resume_handle; - r.in.acct_flags = (uint32_t)-1; + r.in.max_size = (uint32_t)-1; + r.out.sam = &sam; + r.out.num_entries = &num_entries; r.out.resume_handle = &resume_handle; status = dcerpc_samr_EnumDomainAliases(p, mem_ctx, &r); @@ -3473,12 +3477,12 @@ static bool test_EnumDomainAliases(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return false; } - if (!r.out.sam) { + if (!sam) { return false; } - for (i=0;icount;i++) { - if (!test_OpenAlias(p, mem_ctx, handle, r.out.sam->entries[i].idx)) { + for (i=0;icount;i++) { + if (!test_OpenAlias(p, mem_ctx, handle, sam->entries[i].idx)) { ret = false; } } -- cgit From 61391d0ade10f79fb4d2a245b942ee93fa11a6d2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 14:28:17 +0100 Subject: s4-samr: merge samr_LookupNames from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 4 ++-- source4/libnet/groupinfo.c | 14 +++++++++----- source4/libnet/groupman.c | 10 +++++++--- source4/libnet/libnet_join.c | 9 ++++++--- source4/libnet/libnet_passwd.c | 9 ++++++--- source4/libnet/userinfo.c | 12 ++++++++---- source4/libnet/userman.c | 28 ++++++++++++++++++---------- source4/rpc_server/samr/dcesrv_samr.c | 22 +++++++++++----------- source4/torture/libnet/libnet_group.c | 5 ++++- source4/torture/libnet/libnet_user.c | 5 ++++- source4/torture/libnet/utils.c | 10 ++++++++-- source4/torture/rpc/samba3rpc.c | 5 ++++- source4/torture/rpc/samr.c | 16 ++++++++++++---- source4/torture/rpc/testjoin.c | 5 ++++- 14 files changed, 103 insertions(+), 51 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index a84dc677bc..b2c9103d97 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -517,8 +517,8 @@ import "misc.idl", "lsa.idl", "security.idl"; [in,ref] policy_handle *domain_handle, [in,range(0,1000)] uint32 num_names, [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out] samr_Ids rids, - [out] samr_Ids types + [out,ref] samr_Ids *rids, + [out,ref] samr_Ids *types ); diff --git a/source4/libnet/groupinfo.c b/source4/libnet/groupinfo.c index 1da6646702..1fb52a27bc 100644 --- a/source4/libnet/groupinfo.c +++ b/source4/libnet/groupinfo.c @@ -83,8 +83,8 @@ static void continue_groupinfo_lookup(struct rpc_request *req) if (s->monitor_fn) { msg.type = mon_SamrLookupName; msg_lookup = talloc(s, struct msg_rpc_lookup_name); - msg_lookup->rid = s->lookup.out.rids.ids; - msg_lookup->count = s->lookup.out.rids.count; + msg_lookup->rid = s->lookup.out.rids->ids; + msg_lookup->count = s->lookup.out.rids->count; msg.data = (void*)msg_lookup; msg.data_size = sizeof(*msg_lookup); @@ -94,7 +94,7 @@ static void continue_groupinfo_lookup(struct rpc_request *req) /* have we actually got name resolved - we're looking for only one at the moment */ - if (s->lookup.out.rids.count == 0) { + if (s->lookup.out.rids->count == 0) { composite_error(c, NT_STATUS_NO_SUCH_USER); } @@ -103,7 +103,7 @@ static void continue_groupinfo_lookup(struct rpc_request *req) /* prepare parameters for LookupNames */ s->opengroup.in.domain_handle = &s->domain_handle; s->opengroup.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - s->opengroup.in.rid = s->lookup.out.rids.ids[0]; + s->opengroup.in.rid = s->lookup.out.rids->ids[0]; s->opengroup.out.group_handle = &s->group_handle; /* send request */ @@ -301,7 +301,11 @@ struct composite_context *libnet_rpc_groupinfo_send(struct dcerpc_pipe *p, s->lookup.in.names[0].string = talloc_strdup(s, io->in.groupname); if (composite_nomem(s->lookup.in.names[0].string, c)) return c; - + s->lookup.out.rids = talloc_zero(s, struct samr_Ids); + s->lookup.out.types = talloc_zero(s, struct samr_Ids); + if (composite_nomem(s->lookup.out.rids, c)) return c; + if (composite_nomem(s->lookup.out.types, c)) return c; + /* send request */ lookup_req = dcerpc_samr_LookupNames_send(p, c, &s->lookup); if (composite_nomem(lookup_req, c)) return c; diff --git a/source4/libnet/groupman.c b/source4/libnet/groupman.c index 58d5742336..4dfb2d8aab 100644 --- a/source4/libnet/groupman.c +++ b/source4/libnet/groupman.c @@ -174,6 +174,10 @@ struct composite_context* libnet_rpc_groupdel_send(struct dcerpc_pipe *p, s->lookupname.in.num_names = 1; s->lookupname.in.names = talloc_zero(s, struct lsa_String); s->lookupname.in.names->string = io->in.groupname; + s->lookupname.out.rids = talloc_zero(s, struct samr_Ids); + s->lookupname.out.types = talloc_zero(s, struct samr_Ids); + if (composite_nomem(s->lookupname.out.rids, c)) return c; + if (composite_nomem(s->lookupname.out.types, c)) return c; /* send the request */ lookup_req = dcerpc_samr_LookupNames_send(p, c, &s->lookupname); @@ -205,12 +209,12 @@ static void continue_groupdel_name_found(struct rpc_request *req) /* what to do when there's no group account to delete and what if there's more than one rid resolved */ - if (!s->lookupname.out.rids.count) { + if (!s->lookupname.out.rids->count) { c->status = NT_STATUS_NO_SUCH_GROUP; composite_error(c, c->status); return; - } else if (!s->lookupname.out.rids.count > 1) { + } else if (!s->lookupname.out.rids->count > 1) { c->status = NT_STATUS_INVALID_ACCOUNT_NAME; composite_error(c, c->status); return; @@ -218,7 +222,7 @@ static void continue_groupdel_name_found(struct rpc_request *req) /* prepare the arguments for rpc call */ s->opengroup.in.domain_handle = &s->domain_handle; - s->opengroup.in.rid = s->lookupname.out.rids.ids[0]; + s->opengroup.in.rid = s->lookupname.out.rids->ids[0]; s->opengroup.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; s->opengroup.out.group_handle = &s->group_handle; diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index e18797c3d5..e6664b2463 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -444,6 +444,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru struct samr_OpenDomain od; struct policy_handle d_handle; struct samr_LookupNames ln; + struct samr_Ids rids, types; struct samr_OpenUser ou; struct samr_CreateUser2 cu; struct policy_handle *u_handle = NULL; @@ -612,6 +613,8 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru ln.in.domain_handle = &d_handle; ln.in.num_names = 1; ln.in.names = talloc_array(tmp_ctx, struct lsa_String, 1); + ln.out.rids = &rids; + ln.out.types = &types; if (!ln.in.names) { r->out.error_string = NULL; talloc_free(tmp_ctx); @@ -631,10 +634,10 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru } /* check if we got one RID for the user */ - if (ln.out.rids.count != 1) { + if (ln.out.rids->count != 1) { r->out.error_string = talloc_asprintf(mem_ctx, "samr_LookupNames for [%s] returns %d RIDs", - r->in.account_name, ln.out.rids.count); + r->in.account_name, ln.out.rids->count); talloc_free(tmp_ctx); return NT_STATUS_INVALID_PARAMETER; } @@ -643,7 +646,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru ZERO_STRUCTP(u_handle); ou.in.domain_handle = &d_handle; ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - ou.in.rid = ln.out.rids.ids[0]; + ou.in.rid = ln.out.rids->ids[0]; rid = ou.in.rid; ou.out.user_handle = u_handle; diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index cbb3bfadff..d1e6fe79f4 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -535,6 +535,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * struct samr_OpenDomain od; struct policy_handle d_handle; struct samr_LookupNames ln; + struct samr_Ids rids, types; struct samr_OpenUser ou; struct policy_handle u_handle; union libnet_SetPassword r2; @@ -602,6 +603,8 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * ln.in.domain_handle = &d_handle; ln.in.num_names = 1; ln.in.names = talloc_array(mem_ctx, struct lsa_String, 1); + ln.out.rids = &rids; + ln.out.types = &types; if (!ln.in.names) { r->samr.out.error_string = "Out of Memory"; return NT_STATUS_NO_MEMORY; @@ -618,10 +621,10 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * } /* check if we got one RID for the user */ - if (ln.out.rids.count != 1) { + if (ln.out.rids->count != 1) { r->samr.out.error_string = talloc_asprintf(mem_ctx, "samr_LookupNames for [%s] returns %d RIDs", - r->samr.in.account_name, ln.out.rids.count); + r->samr.in.account_name, ln.out.rids->count); status = NT_STATUS_INVALID_PARAMETER; goto disconnect; } @@ -630,7 +633,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * ZERO_STRUCT(u_handle); ou.in.domain_handle = &d_handle; ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - ou.in.rid = ln.out.rids.ids[0]; + ou.in.rid = ln.out.rids->ids[0]; ou.out.user_handle = &u_handle; /* 6. do a samr_OpenUser to get a user handle */ diff --git a/source4/libnet/userinfo.c b/source4/libnet/userinfo.c index e8b6b090c7..1579cd9691 100644 --- a/source4/libnet/userinfo.c +++ b/source4/libnet/userinfo.c @@ -82,8 +82,8 @@ static void continue_userinfo_lookup(struct rpc_request *req) if (s->monitor_fn) { msg.type = mon_SamrLookupName; msg_lookup = talloc(s, struct msg_rpc_lookup_name); - msg_lookup->rid = s->lookup.out.rids.ids; - msg_lookup->count = s->lookup.out.rids.count; + msg_lookup->rid = s->lookup.out.rids->ids; + msg_lookup->count = s->lookup.out.rids->count; msg.data = (void*)msg_lookup; msg.data_size = sizeof(*msg_lookup); @@ -93,7 +93,7 @@ static void continue_userinfo_lookup(struct rpc_request *req) /* have we actually got name resolved - we're looking for only one at the moment */ - if (s->lookup.out.rids.count == 0) { + if (s->lookup.out.rids->count == 0) { composite_error(c, NT_STATUS_NO_SUCH_USER); } @@ -102,7 +102,7 @@ static void continue_userinfo_lookup(struct rpc_request *req) /* prepare parameters for LookupNames */ s->openuser.in.domain_handle = &s->domain_handle; s->openuser.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - s->openuser.in.rid = s->lookup.out.rids.ids[0]; + s->openuser.in.rid = s->lookup.out.rids->ids[0]; s->openuser.out.user_handle = &s->user_handle; /* send request */ @@ -297,6 +297,10 @@ struct composite_context *libnet_rpc_userinfo_send(struct dcerpc_pipe *p, s->lookup.in.num_names = 1; s->lookup.in.names = talloc_array(s, struct lsa_String, 1); if (composite_nomem(s->lookup.in.names, c)) return c; + s->lookup.out.rids = talloc_zero(s, struct samr_Ids); + s->lookup.out.types = talloc_zero(s, struct samr_Ids); + if (composite_nomem(s->lookup.out.rids, c)) return c; + if (composite_nomem(s->lookup.out.types, c)) return c; s->lookup.in.names[0].string = talloc_strdup(s, io->in.username); if (composite_nomem(s->lookup.in.names[0].string, c)) return c; diff --git a/source4/libnet/userman.c b/source4/libnet/userman.c index 398d9f2cb0..53e62c7886 100644 --- a/source4/libnet/userman.c +++ b/source4/libnet/userman.c @@ -236,12 +236,12 @@ static void continue_userdel_name_found(struct rpc_request *req) /* what to do when there's no user account to delete and what if there's more than one rid resolved */ - if (!s->lookupname.out.rids.count) { + if (!s->lookupname.out.rids->count) { c->status = NT_STATUS_NO_SUCH_USER; composite_error(c, c->status); return; - } else if (!s->lookupname.out.rids.count > 1) { + } else if (!s->lookupname.out.rids->count > 1) { c->status = NT_STATUS_INVALID_ACCOUNT_NAME; composite_error(c, c->status); return; @@ -251,8 +251,8 @@ static void continue_userdel_name_found(struct rpc_request *req) if (s->monitor_fn) { struct msg_rpc_lookup_name msg_lookup; - msg_lookup.rid = s->lookupname.out.rids.ids; - msg_lookup.count = s->lookupname.out.rids.count; + msg_lookup.rid = s->lookupname.out.rids->ids; + msg_lookup.count = s->lookupname.out.rids->count; msg.type = mon_SamrLookupName; msg.data = (void*)&msg_lookup; @@ -262,7 +262,7 @@ static void continue_userdel_name_found(struct rpc_request *req) /* prepare the arguments for rpc call */ s->openuser.in.domain_handle = &s->domain_handle; - s->openuser.in.rid = s->lookupname.out.rids.ids[0]; + s->openuser.in.rid = s->lookupname.out.rids->ids[0]; s->openuser.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; s->openuser.out.user_handle = &s->user_handle; @@ -393,6 +393,10 @@ struct composite_context *libnet_rpc_userdel_send(struct dcerpc_pipe *p, s->lookupname.in.num_names = 1; s->lookupname.in.names = talloc_zero(s, struct lsa_String); s->lookupname.in.names->string = io->in.username; + s->lookupname.out.rids = talloc_zero(s, struct samr_Ids); + s->lookupname.out.types = talloc_zero(s, struct samr_Ids); + if (composite_nomem(s->lookupname.out.rids, c)) return c; + if (composite_nomem(s->lookupname.out.types, c)) return c; /* send the request */ lookup_req = dcerpc_samr_LookupNames_send(p, c, &s->lookupname); @@ -500,12 +504,12 @@ static void continue_usermod_name_found(struct rpc_request *req) /* what to do when there's no user account to delete and what if there's more than one rid resolved */ - if (!s->lookupname.out.rids.count) { + if (!s->lookupname.out.rids->count) { c->status = NT_STATUS_NO_SUCH_USER; composite_error(c, c->status); return; - } else if (!s->lookupname.out.rids.count > 1) { + } else if (!s->lookupname.out.rids->count > 1) { c->status = NT_STATUS_INVALID_ACCOUNT_NAME; composite_error(c, c->status); return; @@ -515,8 +519,8 @@ static void continue_usermod_name_found(struct rpc_request *req) if (s->monitor_fn) { struct msg_rpc_lookup_name msg_lookup; - msg_lookup.rid = s->lookupname.out.rids.ids; - msg_lookup.count = s->lookupname.out.rids.count; + msg_lookup.rid = s->lookupname.out.rids->ids; + msg_lookup.count = s->lookupname.out.rids->count; msg.type = mon_SamrLookupName; msg.data = (void*)&msg_lookup; @@ -526,7 +530,7 @@ static void continue_usermod_name_found(struct rpc_request *req) /* prepare the next rpc call */ s->openuser.in.domain_handle = &s->domain_handle; - s->openuser.in.rid = s->lookupname.out.rids.ids[0]; + s->openuser.in.rid = s->lookupname.out.rids->ids[0]; s->openuser.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; s->openuser.out.user_handle = &s->user_handle; @@ -834,6 +838,10 @@ struct composite_context *libnet_rpc_usermod_send(struct dcerpc_pipe *p, s->lookupname.in.num_names = 1; s->lookupname.in.names = talloc_zero(s, struct lsa_String); s->lookupname.in.names->string = io->in.username; + s->lookupname.out.rids = talloc_zero(s, struct samr_Ids); + s->lookupname.out.types = talloc_zero(s, struct samr_Ids); + if (composite_nomem(s->lookupname.out.rids, c)) return c; + if (composite_nomem(s->lookupname.out.types, c)) return c; /* send the rpc request */ lookup_req = dcerpc_samr_LookupNames_send(p, c, &s->lookupname); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 956c1644e8..a8d161a577 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1877,8 +1877,8 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL const char * const attrs[] = { "sAMAccountType", "objectSid", NULL }; int count; - ZERO_STRUCT(r->out.rids); - ZERO_STRUCT(r->out.types); + ZERO_STRUCTP(r->out.rids); + ZERO_STRUCTP(r->out.types); DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -1888,13 +1888,13 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL return NT_STATUS_OK; } - r->out.rids.ids = talloc_array(mem_ctx, uint32_t, r->in.num_names); - r->out.types.ids = talloc_array(mem_ctx, uint32_t, r->in.num_names); - if (!r->out.rids.ids || !r->out.types.ids) { + r->out.rids->ids = talloc_array(mem_ctx, uint32_t, r->in.num_names); + r->out.types->ids = talloc_array(mem_ctx, uint32_t, r->in.num_names); + if (!r->out.rids->ids || !r->out.types->ids) { return NT_STATUS_NO_MEMORY; } - r->out.rids.count = r->in.num_names; - r->out.types.count = r->in.num_names; + r->out.rids->count = r->in.num_names; + r->out.types->count = r->in.num_names; num_mapped = 0; @@ -1903,8 +1903,8 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL struct dom_sid *sid; uint32_t atype, rtype; - r->out.rids.ids[i] = 0; - r->out.types.ids[i] = SID_NAME_UNKNOWN; + r->out.rids->ids[i] = 0; + r->out.types->ids[i] = SID_NAME_UNKNOWN; count = gendb_search(d_state->sam_ctx, mem_ctx, d_state->domain_dn, &res, attrs, "sAMAccountName=%s", @@ -1933,8 +1933,8 @@ static NTSTATUS dcesrv_samr_LookupNames(struct dcesrv_call_state *dce_call, TALL continue; } - r->out.rids.ids[i] = sid->sub_auths[sid->num_auths-1]; - r->out.types.ids[i] = rtype; + r->out.rids->ids[i] = sid->sub_auths[sid->num_auths-1]; + r->out.types->ids[i] = rtype; num_mapped++; } diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c index 12b8167a86..74da6162c6 100644 --- a/source4/torture/libnet/libnet_group.c +++ b/source4/torture/libnet/libnet_group.c @@ -42,12 +42,15 @@ static bool test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct lsa_String names[2]; uint32_t rid; struct policy_handle group_handle; + struct samr_Ids rids, types; names[0].string = groupname; r1.in.domain_handle = domain_handle; r1.in.num_names = 1; r1.in.names = names; + r1.out.rids = &rids; + r1.out.types = &types; printf("group account lookup '%s'\n", groupname); @@ -57,7 +60,7 @@ static bool test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return false; } - rid = r1.out.rids.ids[0]; + rid = r1.out.rids->ids[0]; r2.in.domain_handle = domain_handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; diff --git a/source4/torture/libnet/libnet_user.c b/source4/torture/libnet/libnet_user.c index 6d3e682976..98116d50f0 100644 --- a/source4/torture/libnet/libnet_user.c +++ b/source4/torture/libnet/libnet_user.c @@ -40,12 +40,15 @@ static bool test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct lsa_String names[2]; uint32_t rid; struct policy_handle user_handle; + struct samr_Ids rids, types; names[0].string = username; r1.in.domain_handle = domain_handle; r1.in.num_names = 1; r1.in.names = names; + r1.out.rids = &rids; + r1.out.types = &types; printf("user account lookup '%s'\n", username); @@ -55,7 +58,7 @@ static bool test_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return false; } - rid = r1.out.rids.ids[0]; + rid = r1.out.rids->ids[0]; r2.in.domain_handle = domain_handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; diff --git a/source4/torture/libnet/utils.c b/source4/torture/libnet/utils.c index 54c5f2c29c..67ee056dbe 100644 --- a/source4/torture/libnet/utils.c +++ b/source4/torture/libnet/utils.c @@ -84,19 +84,22 @@ bool test_user_cleanup(struct torture_context *tctx, struct dcerpc_pipe *p, struct lsa_String names[2]; uint32_t rid; struct policy_handle user_handle; + struct samr_Ids rids, types; names[0].string = name; r1.in.domain_handle = domain_handle; r1.in.num_names = 1; r1.in.names = names; + r1.out.rids = &rids; + r1.out.types = &types; torture_comment(tctx, "user account lookup '%s'\n", name); status = dcerpc_samr_LookupNames(p, mem_ctx, &r1); torture_assert_ntstatus_ok(tctx, status, "LookupNames failed"); - rid = r1.out.rids.ids[0]; + rid = r1.out.rids->ids[0]; r2.in.domain_handle = domain_handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; @@ -174,12 +177,15 @@ bool test_group_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct lsa_String names[2]; uint32_t rid; struct policy_handle group_handle; + struct samr_Ids rids, types; names[0].string = name; r1.in.domain_handle = domain_handle; r1.in.num_names = 1; r1.in.names = names; + r1.out.rids = &rids; + r1.out.types = &types; printf("group account lookup '%s'\n", name); @@ -189,7 +195,7 @@ bool test_group_cleanup(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return false; } - rid = r1.out.rids.ids[0]; + rid = r1.out.rids->ids[0]; r2.in.domain_handle = domain_handle; r2.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index c2b849127f..80db2dcf07 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -477,10 +477,13 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { struct samr_LookupNames ln; struct samr_OpenUser ou; + struct samr_Ids rids, types; ln.in.domain_handle = &domain_handle; ln.in.num_names = 1; ln.in.names = &user_name; + ln.out.rids = &rids; + ln.out.types = &types; status = dcerpc_samr_LookupNames(samr_pipe, mem_ctx, &ln); if (!NT_STATUS_IS_OK(status)) { @@ -491,7 +494,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, ou.in.domain_handle = &domain_handle; ou.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - user_rid = ou.in.rid = ln.out.rids.ids[0]; + user_rid = ou.in.rid = ln.out.rids->ids[0]; ou.out.user_handle = user_handle; status = dcerpc_samr_OpenUser(samr_pipe, mem_ctx, &ou); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 810f37ccb8..fbdcd73881 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -967,15 +967,18 @@ static NTSTATUS test_LookupName(struct dcerpc_pipe *p, struct torture_context *t NTSTATUS status; struct samr_LookupNames n; struct lsa_String sname[2]; + struct samr_Ids rids, types; init_lsa_String(&sname[0], name); n.in.domain_handle = domain_handle; n.in.num_names = 1; n.in.names = sname; + n.out.rids = &rids; + n.out.types = &types; status = dcerpc_samr_LookupNames(p, tctx, &n); if (NT_STATUS_IS_OK(status)) { - *rid = n.out.rids.ids[0]; + *rid = n.out.rids->ids[0]; } else { return status; } @@ -2620,11 +2623,14 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct samr_QueryUserInfo q; struct samr_LookupNames n; struct policy_handle user_handle; + struct samr_Ids rids, types; n.in.domain_handle = domain_handle; n.in.num_names = 1; n.in.names = talloc_array(mem_ctx, struct lsa_String, 1); n.in.names[0].string = acct_name; + n.out.rids = &rids; + n.out.types = &types; status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (!NT_STATUS_IS_OK(status)) { @@ -2634,12 +2640,12 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.domain_handle = domain_handle; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r.in.rid = n.out.rids.ids[0]; + r.in.rid = n.out.rids->ids[0]; r.out.user_handle = &user_handle; status = dcerpc_samr_OpenUser(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { - printf("OpenUser(%u) failed - %s\n", n.out.rids.ids[0], nt_errstr(status)); + printf("OpenUser(%u) failed - %s\n", n.out.rids->ids[0], nt_errstr(status)); return false; } @@ -3304,7 +3310,7 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * struct samr_LookupNames n; struct samr_LookupRids lr ; struct lsa_Strings names; - struct samr_Ids types; + struct samr_Ids rids, types; uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST, ACB_DISABLED, ACB_NORMAL | ACB_DISABLED, @@ -3348,6 +3354,8 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * n.in.domain_handle = handle; n.in.num_names = r.out.sam->count; n.in.names = talloc_array(tctx, struct lsa_String, r.out.sam->count); + n.out.rids = &rids; + n.out.types = &types; for (i=0;icount;i++) { n.in.names[i].string = r.out.sam->entries[i].name.string; } diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index d013340528..28ce18dfca 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -59,6 +59,7 @@ static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle user_handle; uint32_t rid; struct samr_LookupNames n; + struct samr_Ids rids, types; struct lsa_String sname; struct samr_OpenUser r; @@ -67,10 +68,12 @@ static NTSTATUS DeleteUser_byname(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, n.in.domain_handle = handle; n.in.num_names = 1; n.in.names = &sname; + n.out.rids = &rids; + n.out.types = &types; status = dcerpc_samr_LookupNames(p, mem_ctx, &n); if (NT_STATUS_IS_OK(status)) { - rid = n.out.rids.ids[0]; + rid = n.out.rids->ids[0]; } else { return status; } -- cgit From bb1d7684d2d2b0ebf11acb267de1885f79d05a5e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Nov 2008 02:42:45 +0100 Subject: s4-samr: merge samr_LookupDomain from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/libnet/libnet_domain.c | 7 +++++-- source4/libnet/libnet_join.c | 4 +++- source4/libnet/libnet_passwd.c | 4 +++- source4/rpc_server/samr/dcesrv_samr.c | 4 ++-- source4/torture/libnet/libnet_domain.c | 6 ++++-- source4/torture/libnet/libnet_group.c | 4 +++- source4/torture/libnet/libnet_user.c | 4 +++- source4/torture/libnet/utils.c | 8 +++++--- source4/torture/rpc/samba3rpc.c | 10 ++++++---- source4/torture/rpc/samr.c | 4 +++- source4/torture/rpc/samr_accessmask.c | 6 +++++- source4/torture/rpc/samsync.c | 8 +++++--- source4/torture/rpc/testjoin.c | 8 +++++--- 14 files changed, 53 insertions(+), 26 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index b2c9103d97..3ad4cd602f 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -266,7 +266,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_LookupDomain ( [in,ref] policy_handle *connect_handle, [in,ref] lsa_String *domain_name, - [out,unique] dom_sid2 *sid + [out,ref] dom_sid2 **sid ); diff --git a/source4/libnet/libnet_domain.c b/source4/libnet/libnet_domain.c index ccdfdaf134..adb826a2d1 100644 --- a/source4/libnet/libnet_domain.c +++ b/source4/libnet/libnet_domain.c @@ -40,6 +40,7 @@ struct domain_open_samr_state { uint32_t access_mask; struct policy_handle connect_handle; struct policy_handle domain_handle; + struct dom_sid2 *domain_sid; /* information about the progress */ void (*monitor_fn)(struct monitor_msg*); @@ -159,6 +160,8 @@ static void continue_domain_open_connect(struct rpc_request *req) /* prepare for samr_LookupDomain call */ r->in.connect_handle = &s->connect_handle; r->in.domain_name = &s->domain_name; + r->out.sid = talloc(s, struct dom_sid2 *); + if (composite_nomem(r->out.sid, c)) return; lookup_req = dcerpc_samr_LookupDomain_send(s->pipe, c, r); if (composite_nomem(lookup_req, c)) return; @@ -209,7 +212,7 @@ static void continue_domain_open_lookup(struct rpc_request *req) /* prepare for samr_OpenDomain call */ r->in.connect_handle = &s->connect_handle; r->in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r->in.sid = s->lookup.out.sid; + r->in.sid = *s->lookup.out.sid; r->out.domain_handle = &s->domain_handle; opendom_req = dcerpc_samr_OpenDomain_send(s->pipe, c, r); @@ -361,7 +364,7 @@ NTSTATUS libnet_DomainOpenSamr_recv(struct composite_context *c, struct libnet_c libnet functions */ ctx->samr.connect_handle = s->connect_handle; ctx->samr.handle = s->domain_handle; - ctx->samr.sid = talloc_steal(ctx, s->lookup.out.sid); + ctx->samr.sid = talloc_steal(ctx, *s->lookup.out.sid); ctx->samr.name = talloc_steal(ctx, s->domain_name.string); ctx->samr.access_mask = s->access_mask; } diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index e6664b2463..b813bba3ea 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -561,9 +561,11 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru if (!connect_with_info->out.domain_sid) { struct lsa_String name; struct samr_LookupDomain l; + struct dom_sid2 *sid = NULL; name.string = connect_with_info->out.domain_name; l.in.connect_handle = &p_handle; l.in.domain_name = &name; + l.out.sid = &sid; status = dcerpc_samr_LookupDomain(samr_pipe, tmp_ctx, &l); if (!NT_STATUS_IS_OK(status)) { @@ -573,7 +575,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru talloc_free(tmp_ctx); return status; } - connect_with_info->out.domain_sid = l.out.sid; + connect_with_info->out.domain_sid = *l.out.sid; } /* prepare samr_OpenDomain */ diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index d1e6fe79f4..976606e72c 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -531,6 +531,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * struct samr_Connect sc; struct policy_handle p_handle; struct samr_LookupDomain ld; + struct dom_sid2 *sid = NULL; struct lsa_String d_name; struct samr_OpenDomain od; struct policy_handle d_handle; @@ -573,6 +574,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * d_name.string = r->samr.in.domain_name; ld.in.connect_handle = &p_handle; ld.in.domain_name = &d_name; + ld.out.sid = &sid; /* 3. do a samr_LookupDomain to get the domain sid */ status = dcerpc_samr_LookupDomain(c.out.dcerpc_pipe, mem_ctx, &ld); @@ -587,7 +589,7 @@ static NTSTATUS libnet_SetPassword_samr(struct libnet_context *ctx, TALLOC_CTX * ZERO_STRUCT(d_handle); od.in.connect_handle = &p_handle; od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - od.in.sid = ld.out.sid; + od.in.sid = *ld.out.sid; od.out.domain_handle = &d_handle; /* 4. do a samr_OpenDomain to get a domain handle */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index a8d161a577..106767c8ae 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -277,7 +277,7 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL int ret; struct ldb_dn *partitions_basedn; - r->out.sid = NULL; + *r->out.sid = NULL; DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT); @@ -319,7 +319,7 @@ static NTSTATUS dcesrv_samr_LookupDomain(struct dcesrv_call_state *dce_call, TAL return NT_STATUS_NO_SUCH_DOMAIN; } - r->out.sid = sid; + *r->out.sid = sid; return NT_STATUS_OK; } diff --git a/source4/torture/libnet/libnet_domain.c b/source4/torture/libnet/libnet_domain.c index 7d5be368c2..3c28d1a019 100644 --- a/source4/torture/libnet/libnet_domain.c +++ b/source4/torture/libnet/libnet_domain.c @@ -35,12 +35,13 @@ static bool test_opendomain_samr(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct lsa_String *domname, - uint32_t *access_mask, struct dom_sid **sid) + uint32_t *access_mask, struct dom_sid **sid_p) { NTSTATUS status; struct policy_handle h, domain_handle; struct samr_Connect r1; struct samr_LookupDomain r2; + struct dom_sid2 *sid = NULL; struct samr_OpenDomain r3; printf("connecting\n"); @@ -59,6 +60,7 @@ static bool test_opendomain_samr(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r2.in.connect_handle = &h; r2.in.domain_name = domname; + r2.out.sid = &sid; printf("domain lookup on %s\n", domname->string); @@ -70,7 +72,7 @@ static bool test_opendomain_samr(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r3.in.connect_handle = &h; r3.in.access_mask = *access_mask; - r3.in.sid = *sid = r2.out.sid; + r3.in.sid = *sid_p = *r2.out.sid; r3.out.domain_handle = &domain_handle; printf("opening domain\n"); diff --git a/source4/torture/libnet/libnet_group.c b/source4/torture/libnet/libnet_group.c index 74da6162c6..9c9ecfd525 100644 --- a/source4/torture/libnet/libnet_group.c +++ b/source4/torture/libnet/libnet_group.c @@ -142,6 +142,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle h, domain_handle; struct samr_Connect r1; struct samr_LookupDomain r2; + struct dom_sid2 *sid = NULL; struct samr_OpenDomain r3; printf("connecting\n"); @@ -158,6 +159,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r2.in.connect_handle = &h; r2.in.domain_name = domname; + r2.out.sid = &sid; printf("domain lookup on %s\n", domname->string); @@ -169,7 +171,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r3.in.connect_handle = &h; r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r3.in.sid = r2.out.sid; + r3.in.sid = *r2.out.sid; r3.out.domain_handle = &domain_handle; printf("opening domain\n"); diff --git a/source4/torture/libnet/libnet_user.c b/source4/torture/libnet/libnet_user.c index 98116d50f0..18007dccad 100644 --- a/source4/torture/libnet/libnet_user.c +++ b/source4/torture/libnet/libnet_user.c @@ -95,6 +95,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle h, domain_handle; struct samr_Connect r1; struct samr_LookupDomain r2; + struct dom_sid2 *sid = NULL; struct samr_OpenDomain r3; printf("connecting\n"); @@ -111,6 +112,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r2.in.connect_handle = &h; r2.in.domain_name = domname; + r2.out.sid = &sid; printf("domain lookup on %s\n", domname->string); @@ -122,7 +124,7 @@ static bool test_opendomain(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r3.in.connect_handle = &h; r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r3.in.sid = r2.out.sid; + r3.in.sid = *r2.out.sid; r3.out.domain_handle = &domain_handle; printf("opening domain\n"); diff --git a/source4/torture/libnet/utils.c b/source4/torture/libnet/utils.c index 67ee056dbe..942540c80e 100644 --- a/source4/torture/libnet/utils.c +++ b/source4/torture/libnet/utils.c @@ -32,12 +32,13 @@ bool test_opendomain(struct torture_context *tctx, struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, struct policy_handle *handle, struct lsa_String *domname, - struct dom_sid2 *sid) + struct dom_sid2 *sid_p) { NTSTATUS status; struct policy_handle h, domain_handle; struct samr_Connect r1; struct samr_LookupDomain r2; + struct dom_sid2 *sid = NULL; struct samr_OpenDomain r3; torture_comment(tctx, "connecting\n"); @@ -51,6 +52,7 @@ bool test_opendomain(struct torture_context *tctx, r2.in.connect_handle = &h; r2.in.domain_name = domname; + r2.out.sid = &sid; torture_comment(tctx, "domain lookup on %s\n", domname->string); @@ -59,7 +61,7 @@ bool test_opendomain(struct torture_context *tctx, r3.in.connect_handle = &h; r3.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - r3.in.sid = r2.out.sid; + r3.in.sid = *r2.out.sid; r3.out.domain_handle = &domain_handle; torture_comment(tctx, "opening domain\n"); @@ -68,7 +70,7 @@ bool test_opendomain(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "OpenDomain failed"); *handle = domain_handle; - *sid = *r2.out.sid; + *sid_p = **r2.out.sid; return true; } diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 80db2dcf07..bf61054b54 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -355,7 +355,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, char **domain, struct dcerpc_pipe **result_pipe, struct policy_handle **result_handle, - struct dom_sid **sid) + struct dom_sid **sid_p) { struct dcerpc_pipe *samr_pipe; NTSTATUS status; @@ -366,6 +366,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, struct samr_EnumDomains enumdom; uint32_t resume_handle = 0; struct samr_LookupDomain l; + struct dom_sid2 *sid = NULL; int dom_idx; struct lsa_String domain_name; struct lsa_String user_name; @@ -444,6 +445,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, domain_name.string = enumdom.out.sam->entries[dom_idx].name.string; *domain = talloc_strdup(mem_ctx, domain_name.string); l.in.domain_name = &domain_name; + l.out.sid = &sid; status = dcerpc_samr_LookupDomain(samr_pipe, mem_ctx, &l); if (!NT_STATUS_IS_OK(status)) { @@ -453,7 +455,7 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, o.in.connect_handle = &conn_handle; o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - o.in.sid = l.out.sid; + o.in.sid = *l.out.sid; o.out.domain_handle = &domain_handle; status = dcerpc_samr_OpenDomain(samr_pipe, mem_ctx, &o); @@ -512,8 +514,8 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, *result_pipe = samr_pipe; *result_handle = user_handle; - if (sid != NULL) { - *sid = dom_sid_add_rid(mem_ctx, l.out.sid, user_rid); + if (sid_p != NULL) { + *sid_p = dom_sid_add_rid(mem_ctx, *l.out.sid, user_rid); } return NT_STATUS_OK; diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index fbdcd73881..874eba74d1 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4538,6 +4538,7 @@ static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tct { NTSTATUS status; struct samr_LookupDomain r; + struct dom_sid2 *sid = NULL; struct lsa_String n1; struct lsa_String n2; bool ret = true; @@ -4547,6 +4548,7 @@ static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tct /* check for correct error codes */ r.in.connect_handle = handle; r.in.domain_name = &n2; + r.out.sid = &sid; n2.string = NULL; status = dcerpc_samr_LookupDomain(p, tctx, &r); @@ -4569,7 +4571,7 @@ static bool test_LookupDomain(struct dcerpc_pipe *p, struct torture_context *tct ret = false; } - if (!test_OpenDomain(p, tctx, handle, r.out.sid, which_ops)) { + if (!test_OpenDomain(p, tctx, handle, *r.out.sid, which_ops)) { ret = false; } diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c index eb19c0caa4..6b60b8314f 100644 --- a/source4/torture/rpc/samr_accessmask.c +++ b/source4/torture/rpc/samr_accessmask.c @@ -390,6 +390,7 @@ static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx, { NTSTATUS status; struct samr_LookupDomain ld; + struct dom_sid2 *sid = NULL; struct policy_handle ch; struct lsa_String dn; int i; @@ -415,6 +416,7 @@ static bool test_samr_accessmask_LookupDomain(struct torture_context *tctx, ld.in.connect_handle = &ch; ld.in.domain_name = &dn; + ld.out.sid = &sid; dn.string = lp_workgroup(tctx->lp_ctx); status = dcerpc_samr_LookupDomain(p, tctx, &ld); @@ -474,6 +476,7 @@ static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx, { NTSTATUS status; struct samr_LookupDomain ld; + struct dom_sid2 *sid = NULL; struct samr_OpenDomain od; struct policy_handle ch; struct policy_handle dh; @@ -491,6 +494,7 @@ static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx, ld.in.connect_handle = &ch; ld.in.domain_name = &dn; + ld.out.sid = &sid; dn.string = lp_workgroup(tctx->lp_ctx); status = dcerpc_samr_LookupDomain(p, tctx, &ld); if (!NT_STATUS_IS_OK(status)) { @@ -520,7 +524,7 @@ static bool test_samr_accessmask_OpenDomain(struct torture_context *tctx, od.in.connect_handle = &ch; od.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - od.in.sid = ld.out.sid; + od.in.sid = *ld.out.sid; od.out.domain_handle = &dh; status = dcerpc_samr_OpenDomain(p, tctx, &od); diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index ba5b9f78d7..64612e21e4 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -151,17 +151,19 @@ struct samsync_trusted_domain { static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, struct samsync_state *samsync_state, const char *domain, - struct dom_sid **sid) + struct dom_sid **sid_p) { struct lsa_String name; struct samr_OpenDomain o; struct samr_LookupDomain l; + struct dom_sid2 *sid = NULL; struct policy_handle *domain_handle = talloc(mem_ctx, struct policy_handle); NTSTATUS nt_status; name.string = domain; l.in.connect_handle = samsync_state->connect_handle; l.in.domain_name = &name; + l.out.sid = &sid; nt_status = dcerpc_samr_LookupDomain(samsync_state->p_samr, mem_ctx, &l); if (!NT_STATUS_IS_OK(nt_status)) { @@ -171,11 +173,11 @@ static struct policy_handle *samsync_open_domain(TALLOC_CTX *mem_ctx, o.in.connect_handle = samsync_state->connect_handle; o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - o.in.sid = l.out.sid; + o.in.sid = *l.out.sid; o.out.domain_handle = domain_handle; if (sid) { - *sid = l.out.sid; + *sid_p = *l.out.sid; } nt_status = dcerpc_samr_OpenDomain(samsync_state->p_samr, mem_ctx, &o); diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 28ce18dfca..3b56d5b0ad 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -116,6 +116,7 @@ struct test_join *torture_create_testuser(struct torture_context *torture, struct samr_CreateUser2 r; struct samr_OpenDomain o; struct samr_LookupDomain l; + struct dom_sid2 *sid = NULL; struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; struct samr_SetUserInfo s; @@ -176,6 +177,7 @@ struct test_join *torture_create_testuser(struct torture_context *torture, name.string = domain; l.in.connect_handle = &handle; l.in.domain_name = &name; + l.out.sid = &sid; status = dcerpc_samr_LookupDomain(join->p, join, &l); if (!NT_STATUS_IS_OK(status)) { @@ -183,14 +185,14 @@ struct test_join *torture_create_testuser(struct torture_context *torture, goto failed; } - talloc_steal(join, l.out.sid); - join->dom_sid = l.out.sid; + talloc_steal(join, *l.out.sid); + join->dom_sid = *l.out.sid; join->dom_netbios_name = talloc_strdup(join, domain); if (!join->dom_netbios_name) goto failed; o.in.connect_handle = &handle; o.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; - o.in.sid = l.out.sid; + o.in.sid = *l.out.sid; o.out.domain_handle = &domain_handle; status = dcerpc_samr_OpenDomain(join->p, join, &o); -- cgit From d4d9a73ad1e5561a7a19e0c226936d1b21de60cb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Nov 2008 02:57:58 +0100 Subject: s4-samr: merge samr_EnumDomains from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +++--- source4/libnet/libnet_domain.c | 14 +++++++++----- source4/rpc_server/samr/dcesrv_samr.c | 10 +++++----- source4/torture/rpc/samba3rpc.c | 12 ++++++++---- source4/torture/rpc/samr.c | 10 +++++++--- source4/torture/rpc/samr_accessmask.c | 6 ++++++ 6 files changed, 38 insertions(+), 20 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 3ad4cd602f..23fce8dfd9 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -284,11 +284,11 @@ import "misc.idl", "lsa.idl", "security.idl"; } samr_SamArray; NTSTATUS samr_EnumDomains ( - [in,ref] policy_handle *connect_handle, + [in] policy_handle *connect_handle, [in,out,ref] uint32 *resume_handle, + [out,ref] samr_SamArray **sam, [in] uint32 buf_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); diff --git a/source4/libnet/libnet_domain.c b/source4/libnet/libnet_domain.c index adb826a2d1..eb6920d88e 100644 --- a/source4/libnet/libnet_domain.c +++ b/source4/libnet/libnet_domain.c @@ -1001,6 +1001,10 @@ static void continue_samr_connect(struct rpc_request *req) s->enumdom.in.resume_handle = &s->resume_handle; s->enumdom.in.buf_size = s->buf_size; s->enumdom.out.resume_handle = &s->resume_handle; + s->enumdom.out.num_entries = talloc(s, uint32_t); + if (composite_nomem(s->enumdom.out.num_entries, c)) return; + s->enumdom.out.sam = talloc(s, struct samr_SamArray *); + if (composite_nomem(s->enumdom.out.sam, c)) return; enumdom_req = dcerpc_samr_EnumDomains_send(s->ctx->samr.pipe, c, &s->enumdom); if (composite_nomem(enumdom_req, c)) return; @@ -1116,16 +1120,16 @@ static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_lis /* prepare domains array */ if (s->domains == NULL) { s->domains = talloc_array(mem_ctx, struct domainlist, - s->enumdom.out.num_entries); + *s->enumdom.out.num_entries); } else { s->domains = talloc_realloc(mem_ctx, s->domains, struct domainlist, - s->count + s->enumdom.out.num_entries); + s->count + *s->enumdom.out.num_entries); } /* copy domain names returned from samr_EnumDomains call */ - for (i = s->count; i < s->count + s->enumdom.out.num_entries; i++) + for (i = s->count; i < s->count + *s->enumdom.out.num_entries; i++) { - struct lsa_String *domain_name = &s->enumdom.out.sam->entries[i - s->count].name; + struct lsa_String *domain_name = &(*s->enumdom.out.sam)->entries[i - s->count].name; /* strdup name as a child of allocated array to make it follow the array in case of talloc_steal or talloc_free */ @@ -1134,7 +1138,7 @@ static struct domainlist* get_domain_list(TALLOC_CTX *mem_ctx, struct domain_lis } /* number of entries returned (domains enumerated) */ - s->count += s->enumdom.out.num_entries; + s->count += *s->enumdom.out.num_entries; return s->domains; } diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 106767c8ae..c91e66a55b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -344,8 +344,8 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL struct ldb_dn *partitions_basedn; *r->out.resume_handle = 0; - r->out.sam = NULL; - r->out.num_entries = 0; + *r->out.sam = NULL; + *r->out.num_entries = 0; DCESRV_PULL_HANDLE(h, r->in.connect_handle, SAMR_HANDLE_CONNECT); @@ -401,9 +401,9 @@ static NTSTATUS dcesrv_samr_EnumDomains(struct dcesrv_call_state *dce_call, TALL } } - r->out.sam = array; - r->out.num_entries = i; - array->count = r->out.num_entries; + *r->out.sam = array; + *r->out.num_entries = i; + array->count = *r->out.num_entries; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index bf61054b54..3b26799021 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -365,6 +365,8 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, struct samr_Connect2 conn; struct samr_EnumDomains enumdom; uint32_t resume_handle = 0; + uint32_t num_entries = 0; + struct samr_SamArray *sam = NULL; struct samr_LookupDomain l; struct dom_sid2 *sid = NULL; int dom_idx; @@ -424,6 +426,8 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, enumdom.in.resume_handle = &resume_handle; enumdom.in.buf_size = (uint32_t)-1; enumdom.out.resume_handle = &resume_handle; + enumdom.out.num_entries = &num_entries; + enumdom.out.sam = &sam; status = dcerpc_samr_EnumDomains(samr_pipe, mem_ctx, &enumdom); if (!NT_STATUS_IS_OK(status)) { @@ -431,18 +435,18 @@ static NTSTATUS get_usr_handle(struct smbcli_state *cli, goto fail; } - if (enumdom.out.num_entries != 2) { + if (*enumdom.out.num_entries != 2) { d_printf("samr_EnumDomains returned %d entries, expected 2\n", - enumdom.out.num_entries); + *enumdom.out.num_entries); status = NT_STATUS_UNSUCCESSFUL; goto fail; } - dom_idx = strequal(enumdom.out.sam->entries[0].name.string, + dom_idx = strequal(sam->entries[0].name.string, "builtin") ? 1:0; l.in.connect_handle = &conn_handle; - domain_name.string = enumdom.out.sam->entries[dom_idx].name.string; + domain_name.string = sam->entries[dom_idx].name.string; *domain = talloc_strdup(mem_ctx, domain_name.string); l.in.domain_name = &domain_name; l.out.sid = &sid; diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 874eba74d1..66b3dec618 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -4585,6 +4585,8 @@ static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx NTSTATUS status; struct samr_EnumDomains r; uint32_t resume_handle = 0; + uint32_t num_entries = 0; + struct samr_SamArray *sam = NULL; int i; bool ret = true; @@ -4592,17 +4594,19 @@ static bool test_EnumDomains(struct dcerpc_pipe *p, struct torture_context *tctx r.in.resume_handle = &resume_handle; r.in.buf_size = (uint32_t)-1; r.out.resume_handle = &resume_handle; + r.out.num_entries = &num_entries; + r.out.sam = &sam; status = dcerpc_samr_EnumDomains(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "EnumDomains"); - if (!r.out.sam) { + if (!*r.out.sam) { return false; } - for (i=0;icount;i++) { + for (i=0;icount;i++) { if (!test_LookupDomain(p, tctx, handle, - r.out.sam->entries[i].name.string, which_ops)) { + sam->entries[i].name.string, which_ops)) { ret = false; } } diff --git a/source4/torture/rpc/samr_accessmask.c b/source4/torture/rpc/samr_accessmask.c index 6b60b8314f..9a8e442019 100644 --- a/source4/torture/rpc/samr_accessmask.c +++ b/source4/torture/rpc/samr_accessmask.c @@ -149,6 +149,8 @@ static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx, int i; uint32_t mask; uint32_t resume_handle = 0; + struct samr_SamArray *sam = NULL; + uint32_t num_entries = 0; printf("testing which bits in Connect5 accessmask allows us to EnumDomains\n"); mask = 1; @@ -172,6 +174,8 @@ static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx, ed.in.resume_handle = &resume_handle; ed.in.buf_size = (uint32_t)-1; ed.out.resume_handle = &resume_handle; + ed.out.num_entries = &num_entries; + ed.out.sam = &sam; status = dcerpc_samr_EnumDomains(p, tctx, &ed); if (!NT_STATUS_IS_OK(status)) { @@ -197,6 +201,8 @@ static bool test_samr_accessmask_EnumDomains(struct torture_context *tctx, ed.in.resume_handle = &resume_handle; ed.in.buf_size = (uint32_t)-1; ed.out.resume_handle = &resume_handle; + ed.out.num_entries = &num_entries; + ed.out.sam = &sam; status = dcerpc_samr_EnumDomains(p, tctx, &ed); if(!NT_STATUS_EQUAL(NT_STATUS_ACCESS_DENIED, status)) { -- cgit From 1ea97d76ede445b32908ab45e6f172108019b5bb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Nov 2008 11:25:01 +0100 Subject: s4-samr: merge samr_EnumDomainUsers from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +++--- source4/libnet/libnet_user.c | 16 ++++++++++++---- source4/rpc_server/samr/dcesrv_samr.c | 23 +++++++++++++---------- source4/torture/rpc/samr.c | 30 +++++++++++++++++------------- 4 files changed, 45 insertions(+), 30 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 23fce8dfd9..55c95a9bdc 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -468,12 +468,12 @@ import "misc.idl", "lsa.idl", "security.idl"; const int SAMR_ENUM_USERS_MULTIPLIER = 54; NTSTATUS samr_EnumDomainUsers( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, [in] samr_AcctFlags acct_flags, + [out,ref] samr_SamArray **sam, [in] uint32 max_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ diff --git a/source4/libnet/libnet_user.c b/source4/libnet/libnet_user.c index c768319452..8606d0856e 100644 --- a/source4/libnet/libnet_user.c +++ b/source4/libnet/libnet_user.c @@ -1032,6 +1032,10 @@ static void continue_domain_queried(struct rpc_request *req) s->user_list.in.resume_handle = &s->resume_index; s->user_list.in.acct_flags = ACB_NORMAL; s->user_list.out.resume_handle = &s->resume_index; + s->user_list.out.num_entries = talloc(s, uint32_t); + if (composite_nomem(s->user_list.out.num_entries, c)) return; + s->user_list.out.sam = talloc(s, struct samr_SamArray *); + if (composite_nomem(s->user_list.out.sam, c)) return; /* send the request */ enum_req = dcerpc_samr_EnumDomainUsers_send(s->ctx->samr.pipe, c, &s->user_list); @@ -1064,6 +1068,10 @@ static void continue_samr_domain_opened(struct composite_context *ctx) s->user_list.in.resume_handle = &s->resume_index; s->user_list.in.acct_flags = ACB_NORMAL; s->user_list.out.resume_handle = &s->resume_index; + s->user_list.out.sam = talloc(s, struct samr_SamArray *); + if (composite_nomem(s->user_list.out.sam, c)) return; + s->user_list.out.num_entries = talloc(s, uint32_t); + if (composite_nomem(s->user_list.out.num_entries, c)) return; /* send the request */ enum_req = dcerpc_samr_EnumDomainUsers_send(s->ctx->samr.pipe, c, &s->user_list); @@ -1102,15 +1110,15 @@ static void continue_users_enumerated(struct rpc_request *req) /* get enumerated accounts counter and resume handle (the latter allows making subsequent call to continue enumeration) */ s->resume_index = *s->user_list.out.resume_handle; - s->count = s->user_list.out.num_entries; + s->count = *s->user_list.out.num_entries; /* prepare returned user accounts array */ - s->users = talloc_array(c, struct userlist, s->user_list.out.sam->count); + s->users = talloc_array(c, struct userlist, (*s->user_list.out.sam)->count); if (composite_nomem(s->users, c)) return; - for (i = 0; i < s->user_list.out.sam->count; i++) { + for (i = 0; i < (*s->user_list.out.sam)->count; i++) { struct dom_sid *user_sid; - struct samr_SamEntry *entry = &s->user_list.out.sam->entries[i]; + struct samr_SamEntry *entry = &(*s->user_list.out.sam)->entries[i]; struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid; /* construct user sid from returned rid and queried domain sid */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index c91e66a55b..f6691a5a6d 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1507,10 +1507,11 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, int ret, num_filtered_entries, i, first; struct samr_SamEntry *entries; const char * const attrs[] = { "objectSid", "sAMAccountName", "userAccountControl", NULL }; + struct samr_SamArray *sam; *r->out.resume_handle = 0; - r->out.sam = NULL; - r->out.num_entries = 0; + *r->out.sam = NULL; + *r->out.num_entries = 0; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -1554,24 +1555,26 @@ static NTSTATUS dcesrv_samr_EnumDomainUsers(struct dcesrv_call_state *dce_call, /* return the rest, limit by max_size. Note that we use the w2k3 element size value of 54 */ - r->out.num_entries = num_filtered_entries - first; - r->out.num_entries = MIN(r->out.num_entries, + *r->out.num_entries = num_filtered_entries - first; + *r->out.num_entries = MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER)); - r->out.sam = talloc(mem_ctx, struct samr_SamArray); - if (!r->out.sam) { + sam = talloc(mem_ctx, struct samr_SamArray); + if (!sam) { return NT_STATUS_NO_MEMORY; } - r->out.sam->entries = entries+first; - r->out.sam->count = r->out.num_entries; + sam->entries = entries+first; + sam->count = *r->out.num_entries; + + *r->out.sam = sam; if (first == num_filtered_entries) { return NT_STATUS_OK; } - if (r->out.num_entries < num_filtered_entries - first) { - *r->out.resume_handle = entries[first+r->out.num_entries-1].idx; + if (*r->out.num_entries < num_filtered_entries - first) { + *r->out.resume_handle = entries[first+*r->out.num_entries-1].idx; return STATUS_MORE_ENTRIES; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 66b3dec618..4eb5b39ce0 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3311,6 +3311,8 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * struct samr_LookupRids lr ; struct lsa_Strings names; struct samr_Ids rids, types; + struct samr_SamArray *sam = NULL; + uint32_t num_entries = 0; uint32_t masks[] = {ACB_NORMAL, ACB_DOMTRUST, ACB_WSTRUST, ACB_DISABLED, ACB_NORMAL | ACB_DISABLED, @@ -3325,6 +3327,8 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * r.in.acct_flags = mask = masks[mask_idx]; r.in.max_size = (uint32_t)-1; r.out.resume_handle = &resume_handle; + r.out.num_entries = &num_entries; + r.out.sam = &sam; status = dcerpc_samr_EnumDomainUsers(p, tctx, &r); if (!NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) && @@ -3333,18 +3337,18 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * return false; } - torture_assert(tctx, r.out.sam, "EnumDomainUsers failed: r.out.sam unexpectedly NULL"); + torture_assert(tctx, sam, "EnumDomainUsers failed: r.out.sam unexpectedly NULL"); - if (r.out.sam->count == 0) { + if (sam->count == 0) { continue; } - for (i=0;icount;i++) { + for (i=0;icount;i++) { if (mask) { - if (!check_mask(p, tctx, handle, r.out.sam->entries[i].idx, mask)) { + if (!check_mask(p, tctx, handle, sam->entries[i].idx, mask)) { ret = false; } - } else if (!test_OpenUser(p, tctx, handle, r.out.sam->entries[i].idx)) { + } else if (!test_OpenUser(p, tctx, handle, sam->entries[i].idx)) { ret = false; } } @@ -3352,12 +3356,12 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * printf("Testing LookupNames\n"); n.in.domain_handle = handle; - n.in.num_names = r.out.sam->count; - n.in.names = talloc_array(tctx, struct lsa_String, r.out.sam->count); + n.in.num_names = sam->count; + n.in.names = talloc_array(tctx, struct lsa_String, sam->count); n.out.rids = &rids; n.out.types = &types; - for (i=0;icount;i++) { - n.in.names[i].string = r.out.sam->entries[i].name.string; + for (i=0;icount;i++) { + n.in.names[i].string = sam->entries[i].name.string; } status = dcerpc_samr_LookupNames(p, tctx, &n); if (!NT_STATUS_IS_OK(status)) { @@ -3368,12 +3372,12 @@ static bool test_EnumDomainUsers(struct dcerpc_pipe *p, struct torture_context * printf("Testing LookupRids\n"); lr.in.domain_handle = handle; - lr.in.num_rids = r.out.sam->count; - lr.in.rids = talloc_array(tctx, uint32_t, r.out.sam->count); + lr.in.num_rids = sam->count; + lr.in.rids = talloc_array(tctx, uint32_t, sam->count); lr.out.names = &names; lr.out.types = &types; - for (i=0;icount;i++) { - lr.in.rids[i] = r.out.sam->entries[i].idx; + for (i=0;icount;i++) { + lr.in.rids[i] = sam->entries[i].idx; } status = dcerpc_samr_LookupRids(p, tctx, &lr); torture_assert_ntstatus_ok(tctx, status, "LookupRids"); -- cgit From 99c2fac6b200b8371033ee3f1ff2d94b53689abc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 7 Nov 2008 14:51:21 +0100 Subject: s4-samr: merge samr_EnumDomainGroups from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 6 +++--- source4/libnet/libnet_group.c | 16 ++++++++++++---- source4/rpc_server/samr/dcesrv_samr.c | 23 +++++++++++++---------- source4/torture/rpc/samr.c | 20 ++++++++++++++------ 4 files changed, 42 insertions(+), 23 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 55c95a9bdc..ba813b730f 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -441,11 +441,11 @@ import "misc.idl", "lsa.idl", "security.idl"; /************************/ /* Function 0x0b */ NTSTATUS samr_EnumDomainGroups( - [in,ref] policy_handle *domain_handle, + [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, + [out,ref] samr_SamArray **sam, [in] uint32 max_size, - [out,unique] samr_SamArray *sam, - [out] uint32 num_entries + [out,ref] uint32 *num_entries ); /************************/ diff --git a/source4/libnet/libnet_group.c b/source4/libnet/libnet_group.c index eded378511..af5fe4d5d3 100644 --- a/source4/libnet/libnet_group.c +++ b/source4/libnet/libnet_group.c @@ -518,6 +518,10 @@ static void continue_domain_queried(struct rpc_request *req) s->group_list.in.max_size = s->page_size; s->group_list.in.resume_handle = &s->resume_index; s->group_list.out.resume_handle = &s->resume_index; + s->group_list.out.num_entries = talloc(s, uint32_t); + if (composite_nomem(s->group_list.out.num_entries, c)) return; + s->group_list.out.sam = talloc(s, struct samr_SamArray *); + if (composite_nomem(s->group_list.out.sam, c)) return; /* send the request */ enum_req = dcerpc_samr_EnumDomainGroups_send(s->ctx->samr.pipe, c, &s->group_list); @@ -549,6 +553,10 @@ static void continue_samr_domain_opened(struct composite_context *ctx) s->group_list.in.max_size = s->page_size; s->group_list.in.resume_handle = &s->resume_index; s->group_list.out.resume_handle = &s->resume_index; + s->group_list.out.num_entries = talloc(s, uint32_t); + if (composite_nomem(s->group_list.out.num_entries, c)) return; + s->group_list.out.sam = talloc(s, struct samr_SamArray *); + if (composite_nomem(s->group_list.out.sam, c)) return; /* send the request */ enum_req = dcerpc_samr_EnumDomainGroups_send(s->ctx->samr.pipe, c, &s->group_list); @@ -587,15 +595,15 @@ static void continue_groups_enumerated(struct rpc_request *req) /* get enumerated accounts counter and resume handle (the latter allows making subsequent call to continue enumeration) */ s->resume_index = *s->group_list.out.resume_handle; - s->count = s->group_list.out.num_entries; + s->count = *s->group_list.out.num_entries; /* prepare returned group accounts array */ - s->groups = talloc_array(c, struct grouplist, s->group_list.out.sam->count); + s->groups = talloc_array(c, struct grouplist, (*s->group_list.out.sam)->count); if (composite_nomem(s->groups, c)) return; - for (i = 0; i < s->group_list.out.sam->count; i++) { + for (i = 0; i < (*s->group_list.out.sam)->count; i++) { struct dom_sid *group_sid; - struct samr_SamEntry *entry = &s->group_list.out.sam->entries[i]; + struct samr_SamEntry *entry = &(*s->group_list.out.sam)->entries[i]; struct dom_sid *domain_sid = (*s->query_domain.out.info)->domain.sid; /* construct group sid from returned rid and queried domain sid */ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index f6691a5a6d..2a3666b09b 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -1150,10 +1150,11 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, int ldb_cnt, count, i, first; struct samr_SamEntry *entries; const char * const attrs[3] = { "objectSid", "sAMAccountName", NULL }; + struct samr_SamArray *sam; *r->out.resume_handle = 0; - r->out.sam = NULL; - r->out.num_entries = 0; + *r->out.sam = NULL; + *r->out.num_entries = 0; DCESRV_PULL_HANDLE(h, r->in.domain_handle, SAMR_HANDLE_DOMAIN); @@ -1204,20 +1205,22 @@ static NTSTATUS dcesrv_samr_EnumDomainGroups(struct dcesrv_call_state *dce_call, /* return the rest, limit by max_size. Note that we use the w2k3 element size value of 54 */ - r->out.num_entries = count - first; - r->out.num_entries = MIN(r->out.num_entries, + *r->out.num_entries = count - first; + *r->out.num_entries = MIN(*r->out.num_entries, 1+(r->in.max_size/SAMR_ENUM_USERS_MULTIPLIER)); - r->out.sam = talloc(mem_ctx, struct samr_SamArray); - if (!r->out.sam) { + sam = talloc(mem_ctx, struct samr_SamArray); + if (!sam) { return NT_STATUS_NO_MEMORY; } - r->out.sam->entries = entries+first; - r->out.sam->count = r->out.num_entries; + sam->entries = entries+first; + sam->count = *r->out.num_entries; + + *r->out.sam = sam; - if (r->out.num_entries < count - first) { - *r->out.resume_handle = entries[first+r->out.num_entries-1].idx; + if (*r->out.num_entries < count - first) { + *r->out.resume_handle = entries[first+*r->out.num_entries-1].idx; return STATUS_MORE_ENTRIES; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 4eb5b39ce0..24d16ceeb3 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -3434,6 +3434,8 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_EnumDomainGroups r; uint32_t resume_handle=0; + struct samr_SamArray *sam = NULL; + uint32_t num_entries = 0; int i; bool ret = true; @@ -3443,6 +3445,8 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.resume_handle = &resume_handle; r.in.max_size = (uint32_t)-1; r.out.resume_handle = &resume_handle; + r.out.num_entries = &num_entries; + r.out.sam = &sam; status = dcerpc_samr_EnumDomainGroups(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3450,12 +3454,12 @@ static bool test_EnumDomainGroups(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, return false; } - if (!r.out.sam) { + if (!sam) { return false; } - for (i=0;icount;i++) { - if (!test_OpenGroup(p, mem_ctx, handle, r.out.sam->entries[i].idx)) { + for (i=0;icount;i++) { + if (!test_OpenGroup(p, mem_ctx, handle, sam->entries[i].idx)) { ret = false; } } @@ -4092,6 +4096,8 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, struct samr_QueryDisplayInfo q2; NTSTATUS status; uint32_t resume_handle=0; + struct samr_SamArray *sam = NULL; + uint32_t num_entries = 0; int i; bool ret = true; uint32_t total_size; @@ -4107,6 +4113,8 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, q1.in.resume_handle = &resume_handle; q1.in.max_size = 5; q1.out.resume_handle = &resume_handle; + q1.out.num_entries = &num_entries; + q1.out.sam = &sam; status = STATUS_MORE_ENTRIES; while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) { @@ -4116,16 +4124,16 @@ static bool test_GroupList(struct dcerpc_pipe *p, struct torture_context *tctx, !NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) break; - for (i=0; ientries[i].name.string, + sam->entries[i].name.string, &names, &num_names); } } torture_assert_ntstatus_ok(tctx, status, "EnumDomainGroups"); - torture_assert(tctx, q1.out.sam, "EnumDomainGroups failed to return q1.out.sam"); + torture_assert(tctx, sam, "EnumDomainGroups failed to return sam"); q2.in.domain_handle = handle; q2.in.level = 5; -- cgit From 0548642e5b0ba8eecf3a742b92e23d1fe9f4e68d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 14:09:06 +0100 Subject: s4-samr: merge samr_QueryAliasInfo from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 2 +- source4/rpc_server/samr/dcesrv_samr.c | 4 ++-- source4/torture/rpc/samr.c | 4 ++++ source4/torture/rpc/samsync.c | 6 ++++-- 4 files changed, 11 insertions(+), 5 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index ba813b730f..d7b9423c15 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -686,7 +686,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryAliasInfo( [in,ref] policy_handle *alias_handle, [in] samr_AliasInfoEnum level, - [out,switch_is(level),unique] samr_AliasInfo *info + [out,ref,switch_is(level)] samr_AliasInfo **info ); /************************/ diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 2a3666b09b..3585c1ac69 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2602,7 +2602,7 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T int ret; union samr_AliasInfo *info; - r->out.info = NULL; + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.alias_handle, SAMR_HANDLE_ALIAS); @@ -2639,7 +2639,7 @@ static NTSTATUS dcesrv_samr_QueryAliasInfo(struct dcesrv_call_state *dce_call, T return NT_STATUS_INVALID_INFO_CLASS; } - r->out.info = info; + *r->out.info = info; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 24d16ceeb3..493f3bef3e 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -845,6 +845,7 @@ static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tct NTSTATUS status; struct samr_SetAliasInfo r; struct samr_QueryAliasInfo q; + union samr_AliasInfo *info; uint16_t levels[] = {2, 3}; int i; bool ret = true; @@ -875,6 +876,7 @@ static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tct q.in.alias_handle = handle; q.in.level = levels[i]; + q.out.info = &info; status = dcerpc_samr_QueryAliasInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2936,6 +2938,7 @@ static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryAliasInfo r; + union samr_AliasInfo *info; uint16_t levels[] = {1, 2, 3}; int i; bool ret = true; @@ -2945,6 +2948,7 @@ static bool test_QueryAliasInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.alias_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryAliasInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 64612e21e4..1838e01b7f 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -730,6 +730,7 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams struct samr_OpenAlias r; struct samr_QueryAliasInfo q; + union samr_AliasInfo *info; struct policy_handle alias_handle; if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { @@ -750,6 +751,7 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams q.in.alias_handle = &alias_handle; q.in.level = 1; + q.out.info = &info; TEST_SEC_DESC_EQUAL(alias->sdbuf, samr, &alias_handle); @@ -764,8 +766,8 @@ static bool samsync_handle_alias(TALLOC_CTX *mem_ctx, struct samsync_state *sams return false; } - TEST_STRING_EQUAL(q.out.info->all.name, alias->alias_name); - TEST_STRING_EQUAL(q.out.info->all.description, alias->description); + TEST_STRING_EQUAL(info->all.name, alias->alias_name); + TEST_STRING_EQUAL(info->all.description, alias->description); return ret; } -- cgit From 15e011564ad2c5975aee8066296d6c662be93c26 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 14:15:33 +0100 Subject: s4-samr: merge samr_QueryGroupInfo from s3 idl. (fixme python) Guenther --- librpc/idl/samr.idl | 2 +- source4/libnet/groupinfo.c | 4 +++- source4/rpc_server/samr/dcesrv_samr.c | 4 ++-- source4/torture/rpc/samr.c | 6 +++++- source4/torture/rpc/samsync.c | 8 +++++--- 5 files changed, 16 insertions(+), 8 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index d7b9423c15..7fc3d2d609 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -589,7 +589,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryGroupInfo( [in,ref] policy_handle *group_handle, [in] samr_GroupInfoEnum level, - [out,switch_is(level),unique] samr_GroupInfo *info + [out,ref,switch_is(level)] samr_GroupInfo **info ); /************************/ diff --git a/source4/libnet/groupinfo.c b/source4/libnet/groupinfo.c index 1fb52a27bc..5c94c34b1d 100644 --- a/source4/libnet/groupinfo.c +++ b/source4/libnet/groupinfo.c @@ -152,6 +152,8 @@ static void continue_groupinfo_opengroup(struct rpc_request *req) /* prepare parameters for QueryGroupInfo call */ s->querygroupinfo.in.group_handle = &s->group_handle; s->querygroupinfo.in.level = s->level; + s->querygroupinfo.out.info = talloc(s, union samr_GroupInfo *); + if (composite_nomem(s->querygroupinfo.out.info, c)) return; /* queue rpc call, set event handling and new state */ querygroup_req = dcerpc_samr_QueryGroupInfo_send(s->pipe, c, &s->querygroupinfo); @@ -185,7 +187,7 @@ static void continue_groupinfo_getgroup(struct rpc_request *req) return; } - s->info = talloc_steal(s, s->querygroupinfo.out.info); + s->info = talloc_steal(s, *s->querygroupinfo.out.info); /* issue a monitor message */ if (s->monitor_fn) { diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 3585c1ac69..53e4c28f8d 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -2129,7 +2129,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T int ret; union samr_GroupInfo *info; - r->out.info = NULL; + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.group_handle, SAMR_HANDLE_GROUP); @@ -2185,7 +2185,7 @@ static NTSTATUS dcesrv_samr_QueryGroupInfo(struct dcesrv_call_state *dce_call, T return NT_STATUS_INVALID_INFO_CLASS; } - r->out.info = info; + *r->out.info = info; return NT_STATUS_OK; } diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 493f3bef3e..a733063752 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2966,6 +2966,7 @@ static bool test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryGroupInfo r; + union samr_GroupInfo *info; uint16_t levels[] = {1, 2, 3, 4, 5}; int i; bool ret = true; @@ -2975,6 +2976,7 @@ static bool test_QueryGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.group_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3015,6 +3017,7 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryGroupInfo r; + union samr_GroupInfo *info; struct samr_SetGroupInfo s; uint16_t levels[] = {1, 2, 3, 4}; uint16_t set_ok[] = {0, 1, 1, 1}; @@ -3026,6 +3029,7 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.group_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryGroupInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3038,7 +3042,7 @@ static bool test_SetGroupInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, s.in.group_handle = handle; s.in.level = levels[i]; - s.in.info = r.out.info; + s.in.info = *r.out.info; #if 0 /* disabled this, as it changes the name only from the point of view of samr, diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index 1838e01b7f..f6c9744449 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -781,6 +781,7 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams struct samr_OpenGroup r; struct samr_QueryGroupInfo q; + union samr_GroupInfo *info; struct policy_handle group_handle; if (!samsync_state->domain_name || !samsync_state->domain_handle[database_id]) { @@ -801,6 +802,7 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams q.in.group_handle = &group_handle; q.in.level = 1; + q.out.info = &info; TEST_SEC_DESC_EQUAL(group->sdbuf, samr, &group_handle); @@ -815,9 +817,9 @@ static bool samsync_handle_group(TALLOC_CTX *mem_ctx, struct samsync_state *sams return false; } - TEST_STRING_EQUAL(q.out.info->all.name, group->group_name); - TEST_INT_EQUAL(q.out.info->all.attributes, group->attributes); - TEST_STRING_EQUAL(q.out.info->all.description, group->description); + TEST_STRING_EQUAL(info->all.name, group->group_name); + TEST_INT_EQUAL(info->all.attributes, group->attributes); + TEST_STRING_EQUAL(info->all.description, group->description); return ret; } -- cgit From 09998ab89d5b1675b3ab150b00dfc2f9093b5b26 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 14:42:27 +0100 Subject: s4-samr: merge samr_QueryUserInfo{2} from s3 idl. (fixme: python) Guenther --- librpc/idl/samr.idl | 4 +- source4/libnet/libnet_join.c | 8 +-- source4/libnet/userinfo.c | 4 +- source4/libnet/userman.c | 5 +- source4/rpc_server/samr/dcesrv_samr.c | 8 ++- source4/torture/rpc/samba3rpc.c | 26 +++++---- source4/torture/rpc/samr.c | 99 ++++++++++++++++++++--------------- source4/torture/rpc/samsync.c | 68 ++++++++++++------------ 8 files changed, 126 insertions(+), 96 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 7fc3d2d609..ee179407d4 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -1001,7 +1001,7 @@ import "misc.idl", "lsa.idl", "security.idl"; [public] NTSTATUS samr_QueryUserInfo( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,unique,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo **info ); @@ -1208,7 +1208,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_QueryUserInfo2( [in,ref] policy_handle *user_handle, [in] uint16 level, - [out,unique,switch_is(level)] samr_UserInfo *info + [out,ref,switch_is(level)] samr_UserInfo **info ); /************************/ diff --git a/source4/libnet/libnet_join.c b/source4/libnet/libnet_join.c index b813bba3ea..70fcb4a894 100644 --- a/source4/libnet/libnet_join.c +++ b/source4/libnet/libnet_join.c @@ -449,6 +449,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru struct samr_CreateUser2 cu; struct policy_handle *u_handle = NULL; struct samr_QueryUserInfo qui; + union samr_UserInfo *uinfo; struct samr_UserInfo21 u_info21; union libnet_SetPassword r2; struct samr_GetUserPwInfo pwp; @@ -700,6 +701,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru /* prepare samr_QueryUserInfo (get flags) */ qui.in.user_handle = u_handle; qui.in.level = 16; + qui.out.info = &uinfo; status = dcerpc_samr_QueryUserInfo(samr_pipe, tmp_ctx, &qui); if (!NT_STATUS_IS_OK(status)) { @@ -711,7 +713,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return status; } - if (!qui.out.info) { + if (!uinfo) { status = NT_STATUS_INVALID_PARAMETER; r->out.error_string = talloc_asprintf(mem_ctx, @@ -721,7 +723,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return status; } - old_acct_flags = (qui.out.info->info16.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST | ACB_DOMTRUST)); + old_acct_flags = (uinfo->info16.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST | ACB_DOMTRUST)); /* Possibly bail if the account is of the wrong type */ if (old_acct_flags != r->in.acct_type) { @@ -777,7 +779,7 @@ NTSTATUS libnet_JoinDomain(struct libnet_context *ctx, TALLOC_CTX *mem_ctx, stru return NT_STATUS_USER_EXISTS; } } else { - acct_flags = qui.out.info->info16.acct_flags; + acct_flags = uinfo->info16.acct_flags; } acct_flags = (acct_flags & ~(ACB_DISABLED|ACB_PWNOTREQ)); diff --git a/source4/libnet/userinfo.c b/source4/libnet/userinfo.c index 1579cd9691..710154d41e 100644 --- a/source4/libnet/userinfo.c +++ b/source4/libnet/userinfo.c @@ -151,6 +151,8 @@ static void continue_userinfo_openuser(struct rpc_request *req) /* prepare parameters for QueryUserInfo call */ s->queryuserinfo.in.user_handle = &s->user_handle; s->queryuserinfo.in.level = s->level; + s->queryuserinfo.out.info = talloc(s, union samr_UserInfo *); + if (composite_nomem(s->queryuserinfo.out.info, c)) return; /* queue rpc call, set event handling and new state */ queryuser_req = dcerpc_samr_QueryUserInfo_send(s->pipe, c, &s->queryuserinfo); @@ -184,7 +186,7 @@ static void continue_userinfo_getuser(struct rpc_request *req) return; } - s->info = talloc_steal(s, s->queryuserinfo.out.info); + s->info = talloc_steal(s, *(s->queryuserinfo.out.info)); /* issue a monitor message */ if (s->monitor_fn) { diff --git a/source4/libnet/userman.c b/source4/libnet/userman.c index 53e62c7886..c638d8af32 100644 --- a/source4/libnet/userman.c +++ b/source4/libnet/userman.c @@ -683,6 +683,9 @@ static NTSTATUS usermod_change(struct composite_context *c, if (!do_set) { s->queryuser.in.user_handle = &s->user_handle; s->queryuser.in.level = level; + s->queryuser.out.info = talloc(s, union samr_UserInfo *); + if (composite_nomem(s->queryuser.out.info, c)) return; + /* send query user info request to retrieve complete data of a particular info level */ @@ -755,7 +758,7 @@ static void continue_usermod_user_queried(struct rpc_request *req) /* get returned user data and make a change (potentially one of many) */ - s->info = *s->queryuser.out.info; + s->info = *(*s->queryuser.out.info); usermod_setfields(s, &level, i, true); diff --git a/source4/rpc_server/samr/dcesrv_samr.c b/source4/rpc_server/samr/dcesrv_samr.c index 53e4c28f8d..c093b536da 100644 --- a/source4/rpc_server/samr/dcesrv_samr.c +++ b/source4/rpc_server/samr/dcesrv_samr.c @@ -3019,7 +3019,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA const char * const *attrs = NULL; union samr_UserInfo *info; - r->out.info = NULL; + *r->out.info = NULL; DCESRV_PULL_HANDLE(h, r->in.user_handle, SAMR_HANDLE_USER); @@ -3355,7 +3355,7 @@ static NTSTATUS dcesrv_samr_QueryUserInfo(struct dcesrv_call_state *dce_call, TA return NT_STATUS_INVALID_INFO_CLASS; } - r->out.info = info; + *r->out.info = info; return NT_STATUS_OK; } @@ -4057,13 +4057,11 @@ static NTSTATUS dcesrv_samr_QueryUserInfo2(struct dcesrv_call_state *dce_call, T struct samr_QueryUserInfo r1; NTSTATUS status; - ZERO_STRUCT(r1.out); r1.in.user_handle = r->in.user_handle; r1.in.level = r->in.level; + r1.out.info = r->out.info; status = dcesrv_samr_QueryUserInfo(dce_call, mem_ctx, &r1); - - r->out.info = r1.out.info; return status; } diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 3b26799021..1148262dfe 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -564,6 +564,7 @@ static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, struct samr_SetUserInfo sui; struct samr_QueryUserInfo qui; union samr_UserInfo u_info; + union samr_UserInfo *info; DATA_BLOB session_key; @@ -606,6 +607,7 @@ static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, qui.in.user_handle = wks_handle; qui.in.level = 21; + qui.out.info = &info; status = dcerpc_samr_QueryUserInfo(samr_pipe, tmp_ctx, &qui); if (!NT_STATUS_IS_OK(status)) { @@ -613,14 +615,14 @@ static bool create_user(TALLOC_CTX *mem_ctx, struct smbcli_state *cli, goto done; } - qui.out.info->info21.allow_password_change = 0; - qui.out.info->info21.force_password_change = 0; - qui.out.info->info21.account_name.string = NULL; - qui.out.info->info21.rid = 0; - qui.out.info->info21.acct_expiry = 0; - qui.out.info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */ + info->info21.allow_password_change = 0; + info->info21.force_password_change = 0; + info->info21.account_name.string = NULL; + info->info21.rid = 0; + info->info21.acct_expiry = 0; + info->info21.fields_present = 0x81827fa; /* copy usrmgr.exe */ - u_info.info21 = qui.out.info->info21; + u_info.info21 = info->info21; sui.in.user_handle = wks_handle; sui.in.info = &u_info; sui.in.level = 21; @@ -730,9 +732,11 @@ static bool join3(struct smbcli_state *cli, { struct samr_QueryUserInfo q; + union samr_UserInfo *info; q.in.user_handle = wks_handle; q.in.level = 21; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(samr_pipe, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -741,7 +745,7 @@ static bool join3(struct smbcli_state *cli, goto done; } - last_password_change = q.out.info->info21.last_password_change; + last_password_change = info->info21.last_password_change; } cli_credentials_set_domain(wks_creds, dom_name, CRED_SPECIFIED); @@ -839,9 +843,11 @@ static bool join3(struct smbcli_state *cli, { struct samr_QueryUserInfo q; + union samr_UserInfo *info; q.in.user_handle = wks_handle; q.in.level = 21; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(samr_pipe, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -852,7 +858,7 @@ static bool join3(struct smbcli_state *cli, if (use_level25) { if (last_password_change - == q.out.info->info21.last_password_change) { + == info->info21.last_password_change) { d_printf("(%s) last_password_change unchanged " "during join, level25 must change " "it\n", __location__); @@ -861,7 +867,7 @@ static bool join3(struct smbcli_state *cli, } else { if (last_password_change - != q.out.info->info21.last_password_change) { + != info->info21.last_password_change) { d_printf("(%s) last_password_change changed " "during join, level24 doesn't " "change it\n", __location__); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index a733063752..87690178a7 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -177,6 +177,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx struct samr_QueryUserInfo q; struct samr_QueryUserInfo q0; union samr_UserInfo u; + union samr_UserInfo *info; bool ret = true; const char *test_account_name; @@ -193,7 +194,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx s2.in.info = &u; q.in.user_handle = handle; - q.out.info = &u; + q.out.info = &info; q0 = q; #define TESTCALL(call, r) \ @@ -235,7 +236,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ s2.in.level = lvl1; \ - u = *q.out.info; \ + u = *info; \ if (lvl1 == 21) { \ ZERO_STRUCT(u.info21); \ u.info21.fields_present = fpval; \ @@ -245,11 +246,11 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(SetUserInfo2, s2) \ init_lsa_String(&u.info ## lvl1.field1, ""); \ TESTCALL(QueryUserInfo, q); \ - u = *q.out.info; \ + u = *info; \ STRING_EQUAL(u.info ## lvl1.field1.string, value, field1); \ q.in.level = lvl2; \ TESTCALL(QueryUserInfo, q) \ - u = *q.out.info; \ + u = *info; \ STRING_EQUAL(u.info ## lvl2.field2.string, value, field2); \ } while (0) @@ -259,7 +260,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ s2.in.level = lvl1; \ - u = *q.out.info; \ + u = *info; \ if (lvl1 == 21) { \ ZERO_STRUCT(u.info21); \ u.info21.fields_present = fpval; \ @@ -269,11 +270,11 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(SetUserInfo2, s2) \ init_lsa_BinaryString(&u.info ## lvl1.field1, "", 1); \ TESTCALL(QueryUserInfo, q); \ - u = *q.out.info; \ + u = *info; \ MEM_EQUAL(u.info ## lvl1.field1.array, value, strlen(value), field1); \ q.in.level = lvl2; \ TESTCALL(QueryUserInfo, q) \ - u = *q.out.info; \ + u = *info; \ MEM_EQUAL(u.info ## lvl2.field2.array, value, strlen(value), field2); \ } while (0) @@ -283,7 +284,7 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(QueryUserInfo, q) \ s.in.level = lvl1; \ s2.in.level = lvl1; \ - u = *q.out.info; \ + u = *info; \ if (lvl1 == 21) { \ uint8_t *bits = u.info21.logon_hours.bits; \ ZERO_STRUCT(u.info21); \ @@ -298,11 +299,11 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx TESTCALL(SetUserInfo2, s2) \ u.info ## lvl1.field1 = 0; \ TESTCALL(QueryUserInfo, q); \ - u = *q.out.info; \ + u = *info; \ INT_EQUAL(u.info ## lvl1.field1, exp_value, field1); \ q.in.level = lvl2; \ TESTCALL(QueryUserInfo, q) \ - u = *q.out.info; \ + u = *info; \ INT_EQUAL(u.info ## lvl2.field2, exp_value, field1); \ } while (0) @@ -2142,6 +2143,7 @@ static bool test_user_ops(struct dcerpc_pipe *p, { char *password = NULL; struct samr_QueryUserInfo q; + union samr_UserInfo *info; NTSTATUS status; bool ret = true; @@ -2257,6 +2259,7 @@ static bool test_user_ops(struct dcerpc_pipe *p, q.in.user_handle = user_handle; q.in.level = 5; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2265,15 +2268,15 @@ static bool test_user_ops(struct dcerpc_pipe *p, ret = false; } else { uint32_t expected_flags = (base_acct_flags | ACB_PWNOTREQ | ACB_DISABLED); - if ((q.out.info->info5.acct_flags) != expected_flags) { + if ((info->info5.acct_flags) != expected_flags) { printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n", - q.out.info->info5.acct_flags, + info->info5.acct_flags, expected_flags); ret = false; } - if (q.out.info->info5.rid != rid) { + if (info->info5.rid != rid) { printf("QuerUserInfo level 5 failed, it returned %u when we expected rid of %u\n", - q.out.info->info5.rid, rid); + info->info5.rid, rid); } } @@ -2623,6 +2626,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, NTSTATUS status; struct samr_OpenUser r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct samr_LookupNames n; struct policy_handle user_handle; struct samr_Ids rids, types; @@ -2653,6 +2657,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, q.in.user_handle = &user_handle; q.in.level = 5; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2663,7 +2668,7 @@ static bool test_ChangePassword(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, printf("calling test_ChangePasswordUser3 with too early password change\n"); if (!test_ChangePasswordUser3(p, mem_ctx, acct_name, 0, password, NULL, - q.out.info->info5.last_password_change, true)) { + info->info5.last_password_change, true)) { ret = false; } } @@ -2693,6 +2698,7 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, NTSTATUS status; struct samr_CreateUser r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct samr_DeleteUser d; uint32_t rid; @@ -2740,6 +2746,7 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, } else { q.in.user_handle = &user_handle; q.in.level = 16; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2747,9 +2754,9 @@ static bool test_CreateUser(struct dcerpc_pipe *p, struct torture_context *tctx, q.in.level, nt_errstr(status)); ret = false; } else { - if ((q.out.info->info16.acct_flags & acct_flags) != acct_flags) { + if ((info->info16.acct_flags & acct_flags) != acct_flags) { printf("QuerUserInfo level 16 failed, it returned 0x%08x when we expected flags of 0x%08x\n", - q.out.info->info16.acct_flags, + info->info16.acct_flags, acct_flags); ret = false; } @@ -2791,6 +2798,7 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx NTSTATUS status; struct samr_CreateUser2 r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct samr_DeleteUser d; struct policy_handle user_handle; uint32_t rid; @@ -2869,6 +2877,7 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx if (NT_STATUS_IS_OK(status)) { q.in.user_handle = &user_handle; q.in.level = 5; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, user_ctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -2880,31 +2889,31 @@ static bool test_CreateUser2(struct dcerpc_pipe *p, struct torture_context *tctx if (acct_flags == ACB_NORMAL) { expected_flags |= ACB_PW_EXPIRED; } - if ((q.out.info->info5.acct_flags) != expected_flags) { + if ((info->info5.acct_flags) != expected_flags) { printf("QuerUserInfo level 5 failed, it returned 0x%08x when we expected flags of 0x%08x\n", - q.out.info->info5.acct_flags, + info->info5.acct_flags, expected_flags); ret = false; } switch (acct_flags) { case ACB_SVRTRUST: - if (q.out.info->info5.primary_gid != DOMAIN_RID_DCS) { + if (info->info5.primary_gid != DOMAIN_RID_DCS) { printf("QuerUserInfo level 5: DC should have had Primary Group %d, got %d\n", - DOMAIN_RID_DCS, q.out.info->info5.primary_gid); + DOMAIN_RID_DCS, info->info5.primary_gid); ret = false; } break; case ACB_WSTRUST: - if (q.out.info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) { + if (info->info5.primary_gid != DOMAIN_RID_DOMAIN_MEMBERS) { printf("QuerUserInfo level 5: Domain Member should have had Primary Group %d, got %d\n", - DOMAIN_RID_DOMAIN_MEMBERS, q.out.info->info5.primary_gid); + DOMAIN_RID_DOMAIN_MEMBERS, info->info5.primary_gid); ret = false; } break; case ACB_NORMAL: - if (q.out.info->info5.primary_gid != DOMAIN_RID_USERS) { + if (info->info5.primary_gid != DOMAIN_RID_USERS) { printf("QuerUserInfo level 5: Users should have had Primary Group %d, got %d\n", - DOMAIN_RID_USERS, q.out.info->info5.primary_gid); + DOMAIN_RID_USERS, info->info5.primary_gid); ret = false; } break; @@ -3084,6 +3093,7 @@ static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryUserInfo r; + union samr_UserInfo *info; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 20, 21}; int i; @@ -3094,6 +3104,7 @@ static bool test_QueryUserInfo(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.user_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3111,6 +3122,7 @@ static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct samr_QueryUserInfo2 r; + union samr_UserInfo *info; uint16_t levels[] = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 16, 17, 20, 21}; int i; @@ -3121,6 +3133,7 @@ static bool test_QueryUserInfo2(struct dcerpc_pipe *p, TALLOC_CTX *mem_ctx, r.in.user_handle = handle; r.in.level = levels[i]; + r.out.info = &info; status = dcerpc_samr_QueryUserInfo2(p, mem_ctx, &r); if (!NT_STATUS_IS_OK(status)) { @@ -3268,6 +3281,7 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx, NTSTATUS status; struct samr_OpenUser r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct policy_handle user_handle; bool ret = true; @@ -3286,6 +3300,7 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx, q.in.user_handle = &user_handle; q.in.level = 16; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, tctx, &q); if (!NT_STATUS_IS_OK(status)) { @@ -3293,9 +3308,9 @@ static bool check_mask(struct dcerpc_pipe *p, struct torture_context *tctx, nt_errstr(status)); ret = false; } else { - if ((acct_flag_mask & q.out.info->info16.acct_flags) == 0) { + if ((acct_flag_mask & info->info16.acct_flags) == 0) { printf("Server failed to filter for 0x%x, allowed 0x%x (%d) on EnumDomainUsers\n", - acct_flag_mask, q.out.info->info16.acct_flags, rid); + acct_flag_mask, info->info16.acct_flags, rid); ret = false; } } @@ -3625,6 +3640,7 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct { struct samr_OpenUser r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct policy_handle user_handle; int i, ret = true; NTSTATUS status; @@ -3666,6 +3682,7 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct q.in.user_handle = &user_handle; q.in.level = 21; + q.out.info = &info; status = dcerpc_samr_QueryUserInfo(p, mem_ctx, &q); if (!NT_STATUS_IS_OK(status)) { printf("QueryUserInfo(%u) failed - %s\n", r.in.rid, nt_errstr(status)); @@ -3674,41 +3691,41 @@ static bool test_each_DisplayInfo_user(struct dcerpc_pipe *p, TALLOC_CTX *mem_ct switch (querydisplayinfo->in.level) { case 1: - if (seen_testuser && strcmp(q.out.info->info21.account_name.string, TEST_ACCOUNT_NAME) == 0) { + if (seen_testuser && strcmp(info->info21.account_name.string, TEST_ACCOUNT_NAME) == 0) { *seen_testuser = true; } STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].full_name, - q.out.info->info21.full_name, q.out.info->info21.account_name); + info->info21.full_name, info->info21.account_name); STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].account_name, - q.out.info->info21.account_name, q.out.info->info21.account_name); + info->info21.account_name, info->info21.account_name); STRING_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].description, - q.out.info->info21.description, q.out.info->info21.account_name); + info->info21.description, info->info21.account_name); INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].rid, - q.out.info->info21.rid, q.out.info->info21.account_name); + info->info21.rid, info->info21.account_name); INT_EQUAL_QUERY(querydisplayinfo->out.info->info1.entries[i].acct_flags, - q.out.info->info21.acct_flags, q.out.info->info21.account_name); + info->info21.acct_flags, info->info21.account_name); break; case 2: STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].account_name, - q.out.info->info21.account_name, q.out.info->info21.account_name); + info->info21.account_name, info->info21.account_name); STRING_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].description, - q.out.info->info21.description, q.out.info->info21.account_name); + info->info21.description, info->info21.account_name); INT_EQUAL_QUERY(querydisplayinfo->out.info->info2.entries[i].rid, - q.out.info->info21.rid, q.out.info->info21.account_name); + info->info21.rid, info->info21.account_name); INT_EQUAL_QUERY((querydisplayinfo->out.info->info2.entries[i].acct_flags & ~ACB_NORMAL), - q.out.info->info21.acct_flags, q.out.info->info21.account_name); + info->info21.acct_flags, info->info21.account_name); if (!(querydisplayinfo->out.info->info2.entries[i].acct_flags & ACB_NORMAL)) { printf("Missing ACB_NORMAL in querydisplayinfo->out.info.info2.entries[i].acct_flags on %s\n", - q.out.info->info21.account_name.string); + info->info21.account_name.string); } - if (!(q.out.info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) { + if (!(info->info21.acct_flags & (ACB_WSTRUST | ACB_SVRTRUST))) { printf("Found non-trust account %s in trust account listing: 0x%x 0x%x\n", - q.out.info->info21.account_name.string, + info->info21.account_name.string, querydisplayinfo->out.info->info2.entries[i].acct_flags, - q.out.info->info21.acct_flags); + info->info21.acct_flags); return false; } diff --git a/source4/torture/rpc/samsync.c b/source4/torture/rpc/samsync.c index f6c9744449..a3fc6f740f 100644 --- a/source4/torture/rpc/samsync.c +++ b/source4/torture/rpc/samsync.c @@ -441,6 +441,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct struct samr_OpenUser r; struct samr_QueryUserInfo q; + union samr_UserInfo *info; struct policy_handle user_handle; struct samr_GetGroupsForUser getgroups; @@ -464,6 +465,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct q.in.user_handle = &user_handle; q.in.level = 21; + q.out.info = &info; TEST_SEC_DESC_EQUAL(user->sdbuf, samr, &user_handle); @@ -499,67 +501,67 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct return false; } - TEST_STRING_EQUAL(q.out.info->info21.account_name, user->account_name); - TEST_STRING_EQUAL(q.out.info->info21.full_name, user->full_name); - TEST_INT_EQUAL(q.out.info->info21.rid, user->rid); - TEST_INT_EQUAL(q.out.info->info21.primary_gid, user->primary_gid); - TEST_STRING_EQUAL(q.out.info->info21.home_directory, user->home_directory); - TEST_STRING_EQUAL(q.out.info->info21.home_drive, user->home_drive); - TEST_STRING_EQUAL(q.out.info->info21.logon_script, user->logon_script); - TEST_STRING_EQUAL(q.out.info->info21.description, user->description); - TEST_STRING_EQUAL(q.out.info->info21.workstations, user->workstations); + TEST_STRING_EQUAL(info->info21.account_name, user->account_name); + TEST_STRING_EQUAL(info->info21.full_name, user->full_name); + TEST_INT_EQUAL(info->info21.rid, user->rid); + TEST_INT_EQUAL(info->info21.primary_gid, user->primary_gid); + TEST_STRING_EQUAL(info->info21.home_directory, user->home_directory); + TEST_STRING_EQUAL(info->info21.home_drive, user->home_drive); + TEST_STRING_EQUAL(info->info21.logon_script, user->logon_script); + TEST_STRING_EQUAL(info->info21.description, user->description); + TEST_STRING_EQUAL(info->info21.workstations, user->workstations); - TEST_TIME_EQUAL(q.out.info->info21.last_logon, user->last_logon); - TEST_TIME_EQUAL(q.out.info->info21.last_logoff, user->last_logoff); + TEST_TIME_EQUAL(info->info21.last_logon, user->last_logon); + TEST_TIME_EQUAL(info->info21.last_logoff, user->last_logoff); - TEST_INT_EQUAL(q.out.info->info21.logon_hours.units_per_week, + TEST_INT_EQUAL(info->info21.logon_hours.units_per_week, user->logon_hours.units_per_week); if (ret) { - if (memcmp(q.out.info->info21.logon_hours.bits, user->logon_hours.bits, - q.out.info->info21.logon_hours.units_per_week/8) != 0) { + if (memcmp(info->info21.logon_hours.bits, user->logon_hours.bits, + info->info21.logon_hours.units_per_week/8) != 0) { printf("Logon hours mismatch\n"); ret = false; } } - TEST_INT_EQUAL(q.out.info->info21.bad_password_count, + TEST_INT_EQUAL(info->info21.bad_password_count, user->bad_password_count); - TEST_INT_EQUAL(q.out.info->info21.logon_count, + TEST_INT_EQUAL(info->info21.logon_count, user->logon_count); - TEST_TIME_EQUAL(q.out.info->info21.last_password_change, + TEST_TIME_EQUAL(info->info21.last_password_change, user->last_password_change); - TEST_TIME_EQUAL(q.out.info->info21.acct_expiry, + TEST_TIME_EQUAL(info->info21.acct_expiry, user->acct_expiry); - TEST_INT_EQUAL((q.out.info->info21.acct_flags & ~ACB_PW_EXPIRED), user->acct_flags); + TEST_INT_EQUAL((info->info21.acct_flags & ~ACB_PW_EXPIRED), user->acct_flags); if (user->acct_flags & ACB_PWNOEXP) { - if (q.out.info->info21.acct_flags & ACB_PW_EXPIRED) { + if (info->info21.acct_flags & ACB_PW_EXPIRED) { printf("ACB flags mismatch: both expired and no expiry!\n"); ret = false; } - if (q.out.info->info21.force_password_change != (NTTIME)0x7FFFFFFFFFFFFFFFULL) { + if (info->info21.force_password_change != (NTTIME)0x7FFFFFFFFFFFFFFFULL) { printf("ACB flags mismatch: no password expiry, but force password change 0x%016llx (%lld) != 0x%016llx (%lld)\n", - (unsigned long long)q.out.info->info21.force_password_change, - (unsigned long long)q.out.info->info21.force_password_change, + (unsigned long long)info->info21.force_password_change, + (unsigned long long)info->info21.force_password_change, (unsigned long long)0x7FFFFFFFFFFFFFFFULL, (unsigned long long)0x7FFFFFFFFFFFFFFFULL ); ret = false; } } - TEST_INT_EQUAL(q.out.info->info21.nt_password_set, user->nt_password_present); - TEST_INT_EQUAL(q.out.info->info21.lm_password_set, user->lm_password_present); - TEST_INT_EQUAL(q.out.info->info21.password_expired, user->password_expired); + TEST_INT_EQUAL(info->info21.nt_password_set, user->nt_password_present); + TEST_INT_EQUAL(info->info21.lm_password_set, user->lm_password_present); + TEST_INT_EQUAL(info->info21.password_expired, user->password_expired); - TEST_STRING_EQUAL(q.out.info->info21.comment, user->comment); - TEST_BINARY_STRING_EQUAL(q.out.info->info21.parameters, user->parameters); + TEST_STRING_EQUAL(info->info21.comment, user->comment); + TEST_BINARY_STRING_EQUAL(info->info21.parameters, user->parameters); - TEST_INT_EQUAL(q.out.info->info21.country_code, user->country_code); - TEST_INT_EQUAL(q.out.info->info21.code_page, user->code_page); + TEST_INT_EQUAL(info->info21.country_code, user->country_code); + TEST_INT_EQUAL(info->info21.code_page, user->code_page); - TEST_STRING_EQUAL(q.out.info->info21.profile_path, user->profile_path); + TEST_STRING_EQUAL(info->info21.profile_path, user->profile_path); if (user->lm_password_present) { sam_rid_crypt(rid, user->lmpassword.hash, lm_hash.hash, 0); @@ -638,7 +640,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct return true; } } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_PASSWORD_EXPIRED)) { - if (q.out.info->info21.acct_flags & ACB_PW_EXPIRED) { + if (info->info21.acct_flags & ACB_PW_EXPIRED) { return true; } } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { @@ -673,7 +675,7 @@ static bool samsync_handle_user(struct torture_context *tctx, TALLOC_CTX *mem_ct TEST_TIME_EQUAL(user->last_logon, info3->base.last_logon); TEST_TIME_EQUAL(user->acct_expiry, info3->base.acct_expiry); TEST_TIME_EQUAL(user->last_password_change, info3->base.last_password_change); - TEST_TIME_EQUAL(q.out.info->info21.force_password_change, info3->base.force_password_change); + TEST_TIME_EQUAL(info->info21.force_password_change, info3->base.force_password_change); /* Does the concept of a logoff time ever really * exist? (not in any sensible way, according to the -- cgit From 8f23dff45ee5e1d5af8593dfce649b64ca4abd9f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 15:55:09 +0100 Subject: s3-samr: remove old samr.idl file. Guenther --- source3/Makefile.in | 2 +- source3/librpc/idl/samr.idl | 1550 ------------------------------------------- 2 files changed, 1 insertion(+), 1551 deletions(-) delete mode 100644 source3/librpc/idl/samr.idl diff --git a/source3/Makefile.in b/source3/Makefile.in index d216e1c11e..2bcdd8ddaa 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1224,7 +1224,7 @@ samba3-idl:: ../librpc/idl/initshutdown.idl ../librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \ ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl ../librpc/idl/netlogon.idl \ ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \ - ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ + ../librpc/idl/xattr.idl ../librpc/idl/misc.idl ../librpc/idl/samr.idl \ ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl deleted file mode 100644 index 8fbc132aa7..0000000000 --- a/source3/librpc/idl/samr.idl +++ /dev/null @@ -1,1550 +0,0 @@ -#include "idl_types.h" - -/* - samr interface definition -*/ -import "misc.idl", "lsa.idl", "security.idl"; - -/* - Thanks to Todd Sabin for some information from his samr.idl in acltools -*/ - -[ uuid("12345778-1234-abcd-ef00-0123456789ac"), - version(1.0), - endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), - pointer_default(unique) -] interface samr -{ - typedef bitmap security_secinfo security_secinfo; - - /* account control (acct_flags) bits */ - typedef [public,bitmap32bit] bitmap { - ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ - ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ - ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ - ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ - ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ - ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ - ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ - ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ - ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ - ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ - ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ - ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ - ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ - ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ - ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ - ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ - ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ - ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ - ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ - } samr_AcctFlags; - - /* SAM server specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, - SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, - SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, - SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, - SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, - SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 - } samr_ConnectAccessMask; - - const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F; - - const int GENERIC_RIGHTS_SAM_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_ACCESS_ALL_ACCESS); - - const int GENERIC_RIGHTS_SAM_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_ACCESS_ENUM_DOMAINS); - - const int GENERIC_RIGHTS_SAM_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_ACCESS_CREATE_DOMAIN | - SAMR_ACCESS_INITIALIZE_SERVER | - SAMR_ACCESS_SHUTDOWN_SERVER); - - const int GENERIC_RIGHTS_SAM_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_ACCESS_OPEN_DOMAIN | - SAMR_ACCESS_CONNECT_TO_SERVER); - - /* User Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, - SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, - SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, - SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, - SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, - SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, - SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, - SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, - SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, - SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, - SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 - } samr_UserAccessMask; - - const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF; - - const int GENERIC_RIGHTS_USER_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */ - - const int GENERIC_RIGHTS_USER_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP | - SAMR_USER_ACCESS_GET_GROUPS | - SAMR_USER_ACCESS_GET_ATTRIBUTES | - SAMR_USER_ACCESS_GET_LOGONINFO | - SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */ - - const int GENERIC_RIGHTS_USER_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_USER_ACCESS_CHANGE_PASSWORD | - SAMR_USER_ACCESS_SET_LOC_COM | - SAMR_USER_ACCESS_SET_ATTRIBUTES | - SAMR_USER_ACCESS_SET_PASSWORD | - SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */ - - const int GENERIC_RIGHTS_USER_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_USER_ACCESS_CHANGE_PASSWORD | - SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */ - - /* Domain Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, - SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, - SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, - SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, - SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, - SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, - SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, - SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 - } samr_DomainAccessMask; - - const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF; - - const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_DOMAIN_ACCESS_ALL_ACCESS); - - const int GENERIC_RIGHTS_DOMAIN_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS | - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2); - - const int GENERIC_RIGHTS_DOMAIN_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_DOMAIN_ACCESS_SET_INFO_3 | - SAMR_DOMAIN_ACCESS_CREATE_ALIAS | - SAMR_DOMAIN_ACCESS_CREATE_GROUP | - SAMR_DOMAIN_ACCESS_CREATE_USER | - SAMR_DOMAIN_ACCESS_SET_INFO_2 | - SAMR_DOMAIN_ACCESS_SET_INFO_1); - - const int GENERIC_RIGHTS_DOMAIN_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1); - - /* Group Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, - SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, - SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, - SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, - SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 - } samr_GroupAccessMask; - - const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F; - - const int GENERIC_RIGHTS_GROUP_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */ - - const int GENERIC_RIGHTS_GROUP_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */ - - const int GENERIC_RIGHTS_GROUP_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_GROUP_ACCESS_REMOVE_MEMBER | - SAMR_GROUP_ACCESS_ADD_MEMBER | - SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */ - - const int GENERIC_RIGHTS_GROUP_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */ - - /* Alias Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, - SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, - SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, - SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, - SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 - } samr_AliasAccessMask; - - const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F; - - const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */ - - const int GENERIC_RIGHTS_ALIAS_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */ - - const int GENERIC_RIGHTS_ALIAS_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_ALIAS_ACCESS_REMOVE_MEMBER | - SAMR_ALIAS_ACCESS_ADD_MEMBER | - SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */ - - const int GENERIC_RIGHTS_ALIAS_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */ - - /******************/ - /* Function: 0x00 */ - NTSTATUS samr_Connect ( - /* notice the lack of [string] */ - [in,unique] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - - /******************/ - /* Function: 0x01 */ - [public] NTSTATUS samr_Close ( - [in,out,ref] policy_handle *handle - ); - - /******************/ - /* Function: 0x02 */ - - NTSTATUS samr_SetSecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [in,ref] sec_desc_buf *sdbuf - ); - - /******************/ - /* Function: 0x03 */ - - NTSTATUS samr_QuerySecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [out,ref] sec_desc_buf **sdbuf - ); - - /******************/ - /* Function: 0x04 */ - - /* - shutdown the SAM - once you call this the SAM will be dead - */ - NTSTATUS samr_Shutdown ( - [in,ref] policy_handle *connect_handle - ); - - /******************/ - /* Function: 0x05 */ - NTSTATUS samr_LookupDomain ( - [in,ref] policy_handle *connect_handle, - [in,ref] lsa_String *domain_name, - [out,ref] dom_sid2 **sid - ); - - - /******************/ - /* Function: 0x06 */ - - typedef struct { - uint32 idx; - lsa_String name; - } samr_SamEntry; - - typedef struct { - uint32 count; - [size_is(count)] samr_SamEntry *entries; - } samr_SamArray; - - NTSTATUS samr_EnumDomains ( - [in] policy_handle *connect_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 buf_size, - [out,ref] uint32 *num_entries - ); - - - /************************/ - /* Function 0x07 */ - [public] NTSTATUS samr_OpenDomain( - [in,ref] policy_handle *connect_handle, - [in] samr_DomainAccessMask access_mask, - [in,ref] dom_sid2 *sid, - [out,ref] policy_handle *domain_handle - ); - - /************************/ - /* Function 0x08 */ - /* server roles */ - typedef [v1_enum] enum { - SAMR_ROLE_STANDALONE = 0, - SAMR_ROLE_DOMAIN_MEMBER = 1, - SAMR_ROLE_DOMAIN_BDC = 2, - SAMR_ROLE_DOMAIN_PDC = 3 - } samr_Role; - - /* password properties flags */ - typedef [public,bitmap32bit] bitmap { - DOMAIN_PASSWORD_COMPLEX = 0x00000001, - DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, - DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, - DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, - DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, - DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 - } samr_PasswordProperties; - - typedef struct { - uint16 min_password_length; - uint16 password_history_length; - samr_PasswordProperties password_properties; - /* yes, these are signed. They are in negative 100ns */ - dlong max_password_age; - dlong min_password_age; - } samr_DomInfo1; - - typedef struct { - NTTIME force_logoff_time; - lsa_String oem_information; /* comment */ - lsa_String domain_name; - lsa_String primary; /* PDC name if this is a BDC */ - udlong sequence_num; - uint32 unknown2; - samr_Role role; - uint32 unknown3; - uint32 num_users; - uint32 num_groups; - uint32 num_aliases; - } samr_DomGeneralInformation; - - typedef struct { - NTTIME force_logoff_time; - } samr_DomInfo3; - - typedef struct { - lsa_String oem_information; /* comment */ - } samr_DomOEMInformation; - - typedef struct { - lsa_String domain_name; - } samr_DomInfo5; - - typedef struct { - lsa_String primary; - } samr_DomInfo6; - - typedef struct { - samr_Role role; - } samr_DomInfo7; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - } samr_DomInfo8; - - typedef struct { - uint32 unknown; /* w2k3 returns 1 */ - } samr_DomInfo9; - - typedef struct { - samr_DomGeneralInformation general; - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomGeneralInformation2; - - typedef struct { - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomInfo12; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - uint32 unknown1; - uint32 unknown2; - } samr_DomInfo13; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DomInfo1 info1; - [case(2)] samr_DomGeneralInformation general; - [case(3)] samr_DomInfo3 info3; - [case(4)] samr_DomOEMInformation oem; - [case(5)] samr_DomInfo5 info5; - [case(6)] samr_DomInfo6 info6; - [case(7)] samr_DomInfo7 info7; - [case(8)] samr_DomInfo8 info8; - [case(9)] samr_DomInfo9 info9; - [case(11)] samr_DomGeneralInformation2 general2; - [case(12)] samr_DomInfo12 info12; - [case(13)] samr_DomInfo13 info13; - } samr_DomainInfo; - - NTSTATUS samr_QueryDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_DomainInfo **info - ); - - /************************/ - /* Function 0x09 */ - /* - only levels 1, 3, 4, 6, 7, 9, 12 are valid for this - call in w2k3 - */ - NTSTATUS samr_SetDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,switch_is(level),ref] samr_DomainInfo *info - ); - - - /************************/ - /* Function 0x0a */ - NTSTATUS samr_CreateDomainGroup( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *name, - [in] samr_GroupAccessMask access_mask, - [out,ref] policy_handle *group_handle, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x0b */ - - NTSTATUS samr_EnumDomainGroups( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x0c */ - NTSTATUS samr_CreateUser( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0d */ - - - /* w2k3 treats max_size as max_users*54 and sets the - resume_handle as the rid of the last user sent - */ - const int SAMR_ENUM_USERS_MULTIPLIER = 54; - - NTSTATUS samr_EnumDomainUsers( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x0e */ - NTSTATUS samr_CreateDomAlias( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *alias_name, - [in] samr_AliasAccessMask access_mask, - [out,ref] policy_handle *alias_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0f */ - NTSTATUS samr_EnumDomainAliases( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x10 */ - - typedef struct { - [range(0,1024)] uint32 count; - [size_is(count)] uint32 *ids; - } samr_Ids; - - NTSTATUS samr_GetAliasMembership( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_SidArray *sids, - [out,ref] samr_Ids *rids - ); - - /************************/ - /* Function 0x11 */ - - [public] NTSTATUS samr_LookupNames( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out,ref] samr_Ids *rids, - [out,ref] samr_Ids *types - ); - - - /************************/ - /* Function 0x12 */ - NTSTATUS samr_LookupRids( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_rids, - [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out,ref] lsa_Strings *names, - [out,ref] samr_Ids *types - ); - - /************************/ - /* Function 0x13 */ - NTSTATUS samr_OpenGroup( - [in,ref] policy_handle *domain_handle, - [in] samr_GroupAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *group_handle - ); - - /* Group attributes */ - typedef [public,bitmap32bit] bitmap { - SE_GROUP_MANDATORY = 0x00000001, - SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002, - SE_GROUP_ENABLED = 0x00000004, - SE_GROUP_OWNER = 0x00000008, - SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010, - SE_GROUP_RESOURCE = 0x20000000, - SE_GROUP_LOGON_ID = 0xC0000000 - } samr_GroupAttrs; - - /************************/ - /* Function 0x14 */ - - typedef struct { - lsa_String name; - samr_GroupAttrs attributes; - uint32 num_members; - lsa_String description; - } samr_GroupInfoAll; - - typedef struct { - samr_GroupAttrs attributes; - } samr_GroupInfoAttributes; - - typedef struct { - lsa_String description; - } samr_GroupInfoDescription; - - typedef enum { - GROUPINFOALL = 1, - GROUPINFONAME = 2, - GROUPINFOATTRIBUTES = 3, - GROUPINFODESCRIPTION = 4, - GROUPINFOALL2 = 5 - } samr_GroupInfoEnum; - - typedef [switch_type(samr_GroupInfoEnum)] union { - [case(GROUPINFOALL)] samr_GroupInfoAll all; - [case(GROUPINFONAME)] lsa_String name; - [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; - [case(GROUPINFODESCRIPTION)] lsa_String description; - [case(GROUPINFOALL2)] samr_GroupInfoAll all2; - } samr_GroupInfo; - - NTSTATUS samr_QueryGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [out,ref,switch_is(level)] samr_GroupInfo **info - ); - - /************************/ - /* Function 0x15 */ - NTSTATUS samr_SetGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [in,switch_is(level),ref] samr_GroupInfo *info - ); - - /************************/ - /* Function 0x16 */ - NTSTATUS samr_AddGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid, - [in] uint32 flags - ); - - /************************/ - /* Function 0x17 */ - NTSTATUS samr_DeleteDomainGroup( - [in,out,ref] policy_handle *group_handle - ); - - /************************/ - /* Function 0x18 */ - NTSTATUS samr_DeleteGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid - ); - - - /************************/ - /* Function 0x19 */ - typedef struct { - uint32 count; - [size_is(count)] uint32 *rids; - [size_is(count)] uint32 *types; - } samr_RidTypeArray; - - NTSTATUS samr_QueryGroupMember( - [in,ref] policy_handle *group_handle, - [out,ref] samr_RidTypeArray **rids - ); - - - /************************/ - /* Function 0x1a */ - - /* - win2003 seems to accept any data at all for the two integers - below, and doesn't seem to do anything with them that I can - see. Weird. I really expected the first integer to be a rid - and the second to be the attributes for that rid member. - */ - NTSTATUS samr_SetMemberAttributesOfGroup( - [in,ref] policy_handle *group_handle, - [in] uint32 unknown1, - [in] uint32 unknown2 - ); - - - /************************/ - /* Function 0x1b */ - NTSTATUS samr_OpenAlias ( - [in,ref] policy_handle *domain_handle, - [in] samr_AliasAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *alias_handle - ); - - - /************************/ - /* Function 0x1c */ - - typedef struct { - lsa_String name; - uint32 num_members; - lsa_String description; - } samr_AliasInfoAll; - - typedef enum { - ALIASINFOALL = 1, - ALIASINFONAME = 2, - ALIASINFODESCRIPTION = 3 - } samr_AliasInfoEnum; - - typedef [switch_type(samr_AliasInfoEnum)] union { - [case(ALIASINFOALL)] samr_AliasInfoAll all; - [case(ALIASINFONAME)] lsa_String name; - [case(ALIASINFODESCRIPTION)] lsa_String description; - } samr_AliasInfo; - - NTSTATUS samr_QueryAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [out,ref,switch_is(level)] samr_AliasInfo **info - ); - - /************************/ - /* Function 0x1d */ - NTSTATUS samr_SetAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [in,switch_is(level),ref] samr_AliasInfo *info - ); - - /************************/ - /* Function 0x1e */ - NTSTATUS samr_DeleteDomAlias( - [in,out,ref] policy_handle *alias_handle - ); - - /************************/ - /* Function 0x1f */ - NTSTATUS samr_AddAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x20 */ - NTSTATUS samr_DeleteAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x21 */ - NTSTATUS samr_GetMembersInAlias( - [in,ref] policy_handle *alias_handle, - [out,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x22 */ - [public] NTSTATUS samr_OpenUser( - [in,ref] policy_handle *domain_handle, - [in] samr_UserAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x23 */ - NTSTATUS samr_DeleteUser( - [in,out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x24 */ - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 primary_gid; - lsa_String description; - lsa_String comment; - } samr_UserInfo1; - - typedef struct { - lsa_String comment; - lsa_String unknown; /* settable, but doesn't stick. probably obsolete */ - uint16 country_code; - uint16 code_page; - } samr_UserInfo2; - - /* this is also used in samr and netlogon */ - typedef [public, flag(NDR_PAHEX)] struct { - uint16 units_per_week; - [size_is(1260), length_is(units_per_week/8)] uint8 *bits; - } samr_LogonHours; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME allow_password_change; - NTTIME force_password_change; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - samr_AcctFlags acct_flags; - } samr_UserInfo3; - - typedef struct { - samr_LogonHours logon_hours; - } samr_UserInfo4; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - NTTIME last_password_change; - NTTIME acct_expiry; - samr_AcctFlags acct_flags; - } samr_UserInfo5; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - } samr_UserInfo6; - - typedef struct { - lsa_String account_name; - } samr_UserInfo7; - - typedef struct { - lsa_String full_name; - } samr_UserInfo8; - - typedef struct { - uint32 primary_gid; - } samr_UserInfo9; - - typedef struct { - lsa_String home_directory; - lsa_String home_drive; - } samr_UserInfo10; - - typedef struct { - lsa_String logon_script; - } samr_UserInfo11; - - typedef struct { - lsa_String profile_path; - } samr_UserInfo12; - - typedef struct { - lsa_String description; - } samr_UserInfo13; - - typedef struct { - lsa_String workstations; - } samr_UserInfo14; - - typedef struct { - samr_AcctFlags acct_flags; - } samr_UserInfo16; - - typedef struct { - NTTIME acct_expiry; - } samr_UserInfo17; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 hash[16]; - } samr_Password; - - typedef struct { - samr_Password lm_pwd; - samr_Password nt_pwd; - boolean8 lm_pwd_active; - boolean8 nt_pwd_active; - } samr_UserInfo18; - - typedef struct { - lsa_BinaryString parameters; - } samr_UserInfo20; - - /* this defines the bits used for fields_present in info21 */ - typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_RID = 0x00000004, - SAMR_FIELD_PRIMARY_GID = 0x00000008, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_HOME_DIRECTORY = 0x00000040, - SAMR_FIELD_HOME_DRIVE = 0x00000080, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LAST_LOGON = 0x00000800, - SAMR_FIELD_LAST_LOGOFF = 0x00001000, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, - SAMR_FIELD_NUM_LOGONS = 0x00008000, - SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, - SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, - SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, - SAMR_FIELD_ACCT_EXPIRY = 0x00080000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ - SAMR_FIELD_PRIVATE_DATA = 0x04000000, - SAMR_FIELD_EXPIRED_FLAG = 0x08000000, - SAMR_FIELD_SEC_DESC = 0x10000000, - SAMR_FIELD_OWF_PWD = 0x20000000 - } samr_FieldsPresent; - - /* used for 'password_expired' in samr_UserInfo21 */ - const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; - const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; - - typedef struct { - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME acct_expiry; - NTTIME allow_password_change; - NTTIME force_password_change; - lsa_String account_name; - lsa_String full_name; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - lsa_String comment; - lsa_BinaryString parameters; - lsa_String unknown1; - lsa_String unknown2; - lsa_String unknown3; - uint32 buf_count; - [size_is(buf_count)] uint8 *buffer; - uint32 rid; - uint32 primary_gid; - samr_AcctFlags acct_flags; - samr_FieldsPresent fields_present; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - uint16 country_code; - uint16 code_page; - uint8 nt_password_set; - uint8 lm_password_set; - uint8 password_expired; - uint8 unknown4; - } samr_UserInfo21; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 data[516]; - } samr_CryptPassword; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPassword password; - } samr_UserInfo23; - - typedef struct { - samr_CryptPassword password; - uint8 pw_len; - } samr_UserInfo24; - - typedef [flag(NDR_PAHEX)] struct { - uint8 data[532]; - } samr_CryptPasswordEx; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPasswordEx password; - } samr_UserInfo25; - - typedef struct { - samr_CryptPasswordEx password; - uint8 pw_len; - } samr_UserInfo26; - - typedef [switch_type(uint16)] union { - [case(1)] samr_UserInfo1 info1; - [case(2)] samr_UserInfo2 info2; - [case(3)] samr_UserInfo3 info3; - [case(4)] samr_UserInfo4 info4; - [case(5)] samr_UserInfo5 info5; - [case(6)] samr_UserInfo6 info6; - [case(7)] samr_UserInfo7 info7; - [case(8)] samr_UserInfo8 info8; - [case(9)] samr_UserInfo9 info9; - [case(10)] samr_UserInfo10 info10; - [case(11)] samr_UserInfo11 info11; - [case(12)] samr_UserInfo12 info12; - [case(13)] samr_UserInfo13 info13; - [case(14)] samr_UserInfo14 info14; - [case(16)] samr_UserInfo16 info16; - [case(17)] samr_UserInfo17 info17; - [case(18)] samr_UserInfo18 info18; - [case(20)] samr_UserInfo20 info20; - [case(21)] samr_UserInfo21 info21; - [case(23)] samr_UserInfo23 info23; - [case(24)] samr_UserInfo24 info24; - [case(25)] samr_UserInfo25 info25; - [case(26)] samr_UserInfo26 info26; - } samr_UserInfo; - - [public] NTSTATUS samr_QueryUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_UserInfo **info - ); - - - /************************/ - /* Function 0x25 */ - [public] NTSTATUS samr_SetUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x26 */ - /* - this is a password change interface that doesn't give - the server the plaintext password. Depricated. - */ - NTSTATUS samr_ChangePasswordUser( - [in,ref] policy_handle *user_handle, - [in] boolean8 lm_present, - [in,unique] samr_Password *old_lm_crypted, - [in,unique] samr_Password *new_lm_crypted, - [in] boolean8 nt_present, - [in,unique] samr_Password *old_nt_crypted, - [in,unique] samr_Password *new_nt_crypted, - [in] boolean8 cross1_present, - [in,unique] samr_Password *nt_cross, - [in] boolean8 cross2_present, - [in,unique] samr_Password *lm_cross - ); - - /************************/ - /* Function 0x27 */ - - typedef [public] struct { - uint32 rid; - samr_GroupAttrs attributes; - } samr_RidWithAttribute; - - typedef [public] struct { - uint32 count; - [size_is(count)] samr_RidWithAttribute *rids; - } samr_RidWithAttributeArray; - - NTSTATUS samr_GetGroupsForUser( - [in,ref] policy_handle *user_handle, - [out,ref] samr_RidWithAttributeArray **rids - ); - - /************************/ - /* Function 0x28 */ - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - lsa_String full_name; - } samr_DispEntryGeneral; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryGeneral *entries; - } samr_DispInfoGeneral; - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFull; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFull *entries; - } samr_DispInfoFull; - - typedef struct { - uint32 idx; - uint32 rid; - samr_GroupAttrs acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFullGroup; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFullGroup *entries; - } samr_DispInfoFullGroups; - - typedef struct { - uint32 idx; - lsa_AsciiStringLarge account_name; - } samr_DispEntryAscii; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryAscii *entries; - } samr_DispInfoAscii; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DispInfoGeneral info1;/* users */ - [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFullGroups info3; /* groups */ - [case(4)] samr_DispInfoAscii info4; /* users */ - [case(5)] samr_DispInfoAscii info5; /* groups */ - } samr_DispInfo; - - NTSTATUS samr_QueryDisplayInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - - /************************/ - /* Function 0x29 */ - - /* - this seems to be an alphabetic search function. The returned index - is the index for samr_QueryDisplayInfo needed to get names occurring - after the specified name. The supplied name does not need to exist - in the database (for example you can supply just a first letter for - searching starting at that letter) - - The level corresponds to the samr_QueryDisplayInfo level - */ - NTSTATUS samr_GetDisplayEnumerationIndex( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,ref] lsa_String *name, - [out,ref] uint32 *idx - ); - - - - /************************/ - /* Function 0x2a */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsDomain( - [in,ref] policy_handle *domain_handle - ); - - - /************************/ - /* Function 0x2b */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsUser( - [in,ref] policy_handle *user_handle - ); - - - /************************/ - /* Function 0x2c */ - - typedef struct { - uint16 min_password_length; - samr_PasswordProperties password_properties; - } samr_PwInfo; - - [public] NTSTATUS samr_GetUserPwInfo( - [in,ref] policy_handle *user_handle, - [out,ref] samr_PwInfo *info - ); - - /************************/ - /* Function 0x2d */ - NTSTATUS samr_RemoveMemberFromForeignDomain( - [in,ref] policy_handle *domain_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x2e */ - - /* - how is this different from QueryDomainInfo ?? - */ - NTSTATUS samr_QueryDomainInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_DomainInfo **info - ); - - /************************/ - /* Function 0x2f */ - - /* - how is this different from QueryUserInfo ?? - */ - NTSTATUS samr_QueryUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_UserInfo **info - ); - - /************************/ - /* Function 0x30 */ - - /* - how is this different from QueryDisplayInfo?? - */ - NTSTATUS samr_QueryDisplayInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - /************************/ - /* Function 0x31 */ - - /* - how is this different from GetDisplayEnumerationIndex ?? - */ - NTSTATUS samr_GetDisplayEnumerationIndex2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,ref] lsa_String *name, - [out,ref] uint32 *idx - ); - - - /************************/ - /* Function 0x32 */ - NTSTATUS samr_CreateUser2( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_AcctFlags acct_flags, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *access_granted, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x33 */ - - /* - another duplicate. There must be a reason .... - */ - NTSTATUS samr_QueryDisplayInfo3( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - /************************/ - /* Function 0x34 */ - NTSTATUS samr_AddMultipleMembersToAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x35 */ - NTSTATUS samr_RemoveMultipleMembersFromAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x36 */ - - NTSTATUS samr_OemChangePasswordUser2( - [in,unique] lsa_AsciiString *server, - [in,ref] lsa_AsciiString *account, - [in,unique] samr_CryptPassword *password, - [in,unique] samr_Password *hash - ); - - /************************/ - /* Function 0x37 */ - NTSTATUS samr_ChangePasswordUser2( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier - ); - - /************************/ - /* Function 0x38 */ - NTSTATUS samr_GetDomPwInfo( - [in,unique] lsa_String *domain_name, - [out,ref] samr_PwInfo *info - ); - - /************************/ - /* Function 0x39 */ - NTSTATUS samr_Connect2( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3a */ - /* - seems to be an exact alias for samr_SetUserInfo() - */ - [public] NTSTATUS samr_SetUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x3b */ - /* - this one is mysterious. I have a few guesses, but nothing working yet - */ - NTSTATUS samr_SetBootKeyInformation( - [in,ref] policy_handle *connect_handle, - [in] uint32 unknown1, - [in] uint32 unknown2, - [in] uint32 unknown3 - ); - - /************************/ - /* Function 0x3c */ - NTSTATUS samr_GetBootKeyInformation( - [in,ref] policy_handle *domain_handle, - [out,ref] uint32 *unknown - ); - - /************************/ - /* Function 0x3d */ - NTSTATUS samr_Connect3( - [in,unique,string,charset(UTF16)] uint16 *system_name, - /* this unknown value seems to be completely ignored by w2k3 */ - [in] uint32 unknown, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3e */ - - typedef enum { - SAMR_CONNECT_PRE_W2K = 1, - SAMR_CONNECT_W2K = 2, - SAMR_CONNECT_AFTER_W2K = 3 - } samr_ConnectVersion; - - NTSTATUS samr_Connect4( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectVersion client_version, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3f */ - - typedef enum samr_RejectReason samr_RejectReason; - - typedef struct { - samr_RejectReason reason; - uint32 unknown1; - uint32 unknown2; - } samr_ChangeReject; - - NTSTATUS samr_ChangePasswordUser3( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier, - [in,unique] samr_CryptPassword *password3, - [out,ref] samr_DomInfo1 **dominfo, - [out,ref] samr_ChangeReject **reject - ); - - /************************/ - /* Function 0x40 */ - - typedef struct { - samr_ConnectVersion client_version; /* w2k3 gives 3 */ - uint32 unknown2; /* w2k3 gives 0 */ - } samr_ConnectInfo1; - - typedef union { - [case(1)] samr_ConnectInfo1 info1; - } samr_ConnectInfo; - - [public] NTSTATUS samr_Connect5( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [in] uint32 level_in, - [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, - [out,ref] uint32 *level_out, - [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x41 */ - NTSTATUS samr_RidToSid( - [in,ref] policy_handle *domain_handle, - [in] uint32 rid, - [out,ref] dom_sid2 **sid - ); - - /************************/ - /* Function 0x42 */ - - /* - this should set the DSRM password for the server, which is used - when booting into Directory Services Recovery Mode on a DC. Win2003 - gives me NT_STATUS_NOT_SUPPORTED - */ - - NTSTATUS samr_SetDsrmPassword( - [in,unique] lsa_String *name, - [in] uint32 unknown, - [in,unique] samr_Password *hash - ); - - - /************************/ - /* Function 0x43 */ - /************************/ - typedef [bitmap32bit] bitmap { - SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, - SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 - } samr_ValidateFieldsPresent; - - typedef enum { - NetValidateAuthentication = 1, - NetValidatePasswordChange= 2, - NetValidatePasswordReset = 3 - } samr_ValidatePasswordLevel; - - /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't - * identified the mapping of - * - NERR_PasswordFilterError - * - NERR_PasswordExpired and - * - NERR_PasswordCantChange - * yet - Guenther - */ - - typedef enum { - SAMR_VALIDATION_STATUS_SUCCESS = 0, - SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, - SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, - SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, - SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, - SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, - SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, - SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, - SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 - } samr_ValidationStatus; - - typedef struct { - uint32 length; - [size_is(length)] uint8 *data; - } samr_ValidationBlob; - - typedef struct { - samr_ValidateFieldsPresent fields_present; - NTTIME_hyper last_password_change; - NTTIME_hyper bad_password_time; - NTTIME_hyper lockout_time; - uint32 bad_pwd_count; - uint32 pwd_history_len; - [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; - } samr_ValidatePasswordInfo; - - typedef struct { - samr_ValidatePasswordInfo info; - samr_ValidationStatus status; - } samr_ValidatePasswordRepCtr; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordRepCtr ctr1; - [case(2)] samr_ValidatePasswordRepCtr ctr2; - [case(3)] samr_ValidatePasswordRepCtr ctr3; - } samr_ValidatePasswordRep; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 pwd_must_change_at_next_logon; - boolean8 clear_lockout; - } samr_ValidatePasswordReq3; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 password_matched; - } samr_ValidatePasswordReq2; - - typedef struct { - samr_ValidatePasswordInfo info; - boolean8 password_matched; - } samr_ValidatePasswordReq1; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordReq1 req1; - [case(2)] samr_ValidatePasswordReq2 req2; - [case(3)] samr_ValidatePasswordReq3 req3; - } samr_ValidatePasswordReq; - - NTSTATUS samr_ValidatePassword( - [in] samr_ValidatePasswordLevel level, - [in,switch_is(level)] samr_ValidatePasswordReq *req, - [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep - ); -} -- cgit From 676f3c1c5cc8c2790462ec618f821c31e34165c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 16:08:43 +0100 Subject: s3-build: re-run make samba3-idl (rid2sid). Guenther --- source3/librpc/gen_ndr/cli_samr.c | 2 +- source3/librpc/gen_ndr/cli_samr.h | 2 +- source3/librpc/gen_ndr/ndr_samr.c | 27 ++++++++++++++++++++++++--- source3/librpc/gen_ndr/samr.h | 2 +- source3/librpc/gen_ndr/srv_samr.c | 2 +- 5 files changed, 28 insertions(+), 7 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_samr.c b/source3/librpc/gen_ndr/cli_samr.c index 179bd0007f..7edb790286 100644 --- a/source3/librpc/gen_ndr/cli_samr.c +++ b/source3/librpc/gen_ndr/cli_samr.c @@ -2838,7 +2838,7 @@ NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle /* [in] [ref] */, uint32_t rid /* [in] */, - struct dom_sid2 *sid /* [out] [ref] */) + struct dom_sid2 **sid /* [out] [ref] */) { struct samr_RidToSid r; NTSTATUS status; diff --git a/source3/librpc/gen_ndr/cli_samr.h b/source3/librpc/gen_ndr/cli_samr.h index 7216d0cf3d..b57d63334e 100644 --- a/source3/librpc/gen_ndr/cli_samr.h +++ b/source3/librpc/gen_ndr/cli_samr.h @@ -375,7 +375,7 @@ NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle /* [in] [ref] */, uint32_t rid /* [in] */, - struct dom_sid2 *sid /* [out] [ref] */); + struct dom_sid2 **sid /* [out] [ref] */); NTSTATUS rpccli_samr_SetDsrmPassword(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct lsa_String *name /* [in] [unique] */, diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index f83d0f0875..e1b8fd17f9 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -11907,7 +11907,10 @@ static enum ndr_err_code ndr_push_samr_RidToSid(struct ndr_push *ndr, int flags, if (r->out.sid == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid)); + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sid)); + if (*r->out.sid) { + NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid)); + } NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -11915,8 +11918,10 @@ static enum ndr_err_code ndr_push_samr_RidToSid(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_RidToSid(struct ndr_pull *ndr, int flags, struct samr_RidToSid *r) { + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_sid_0; + TALLOC_CTX *_mem_save_sid_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -11937,7 +11942,18 @@ static enum ndr_err_code ndr_pull_samr_RidToSid(struct ndr_pull *ndr, int flags, } _mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); + if (_ptr_sid) { + NDR_PULL_ALLOC(ndr, *r->out.sid); + } else { + *r->out.sid = NULL; + } + if (*r->out.sid) { + _mem_save_sid_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.sid, 0); + NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_1, 0); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } @@ -11966,7 +11982,12 @@ _PUBLIC_ void ndr_print_samr_RidToSid(struct ndr_print *ndr, const char *name, i ndr->depth++; ndr_print_ptr(ndr, "sid", r->out.sid); ndr->depth++; - ndr_print_dom_sid2(ndr, "sid", r->out.sid); + ndr_print_ptr(ndr, "sid", *r->out.sid); + ndr->depth++; + if (*r->out.sid) { + ndr_print_dom_sid2(ndr, "sid", *r->out.sid); + } + ndr->depth--; ndr->depth--; ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 8ef6752dbf..d900c29d5e 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -1745,7 +1745,7 @@ struct samr_RidToSid { } in; struct { - struct dom_sid2 *sid;/* [ref] */ + struct dom_sid2 **sid;/* [ref] */ NTSTATUS result; } out; diff --git a/source3/librpc/gen_ndr/srv_samr.c b/source3/librpc/gen_ndr/srv_samr.c index 3e3a1cc6c1..f4facd2914 100644 --- a/source3/librpc/gen_ndr/srv_samr.c +++ b/source3/librpc/gen_ndr/srv_samr.c @@ -5202,7 +5202,7 @@ static bool api_samr_RidToSid(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.sid = talloc_zero(r, struct dom_sid2); + r->out.sid = talloc_zero(r, struct dom_sid2 *); if (r->out.sid == NULL) { talloc_free(r); return false; -- cgit From 853909bf94871156002d609f35312f034315182e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 11 Nov 2008 09:45:40 +1100 Subject: It is not valid to talloc_free() ldb_dn_get_linearized() --- source4/lib/ldb/ldb.i | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 6013462225..6187096ab9 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -262,7 +262,6 @@ fail: { char *dn = ldb_dn_get_linearized($self), *ret; asprintf(&ret, "Dn('%s')", dn); - talloc_free(dn); return ret; } -- cgit From 39d42378b260240544b5649ff373fc15fbddaed8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 09:51:39 +0100 Subject: [s3]make keytab filename argument mandatory to "net rpc vampire keytab" This prevents unintended overwriting of the default path /etc/krb5.keytab (e.g.). Michael --- source3/utils/net_rpc_samsync.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c0922efe6b..73e6dd03cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -249,7 +249,10 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, return status; } - if (argc >= 1) { + if (argc < 1) { + /* the caller should ensure that a filename is provided */ + return NT_STATUS_INVALID_PARAMETER; + } else { ctx->output_filename = argv[0]; } @@ -299,9 +302,13 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, ctx->force_full_replication = c->opt_force_full_repl ? true : false; ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; - if (argc >= 1) { + if (argc < 1) { + /* the caller should ensure that a filename is provided */ + return NT_STATUS_INVALID_PARAMETER; + } else { ctx->output_filename = argv[0]; } + if (argc >= 2) { ctx->object_dns = &argv[1]; ctx->object_count = argc - 1; @@ -342,9 +349,9 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) { int ret = 0; - if (c->display_usage) { + if (c->display_usage || (argc < 1)) { d_printf("Usage:\n" - "net rpc vampire keytab\n" + "net rpc vampire keytab \n" " Dump remote SAM database to Kerberos keytab file\n"); return 0; } -- cgit From 8076e50fad6346e3ca6e18a044ea01b31ca182dd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Nov 2008 17:57:22 -0800 Subject: Added vfs_acl_tdb.c module to do ACLs completely in userspace. Passes all of RAW-ACLS except for the last test which uses a non-POSIX chown. More testing/documentation to follow. Jeremy. --- source3/Makefile.in | 5 + source3/configure.in | 3 +- source3/modules/vfs_acl_tdb.c | 843 ++++++++++++++++++++++++++++++++++++++++ source3/modules/vfs_acl_xattr.c | 98 ++--- 4 files changed, 904 insertions(+), 45 deletions(-) create mode 100644 source3/modules/vfs_acl_tdb.c diff --git a/source3/Makefile.in b/source3/Makefile.in index d216e1c11e..be075ad685 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -643,6 +643,7 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o +VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -2459,6 +2460,10 @@ bin/smb_traffic_analyzer.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZE @echo "Building plugin $@" @$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ) +bin/acl_tdb.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_TDB_OBJ) + @echo "Building plugin $@" + @$(SHLD_MODULE) $(VFS_ACL_TDB_OBJ) + bin/registry.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/registry.o @echo "Building plugin $@" @$(SHLD_MODULE) libgpo/gpext/registry.o diff --git a/source3/configure.in b/source3/configure.in index 0aeefe4180..5e3eac55e2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -399,7 +399,7 @@ dnl These have to be built static: default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template" dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer" +default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer" if test "x$developer" = xyes; then default_static_modules="$default_static_modules rpc_rpcecho" @@ -6087,6 +6087,7 @@ SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS) SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS) SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS) SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS) +SMB_MODULE(vfs_acl_tdb, \$(VFS_ACL_TDB_OBJ), "bin/acl_tdb.$SHLIBEXT", VFS) SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_traffic_analyzer.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c new file mode 100644 index 0000000000..be49bb798c --- /dev/null +++ b/source3/modules/vfs_acl_tdb.c @@ -0,0 +1,843 @@ +/* + * Store Windows ACLs in xattrs, or a tdb if configured that way. + * + * Copyright (C) Volker Lendecke, 2008 + * Copyright (C) Jeremy Allison, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* NOTE: This is an experimental module, not yet finished. JRA. */ + +#include "includes.h" +#include "librpc/gen_ndr/xattr.h" +#include "librpc/gen_ndr/ndr_xattr.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_VFS + +static unsigned int ref_count; +static struct db_context *acl_db; + +/******************************************************************* + Open acl_db if not already open, increment ref count. +*******************************************************************/ + +static bool acl_tdb_init(struct db_context **pp_db) +{ + const char *dbname; + + if (acl_db) { + *pp_db = acl_db; + ref_count++; + return true; + } + + dbname = lock_path("file_ntacls.tdb"); + + if (dbname == NULL) { + errno = ENOSYS; + return false; + } + + become_root(); + *pp_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + unbecome_root(); + + if (*pp_db == NULL) { +#if defined(ENOTSUP) + errno = ENOTSUP; +#else + errno = ENOSYS; +#endif + return false; + } + + ref_count++; + return true; +} + +/******************************************************************* + Lower ref count and close acl_db if zero. +*******************************************************************/ + +static void free_acl_xattr_data(void **pptr) +{ + struct db_context **pp_db = (struct db_context **)pptr; + + ref_count--; + if (ref_count == 0) { + TALLOC_FREE(*pp_db); + acl_db = NULL; + } +} + +/******************************************************************* + Fetch_lock the tdb acl record for a file +*******************************************************************/ + +static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, + struct db_context *db, + const struct file_id *id) +{ + uint8 id_buf[16]; + push_file_id_16((char *)id_buf, id); + return db->fetch_locked(db, + mem_ctx, + make_tdb_data(id_buf, + sizeof(id_buf))); +} + +/******************************************************************* + Parse out a struct security_descriptor from a DATA_BLOB. +*******************************************************************/ + +static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, + uint32 security_info, + struct security_descriptor **ppdesc) +{ + TALLOC_CTX *ctx = talloc_tos(); + struct xattr_NTACL xacl; + enum ndr_err_code ndr_err; + size_t sd_size; + + ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl, + (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err);; + } + + if (xacl.version != 2) { + return NT_STATUS_REVISION_MISMATCH; + } + + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + (security_info & OWNER_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->owner_sid : NULL, + (security_info & GROUP_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->group_sid : NULL, + (security_info & SACL_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->sacl : NULL, + (security_info & DACL_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->dacl : NULL, + &sd_size); + + TALLOC_FREE(xacl.info.sd); + + return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; +} + +/******************************************************************* + Pull a security descriptor into a DATA_BLOB from a tdb store. +*******************************************************************/ + +static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + TDB_DATA data; + struct file_id id; + struct db_context *db; + SMB_STRUCT_STAT sbuf; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (fsp && fsp->fh->fd != -1) { + if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } else { + if (SMB_VFS_STAT(handle->conn, name, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + push_file_id_16((char *)id_buf, &id); + + if (db->fetch(db, + ctx, + make_tdb_data(id_buf, sizeof(id_buf)), + &data) == -1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + pblob->data = data.dptr; + pblob->length = data.dsize; + + DEBUG(10,("get_acl_blob: returned %u bytes from file %s\n", + (unsigned int)data.dsize, name )); + + if (pblob->length == 0 || pblob->data == NULL) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return NT_STATUS_OK; +} + +/******************************************************************* + Create a DATA_BLOB from a security descriptor. +*******************************************************************/ + +static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) +{ + struct xattr_NTACL xacl; + struct security_descriptor_timestamp sd_ts; + enum ndr_err_code ndr_err; + TALLOC_CTX *ctx = talloc_tos(); + struct timespec curr = timespec_current(); + + ZERO_STRUCT(xacl); + ZERO_STRUCT(sd_ts); + + /* Horrid hack as setting an xattr changes the ctime + * on Linux. This gives a race of 1 second during + * which we would not see a POSIX ACL set. + */ + curr.tv_sec += 1; + + xacl.version = 2; + xacl.info.sd_ts = &sd_ts; + xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); + unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); + + DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", + timestring(ctx, curr.tv_sec) )); + + ndr_err = ndr_push_struct_blob( + pblob, ctx, &xacl, + (ndr_push_flags_fn_t)ndr_push_xattr_NTACL); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err);; + } + + return NT_STATUS_OK; +} + +/******************************************************************* + Store a DATA_BLOB into a tdb record given an fsp pointer. +*******************************************************************/ + +static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, + files_struct *fsp, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + struct file_id id; + SMB_STRUCT_STAT sbuf; + TDB_DATA data; + struct db_context *db; + struct db_record *rec; + + DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n", + (unsigned int)pblob->length, fsp->fsp_name)); + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (fsp->fh->fd != -1) { + if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } else { + if (SMB_VFS_STAT(handle->conn, fsp->fsp_name, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + push_file_id_16((char *)id_buf, &id); + rec = db->fetch_locked(db, talloc_tos(), + make_tdb_data(id_buf, + sizeof(id_buf))); + if (rec == NULL) { + DEBUG(0, ("store_acl_blob_fsp_tdb: fetch_lock failed\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + data.dptr = pblob->data; + data.dsize = pblob->length; + return rec->store(rec, data, 0); +} + +/******************************************************************* + Store a DATA_BLOB into a tdb record given a pathname. +*******************************************************************/ + +static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, + const char *fname, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + struct file_id id; + TDB_DATA data; + SMB_STRUCT_STAT sbuf; + struct db_context *db; + struct db_record *rec; + + DEBUG(10,("store_acl_blob_pathname: storing blob " + "length %u on file %s\n", + (unsigned int)pblob->length, fname)); + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (SMB_VFS_STAT(handle->conn, fname, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + push_file_id_16((char *)id_buf, &id); + + rec = db->fetch_locked(db, talloc_tos(), + make_tdb_data(id_buf, + sizeof(id_buf))); + if (rec == NULL) { + DEBUG(0, ("store_acl_blob_pathname_tdb: fetch_lock failed\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + data.dptr = pblob->data; + data.dsize = pblob->length; + return rec->store(rec, data, 0); +} + +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ + +static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + uint32 security_info, + struct security_descriptor **ppdesc) +{ + TALLOC_CTX *ctx = talloc_tos(); + DATA_BLOB blob; + NTSTATUS status; + + if (fsp && name == NULL) { + name = fsp->fsp_name; + } + + DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name)); + + status = get_acl_blob(ctx, handle, fsp, name, &blob); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status))); + return status; + } + + status = parse_acl_blob(&blob, security_info, ppdesc); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("parse_acl_blob returned %s\n", + nt_errstr(status))); + return status; + } + + TALLOC_FREE(blob.data); + return status; +} + +/********************************************************************* + Create a default security descriptor for a file in case no inheritance + exists. All permissions to the owner and SYSTEM. +*********************************************************************/ + +static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, + SMB_STRUCT_STAT *psbuf) +{ + struct dom_sid owner_sid, group_sid; + size_t sd_size; + struct security_ace *pace = NULL; + struct security_acl *pacl = NULL; + + uid_to_sid(&owner_sid, psbuf->st_uid); + gid_to_sid(&group_sid, psbuf->st_gid); + + pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2); + if (!pace) { + return NULL; + } + + init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + + pacl = make_sec_acl(mem_ctx, + NT4_ACL_REVISION, + 2, + pace); + if (!pacl) { + return NULL; + } + return make_sec_desc(mem_ctx, + SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + &owner_sid, + &group_sid, + NULL, + pacl, + &sd_size); +} + +/********************************************************************* +*********************************************************************/ + +static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, + const char *fname, + files_struct *fsp, + bool container) +{ + TALLOC_CTX *ctx = talloc_tos(); + NTSTATUS status; + struct security_descriptor *parent_desc = NULL; + struct security_descriptor *psd = NULL; + DATA_BLOB blob; + size_t size; + char *parent_name; + + if (!parent_dirname_talloc(ctx, + fname, + &parent_name, + NULL)) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(10,("inherit_new_acl: check directory %s\n", + parent_name)); + + status = get_nt_acl_xattr_internal(handle, + NULL, + parent_name, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &parent_desc); + if (NT_STATUS_IS_OK(status)) { + /* Create an inherited descriptor from the parent. */ + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: parent acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, parent_desc); + } + + status = se_create_child_secdesc(ctx, + &psd, + &size, + parent_desc, + &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], + &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], + container); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: child acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + + } else { + DEBUG(10,("inherit_new_acl: directory %s failed " + "to get acl %s\n", + parent_name, + nt_errstr(status) )); + } + + if (!psd || psd->dacl == NULL) { + SMB_STRUCT_STAT sbuf; + int ret; + + TALLOC_FREE(psd); + if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } else { + ret = SMB_VFS_STAT(handle->conn,fname, &sbuf); + } + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + psd = default_file_sd(ctx, &sbuf); + if (!psd) { + return NT_STATUS_NO_MEMORY; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: default acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + } + + status = create_acl_blob(psd, &blob); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (fsp) { + return store_acl_blob_fsp(handle, fsp, &blob); + } else { + return store_acl_blob_pathname(handle, fname, &blob); + } +} + +/********************************************************************* + Check ACL on open. For new files inherit from parent directory. +*********************************************************************/ + +static int open_acl_xattr(vfs_handle_struct *handle, + const char *fname, + files_struct *fsp, + int flags, + mode_t mode) +{ + uint32_t access_granted = 0; + struct security_descriptor *pdesc = NULL; + bool file_existed = true; + NTSTATUS status = get_nt_acl_xattr_internal(handle, + NULL, + fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &pdesc); + if (NT_STATUS_IS_OK(status)) { + /* See if we can access it. */ + status = smb1_file_se_access_check(pdesc, + handle->conn->server_info->ptok, + fsp->access_mask, + &access_granted); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("open_acl_xattr: file %s open " + "refused with error %s\n", + fname, + nt_errstr(status) )); + errno = map_errno_from_nt_status(status); + return -1; + } + } else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + file_existed = false; + } + + DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " + "file %s returned %s\n", + fname, + nt_errstr(status) )); + + fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); + + if (!file_existed && fsp->fh->fd != -1) { + /* File was created. Inherit from parent directory. */ + string_set(&fsp->fsp_name, fname); + inherit_new_acl(handle, fname, fsp, false); + } + + return fsp->fh->fd; +} + +/********************************************************************* + On unlink we need to delete the tdb record (if using tdb). +*********************************************************************/ + +static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) +{ + SMB_STRUCT_STAT sbuf; + struct file_id id; + struct db_context *db; + struct db_record *rec; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_UNLINK(handle, path); + + if (ret == -1) { + return -1; + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("unlink_acl_xattr: path %s rec == NULL\n", + path )); + TALLOC_FREE(rec); + return 0; + } + + rec->delete_rec(rec); + TALLOC_FREE(rec); + + return 0; +} + +/********************************************************************* + Store an inherited SD on mkdir. +*********************************************************************/ + +static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +{ + int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode); + + if (ret == -1) { + return ret; + } + /* New directory - inherit from parent. */ + inherit_new_acl(handle, path, NULL, true); + return ret; +} + +/********************************************************************* + On rmdir we need to delete the tdb record (if using tdb). +*********************************************************************/ + +static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) +{ + SMB_STRUCT_STAT sbuf; + struct file_id id; + struct db_context *db; + struct db_record *rec; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_RMDIR(handle, path); + + if (ret == -1) { + return -1; + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("rmdir_acl_xattr: path %s rec == NULL\n", + path )); + TALLOC_FREE(rec); + return 0; + } + + rec->delete_rec(rec); + TALLOC_FREE(rec); + + return 0; +} + +/********************************************************************* + Fetch a security descriptor given an fsp. +*********************************************************************/ + +static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info, struct security_descriptor **ppdesc) +{ + NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp, + NULL, security_info, ppdesc); + if (NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fget_nt_acl_xattr: returning xattr sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, *ppdesc); + } + return NT_STATUS_OK; + } + + DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + fsp->fsp_name, + nt_errstr(status) )); + + return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, + security_info, ppdesc); +} + +/********************************************************************* + Fetch a security descriptor given a pathname. +*********************************************************************/ + +static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, + const char *name, uint32 security_info, struct security_descriptor **ppdesc) +{ + NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, + name, security_info, ppdesc); + if (NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL >= 10) { + DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n", + name)); + NDR_PRINT_DEBUG(security_descriptor, *ppdesc); + } + return NT_STATUS_OK; + } + + DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + name, + nt_errstr(status) )); + + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, + security_info, ppdesc); +} + +/********************************************************************* + Store a security descriptor given an fsp. +*********************************************************************/ + +static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, const struct security_descriptor *psd) +{ + NTSTATUS status; + DATA_BLOB blob; + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, + CONST_DISCARD(struct security_descriptor *,psd)); + } + + status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* Ensure owner and group are set. */ + if (!psd->owner_sid || !psd->group_sid) { + int ret; + SMB_STRUCT_STAT sbuf; + DOM_SID owner_sid, group_sid; + struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd); + + if (!nc_psd) { + return NT_STATUS_OK; + } + if (fsp->is_directory || fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } + if (ret == -1) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + create_file_sids(&sbuf, &owner_sid, &group_sid); + /* This is safe as nc_psd is discarded at fn exit. */ + nc_psd->owner_sid = &owner_sid; + nc_psd->group_sid = &group_sid; + security_info_sent |= (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION); + psd = nc_psd; + } + + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + struct security_descriptor *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, + CONST_DISCARD(struct security_descriptor *,psd)); + } + create_acl_blob(psd, &blob); + store_acl_blob_fsp(handle, fsp, &blob); + + return NT_STATUS_OK; +} + +/******************************************************************* + Handle opening the storage tdb if so configured. +*******************************************************************/ + +static int connect_acl_xattr(struct vfs_handle_struct *handle, + const char *service, + const char *user) +{ + struct db_context *db; + int res; + + res = SMB_VFS_NEXT_CONNECT(handle, service, user); + if (res < 0) { + return res; + } + + if (!acl_tdb_init(&db)) { + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + + SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_xattr_data, + struct db_context, return -1); + + return 0; +} + +/* VFS operations structure */ + +static vfs_op_tuple skel_op_tuples[] = +{ + {SMB_VFS_OP(connect_acl_xattr), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(unlink_acl_xattr), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + + /* NT File ACL operations */ + + {SMB_VFS_OP(fget_nt_acl_xattr),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +NTSTATUS vfs_acl_xattr_init(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_tdb", skel_op_tuples); +} diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index a5d93950f6..2b4e68bdea 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -27,8 +27,11 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS +/******************************************************************* + Parse out a struct security_descriptor from a DATA_BLOB. +*******************************************************************/ + static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, - const struct timespec cts, uint32 security_info, struct security_descriptor **ppdesc) { @@ -50,30 +53,6 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } -#if 0 - { - struct timespec ts; - /* Arg. This doesn't work. Too many activities - * change the ctime. May have to roll back to - * version 1. - */ - /* - * Check that the ctime timestamp is ealier - * than the stored timestamp. - */ - - ts = nt_time_to_unix_timespec(&xacl.info.sd_ts->last_changed); - - if (timespec_compare(&cts, &ts) > 0) { - DEBUG(5, ("parse_acl_blob: stored ACL out of date " - "(%s > %s.\n", - timestring(ctx, cts.tv_sec), - timestring(ctx, ts.tv_sec))); - return NT_STATUS_EA_CORRUPT_ERROR; - } - } -#endif - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) ? xacl.info.sd_ts->sd->owner_sid : NULL, @@ -90,6 +69,10 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; } +/******************************************************************* + Pull a security descriptor into a DATA_BLOB from a xattr. +*******************************************************************/ + static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, vfs_handle_struct *handle, files_struct *fsp, @@ -144,6 +127,10 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, return NT_STATUS_OK; } +/******************************************************************* + Create a DATA_BLOB from a security descriptor. +*******************************************************************/ + static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; @@ -182,7 +169,12 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB return NT_STATUS_OK; } -static NTSTATUS store_acl_blob_fsp(files_struct *fsp, +/******************************************************************* + Store a DATA_BLOB into an xattr given an fsp pointer. +*******************************************************************/ + +static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, + files_struct *fsp, DATA_BLOB *pblob) { int ret; @@ -215,10 +207,15 @@ static NTSTATUS store_acl_blob_fsp(files_struct *fsp, return NT_STATUS_OK; } -static NTSTATUS store_acl_blob_pathname(connection_struct *conn, +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ + +static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, const char *fname, DATA_BLOB *pblob) { + connection_struct *conn = handle->conn; int ret; int saved_errno = 0; @@ -245,6 +242,9 @@ static NTSTATUS store_acl_blob_pathname(connection_struct *conn, return NT_STATUS_OK; } +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, files_struct *fsp, @@ -254,7 +254,6 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, { TALLOC_CTX *ctx = talloc_tos(); DATA_BLOB blob; - SMB_STRUCT_STAT sbuf; NTSTATUS status; if (fsp && name == NULL) { @@ -269,18 +268,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, return status; } - if (fsp && fsp->fh->fd != -1) { - if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { - return map_nt_error_from_unix(errno); - } - } else { - if (SMB_VFS_STAT(handle->conn, name, &sbuf) == -1) { - return map_nt_error_from_unix(errno); - } - } - - status = parse_acl_blob(&blob, get_ctimespec(&sbuf), - security_info, ppdesc); + status = parse_acl_blob(&blob, security_info, ppdesc); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("parse_acl_blob returned %s\n", nt_errstr(status))); @@ -427,9 +415,9 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } if (fsp) { - return store_acl_blob_fsp(fsp, &blob); + return store_acl_blob_fsp(handle, fsp, &blob); } else { - return store_acl_blob_pathname(handle->conn, fname, &blob); + return store_acl_blob_pathname(handle, fname, &blob); } } @@ -499,6 +487,10 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m return ret; } +/********************************************************************* + Fetch a security descriptor given an fsp. +*********************************************************************/ + static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { @@ -512,10 +504,19 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } return NT_STATUS_OK; } + + DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + fsp->fsp_name, + nt_errstr(status) )); + return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc); } +/********************************************************************* + Fetch a security descriptor given a pathname. +*********************************************************************/ + static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { @@ -529,10 +530,19 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, } return NT_STATUS_OK; } + + DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + name, + nt_errstr(status) )); + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); } +/********************************************************************* + Store a security descriptor given an fsp. +*********************************************************************/ + static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { @@ -602,7 +612,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } create_acl_blob(psd, &blob); - store_acl_blob_fsp(fsp, &blob); + store_acl_blob_fsp(handle, fsp, &blob); return NT_STATUS_OK; } @@ -620,7 +630,7 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; NTSTATUS vfs_acl_xattr_init(void) -- cgit From d6be0ba672c5543ed9e7aa2d11dd1e26a3494649 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Nov 2008 20:18:01 -0800 Subject: Fix the build (ndr_pull_struct_blob has a different signature in master). Jeremy. --- source3/modules/vfs_acl_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index be49bb798c..6deebf0ee6 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -112,7 +112,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, enum ndr_err_code ndr_err; size_t sd_size; - ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl, + ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl, (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From dee2c61ce0a5ff2485f4a0704c9d7288ca75cb52 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 11 Nov 2008 10:28:40 +0100 Subject: [s3]vfs_acl_tdb: fix the build. ndr_push_struct_blob has a different signature in master as well. Michael --- source3/modules/vfs_acl_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 6deebf0ee6..202c1a8469 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -222,7 +222,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB timestring(ctx, curr.tv_sec) )); ndr_err = ndr_push_struct_blob( - pblob, ctx, &xacl, + pblob, ctx, NULL, &xacl, (ndr_push_flags_fn_t)ndr_push_xattr_NTACL); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From 2f438b4cdeaacf55b0832bf71b2ef15b30cdd758 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Nov 2008 17:10:24 +0100 Subject: Remove unused variable, fix return. --- pidl/lib/Parse/Pidl/Samba4/Python.pm | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/pidl/lib/Parse/Pidl/Samba4/Python.pm b/pidl/lib/Parse/Pidl/Samba4/Python.pm index 38aee2c9d1..a3107d4672 100644 --- a/pidl/lib/Parse/Pidl/Samba4/Python.pm +++ b/pidl/lib/Parse/Pidl/Samba4/Python.pm @@ -702,7 +702,7 @@ sub Interface($$$) $self->pidl("if (!NT_STATUS_IS_OK(status)) {"); $self->indent; $self->pidl("PyErr_SetNTSTATUS(status);"); - $self->pidl("return;"); + $self->pidl("return NULL;"); $self->deindent; $self->pidl("}"); @@ -1181,7 +1181,6 @@ sub Parse($$$$$) $self->pidl("{"); $self->indent; $self->pidl("PyObject *m;"); - $self->pidl("NTSTATUS status;"); $self->pidl(""); foreach (@{$self->{ready_types}}) { -- cgit From 2e6bf03e519e180a1ee672dc9c9171d9e0cd114f Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 11 Nov 2008 17:22:16 +0100 Subject: Regenerate SWIG output. --- source4/lib/ldb/ldb_wrap.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/lib/ldb/ldb_wrap.c b/source4/lib/ldb/ldb_wrap.c index bc9266a306..3cf5ec613a 100644 --- a/source4/lib/ldb/ldb_wrap.c +++ b/source4/lib/ldb/ldb_wrap.c @@ -2732,7 +2732,6 @@ SWIGINTERN char const *ldb_dn_canonical_ex_str(ldb_dn *self){ SWIGINTERN char *ldb_dn___repr__(ldb_dn *self){ char *dn = ldb_dn_get_linearized(self), *ret; asprintf(&ret, "Dn('%s')", dn); - talloc_free(dn); return ret; } SWIGINTERN ldb_dn *ldb_dn___add__(ldb_dn *self,ldb_dn *other){ -- cgit From 0baca66589d72acf7b3d6edf7c7d21fa17f98915 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Nov 2008 14:21:09 -0800 Subject: Fix bug 5889. "delete veto files = no" seems to break. Jeremy. --- source3/smbd/reply.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index be39fd464d..c363ed5609 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4989,8 +4989,16 @@ NTSTATUS rmdir_internals(TALLOC_CTX *ctx, } } - /* We only have veto files/directories. Recursive delete. */ + /* We only have veto files/directories. + * Are we allowed to delete them ? */ + if(!lp_recursive_veto_delete(SNUM(conn))) { + TALLOC_FREE(dir_hnd); + errno = ENOTEMPTY; + goto err; + } + + /* Do a recursive delete. */ RewindDir(dir_hnd,&dirpos); while ((dname = ReadDirName(dir_hnd,&dirpos))) { char *fullname = NULL; @@ -5016,9 +5024,8 @@ NTSTATUS rmdir_internals(TALLOC_CTX *ctx, break; } if(st.st_mode & S_IFDIR) { - if(lp_recursive_veto_delete(SNUM(conn))) { - if(!recursive_rmdir(ctx, conn, fullname)) - break; + if(!recursive_rmdir(ctx, conn, fullname)) { + break; } if(SMB_VFS_RMDIR(conn,fullname) != 0) { break; -- cgit From c62427c7fc7fd9c2c33faa25e931d4583bea905a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Nov 2008 14:38:59 -0800 Subject: Fix bug 5891] : smbd crashed when viewing the eventlog exported by "eventlog list" Don't mix TALLOC and SAFE_FREE(). Jeremy. --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 3c7469f3ef..eec5b1d736 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -79,7 +79,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* get the security descriptor for the file */ sec_desc = get_nt_acl_no_snum( info, tdbname ); - SAFE_FREE( tdbname ); + TALLOC_FREE( tdbname ); if ( !sec_desc ) { DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", -- cgit From e6f8fd994567f85efd88b56e438816ee337f4f6e Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 11 Nov 2008 18:46:21 -0800 Subject: s3: Add support for make test to use a share dir outside of the prefix dir Some systems need to have the tdbs (and other files required for samba to run) on a different filesystem than the share directory that samba is exporting. This patch: - Adds an optional "shrdir" argument to selftest.sh - If shrdir is specified it will be used, otherwise the default will be used: "/tmp" - Adds a new configure option: --with-selftest-shrdir - Plumbs shrdir through Makefile.in and configure.in --- source3/Makefile.in | 3 ++- source3/m4/check_path.m4 | 16 ++++++++++++++++ source3/script/tests/selftest.sh | 28 +++++++++++++++++++++------- 3 files changed, 39 insertions(+), 8 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index c048e193a6..6e40ba404a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -17,6 +17,7 @@ localstatedir=@localstatedir@ datarootdir=@datarootdir@ selftest_prefix=@selftest_prefix@ +selftest_shrdir=@selftest_shrdir@ smbtorture4_path=@smbtorture4_path@ LIBS=@LIBS@ @@ -2846,7 +2847,7 @@ test_pam_modules:: pam_modules ## test:: all torture timelimit @echo Running Test suite - @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" + @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" ${selftest_shrdir} valgrindtest:: all torture timelimit @echo Running Test suite with valgrind diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4 index 9c99468084..0cff397c93 100644 --- a/source3/m4/check_path.m4 +++ b/source3/m4/check_path.m4 @@ -275,6 +275,22 @@ AC_ARG_WITH(selftest-prefix, esac ]) +################################################# +# set shrdir for 'make test' +selftest_shrdir="" +AC_SUBST(selftest_shrdir) +AC_ARG_WITH(selftest-shrdir, +[AS_HELP_STRING([--with-selftest-shrdir=DIR], [The share directory that make test will be run against ($selftest_shrdir)])], +[ case "$withval" in + yes|no) + AC_MSG_WARN([--with-selftest-shrdir called without argument - will use default]) + ;; + * ) + selftest_shrdir="$withval" + ;; + esac +]) + ################################################# # set path of samba4's smbtorture smbtorture4_path="" diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index 0894b2507d..d41d0f36cf 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -1,7 +1,7 @@ #!/bin/sh -if [ $# != 3 ]; then - echo "$0 " +if [ $# != 3 -a $# != 4 ]; then + echo "$0 []" exit 1 fi @@ -38,7 +38,6 @@ PASSWORD=test SRCDIR="`dirname $0`/../.." BINDIR="`pwd`/bin" SCRIPTDIR=$SRCDIR/script/tests -SHRDIR=$PREFIX_ABS/tmp LIBDIR=$PREFIX_ABS/lib PIDDIR=$PREFIX_ABS/pid CONFFILE=$LIBDIR/client.conf @@ -113,8 +112,23 @@ mkdir -p $PRIVATEDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR mkdir -p $SOCKET_WRAPPER_DIR mkdir -p $WINBINDD_SOCKET_DIR chmod 755 $WINBINDD_SOCKET_DIR -mkdir -p $PREFIX_ABS/tmp -chmod 777 $PREFIX_ABS/tmp + +## +## Create an alternate shrdir if one was specified. +## +if [ $# = 4 ]; then + ALT_SHRDIR=`echo $4 | sed s+//+/+` + mkdir -p $ALT_SHRDIR || exit $? + OLD_PWD=`pwd` + cd $ALT_SHRDIR || exit $? + SHRDIR=`pwd` + cd $OLD_PWD + /bin/rm -rf $SHRDIR/* +else + SHRDIR=$PREFIX_ABS/tmp + mkdir -p $SHRDIR +fi +chmod 777 $SHRDIR ## ## Create the common config include file with the basic settings @@ -184,7 +198,7 @@ cat >$SERVERCONFFILE< Date: Wed, 12 Nov 2008 09:06:36 +0100 Subject: errors: add WERR_CM_BUFFER_SMALL. Guenther --- libcli/util/werror.h | 1 + 1 file changed, 1 insertion(+) diff --git a/libcli/util/werror.h b/libcli/util/werror.h index 0d99c7bb31..d22516ae5c 100644 --- a/libcli/util/werror.h +++ b/libcli/util/werror.h @@ -181,6 +181,7 @@ typedef uint32_t WERROR; /* Configuration Manager Errors */ /* Basically Win32 errors meanings are specific to the \ntsvcs pipe */ +#define WERR_CM_BUFFER_SMALL W_ERROR(26) #define WERR_CM_NO_MORE_HW_PROFILES W_ERROR(35) #define WERR_CM_NO_SUCH_VALUE W_ERROR(37) -- cgit From 365a703d1395ac69633711edd00f91e9ef8adc97 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 00:06:07 +0100 Subject: s3-rpcclient: add ntsvcs_getdevlistsize command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 77 +++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 39 deletions(-) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 377a8a2a00..b7dc718b51 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -75,44 +75,6 @@ static WERROR cmd_ntsvcs_validate_dev_inst(struct rpc_pipe_client *cli, return werr; } -static WERROR cmd_ntsvcs_get_device_list_size(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) -{ - NTSTATUS status; - WERROR werr; - const char *devicename = NULL; - uint32_t flags = 0; - uint32_t size = 0; - - if (argc < 2 || argc > 4) { - printf("usage: %s [devicename] \n", argv[0]); - return WERR_OK; - } - - devicename = argv[1]; - - if (argc >= 3) { - flags = atoi(argv[2]); - } - - status = rpccli_PNP_GetDeviceListSize(cli, mem_ctx, - devicename, - &size, - flags, - &werr); - if (!NT_STATUS_IS_OK(status)) { - return ntstatus_to_werror(status); - } - - if (W_ERROR_IS_OK(werr)) { - printf("size: %d\n", size); - } - - return werr; -} - static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, @@ -215,15 +177,52 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_ntsvcs_get_dev_list_size(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + WERROR werr; + uint32_t size = 0; + uint32_t flags = 0; + const char *filter = NULL; + + if (argc > 3) { + printf("usage: %s [filter] [flags]\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + filter = argv[1]; + } + + if (argc >= 3) { + flags = atoi(argv[2]); + } + + status = rpccli_PNP_GetDeviceListSize(cli, mem_ctx, + filter, + &size, + flags, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + printf("size: %d\n", size); + + return werr; +} struct cmd_set ntsvcs_commands[] = { { "NTSVCS" }, { "ntsvcs_getversion", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_version, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS version", "" }, { "ntsvcs_validatedevinst", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_validate_dev_inst, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device instance", "" }, - { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_device_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS get device list", "" }, { "ntsvcs_hwprofflags", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_hw_prof_flags, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof flags", "" }, { "ntsvcs_hwprofinfo", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_hw_prof_info, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof info", "" }, { "ntsvcs_getdevregprop", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_reg_prop, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device registry property", "" }, + { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list size", "" }, { NULL } }; -- cgit From 17fe93f94b461c980d2deac648067101b22dae6a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 00:50:35 +0100 Subject: s3-rpcclient: add ntsvcs_getdevlist command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 46 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index b7dc718b51..a3ddde22a3 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -215,6 +215,51 @@ static WERROR cmd_ntsvcs_get_dev_list_size(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_ntsvcs_get_dev_list(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + WERROR werr; + const char *filter = NULL; + uint16_t *buffer = NULL; + uint32_t length = 0; + uint32_t flags = 0; + + if (argc > 3) { + printf("usage: %s [length] [filter]\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + length = atoi(argv[1]); + } + + if (argc >= 3) { + filter = argv[2]; + } + + buffer = talloc(mem_ctx, uint16_t); + if (!buffer) { + return WERR_NOMEM; + } + + status = rpccli_PNP_GetDeviceList(cli, mem_ctx, + filter, + buffer, + &length, + flags, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + printf("devlist needs size: %d\n", length); + + return werr; +} + struct cmd_set ntsvcs_commands[] = { { "NTSVCS" }, @@ -224,5 +269,6 @@ struct cmd_set ntsvcs_commands[] = { { "ntsvcs_hwprofinfo", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_hw_prof_info, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof info", "" }, { "ntsvcs_getdevregprop", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_reg_prop, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device registry property", "" }, { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list size", "" }, + { "ntsvcs_getdevlist", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list", "" }, { NULL } }; -- cgit From 8d8386cc4d3347b145768ed81ea97559a3912fef Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 00:59:35 +0100 Subject: ntsvcs: some corrections for the PNP_GetDeviceRegProp IDL. Guenther --- librpc/idl/ntsvcs.idl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/librpc/idl/ntsvcs.idl b/librpc/idl/ntsvcs.idl index 809ead90c3..d7bb051fde 100644 --- a/librpc/idl/ntsvcs.idl +++ b/librpc/idl/ntsvcs.idl @@ -2,6 +2,8 @@ plug and play services */ +import "winreg.idl"; + [ uuid("8d9f4e40-a03d-11ce-8f69-08003e30051b"), version(1.0), @@ -96,7 +98,7 @@ interface ntsvcs WERROR PNP_GetDeviceRegProp( [in,ref] [string,charset(UTF16)] uint16 *devicepath, [in] uint32 property, - [in,out,ref] uint32 *reg_data_type, + [in,out,ref] winreg_Type *reg_data_type, [out,ref] [size_is(*buffer_size)] [length_is(*buffer_size)] uint8 *buffer, [in,out,ref] uint32 *buffer_size, [in,out,ref] uint32 *needed, -- cgit From 0241b2cbdaf3f7f33ac5c15326957de7be734305 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:23:38 +0100 Subject: s3-rpcclient: some corrections for the PNP_GetDeviceRegProp client. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index a3ddde22a3..20d6928473 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -148,11 +148,11 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, WERROR werr; const char *devicepath = NULL; uint32_t property = DEV_REGPROP_DESC; - uint32_t unknown1 = 0; + uint32_t reg_data_type = REG_NONE; uint8_t buffer; uint32_t buffer_size = 0; - uint32_t unknown2 = 0; - uint32_t unknown3 = 0; + uint32_t needed = 0; + uint32_t flags = 0; if (argc < 2) { printf("usage: %s [devicepath]\n", argv[0]); @@ -161,14 +161,19 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, devicepath = argv[1]; + if (argc >= 3) { + buffer_size = atoi(argv[2]); + needed = buffer_size; + } + status = rpccli_PNP_GetDeviceRegProp(cli, mem_ctx, devicepath, property, - &unknown1, + ®_data_type, &buffer, &buffer_size, - &unknown2, - unknown3, + &needed, + flags, &werr); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); -- cgit From 0a77b1827d62945b4a308ae6cf23e9fb2bacdb24 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:18:55 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 2 +- source3/librpc/gen_ndr/cli_ntsvcs.h | 2 +- source3/librpc/gen_ndr/ndr_ntsvcs.c | 13 +++++++------ source3/librpc/gen_ndr/ntsvcs.h | 5 +++-- 4 files changed, 12 insertions(+), 10 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index f8ef7a99ad..ada700f6fa 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -564,7 +564,7 @@ NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *devicepath /* [in] [ref,charset(UTF16)] */, uint32_t property /* [in] */, - uint32_t *reg_data_type /* [in,out] [ref] */, + enum winreg_Type *reg_data_type /* [in,out] [ref] */, uint8_t *buffer /* [out] [ref,length_is(*buffer_size),size_is(*buffer_size)] */, uint32_t *buffer_size /* [in,out] [ref] */, uint32_t *needed /* [in,out] [ref] */, diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 4ed8a401ec..7de018c03c 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -54,7 +54,7 @@ NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *devicepath /* [in] [ref,charset(UTF16)] */, uint32_t property /* [in] */, - uint32_t *reg_data_type /* [in,out] [ref] */, + enum winreg_Type *reg_data_type /* [in,out] [ref] */, uint8_t *buffer /* [out] [ref,length_is(*buffer_size),size_is(*buffer_size)] */, uint32_t *buffer_size /* [in,out] [ref] */, uint32_t *needed /* [in,out] [ref] */, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index 35d02a0dcb..e1ed43e040 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3,6 +3,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_ntsvcs.h" +#include "librpc/gen_ndr/ndr_winreg.h" static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_flags, const struct PNP_HwProfInfo *r) { uint32_t cntr_unknown2_0; @@ -818,7 +819,7 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int if (r->in.reg_data_type == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.reg_data_type)); + NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->in.reg_data_type)); if (r->in.buffer_size == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -833,7 +834,7 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int if (r->out.reg_data_type == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.reg_data_type)); + NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->out.reg_data_type)); if (r->out.buffer == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -875,7 +876,7 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int } _mem_save_reg_data_type_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.reg_data_type, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.reg_data_type)); + NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->in.reg_data_type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.buffer_size); @@ -907,7 +908,7 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int } _mem_save_reg_data_type_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.reg_data_type, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.reg_data_type)); + NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->out.reg_data_type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); @@ -960,7 +961,7 @@ _PUBLIC_ void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char * ndr_print_uint32(ndr, "property", r->in.property); ndr_print_ptr(ndr, "reg_data_type", r->in.reg_data_type); ndr->depth++; - ndr_print_uint32(ndr, "reg_data_type", *r->in.reg_data_type); + ndr_print_winreg_Type(ndr, "reg_data_type", *r->in.reg_data_type); ndr->depth--; ndr_print_ptr(ndr, "buffer_size", r->in.buffer_size); ndr->depth++; @@ -978,7 +979,7 @@ _PUBLIC_ void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char * ndr->depth++; ndr_print_ptr(ndr, "reg_data_type", r->out.reg_data_type); ndr->depth++; - ndr_print_uint32(ndr, "reg_data_type", *r->out.reg_data_type); + ndr_print_winreg_Type(ndr, "reg_data_type", *r->out.reg_data_type); ndr->depth--; ndr_print_ptr(ndr, "buffer", r->out.buffer); ndr->depth++; diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index b56b552ae2..bfe503e5d3 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -2,6 +2,7 @@ #include +#include "librpc/gen_ndr/winreg.h" #ifndef _HEADER_ntsvcs #define _HEADER_ntsvcs @@ -142,14 +143,14 @@ struct PNP_GetDeviceRegProp { const char *devicepath;/* [ref,charset(UTF16)] */ uint32_t property; uint32_t flags; - uint32_t *reg_data_type;/* [ref] */ + enum winreg_Type *reg_data_type;/* [ref] */ uint32_t *buffer_size;/* [ref] */ uint32_t *needed;/* [ref] */ } in; struct { uint8_t *buffer;/* [ref,length_is(*buffer_size),size_is(*buffer_size)] */ - uint32_t *reg_data_type;/* [ref] */ + enum winreg_Type *reg_data_type;/* [ref] */ uint32_t *buffer_size;/* [ref] */ uint32_t *needed;/* [ref] */ WERROR result; -- cgit From 0afcf4d8f7093b3b78d71ec0aa00b6487a2917f5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 01:31:01 +0100 Subject: ntsvcs: fill in more unknowns in PNP_HwProfFlags IDL. Guenther --- librpc/idl/ntsvcs.idl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/librpc/idl/ntsvcs.idl b/librpc/idl/ntsvcs.idl index d7bb051fde..01d8104888 100644 --- a/librpc/idl/ntsvcs.idl +++ b/librpc/idl/ntsvcs.idl @@ -239,15 +239,15 @@ interface ntsvcs /* Function: 0x28 */ WERROR PNP_HwProfFlags( - [in] uint32 unknown1, + [in] uint32 action, [in,ref] [string,charset(UTF16)] uint16 *devicepath, - [in] uint32 unknown2, - [in,out,ref] uint32 *unknown3, - [in,out,unique] uint16 *unknown4, + [in] uint32 config, + [in,out,ref] uint32 *profile_flags, + [in,out,unique] uint16 *veto_type, [in,unique] [string,charset(UTF16)] uint16 *unknown5, [out,unique] [string,charset(UTF16)] uint16 **unknown5a, - [in] uint32 unknown6, - [in] uint32 unknown7 + [in] uint32 name_length, + [in] uint32 flags ); /******************/ -- cgit From 2ea5e222c581fd7709345dfbc51c8f0565f7bb67 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:36:08 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 30 ++++---- source3/librpc/gen_ndr/cli_ntsvcs.h | 12 ++-- source3/librpc/gen_ndr/ndr_ntsvcs.c | 134 ++++++++++++++++++------------------ source3/librpc/gen_ndr/ntsvcs.h | 16 ++--- source3/librpc/gen_ndr/srv_ntsvcs.c | 4 +- 5 files changed, 98 insertions(+), 98 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index ada700f6fa..5803af4072 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -1686,29 +1686,29 @@ NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli, NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32_t unknown1 /* [in] */, + uint32_t action /* [in] */, const char *devicepath /* [in] [ref,charset(UTF16)] */, - uint32_t unknown2 /* [in] */, - uint32_t *unknown3 /* [in,out] [ref] */, - uint16_t *unknown4 /* [in,out] [unique] */, + uint32_t config /* [in] */, + uint32_t *profile_flags /* [in,out] [ref] */, + uint16_t *veto_type /* [in,out] [unique] */, const char *unknown5 /* [in] [unique,charset(UTF16)] */, const char **unknown5a /* [out] [unique,charset(UTF16)] */, - uint32_t unknown6 /* [in] */, - uint32_t unknown7 /* [in] */, + uint32_t name_length /* [in] */, + uint32_t flags /* [in] */, WERROR *werror) { struct PNP_HwProfFlags r; NTSTATUS status; /* In parameters */ - r.in.unknown1 = unknown1; + r.in.action = action; r.in.devicepath = devicepath; - r.in.unknown2 = unknown2; - r.in.unknown3 = unknown3; - r.in.unknown4 = unknown4; + r.in.config = config; + r.in.profile_flags = profile_flags; + r.in.veto_type = veto_type; r.in.unknown5 = unknown5; - r.in.unknown6 = unknown6; - r.in.unknown7 = unknown7; + r.in.name_length = name_length; + r.in.flags = flags; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(PNP_HwProfFlags, &r); @@ -1733,9 +1733,9 @@ NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, } /* Return variables */ - *unknown3 = *r.out.unknown3; - if (unknown4 && r.out.unknown4) { - *unknown4 = *r.out.unknown4; + *profile_flags = *r.out.profile_flags; + if (veto_type && r.out.veto_type) { + *veto_type = *r.out.veto_type; } if (unknown5a && r.out.unknown5a) { *unknown5a = *r.out.unknown5a; diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 7de018c03c..05c6ed411b 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -140,15 +140,15 @@ NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli, WERROR *werror); NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32_t unknown1 /* [in] */, + uint32_t action /* [in] */, const char *devicepath /* [in] [ref,charset(UTF16)] */, - uint32_t unknown2 /* [in] */, - uint32_t *unknown3 /* [in,out] [ref] */, - uint16_t *unknown4 /* [in,out] [unique] */, + uint32_t config /* [in] */, + uint32_t *profile_flags /* [in,out] [ref] */, + uint16_t *veto_type /* [in,out] [unique] */, const char *unknown5 /* [in] [unique,charset(UTF16)] */, const char **unknown5a /* [out] [unique,charset(UTF16)] */, - uint32_t unknown6 /* [in] */, - uint32_t unknown7 /* [in] */, + uint32_t name_length /* [in] */, + uint32_t flags /* [in] */, WERROR *werror); NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index e1ed43e040..a382b0696d 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -2068,7 +2068,7 @@ _PUBLIC_ void ndr_print_PNP_RequestEjectPC(struct ndr_print *ndr, const char *na static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flags, const struct PNP_HwProfFlags *r) { if (flags & NDR_IN) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.action)); if (r->in.devicepath == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -2076,14 +2076,14 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.devicepath, ndr_charset_length(r->in.devicepath, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); - if (r->in.unknown3 == NULL) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.config)); + if (r->in.profile_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.unknown3)); - NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown4)); - if (r->in.unknown4) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.unknown4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.profile_flags)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.veto_type)); + if (r->in.veto_type) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.veto_type)); } NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown5)); if (r->in.unknown5) { @@ -2092,17 +2092,17 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.unknown5, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.unknown5, ndr_charset_length(r->in.unknown5, CH_UTF16), sizeof(uint16_t), CH_UTF16)); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown6)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown7)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.name_length)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); } if (flags & NDR_OUT) { - if (r->out.unknown3 == NULL) { + if (r->out.profile_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.unknown3)); - NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown4)); - if (r->out.unknown4) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.unknown4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.profile_flags)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.veto_type)); + if (r->out.veto_type) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.veto_type)); } NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown5a)); if (r->out.unknown5a) { @@ -2121,18 +2121,18 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r) { - uint32_t _ptr_unknown4; + uint32_t _ptr_veto_type; uint32_t _ptr_unknown5; uint32_t _ptr_unknown5a; - TALLOC_CTX *_mem_save_unknown3_0; - TALLOC_CTX *_mem_save_unknown4_0; + TALLOC_CTX *_mem_save_profile_flags_0; + TALLOC_CTX *_mem_save_veto_type_0; TALLOC_CTX *_mem_save_unknown5_0; TALLOC_CTX *_mem_save_unknown5a_0; TALLOC_CTX *_mem_save_unknown5a_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.action)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { @@ -2140,25 +2140,25 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag } NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.config)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->in.unknown3); - } - _mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown3, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.unknown3)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4)); - if (_ptr_unknown4) { - NDR_PULL_ALLOC(ndr, r->in.unknown4); + NDR_PULL_ALLOC(ndr, r->in.profile_flags); + } + _mem_save_profile_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.profile_flags, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.profile_flags)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_profile_flags_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_veto_type)); + if (_ptr_veto_type) { + NDR_PULL_ALLOC(ndr, r->in.veto_type); } else { - r->in.unknown4 = NULL; + r->in.veto_type = NULL; } - if (r->in.unknown4) { - _mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown4, 0); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.unknown4)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); + if (r->in.veto_type) { + _mem_save_veto_type_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.veto_type, 0); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.veto_type)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_veto_type_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5)); if (_ptr_unknown5) { @@ -2178,30 +2178,30 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0); } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown6)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown7)); - NDR_PULL_ALLOC(ndr, r->out.unknown3); - *r->out.unknown3 = *r->in.unknown3; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_length)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); + NDR_PULL_ALLOC(ndr, r->out.profile_flags); + *r->out.profile_flags = *r->in.profile_flags; } if (flags & NDR_OUT) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->out.unknown3); - } - _mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown3, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.unknown3)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4)); - if (_ptr_unknown4) { - NDR_PULL_ALLOC(ndr, r->out.unknown4); + NDR_PULL_ALLOC(ndr, r->out.profile_flags); + } + _mem_save_profile_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.profile_flags, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.profile_flags)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_profile_flags_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_veto_type)); + if (_ptr_veto_type) { + NDR_PULL_ALLOC(ndr, r->out.veto_type); } else { - r->out.unknown4 = NULL; + r->out.veto_type = NULL; } - if (r->out.unknown4) { - _mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown4, 0); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.unknown4)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); + if (r->out.veto_type) { + _mem_save_veto_type_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.veto_type, 0); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.veto_type)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_veto_type_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5a)); if (_ptr_unknown5a) { @@ -2247,20 +2247,20 @@ _PUBLIC_ void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, if (flags & NDR_IN) { ndr_print_struct(ndr, "in", "PNP_HwProfFlags"); ndr->depth++; - ndr_print_uint32(ndr, "unknown1", r->in.unknown1); + ndr_print_uint32(ndr, "action", r->in.action); ndr_print_ptr(ndr, "devicepath", r->in.devicepath); ndr->depth++; ndr_print_string(ndr, "devicepath", r->in.devicepath); ndr->depth--; - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); - ndr_print_ptr(ndr, "unknown3", r->in.unknown3); + ndr_print_uint32(ndr, "config", r->in.config); + ndr_print_ptr(ndr, "profile_flags", r->in.profile_flags); ndr->depth++; - ndr_print_uint32(ndr, "unknown3", *r->in.unknown3); + ndr_print_uint32(ndr, "profile_flags", *r->in.profile_flags); ndr->depth--; - ndr_print_ptr(ndr, "unknown4", r->in.unknown4); + ndr_print_ptr(ndr, "veto_type", r->in.veto_type); ndr->depth++; - if (r->in.unknown4) { - ndr_print_uint16(ndr, "unknown4", *r->in.unknown4); + if (r->in.veto_type) { + ndr_print_uint16(ndr, "veto_type", *r->in.veto_type); } ndr->depth--; ndr_print_ptr(ndr, "unknown5", r->in.unknown5); @@ -2269,21 +2269,21 @@ _PUBLIC_ void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, ndr_print_string(ndr, "unknown5", r->in.unknown5); } ndr->depth--; - ndr_print_uint32(ndr, "unknown6", r->in.unknown6); - ndr_print_uint32(ndr, "unknown7", r->in.unknown7); + ndr_print_uint32(ndr, "name_length", r->in.name_length); + ndr_print_uint32(ndr, "flags", r->in.flags); ndr->depth--; } if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "PNP_HwProfFlags"); ndr->depth++; - ndr_print_ptr(ndr, "unknown3", r->out.unknown3); + ndr_print_ptr(ndr, "profile_flags", r->out.profile_flags); ndr->depth++; - ndr_print_uint32(ndr, "unknown3", *r->out.unknown3); + ndr_print_uint32(ndr, "profile_flags", *r->out.profile_flags); ndr->depth--; - ndr_print_ptr(ndr, "unknown4", r->out.unknown4); + ndr_print_ptr(ndr, "veto_type", r->out.veto_type); ndr->depth++; - if (r->out.unknown4) { - ndr_print_uint16(ndr, "unknown4", *r->out.unknown4); + if (r->out.veto_type) { + ndr_print_uint16(ndr, "veto_type", *r->out.veto_type); } ndr->depth--; ndr_print_ptr(ndr, "unknown5a", r->out.unknown5a); diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index bfe503e5d3..5502270bca 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -369,20 +369,20 @@ struct PNP_RequestEjectPC { struct PNP_HwProfFlags { struct { - uint32_t unknown1; + uint32_t action; const char *devicepath;/* [ref,charset(UTF16)] */ - uint32_t unknown2; + uint32_t config; const char *unknown5;/* [unique,charset(UTF16)] */ - uint32_t unknown6; - uint32_t unknown7; - uint32_t *unknown3;/* [ref] */ - uint16_t *unknown4;/* [unique] */ + uint32_t name_length; + uint32_t flags; + uint32_t *profile_flags;/* [ref] */ + uint16_t *veto_type;/* [unique] */ } in; struct { const char **unknown5a;/* [unique,charset(UTF16)] */ - uint32_t *unknown3;/* [ref] */ - uint16_t *unknown4;/* [unique] */ + uint32_t *profile_flags;/* [ref] */ + uint16_t *veto_type;/* [unique] */ WERROR result; } out; diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.c b/source3/librpc/gen_ndr/srv_ntsvcs.c index 87f5d51695..ae28b9932e 100644 --- a/source3/librpc/gen_ndr/srv_ntsvcs.c +++ b/source3/librpc/gen_ndr/srv_ntsvcs.c @@ -2997,8 +2997,8 @@ static bool api_PNP_HwProfFlags(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.unknown3 = r->in.unknown3; - r->out.unknown4 = r->in.unknown4; + r->out.profile_flags = r->in.profile_flags; + r->out.veto_type = r->in.veto_type; r->out.unknown5a = talloc_zero(r, const char *); if (r->out.unknown5a == NULL) { talloc_free(r); -- cgit From 0bb86657311cc753f258b9f10c2204ded3832c2c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:28:05 +0100 Subject: s3-rpcclient: correct some former unknonws in cmd_ntsvcs_hw_prof_flags command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 20d6928473..7a25352943 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -83,8 +83,8 @@ static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, NTSTATUS status; WERROR werr; const char *devicepath = NULL; - uint32_t unk3 = 0; - uint16_t unk4 = 0; + uint32_t profile_flags = 0; + uint16_t veto_type = 0; const char *unk5 = NULL; const char *unk5a = NULL; @@ -99,8 +99,8 @@ static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, 0, devicepath, 0, - &unk3, - &unk4, + &profile_flags, + &veto_type, unk5, &unk5a, 0, -- cgit From 1f87fc798d58dc27152b236e6e66c89684007b2a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:21:53 +0100 Subject: ntsvcs: use both named-pipe endpoints. Guenther --- librpc/idl/ntsvcs.idl | 1 + source3/librpc/gen_ndr/ndr_ntsvcs.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/librpc/idl/ntsvcs.idl b/librpc/idl/ntsvcs.idl index 01d8104888..9f752cd027 100644 --- a/librpc/idl/ntsvcs.idl +++ b/librpc/idl/ntsvcs.idl @@ -7,6 +7,7 @@ import "winreg.idl"; [ uuid("8d9f4e40-a03d-11ce-8f69-08003e30051b"), version(1.0), + endpoint("ncacn_np:[\\pipe\\ntsvcs]","ncacn_np:[\\pipe\\plugplay]"), helpstring("Plug and Play services") ] interface ntsvcs diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index a382b0696d..717792861d 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3857,10 +3857,11 @@ static const struct ndr_interface_call ntsvcs_calls[] = { static const char * const ntsvcs_endpoint_strings[] = { "ncacn_np:[\\pipe\\ntsvcs]", + "ncacn_np:[\\pipe\\plugplay]", }; static const struct ndr_interface_string_array ntsvcs_endpoints = { - .count = 1, + .count = 2, .names = ntsvcs_endpoint_strings }; -- cgit From 663c1d52f60f7ca3ffe3b0ea537e37541c936583 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 01:31:48 +0100 Subject: ntsvcs: fill in some more formerly unknowns in PNP_GetHwProfInfo. Guenther --- librpc/idl/ntsvcs.idl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/librpc/idl/ntsvcs.idl b/librpc/idl/ntsvcs.idl index 9f752cd027..d50243534e 100644 --- a/librpc/idl/ntsvcs.idl +++ b/librpc/idl/ntsvcs.idl @@ -255,16 +255,16 @@ interface ntsvcs /* Function: 0x29 */ typedef struct { - uint32 unknown1; - uint16 unknown2[160]; - uint32 unknown3; + uint32 profile_handle; + uint16 friendly_name[80]; + uint32 flags; } PNP_HwProfInfo; WERROR PNP_GetHwProfInfo( [in] uint32 idx, [in,out,ref] PNP_HwProfInfo *info, - [in] uint32 unknown1, - [in] uint32 unknown2 + [in] uint32 size, + [in] uint32 flags ); /******************/ -- cgit From 92f64d3df59845edc421ea3607d0fee9059d39e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:30:46 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 8 +++---- source3/librpc/gen_ndr/cli_ntsvcs.h | 4 ++-- source3/librpc/gen_ndr/ndr_ntsvcs.c | 46 ++++++++++++++++++------------------- source3/librpc/gen_ndr/ntsvcs.h | 10 ++++---- 4 files changed, 34 insertions(+), 34 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index 5803af4072..0f97970e0b 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -1753,8 +1753,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32_t idx /* [in] */, struct PNP_HwProfInfo *info /* [in,out] [ref] */, - uint32_t unknown1 /* [in] */, - uint32_t unknown2 /* [in] */, + uint32_t size /* [in] */, + uint32_t flags /* [in] */, WERROR *werror) { struct PNP_GetHwProfInfo r; @@ -1763,8 +1763,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, /* In parameters */ r.in.idx = idx; r.in.info = info; - r.in.unknown1 = unknown1; - r.in.unknown2 = unknown2; + r.in.size = size; + r.in.flags = flags; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(PNP_GetHwProfInfo, &r); diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 05c6ed411b..fc4a9f4a71 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -154,8 +154,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32_t idx /* [in] */, struct PNP_HwProfInfo *info /* [in,out] [ref] */, - uint32_t unknown1 /* [in] */, - uint32_t unknown2 /* [in] */, + uint32_t size /* [in] */, + uint32_t flags /* [in] */, WERROR *werror); NTSTATUS rpccli_PNP_AddEmptyLogConf(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index 717792861d..a63ed6f77a 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -6,14 +6,14 @@ #include "librpc/gen_ndr/ndr_winreg.h" static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_flags, const struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1)); - for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->unknown2[cntr_unknown2_0])); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->profile_handle)); + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->friendly_name[cntr_friendly_name_0])); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown3)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->flags)); } if (ndr_flags & NDR_BUFFERS) { } @@ -22,14 +22,14 @@ static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); - for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) { - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->unknown2[cntr_unknown2_0])); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->profile_handle)); + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->friendly_name[cntr_friendly_name_0])); } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); } if (ndr_flags & NDR_BUFFERS) { } @@ -38,21 +38,21 @@ static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_f _PUBLIC_ void ndr_print_PNP_HwProfInfo(struct ndr_print *ndr, const char *name, const struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; ndr_print_struct(ndr, name, "PNP_HwProfInfo"); ndr->depth++; - ndr_print_uint32(ndr, "unknown1", r->unknown1); - ndr->print(ndr, "%s: ARRAY(%d)", "unknown2", (int)160); + ndr_print_uint32(ndr, "profile_handle", r->profile_handle); + ndr->print(ndr, "%s: ARRAY(%d)", "friendly_name", (int)80); ndr->depth++; - for (cntr_unknown2_0=0;cntr_unknown2_0<160;cntr_unknown2_0++) { + for (cntr_friendly_name_0=0;cntr_friendly_name_0<80;cntr_friendly_name_0++) { char *idx_0=NULL; - if (asprintf(&idx_0, "[%d]", cntr_unknown2_0) != -1) { - ndr_print_uint16(ndr, "unknown2", r->unknown2[cntr_unknown2_0]); + if (asprintf(&idx_0, "[%d]", cntr_friendly_name_0) != -1) { + ndr_print_uint16(ndr, "friendly_name", r->friendly_name[cntr_friendly_name_0]); free(idx_0); } } ndr->depth--; - ndr_print_uint32(ndr, "unknown3", r->unknown3); + ndr_print_uint32(ndr, "flags", r->flags); ndr->depth--; } @@ -2311,8 +2311,8 @@ static enum ndr_err_code ndr_push_PNP_GetHwProfInfo(struct ndr_push *ndr, int fl return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); } if (flags & NDR_OUT) { if (r->out.info == NULL) { @@ -2338,8 +2338,8 @@ static enum ndr_err_code ndr_pull_PNP_GetHwProfInfo(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_PULL_ALLOC(ndr, r->out.info); *r->out.info = *r->in.info; } @@ -2371,8 +2371,8 @@ _PUBLIC_ void ndr_print_PNP_GetHwProfInfo(struct ndr_print *ndr, const char *nam ndr->depth++; ndr_print_PNP_HwProfInfo(ndr, "info", r->in.info); ndr->depth--; - ndr_print_uint32(ndr, "unknown1", r->in.unknown1); - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); + ndr_print_uint32(ndr, "size", r->in.size); + ndr_print_uint32(ndr, "flags", r->in.flags); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index 5502270bca..5021aa2252 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -8,9 +8,9 @@ #define DEV_REGPROP_DESC ( 1 ) struct PNP_HwProfInfo { - uint32_t unknown1; - uint16_t unknown2[160]; - uint32_t unknown3; + uint32_t profile_handle; + uint16_t friendly_name[80]; + uint32_t flags; }; @@ -392,8 +392,8 @@ struct PNP_HwProfFlags { struct PNP_GetHwProfInfo { struct { uint32_t idx; - uint32_t unknown1; - uint32_t unknown2; + uint32_t size; + uint32_t flags; struct PNP_HwProfInfo *info;/* [ref] */ } in; -- cgit From 67018ed8bdd867f0612f2c559267cba6a67e4b2d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 12:36:07 +0100 Subject: s4-smbtorture: add very basic RPC-NTSVCS test. Guenther --- source4/selftest/skip | 1 + source4/torture/config.mk | 4 +- source4/torture/rpc/ntsvcs.c | 129 +++++++++++++++++++++++++++++++++++++++++++ source4/torture/rpc/rpc.c | 1 + 4 files changed, 133 insertions(+), 2 deletions(-) create mode 100644 source4/torture/rpc/ntsvcs.c diff --git a/source4/selftest/skip b/source4/selftest/skip index e3e2d2d525..a3dfdbfbb7 100644 --- a/source4/selftest/skip +++ b/source4/selftest/skip @@ -49,6 +49,7 @@ rpc.initshutdown # Not provided by Samba 4 rpc.svcctl # Not provided by Samba 4 rpc.atsvc # Not provided by Samba 4 rpc.frsapi # Not provided by Samba 4 +rpc.ntsvcs # Not provided by Samba 4 ^samba4.base.samba3.* # Samba3-specific test ^samba4.ntvfs.cifs.base.samba3.* # Samba3-specific test ^samba4.raw.samba3.* # Samba3-specific test diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 8b12f36f95..443cdda936 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -105,7 +105,7 @@ PRIVATE_DEPENDENCIES = \ RPC_NDR_NETLOGON dcerpc_atsvc dcerpc_mgmt RPC_NDR_DRSUAPI \ RPC_NDR_LSA RPC_NDR_EPMAPPER RPC_NDR_DFS RPC_NDR_FRSAPI RPC_NDR_SPOOLSS \ RPC_NDR_SRVSVC RPC_NDR_WKSSVC RPC_NDR_ROT RPC_NDR_DSSETUP \ - RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER WB_HELPER LIBSAMBA-NET \ + RPC_NDR_REMACT RPC_NDR_OXIDRESOLVER RPC_NDR_NTSVCS WB_HELPER LIBSAMBA-NET \ LIBCLI_AUTH POPT_CREDENTIALS TORTURE_LDAP TORTURE_UTIL TORTURE_RAP \ dcerpc_server service process_model ntvfs SERVICE_SMB @@ -116,7 +116,7 @@ torture_rpc_OBJ_FILES = $(addprefix $(torturesrcdir)/rpc/, \ eventlog.o epmapper.o winreg.o initshutdown.o oxidresolve.o remact.o mgmt.o \ scanner.o autoidl.o countcalls.o testjoin.o schannel.o netlogon.o remote_pac.o samlogon.o \ samsync.o bind.o dssetup.o alter_context.o bench.o samba3rpc.o rpc.o async_bind.o \ - handles.o frsapi.o object_uuid.o) + handles.o frsapi.o object_uuid.o ntsvcs.o) $(eval $(call proto_header_template,$(torturesrcdir)/rpc/proto.h,$(torture_rpc_OBJ_FILES:.o=.c))) diff --git a/source4/torture/rpc/ntsvcs.c b/source4/torture/rpc/ntsvcs.c new file mode 100644 index 0000000000..10c1ce21f3 --- /dev/null +++ b/source4/torture/rpc/ntsvcs.c @@ -0,0 +1,129 @@ +/* + Unix SMB/CIFS implementation. + test suite for rpc ntsvcs operations + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "torture/torture.h" +#include "torture/rpc/rpc.h" +#include "librpc/gen_ndr/ndr_ntsvcs_c.h" +#include "torture/util.h" +#include "param/param.h" + +static bool test_PNP_GetVersion(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + NTSTATUS status; + struct PNP_GetVersion r; + uint16_t version = 0; + + r.out.version = &version; + + status = dcerpc_PNP_GetVersion(p, tctx, &r); + + torture_assert_ntstatus_ok(tctx, status, "PNP_GetVersion"); + torture_assert_werr_ok(tctx, r.out.result, "PNP_GetVersion"); + torture_assert_int_equal(tctx, version, 0x400, "invalid version"); + + return true; +} + +static bool test_PNP_GetDeviceListSize(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + NTSTATUS status; + struct PNP_GetDeviceListSize r; + uint32_t size = 0; + + r.in.devicename = NULL; + r.in.flags = 0; + r.out.size = &size; + + status = dcerpc_PNP_GetDeviceListSize(p, tctx, &r); + + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceListSize"); + torture_assert_werr_ok(tctx, r.out.result, "PNP_GetDeviceListSize"); + + return true; +} + +static bool test_PNP_GetDeviceList(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + NTSTATUS status; + struct PNP_GetDeviceList r; + uint16_t *buffer = NULL; + uint32_t length = 0; + + buffer = talloc_array(tctx, uint16_t, 0); + + r.in.filter = NULL; + r.in.flags = 0; + r.in.length = &length; + r.out.length = &length; + r.out.buffer = buffer; + + status = dcerpc_PNP_GetDeviceList(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceList"); + + if (W_ERROR_EQUAL(r.out.result, WERR_CM_BUFFER_SMALL)) { + struct PNP_GetDeviceListSize s; + + s.in.devicename = NULL; + s.in.flags = 0; + s.out.size = &length; + + status = dcerpc_PNP_GetDeviceListSize(p, tctx, &s); + + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceListSize"); + torture_assert_werr_ok(tctx, s.out.result, "PNP_GetDeviceListSize"); + } + + buffer = talloc_array(tctx, uint16_t, length); + + r.in.length = &length; + r.out.length = &length; + r.out.buffer = buffer; + + status = dcerpc_PNP_GetDeviceList(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceList"); + torture_assert_werr_ok(tctx, r.out.result, "PNP_GetDeviceList"); + + return true; +} + + +struct torture_suite *torture_rpc_ntsvcs(TALLOC_CTX *mem_ctx) +{ + struct torture_rpc_tcase *tcase; + struct torture_suite *suite = torture_suite_create(mem_ctx, "NTSVCS"); + struct torture_test *test; + + tcase = torture_suite_add_rpc_iface_tcase(suite, "ntsvcs", + &ndr_table_ntsvcs); + + test = torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceList", + test_PNP_GetDeviceList); + test = torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceListSize", + test_PNP_GetDeviceListSize); + test = torture_rpc_tcase_add_test(tcase, "PNP_GetVersion", + test_PNP_GetVersion); + + return suite; +} diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 2fcf700c36..7fe5827ea1 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -438,6 +438,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "DSSYNC", torture_rpc_dssync); torture_suite_add_simple_test(suite, "BENCH-RPC", torture_bench_rpc); torture_suite_add_simple_test(suite, "ASYNCBIND", torture_async_bind); + torture_suite_add_suite(suite, torture_rpc_ntsvcs(suite)); suite->description = talloc_strdup(suite, "DCE/RPC protocol and interface tests"); -- cgit From 7f36d3b55051150b9d4fa75af424898f48c48771 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 14:27:51 +0100 Subject: pam_winbind: fix what data we put into the blobs. Guenther --- source3/nsswitch/pam_winbind.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1c927259e5..0c861e9f97 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1615,14 +1615,16 @@ static int winbind_auth_request(struct pwb_context *ctx, logon.username = user; logon.password = pass; - wbc_status = wbcAddNamedBlob(&logon.num_blobs, - &logon.blobs, - "krb5_cc_type", - 0, - (uint8_t *)cctype, - strlen(cctype)+1); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto done; + if (cctype) { + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "krb5_cc_type", + 0, + (uint8_t *)cctype, + strlen(cctype)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } } wbc_status = wbcAddNamedBlob(&logon.num_blobs, @@ -1645,14 +1647,16 @@ static int winbind_auth_request(struct pwb_context *ctx, goto done; } - wbc_status = wbcAddNamedBlob(&logon.num_blobs, - &logon.blobs, - "membership_of", - 0, - (uint8_t *)membership_of, - sizeof(membership_of)); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto done; + if (member) { + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "membership_of", + 0, + (uint8_t *)membership_of, + sizeof(membership_of)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } } wbc_status = wbcLogonUser(&logon, &info, &error, &policy); -- cgit From d38bffd4126062b92384f0930196059441a2d765 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 5 Nov 2008 13:40:03 -0800 Subject: s3: Add support for storing dos attributes as st_flags in the stat struct. Some filesystems have support for storing dos attributes directly in the inode's st_flags and accessing them through the stat struct. This patch: - Adds a configure check to see if the special flags are available. - Implements getting and setting dos attributes in the stat struct and inode, respectively. This will not change the existing functionality of any system that doesn't have the special flags available. --- source3/configure.in | 19 ++++++ source3/smbd/dosmode.c | 160 +++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 166 insertions(+), 13 deletions(-) diff --git a/source3/configure.in b/source3/configure.in index 5e3eac55e2..24341e0bec 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1433,6 +1433,25 @@ if test x"$samba_cv_stat_st_birthtime" = x"yes" ; then AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime]) fi +AC_CACHE_CHECK([whether there is DOS flags support in the stat struct], samba_cv_stat_dos_flags, + [ + AC_TRY_COMPILE( + [#include ], + [ + int a = UF_DOS_ARCHIVE; + int h = UF_DOS_HIDDEN; + int r = UF_DOS_RO; + int s = UF_DOS_SYSTEM; + int i = UF_DOS_NOINDEX; + int f = UF_DOS_FLAGS; + ], + samba_cv_stat_dos_flags=yes, samba_cv_stat_dos_flags=no) + ]) + +if test x"$samba_cv_stat_dos_flags" = x"yes" ; then + AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct]) +fi + ##################################### # needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 784b36d9bd..954cd5a4d2 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -30,6 +30,17 @@ static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf) return 0; } +static int set_link_read_only_flag(const SMB_STRUCT_STAT *const sbuf) +{ +#ifdef S_ISLNK +#if LINKS_READ_ONLY + if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode)) + return aRONLY; +#endif +#endif + return 0; +} + /**************************************************************************** Change a dos mode to a unix mode. Base permission for files: @@ -159,13 +170,7 @@ static uint32 dos_mode_from_sbuf(connection_struct *conn, const char *path, SMB_ result = aDIR | (result & aRONLY); result |= set_sparse_flag(sbuf); - -#ifdef S_ISLNK -#if LINKS_READ_ONLY - if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode)) - result |= aRONLY; -#endif -#endif + result |= set_link_read_only_flag(sbuf); DEBUG(8,("dos_mode_from_sbuf returning ")); @@ -343,6 +348,113 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT return(result); } +#ifdef HAVE_STAT_DOS_FLAGS +/**************************************************************************** + Convert dos attributes (FILE_ATTRIBUTE_*) to dos stat flags (UF_*) +****************************************************************************/ + +static int dos_attributes_to_stat_dos_flags(uint32_t dosmode) +{ + uint32_t dos_stat_flags = 0; + + if (dosmode & aARCH) + dos_stat_flags |= UF_DOS_ARCHIVE; + if (dosmode & aHIDDEN) + dos_stat_flags |= UF_DOS_HIDDEN; + if (dosmode & aRONLY) + dos_stat_flags |= UF_DOS_RO; + if (dosmode & aSYSTEM) + dos_stat_flags |= UF_DOS_SYSTEM; + if (dosmode & FILE_ATTRIBUTE_NONINDEXED) + dos_stat_flags |= UF_DOS_NOINDEX; + + return dos_stat_flags; +} + +/**************************************************************************** + Gets DOS attributes, accessed via st_flags in the stat struct. +****************************************************************************/ + +static bool get_stat_dos_flags(connection_struct *conn, + const char *fname, + const SMB_STRUCT_STAT *sbuf, + uint32_t *dosmode) +{ + SMB_ASSERT(sbuf && VALID_STAT(*sbuf)); + SMB_ASSERT(dosmode); + + if (!lp_store_dos_attributes(SNUM(conn))) { + return false; + } + + DEBUG(5, ("Getting stat dos attributes for %s.\n", fname)); + + if (sbuf->st_flags & UF_DOS_ARCHIVE) + *dosmode |= aARCH; + if (sbuf->st_flags & UF_DOS_HIDDEN) + *dosmode |= aHIDDEN; + if (sbuf->st_flags & UF_DOS_RO) + *dosmode |= aRONLY; + if (sbuf->st_flags & UF_DOS_SYSTEM) + *dosmode |= aSYSTEM; + if (sbuf->st_flags & UF_DOS_NOINDEX) + *dosmode |= FILE_ATTRIBUTE_NONINDEXED; + if (S_ISDIR(sbuf->st_mode)) + *dosmode |= aDIR; + + *dosmode |= set_sparse_flag(sbuf); + *dosmode |= set_link_read_only_flag(sbuf); + + return true; +} + +/**************************************************************************** + Sets DOS attributes, stored in st_flags of the inode. +****************************************************************************/ + +static bool set_stat_dos_flags(connection_struct *conn, + const char *fname, + SMB_STRUCT_STAT *sbuf, + uint32_t dosmode, + bool *attributes_changed) +{ + uint32_t new_flags = 0; + int error = 0; + + SMB_ASSERT(sbuf && VALID_STAT(*sbuf)); + SMB_ASSERT(attributes_changed); + + *attributes_changed = false; + + if (!lp_store_dos_attributes(SNUM(conn))) { + return false; + } + + DEBUG(5, ("Setting stat dos attributes for %s.\n", fname)); + + new_flags = (sbuf->st_flags & ~UF_DOS_FLAGS) | + dos_attributes_to_stat_dos_flags(dosmode); + + /* Return early if no flags changed. */ + if (new_flags == sbuf->st_flags) + return true; + + DEBUG(5, ("Setting stat dos attributes=0x%x, prev=0x%x\n", new_flags, + sbuf->st_flags)); + + /* Set new flags with chflags. */ + error = SMB_VFS_CHFLAGS(conn, fname, new_flags); + if (error) { + DEBUG(0, ("Failed setting new stat dos attributes (0x%x) on " + "file %s! errno=%d\n", new_flags, fname, errno)); + return false; + } + + *attributes_changed = true; + return true; +} +#endif /* HAVE_STAT_DOS_FLAGS */ + /**************************************************************************** Change a unix mode to a dos mode. ****************************************************************************/ @@ -350,7 +462,7 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) { uint32 result = 0; - bool offline; + bool offline, used_stat_dos_flags = false; DEBUG(8,("dos_mode: %s\n", path)); @@ -373,11 +485,16 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) } } - /* Get the DOS attributes from an EA by preference. */ - if (get_ea_dos_attribute(conn, path, sbuf, &result)) { - result |= set_sparse_flag(sbuf); - } else { - result |= dos_mode_from_sbuf(conn, path, sbuf); +#ifdef HAVE_STAT_DOS_FLAGS + used_stat_dos_flags = get_stat_dos_flags(conn, path, sbuf, &result); +#endif + if (!used_stat_dos_flags) { + /* Get the DOS attributes from an EA by preference. */ + if (get_ea_dos_attribute(conn, path, sbuf, &result)) { + result |= set_sparse_flag(sbuf); + } else { + result |= dos_mode_from_sbuf(conn, path, sbuf); + } } @@ -468,6 +585,23 @@ int file_set_dosmode(connection_struct *conn, const char *fname, return(0); } +#ifdef HAVE_STAT_DOS_FLAGS + { + bool attributes_changed; + + if (set_stat_dos_flags(conn, fname, st, dosmode, + &attributes_changed)) + { + if (!newfile && attributes_changed) { + notify_fname(conn, NOTIFY_ACTION_MODIFIED, + FILE_NOTIFY_CHANGE_ATTRIBUTES, fname); + } + st->st_mode = unixmode; + return 0; + } + } +#endif + /* Store the DOS attributes in an EA by preference. */ if (set_ea_dos_attribute(conn, fname, st, dosmode)) { if (!newfile) { -- cgit From d67e7f3e15d73201dce2b73ce74c5d5c1cbcf524 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Nov 2008 14:06:47 -0800 Subject: Fix memory leak in error path, spotted by Martin Zielinski . Jeremy. --- source3/winbindd/winbindd_passdb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 5677c01be1..0cf4540cfe 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -267,6 +267,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, } if ( !pdb_getsampwsid( user, user_sid ) ) { + TALLOC_FREE( user ); return NT_STATUS_NO_SUCH_USER; } -- cgit From 9efed3b93632fcb934fa548194536802dcc3c287 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Sun, 9 Nov 2008 22:23:46 -0800 Subject: s3/s4 build: Add additional LDFLAGS in check_python.m4 to allow it to pass on more systems I tested on a few different flavors of linux and FreeBSD. I'll keep an eye on the build machine to see if anything breaks. --- source4/build/m4/check_python.m4 | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/source4/build/m4/check_python.m4 b/source4/build/m4/check_python.m4 index 96f93a3d75..7e56af76f7 100644 --- a/source4/build/m4/check_python.m4 +++ b/source4/build/m4/check_python.m4 @@ -71,8 +71,19 @@ AC_DEFUN([AC_SAMBA_PYTHON_DEVEL], if test x$PYTHON != x then - DISTUTILS_CFLAGS=`$PYTHON -c "from distutils import sysconfig; print '-I%s -I%s %s' % (sysconfig.get_python_inc(), sysconfig.get_python_inc(plat_specific=1), sysconfig.get_config_var('CFLAGS'))"` - DISTUTILS_LDFLAGS=`$PYTHON -c "from distutils import sysconfig; print '%s %s -lpython%s -L%s' % (sysconfig.get_config_var('LIBS'), sysconfig.get_config_var('SYSLIBS'), sysconfig.get_config_var('VERSION'), sysconfig.get_config_var('LIBPL'))"` + DISTUTILS_CFLAGS=`$PYTHON -c "from distutils import sysconfig; \ + print '-I%s -I%s %s' % ( \ + sysconfig.get_python_inc(), \ + sysconfig.get_python_inc(plat_specific=1), \ + sysconfig.get_config_var('CFLAGS'))"` + DISTUTILS_LDFLAGS=`$PYTHON -c "from distutils import sysconfig; \ + print '%s %s -lpython%s -L%s %s -L%s' % ( \ + sysconfig.get_config_var('LIBS'), \ + sysconfig.get_config_var('SYSLIBS'), \ + sysconfig.get_config_var('VERSION'), \ + sysconfig.get_config_var('LIBDIR'), \ + sysconfig.get_config_var('LDFLAGS'), \ + sysconfig.get_config_var('LIBPL'))"` TRY_LINK_PYTHON($DISTUTILS_LDFLAGS, $DISTUTILS_CFLAGS) fi -- cgit From 6f0be6c5d580ea751b28a0166b4454a0ef333dc2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Nov 2008 19:27:17 -0800 Subject: Pretty print out SD's on get/set. Jeremy. --- source3/smbd/nttrans.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1a13d962f0..caace5197c 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -741,6 +741,11 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, security_acl_map_generic(psd->dacl, &file_generic_mapping); security_acl_map_generic(psd->sacl, &file_generic_mapping); + if (DEBUGLEVEL >= 10) { + DEBUG(10,("set_sd for file %s\n", fsp->fsp_name )); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd); TALLOC_FREE(psd); @@ -1601,6 +1606,11 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); + if (DEBUGLEVEL >= 10) { + DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name ) + NDR_PRINT_DEBUG(security_descriptor, psd); + } + SIVAL(params,0,(uint32)sd_size); if (max_data_count < sd_size) { -- cgit From 5e25f5f4f2b5b8dfd31206ebdc295c00870effe9 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 12 Nov 2008 21:24:00 -0800 Subject: Fix build break --- source3/smbd/nttrans.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index caace5197c..52c16e2ac6 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1607,7 +1607,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); if (DEBUGLEVEL >= 10) { - DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name ) + DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, psd); } -- cgit From a8722a190b65ddd4e6e958c6e8b28b268531d130 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Thu, 30 Oct 2008 17:53:52 +0800 Subject: i18n/l10n pam_winbind MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/Makefile.in | 29 ++++++++-- source3/configure.in | 3 +- source3/include/localedir.h | 6 ++ source3/locale/pam_winbind/genmsg | 25 ++++++++ source3/localedir.c | 3 + source3/m4/check_path.m4 | 19 +++++++ source3/nsswitch/pam_winbind.c | 117 ++++++++++++++++++++++---------------- source3/nsswitch/pam_winbind.h | 15 ++++- source3/script/installmo.sh | 83 +++++++++++++++++++++++++++ source3/script/uninstallmo.sh | 1 + 10 files changed, 244 insertions(+), 57 deletions(-) create mode 100644 source3/include/localedir.h create mode 100755 source3/locale/pam_winbind/genmsg create mode 100644 source3/localedir.c create mode 100644 source3/script/installmo.sh create mode 100644 source3/script/uninstallmo.sh diff --git a/source3/Makefile.in b/source3/Makefile.in index 6e40ba404a..4a0590c8ed 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -140,6 +140,9 @@ PRIVATE_DIR = $(PRIVATEDIR) # This is where SWAT images and help files go SWATDIR = @swatdir@ +# This is where locale(mo) files go +LOCALEDIR= @localedir@ + # the directory where lock files go LOCKDIR = @lockdir@ @@ -173,7 +176,8 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \ -DCONFIGDIR=\"$(CONFIGDIR)\" \ -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" \ -DCACHEDIR=\"$(CACHEDIR)\" \ - -DSTATEDIR=\"$(STATEDIR)\" + -DSTATEDIR=\"$(STATEDIR)\" \ + -DLOCALEDIR=\"$(LOCALEDIR)\" # Note that all executable programs now provide for an optional executable suffix. @@ -803,7 +807,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(LIBADS_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(LDB_OBJ) -PAM_WINBIND_OBJ = nsswitch/pam_winbind.o $(WBCOMMON_OBJ) \ +PAM_WINBIND_OBJ = nsswitch/pam_winbind.o localedir.o $(WBCOMMON_OBJ) \ $(LIBREPLACE_OBJ) @BUILD_INIPARSER@ LIBSMBCLIENT_OBJ0 = \ @@ -1312,6 +1316,13 @@ dynconfig.o: dynconfig.c Makefile echo "$(COMPILE_CC_PATH)" 1>&2;\ $(COMPILE_CC_PATH) >/dev/null 2>&1 +localedir.o: localedir.c Makefile + @echo Compiling $*.c + @$(COMPILE_CC_PATH) && exit 0;\ + echo "The following command failed:" 1>&2;\ + echo "$(COMPILE_CC_PATH)" 1>&2;\ + $(COMPILE_CC_PATH) >/dev/null 2>&1 + lib/pidfile.o: lib/pidfile.c @echo Compiling $*.c @$(COMPILE_CC_PATH) && exit 0;\ @@ -2558,7 +2569,7 @@ bin/test_lp_load@EXEEXT@: $(BINARY_PREREQS) $(TEST_LP_LOAD_OBJ) @BUILD_POPT@ @LI install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \ installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \ - @INSTALL_PAM_MODULES@ installlibs + @INSTALL_PAM_MODULES@ installlibs installmo install-everything:: install installmodules @@ -2571,7 +2582,7 @@ install-everything:: install installmodules # is not used installdirs:: - @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR) + @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR) $(LOCALEDIR) installservers:: all installdirs @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) $(SBIN_PROGS) @@ -2637,6 +2648,9 @@ revert:: installman:: installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) C "@ROFF@" +installmo:: all installdirs + @$(SHELL) $(srcdir)/script/installmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir) + .PHONY: showlayout showlayout:: @@ -2656,7 +2670,10 @@ showlayout:: @echo " codepagedir: $(CODEPAGEDIR)" -uninstall:: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@ +uninstall:: uninstallmo uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@ + +uninstallmo:: + @$(SHELL) $(srcdir)/script/uninstallmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir) uninstallman:: @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C @@ -2701,7 +2718,7 @@ uninstallpammodules:: done # Toplevel clean files -TOPFILES=dynconfig.o +TOPFILES=dynconfig.o localedir.o cleanlibs:: -rm -f ../lib/*/*.o ../lib/*/*/*.o \ diff --git a/source3/configure.in b/source3/configure.in index 24341e0bec..1adb56ad91 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -654,7 +654,7 @@ AUTH_LIBS="${AUTH_LIBS} ${CRYPT_LIBS}" AC_CHECK_HEADERS(aio.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h rpc/nettype.h) AC_CHECK_HEADERS(unistd.h grp.h sys/id.h memory.h alloca.h) -AC_CHECK_HEADERS(limits.h float.h pthread.h) +AC_CHECK_HEADERS(limits.h float.h pthread.h libintl.h) AC_CHECK_HEADERS(rpc/rpc.h rpcsvc/nis.h rpcsvc/ypclnt.h) AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/prctl.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h) @@ -1029,6 +1029,7 @@ AC_CHECK_FUNCS(memalign posix_memalign hstrerror) AC_CHECK_HEADERS(sys/mman.h) # setbuffer, shmget, shm_open are needed for smbtorture AC_CHECK_FUNCS(shmget shm_open) +AC_CHECK_FUNCS(gettext dgettext) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) diff --git a/source3/include/localedir.h b/source3/include/localedir.h new file mode 100644 index 0000000000..2a291d3ceb --- /dev/null +++ b/source3/include/localedir.h @@ -0,0 +1,6 @@ +#ifndef __LOCALEDIR_H__ +#define __LOCALEDIR_H__ + +extern const char *dyn_LOCALEDIR; + +#endif diff --git a/source3/locale/pam_winbind/genmsg b/source3/locale/pam_winbind/genmsg new file mode 100755 index 0000000000..5aa258aa85 --- /dev/null +++ b/source3/locale/pam_winbind/genmsg @@ -0,0 +1,25 @@ +#!/bin/sh + +FILES="../../nsswitch/pam_winbind.c ../../nsswitch/pam_winbind.h" +LANGS="af ar bg bn bs ca cs cy da de el en_GB en_US es et fi fr gl gu he hi hr hu id it ja ka km ko lo lt mk mr nb nl pa pl pt_BR pt ro ru si sk sl sr sv ta th tr uk vi wa xh zh_CN zh_TW zu" + +XGETTEXT=xgettext +MSGMERGE=msgmerge + +WIDTH=256 + +$XGETTEXT --default-domain="pam_winbind" \ + --add-comments \ + --keyword=_ --keyword=N_ \ + --width=${WIDTH} \ + ${FILES} + +for lang in ${LANGS}; do + echo -n $lang + touch ${lang}.po + mv ${lang}.po ${lang}.po.old + ${MSGMERGE} --width=${WIDTH} ${lang}.po.old pam_winbind.po -o ${lang}.po + rm -fr ${lang}.po.old +done + +rm -fr pam_winbind.po diff --git a/source3/localedir.c b/source3/localedir.c new file mode 100644 index 0000000000..20f69219ed --- /dev/null +++ b/source3/localedir.c @@ -0,0 +1,3 @@ +#include "localedir.h" + +const char *dyn_LOCALEDIR = LOCALEDIR; diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4 index 0cff397c93..da6c922233 100644 --- a/source3/m4/check_path.m4 +++ b/source3/m4/check_path.m4 @@ -30,6 +30,7 @@ swatdir="\${prefix}/swat" codepagedir="\${MODULESDIR}" statedir="\${LOCKDIR}" cachedir="\${LOCKDIR}" +localedir="\${prefix}/share/locale" AC_ARG_WITH(fhs, [AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])], @@ -242,6 +243,23 @@ AC_ARG_WITH(mandir, ;; esac]) +################################################ +# set locale directory location +AC_ARG_WITH(localedir, +[ --with-localedir=DIR Where to put po files ($ac_default_prefix/share/locale)], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-localedir called without argument - will use default]) + ;; + *) + localedir="$withval" + ;; + esac]) + + AC_SUBST(configdir) AC_SUBST(lockdir) AC_SUBST(piddir) @@ -258,6 +276,7 @@ AC_SUBST(cachedir) AC_SUBST(rootsbindir) AC_SUBST(pammodulesdir) AC_SUBST(modulesdir) +AC_SUBST(localedir) ################################################# # set prefix for 'make test' diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 0c861e9f97..2c46a0c839 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -147,6 +147,21 @@ static const char *_pam_error_code_str(int err) #define MAX_PASSWD_TRIES 3 +#ifdef HAVE_GETTEXT +static char initialized = 0; + +static inline void textdomain_init(void); +static inline void textdomain_init(void) +{ + if (!initialized) { + bindtextdomain(MODULE_NAME, dyn_LOCALEDIR); + initialized = 1; + } + return; +} +#endif + + /* * Work around the pam API that has functions with void ** as parameters * These lead to strict aliasing warnings with gcc. @@ -515,6 +530,10 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, { struct pwb_context *r = NULL; +#ifdef HAVE_GETTEXT + textdomain_init(); +#endif + r = TALLOC_ZERO_P(NULL, struct pwb_context); if (!r) { return PAM_BUF_ERR; @@ -557,44 +576,44 @@ static const struct ntstatus_errors { const char *error_string; } ntstatus_errors[] = { {"NT_STATUS_OK", - "Success"}, + N_("Success")}, {"NT_STATUS_BACKUP_CONTROLLER", - "No primary Domain Controler available"}, + N_("No primary Domain Controler available")}, {"NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", - "No domain controllers found"}, + N_("No domain controllers found")}, {"NT_STATUS_NO_LOGON_SERVERS", - "No logon servers"}, + N_("No logon servers")}, {"NT_STATUS_PWD_TOO_SHORT", - "Password too short"}, + N_("Password too short")}, {"NT_STATUS_PWD_TOO_RECENT", - "The password of this user is too recent to change"}, + N_("The password of this user is too recent to change")}, {"NT_STATUS_PWD_HISTORY_CONFLICT", - "Password is already in password history"}, + N_("Password is already in password history")}, {"NT_STATUS_PASSWORD_EXPIRED", - "Your password has expired"}, + N_("Your password has expired")}, {"NT_STATUS_PASSWORD_MUST_CHANGE", - "You need to change your password now"}, + N_("You need to change your password now")}, {"NT_STATUS_INVALID_WORKSTATION", - "You are not allowed to logon from this workstation"}, + N_("You are not allowed to logon from this workstation")}, {"NT_STATUS_INVALID_LOGON_HOURS", - "You are not allowed to logon at this time"}, + N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", "Your account has expired. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", "Your account is disabled. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", "Your account has been locked. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_ACCESS_DENIED", - "Access is denied"}, + N_("Access is denied")}, {NULL, NULL} }; @@ -604,7 +623,7 @@ static const char *_get_ntstatus_error_string(const char *nt_status_string) for (i=0; ntstatus_errors[i].ntstatus_string != NULL; i++) { if (!strcasecmp(ntstatus_errors[i].ntstatus_string, nt_status_string)) { - return ntstatus_errors[i].error_string; + return _(ntstatus_errors[i].error_string); } } return NULL; @@ -832,14 +851,14 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx, if (days == 0) { _make_remark(ctx, PAM_TEXT_INFO, - "Your password expires today"); + _("Your password expires today")); return true; } if (days > 0 && days < warn_pwd_expire) { _make_remark_format(ctx, PAM_TEXT_INFO, - "Your password will expire in %d %s", - days, (days > 1) ? "days":"day"); + _("Your password will expire in %d %s"), + days, (days > 1) ? _("days"):_("day")); return true; } @@ -1231,9 +1250,9 @@ static void _pam_warn_logon_type(struct pwb_context *ctx, if (PAM_WB_GRACE_LOGON(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Grace login. " - "Please change your password as soon you're " - "online again"); + _("Grace login. " + "Please change your password as soon you're " + "online again")); _pam_log_debug(ctx, LOG_DEBUG, "User %s logged on using grace logon\n", username); @@ -1241,9 +1260,9 @@ static void _pam_warn_logon_type(struct pwb_context *ctx, } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Domain Controller unreachable, " - "using cached credentials instead. " - "Network resources may be unavailable"); + _("Domain Controller unreachable, " + "using cached credentials instead. " + "Network resources may be unavailable")); _pam_log_debug(ctx, LOG_DEBUG, "User %s logged on using cached credentials\n", username); @@ -1266,10 +1285,10 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx, { if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Failed to establish your Kerberos Ticket cache " - "due time differences\n" - "with the domain controller. " - "Please verify the system time.\n"); + _("Failed to establish your Kerberos Ticket cache " + "due time differences\n" + "with the domain controller. " + "Please verify the system time.\n")); _pam_log_debug(ctx, LOG_DEBUG, "User %s: Clock skew when getting Krb5 TGT\n", username); @@ -1334,7 +1353,7 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, goto failed; } - str = talloc_asprintf(ctx, "Your password "); + str = talloc_asprintf(ctx, _("Your password ")); if (!str) { goto failed; } @@ -1350,8 +1369,8 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->password_history > 0) { str = talloc_asprintf_append(str, - "cannot repeat any of your previous %d " - "passwords; ", + _("cannot repeat any of your previous %d " + "passwords; "), i->password_history); if (!str) { goto failed; @@ -1360,19 +1379,19 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->password_properties & WBC_DOMAIN_PASSWORD_COMPLEX) { str = talloc_asprintf_append(str, - "must contain capitals, numerals " - "or punctuation; " - "and cannot contain your account " - "or full name; "); + _("must contain capitals, numerals " + "or punctuation; " + "and cannot contain your account " + "or full name; ")); if (!str) { goto failed; } } str = talloc_asprintf_append(str, - "Please type a different password. " - "Type a password which meets these requirements in " - "both text boxes."); + _("Please type a different password. " + "Type a password which meets these requirements in " + "both text boxes.")); if (!str) { goto failed; } @@ -1855,8 +1874,8 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, break; case WBC_PWD_CHANGE_REJECT_COMPLEXITY: _make_remark(ctx, PAM_ERROR_MSG, - "Password does not meet " - "complexity requirements"); + _("Password does not meet " + "complexity requirements")); break; default: _pam_log_debug(ctx, LOG_DEBUG, @@ -2489,7 +2508,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, } retval = _winbind_read_password(ctx, ctx->ctrl, NULL, - "Password: ", NULL, + _("Password: "), NULL, &password); if (retval != PAM_SUCCESS) { @@ -2897,7 +2916,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* instruct user what is happening */ -#define greeting "Changing password for" +#define greeting _("Changing password for") Announce = talloc_asprintf(ctx, "%s %s", greeting, user); if (!Announce) { _pam_log(ctx, LOG_CRIT, @@ -2910,7 +2929,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, lctrl = ctx->ctrl | WINBIND__OLD_PASSWORD; ret = _winbind_read_password(ctx, lctrl, Announce, - "(current) NT password: ", + _("(current) NT password: "), NULL, (const char **) &pass_old); TALLOC_FREE(Announce); @@ -2980,8 +2999,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ret = _winbind_read_password(ctx, lctrl, NULL, - "Enter new NT password: ", - "Retype new NT password: ", + _("Enter new NT password: "), + _("Retype new NT password: "), (const char **)&pass_new); if (ret != PAM_SUCCESS) { diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index cb6f450ccb..0656f5972e 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -9,6 +9,7 @@ #include "system/time.h" #include #include "libwbclient/wbclient.h" +#include "localedir.h" #define MODULE_NAME "pam_winbind" #define PAM_SM_AUTH @@ -22,6 +23,10 @@ #include +#ifdef HAVE_LIBINTL_H +#include +#endif + #ifndef LINUX /* Solaris always uses dynamic pam modules */ @@ -101,12 +106,20 @@ do { \ #define WINBIND_WARN_PWD_EXPIRE 0x00002000 #define WINBIND_MKHOMEDIR 0x00004000 +#if defined(HAVE_GETTEXT) && !defined(__LCLINT__) +#define _(string) dgettext(MODULE_NAME, string) +#else +#define _(string) string +#endif + +#define N_(string) string + /* * here is the string to inform the user that the new passwords they * typed were not the same. */ -#define MISTYPED_PASS "Sorry, passwords do not match" +#define MISTYPED_PASS _("Sorry, passwords do not match") #define on(x, y) (x & y) #define off(x, y) (!(x & y)) diff --git a/source3/script/installmo.sh b/source3/script/installmo.sh new file mode 100644 index 0000000000..a1f9c58e27 --- /dev/null +++ b/source3/script/installmo.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +DESTDIR=$1 +LOCALEDIR=`echo $2 | sed 's/\/\//\//g'` +SRCDIR=$3/ +MSGFMT=msgfmt + +case $0 in + *uninstall*) + if test ! -d "$DESTDIR/$LOCALEDIR"; then + echo "Directory $DESTDIR/$LOCALEDIR doesn't exist!" + echo "Do a \"make installmo\" or \"make install\" first." + exit 1 + fi + mode='uninstall' + ;; + *) + mode='install' + ;; +esac + +for dir in $SRCDIR/locale/*; do + MODULE=`basename $dir` + for f in $SRCDIR/locale/$MODULE/*.po; do + BASE=`basename $f` + LANGUAGE=`echo $BASE | sed 's/\.po//g'` + FNAME="$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/$MODULE.mo" + if test ! -d "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/"; then + mkdir -p "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/" + fi + if test "$mode" = 'install'; then + echo "Installing $f as $FNAME" + touch "$FNAME" + $MSGFMT "$f" -f -o "$FNAME" + if test ! -f "$FNAME"; then + echo "Cannot install $FNAME. Does $USER have privileges?" + exit 1 + fi + chmod 0644 "$FNAME" + elif test "$mode" = 'uninstall'; then + echo "removing $FNAME" + rm -f "$FNAME" + if test -f "$FNAME"; then + echo "Cannot remove $FNAME. Does $USER have privileges?" + exit 1 + fi + else + echo "Unknown mode $mode. script called as $0." + exit 1 + fi + done + if test "$mode" = 'install'; then + cat << EOF +============================================================== +MO files for $MODULE are installed. +============================================================== +EOF + else + cat << EOF +============================================================== +MO files for $MODULE are removed. +============================================================== +EOF + fi +done + +if test "$mode" = 'install'; then + cat << EOF +============================================================== +All MO files for Samba are installed. You can use "make uninstall" +or "make uninstallmo" to remove them. +============================================================== +EOF +else + cat << EOF +============================================================== +All MO files for Samba are removed. you can use "make install" +or "make installmo" to install them. +============================================================== +EOF +fi + +exit 0 diff --git a/source3/script/uninstallmo.sh b/source3/script/uninstallmo.sh new file mode 100644 index 0000000000..5b4475f5c2 --- /dev/null +++ b/source3/script/uninstallmo.sh @@ -0,0 +1 @@ +installmo.sh -- cgit From 540b2df874ff053bccd6ef6165476d5225f2ae16 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 14:44:14 +0100 Subject: pam_winbind: translate some more string. boyang, please check. Guenther --- source3/nsswitch/pam_winbind.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 2c46a0c839..5ba4850a4b 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -598,13 +598,13 @@ static const struct ntstatus_errors { {"NT_STATUS_INVALID_LOGON_HOURS", N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", - "Your account has expired. " + N_("Your account has expired. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", - "Your account is disabled. " + N_("Your account is disabled. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", - "Your account has been locked. " + N_("Your account has been locked. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", N_("Invalid Trust Account")}, @@ -1360,7 +1360,7 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->min_length_password > 0) { str = talloc_asprintf_append(str, - "must be at least %d characters; ", + _("must be at least %d characters; "), i->min_length_password); if (!str) { goto failed; @@ -1416,7 +1416,7 @@ static int _pam_create_homedir(struct pwb_context *ctx, if (mkdir(dirname, mode) != 0) { _make_remark_format(ctx, PAM_TEXT_INFO, - "Creating directory: %s failed: %s", + _("Creating directory: %s failed: %s"), dirname, strerror(errno)); _pam_log(ctx, LOG_ERR, "could not create dir: %s (%s)", dirname, strerror(errno)); @@ -2333,7 +2333,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, const char *ccname = NULL; struct passwd *pwd = NULL; - retval = pam_get_user(pamh, &user, "Username: "); + retval = pam_get_user(pamh, &user, _("Username: ")); if (retval) { _pam_log(ctx, LOG_ERR, "could not identify user"); @@ -2878,7 +2878,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* * First get the name of a user */ - ret = pam_get_user(pamh, &user, "Username: "); + ret = pam_get_user(pamh, &user, _("Username: ")); if (ret) { _pam_log(ctx, LOG_ERR, "password - could not identify user"); -- cgit From 85dec6917184a024f9b76ea6f6654227e6457af3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 16:45:42 +0100 Subject: pam_winbind: do not add empty blob. Guenther --- source3/nsswitch/pam_winbind.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 5ba4850a4b..c164f8e72a 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2369,14 +2369,16 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, logoff.username = user; - wbc_status = wbcAddNamedBlob(&logoff.num_blobs, - &logoff.blobs, - "ccfilename", - 0, - (uint8_t *)ccname, - strlen(ccname)+1); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto out; + if (ccname) { + wbc_status = wbcAddNamedBlob(&logoff.num_blobs, + &logoff.blobs, + "ccfilename", + 0, + (uint8_t *)ccname, + strlen(ccname)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto out; + } } wbc_status = wbcAddNamedBlob(&logoff.num_blobs, -- cgit From 6a61580617b0bd2cf46d4857dd0e87b3e48288f6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 17:19:11 +0100 Subject: s3-winbindd: workaround for samr_ChangePasswordUser3 to User2 fallback for w2k dcs. Guenther --- source3/winbindd/winbindd_pam.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 7de28b08a9..597d48aad0 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2117,9 +2117,15 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact got_info = true; } + /* atm the pidl generated rpccli_samr_ChangePasswordUser3 function will + * return with NT_STATUS_BUFFER_TOO_SMALL for w2k dcs as w2k just + * returns with 4byte error code (NT_STATUS_NOT_SUPPORTED) which is too + * short to comply with the samr_ChangePasswordUser3 idl - gd */ + /* only fallback when the chgpasswd_user3 call is not supported */ if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || + (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n", -- cgit From 9f1ee827d5a9dff85cb160b1ad4c16583f55b327 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 16:44:28 +0100 Subject: pam_winbind: add german de.po file. germans, please have a look if this can actually be understood by germans. Guenther --- source3/locale/pam_winbind/de.po | 186 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 source3/locale/pam_winbind/de.po diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po new file mode 100644 index 0000000000..1d6a902b15 --- /dev/null +++ b/source3/locale/pam_winbind/de.po @@ -0,0 +1,186 @@ +# pam_winbind message translations (german) +# Copyright (C) 2008 Guenther Deschner +# This file is distributed under the same license as the pam_winbind package. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: @PACKAGE@\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2008-11-13 17:21+0100\n" +"PO-Revision-Date: 2008-11-13 14:29+0100\n" +"Last-Translator: Guenther Deschner \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../nsswitch/pam_winbind.c:579 +msgid "Success" +msgstr "Erfolgreich" + +#: ../../nsswitch/pam_winbind.c:581 +msgid "No primary Domain Controler available" +msgstr "Kein primärer Domänen-Controller verfügbar" + +#: ../../nsswitch/pam_winbind.c:583 +msgid "No domain controllers found" +msgstr "Keine Domänen-Controller gefunden" + +#: ../../nsswitch/pam_winbind.c:585 +msgid "No logon servers" +msgstr "Keine Anmeldeserver verfügbar" + +#: ../../nsswitch/pam_winbind.c:587 +msgid "Password too short" +msgstr "Passwort ist zu kurz" + +#: ../../nsswitch/pam_winbind.c:589 +msgid "The password of this user is too recent to change" +msgstr "Das Passwort des Benutzers kann noch nicht erneut geändert werden" + +#: ../../nsswitch/pam_winbind.c:591 +msgid "Password is already in password history" +msgstr "Das neue Passwort ist bereits in der Passwort-Historie enthalten" + +#: ../../nsswitch/pam_winbind.c:593 +msgid "Your password has expired" +msgstr "Ihr Passwort ist abgelaufen" + +#: ../../nsswitch/pam_winbind.c:595 +msgid "You need to change your password now" +msgstr "Sie müßen Ihr Passwort unmittelbar ändern" + +#: ../../nsswitch/pam_winbind.c:597 +msgid "You are not allowed to logon from this workstation" +msgstr "Sie können sich nicht von diesem Arbeitsplatz aus anmelden" + +#: ../../nsswitch/pam_winbind.c:599 +msgid "You are not allowed to logon at this time" +msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" + +#: ../../nsswitch/pam_winbind.c:601 +#, fuzzy +msgid "Your account has expired. " +msgstr "Ihr Passwort ist abgelaufen" + +#: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 +msgid "Please contact your System administrator" +msgstr "Bitte kontaktieren Sie ihren System-Administrator" + +#: ../../nsswitch/pam_winbind.c:604 +msgid "Your account is disabled. " +msgstr "Ihr Account ist deaktiviert. " + +#: ../../nsswitch/pam_winbind.c:607 +msgid "Your account has been locked. " +msgstr "Ihr Account wurde gesperrt. " + +#: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 +msgid "Invalid Trust Account" +msgstr "Ungültiger Maschinen-Account" + +#: ../../nsswitch/pam_winbind.c:616 +msgid "Access is denied" +msgstr "Zugriff verweigert" + +#: ../../nsswitch/pam_winbind.c:854 +msgid "Your password expires today" +msgstr "Ihr Passwort läuft heute ab" + +#: ../../nsswitch/pam_winbind.c:860 +#, c-format +msgid "Your password will expire in %d %s" +msgstr "Ihr Passwort wird in %d %s ungültig" + +#: ../../nsswitch/pam_winbind.c:861 +msgid "days" +msgstr "Tagen" + +#: ../../nsswitch/pam_winbind.c:861 +msgid "day" +msgstr "Tag" + +#: ../../nsswitch/pam_winbind.c:1253 +msgid "Grace login. Please change your password as soon you're online again" +msgstr "" + +#: ../../nsswitch/pam_winbind.c:1263 +msgid "Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable" +msgstr "Domänen-Controller unerreichbar. Anmeldung erfolgte mit gespeicherten Anmeldedaten. Netzwerk Ressourcen können momentan nicht verfügbar sein" + +#: ../../nsswitch/pam_winbind.c:1288 +msgid "" +"Failed to establish your Kerberos Ticket cache due time differences\n" +"with the domain controller. Please verify the system time.\n" +msgstr "" +"Anforderung eines Kerberos Tickets aufgrund Zeitunterscheid zum \n" +"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die System Zeit.\n" + +#: ../../nsswitch/pam_winbind.c:1356 +msgid "Your password " +msgstr "Ihr Passwort " + +#: ../../nsswitch/pam_winbind.c:1363 +#, c-format +msgid "must be at least %d characters; " +msgstr "muß mindestens %d Zeichen lang sein; " + +#: ../../nsswitch/pam_winbind.c:1372 +#, c-format +msgid "cannot repeat any of your previous %d passwords; " +msgstr "kann keines der %d vorherigen Passwörter enthalten; " + +#: ../../nsswitch/pam_winbind.c:1382 +msgid "must contain capitals, numerals or punctuation; and cannot contain your account or full name; " +msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Anmelde- oder Vollnamen enthalten; " + +#: ../../nsswitch/pam_winbind.c:1392 +msgid "Please type a different password. Type a password which meets these requirements in both text boxes." +msgstr "Bitte wählen Sie ein anderes Passwort. Geben Sie ein geeignetes Passwort in beide Textfelder ein." + +#: ../../nsswitch/pam_winbind.c:1419 +#, c-format +msgid "Creating directory: %s failed: %s" +msgstr "Anlegen des Verzeichnis: %s fehlgeschlagen: %s" + +#: ../../nsswitch/pam_winbind.c:1877 +msgid "Password does not meet complexity requirements" +msgstr "Passwort genügt nicht den Komplexitätsanforderungen" + +#. +#. * First get the name of a user +#. +#: ../../nsswitch/pam_winbind.c:2336 ../../nsswitch/pam_winbind.c:2883 +msgid "Username: " +msgstr "Benuzername: " + +#: ../../nsswitch/pam_winbind.c:2513 +msgid "Password: " +msgstr "Passwort: " + +#. instruct user what is happening +#: ../../nsswitch/pam_winbind.c:2921 +#, fuzzy +msgid "Changing password for" +msgstr "Ändere Passwort für" + +#: ../../nsswitch/pam_winbind.c:2934 +msgid "(current) NT password: " +msgstr "(aktuelles) NT Passwort: " + +#: ../../nsswitch/pam_winbind.c:3004 +msgid "Enter new NT password: " +msgstr "Neues NT Passwort eingeben: " + +#: ../../nsswitch/pam_winbind.c:3005 +msgid "Retype new NT password: " +msgstr "Neues NT Passwort wiederholen: " + +#. +#. * here is the string to inform the user that the new passwords they +#. * typed were not the same. +#. +#: ../../nsswitch/pam_winbind.h:122 +msgid "Sorry, passwords do not match" +msgstr "Passwörter stimmen leider nicht überein" -- cgit From b0107f74a24ca9387f28968bbd21f3da3316e59f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Nov 2008 17:46:36 +0100 Subject: fix typo --- source3/locale/pam_winbind/de.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 1d6a902b15..642d9d3e12 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -49,7 +49,7 @@ msgstr "Ihr Passwort ist abgelaufen" #: ../../nsswitch/pam_winbind.c:595 msgid "You need to change your password now" -msgstr "Sie müßen Ihr Passwort unmittelbar ändern" +msgstr "Sie müssen Ihr Passwort unmittelbar ändern" #: ../../nsswitch/pam_winbind.c:597 msgid "You are not allowed to logon from this workstation" -- cgit From e76e77c32d8fe999604939d43589b8f441daed43 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 19:42:13 +0100 Subject: s3-svctl-server: fix remote rpc service management (bug #5888). Don't TALLOC_FREE a non-talloced [ref] pointer. Guenther --- source3/rpc_server/srv_svcctl_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index cb6657400f..4beab6488b 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -690,7 +690,7 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, *r->out.bytes_needed = (buffer_size > r->in.buf_size) ? buffer_size : r->in.buf_size; if (buffer_size > r->in.buf_size ) { - TALLOC_FREE(r->out.query); + ZERO_STRUCTP(r->out.query); return WERR_INSUFFICIENT_BUFFER; } -- cgit From 4c7033df5da52bded995f3e4cccd0b78bf55a74f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 13 Nov 2008 17:18:41 -0800 Subject: Move v2 from timestamp to 16-byte hash. Got the change in before on disk format is fixed. Jeremy. --- librpc/idl/xattr.idl | 10 ++++---- source3/librpc/gen_ndr/ndr_xattr.c | 48 +++++++++++++++++++------------------- source3/librpc/gen_ndr/ndr_xattr.h | 6 ++--- source3/librpc/gen_ndr/xattr.h | 6 ++--- source3/modules/vfs_acl_tdb.c | 30 ++++++++---------------- source3/modules/vfs_acl_xattr.c | 30 ++++++++---------------- 6 files changed, 55 insertions(+), 75 deletions(-) diff --git a/librpc/idl/xattr.idl b/librpc/idl/xattr.idl index c1af4791ae..4191ea67ce 100644 --- a/librpc/idl/xattr.idl +++ b/librpc/idl/xattr.idl @@ -117,20 +117,20 @@ interface xattr stored in "security.NTACL" Version 1. raw SD stored as Samba4 does it. - Version 2. raw SD + last changed timestamp so we - can discard if this doesn't match the POSIX st_ctime. + Version 2. raw SD + last changed hash so we + can discard if this doesn't match the underlying ACL hash. */ const char *XATTR_NTACL_NAME = "security.NTACL"; typedef [public] struct { security_descriptor *sd; - NTTIME last_changed; - } security_descriptor_timestamp; + uint8 hash[16]; + } security_descriptor_hash; typedef [switch_type(uint16)] union { [case(1)] security_descriptor *sd; - [case(2)] security_descriptor_timestamp *sd_ts; + [case(2)] security_descriptor_hash *sd_hs; } xattr_NTACL_Info; typedef [public] struct { diff --git a/source3/librpc/gen_ndr/ndr_xattr.c b/source3/librpc/gen_ndr/ndr_xattr.c index 0e9dda9f47..75781d763d 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.c +++ b/source3/librpc/gen_ndr/ndr_xattr.c @@ -546,12 +546,12 @@ _PUBLIC_ void ndr_print_xattr_DosStreams(struct ndr_print *ndr, const char *name ndr->depth--; } -_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r) +_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd)); - NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_changed)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); } if (ndr_flags & NDR_BUFFERS) { if (r->sd) { @@ -561,7 +561,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_pus return NDR_ERR_SUCCESS; } -_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r) { uint32_t _ptr_sd; TALLOC_CTX *_mem_save_sd_0; @@ -573,7 +573,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul } else { r->sd = NULL; } - NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_changed)); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); } if (ndr_flags & NDR_BUFFERS) { if (r->sd) { @@ -586,9 +586,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r) +_PUBLIC_ void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r) { - ndr_print_struct(ndr, name, "security_descriptor_timestamp"); + ndr_print_struct(ndr, name, "security_descriptor_hash"); ndr->depth++; ndr_print_ptr(ndr, "sd", r->sd); ndr->depth++; @@ -596,7 +596,7 @@ _PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, con ndr_print_security_descriptor(ndr, "sd", r->sd); } ndr->depth--; - ndr_print_NTTIME(ndr, "last_changed", r->last_changed); + ndr_print_array_uint8(ndr, "hash", r->hash, 16); ndr->depth--; } @@ -611,7 +611,7 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr break; } case 2: { - NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_ts)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_hs)); break; } default: @@ -628,8 +628,8 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr break; case 2: - if (r->sd_ts) { - NDR_CHECK(ndr_push_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); + if (r->sd_hs) { + NDR_CHECK(ndr_push_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs)); } break; @@ -645,7 +645,7 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_sd_0; - TALLOC_CTX *_mem_save_sd_ts_0; + TALLOC_CTX *_mem_save_sd_hs_0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -664,12 +664,12 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_sd_ts; - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_ts)); - if (_ptr_sd_ts) { - NDR_PULL_ALLOC(ndr, r->sd_ts); + uint32_t _ptr_sd_hs; + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_hs)); + if (_ptr_sd_hs) { + NDR_PULL_ALLOC(ndr, r->sd_hs); } else { - r->sd_ts = NULL; + r->sd_hs = NULL; } break; } @@ -689,11 +689,11 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr break; case 2: - if (r->sd_ts) { - _mem_save_sd_ts_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->sd_ts, 0); - NDR_CHECK(ndr_pull_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_ts_0, 0); + if (r->sd_hs) { + _mem_save_sd_hs_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd_hs, 0); + NDR_CHECK(ndr_pull_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_hs_0, 0); } break; @@ -720,10 +720,10 @@ _PUBLIC_ void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name break; case 2: - ndr_print_ptr(ndr, "sd_ts", r->sd_ts); + ndr_print_ptr(ndr, "sd_hs", r->sd_hs); ndr->depth++; - if (r->sd_ts) { - ndr_print_security_descriptor_timestamp(ndr, "sd_ts", r->sd_ts); + if (r->sd_hs) { + ndr_print_security_descriptor_hash(ndr, "sd_hs", r->sd_hs); } ndr->depth--; break; diff --git a/source3/librpc/gen_ndr/ndr_xattr.h b/source3/librpc/gen_ndr/ndr_xattr.h index 38701b1aca..c565e8513a 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.h +++ b/source3/librpc/gen_ndr/ndr_xattr.h @@ -24,9 +24,9 @@ void ndr_print_xattr_DosStream(struct ndr_print *ndr, const char *name, const st enum ndr_err_code ndr_push_xattr_DosStreams(struct ndr_push *ndr, int ndr_flags, const struct xattr_DosStreams *r); enum ndr_err_code ndr_pull_xattr_DosStreams(struct ndr_pull *ndr, int ndr_flags, struct xattr_DosStreams *r); void ndr_print_xattr_DosStreams(struct ndr_print *ndr, const char *name, const struct xattr_DosStreams *r); -enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r); -enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r); -void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r); +enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r); +enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r); +void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r); void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r); enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r); enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r); diff --git a/source3/librpc/gen_ndr/xattr.h b/source3/librpc/gen_ndr/xattr.h index 1d8da3f5e2..1148a0acec 100644 --- a/source3/librpc/gen_ndr/xattr.h +++ b/source3/librpc/gen_ndr/xattr.h @@ -73,14 +73,14 @@ struct xattr_DosStreams { struct xattr_DosStream *streams;/* [unique,size_is(num_streams)] */ }/* [public] */; -struct security_descriptor_timestamp { +struct security_descriptor_hash { struct security_descriptor *sd;/* [unique] */ - NTTIME last_changed; + uint8_t hash[16]; }/* [public] */; union xattr_NTACL_Info { struct security_descriptor *sd;/* [unique,case] */ - struct security_descriptor_timestamp *sd_ts;/* [unique,case(2)] */ + struct security_descriptor_hash *sd_hs;/* [unique,case(2)] */ }/* [switch_type(uint16)] */; struct xattr_NTACL { diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 202c1a8469..1924812cf7 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -125,15 +125,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->owner_sid : NULL, + ? xacl.info.sd_hs->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->group_sid : NULL, + ? xacl.info.sd_hs->sd->group_sid : NULL, (security_info & SACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->sacl : NULL, + ? xacl.info.sd_hs->sd->sacl : NULL, (security_info & DACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->dacl : NULL, + ? xacl.info.sd_hs->sd->dacl : NULL, &sd_size); TALLOC_FREE(xacl.info.sd); @@ -199,27 +199,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; - struct security_descriptor_timestamp sd_ts; + struct security_descriptor_hash sd_hs; enum ndr_err_code ndr_err; TALLOC_CTX *ctx = talloc_tos(); - struct timespec curr = timespec_current(); ZERO_STRUCT(xacl); - ZERO_STRUCT(sd_ts); - - /* Horrid hack as setting an xattr changes the ctime - * on Linux. This gives a race of 1 second during - * which we would not see a POSIX ACL set. - */ - curr.tv_sec += 1; + ZERO_STRUCT(sd_hs); xacl.version = 2; - xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); - unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); - - DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", - timestring(ctx, curr.tv_sec) )); + xacl.info.sd_hs = &sd_hs; + xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd); + memset(&xacl.info.sd_hs->hash[0], '\0', 16); ndr_err = ndr_push_struct_blob( pblob, ctx, NULL, &xacl, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 2b4e68bdea..bc3edd7d04 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -53,15 +53,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->owner_sid : NULL, + ? xacl.info.sd_hs->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->group_sid : NULL, + ? xacl.info.sd_hs->sd->group_sid : NULL, (security_info & SACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->sacl : NULL, + ? xacl.info.sd_hs->sd->sacl : NULL, (security_info & DACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->dacl : NULL, + ? xacl.info.sd_hs->sd->dacl : NULL, &sd_size); TALLOC_FREE(xacl.info.sd); @@ -134,27 +134,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; - struct security_descriptor_timestamp sd_ts; + struct security_descriptor_hash sd_hs; enum ndr_err_code ndr_err; TALLOC_CTX *ctx = talloc_tos(); - struct timespec curr = timespec_current(); ZERO_STRUCT(xacl); - ZERO_STRUCT(sd_ts); - - /* Horrid hack as setting an xattr changes the ctime - * on Linux. This gives a race of 1 second during - * which we would not see a POSIX ACL set. - */ - curr.tv_sec += 1; + ZERO_STRUCT(sd_hs); xacl.version = 2; - xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); - unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); - - DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", - timestring(ctx, curr.tv_sec) )); + xacl.info.sd_hs = &sd_hs; + xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd); + memset(&xacl.info.sd_hs->hash[0], '\0', 16); ndr_err = ndr_push_struct_blob( pblob, ctx, NULL, &xacl, -- cgit From 1b41f670fc40ac583f546440c2a683e94eb05caf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 12:49:18 +0100 Subject: sys_pwnam doesn't return talloced memory, so don't mix up the returned struct. (cherry picked from commit eb99923991960e53bd150ac8f1d818cb746101b4) --- source3/lib/util_pw.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index e0dbc97f00..e138273e8b 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -59,10 +59,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) cached = tcopy_passwd(talloc_autofree_context(), temp); if (cached == NULL) { - /* - * Just don't add this into the cache, ignore the failure - */ - return temp; + return NULL; } memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name), -- cgit From 5a210cc552f92459dc05c44a435acbcbbe6db9e7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 13:13:40 +0100 Subject: Rename some variables in getpwnam_alloc() for clarity --- source3/lib/util_pw.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index e138273e8b..c9b26f0a4f 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -44,27 +44,28 @@ void flush_pwnam_cache(void) struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) { - struct passwd *temp, *cached; + struct passwd *pw, *for_cache; - temp = (struct passwd *)memcache_lookup_talloc( + pw = (struct passwd *)memcache_lookup_talloc( NULL, GETPWNAM_CACHE, data_blob_string_const_null(name)); - if (temp != NULL) { - return tcopy_passwd(mem_ctx, temp); + if (pw != NULL) { + return tcopy_passwd(mem_ctx, pw); } - temp = sys_getpwnam(name); - if (temp == NULL) { + pw = sys_getpwnam(name); + if (pw == NULL) { return NULL; } - cached = tcopy_passwd(talloc_autofree_context(), temp); - if (cached == NULL) { + for_cache = tcopy_passwd(talloc_autofree_context(), pw); + if (for_cache == NULL) { return NULL; } - memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name), - cached); - return tcopy_passwd(mem_ctx, temp); + memcache_add_talloc(NULL, GETPWNAM_CACHE, + data_blob_string_const_null(name), for_cache); + + return tcopy_passwd(mem_ctx, pw); } struct passwd *getpwuid_alloc(TALLOC_CTX *mem_ctx, uid_t uid) -- cgit From f50ad767505cc8847f5f574767b664b57326e468 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Nov 2008 23:50:19 +0100 Subject: Actually finish memcache_add_talloc This fixes a memleak found by Martin Zielinski . Thanks for looking closely! Volker (cherry picked from commit a31a84a078100819809e6d40dbc3df207a50a0b2) --- source3/lib/memcache.c | 37 ++++++++++++++++++++++++++++++++++++- source3/torture/torture.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 68 insertions(+), 2 deletions(-) diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index d586f707fa..1951b4abf9 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -40,6 +40,24 @@ struct memcache { static void memcache_element_parse(struct memcache_element *e, DATA_BLOB *key, DATA_BLOB *value); +static bool memcache_is_talloc(enum memcache_number n) +{ + bool result; + + switch (n) { + case GETPWNAM_CACHE: + case PDB_GETPWSID_CACHE: + case SINGLETON_CACHE_TALLOC: + result = true; + break; + default: + result = false; + break; + } + + return result; +} + static int memcache_destructor(struct memcache *cache) { struct memcache_element *e, *next; @@ -188,6 +206,16 @@ static void memcache_delete_element(struct memcache *cache, } DLIST_REMOVE(cache->mru, e); + if (memcache_is_talloc(e->n)) { + DATA_BLOB cache_key, cache_value; + void *ptr; + + memcache_element_parse(e, &cache_key, &cache_value); + SMB_ASSERT(cache_value.length == sizeof(ptr)); + memcpy(&ptr, cache_value.data, sizeof(ptr)); + TALLOC_FREE(ptr); + } + cache->size -= memcache_element_size(e->keylength, e->valuelength); SAFE_FREE(e); @@ -250,6 +278,12 @@ void memcache_add(struct memcache *cache, enum memcache_number n, memcache_element_parse(e, &cache_key, &cache_value); if (value.length <= cache_value.length) { + if (memcache_is_talloc(e->n)) { + void *ptr; + SMB_ASSERT(cache_value.length == sizeof(ptr)); + memcpy(&ptr, cache_value.data, sizeof(ptr)); + TALLOC_FREE(ptr); + } /* * We can reuse the existing record */ @@ -308,7 +342,8 @@ void memcache_add(struct memcache *cache, enum memcache_number n, void memcache_add_talloc(struct memcache *cache, enum memcache_number n, DATA_BLOB key, void *ptr) { - memcache_add(cache, n, key, data_blob_const(&ptr, sizeof(ptr))); + void *p = talloc_move(cache, &ptr); + memcache_add(cache, n, key, data_blob_const(&p, sizeof(p))); } void memcache_flush(struct memcache *cache, enum memcache_number n) diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 904fb5c262..762ea214d1 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5291,6 +5291,11 @@ static bool run_local_memcache(int dummy) DATA_BLOB d1, d2, d3; DATA_BLOB v1, v2, v3; + TALLOC_CTX *mem_ctx; + char *str1, *str2; + size_t size1, size2; + bool ret = false; + cache = memcache_init(NULL, 100); if (cache == NULL) { @@ -5342,7 +5347,33 @@ static bool run_local_memcache(int dummy) } TALLOC_FREE(cache); - return true; + + cache = memcache_init(NULL, 0); + + mem_ctx = talloc_init("foo"); + + str1 = talloc_strdup(mem_ctx, "string1"); + str2 = talloc_strdup(mem_ctx, "string2"); + + memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, + data_blob_string_const("torture"), str1); + size1 = talloc_total_size(cache); + + memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, + data_blob_string_const("torture"), str2); + size2 = talloc_total_size(cache); + + printf("size1=%d, size2=%d\n", (int)size1, (int)size2); + + if (size2 > size1) { + printf("memcache leaks memory!\n"); + goto fail; + } + + ret = true; + fail: + TALLOC_FREE(cache); + return ret; } static double create_procs(bool (*fn)(int), bool *result) -- cgit From 3c98d5bd987358b1cbeb81fa8db37b97492cf0cc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 13:42:54 +0100 Subject: Make memcache_add_talloc NULL out the source pointer This is an orthogonality measure to make clear this pointer now belongs to the cache. (cherry picked from commit e6080c6e87d6fe3995b121a772bf3f6343fa666f) --- source3/auth/token_util.c | 6 ++++-- source3/lib/memcache.c | 14 ++++++++++++-- source3/lib/util_pw.c | 2 +- source3/passdb/pdb_interface.c | 14 +++++++------- source3/torture/torture.c | 4 ++-- 5 files changed, 26 insertions(+), 14 deletions(-) diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 6c00aa0943..28d6601b5f 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -77,7 +77,7 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) NT_USER_TOKEN *get_root_nt_token( void ) { - struct nt_user_token *token = NULL; + struct nt_user_token *token, *for_cache; DOM_SID u_sid, g_sid; struct passwd *pw; void *cache_data; @@ -107,9 +107,11 @@ NT_USER_TOKEN *get_root_nt_token( void ) token->privileges = se_disk_operators; + for_cache = token; + memcache_add_talloc( NULL, SINGLETON_CACHE_TALLOC, - data_blob_string_const_null("root_nt_token"), token); + data_blob_string_const_null("root_nt_token"), &for_cache); return token; } diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index 1951b4abf9..eaff15deda 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -340,9 +340,19 @@ void memcache_add(struct memcache *cache, enum memcache_number n, } void memcache_add_talloc(struct memcache *cache, enum memcache_number n, - DATA_BLOB key, void *ptr) + DATA_BLOB key, void **pptr) { - void *p = talloc_move(cache, &ptr); + void **ptr = (void **)pptr; + void *p; + + if (cache == NULL) { + cache = global_cache; + } + if (cache == NULL) { + return; + } + + p = talloc_move(cache, ptr); memcache_add(cache, n, key, data_blob_const(&p, sizeof(p))); } diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index c9b26f0a4f..b0baa12c3e 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -63,7 +63,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) } memcache_add_talloc(NULL, GETPWNAM_CACHE, - data_blob_string_const_null(name), for_cache); + data_blob_string_const_null(name), &for_cache); return tcopy_passwd(mem_ctx, pw); } diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 6fe105854f..5a79f09db0 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -207,28 +207,28 @@ static struct pdb_methods *pdb_get_methods(void) bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); - struct samu *cache_copy; + struct samu *for_cache; const struct dom_sid *user_sid; if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { return False; } - cache_copy = samu_new(NULL); - if (cache_copy == NULL) { + for_cache = samu_new(NULL); + if (for_cache == NULL) { return False; } - if (!pdb_copy_sam_account(cache_copy, sam_acct)) { - TALLOC_FREE(cache_copy); + if (!pdb_copy_sam_account(for_cache, sam_acct)) { + TALLOC_FREE(for_cache); return False; } - user_sid = pdb_get_user_sid(cache_copy); + user_sid = pdb_get_user_sid(for_cache); memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, data_blob_const(user_sid, sizeof(*user_sid)), - cache_copy); + &for_cache); return True; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 762ea214d1..603426b67c 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5356,11 +5356,11 @@ static bool run_local_memcache(int dummy) str2 = talloc_strdup(mem_ctx, "string2"); memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, - data_blob_string_const("torture"), str1); + data_blob_string_const("torture"), &str1); size1 = talloc_total_size(cache); memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, - data_blob_string_const("torture"), str2); + data_blob_string_const("torture"), &str2); size2 = talloc_total_size(cache); printf("size1=%d, size2=%d\n", (int)size1, (int)size2); -- cgit From cf06b75f0a0e7d0513ab1128a4d189c74097216f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 22:15:30 +0100 Subject: pidl: do not generate cli_ functions for noopnum flaged functions. Guenther --- pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm index 2a23fad4a7..4109ce9962 100644 --- a/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm +++ b/pidl/lib/Parse/Pidl/Samba3/ClientNDR.pm @@ -215,7 +215,10 @@ sub ParseInterface($$) $self->pidl_hdr("#ifndef __CLI_$uif\__"); $self->pidl_hdr("#define __CLI_$uif\__"); - $self->ParseFunction($if->{NAME}, $_) foreach (@{$if->{FUNCTIONS}}); + foreach (@{$if->{FUNCTIONS}}) { + next if ($_->{PROPERTIES}{noopnum}); + $self->ParseFunction($if->{NAME}, $_); + } $self->pidl_hdr("#endif /* __CLI_$uif\__ */"); } -- cgit From 216c788b0cef379cf0e3edff7b28819ffe06a740 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 23:28:07 +0100 Subject: pidl: skip generation of noopnum functions in generated s3 server. Guenther --- pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm index 6034fb6f16..e5d8f1c1d2 100644 --- a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm +++ b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm @@ -205,7 +205,11 @@ sub ParseInterface($) pidl_hdr "#ifndef __SRV_$uif\__"; pidl_hdr "#define __SRV_$uif\__"; - ParseFunction($if, $_) foreach (@{$if->{FUNCTIONS}}); + + foreach (@{$if->{FUNCTIONS}}) { + next if ($_->{PROPERTIES}{noopnum}); + ParseFunction($if, $_); + } pidl ""; pidl "/* Tables */"; @@ -214,6 +218,7 @@ sub ParseInterface($) indent; foreach (@{$if->{FUNCTIONS}}) { + next if ($_->{PROPERTIES}{noopnum}); pidl "{\"" . uc($_->{NAME}) . "\", NDR_" . uc($_->{NAME}) . ", api_$_->{NAME}},"; } -- cgit From df21095ce8981827767e8646b6aefb053beb29a8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Nov 2008 00:50:33 +0100 Subject: Attempt to fix the build I have no idea how this could have happened. Probably done a make and make test in a different tree than the one I have done the push from. Sorry. Volker --- source3/lib/memcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index eaff15deda..606d72ab5a 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -340,7 +340,7 @@ void memcache_add(struct memcache *cache, enum memcache_number n, } void memcache_add_talloc(struct memcache *cache, enum memcache_number n, - DATA_BLOB key, void **pptr) + DATA_BLOB key, void *pptr) { void **ptr = (void **)pptr; void *p; -- cgit From caf0c17e247b7c66051abc9ed239506a4be6aecc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 15 Nov 2008 02:23:31 +0100 Subject: s3-spoolss: fix enumports segfault (another malloc vs. talloc candidate). Guenther --- source3/rpc_server/srv_spoolss_nt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 577f7f1ded..59c1323a0f 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7482,11 +7482,11 @@ WERROR enumports_hook(TALLOC_CTX *ctx, int *count, char ***lines ) /* if no hook then just fill in the default port */ if ( !*cmd ) { - if (!(qlines = SMB_MALLOC_ARRAY( char*, 2 ))) { + if (!(qlines = TALLOC_ARRAY( NULL, char*, 2 ))) { return WERR_NOMEM; } - if (!(qlines[0] = SMB_STRDUP( SAMBA_PRINTER_PORT_NAME ))) { - SAFE_FREE(qlines); + if (!(qlines[0] = talloc_strdup(qlines, SAMBA_PRINTER_PORT_NAME ))) { + TALLOC_FREE(qlines); return WERR_NOMEM; } qlines[1] = NULL; -- cgit From badfac44128d64b9e1ba80603ac3835ef50f01f9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 00:55:35 +0100 Subject: Move libtorture to top-level. --- lib/torture/config.mk | 14 + lib/torture/subunit.c | 96 ++++++ lib/torture/torture.c | 627 ++++++++++++++++++++++++++++++++++++++ lib/torture/torture.h | 425 ++++++++++++++++++++++++++ lib/torture/torture.pc.in | 12 + source4/lib/torture/config.mk | 14 - source4/lib/torture/subunit.c | 96 ------ source4/lib/torture/torture.c | 627 -------------------------------------- source4/lib/torture/torture.h | 425 -------------------------- source4/lib/torture/torture.pc.in | 12 - 10 files changed, 1174 insertions(+), 1174 deletions(-) create mode 100644 lib/torture/config.mk create mode 100644 lib/torture/subunit.c create mode 100644 lib/torture/torture.c create mode 100644 lib/torture/torture.h create mode 100644 lib/torture/torture.pc.in delete mode 100644 source4/lib/torture/config.mk delete mode 100644 source4/lib/torture/subunit.c delete mode 100644 source4/lib/torture/torture.c delete mode 100644 source4/lib/torture/torture.h delete mode 100644 source4/lib/torture/torture.pc.in diff --git a/lib/torture/config.mk b/lib/torture/config.mk new file mode 100644 index 0000000000..8a7f2a3b6b --- /dev/null +++ b/lib/torture/config.mk @@ -0,0 +1,14 @@ +# TORTURE subsystem +[LIBRARY::torture] +PUBLIC_DEPENDENCIES = \ + LIBSAMBA-HOSTCONFIG \ + LIBSAMBA-UTIL \ + LIBTALLOC + +torture_VERSION = 0.0.1 +torture_SOVERSION = 0 + +PC_FILES += $(libtorturesrcdir)/torture.pc +torture_OBJ_FILES = $(addprefix $(libtorturesrcdir)/, torture.o subunit.o) + +PUBLIC_HEADERS += $(libtorturesrcdir)/torture.h diff --git a/lib/torture/subunit.c b/lib/torture/subunit.c new file mode 100644 index 0000000000..d5ee344596 --- /dev/null +++ b/lib/torture/subunit.c @@ -0,0 +1,96 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Jelmer Vernooij 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "lib/torture/torture.h" + +static void subunit_init(struct torture_results *results) +{ + /* FIXME: register segv and bus handler */ +} + +static void subunit_suite_start(struct torture_context *ctx, + struct torture_suite *suite) +{ +} + +static void subunit_print_testname(struct torture_context *ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + if (!strcmp(tcase->name, test->name)) { + printf("%s", test->name); + } else { + printf("%s.%s", tcase->name, test->name); + } +} + +static void subunit_test_start(struct torture_context *ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + printf("test: "); + subunit_print_testname(ctx, tcase, test); + printf("\n"); +} + +static void subunit_test_result(struct torture_context *context, + enum torture_result res, const char *reason) +{ + switch (res) { + case TORTURE_OK: + printf("success: "); + break; + case TORTURE_FAIL: + printf("failure: "); + break; + case TORTURE_ERROR: + printf("error: "); + break; + case TORTURE_SKIP: + printf("skip: "); + break; + } + subunit_print_testname(context, context->active_tcase, context->active_test); + + if (reason) + printf(" [\n%s\n]", reason); + printf("\n"); +} + +static void subunit_comment(struct torture_context *test, + const char *comment) +{ + fprintf(stderr, "%s", comment); +} + +static void subunit_warning(struct torture_context *test, + const char *comment) +{ + fprintf(stderr, "WARNING!: %s\n", comment); +} + +const struct torture_ui_ops torture_subunit_ui_ops = { + .init = subunit_init, + .comment = subunit_comment, + .warning = subunit_warning, + .test_start = subunit_test_start, + .test_result = subunit_test_result, + .suite_start = subunit_suite_start +}; diff --git a/lib/torture/torture.c b/lib/torture/torture.c new file mode 100644 index 0000000000..e465529f6b --- /dev/null +++ b/lib/torture/torture.c @@ -0,0 +1,627 @@ +/* + Unix SMB/CIFS implementation. + SMB torture UI functions + + Copyright (C) Jelmer Vernooij 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "torture/torture.h" +#include "../lib/util/dlinklist.h" +#include "param/param.h" +#include "system/filesys.h" + +struct torture_results *torture_results_init(TALLOC_CTX *mem_ctx, const struct torture_ui_ops *ui_ops) +{ + struct torture_results *results = talloc_zero(mem_ctx, struct torture_results); + + results->ui_ops = ui_ops; + results->returncode = true; + + if (ui_ops->init) + ui_ops->init(results); + + return results; +} + +/** + * Initialize a torture context + */ +struct torture_context *torture_context_init(struct event_context *event_ctx, + struct torture_results *results) +{ + struct torture_context *torture = talloc_zero(event_ctx, + struct torture_context); + + if (torture == NULL) + return NULL; + + torture->ev = event_ctx; + torture->results = talloc_reference(torture, results); + + return torture; +} + +/** + * Create a sub torture context + */ +struct torture_context *torture_context_child(struct torture_context *parent) +{ + struct torture_context *subtorture = talloc_zero(parent, struct torture_context); + + if (subtorture == NULL) + return NULL; + + subtorture->level = parent->level+1; + subtorture->ev = talloc_reference(subtorture, parent->ev); + subtorture->lp_ctx = talloc_reference(subtorture, parent->lp_ctx); + subtorture->outputdir = talloc_reference(subtorture, parent->outputdir); + subtorture->results = talloc_reference(subtorture, parent->results); + + return subtorture; +} + +/** + create a temporary directory. +*/ +_PUBLIC_ NTSTATUS torture_temp_dir(struct torture_context *tctx, + const char *prefix, + char **tempdir) +{ + SMB_ASSERT(tctx->outputdir != NULL); + + *tempdir = talloc_asprintf(tctx, "%s/%s.XXXXXX", tctx->outputdir, + prefix); + NT_STATUS_HAVE_NO_MEMORY(*tempdir); + + if (mkdtemp(*tempdir) == NULL) { + return map_nt_error_from_unix(errno); + } + + return NT_STATUS_OK; +} + +/** + * Comment on the status/progress of a test + */ +void torture_comment(struct torture_context *context, const char *comment, ...) +{ + va_list ap; + char *tmp; + + if (!context->results->ui_ops->comment) + return; + + va_start(ap, comment); + tmp = talloc_vasprintf(context, comment, ap); + + context->results->ui_ops->comment(context, tmp); + + talloc_free(tmp); +} + +/** + * Print a warning about the current test + */ +void torture_warning(struct torture_context *context, const char *comment, ...) +{ + va_list ap; + char *tmp; + + if (!context->results->ui_ops->warning) + return; + + va_start(ap, comment); + tmp = talloc_vasprintf(context, comment, ap); + + context->results->ui_ops->warning(context, tmp); + + talloc_free(tmp); +} + +/** + * Store the result of a torture test. + */ +void torture_result(struct torture_context *context, + enum torture_result result, const char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + + if (context->last_reason) { + torture_warning(context, "%s", context->last_reason); + talloc_free(context->last_reason); + } + + context->last_result = result; + context->last_reason = talloc_vasprintf(context, fmt, ap); + va_end(ap); +} + +/** + * Create a new torture suite + */ +struct torture_suite *torture_suite_create(TALLOC_CTX *ctx, const char *name) +{ + struct torture_suite *suite = talloc_zero(ctx, struct torture_suite); + + suite->name = talloc_strdup(suite, name); + suite->testcases = NULL; + suite->children = NULL; + + return suite; +} + +/** + * Set the setup() and teardown() functions for a testcase. + */ +void torture_tcase_set_fixture(struct torture_tcase *tcase, + bool (*setup) (struct torture_context *, void **), + bool (*teardown) (struct torture_context *, void *)) +{ + tcase->setup = setup; + tcase->teardown = teardown; +} + +static bool wrap_test_with_testcase_const(struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *, + const void *tcase_data, + const void *test_data); + + fn = test->fn; + + return fn(torture_ctx, tcase->data, test->data); +} + +/** + * Add a test that uses const data to a testcase + */ +struct torture_test *torture_tcase_add_test_const(struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *, const void *tcase_data, + const void *test_data), + const void *data) +{ + struct torture_test *test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_test_with_testcase_const; + test->fn = run; + test->dangerous = false; + test->data = data; + + DLIST_ADD_END(tcase->tests, test, struct torture_test *); + + return test; +} + +/** + * Add a new testcase + */ +bool torture_suite_init_tcase(struct torture_suite *suite, + struct torture_tcase *tcase, + const char *name) +{ + tcase->name = talloc_strdup(tcase, name); + tcase->description = NULL; + tcase->setup = NULL; + tcase->teardown = NULL; + tcase->fixture_persistent = true; + tcase->tests = NULL; + + DLIST_ADD_END(suite->testcases, tcase, struct torture_tcase *); + + return true; +} + + +struct torture_tcase *torture_suite_add_tcase(struct torture_suite *suite, + const char *name) +{ + struct torture_tcase *tcase = talloc(suite, struct torture_tcase); + + if (!torture_suite_init_tcase(suite, tcase, name)) + return NULL; + + return tcase; +} + +/** + * Run a torture test suite. + */ +bool torture_run_suite(struct torture_context *context, + struct torture_suite *suite) +{ + bool ret = true; + struct torture_tcase *tcase; + struct torture_suite *tsuite; + char *old_testname; + + context->level++; + if (context->results->ui_ops->suite_start) + context->results->ui_ops->suite_start(context, suite); + + old_testname = context->active_testname; + if (old_testname != NULL) + context->active_testname = talloc_asprintf(context, "%s-%s", + old_testname, suite->name); + else + context->active_testname = talloc_strdup(context, suite->name); + + for (tcase = suite->testcases; tcase; tcase = tcase->next) { + ret &= torture_run_tcase(context, tcase); + } + + for (tsuite = suite->children; tsuite; tsuite = tsuite->next) { + ret &= torture_run_suite(context, tsuite); + } + + talloc_free(context->active_testname); + context->active_testname = old_testname; + + if (context->results->ui_ops->suite_finish) + context->results->ui_ops->suite_finish(context, suite); + + context->level--; + + return ret; +} + +void torture_ui_test_start(struct torture_context *context, + struct torture_tcase *tcase, + struct torture_test *test) +{ + if (context->results->ui_ops->test_start) + context->results->ui_ops->test_start(context, tcase, test); +} + +void torture_ui_test_result(struct torture_context *context, + enum torture_result result, + const char *comment) +{ + if (context->results->ui_ops->test_result) + context->results->ui_ops->test_result(context, result, comment); + + if (result == TORTURE_ERROR || result == TORTURE_FAIL) + context->results->returncode = false; +} + +static bool internal_torture_run_test(struct torture_context *context, + struct torture_tcase *tcase, + struct torture_test *test, + bool already_setup) +{ + bool success; + char *old_testname; + + if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { + old_testname = context->active_testname; + context->active_testname = talloc_asprintf(context, "%s-%s", old_testname, test->name); + } + + context->active_tcase = tcase; + context->active_test = test; + + torture_ui_test_start(context, tcase, test); + + context->last_reason = NULL; + context->last_result = TORTURE_OK; + + if (!already_setup && tcase->setup && + !tcase->setup(context, &(tcase->data))) { + if (context->last_reason == NULL) + context->last_reason = talloc_strdup(context, "Setup failure"); + context->last_result = TORTURE_ERROR; + success = false; + } else if (test->dangerous && + !torture_setting_bool(context, "dangerous", false)) { + context->last_result = TORTURE_SKIP; + context->last_reason = talloc_asprintf(context, + "disabled %s - enable dangerous tests to use", test->name); + success = true; + } else { + success = test->run(context, tcase, test); + + if (!success && context->last_result == TORTURE_OK) { + if (context->last_reason == NULL) + context->last_reason = talloc_strdup(context, "Unknown error/failure"); + context->last_result = TORTURE_ERROR; + } + } + + if (!already_setup && tcase->teardown && !tcase->teardown(context, tcase->data)) { + if (context->last_reason == NULL) + context->last_reason = talloc_strdup(context, "Setup failure"); + context->last_result = TORTURE_ERROR; + success = false; + } + + torture_ui_test_result(context, context->last_result, + context->last_reason); + + talloc_free(context->last_reason); + + if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { + talloc_free(context->active_testname); + context->active_testname = old_testname; + } + context->active_test = NULL; + context->active_tcase = NULL; + + return success; +} + +bool torture_run_tcase(struct torture_context *context, + struct torture_tcase *tcase) +{ + bool ret = true; + char *old_testname; + struct torture_test *test; + + context->level++; + + context->active_tcase = tcase; + if (context->results->ui_ops->tcase_start) + context->results->ui_ops->tcase_start(context, tcase); + + if (tcase->fixture_persistent && tcase->setup + && !tcase->setup(context, &tcase->data)) { + /* FIXME: Use torture ui ops for reporting this error */ + fprintf(stderr, "Setup failed: "); + if (context->last_reason != NULL) + fprintf(stderr, "%s", context->last_reason); + fprintf(stderr, "\n"); + ret = false; + goto done; + } + + old_testname = context->active_testname; + context->active_testname = talloc_asprintf(context, "%s-%s", + old_testname, tcase->name); + for (test = tcase->tests; test; test = test->next) { + ret &= internal_torture_run_test(context, tcase, test, + tcase->fixture_persistent); + } + talloc_free(context->active_testname); + context->active_testname = old_testname; + + if (tcase->fixture_persistent && tcase->teardown && + !tcase->teardown(context, tcase->data)) + ret = false; + +done: + context->active_tcase = NULL; + + if (context->results->ui_ops->tcase_finish) + context->results->ui_ops->tcase_finish(context, tcase); + + context->level--; + + return ret; +} + +bool torture_run_test(struct torture_context *context, + struct torture_tcase *tcase, + struct torture_test *test) +{ + return internal_torture_run_test(context, tcase, test, false); +} + +int torture_setting_int(struct torture_context *test, const char *name, + int default_value) +{ + return lp_parm_int(test->lp_ctx, NULL, "torture", name, default_value); +} + +double torture_setting_double(struct torture_context *test, const char *name, + double default_value) +{ + return lp_parm_double(test->lp_ctx, NULL, "torture", name, default_value); +} + +bool torture_setting_bool(struct torture_context *test, const char *name, + bool default_value) +{ + return lp_parm_bool(test->lp_ctx, NULL, "torture", name, default_value); +} + +const char *torture_setting_string(struct torture_context *test, + const char *name, + const char *default_value) +{ + const char *ret; + + SMB_ASSERT(test != NULL); + SMB_ASSERT(test->lp_ctx != NULL); + + ret = lp_parm_string(test->lp_ctx, NULL, "torture", name); + + if (ret == NULL) + return default_value; + + return ret; +} + +static bool wrap_test_with_simple_tcase_const ( + struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *, const void *tcase_data); + + fn = test->fn; + + return fn(torture_ctx, test->data); +} + +struct torture_tcase *torture_suite_add_simple_tcase_const( + struct torture_suite *suite, const char *name, + bool (*run) (struct torture_context *test, const void *), + const void *data) +{ + struct torture_tcase *tcase; + struct torture_test *test; + + tcase = torture_suite_add_tcase(suite, name); + + test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_test_with_simple_tcase_const; + test->fn = run; + test->data = data; + test->dangerous = false; + + DLIST_ADD_END(tcase->tests, test, struct torture_test *); + + return tcase; +} + +static bool wrap_simple_test(struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *); + + fn = test->fn; + + return fn(torture_ctx); +} + +struct torture_tcase *torture_suite_add_simple_test( + struct torture_suite *suite, + const char *name, + bool (*run) (struct torture_context *test)) +{ + struct torture_test *test; + struct torture_tcase *tcase; + + tcase = torture_suite_add_tcase(suite, name); + + test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_simple_test; + test->fn = run; + test->dangerous = false; + + DLIST_ADD_END(tcase->tests, test, struct torture_test *); + + return tcase; +} + +/** + * Add a child testsuite to a testsuite. + */ +bool torture_suite_add_suite(struct torture_suite *suite, + struct torture_suite *child) +{ + if (child == NULL) + return false; + + DLIST_ADD_END(suite->children, child, struct torture_suite *); + + /* FIXME: Check for duplicates and return false if the + * added suite already exists as a child */ + + return true; +} + +/** + * Find the child testsuite with the specified name. + */ +struct torture_suite *torture_find_suite(struct torture_suite *parent, + const char *name) +{ + struct torture_suite *child; + + for (child = parent->children; child; child = child->next) + if (!strcmp(child->name, name)) + return child; + + return NULL; +} + +static bool wrap_test_with_simple_test_const(struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *, const void *tcase_data); + + fn = test->fn; + + return fn(torture_ctx, tcase->data); +} + +struct torture_test *torture_tcase_add_simple_test_const( + struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *test, + const void *tcase_data)) +{ + struct torture_test *test; + + test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_test_with_simple_test_const; + test->fn = run; + test->data = NULL; + test->dangerous = false; + + DLIST_ADD_END(tcase->tests, test, struct torture_test *); + + return test; +} + +static bool wrap_test_with_simple_test(struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test) +{ + bool (*fn) (struct torture_context *, void *tcase_data); + + fn = test->fn; + + return fn(torture_ctx, tcase->data); +} + +struct torture_test *torture_tcase_add_simple_test(struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *test, void *tcase_data)) +{ + struct torture_test *test; + + test = talloc(tcase, struct torture_test); + + test->name = talloc_strdup(test, name); + test->description = NULL; + test->run = wrap_test_with_simple_test; + test->fn = run; + test->data = NULL; + test->dangerous = false; + + DLIST_ADD_END(tcase->tests, test, struct torture_test *); + + return test; +} diff --git a/lib/torture/torture.h b/lib/torture/torture.h new file mode 100644 index 0000000000..f06ffe012b --- /dev/null +++ b/lib/torture/torture.h @@ -0,0 +1,425 @@ +/* + Unix SMB/CIFS implementation. + SMB torture UI functions + + Copyright (C) Jelmer Vernooij 2006 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef __TORTURE_UI_H__ +#define __TORTURE_UI_H__ + +struct torture_test; +struct torture_context; +struct torture_suite; +struct torture_tcase; +struct torture_results; + +enum torture_result { + TORTURE_OK=0, + TORTURE_FAIL=1, + TORTURE_ERROR=2, + TORTURE_SKIP=3 +}; + +/* + * These callbacks should be implemented by any backend that wishes + * to listen to reports from the torture tests. + */ +struct torture_ui_ops +{ + void (*init) (struct torture_results *); + void (*comment) (struct torture_context *, const char *); + void (*warning) (struct torture_context *, const char *); + void (*suite_start) (struct torture_context *, struct torture_suite *); + void (*suite_finish) (struct torture_context *, struct torture_suite *); + void (*tcase_start) (struct torture_context *, struct torture_tcase *); + void (*tcase_finish) (struct torture_context *, struct torture_tcase *); + void (*test_start) (struct torture_context *, + struct torture_tcase *, + struct torture_test *); + void (*test_result) (struct torture_context *, + enum torture_result, const char *reason); +}; + +void torture_ui_test_start(struct torture_context *context, + struct torture_tcase *tcase, + struct torture_test *test); + +void torture_ui_test_result(struct torture_context *context, + enum torture_result result, + const char *comment); + +/* + * Holds information about a specific run of the testsuite. + * The data in this structure should be considered private to + * the torture tests and should only be used directly by the torture + * code and the ui backends. + * + * Torture tests should instead call the torture_*() macros and functions + * specified below. + */ + +struct torture_context +{ + struct torture_results *results; + + char *active_testname; + struct torture_test *active_test; + struct torture_tcase *active_tcase; + + enum torture_result last_result; + char *last_reason; + + /** Directory used for temporary test data */ + const char *outputdir; + + /** Indentation level */ + int level; + + /** Event context */ + struct event_context *ev; + + /** Loadparm context (will go away in favor of torture_setting_ at some point) */ + struct loadparm_context *lp_ctx; +}; + +struct torture_results +{ + const struct torture_ui_ops *ui_ops; + void *ui_data; + + /** Whether tests should avoid writing output to stdout */ + bool quiet; + + bool returncode; + + +}; + +/* + * Describes a particular torture test + */ +struct torture_test { + /** Short unique name for the test. */ + const char *name; + + /** Long description for the test. */ + const char *description; + + /** Whether this is a dangerous test + * (can corrupt the remote servers data or bring it down). */ + bool dangerous; + + /** Function to call to run this test */ + bool (*run) (struct torture_context *torture_ctx, + struct torture_tcase *tcase, + struct torture_test *test); + + struct torture_test *prev, *next; + + /** Pointer to the actual test function. This is run by the + * run() function above. */ + void *fn; + + /** Use data for this test */ + const void *data; +}; + +/* + * Describes a particular test case. + */ +struct torture_tcase { + const char *name; + const char *description; + bool (*setup) (struct torture_context *tcase, void **data); + bool (*teardown) (struct torture_context *tcase, void *data); + bool fixture_persistent; + void *data; + struct torture_test *tests; + struct torture_tcase *prev, *next; +}; + +struct torture_suite +{ + const char *name; + const char *description; + struct torture_tcase *testcases; + struct torture_suite *children; + + /* Pointers to siblings of this torture suite */ + struct torture_suite *prev, *next; +}; + +/** Create a new torture suite */ +struct torture_suite *torture_suite_create(TALLOC_CTX *mem_ctx, + const char *name); + +/** Change the setup and teardown functions for a testcase */ +void torture_tcase_set_fixture(struct torture_tcase *tcase, + bool (*setup) (struct torture_context *, void **), + bool (*teardown) (struct torture_context *, void *)); + +/* Add another test to run for a particular testcase */ +struct torture_test *torture_tcase_add_test_const(struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *test, + const void *tcase_data, const void *test_data), + const void *test_data); + +/* Add a testcase to a testsuite */ +struct torture_tcase *torture_suite_add_tcase(struct torture_suite *suite, + const char *name); + +/* Convenience wrapper that adds a testcase against only one + * test will be run */ +struct torture_tcase *torture_suite_add_simple_tcase_const( + struct torture_suite *suite, + const char *name, + bool (*run) (struct torture_context *test, + const void *test_data), + const void *data); + +/* Convenience function that adds a test which only + * gets the test case data */ +struct torture_test *torture_tcase_add_simple_test_const( + struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *test, + const void *tcase_data)); + +/* Convenience wrapper that adds a test that doesn't need any + * testcase data */ +struct torture_tcase *torture_suite_add_simple_test( + struct torture_suite *suite, + const char *name, + bool (*run) (struct torture_context *test)); + +/* Add a child testsuite to an existing testsuite */ +bool torture_suite_add_suite(struct torture_suite *suite, + struct torture_suite *child); + +/* Run the specified testsuite recursively */ +bool torture_run_suite(struct torture_context *context, + struct torture_suite *suite); + +/* Run the specified testcase */ +bool torture_run_tcase(struct torture_context *context, + struct torture_tcase *tcase); + +/* Run the specified test */ +bool torture_run_test(struct torture_context *context, + struct torture_tcase *tcase, + struct torture_test *test); + +void torture_comment(struct torture_context *test, const char *comment, ...) PRINTF_ATTRIBUTE(2,3); +void torture_warning(struct torture_context *test, const char *comment, ...) PRINTF_ATTRIBUTE(2,3); +void torture_result(struct torture_context *test, + enum torture_result, const char *reason, ...) PRINTF_ATTRIBUTE(3,4); + +#define torture_assert(torture_ctx,expr,cmt) \ + if (!(expr)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \ + return false; \ + } + +#define torture_assert_werr_equal(torture_ctx, got, expected, cmt) \ + do { WERROR __got = got, __expected = expected; \ + if (!W_ERROR_EQUAL(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", win_errstr(__got), win_errstr(__expected), cmt); \ + return false; \ + } \ + } while (0) + +#define torture_assert_ntstatus_equal(torture_ctx,got,expected,cmt) \ + do { NTSTATUS __got = got, __expected = expected; \ + if (!NT_STATUS_EQUAL(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", nt_errstr(__got), nt_errstr(__expected), cmt); \ + return false; \ + }\ + } while(0) + +#define torture_assert_ndr_err_equal(torture_ctx,got,expected,cmt) \ + do { enum ndr_err_code __got = got, __expected = expected; \ + if (__got != __expected) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %d, expected %d (%s): %s", __got, __expected, __STRING(expected), cmt); \ + return false; \ + }\ + } while(0) + +#define torture_assert_casestr_equal(torture_ctx,got,expected,cmt) \ + do { const char *__got = (got), *__expected = (expected); \ + if (!strequal(__got, __expected)) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", __got, __expected, cmt); \ + return false; \ + } \ + } while(0) + +#define torture_assert_str_equal(torture_ctx,got,expected,cmt)\ + do { const char *__got = (got), *__expected = (expected); \ + if (strcmp_safe(__got, __expected) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" was %s, expected %s: %s", \ + __got, __expected, cmt); \ + return false; \ + } \ + } while(0) + +#define torture_assert_mem_equal(torture_ctx,got,expected,len,cmt)\ + do { const void *__got = (got), *__expected = (expected); \ + if (memcmp(__got, __expected, len) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" of len %d did not match"#expected": %s", (int)len, cmt); \ + return false; \ + } \ + } while(0) + +#define torture_assert_file_contains_text(torture_ctx,filename,expected,cmt)\ + do { \ + char *__got; \ + const char *__expected = (expected); \ + size_t __size; \ + __got = file_load(filename, &__size, 0, torture_ctx); \ + if (__got == NULL) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": unable to open %s: %s\n", \ + filename, cmt); \ + return false; \ + } \ + \ + if (strcmp_safe(__got, __expected) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": %s contained:\n%sExpected: %s%s\n", \ + filename, __got, __expected, cmt); \ + talloc_free(__got); \ + return false; \ + } \ + talloc_free(__got); \ + } while(0) + +#define torture_assert_file_contains(torture_ctx,filename,expected,cmt)\ + do { const char *__got, *__expected = (expected); \ + size_t __size; \ + __got = file_load(filename, *size, 0, torture_ctx); \ + if (strcmp_safe(__got, __expected) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": %s contained:\n%sExpected: %s%s\n", \ + __got, __expected, cmt); \ + talloc_free(__got); \ + return false; \ + } \ + talloc_free(__got); \ + } while(0) + +#define torture_assert_int_equal(torture_ctx,got,expected,cmt)\ + do { int __got = (got), __expected = (expected); \ + if (__got != __expected) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" was %d, expected %d: %s", \ + __got, __expected, cmt); \ + return false; \ + } \ + } while(0) + +#define torture_assert_u64_equal(torture_ctx,got,expected,cmt)\ + do { uint64_t __got = (got), __expected = (expected); \ + if (__got != __expected) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" was %llu, expected %llu: %s", \ + (unsigned long long)__got, (unsigned long long)__expected, cmt); \ + return false; \ + } \ + } while(0) + +#define torture_assert_errno_equal(torture_ctx,expected,cmt)\ + do { int __expected = (expected); \ + if (errno != __expected) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": errno was %d (%s), expected %d: %s: %s", \ + errno, strerror(errno), __expected, \ + strerror(__expected), cmt); \ + return false; \ + } \ + } while(0) + + + +#define torture_skip(torture_ctx,cmt) do {\ + torture_result(torture_ctx, TORTURE_SKIP, __location__": %s", cmt);\ + return true; \ + } while(0) +#define torture_fail(torture_ctx,cmt) do {\ + torture_result(torture_ctx, TORTURE_FAIL, __location__": %s", cmt);\ + return false; \ + } while (0) +#define torture_fail_goto(torture_ctx,label,cmt) do {\ + torture_result(torture_ctx, TORTURE_FAIL, __location__": %s", cmt);\ + goto label; \ + } while (0) + +#define torture_out stderr + +/* Convenience macros */ +#define torture_assert_ntstatus_ok(torture_ctx,expr,cmt) \ + torture_assert_ntstatus_equal(torture_ctx,expr,NT_STATUS_OK,cmt) + +#define torture_assert_werr_ok(torture_ctx,expr,cmt) \ + torture_assert_werr_equal(torture_ctx,expr,WERR_OK,cmt) + +#define torture_assert_ndr_success(torture_ctx,expr,cmt) \ + torture_assert_ndr_err_equal(torture_ctx,expr,NDR_ERR_SUCCESS,cmt) + +/* Getting settings */ +const char *torture_setting_string(struct torture_context *test, \ + const char *name, + const char *default_value); + +int torture_setting_int(struct torture_context *test, + const char *name, + int default_value); + +double torture_setting_double(struct torture_context *test, + const char *name, + double default_value); + +bool torture_setting_bool(struct torture_context *test, + const char *name, + bool default_value); + +struct torture_suite *torture_find_suite(struct torture_suite *parent, + const char *name); + +NTSTATUS torture_temp_dir(struct torture_context *tctx, + const char *prefix, + char **tempdir); + +struct torture_test *torture_tcase_add_simple_test(struct torture_tcase *tcase, + const char *name, + bool (*run) (struct torture_context *test, void *tcase_data)); + + +bool torture_suite_init_tcase(struct torture_suite *suite, + struct torture_tcase *tcase, + const char *name); + +struct torture_context *torture_context_init(struct event_context *event_ctx, struct torture_results *results); + +struct torture_results *torture_results_init(TALLOC_CTX *mem_ctx, const struct torture_ui_ops *ui_ops); + +struct torture_context *torture_context_child(struct torture_context *tctx); + +extern const struct torture_ui_ops torture_subunit_ui_ops; + +#endif /* __TORTURE_UI_H__ */ diff --git a/lib/torture/torture.pc.in b/lib/torture/torture.pc.in new file mode 100644 index 0000000000..6582816cb5 --- /dev/null +++ b/lib/torture/torture.pc.in @@ -0,0 +1,12 @@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +libdir=@libdir@ +includedir=@includedir@ +modulesdir=${prefix}/modules/torture + +Name: torture +Description: Samba torture (test) suite +Requires: talloc +Version: 0.0.1 +Libs: -L${libdir} -ltorture +Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 diff --git a/source4/lib/torture/config.mk b/source4/lib/torture/config.mk deleted file mode 100644 index 8a7f2a3b6b..0000000000 --- a/source4/lib/torture/config.mk +++ /dev/null @@ -1,14 +0,0 @@ -# TORTURE subsystem -[LIBRARY::torture] -PUBLIC_DEPENDENCIES = \ - LIBSAMBA-HOSTCONFIG \ - LIBSAMBA-UTIL \ - LIBTALLOC - -torture_VERSION = 0.0.1 -torture_SOVERSION = 0 - -PC_FILES += $(libtorturesrcdir)/torture.pc -torture_OBJ_FILES = $(addprefix $(libtorturesrcdir)/, torture.o subunit.o) - -PUBLIC_HEADERS += $(libtorturesrcdir)/torture.h diff --git a/source4/lib/torture/subunit.c b/source4/lib/torture/subunit.c deleted file mode 100644 index d5ee344596..0000000000 --- a/source4/lib/torture/subunit.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba utility functions - Copyright (C) Jelmer Vernooij 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "lib/torture/torture.h" - -static void subunit_init(struct torture_results *results) -{ - /* FIXME: register segv and bus handler */ -} - -static void subunit_suite_start(struct torture_context *ctx, - struct torture_suite *suite) -{ -} - -static void subunit_print_testname(struct torture_context *ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - if (!strcmp(tcase->name, test->name)) { - printf("%s", test->name); - } else { - printf("%s.%s", tcase->name, test->name); - } -} - -static void subunit_test_start(struct torture_context *ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - printf("test: "); - subunit_print_testname(ctx, tcase, test); - printf("\n"); -} - -static void subunit_test_result(struct torture_context *context, - enum torture_result res, const char *reason) -{ - switch (res) { - case TORTURE_OK: - printf("success: "); - break; - case TORTURE_FAIL: - printf("failure: "); - break; - case TORTURE_ERROR: - printf("error: "); - break; - case TORTURE_SKIP: - printf("skip: "); - break; - } - subunit_print_testname(context, context->active_tcase, context->active_test); - - if (reason) - printf(" [\n%s\n]", reason); - printf("\n"); -} - -static void subunit_comment(struct torture_context *test, - const char *comment) -{ - fprintf(stderr, "%s", comment); -} - -static void subunit_warning(struct torture_context *test, - const char *comment) -{ - fprintf(stderr, "WARNING!: %s\n", comment); -} - -const struct torture_ui_ops torture_subunit_ui_ops = { - .init = subunit_init, - .comment = subunit_comment, - .warning = subunit_warning, - .test_start = subunit_test_start, - .test_result = subunit_test_result, - .suite_start = subunit_suite_start -}; diff --git a/source4/lib/torture/torture.c b/source4/lib/torture/torture.c deleted file mode 100644 index e465529f6b..0000000000 --- a/source4/lib/torture/torture.c +++ /dev/null @@ -1,627 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB torture UI functions - - Copyright (C) Jelmer Vernooij 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#include "includes.h" -#include "torture/torture.h" -#include "../lib/util/dlinklist.h" -#include "param/param.h" -#include "system/filesys.h" - -struct torture_results *torture_results_init(TALLOC_CTX *mem_ctx, const struct torture_ui_ops *ui_ops) -{ - struct torture_results *results = talloc_zero(mem_ctx, struct torture_results); - - results->ui_ops = ui_ops; - results->returncode = true; - - if (ui_ops->init) - ui_ops->init(results); - - return results; -} - -/** - * Initialize a torture context - */ -struct torture_context *torture_context_init(struct event_context *event_ctx, - struct torture_results *results) -{ - struct torture_context *torture = talloc_zero(event_ctx, - struct torture_context); - - if (torture == NULL) - return NULL; - - torture->ev = event_ctx; - torture->results = talloc_reference(torture, results); - - return torture; -} - -/** - * Create a sub torture context - */ -struct torture_context *torture_context_child(struct torture_context *parent) -{ - struct torture_context *subtorture = talloc_zero(parent, struct torture_context); - - if (subtorture == NULL) - return NULL; - - subtorture->level = parent->level+1; - subtorture->ev = talloc_reference(subtorture, parent->ev); - subtorture->lp_ctx = talloc_reference(subtorture, parent->lp_ctx); - subtorture->outputdir = talloc_reference(subtorture, parent->outputdir); - subtorture->results = talloc_reference(subtorture, parent->results); - - return subtorture; -} - -/** - create a temporary directory. -*/ -_PUBLIC_ NTSTATUS torture_temp_dir(struct torture_context *tctx, - const char *prefix, - char **tempdir) -{ - SMB_ASSERT(tctx->outputdir != NULL); - - *tempdir = talloc_asprintf(tctx, "%s/%s.XXXXXX", tctx->outputdir, - prefix); - NT_STATUS_HAVE_NO_MEMORY(*tempdir); - - if (mkdtemp(*tempdir) == NULL) { - return map_nt_error_from_unix(errno); - } - - return NT_STATUS_OK; -} - -/** - * Comment on the status/progress of a test - */ -void torture_comment(struct torture_context *context, const char *comment, ...) -{ - va_list ap; - char *tmp; - - if (!context->results->ui_ops->comment) - return; - - va_start(ap, comment); - tmp = talloc_vasprintf(context, comment, ap); - - context->results->ui_ops->comment(context, tmp); - - talloc_free(tmp); -} - -/** - * Print a warning about the current test - */ -void torture_warning(struct torture_context *context, const char *comment, ...) -{ - va_list ap; - char *tmp; - - if (!context->results->ui_ops->warning) - return; - - va_start(ap, comment); - tmp = talloc_vasprintf(context, comment, ap); - - context->results->ui_ops->warning(context, tmp); - - talloc_free(tmp); -} - -/** - * Store the result of a torture test. - */ -void torture_result(struct torture_context *context, - enum torture_result result, const char *fmt, ...) -{ - va_list ap; - - va_start(ap, fmt); - - if (context->last_reason) { - torture_warning(context, "%s", context->last_reason); - talloc_free(context->last_reason); - } - - context->last_result = result; - context->last_reason = talloc_vasprintf(context, fmt, ap); - va_end(ap); -} - -/** - * Create a new torture suite - */ -struct torture_suite *torture_suite_create(TALLOC_CTX *ctx, const char *name) -{ - struct torture_suite *suite = talloc_zero(ctx, struct torture_suite); - - suite->name = talloc_strdup(suite, name); - suite->testcases = NULL; - suite->children = NULL; - - return suite; -} - -/** - * Set the setup() and teardown() functions for a testcase. - */ -void torture_tcase_set_fixture(struct torture_tcase *tcase, - bool (*setup) (struct torture_context *, void **), - bool (*teardown) (struct torture_context *, void *)) -{ - tcase->setup = setup; - tcase->teardown = teardown; -} - -static bool wrap_test_with_testcase_const(struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - bool (*fn) (struct torture_context *, - const void *tcase_data, - const void *test_data); - - fn = test->fn; - - return fn(torture_ctx, tcase->data, test->data); -} - -/** - * Add a test that uses const data to a testcase - */ -struct torture_test *torture_tcase_add_test_const(struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *, const void *tcase_data, - const void *test_data), - const void *data) -{ - struct torture_test *test = talloc(tcase, struct torture_test); - - test->name = talloc_strdup(test, name); - test->description = NULL; - test->run = wrap_test_with_testcase_const; - test->fn = run; - test->dangerous = false; - test->data = data; - - DLIST_ADD_END(tcase->tests, test, struct torture_test *); - - return test; -} - -/** - * Add a new testcase - */ -bool torture_suite_init_tcase(struct torture_suite *suite, - struct torture_tcase *tcase, - const char *name) -{ - tcase->name = talloc_strdup(tcase, name); - tcase->description = NULL; - tcase->setup = NULL; - tcase->teardown = NULL; - tcase->fixture_persistent = true; - tcase->tests = NULL; - - DLIST_ADD_END(suite->testcases, tcase, struct torture_tcase *); - - return true; -} - - -struct torture_tcase *torture_suite_add_tcase(struct torture_suite *suite, - const char *name) -{ - struct torture_tcase *tcase = talloc(suite, struct torture_tcase); - - if (!torture_suite_init_tcase(suite, tcase, name)) - return NULL; - - return tcase; -} - -/** - * Run a torture test suite. - */ -bool torture_run_suite(struct torture_context *context, - struct torture_suite *suite) -{ - bool ret = true; - struct torture_tcase *tcase; - struct torture_suite *tsuite; - char *old_testname; - - context->level++; - if (context->results->ui_ops->suite_start) - context->results->ui_ops->suite_start(context, suite); - - old_testname = context->active_testname; - if (old_testname != NULL) - context->active_testname = talloc_asprintf(context, "%s-%s", - old_testname, suite->name); - else - context->active_testname = talloc_strdup(context, suite->name); - - for (tcase = suite->testcases; tcase; tcase = tcase->next) { - ret &= torture_run_tcase(context, tcase); - } - - for (tsuite = suite->children; tsuite; tsuite = tsuite->next) { - ret &= torture_run_suite(context, tsuite); - } - - talloc_free(context->active_testname); - context->active_testname = old_testname; - - if (context->results->ui_ops->suite_finish) - context->results->ui_ops->suite_finish(context, suite); - - context->level--; - - return ret; -} - -void torture_ui_test_start(struct torture_context *context, - struct torture_tcase *tcase, - struct torture_test *test) -{ - if (context->results->ui_ops->test_start) - context->results->ui_ops->test_start(context, tcase, test); -} - -void torture_ui_test_result(struct torture_context *context, - enum torture_result result, - const char *comment) -{ - if (context->results->ui_ops->test_result) - context->results->ui_ops->test_result(context, result, comment); - - if (result == TORTURE_ERROR || result == TORTURE_FAIL) - context->results->returncode = false; -} - -static bool internal_torture_run_test(struct torture_context *context, - struct torture_tcase *tcase, - struct torture_test *test, - bool already_setup) -{ - bool success; - char *old_testname; - - if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { - old_testname = context->active_testname; - context->active_testname = talloc_asprintf(context, "%s-%s", old_testname, test->name); - } - - context->active_tcase = tcase; - context->active_test = test; - - torture_ui_test_start(context, tcase, test); - - context->last_reason = NULL; - context->last_result = TORTURE_OK; - - if (!already_setup && tcase->setup && - !tcase->setup(context, &(tcase->data))) { - if (context->last_reason == NULL) - context->last_reason = talloc_strdup(context, "Setup failure"); - context->last_result = TORTURE_ERROR; - success = false; - } else if (test->dangerous && - !torture_setting_bool(context, "dangerous", false)) { - context->last_result = TORTURE_SKIP; - context->last_reason = talloc_asprintf(context, - "disabled %s - enable dangerous tests to use", test->name); - success = true; - } else { - success = test->run(context, tcase, test); - - if (!success && context->last_result == TORTURE_OK) { - if (context->last_reason == NULL) - context->last_reason = talloc_strdup(context, "Unknown error/failure"); - context->last_result = TORTURE_ERROR; - } - } - - if (!already_setup && tcase->teardown && !tcase->teardown(context, tcase->data)) { - if (context->last_reason == NULL) - context->last_reason = talloc_strdup(context, "Setup failure"); - context->last_result = TORTURE_ERROR; - success = false; - } - - torture_ui_test_result(context, context->last_result, - context->last_reason); - - talloc_free(context->last_reason); - - if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { - talloc_free(context->active_testname); - context->active_testname = old_testname; - } - context->active_test = NULL; - context->active_tcase = NULL; - - return success; -} - -bool torture_run_tcase(struct torture_context *context, - struct torture_tcase *tcase) -{ - bool ret = true; - char *old_testname; - struct torture_test *test; - - context->level++; - - context->active_tcase = tcase; - if (context->results->ui_ops->tcase_start) - context->results->ui_ops->tcase_start(context, tcase); - - if (tcase->fixture_persistent && tcase->setup - && !tcase->setup(context, &tcase->data)) { - /* FIXME: Use torture ui ops for reporting this error */ - fprintf(stderr, "Setup failed: "); - if (context->last_reason != NULL) - fprintf(stderr, "%s", context->last_reason); - fprintf(stderr, "\n"); - ret = false; - goto done; - } - - old_testname = context->active_testname; - context->active_testname = talloc_asprintf(context, "%s-%s", - old_testname, tcase->name); - for (test = tcase->tests; test; test = test->next) { - ret &= internal_torture_run_test(context, tcase, test, - tcase->fixture_persistent); - } - talloc_free(context->active_testname); - context->active_testname = old_testname; - - if (tcase->fixture_persistent && tcase->teardown && - !tcase->teardown(context, tcase->data)) - ret = false; - -done: - context->active_tcase = NULL; - - if (context->results->ui_ops->tcase_finish) - context->results->ui_ops->tcase_finish(context, tcase); - - context->level--; - - return ret; -} - -bool torture_run_test(struct torture_context *context, - struct torture_tcase *tcase, - struct torture_test *test) -{ - return internal_torture_run_test(context, tcase, test, false); -} - -int torture_setting_int(struct torture_context *test, const char *name, - int default_value) -{ - return lp_parm_int(test->lp_ctx, NULL, "torture", name, default_value); -} - -double torture_setting_double(struct torture_context *test, const char *name, - double default_value) -{ - return lp_parm_double(test->lp_ctx, NULL, "torture", name, default_value); -} - -bool torture_setting_bool(struct torture_context *test, const char *name, - bool default_value) -{ - return lp_parm_bool(test->lp_ctx, NULL, "torture", name, default_value); -} - -const char *torture_setting_string(struct torture_context *test, - const char *name, - const char *default_value) -{ - const char *ret; - - SMB_ASSERT(test != NULL); - SMB_ASSERT(test->lp_ctx != NULL); - - ret = lp_parm_string(test->lp_ctx, NULL, "torture", name); - - if (ret == NULL) - return default_value; - - return ret; -} - -static bool wrap_test_with_simple_tcase_const ( - struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - bool (*fn) (struct torture_context *, const void *tcase_data); - - fn = test->fn; - - return fn(torture_ctx, test->data); -} - -struct torture_tcase *torture_suite_add_simple_tcase_const( - struct torture_suite *suite, const char *name, - bool (*run) (struct torture_context *test, const void *), - const void *data) -{ - struct torture_tcase *tcase; - struct torture_test *test; - - tcase = torture_suite_add_tcase(suite, name); - - test = talloc(tcase, struct torture_test); - - test->name = talloc_strdup(test, name); - test->description = NULL; - test->run = wrap_test_with_simple_tcase_const; - test->fn = run; - test->data = data; - test->dangerous = false; - - DLIST_ADD_END(tcase->tests, test, struct torture_test *); - - return tcase; -} - -static bool wrap_simple_test(struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - bool (*fn) (struct torture_context *); - - fn = test->fn; - - return fn(torture_ctx); -} - -struct torture_tcase *torture_suite_add_simple_test( - struct torture_suite *suite, - const char *name, - bool (*run) (struct torture_context *test)) -{ - struct torture_test *test; - struct torture_tcase *tcase; - - tcase = torture_suite_add_tcase(suite, name); - - test = talloc(tcase, struct torture_test); - - test->name = talloc_strdup(test, name); - test->description = NULL; - test->run = wrap_simple_test; - test->fn = run; - test->dangerous = false; - - DLIST_ADD_END(tcase->tests, test, struct torture_test *); - - return tcase; -} - -/** - * Add a child testsuite to a testsuite. - */ -bool torture_suite_add_suite(struct torture_suite *suite, - struct torture_suite *child) -{ - if (child == NULL) - return false; - - DLIST_ADD_END(suite->children, child, struct torture_suite *); - - /* FIXME: Check for duplicates and return false if the - * added suite already exists as a child */ - - return true; -} - -/** - * Find the child testsuite with the specified name. - */ -struct torture_suite *torture_find_suite(struct torture_suite *parent, - const char *name) -{ - struct torture_suite *child; - - for (child = parent->children; child; child = child->next) - if (!strcmp(child->name, name)) - return child; - - return NULL; -} - -static bool wrap_test_with_simple_test_const(struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - bool (*fn) (struct torture_context *, const void *tcase_data); - - fn = test->fn; - - return fn(torture_ctx, tcase->data); -} - -struct torture_test *torture_tcase_add_simple_test_const( - struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *test, - const void *tcase_data)) -{ - struct torture_test *test; - - test = talloc(tcase, struct torture_test); - - test->name = talloc_strdup(test, name); - test->description = NULL; - test->run = wrap_test_with_simple_test_const; - test->fn = run; - test->data = NULL; - test->dangerous = false; - - DLIST_ADD_END(tcase->tests, test, struct torture_test *); - - return test; -} - -static bool wrap_test_with_simple_test(struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test) -{ - bool (*fn) (struct torture_context *, void *tcase_data); - - fn = test->fn; - - return fn(torture_ctx, tcase->data); -} - -struct torture_test *torture_tcase_add_simple_test(struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *test, void *tcase_data)) -{ - struct torture_test *test; - - test = talloc(tcase, struct torture_test); - - test->name = talloc_strdup(test, name); - test->description = NULL; - test->run = wrap_test_with_simple_test; - test->fn = run; - test->data = NULL; - test->dangerous = false; - - DLIST_ADD_END(tcase->tests, test, struct torture_test *); - - return test; -} diff --git a/source4/lib/torture/torture.h b/source4/lib/torture/torture.h deleted file mode 100644 index f06ffe012b..0000000000 --- a/source4/lib/torture/torture.h +++ /dev/null @@ -1,425 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SMB torture UI functions - - Copyright (C) Jelmer Vernooij 2006 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - -#ifndef __TORTURE_UI_H__ -#define __TORTURE_UI_H__ - -struct torture_test; -struct torture_context; -struct torture_suite; -struct torture_tcase; -struct torture_results; - -enum torture_result { - TORTURE_OK=0, - TORTURE_FAIL=1, - TORTURE_ERROR=2, - TORTURE_SKIP=3 -}; - -/* - * These callbacks should be implemented by any backend that wishes - * to listen to reports from the torture tests. - */ -struct torture_ui_ops -{ - void (*init) (struct torture_results *); - void (*comment) (struct torture_context *, const char *); - void (*warning) (struct torture_context *, const char *); - void (*suite_start) (struct torture_context *, struct torture_suite *); - void (*suite_finish) (struct torture_context *, struct torture_suite *); - void (*tcase_start) (struct torture_context *, struct torture_tcase *); - void (*tcase_finish) (struct torture_context *, struct torture_tcase *); - void (*test_start) (struct torture_context *, - struct torture_tcase *, - struct torture_test *); - void (*test_result) (struct torture_context *, - enum torture_result, const char *reason); -}; - -void torture_ui_test_start(struct torture_context *context, - struct torture_tcase *tcase, - struct torture_test *test); - -void torture_ui_test_result(struct torture_context *context, - enum torture_result result, - const char *comment); - -/* - * Holds information about a specific run of the testsuite. - * The data in this structure should be considered private to - * the torture tests and should only be used directly by the torture - * code and the ui backends. - * - * Torture tests should instead call the torture_*() macros and functions - * specified below. - */ - -struct torture_context -{ - struct torture_results *results; - - char *active_testname; - struct torture_test *active_test; - struct torture_tcase *active_tcase; - - enum torture_result last_result; - char *last_reason; - - /** Directory used for temporary test data */ - const char *outputdir; - - /** Indentation level */ - int level; - - /** Event context */ - struct event_context *ev; - - /** Loadparm context (will go away in favor of torture_setting_ at some point) */ - struct loadparm_context *lp_ctx; -}; - -struct torture_results -{ - const struct torture_ui_ops *ui_ops; - void *ui_data; - - /** Whether tests should avoid writing output to stdout */ - bool quiet; - - bool returncode; - - -}; - -/* - * Describes a particular torture test - */ -struct torture_test { - /** Short unique name for the test. */ - const char *name; - - /** Long description for the test. */ - const char *description; - - /** Whether this is a dangerous test - * (can corrupt the remote servers data or bring it down). */ - bool dangerous; - - /** Function to call to run this test */ - bool (*run) (struct torture_context *torture_ctx, - struct torture_tcase *tcase, - struct torture_test *test); - - struct torture_test *prev, *next; - - /** Pointer to the actual test function. This is run by the - * run() function above. */ - void *fn; - - /** Use data for this test */ - const void *data; -}; - -/* - * Describes a particular test case. - */ -struct torture_tcase { - const char *name; - const char *description; - bool (*setup) (struct torture_context *tcase, void **data); - bool (*teardown) (struct torture_context *tcase, void *data); - bool fixture_persistent; - void *data; - struct torture_test *tests; - struct torture_tcase *prev, *next; -}; - -struct torture_suite -{ - const char *name; - const char *description; - struct torture_tcase *testcases; - struct torture_suite *children; - - /* Pointers to siblings of this torture suite */ - struct torture_suite *prev, *next; -}; - -/** Create a new torture suite */ -struct torture_suite *torture_suite_create(TALLOC_CTX *mem_ctx, - const char *name); - -/** Change the setup and teardown functions for a testcase */ -void torture_tcase_set_fixture(struct torture_tcase *tcase, - bool (*setup) (struct torture_context *, void **), - bool (*teardown) (struct torture_context *, void *)); - -/* Add another test to run for a particular testcase */ -struct torture_test *torture_tcase_add_test_const(struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *test, - const void *tcase_data, const void *test_data), - const void *test_data); - -/* Add a testcase to a testsuite */ -struct torture_tcase *torture_suite_add_tcase(struct torture_suite *suite, - const char *name); - -/* Convenience wrapper that adds a testcase against only one - * test will be run */ -struct torture_tcase *torture_suite_add_simple_tcase_const( - struct torture_suite *suite, - const char *name, - bool (*run) (struct torture_context *test, - const void *test_data), - const void *data); - -/* Convenience function that adds a test which only - * gets the test case data */ -struct torture_test *torture_tcase_add_simple_test_const( - struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *test, - const void *tcase_data)); - -/* Convenience wrapper that adds a test that doesn't need any - * testcase data */ -struct torture_tcase *torture_suite_add_simple_test( - struct torture_suite *suite, - const char *name, - bool (*run) (struct torture_context *test)); - -/* Add a child testsuite to an existing testsuite */ -bool torture_suite_add_suite(struct torture_suite *suite, - struct torture_suite *child); - -/* Run the specified testsuite recursively */ -bool torture_run_suite(struct torture_context *context, - struct torture_suite *suite); - -/* Run the specified testcase */ -bool torture_run_tcase(struct torture_context *context, - struct torture_tcase *tcase); - -/* Run the specified test */ -bool torture_run_test(struct torture_context *context, - struct torture_tcase *tcase, - struct torture_test *test); - -void torture_comment(struct torture_context *test, const char *comment, ...) PRINTF_ATTRIBUTE(2,3); -void torture_warning(struct torture_context *test, const char *comment, ...) PRINTF_ATTRIBUTE(2,3); -void torture_result(struct torture_context *test, - enum torture_result, const char *reason, ...) PRINTF_ATTRIBUTE(3,4); - -#define torture_assert(torture_ctx,expr,cmt) \ - if (!(expr)) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \ - return false; \ - } - -#define torture_assert_werr_equal(torture_ctx, got, expected, cmt) \ - do { WERROR __got = got, __expected = expected; \ - if (!W_ERROR_EQUAL(__got, __expected)) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", win_errstr(__got), win_errstr(__expected), cmt); \ - return false; \ - } \ - } while (0) - -#define torture_assert_ntstatus_equal(torture_ctx,got,expected,cmt) \ - do { NTSTATUS __got = got, __expected = expected; \ - if (!NT_STATUS_EQUAL(__got, __expected)) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", nt_errstr(__got), nt_errstr(__expected), cmt); \ - return false; \ - }\ - } while(0) - -#define torture_assert_ndr_err_equal(torture_ctx,got,expected,cmt) \ - do { enum ndr_err_code __got = got, __expected = expected; \ - if (__got != __expected) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %d, expected %d (%s): %s", __got, __expected, __STRING(expected), cmt); \ - return false; \ - }\ - } while(0) - -#define torture_assert_casestr_equal(torture_ctx,got,expected,cmt) \ - do { const char *__got = (got), *__expected = (expected); \ - if (!strequal(__got, __expected)) { \ - torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %s, expected %s: %s", __got, __expected, cmt); \ - return false; \ - } \ - } while(0) - -#define torture_assert_str_equal(torture_ctx,got,expected,cmt)\ - do { const char *__got = (got), *__expected = (expected); \ - if (strcmp_safe(__got, __expected) != 0) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": "#got" was %s, expected %s: %s", \ - __got, __expected, cmt); \ - return false; \ - } \ - } while(0) - -#define torture_assert_mem_equal(torture_ctx,got,expected,len,cmt)\ - do { const void *__got = (got), *__expected = (expected); \ - if (memcmp(__got, __expected, len) != 0) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": "#got" of len %d did not match"#expected": %s", (int)len, cmt); \ - return false; \ - } \ - } while(0) - -#define torture_assert_file_contains_text(torture_ctx,filename,expected,cmt)\ - do { \ - char *__got; \ - const char *__expected = (expected); \ - size_t __size; \ - __got = file_load(filename, &__size, 0, torture_ctx); \ - if (__got == NULL) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": unable to open %s: %s\n", \ - filename, cmt); \ - return false; \ - } \ - \ - if (strcmp_safe(__got, __expected) != 0) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": %s contained:\n%sExpected: %s%s\n", \ - filename, __got, __expected, cmt); \ - talloc_free(__got); \ - return false; \ - } \ - talloc_free(__got); \ - } while(0) - -#define torture_assert_file_contains(torture_ctx,filename,expected,cmt)\ - do { const char *__got, *__expected = (expected); \ - size_t __size; \ - __got = file_load(filename, *size, 0, torture_ctx); \ - if (strcmp_safe(__got, __expected) != 0) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": %s contained:\n%sExpected: %s%s\n", \ - __got, __expected, cmt); \ - talloc_free(__got); \ - return false; \ - } \ - talloc_free(__got); \ - } while(0) - -#define torture_assert_int_equal(torture_ctx,got,expected,cmt)\ - do { int __got = (got), __expected = (expected); \ - if (__got != __expected) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": "#got" was %d, expected %d: %s", \ - __got, __expected, cmt); \ - return false; \ - } \ - } while(0) - -#define torture_assert_u64_equal(torture_ctx,got,expected,cmt)\ - do { uint64_t __got = (got), __expected = (expected); \ - if (__got != __expected) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": "#got" was %llu, expected %llu: %s", \ - (unsigned long long)__got, (unsigned long long)__expected, cmt); \ - return false; \ - } \ - } while(0) - -#define torture_assert_errno_equal(torture_ctx,expected,cmt)\ - do { int __expected = (expected); \ - if (errno != __expected) { \ - torture_result(torture_ctx, TORTURE_FAIL, \ - __location__": errno was %d (%s), expected %d: %s: %s", \ - errno, strerror(errno), __expected, \ - strerror(__expected), cmt); \ - return false; \ - } \ - } while(0) - - - -#define torture_skip(torture_ctx,cmt) do {\ - torture_result(torture_ctx, TORTURE_SKIP, __location__": %s", cmt);\ - return true; \ - } while(0) -#define torture_fail(torture_ctx,cmt) do {\ - torture_result(torture_ctx, TORTURE_FAIL, __location__": %s", cmt);\ - return false; \ - } while (0) -#define torture_fail_goto(torture_ctx,label,cmt) do {\ - torture_result(torture_ctx, TORTURE_FAIL, __location__": %s", cmt);\ - goto label; \ - } while (0) - -#define torture_out stderr - -/* Convenience macros */ -#define torture_assert_ntstatus_ok(torture_ctx,expr,cmt) \ - torture_assert_ntstatus_equal(torture_ctx,expr,NT_STATUS_OK,cmt) - -#define torture_assert_werr_ok(torture_ctx,expr,cmt) \ - torture_assert_werr_equal(torture_ctx,expr,WERR_OK,cmt) - -#define torture_assert_ndr_success(torture_ctx,expr,cmt) \ - torture_assert_ndr_err_equal(torture_ctx,expr,NDR_ERR_SUCCESS,cmt) - -/* Getting settings */ -const char *torture_setting_string(struct torture_context *test, \ - const char *name, - const char *default_value); - -int torture_setting_int(struct torture_context *test, - const char *name, - int default_value); - -double torture_setting_double(struct torture_context *test, - const char *name, - double default_value); - -bool torture_setting_bool(struct torture_context *test, - const char *name, - bool default_value); - -struct torture_suite *torture_find_suite(struct torture_suite *parent, - const char *name); - -NTSTATUS torture_temp_dir(struct torture_context *tctx, - const char *prefix, - char **tempdir); - -struct torture_test *torture_tcase_add_simple_test(struct torture_tcase *tcase, - const char *name, - bool (*run) (struct torture_context *test, void *tcase_data)); - - -bool torture_suite_init_tcase(struct torture_suite *suite, - struct torture_tcase *tcase, - const char *name); - -struct torture_context *torture_context_init(struct event_context *event_ctx, struct torture_results *results); - -struct torture_results *torture_results_init(TALLOC_CTX *mem_ctx, const struct torture_ui_ops *ui_ops); - -struct torture_context *torture_context_child(struct torture_context *tctx); - -extern const struct torture_ui_ops torture_subunit_ui_ops; - -#endif /* __TORTURE_UI_H__ */ diff --git a/source4/lib/torture/torture.pc.in b/source4/lib/torture/torture.pc.in deleted file mode 100644 index 6582816cb5..0000000000 --- a/source4/lib/torture/torture.pc.in +++ /dev/null @@ -1,12 +0,0 @@ -prefix=@prefix@ -exec_prefix=@exec_prefix@ -libdir=@libdir@ -includedir=@includedir@ -modulesdir=${prefix}/modules/torture - -Name: torture -Description: Samba torture (test) suite -Requires: talloc -Version: 0.0.1 -Libs: -L${libdir} -ltorture -Cflags: -I${includedir} -DHAVE_IMMEDIATE_STRUCTURES=1 -- cgit From 8beecd42f2789635891121be8e185e9acef0bcb5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 00:58:08 +0100 Subject: Move torture directory to top-level. --- lib/torture/torture.c | 4 ++-- lib/torture/torture.h | 2 -- source3/samba4.mk | 2 +- source4/Makefile | 4 ++-- source4/configure.ac | 2 +- source4/main.mk | 2 +- source4/torture/rpc/ntsvcs.c | 2 +- source4/torture/rpc/rpc.h | 3 +-- source4/torture/smbtorture.h | 2 +- source4/torture/util.h | 2 +- 10 files changed, 11 insertions(+), 14 deletions(-) diff --git a/lib/torture/torture.c b/lib/torture/torture.c index e465529f6b..6b2a5b1061 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -2,7 +2,7 @@ Unix SMB/CIFS implementation. SMB torture UI functions - Copyright (C) Jelmer Vernooij 2006 + Copyright (C) Jelmer Vernooij 2006-2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,7 +19,7 @@ */ #include "includes.h" -#include "torture/torture.h" +#include "../torture/torture.h" #include "../lib/util/dlinklist.h" #include "param/param.h" #include "system/filesys.h" diff --git a/lib/torture/torture.h b/lib/torture/torture.h index f06ffe012b..f16d2707bb 100644 --- a/lib/torture/torture.h +++ b/lib/torture/torture.h @@ -105,8 +105,6 @@ struct torture_results bool quiet; bool returncode; - - }; /* diff --git a/source3/samba4.mk b/source3/samba4.mk index 1743431aa4..032a3d9c35 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -88,7 +88,7 @@ libutilsrcdir := $(samba4srcdir)/../lib/util libtdrsrcdir := $(samba4srcdir)/lib/tdr libdbwrapsrcdir := $(samba4srcdir)/lib/dbwrap libcryptosrcdir := $(samba4srcdir)/../lib/crypto -libtorturesrcdir := $(samba4srcdir)/lib/torture +libtorturesrcdir := ../lib/torture libcompressionsrcdir := $(samba4srcdir)/../lib/compression libgencachesrcdir := $(samba4srcdir)/lib paramsrcdir := $(samba4srcdir)/param diff --git a/source4/Makefile b/source4/Makefile index be41d02a38..38eb0706c9 100644 --- a/source4/Makefile +++ b/source4/Makefile @@ -11,7 +11,7 @@ include mkconfig.mk pidldir := $(srcdir)/../pidl basedir = $(prefix) -torturedir = $(libdir)/torture +torturedir = ../lib/torture swatdir = $(datadir)/swat setupdir = $(datadir)/setup ncalrpcdir = $(localstatedir)/ncalrpc @@ -78,7 +78,7 @@ libutilsrcdir := ../lib/util libtdrsrcdir := lib/tdr libdbwrapsrcdir := lib/dbwrap libcryptosrcdir := ../lib/crypto -libtorturesrcdir := lib/torture +libtorturesrcdir := ../lib/torture smb_serversrcdir := smb_server libcompressionsrcdir := ../lib/compression libgencachesrcdir := lib diff --git a/source4/configure.ac b/source4/configure.ac index cf85b13225..a90ac9e668 100644 --- a/source4/configure.ac +++ b/source4/configure.ac @@ -37,7 +37,7 @@ AC_CONFIG_FILES(lib/registry/registry.pc) AC_CONFIG_FILES(lib/events/events.pc) AC_CONFIG_FILES(librpc/dcerpc.pc) AC_CONFIG_FILES(../librpc/ndr.pc) -AC_CONFIG_FILES(lib/torture/torture.pc) +AC_CONFIG_FILES(../lib/torture/torture.pc) AC_CONFIG_FILES(auth/gensec/gensec.pc) AC_CONFIG_FILES(param/samba-hostconfig.pc) AC_CONFIG_FILES(librpc/dcerpc_samr.pc) diff --git a/source4/main.mk b/source4/main.mk index 278c38454d..0a72487f8a 100644 --- a/source4/main.mk +++ b/source4/main.mk @@ -23,7 +23,7 @@ mkinclude ../lib/util/config.mk mkinclude lib/tdr/config.mk mkinclude lib/dbwrap/config.mk mkinclude ../lib/crypto/config.mk -mkinclude lib/torture/config.mk +mkinclude ../lib/torture/config.mk mkinclude lib/basic.mk mkinclude lib/com/config.mk # WMI fails at the moment diff --git a/source4/torture/rpc/ntsvcs.c b/source4/torture/rpc/ntsvcs.c index 10c1ce21f3..3db79ac8bf 100644 --- a/source4/torture/rpc/ntsvcs.c +++ b/source4/torture/rpc/ntsvcs.c @@ -20,7 +20,7 @@ */ #include "includes.h" -#include "torture/torture.h" +#include "lib/torture/torture.h" #include "torture/rpc/rpc.h" #include "librpc/gen_ndr/ndr_ntsvcs_c.h" #include "torture/util.h" diff --git a/source4/torture/rpc/rpc.h b/source4/torture/rpc/rpc.h index 29b1ebee54..9fd64f18b5 100644 --- a/source4/torture/rpc/rpc.h +++ b/source4/torture/rpc/rpc.h @@ -21,14 +21,13 @@ #ifndef __TORTURE_RPC_H__ #define __TORTURE_RPC_H__ -#include "torture/torture.h" +#include "lib/torture/torture.h" #include "auth/credentials/credentials.h" #include "torture/rpc/drsuapi.h" #include "libnet/libnet_join.h" #include "librpc/rpc/dcerpc.h" #include "libcli/raw/libcliraw.h" #include "torture/rpc/proto.h" -#include "torture/torture.h" struct torture_rpc_tcase { struct torture_tcase tcase; diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h index 3b5a573d83..28e82f3abd 100644 --- a/source4/torture/smbtorture.h +++ b/source4/torture/smbtorture.h @@ -21,7 +21,7 @@ #ifndef __SMBTORTURE_H__ #define __SMBTORTURE_H__ -#include "torture/torture.h" +#include "lib/torture/torture.h" struct smbcli_state; diff --git a/source4/torture/util.h b/source4/torture/util.h index f36d54233d..3609cca7d9 100644 --- a/source4/torture/util.h +++ b/source4/torture/util.h @@ -20,7 +20,7 @@ #ifndef _TORTURE_UTIL_H_ #define _TORTURE_UTIL_H_ -#include "torture/torture.h" +#include "lib/torture/torture.h" struct smbcli_state; struct smbcli_tree; -- cgit From 12f64285ee09954cac447cf9c9fa241fd4b1e59e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 01:35:46 +0100 Subject: Fix merged build. --- source3/samba4.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/samba4.m4 b/source3/samba4.m4 index b99deb8870..5a3ae36884 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -47,7 +47,7 @@ SMB_INCLUDE_MK(lib/zlib.mk) AC_CONFIG_FILES(../source4/lib/registry/registry.pc) AC_CONFIG_FILES(../source4/librpc/dcerpc.pc) AC_CONFIG_FILES(../librpc/ndr.pc) -AC_CONFIG_FILES(../source4/lib/torture/torture.pc) +AC_CONFIG_FILES(../lib/torture/torture.pc) AC_CONFIG_FILES(../source4/auth/gensec/gensec.pc) AC_CONFIG_FILES(../source4/param/samba-hostconfig.pc) AC_CONFIG_FILES(../source4/librpc/dcerpc_samr.pc) -- cgit From 0e553a06ced50bcb947c13a711f59db9e7203eea Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 01:36:17 +0100 Subject: Remove unused init function in subunit code. --- lib/README | 1 + lib/torture/subunit.c | 6 ------ 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/lib/README b/lib/README index b994447f4b..acae62c378 100644 --- a/lib/README +++ b/lib/README @@ -8,3 +8,4 @@ socket_wrapper - Wrapper library allowing TCP/IP traffic to be redirected over Unix domain sockets. talloc - Hierarchical pool based memory allocator tdb - Simple but fast key/value database library, supporting multiple writers +torture - Simple unit testing helper library diff --git a/lib/torture/subunit.c b/lib/torture/subunit.c index d5ee344596..832f11fafc 100644 --- a/lib/torture/subunit.c +++ b/lib/torture/subunit.c @@ -20,11 +20,6 @@ #include "includes.h" #include "lib/torture/torture.h" -static void subunit_init(struct torture_results *results) -{ - /* FIXME: register segv and bus handler */ -} - static void subunit_suite_start(struct torture_context *ctx, struct torture_suite *suite) { @@ -87,7 +82,6 @@ static void subunit_warning(struct torture_context *test, } const struct torture_ui_ops torture_subunit_ui_ops = { - .init = subunit_init, .comment = subunit_comment, .warning = subunit_warning, .test_start = subunit_test_start, -- cgit From e711d7615797c48650bc8159928ab00a68055a6e Mon Sep 17 00:00:00 2001 From: TAKAHASHI Motonobu Date: Sun, 16 Nov 2008 13:17:16 +0100 Subject: Fix bug 5901: Default for streams_depot location --- source3/modules/vfs_streams_depot.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index d8c476f96f..e7ecedaaed 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -117,9 +117,17 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, struct file_id id; uint8 id_buf[16]; + tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); + + if (tmp == NULL) { + errno = ENOMEM; + goto fail; + } + const char *rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", - handle->conn->connectpath); + tmp); + TALLOC_FREE(tmp); if (base_sbuf == NULL) { if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) { -- cgit From 45cf68ce8f9426757c37a8352f9d9104be814407 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 16 Nov 2008 16:19:58 +0100 Subject: s4:torture: fix the build with auto dependencies metze --- lib/torture/config.mk | 1 + source4/lib/registry/config.mk | 2 +- source4/torture/config.mk | 7 ++++--- source4/torture/smb2/config.mk | 2 +- source4/torture/winbind/config.mk | 2 +- 5 files changed, 8 insertions(+), 6 deletions(-) diff --git a/lib/torture/config.mk b/lib/torture/config.mk index 8a7f2a3b6b..abd89260f6 100644 --- a/lib/torture/config.mk +++ b/lib/torture/config.mk @@ -4,6 +4,7 @@ PUBLIC_DEPENDENCIES = \ LIBSAMBA-HOSTCONFIG \ LIBSAMBA-UTIL \ LIBTALLOC +CFLAGS = -I$(libtorturesrcdir) -I$(libtorturesrcdir)/../ torture_VERSION = 0.0.1 torture_SOVERSION = 0 diff --git a/source4/lib/registry/config.mk b/source4/lib/registry/config.mk index 2e2b45abe9..9af61f9632 100644 --- a/source4/lib/registry/config.mk +++ b/source4/lib/registry/config.mk @@ -97,7 +97,7 @@ regtree_OBJ_FILES = $(libregistrysrcdir)/tools/regtree.o MANPAGES += $(libregistrysrcdir)/man/regtree.1 [SUBSYSTEM::torture_registry] -PRIVATE_DEPENDENCIES = registry +PRIVATE_DEPENDENCIES = torture registry torture_registry_OBJ_FILES = $(addprefix $(libregistrysrcdir)/tests/, generic.o hive.o diff.o registry.o) diff --git a/source4/torture/config.mk b/source4/torture/config.mk index 443cdda936..4b4664f101 100644 --- a/source4/torture/config.mk +++ b/source4/torture/config.mk @@ -1,6 +1,6 @@ [SUBSYSTEM::TORTURE_UTIL] PRIVATE_DEPENDENCIES = LIBCLI_RAW -PUBLIC_DEPENDENCIES = POPT_CREDENTIALS +PUBLIC_DEPENDENCIES = torture POPT_CREDENTIALS TORTURE_UTIL_OBJ_FILES = $(addprefix $(torturesrcdir)/, util_smb.o) @@ -89,6 +89,7 @@ mkinclude smb2/config.mk mkinclude winbind/config.mk [SUBSYSTEM::TORTURE_NDR] +PRIVATE_DEPENDENCIES = torture TORTURE_NDR_OBJ_FILES = $(addprefix $(torturesrcdir)/ndr/, ndr.o winreg.o atsvc.o lsa.o epmap.o dfs.o netlogon.o drsuapi.o spoolss.o samr.o) @@ -139,7 +140,7 @@ $(eval $(call proto_header_template,$(torturesrcdir)/rap/proto.h,$(TORTURE_RAP_O SUBSYSTEM = smbtorture PRIVATE_DEPENDENCIES = \ LIBCLI_SMB gensec auth KERBEROS \ - POPT_CREDENTIALS SMBPASSWD + POPT_CREDENTIALS SMBPASSWD torture # End SUBSYSTEM TORTURE_AUTH ################################# @@ -181,7 +182,7 @@ $(eval $(call proto_header_template,$(torturesrcdir)/unix/proto.h,$(TORTURE_UNIX SUBSYSTEM = smbtorture INIT_FUNCTION = torture_ldap_init PRIVATE_DEPENDENCIES = \ - LIBCLI_LDAP LIBCLI_CLDAP SAMDB POPT_CREDENTIALS + LIBCLI_LDAP LIBCLI_CLDAP SAMDB POPT_CREDENTIALS torture # End SUBSYSTEM TORTURE_LDAP ################################# diff --git a/source4/torture/smb2/config.mk b/source4/torture/smb2/config.mk index 9785303629..3a1ac5e06c 100644 --- a/source4/torture/smb2/config.mk +++ b/source4/torture/smb2/config.mk @@ -5,7 +5,7 @@ SUBSYSTEM = smbtorture INIT_FUNCTION = torture_smb2_init PRIVATE_DEPENDENCIES = \ - LIBCLI_SMB2 POPT_CREDENTIALS + LIBCLI_SMB2 POPT_CREDENTIALS torture # End SUBSYSTEM TORTURE_SMB2 ################################# diff --git a/source4/torture/winbind/config.mk b/source4/torture/winbind/config.mk index 15bc51daba..9648a7472b 100644 --- a/source4/torture/winbind/config.mk +++ b/source4/torture/winbind/config.mk @@ -5,7 +5,7 @@ SUBSYSTEM = smbtorture INIT_FUNCTION = torture_winbind_init PRIVATE_DEPENDENCIES = \ - LIBWINBIND-CLIENT + LIBWINBIND-CLIENT torture # End SUBSYSTEM TORTURE_WINBIND ################################# -- cgit From 8c2c62c5eaf7c6adc445950f4917208dc4bced87 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 6 Oct 2008 09:18:50 +0200 Subject: s4:libcli/resolve: don't ignore SIGCHLD anymore This broke ldbedit against a LDAP server, as the editor is called by "system()" which relies on getting something useful out of waitpid(). TODO: we should create a generic infrastructure to handle temporary forks and integrate the signal handling with signal events there. metze --- source4/libcli/resolve/host.c | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/source4/libcli/resolve/host.c b/source4/libcli/resolve/host.c index 1a695432ee..7d779b0678 100644 --- a/source4/libcli/resolve/host.c +++ b/source4/libcli/resolve/host.c @@ -53,10 +53,15 @@ struct host_state { */ static int host_destructor(struct host_state *state) { + int status; + + kill(state->child, SIGTERM); close(state->child_fd); - if (state->child != (pid_t)-1) { - kill(state->child, SIGTERM); + if (waitpid(state->child, &status, WNOHANG) == 0) { + kill(state->child, SIGKILL); + waitpid(state->child, &status, 0); } + return 0; } @@ -90,16 +95,23 @@ static void pipe_handler(struct event_context *ev, struct fd_event *fde, struct host_state *state = talloc_get_type(c->private_data, struct host_state); char address[128]; int ret; + pid_t child = state->child; + int status; /* if we get any event from the child then we know that we won't need to kill it off */ - state->child = (pid_t)-1; + talloc_set_destructor(state, NULL); /* yes, we don't care about EAGAIN or other niceities here. They just can't happen with this parent/child relationship, and even if they did then giving an error is the right thing to do */ ret = read(state->child_fd, address, sizeof(address)-1); + close(state->child_fd); + if (waitpid(state->child, &status, WNOHANG) == 0) { + kill(state->child, SIGKILL); + waitpid(state->child, &status, 0); + } if (ret <= 0) { composite_error(c, NT_STATUS_OBJECT_NAME_NOT_FOUND); return; @@ -164,10 +176,6 @@ struct composite_context *resolve_name_host_send(TALLOC_CTX *mem_ctx, return c; } - /* signal handling in posix really sucks - doing this in a library - affects the whole app, but what else to do?? */ - signal(SIGCHLD, SIG_IGN); - state->child = fork(); if (state->child == (pid_t)-1) { composite_error(c, map_nt_error_from_unix(errno)); -- cgit From 536de25faef82611e61b12126d432368badeed65 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 10 Nov 2008 11:40:31 +1100 Subject: Add a new function to parse a DATA_BLOB into a GUID The reason for this new function is to ensure the length is not discarded when the input is a ldb_val (aka DATA_BLOB) in ldb. Andrew Bartlett --- librpc/ndr/libndr.h | 1 + librpc/ndr/uuid.c | 28 +++++++++++++++++++++------- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index 127f6734e3..ad94c59e90 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -511,6 +511,7 @@ enum ndr_err_code ndr_push_charset(struct ndr_push *ndr, int ndr_flags, const ch /* GUIDs */ bool GUID_equal(const struct GUID *u1, const struct GUID *u2); +NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid); NTSTATUS GUID_from_string(const char *s, struct GUID *guid); NTSTATUS NS_GUID_from_string(const char *s, struct GUID *guid); struct GUID GUID_zero(void); diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c index 1e6ee0a3db..308b5c0688 100644 --- a/librpc/ndr/uuid.c +++ b/librpc/ndr/uuid.c @@ -27,7 +27,7 @@ /** build a GUID from a string */ -_PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid) +_PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid) { NTSTATUS status = NT_STATUS_INVALID_PARAMETER; uint32_t time_low; @@ -36,19 +36,23 @@ _PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid) uint32_t node[6]; int i; - if (s == NULL) { + if (s->data == NULL) { return NT_STATUS_INVALID_PARAMETER; } - if (11 == sscanf(s, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", + if (s->length == 36 && + 11 == sscanf((const char *)s->data, + "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", &time_low, &time_mid, &time_hi_and_version, &clock_seq[0], &clock_seq[1], &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { status = NT_STATUS_OK; - } else if (11 == sscanf(s, "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", - &time_low, &time_mid, &time_hi_and_version, - &clock_seq[0], &clock_seq[1], - &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { + } else if (s->length == 38 + && 11 == sscanf((const char *)s->data, + "{%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x}", + &time_low, &time_mid, &time_hi_and_version, + &clock_seq[0], &clock_seq[1], + &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { status = NT_STATUS_OK; } @@ -68,6 +72,16 @@ _PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid) return NT_STATUS_OK; } +/** + build a GUID from a string +*/ +_PUBLIC_ NTSTATUS GUID_from_string(const char *s, struct GUID *guid) +{ + DATA_BLOB blob = data_blob_string_const(s); + return GUID_from_data_blob(&blob, guid); + return NT_STATUS_OK; +} + /** build a GUID from a string */ -- cgit From 64b6d2d3e3bddd51a792c2ea9a4bdbcfcc5f0666 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Nov 2008 21:26:03 +0100 Subject: lib/util: hex_encode_talloc(): fix error path and set talloc name metze --- lib/util/util.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/lib/util/util.c b/lib/util/util.c index 4e2a5aab09..7548d30b7e 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -701,10 +701,14 @@ _PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx, const unsigned char *buff_ char *hex_buffer; hex_buffer = talloc_array(mem_ctx, char, (len*2)+1); + if (!hex_buffer) { + return NULL; + } for (i = 0; i < len; i++) slprintf(&hex_buffer[i*2], 3, "%02X", buff_in[i]); + talloc_set_name_const(hex_buffer, hex_buffer); return hex_buffer; } -- cgit From 1290b1d3d3ed2c81862fd7ad716e3776e5793632 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Nov 2008 16:02:06 +0100 Subject: s4:librpc/ndr: integrate NDR_MISC into LIBNDR metze --- source4/dsdb/config.mk | 2 +- source4/dsdb/samdb/ldb_modules/config.mk | 8 +++--- source4/lib/ldb-samba/config.mk | 2 +- source4/lib/wmi/config.mk | 2 +- source4/libcli/security/config.mk | 2 +- source4/librpc/config.mk | 42 ++++++++++++++------------------ 6 files changed, 26 insertions(+), 32 deletions(-) diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk index 8bc8b6e000..bd188192a0 100644 --- a/source4/dsdb/config.mk +++ b/source4/dsdb/config.mk @@ -6,7 +6,7 @@ mkinclude samdb/ldb_modules/config.mk # Start SUBSYSTEM SAMDB [SUBSYSTEM::SAMDB] PUBLIC_DEPENDENCIES = HEIMDAL_KRB5 -PRIVATE_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI NDR_DRSBLOBS NSS_WRAPPER \ +PRIVATE_DEPENDENCIES = LIBNDR NDR_DRSUAPI NDR_DRSBLOBS NSS_WRAPPER \ auth_system_session LDAP_ENCODE LIBCLI_AUTH LIBNDR \ SAMDB_SCHEMA LDB_WRAP SAMDB_COMMON diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk index 00e4f1af92..1387066256 100644 --- a/source4/dsdb/samdb/ldb_modules/config.mk +++ b/source4/dsdb/samdb/ldb_modules/config.mk @@ -2,7 +2,7 @@ # Start MODULE ldb_objectguid [MODULE::ldb_objectguid] SUBSYSTEM = LIBLDB -PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR INIT_FUNCTION = LDB_MODULE(objectguid) # End MODULE ldb_objectguid ################################################ @@ -14,7 +14,7 @@ ldb_objectguid_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/objectguid.o [MODULE::ldb_repl_meta_data] SUBSYSTEM = LIBLDB PRIVATE_DEPENDENCIES = SAMDB LIBTALLOC LIBEVENTS \ - LIBNDR NDR_MISC NDR_DRSUAPI \ + LIBNDR NDR_DRSUAPI \ NDR_DRSBLOBS LIBNDR INIT_FUNCTION = LDB_MODULE(repl_meta_data) # End MODULE ldb_repl_meta_data @@ -75,7 +75,7 @@ ldb_pdc_fsmo_OBJ_FILES = \ # Start MODULE ldb_samldb [MODULE::ldb_samldb] SUBSYSTEM = LIBLDB -PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE NDR_MISC SAMDB +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LDAP_ENCODE SAMDB INIT_FUNCTION = LDB_MODULE(samldb) # # End MODULE ldb_samldb @@ -102,7 +102,7 @@ ldb_samba3sam_OBJ_FILES = \ [MODULE::ldb_simple_ldap_map] SUBSYSTEM = LIBLDB INIT_FUNCTION = LDB_MODULE(entryuuid),LDB_MODULE(nsuniqueid) -PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR NDR_MISC +PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBNDR ENABLE = YES ALIASES = entryuuid nsuniqueid # End MODULE ldb_entryuuid diff --git a/source4/lib/ldb-samba/config.mk b/source4/lib/ldb-samba/config.mk index f84b44dfc7..ceacf277e4 100644 --- a/source4/lib/ldb-samba/config.mk +++ b/source4/lib/ldb-samba/config.mk @@ -2,7 +2,7 @@ # Start SUBSYSTEM LDBSAMBA [SUBSYSTEM::LDBSAMBA] PUBLIC_DEPENDENCIES = LIBLDB -PRIVATE_DEPENDENCIES = LIBSECURITY SAMDB_SCHEMA LIBNDR NDR_MISC NDR_DRSBLOBS +PRIVATE_DEPENDENCIES = LIBSECURITY SAMDB_SCHEMA LIBNDR NDR_DRSBLOBS # End SUBSYSTEM LDBSAMBA ################################################ diff --git a/source4/lib/wmi/config.mk b/source4/lib/wmi/config.mk index 28f6c73dcd..3bb1690c7b 100644 --- a/source4/lib/wmi/config.mk +++ b/source4/lib/wmi/config.mk @@ -43,7 +43,7 @@ librpc/gen_ndr/dcom_p.c: idl ####################### # Start LIBRARY swig_dcerpc [PYTHON::pywmi] -PUBLIC_DEPENDENCIES = LIBCLI_SMB NDR_MISC LIBSAMBA-UTIL LIBSAMBA-CONFIG WMI +PUBLIC_DEPENDENCIES = LIBCLI_SMB LIBNDR LIBSAMBA-UTIL LIBSAMBA-CONFIG WMI $(eval $(call python_py_module_template,wmi.py,$(wmisrcdir)/wmi.py)) diff --git a/source4/libcli/security/config.mk b/source4/libcli/security/config.mk index f2883d1ede..30b1f32935 100644 --- a/source4/libcli/security/config.mk +++ b/source4/libcli/security/config.mk @@ -1,5 +1,5 @@ [SUBSYSTEM::LIBSECURITY] -PUBLIC_DEPENDENCIES = NDR_MISC LIBNDR +PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY_OBJ_FILES = $(addprefix $(libclisrcdir)/security/, \ security_token.o security_descriptor.o \ diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index ba4793cc8e..19c76b26e7 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -8,7 +8,7 @@ dcerpcsrcdir = $(librpcsrcdir)/rpc PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBTALLOC LIBSAMBA-UTIL CHARSET \ LIBSAMBA-HOSTCONFIG -LIBNDR_OBJ_FILES = $(addprefix $(ndrsrcdir)/, ndr_string.o) ../librpc/ndr/ndr_basic.o ../librpc/ndr/uuid.o ../librpc/ndr/ndr.o +LIBNDR_OBJ_FILES = $(addprefix $(ndrsrcdir)/, ndr_string.o) ../librpc/ndr/ndr_basic.o ../librpc/ndr/uuid.o ../librpc/ndr/ndr.o $(gen_ndrsrcdir)/ndr_misc.o ../librpc/ndr/ndr_misc.o PC_FILES += ../librpc/ndr.pc LIBNDR_VERSION = 0.0.1 @@ -18,6 +18,7 @@ LIBNDR_SOVERSION = 0 ################################################ PUBLIC_HEADERS += ../librpc/ndr/libndr.h +PUBLIC_HEADERS += $(gen_ndrsrcdir)/misc.h $(gen_ndrsrcdir)/ndr_misc.h ################################# # Start BINARY ndrdump @@ -49,7 +50,7 @@ PUBLIC_DEPENDENCIES = LIBSAMBA-ERRORS LIBNDR NDR_COMPRESSION_OBJ_FILES = ../librpc/ndr/ndr_compression.o [SUBSYSTEM::NDR_SECURITY] -PUBLIC_DEPENDENCIES = NDR_MISC LIBSECURITY +PUBLIC_DEPENDENCIES = LIBNDR LIBSECURITY NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ ../librpc/ndr/ndr_sec_helper.o \ @@ -108,13 +109,6 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY NDR_EFS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_efs.o -[SUBSYSTEM::NDR_MISC] -PUBLIC_DEPENDENCIES = LIBNDR - -NDR_MISC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_misc.o ../librpc/ndr/ndr_misc.o - -PUBLIC_HEADERS += $(gen_ndrsrcdir)/misc.h $(gen_ndrsrcdir)/ndr_misc.h - [SUBSYSTEM::NDR_ROT] PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC @@ -128,7 +122,7 @@ NDR_LSA_OBJ_FILES = $(gen_ndrsrcdir)/ndr_lsa.o PUBLIC_HEADERS += $(gen_ndrsrcdir)/lsa.h [SUBSYSTEM::NDR_DFS] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_DFS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dfs.o @@ -148,7 +142,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_COMPRESSION NDR_SECURITY NDR_SAMR ASN1_UTIL NDR_DRSUAPI_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsuapi.o ../librpc/ndr/ndr_drsuapi.o [SUBSYSTEM::NDR_DRSBLOBS] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_DRSUAPI +PUBLIC_DEPENDENCIES = LIBNDR NDR_DRSUAPI NDR_DRSBLOBS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_drsblobs.o ../librpc/ndr/ndr_drsblobs.o @@ -168,14 +162,14 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY NDR_UNIXINFO_OBJ_FILES = $(gen_ndrsrcdir)/ndr_unixinfo.o [SUBSYSTEM::NDR_SAMR] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_LSA NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_LSA NDR_SECURITY NDR_SAMR_OBJ_FILES = $(gen_ndrsrcdir)/ndr_samr.o PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, gen_ndr/samr.h gen_ndr/ndr_samr.h gen_ndr/ndr_samr_c.h) [SUBSYSTEM::NDR_NFS4ACL] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_SECURITY NDR_NFS4ACL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_nfs4acl.o @@ -191,7 +185,7 @@ NDR_SPOOLSS_BUF_OBJ_FILES = $(ndrsrcdir)/ndr_spoolss_buf.o $(eval $(call proto_header_template,$(ndrsrcdir)/ndr_spoolss_buf.h,$(NDR_SPOOLSS_BUF_OBJ_FILES:.o=.c))) [SUBSYSTEM::NDR_WKSSVC] -PUBLIC_DEPENDENCIES = LIBNDR NDR_SRVSVC NDR_MISC NDR_SECURITY +PUBLIC_DEPENDENCIES = LIBNDR NDR_SRVSVC NDR_SECURITY NDR_WKSSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_wkssvc.o @@ -201,7 +195,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_SVCCTL NDR_SECURITY NDR_SRVSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_srvsvc.o [SUBSYSTEM::NDR_SVCCTL] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_SVCCTL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_svcctl.o @@ -220,7 +214,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_LSA NDR_EVENTLOG_OBJ_FILES = $(gen_ndrsrcdir)/ndr_eventlog.o [SUBSYSTEM::NDR_EPMAPPER] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_EPMAPPER_OBJ_FILES = $(gen_ndrsrcdir)/ndr_epmapper.o @@ -230,7 +224,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_DBGIDL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dbgidl.o [SUBSYSTEM::NDR_DSSETUP] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_DSSETUP_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dssetup.o @@ -245,7 +239,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_WINS_OBJ_FILES = $(gen_ndrsrcdir)/ndr_wins.o [SUBSYSTEM::NDR_WINREG] -PUBLIC_DEPENDENCIES = LIBNDR NDR_INITSHUTDOWN NDR_SECURITY NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_INITSHUTDOWN NDR_SECURITY NDR_WINREG_OBJ_FILES = $(gen_ndrsrcdir)/ndr_winreg.o @@ -270,12 +264,12 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_orpc.o ../librpc/ndr/ndr_orpc.o [SUBSYSTEM::NDR_OXIDRESOLVER] -PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_OXIDRESOLVER_OBJ_FILES = $(gen_ndrsrcdir)/ndr_oxidresolver.o [SUBSYSTEM::NDR_REMACT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_ORPC NDR_REMACT_OBJ_FILES = $(gen_ndrsrcdir)/ndr_remact.o @@ -347,7 +341,7 @@ PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT NDR_SCHANNEL_OBJ_FILES = $(gen_ndrsrcdir)/ndr_schannel.o [SUBSYSTEM::NDR_NBT] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR LIBCLI_NDR_NETLOGON +PUBLIC_DEPENDENCIES = LIBNDR NDR_NBT_BUF NDR_SVCCTL NDR_SECURITY NDR_SAMR LIBCLI_NDR_NETLOGON NDR_NBT_OBJ_FILES = $(gen_ndrsrcdir)/ndr_nbt.o @@ -385,7 +379,7 @@ $(gen_ndrsrcdir)/tables.c: $(IDL_NDR_PARSE_H_FILES) [SUBSYSTEM::NDR_TABLE] PUBLIC_DEPENDENCIES = \ NDR_AUDIOSRV NDR_ECHO NDR_DCERPC \ - NDR_DSBACKUP NDR_EFS NDR_MISC NDR_LSA NDR_DFS NDR_DRSUAPI \ + NDR_DSBACKUP NDR_EFS NDR_LSA NDR_DFS NDR_DRSUAPI \ NDR_POLICYAGENT NDR_UNIXINFO NDR_SAMR NDR_SPOOLSS NDR_WKSSVC NDR_SRVSVC NDR_ATSVC \ NDR_EVENTLOG NDR_EPMAPPER NDR_DBGIDL NDR_DSSETUP NDR_MSGSVC NDR_WINS \ NDR_WINREG NDR_MGMT NDR_PROTECTED_STORAGE NDR_OXIDRESOLVER \ @@ -596,7 +590,7 @@ PUBLIC_DEPENDENCIES = dcerpc NDR_KEYSVC RPC_NDR_KEYSVC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_keysvc_c.o [SUBSYSTEM::NDR_DCERPC] -PUBLIC_DEPENDENCIES = LIBNDR NDR_MISC +PUBLIC_DEPENDENCIES = LIBNDR NDR_DCERPC_OBJ_FILES = $(gen_ndrsrcdir)/ndr_dcerpc.o @@ -634,7 +628,7 @@ PUBLIC_HEADERS += $(addprefix $(librpcsrcdir)/, rpc/dcerpc.h \ [PYTHON::python_dcerpc] LIBRARY_REALNAME = samba/dcerpc/base.$(SHLIBEXT) -PUBLIC_DEPENDENCIES = LIBCLI_SMB NDR_MISC LIBSAMBA-UTIL LIBSAMBA-HOSTCONFIG dcerpc_samr RPC_NDR_LSA DYNCONFIG swig_credentials param +PUBLIC_DEPENDENCIES = LIBCLI_SMB LIBSAMBA-UTIL LIBSAMBA-HOSTCONFIG dcerpc_samr RPC_NDR_LSA DYNCONFIG swig_credentials param python_dcerpc_OBJ_FILES = $(dcerpcsrcdir)/pyrpc.o -- cgit From 69af236e7772e85b7b8dc7045c6737d85f4b189a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Nov 2008 21:27:10 +0100 Subject: librpc/ndr: let GUID_from_data_blob() accept a ndr blob or a hex string too metze --- librpc/ndr/uuid.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c index 308b5c0688..bb8c49254d 100644 --- a/librpc/ndr/uuid.c +++ b/librpc/ndr/uuid.c @@ -23,6 +23,7 @@ #include "includes.h" #include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/ndr_misc.h" /** build a GUID from a string @@ -34,6 +35,8 @@ _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid) uint32_t time_mid, time_hi_and_version; uint32_t clock_seq[2]; uint32_t node[6]; + uint8_t buf16[16]; + DATA_BLOB blob16 = data_blob_const(buf16, sizeof(buf16)); int i; if (s->data == NULL) { @@ -54,6 +57,32 @@ _PUBLIC_ NTSTATUS GUID_from_data_blob(const DATA_BLOB *s, struct GUID *guid) &clock_seq[0], &clock_seq[1], &node[0], &node[1], &node[2], &node[3], &node[4], &node[5])) { status = NT_STATUS_OK; + } else if (s->length == 32) { + size_t rlen = strhex_to_str((char *)blob16.data, blob16.length, + (const char *)s->data, s->length); + if (rlen == blob16.length) { + /* goto the ndr_pull_struct_blob() path */ + status = NT_STATUS_OK; + s = &blob16; + } + } + + if (s->length == 16) { + enum ndr_err_code ndr_err; + struct GUID guid2; + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_new(NULL); + NT_STATUS_HAVE_NO_MEMORY(mem_ctx); + + ndr_err = ndr_pull_struct_blob(s, mem_ctx, NULL, &guid2, + (ndr_pull_flags_fn_t)ndr_pull_GUID); + talloc_free(mem_ctx); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + *guid = guid2; + return NT_STATUS_OK; } if (!NT_STATUS_IS_OK(status)) { -- cgit From 2cff27cefdd7f898349e8853f2c6307d1fb28855 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Nov 2008 21:28:02 +0100 Subject: librpc/ndr: add GUID_hexstring() metze --- librpc/ndr/libndr.h | 1 + librpc/ndr/uuid.c | 25 +++++++++++++++++++++++++ 2 files changed, 26 insertions(+) diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h index ad94c59e90..eafaf688af 100644 --- a/librpc/ndr/libndr.h +++ b/librpc/ndr/libndr.h @@ -519,6 +519,7 @@ bool GUID_all_zero(const struct GUID *u); int GUID_compare(const struct GUID *u1, const struct GUID *u2); char *GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid); char *GUID_string2(TALLOC_CTX *mem_ctx, const struct GUID *guid); +char *GUID_hexstring(TALLOC_CTX *mem_ctx, const struct GUID *guid); char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid); struct GUID GUID_random(void); diff --git a/librpc/ndr/uuid.c b/librpc/ndr/uuid.c index bb8c49254d..aa24ac4494 100644 --- a/librpc/ndr/uuid.c +++ b/librpc/ndr/uuid.c @@ -251,6 +251,31 @@ _PUBLIC_ char *GUID_string2(TALLOC_CTX *mem_ctx, const struct GUID *guid) return ret; } +_PUBLIC_ char *GUID_hexstring(TALLOC_CTX *mem_ctx, const struct GUID *guid) +{ + char *ret; + DATA_BLOB guid_blob; + enum ndr_err_code ndr_err; + TALLOC_CTX *tmp_mem; + + tmp_mem = talloc_new(mem_ctx); + if (!tmp_mem) { + return NULL; + } + ndr_err = ndr_push_struct_blob(&guid_blob, tmp_mem, + NULL, + guid, + (ndr_push_flags_fn_t)ndr_push_GUID); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + talloc_free(tmp_mem); + return NULL; + } + + ret = data_blob_hex_string(mem_ctx, &guid_blob); + talloc_free(tmp_mem); + return ret; +} + _PUBLIC_ char *NS_GUID_string(TALLOC_CTX *mem_ctx, const struct GUID *guid) { return talloc_asprintf(mem_ctx, -- cgit From 6770fd12cc2342a51b3fef43d8432191b6491d15 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Nov 2008 21:31:03 +0100 Subject: s4:dsdb/schema: we don't need to use find_syntax_map_by_ad_oid() as the syntax is already known metze --- source4/dsdb/schema/schema_description.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index c3c37b4653..9e162f28b1 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -80,14 +80,12 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) { char *schema_description; - const struct dsdb_syntax *map = find_syntax_map_by_ad_oid(attribute->attributeSyntax_oid); - const char *syntax = map ? map->ldap_oid : attribute->attributeSyntax_oid; + const char *syntax = attribute->syntax->ldap_oid; TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) { return NULL; } - schema_description = schema_attribute_description(mem_ctx, TARGET_AD_SCHEMA_SUBENTRY, -- cgit From 203544e690ebd0b22ce9ea8388761ca3dc320673 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 13 Nov 2008 21:32:04 +0100 Subject: s4:dsdb/schema: use pointers for rangeLower and rangeUpper. This makes clear there's an value stored in the schema, as they can be '0'. metze --- source4/dsdb/schema/schema.h | 4 ++-- source4/dsdb/schema/schema_init.c | 43 +++++++++++++++++++++++++++++++++++---- 2 files changed, 41 insertions(+), 6 deletions(-) diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h index 68dc8197cb..e8fefb5246 100644 --- a/source4/dsdb/schema/schema.h +++ b/source4/dsdb/schema/schema.h @@ -72,8 +72,8 @@ struct dsdb_attribute { struct ldb_val oMObjectClass; bool isSingleValued; - uint32_t rangeLower; - uint32_t rangeUpper; + uint32_t *rangeLower; + uint32_t *rangeUpper; bool extendedCharsAllowed; uint32_t schemaFlagsEx; diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c index 6561e8ed88..763872cf2b 100644 --- a/source4/dsdb/schema/schema_init.c +++ b/source4/dsdb/schema/schema_init.c @@ -643,6 +643,24 @@ WERROR dsdb_read_prefixes_from_ldb(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, (p)->elem = samdb_result_uint(msg, attr, 0);\ } while (0) +#define GET_UINT32_PTR_LDB(msg, attr, p, elem) do { \ + uint64_t _v = samdb_result_uint64(msg, attr, UINT64_MAX);\ + if (_v == UINT64_MAX) { \ + (p)->elem = NULL; \ + } else if (_v > UINT32_MAX) { \ + d_printf("%s: %s == 0x%llX\n", __location__, \ + attr, (unsigned long long)_v); \ + return WERR_INVALID_PARAM; \ + } else { \ + (p)->elem = talloc(mem_ctx, uint32_t); \ + if (!(p)->elem) { \ + d_printf("%s: talloc failed for %s\n", __location__, attr); \ + return WERR_NOMEM; \ + } \ + *(p)->elem = (uint32_t)_v; \ + } \ +} while (0) + #define GET_GUID_LDB(msg, attr, p, elem) do { \ (p)->elem = samdb_result_guid(msg, attr);\ } while (0) @@ -707,8 +725,8 @@ WERROR dsdb_attribute_from_ldb(const struct dsdb_schema *schema, GET_BLOB_LDB(msg, "oMObjectClass", mem_ctx, attr, oMObjectClass); GET_BOOL_LDB(msg, "isSingleValued", attr, isSingleValued, true); - GET_UINT32_LDB(msg, "rangeLower", attr, rangeLower); - GET_UINT32_LDB(msg, "rangeUpper", attr, rangeUpper); + GET_UINT32_PTR_LDB(msg, "rangeLower", attr, rangeLower); + GET_UINT32_PTR_LDB(msg, "rangeUpper", attr, rangeUpper); GET_BOOL_LDB(msg, "extendedCharsAllowed", attr, extendedCharsAllowed, false); GET_UINT32_LDB(msg, "schemaFlagsEx", attr, schemaFlagsEx); @@ -1260,6 +1278,23 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb } \ } while (0) +#define GET_UINT32_PTR_DS(s, r, attr, p, elem) do { \ + struct drsuapi_DsReplicaAttribute *_a; \ + _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ + if (_a && _a->value_ctr.num_values >= 1 \ + && _a->value_ctr.values[0].blob \ + && _a->value_ctr.values[0].blob->length == 4) { \ + (p)->elem = talloc(mem_ctx, uint32_t); \ + if (!(p)->elem) { \ + d_printf("%s: talloc failed for %s\n", __location__, attr); \ + return WERR_NOMEM; \ + } \ + *(p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\ + } else { \ + (p)->elem = NULL; \ + } \ +} while (0) + #define GET_GUID_DS(s, r, attr, mem_ctx, p, elem) do { \ struct drsuapi_DsReplicaAttribute *_a; \ _a = dsdb_find_object_attr_name(s, r, attr, NULL); \ @@ -1330,8 +1365,8 @@ WERROR dsdb_attribute_from_drsuapi(struct dsdb_schema *schema, GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass); GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true); - GET_UINT32_DS(schema, r, "rangeLower", attr, rangeLower); - GET_UINT32_DS(schema, r, "rangeUpper", attr, rangeUpper); + GET_UINT32_PTR_DS(schema, r, "rangeLower", attr, rangeLower); + GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper); GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false); GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx); -- cgit From 3c0f03ade2862b175dbc147c903b2c6a9bb3c6d2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Nov 2008 08:49:06 +0100 Subject: s4:dsdb/schema: add a function to generate the "extendedAttributeInfo" values metze --- source4/dsdb/schema/schema_description.c | 90 +++++++++++++++++++++++++++++--- source4/utils/ad2oLschema.c | 5 +- 2 files changed, 87 insertions(+), 8 deletions(-) diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 9e162f28b1..754ce43615 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -20,6 +20,7 @@ */ #include "includes.h" #include "dsdb/samdb/samdb.h" +#include "librpc/ndr/libndr.h" #define IF_NULL_FAIL_RET(x) do { \ if (!x) { \ @@ -36,7 +37,12 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, const char *equality, const char *substring, const char *syntax, - bool single_value, bool operational) + bool single_value, bool operational, + uint32_t *range_lower, + uint32_t *range_upper, + const char *property_guid, + const char *property_set_guid, + bool indexed, bool system_only) { char *schema_entry = talloc_asprintf(mem_ctx, "(%s%s%s", seperator, oid, seperator); @@ -55,11 +61,13 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, "SUBSTR %s%s", substring, seperator); IF_NULL_FAIL_RET(schema_entry); } - - schema_entry = talloc_asprintf_append(schema_entry, - "SYNTAX %s%s", syntax, seperator); - IF_NULL_FAIL_RET(schema_entry); - + + if (syntax) { + schema_entry = talloc_asprintf_append(schema_entry, + "SYNTAX %s%s", syntax, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + if (single_value) { schema_entry = talloc_asprintf_append(schema_entry, "SINGLE-VALUE%s", seperator); @@ -71,7 +79,47 @@ char *schema_attribute_description(TALLOC_CTX *mem_ctx, "NO-USER-MODIFICATION%s", seperator); IF_NULL_FAIL_RET(schema_entry); } - + + if (range_lower) { + schema_entry = talloc_asprintf_append(schema_entry, + "RANGE-LOWER '%u'%s", + *range_lower, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (range_upper) { + schema_entry = talloc_asprintf_append(schema_entry, + "RANGE-UPPER '%u'%s", + *range_upper, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (property_guid) { + schema_entry = talloc_asprintf_append(schema_entry, + "PROPERTY-GUID '%s'%s", + property_guid, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (property_set_guid) { + schema_entry = talloc_asprintf_append(schema_entry, + "PROPERTY-SET-GUID '%s'%s", + property_set_guid, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (indexed) { + schema_entry = talloc_asprintf_append(schema_entry, + "INDEXED%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + + if (system_only) { + schema_entry = talloc_asprintf_append(schema_entry, + "SYSTEM-ONLY%s", seperator); + IF_NULL_FAIL_RET(schema_entry); + } + schema_entry = talloc_asprintf_append(schema_entry, ")"); return schema_entry; @@ -94,6 +142,34 @@ char *schema_attribute_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_att attribute->lDAPDisplayName, NULL, NULL, talloc_asprintf(tmp_ctx, "'%s'", syntax), attribute->isSingleValued, + attribute->systemOnly,/* TODO: is this correct? */ + NULL, NULL, NULL, NULL, + false, false); + talloc_free(tmp_ctx); + return schema_description; +} + +char *schema_attribute_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_attribute *attribute) +{ + char *schema_description; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NULL; + } + + schema_description + = schema_attribute_description(mem_ctx, + TARGET_AD_SCHEMA_SUBENTRY, + " ", + attribute->attributeID_oid, + attribute->lDAPDisplayName, + NULL, NULL, NULL, + false, false, + attribute->rangeLower, + attribute->rangeUpper, + GUID_hexstring(tmp_ctx, &attribute->schemaIDGUID), + GUID_hexstring(tmp_ctx, &attribute->attributeSecurityGUID), + (attribute->searchFlags & SEARCH_FLAG_ATTINDEX), attribute->systemOnly); talloc_free(tmp_ctx); return schema_description; diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index c579112b45..c1e74cb3a2 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -278,7 +278,10 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch substring, syntax, single_value, - false); + false, + NULL, NULL, + NULL, NULL, + false, false); if (schema_entry == NULL) { ret.failures++; -- cgit From a1f76f7afef78ecd5bc1b07568011ea1baa03219 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Nov 2008 08:51:59 +0100 Subject: s4:dsdb/schema: add a function to generate the "extendedClassInfo" values metze --- source4/dsdb/schema/schema_description.c | 48 +++++++++++++++++++++++++++++--- source4/utils/ad2oLschema.c | 3 +- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/source4/dsdb/schema/schema_description.c b/source4/dsdb/schema/schema_description.c index 754ce43615..9443c04bb0 100644 --- a/source4/dsdb/schema/schema_description.c +++ b/source4/dsdb/schema/schema_description.c @@ -216,7 +216,8 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, const char *subClassOf, int objectClassCategory, char **must, - char **may) + char **may, + const char *schemaHexGUID) { char *schema_entry = talloc_asprintf(mem_ctx, "(%s%s%s", seperator, oid, seperator); @@ -299,7 +300,14 @@ char *schema_class_description(TALLOC_CTX *mem_ctx, ")%s", seperator); IF_NULL_FAIL_RET(schema_entry); } - + + if (schemaHexGUID) { + schema_entry = talloc_asprintf_append(schema_entry, + "CLASS-GUID '%s'%s", + schemaHexGUID, seperator); + IF_NULL_FAIL_RET(schema_entry); + } + schema_entry = talloc_asprintf_append(schema_entry, ")"); return schema_entry; @@ -325,7 +333,8 @@ char *schema_class_to_description(TALLOC_CTX *mem_ctx, const struct dsdb_class * dsdb_attribute_list(tmp_ctx, class, DSDB_SCHEMA_ALL_MUST), dsdb_attribute_list(tmp_ctx, - class, DSDB_SCHEMA_ALL_MAY)); + class, DSDB_SCHEMA_ALL_MAY), + NULL); talloc_free(tmp_ctx); return schema_description; } @@ -369,7 +378,38 @@ char *schema_class_to_dITContentRule(TALLOC_CTX *mem_ctx, const struct dsdb_clas * ditContentRules * per MS-ADTS * 3.1.1.3.1.1.1 */ - -1, must_attr_list, may_attr_list); + -1, must_attr_list, may_attr_list, + NULL); + talloc_free(tmp_ctx); + return schema_description; +} + +char *schema_class_to_extendedInfo(TALLOC_CTX *mem_ctx, const struct dsdb_class *sclass) +{ + char *schema_description = NULL; + DATA_BLOB guid_blob; + char *guid_hex; + TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NULL; + } + + schema_description + = schema_class_description(mem_ctx, + TARGET_AD_SCHEMA_SUBENTRY, + " ", + sclass->governsID_oid, + sclass->lDAPDisplayName, + NULL, + NULL, /* Must not specify a + * SUP (subclass) in + * ditContentRules + * per MS-ADTS + * 3.1.1.3.1.1.1 */ + -1, NULL, NULL, + GUID_hexstring(tmp_ctx, &sclass->schemaIDGUID)); talloc_free(tmp_ctx); return schema_description; } + + diff --git a/source4/utils/ad2oLschema.c b/source4/utils/ad2oLschema.c index c1e74cb3a2..e926dd1ccc 100644 --- a/source4/utils/ad2oLschema.c +++ b/source4/utils/ad2oLschema.c @@ -369,7 +369,8 @@ static struct schema_conv process_convert(struct ldb_context *ldb, enum dsdb_sch subClassOf, objectClassCategory, must, - may); + may, + NULL); if (schema_entry == NULL) { ret.failures++; return ret; -- cgit From 1d9c88b3885728aba3d7fef85d80501125011f1c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 14 Nov 2008 09:33:08 +0100 Subject: s4:dsdb/schema_fsmo: provide "extendedAttributeInfo" and "extendedClassInfo" metze --- source4/dsdb/samdb/ldb_modules/schema_fsmo.c | 56 ++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) diff --git a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c index 0266654811..df409a8ae3 100644 --- a/source4/dsdb/samdb/ldb_modules/schema_fsmo.c +++ b/source4/dsdb/samdb/ldb_modules/schema_fsmo.c @@ -38,6 +38,10 @@ static int generate_attributeTypes(struct ldb_context *ldb, struct ldb_message * const struct dsdb_schema *schema); static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message *msg, const struct dsdb_schema *schema); +static int generate_extendedAttributeInfo(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); +static int generate_extendedClassInfo(struct ldb_context *ldb, struct ldb_message *msg, + const struct dsdb_schema *schema); static const struct { const char *attr; @@ -54,6 +58,14 @@ static const struct { { .attr = "dITContentRules", .fn = generate_dITContentRules + }, + { + .attr = "extendedAttributeInfo", + .fn = generate_extendedAttributeInfo + }, + { + .attr = "extendedClassInfo", + .fn = generate_extendedClassInfo } }; @@ -322,7 +334,51 @@ static int generate_dITContentRules(struct ldb_context *ldb, struct ldb_message return LDB_SUCCESS; } +static int generate_extendedAttributeInfo(struct ldb_context *ldb, + struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_attribute *attribute; + int ret; + + for (attribute = schema->attributes; attribute; attribute = attribute->next) { + char *val = schema_attribute_to_extendedInfo(msg, attribute); + if (!val) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + ret = ldb_msg_add_string(msg, "extendedAttributeInfo", val); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} + +static int generate_extendedClassInfo(struct ldb_context *ldb, + struct ldb_message *msg, + const struct dsdb_schema *schema) +{ + const struct dsdb_class *sclass; + int ret; + + for (sclass = schema->classes; sclass; sclass = sclass->next) { + char *val = schema_class_to_extendedInfo(msg, sclass); + if (!val) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + ret = ldb_msg_add_string(msg, "extendedClassInfo", val); + if (ret != LDB_SUCCESS) { + return ret; + } + } + + return LDB_SUCCESS; +} /* Add objectClasses, attributeTypes and dITContentRules from the schema object (they are not stored in the database) -- cgit From 9abd45979ee0415c16775f6dfd17a6e421091d5c Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Nov 2008 17:16:39 +1100 Subject: Always validate a DN when constructing from a string in python --- source4/lib/ldb/ldb.i | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/lib/ldb/ldb.i b/source4/lib/ldb/ldb.i index 6187096ab9..6ecbfbfa08 100644 --- a/source4/lib/ldb/ldb.i +++ b/source4/lib/ldb/ldb.i @@ -216,7 +216,7 @@ typedef struct ldb_dn { we do it this way... */ talloc_steal(NULL, ret); - if (ret == NULL) + if (ret == NULL || !ldb_dn_validate(ret)) SWIG_exception(SWIG_ValueError, "unable to parse dn string"); fail: -- cgit From 109719de030cb2432bea991077b12b4cf937c108 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Nov 2008 16:34:59 +1100 Subject: Remove restrictions on number of DN components in LDAP server There is no reason for these restrictions to be in the LDAP server - they belong in the LDB layer. When accepting 'extended' or 'alternate' DNs we can't tell anyway. Andrew Bartlett --- source4/ldap_server/ldap_backend.c | 22 +++++++++------------- 1 file changed, 9 insertions(+), 13 deletions(-) diff --git a/source4/ldap_server/ldap_backend.c b/source4/ldap_server/ldap_backend.c index d0417107f1..2adff2a1df 100644 --- a/source4/ldap_server/ldap_backend.c +++ b/source4/ldap_server/ldap_backend.c @@ -29,17 +29,13 @@ #include "lib/ldb/include/ldb_errors.h" #include "lib/ldb_wrap.h" -#define VALID_DN_SYNTAX(dn,i) do {\ +#define VALID_DN_SYNTAX(dn) do {\ if (!(dn)) {\ return NT_STATUS_NO_MEMORY;\ } else if ( ! ldb_dn_validate(dn)) {\ result = LDAP_INVALID_DN_SYNTAX;\ errstr = "Invalid DN format";\ goto reply;\ - } else if (ldb_dn_get_comp_num(dn) < (i)) {\ - result = LDAP_INVALID_DN_SYNTAX;\ - errstr = "Invalid DN (" #i " components needed for '" #dn "')";\ - goto reply;\ }\ } while(0) @@ -179,7 +175,7 @@ static NTSTATUS ldapsrv_SearchRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); basedn = ldb_dn_new(local_ctx, samdb, req->basedn); - VALID_DN_SYNTAX(basedn, 0); + VALID_DN_SYNTAX(basedn); DEBUG(10, ("SearchRequest: basedn: [%s]\n", req->basedn)); DEBUG(10, ("SearchRequest: filter: [%s]\n", ldb_filter_from_tree(call, req->tree))); @@ -349,7 +345,7 @@ static NTSTATUS ldapsrv_ModifyRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); dn = ldb_dn_new(local_ctx, samdb, req->dn); - VALID_DN_SYNTAX(dn, 0); + VALID_DN_SYNTAX(dn); DEBUG(10, ("ModifyRequest: dn: [%s]\n", req->dn)); @@ -452,7 +448,7 @@ static NTSTATUS ldapsrv_AddRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); dn = ldb_dn_new(local_ctx, samdb, req->dn); - VALID_DN_SYNTAX(dn,1); + VALID_DN_SYNTAX(dn); DEBUG(10, ("AddRequest: dn: [%s]\n", req->dn)); @@ -542,7 +538,7 @@ static NTSTATUS ldapsrv_DelRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); dn = ldb_dn_new(local_ctx, samdb, req->dn); - VALID_DN_SYNTAX(dn,1); + VALID_DN_SYNTAX(dn); DEBUG(10, ("DelRequest: dn: [%s]\n", req->dn)); @@ -588,10 +584,10 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); olddn = ldb_dn_new(local_ctx, samdb, req->dn); - VALID_DN_SYNTAX(olddn, 2); + VALID_DN_SYNTAX(olddn); newrdn = ldb_dn_new(local_ctx, samdb, req->newrdn); - VALID_DN_SYNTAX(newrdn, 1); + VALID_DN_SYNTAX(newrdn); DEBUG(10, ("ModifyDNRequest: olddn: [%s]\n", req->dn)); DEBUG(10, ("ModifyDNRequest: newrdn: [%s]\n", req->newrdn)); @@ -605,7 +601,7 @@ static NTSTATUS ldapsrv_ModifyDNRequest(struct ldapsrv_call *call) if (req->newsuperior) { parentdn = ldb_dn_new(local_ctx, samdb, req->newsuperior); - VALID_DN_SYNTAX(parentdn, 0); + VALID_DN_SYNTAX(parentdn); DEBUG(10, ("ModifyDNRequest: newsuperior: [%s]\n", req->newsuperior)); if (ldb_dn_get_comp_num(parentdn) < 1) { @@ -672,7 +668,7 @@ static NTSTATUS ldapsrv_CompareRequest(struct ldapsrv_call *call) NT_STATUS_HAVE_NO_MEMORY(local_ctx); dn = ldb_dn_new(local_ctx, samdb, req->dn); - VALID_DN_SYNTAX(dn, 1); + VALID_DN_SYNTAX(dn); DEBUG(10, ("CompareRequest: dn: [%s]\n", req->dn)); filter = talloc_asprintf(local_ctx, "(%s=%*s)", req->attribute, -- cgit From 8e1934a3845944ba7d79848368976e82d182e8d1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Nov 2008 13:24:54 +1100 Subject: Use new GUID_from_data_blob This avoid the problem that GUID_from_string now strictly requires no trailing data after the string-form GUID. Andrew Bartlett --- librpc/rpc/binding.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/librpc/rpc/binding.c b/librpc/rpc/binding.c index b755431034..a660989d19 100644 --- a/librpc/rpc/binding.c +++ b/librpc/rpc/binding.c @@ -251,8 +251,8 @@ _PUBLIC_ NTSTATUS dcerpc_parse_binding(TALLOC_CTX *mem_ctx, const char *s, struc if (p && PTR_DIFF(p, s) == 36) { /* 36 is the length of a UUID */ NTSTATUS status; - - status = GUID_from_string(s, &b->object.uuid); + DATA_BLOB blob = data_blob(s, 36); + status = GUID_from_data_blob(&blob, &b->object.uuid); if (NT_STATUS_IS_ERR(status)) { DEBUG(0, ("Failed parsing UUID\n")); -- cgit From 00b63434063a128662d4ce83ce382fc2e6102d22 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Nov 2008 13:26:02 +1100 Subject: The samba3sam test does not really need the extended_dn module (This module has been split up into extended_dn_in, extended_dn_out and extended_dn_store). Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/tests/samba3sam.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py index 7162edcb3d..fa1af2ad61 100644 --- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py +++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py @@ -50,7 +50,7 @@ class MapBaseTestCase(TestCaseInTempDir): "@TO": "sambaDomainName=TESTS," + s3.basedn}) ldb.add({"dn": "@MODULES", - "@LIST": "rootdse,paged_results,server_sort,extended_dn,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"}) + "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"}) ldb.add({"dn": "@PARTITION", "partition": ["%s:%s" % (s4.basedn, s4.url), -- cgit From 5b796adb125174084cfc2a6f04cfdac5e9324ef8 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 14 Nov 2008 09:40:02 +1100 Subject: Print unconvertable ldb element values as base64. If an LDB element cannot be converted into a printable form, we should still print it, just with safety applied. Andrew Bartlett --- source4/lib/ldb/common/ldb_ldif.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/source4/lib/ldb/common/ldb_ldif.c b/source4/lib/ldb/common/ldb_ldif.c index 538ff8feaa..69490e670b 100644 --- a/source4/lib/ldb/common/ldb_ldif.c +++ b/source4/lib/ldb/common/ldb_ldif.c @@ -328,8 +328,10 @@ int ldb_ldif_write(struct ldb_context *ldb, for (j=0;jelements[i].num_values;j++) { struct ldb_val v; ret = a->syntax->ldif_write_fn(ldb, mem_ctx, &msg->elements[i].values[j], &v); - CHECK_RET; - if (ldb_should_b64_encode(&v)) { + if (ret != LDB_SUCCESS) { + v = msg->elements[i].values[j]; + } + if (ret != LDB_SUCCESS || ldb_should_b64_encode(&v)) { ret = fprintf_fn(private_data, "%s:: ", msg->elements[i].name); CHECK_RET; -- cgit From cf5c919c744c714b9be849e4d6424f7df92b328d Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Nov 2008 15:58:12 +1100 Subject: Improve debug when SASL search fails --- source4/libcli/ldap/ldap_bind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/libcli/ldap/ldap_bind.c b/source4/libcli/ldap/ldap_bind.c index a12f7652a5..5e6a5faafa 100644 --- a/source4/libcli/ldap/ldap_bind.c +++ b/source4/libcli/ldap/ldap_bind.c @@ -286,7 +286,7 @@ _PUBLIC_ NTSTATUS ldap_bind_sasl(struct ldap_connection *conn, search = &sasl_mechs_msgs[0]->r.SearchResultEntry; if (search->num_attributes != 1) { - DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d\n", + DEBUG(1, ("Failed to inquire of target's available sasl mechs in rootdse search: wrong number of attributes: %d != 1\n", search->num_attributes)); goto failed; } -- cgit From 16a3a2da78b1f2d5a1077e382a26466944f6c59e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 13 Nov 2008 14:07:29 +1100 Subject: Remove timeout event once we are calling the callback. (Even if the callback takes some time, this isn't a ldb_tdb timeout any more) Andrew Bartlett --- source4/lib/ldb/ldb_tdb/ldb_tdb.c | 9 +++++---- source4/lib/ldb/ldb_tdb/ldb_tdb.h | 1 + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c index 34a4e03965..9e3ad80705 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c @@ -1076,12 +1076,14 @@ static void ltdb_callback(struct event_context *ev, } if (!ctx->callback_failed) { + /* Once we are done, we do not need timeout events */ + talloc_free(ctx->timeout_event); ltdb_request_done(ctx->req, ret); } } static int ltdb_handle_request(struct ldb_module *module, - struct ldb_request *req) + struct ldb_request *req) { struct event_context *ev; struct ltdb_context *ac; @@ -1115,10 +1117,9 @@ static int ltdb_handle_request(struct ldb_module *module, return LDB_ERR_OPERATIONS_ERROR; } - tv.tv_sec = req->starttime + req->timeout; - te = event_add_timed(ev, ac, tv, ltdb_timeout, ac); - if (NULL == te) { + ac->timeout_event = event_add_timed(ev, ac, tv, ltdb_timeout, ac); + if (NULL == ac->timeout_event) { return LDB_ERR_OPERATIONS_ERROR; } diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.h b/source4/lib/ldb/ldb_tdb/ldb_tdb.h index 61e90bccc6..c78a8172c7 100644 --- a/source4/lib/ldb/ldb_tdb/ldb_tdb.h +++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.h @@ -50,6 +50,7 @@ struct ltdb_context { struct ldb_dn *base; enum ldb_scope scope; const char * const *attrs; + struct timed_event *timeout_event; }; /* special record types */ -- cgit From 3d0a3c1078d936a52ce82720ddc09b4037653655 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 5 Nov 2008 12:00:44 +1100 Subject: Add helpful function for comparison of DATA_BLOB elements --- lib/torture/torture.h | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/lib/torture/torture.h b/lib/torture/torture.h index f16d2707bb..73ea1eb643 100644 --- a/lib/torture/torture.h +++ b/lib/torture/torture.h @@ -284,6 +284,21 @@ void torture_result(struct torture_context *test, } \ } while(0) +#define torture_assert_data_blob_equal(torture_ctx,got,expected,cmt)\ + do { const DATA_BLOB __got = (got), __expected = (expected); \ + if (__got.length != __expected.length) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got".len %d did not match "#expected" len %d: %s", \ + (int)__got.length, (int)__expected.length, cmt); \ + return false; \ + } \ + if (memcmp(__got.data, __expected.data, __got.length) != 0) { \ + torture_result(torture_ctx, TORTURE_FAIL, \ + __location__": "#got" of len %d did not match"#expected": %s", (int)__got.length, cmt); \ + return false; \ + } \ + } while(0) + #define torture_assert_file_contains_text(torture_ctx,filename,expected,cmt)\ do { \ char *__got; \ -- cgit From a19df195011f32ccd28451f00d0fe02e2c04d917 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 24 Oct 2008 13:59:01 +1100 Subject: Run the original operation before we update linked attrs This causes the linked attribute modifies to occour after the original operation is entered in the transaction (any failure still fails the lot). This means (I hope) that we can have another module search the originating record when the backlink is created, filling in the GUID and SID for the extended DN. Andrew Bartlett --- source4/dsdb/samdb/ldb_modules/linked_attributes.c | 41 +++++++++++++--------- 1 file changed, 24 insertions(+), 17 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/linked_attributes.c b/source4/dsdb/samdb/ldb_modules/linked_attributes.c index dd199c0137..f16eb215a6 100644 --- a/source4/dsdb/samdb/ldb_modules/linked_attributes.c +++ b/source4/dsdb/samdb/ldb_modules/linked_attributes.c @@ -249,10 +249,14 @@ static int linked_attributes_add(struct ldb_module *module, struct ldb_request * return ldb_next_request(module, req); } - /* start with the first one */ - return la_do_mod_request(ac); + /* start with the original request */ + return la_down_req(ac); } +/* For a delete or rename, we need to find out what linked attributes + * are currently on this DN, and then deal with them. This is the + * callback to the base search */ + static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *ares) { const struct dsdb_attribute *schema_attr; @@ -349,8 +353,8 @@ static int la_mod_search_callback(struct ldb_request *req, struct ldb_reply *are talloc_free(ares); - /* All mods set up, start with the first one */ - ret = la_do_mod_request(ac); + /* Start with the original request */ + ret = la_down_req(ac); if (ret != LDB_SUCCESS) { return ldb_module_done(ac->req, NULL, NULL, ret); } @@ -539,8 +543,8 @@ static int linked_attributes_modify(struct ldb_module *module, struct ldb_reques } else { if (ac->ops) { - /* Jump directly to handling the modifies */ - ret = la_do_mod_request(ac); + /* Start with the original request */ + ret = la_down_req(ac); } else { /* nothing to do for this module, proceed */ talloc_free(ac); @@ -732,12 +736,8 @@ static int la_op_search_callback(struct ldb_request *req, talloc_free(ares); - if (ac->ops) { - /* start the mod requests chain */ - ret = la_do_mod_request(ac); - } else { - ret = la_down_req(ac); - } + /* start the mod requests chain */ + ret = la_down_req(ac); if (ret != LDB_SUCCESS) { return ldb_module_done(ac->req, NULL, NULL, ret); } @@ -840,11 +840,13 @@ static int la_mod_callback(struct ldb_request *req, struct ldb_reply *ares) talloc_free(os); } - /* as last op run the original request */ + /* If we still have modifies in the queue, then run them */ if (ac->ops) { ret = la_do_mod_request(ac); } else { - ret = la_down_req(ac); + /* Otherwise, we are done! */ + ret = ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); } if (ret != LDB_SUCCESS) { @@ -898,6 +900,7 @@ static int la_down_req(struct la_context *ac) return ldb_next_request(ac->module, down_req); } +/* Having done the original operation, then try to fix up all the linked attributes */ static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares) { struct la_context *ac; @@ -920,9 +923,13 @@ static int la_down_callback(struct ldb_request *req, struct ldb_reply *ares) return ldb_module_done(ac->req, NULL, NULL, LDB_ERR_OPERATIONS_ERROR); } - - return ldb_module_done(ac->req, ares->controls, - ares->response, ares->error); + /* If we have modfies to make, then run them */ + if (ac->ops) { + return la_do_mod_request(ac); + } else { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } } _PUBLIC_ const struct ldb_module_ops ldb_linked_attributes_module_ops = { -- cgit From 5e5ccab372035a4e46e83775f40fca1ae5542ada Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 17 Nov 2008 08:37:21 +0100 Subject: net: Fix net rap printq info documentation (bug #5892) Carsten Dumke reported and provided a patch for v3.0 and v3.2. (See 0a7fb721cdc) This fixes the same issue in v3.3 and also changes the auto-generated usage information to give better help about net rap printq info. --- docs-xml/manpages-3/net.8.xml | 2 +- source3/utils/net_rap.c | 9 +++++---- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml index 31fe69d8d3..75f85e1c55 100644 --- a/docs-xml/manpages-3/net.8.xml +++ b/docs-xml/manpages-3/net.8.xml @@ -395,7 +395,7 @@ current network. RAP PRINTQ -RAP PRINTQ LIST <replaceable>QUEUE_NAME</replaceable> +RAP PRINTQ INFO <replaceable>QUEUE_NAME</replaceable> Lists the specified print queue and print jobs on the server. If the QUEUE_NAME is omitted, all diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c index 570e951aee..dd757abd1a 100644 --- a/source3/utils/net_rap.c +++ b/source3/utils/net_rap.c @@ -612,7 +612,7 @@ int net_rap_printq_usage(struct net_context *c, int argc, const char **argv) d_printf( "net rap printq [misc. options] [targets]\n" "\tor\n" - "net rap printq list [] [misc. options] [targets]\n" + "net rap printq info [] [misc. options] [targets]\n" "\tlists the specified queue and jobs on the target server.\n" "\tIf the queue name is not specified, all queues are listed.\n\n"); d_printf( @@ -726,9 +726,10 @@ int net_rap_printq(struct net_context *c, int argc, const char **argv) "info", rap_printq_info, NET_TRANSPORT_RAP, - "Display info about print job", - "net rap printq info\n" - " Display info about print job" + "Display info about print queues and jobs", + "net rap printq info [queue]\n" + " Display info about print jobs in queue.\n" + " If queue is not specified, all queues are listed" }, { "delete", -- cgit From 806a45c3c7e33fad90597f87373a532016e614e3 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Nov 2008 11:01:15 +0100 Subject: Improve the Gemand pam_winbind translation. Signed-off-by: Andreas Schneider --- source3/locale/pam_winbind/de.po | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 642d9d3e12..79ec20ff9e 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -62,7 +62,7 @@ msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" #: ../../nsswitch/pam_winbind.c:601 #, fuzzy msgid "Your account has expired. " -msgstr "Ihr Passwort ist abgelaufen" +msgstr "Ihr Benutzerkonto ist abgelaufen" #: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 msgid "Please contact your System administrator" @@ -70,15 +70,15 @@ msgstr "Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:604 msgid "Your account is disabled. " -msgstr "Ihr Account ist deaktiviert. " +msgstr "Ihr Benutzerkonto ist deaktiviert. " #: ../../nsswitch/pam_winbind.c:607 msgid "Your account has been locked. " -msgstr "Ihr Account wurde gesperrt. " +msgstr "Ihr Benutzerkonto wurde gesperrt. " #: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 msgid "Invalid Trust Account" -msgstr "Ungültiger Maschinen-Account" +msgstr "Ungültiges Maschinen-Konto" #: ../../nsswitch/pam_winbind.c:616 msgid "Access is denied" @@ -103,7 +103,7 @@ msgstr "Tag" #: ../../nsswitch/pam_winbind.c:1253 msgid "Grace login. Please change your password as soon you're online again" -msgstr "" +msgstr "Kulanzanmeldung. Bitte ändern sie ihr Passwort sobald sie wieder online sind" #: ../../nsswitch/pam_winbind.c:1263 msgid "Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable" @@ -115,7 +115,7 @@ msgid "" "with the domain controller. Please verify the system time.\n" msgstr "" "Anforderung eines Kerberos Tickets aufgrund Zeitunterscheid zum \n" -"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die System Zeit.\n" +"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die Systemzeit.\n" #: ../../nsswitch/pam_winbind.c:1356 msgid "Your password " @@ -133,7 +133,7 @@ msgstr "kann keines der %d vorherigen Passwörter enthalten; " #: ../../nsswitch/pam_winbind.c:1382 msgid "must contain capitals, numerals or punctuation; and cannot contain your account or full name; " -msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Anmelde- oder Vollnamen enthalten; " +msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Benutzer- oder vollen Namen enthalten; " #: ../../nsswitch/pam_winbind.c:1392 msgid "Please type a different password. Type a password which meets these requirements in both text boxes." -- cgit From 29f2ca8ff2b0ea5ac4639530d2d10eecff0d5eec Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Sun, 16 Nov 2008 16:31:31 +0800 Subject: Fix broken msgids in ntstatus_errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/nsswitch/pam_winbind.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index c164f8e72a..1daa05ea17 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -598,14 +598,14 @@ static const struct ntstatus_errors { {"NT_STATUS_INVALID_LOGON_HOURS", N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", - N_("Your account has expired. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account has expired. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", - N_("Your account is disabled. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account is disabled. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", - N_("Your account has been locked. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account has been locked. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", -- cgit From 327d2be4529722b69e1663858f634a79c5091ed9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 17 Nov 2008 10:51:39 +0100 Subject: s4:dsdb/samdb: don't allow objects without objectClass We're using @ROOTDSE instead of CN=ROOTDSE. metze --- source4/dsdb/samdb/ldb_modules/objectclass.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 7d00851792..1d240a33fe 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -414,10 +414,10 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) return ldb_next_request(module, req); } - /* Need to object to this, but cn=rootdse doesn't have an objectClass... */ + /* the objectClass must be specified on add */ if (ldb_msg_find_element(req->op.add.message, "objectClass") == NULL) { - return ldb_next_request(module, req); + return LDB_ERR_OBJECT_CLASS_VIOLATION; } ac = oc_init_context(module, req); -- cgit From f09231254e2777dd8a1bb5555897139eec2d0b5b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 13:06:42 +0100 Subject: pam_winbind: rerun genmsg after Bo Yang's fixes. Guenther --- source3/locale/pam_winbind/de.po | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 79ec20ff9e..5a7223d63d 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2008-11-13 17:21+0100\n" +"POT-Creation-Date: 2008-11-17 12:00+0100\n" "PO-Revision-Date: 2008-11-13 14:29+0100\n" "Last-Translator: Guenther Deschner \n" "MIME-Version: 1.0\n" @@ -60,21 +60,16 @@ msgid "You are not allowed to logon at this time" msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" #: ../../nsswitch/pam_winbind.c:601 -#, fuzzy -msgid "Your account has expired. " -msgstr "Ihr Benutzerkonto ist abgelaufen" - -#: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 -msgid "Please contact your System administrator" -msgstr "Bitte kontaktieren Sie ihren System-Administrator" +msgid "Your account has expired. Please contact your System administrator" +msgstr "Ihr Benutzerkonto ist abgelaufen. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:604 -msgid "Your account is disabled. " -msgstr "Ihr Benutzerkonto ist deaktiviert. " +msgid "Your account is disabled. Please contact your System administrator" +msgstr "Ihr Benutzerkonto ist deaktiviert. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:607 -msgid "Your account has been locked. " -msgstr "Ihr Benutzerkonto wurde gesperrt. " +msgid "Your account has been locked. Please contact your System administrator" +msgstr "Ihr Benutzerkonto wurde gesperrt. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 msgid "Invalid Trust Account" -- cgit From 7d5f3f51b0f576d99e22fdb95e013b857071f978 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 09:48:56 +0100 Subject: ntsvcs: remove todo from PNP_GetDeviceList. Guenther --- librpc/idl/ntsvcs.idl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/librpc/idl/ntsvcs.idl b/librpc/idl/ntsvcs.idl index d50243534e..be7fcdff13 100644 --- a/librpc/idl/ntsvcs.idl +++ b/librpc/idl/ntsvcs.idl @@ -70,7 +70,7 @@ interface ntsvcs /******************/ /* Function: 0x0a */ - [todo] WERROR PNP_GetDeviceList( + WERROR PNP_GetDeviceList( [in,unique] [string,charset(UTF16)] uint16 *filter, [out,ref] [size_is(*length),length_is(*length)] uint16 *buffer, [in,out,ref] uint32 *length, -- cgit From fea323bdf3e4b87af87a8b69e9e528e04e34fe07 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 00:30:11 +0100 Subject: s4-smbtorture: add PNP_GetDeviceRegProp test for ntsvcs testsuite. Guenther --- source4/torture/rpc/ntsvcs.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/source4/torture/rpc/ntsvcs.c b/source4/torture/rpc/ntsvcs.c index 3db79ac8bf..5453102039 100644 --- a/source4/torture/rpc/ntsvcs.c +++ b/source4/torture/rpc/ntsvcs.c @@ -108,6 +108,44 @@ static bool test_PNP_GetDeviceList(struct torture_context *tctx, return true; } +static bool test_PNP_GetDeviceRegProp(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + NTSTATUS status; + struct PNP_GetDeviceRegProp r; + + enum winreg_Type reg_data_type = REG_NONE; + uint32_t buffer_size = 0; + uint32_t needed = 0; + uint8_t *buffer; + + buffer = talloc(tctx, uint8_t); + + r.in.devicepath = "ACPI\\ACPI0003\\1"; + r.in.property = DEV_REGPROP_DESC; + r.in.flags = 0; + r.in.reg_data_type = ®_data_type; + r.in.buffer_size = &buffer_size; + r.in.needed = &needed; + r.out.buffer = buffer; + r.out.reg_data_type = ®_data_type; + r.out.buffer_size = &buffer_size; + r.out.needed = &needed; + + status = dcerpc_PNP_GetDeviceRegProp(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceRegProp"); + + if (W_ERROR_EQUAL(r.out.result, WERR_CM_BUFFER_SMALL)) { + + buffer = talloc_array(tctx, uint8_t, needed); + r.in.buffer_size = &needed; + + status = dcerpc_PNP_GetDeviceRegProp(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "PNP_GetDeviceRegProp"); + } + + return true; +} struct torture_suite *torture_rpc_ntsvcs(TALLOC_CTX *mem_ctx) { @@ -118,6 +156,8 @@ struct torture_suite *torture_rpc_ntsvcs(TALLOC_CTX *mem_ctx) tcase = torture_suite_add_rpc_iface_tcase(suite, "ntsvcs", &ndr_table_ntsvcs); + test = torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceRegProp", + test_PNP_GetDeviceRegProp); test = torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceList", test_PNP_GetDeviceList); test = torture_rpc_tcase_add_test(tcase, "PNP_GetDeviceListSize", -- cgit From 2fbdf22541497b56143083863bf1ffe5af7487fd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 00:52:50 +0100 Subject: s3-rpcclient: fill in unknowns in cmd_ntsvcs_get_hw_prof_info. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 7a25352943..11f16d3462 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -122,15 +122,15 @@ static WERROR cmd_ntsvcs_get_hw_prof_info(struct rpc_pipe_client *cli, WERROR werr; uint32_t idx = 0; struct PNP_HwProfInfo info; - uint32_t unknown1 = 0, unknown2 = 0; + uint32_t size = 0, flags = 0; ZERO_STRUCT(info); status = rpccli_PNP_GetHwProfInfo(cli, mem_ctx, idx, &info, - unknown1, - unknown2, + size, + flags, &werr); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); -- cgit From 2d44f72c337f9877ce5931893914d47c437d205a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 10:18:35 +0100 Subject: s4-smbtorture: pure reformatting of svcctl test. Guenther --- source4/torture/rpc/svcctl.c | 49 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 25 deletions(-) diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index c9006baaf5..818b578679 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -1,19 +1,19 @@ -/* +/* Unix SMB/CIFS implementation. test suite for srvsvc rpc operations Copyright (C) Jelmer Vernooij 2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -26,28 +26,28 @@ static bool test_OpenSCManager(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *h) { struct svcctl_OpenSCManagerW r; - + r.in.MachineName = NULL; r.in.DatabaseName = NULL; r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; r.out.handle = h; - - torture_assert_ntstatus_ok(tctx, - dcerpc_svcctl_OpenSCManagerW(p, tctx, &r), - "OpenSCManager failed!"); - + + torture_assert_ntstatus_ok(tctx, + dcerpc_svcctl_OpenSCManagerW(p, tctx, &r), + "OpenSCManager failed!"); + return true; } static bool test_CloseServiceHandle(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *h) { - struct svcctl_CloseServiceHandle r; + struct svcctl_CloseServiceHandle r; r.in.handle = h; r.out.handle = h; - torture_assert_ntstatus_ok(tctx, - dcerpc_svcctl_CloseServiceHandle(p, tctx, &r), - "CloseServiceHandle failed"); + torture_assert_ntstatus_ok(tctx, + dcerpc_svcctl_CloseServiceHandle(p, tctx, &r), + "CloseServiceHandle failed"); return true; } @@ -59,7 +59,7 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ int i; NTSTATUS status; uint32_t resume_handle = 0; - struct ENUM_SERVICE_STATUS *service = NULL; + struct ENUM_SERVICE_STATUS *service = NULL; if (!test_OpenSCManager(p, tctx, &h)) return false; @@ -81,7 +81,7 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { r.in.buf_size = *r.out.bytes_needed; r.out.service = talloc_array(tctx, uint8_t, *r.out.bytes_needed); - + status = dcerpc_svcctl_EnumServicesStatusW(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!"); @@ -93,14 +93,14 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ for(i = 0; i < *r.out.services_returned; i++) { printf("Type: %d, State: %d\n", service[i].status.type, service[i].status.state); } - + if (!test_CloseServiceHandle(p, tctx, &h)) return false; return true; } -static bool test_SCManager(struct torture_context *tctx, +static bool test_SCManager(struct torture_context *tctx, struct dcerpc_pipe *p) { struct policy_handle h; @@ -119,13 +119,12 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx) struct torture_suite *suite = torture_suite_create(mem_ctx, "SVCCTL"); struct torture_rpc_tcase *tcase; - tcase = torture_suite_add_rpc_iface_tcase(suite, "svcctl", - &ndr_table_svcctl); - - torture_rpc_tcase_add_test(tcase, "SCManager", - test_SCManager); - torture_rpc_tcase_add_test(tcase, "EnumServicesStatus", - test_EnumServicesStatus); + tcase = torture_suite_add_rpc_iface_tcase(suite, "svcctl", &ndr_table_svcctl); + + torture_rpc_tcase_add_test(tcase, "SCManager", + test_SCManager); + torture_rpc_tcase_add_test(tcase, "EnumServicesStatus", + test_EnumServicesStatus); return suite; } -- cgit From 880e232e7ea57531bd9dcb26f130a174534eea6a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:24:10 +0100 Subject: svcctl: fix idl for svcctl_QueryServiceStatusEx. Guenther --- librpc/idl/svcctl.idl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index fa8e10988c..5050098518 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -545,9 +545,9 @@ import "misc.idl", "security.idl"; WERROR svcctl_QueryServiceStatusEx( [in,ref] policy_handle *handle, [in] uint32 info_level, - [out] uint8 buffer[buf_size], - [in] uint32 buf_size, - [out,ref] uint32 *bytes_needed + [out,ref,size_is(buf_size)] uint8 *buffer, + [in] [range(0,8192)] uint32 buf_size, + [out,ref] [range(0,8192)] uint32 *bytes_needed ); /*****************/ -- cgit From b43c3a36a7b8950421bd2f4b9c9eea809fd6f0dc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:24:52 +0100 Subject: s4-smbtorture: add test for svcctl_QueryServiceStatusEx. Guenther --- source4/torture/rpc/svcctl.c | 68 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 68 insertions(+) diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 818b578679..2683366866 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -52,6 +52,72 @@ static bool test_CloseServiceHandle(struct dcerpc_pipe *p, struct torture_contex return true; } +static bool test_OpenService(struct dcerpc_pipe *p, struct torture_context *tctx, + struct policy_handle *h, const char *name, struct policy_handle *s) +{ + struct svcctl_OpenServiceW r; + + r.in.scmanager_handle = h; + r.in.ServiceName = name; + r.in.access_mask = SEC_FLAG_MAXIMUM_ALLOWED; + r.out.handle = s; + + torture_assert_ntstatus_ok(tctx, + dcerpc_svcctl_OpenServiceW(p, tctx, &r), + "OpenServiceW failed!"); + torture_assert_werr_ok(tctx, r.out.result, "OpenServiceW failed!"); + + return true; + +} + +static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerpc_pipe *p) +{ + struct svcctl_QueryServiceStatusEx r; + struct policy_handle h, s; + NTSTATUS status; + + uint32_t info_level = 0; + uint8_t *buffer; + uint32_t buf_size = 0; + uint32_t bytes_needed = 0; + + if (!test_OpenSCManager(p, tctx, &h)) + return false; + + if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + return false; + + buffer = talloc(tctx, uint8_t); + + r.in.handle = &s; + r.in.info_level = 0; + r.in.buf_size = buf_size; + r.out.buffer = buffer; + r.out.bytes_needed = &bytes_needed; + + status = dcerpc_svcctl_QueryServiceStatusEx(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!"); + + if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) { + r.in.buf_size = bytes_needed; + buffer = talloc_array(tctx, uint8_t, bytes_needed); + r.out.buffer = buffer; + + status = dcerpc_svcctl_QueryServiceStatusEx(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatusEx failed!"); + torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatusEx failed!"); + } + + if (!test_CloseServiceHandle(p, tctx, &s)) + return false; + + if (!test_CloseServiceHandle(p, tctx, &h)) + return false; + + return true; +} + static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p) { struct svcctl_EnumServicesStatusW r; @@ -125,6 +191,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx) test_SCManager); torture_rpc_tcase_add_test(tcase, "EnumServicesStatus", test_EnumServicesStatus); + torture_rpc_tcase_add_test(tcase, "QueryServiceStatusEx", + test_QueryServiceStatusEx); return suite; } -- cgit From c0db253507569804e0cc852a58b5fa9117ebc92e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:25:30 +0100 Subject: s4-smbtorture: fix test for svcctl_EnumServicesStatusW. Guenther --- source4/torture/rpc/svcctl.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 2683366866..4c5ccd75ee 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -126,6 +126,8 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ NTSTATUS status; uint32_t resume_handle = 0; struct ENUM_SERVICE_STATUS *service = NULL; + uint32_t bytes_needed = 0; + uint32_t services_returned = 0; if (!test_OpenSCManager(p, tctx, &h)) return false; @@ -137,16 +139,16 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ r.in.resume_handle = &resume_handle; r.out.service = NULL; r.out.resume_handle = &resume_handle; - r.out.services_returned = 0; - r.out.bytes_needed = 0; + r.out.services_returned = &services_returned; + r.out.bytes_needed = &bytes_needed; status = dcerpc_svcctl_EnumServicesStatusW(p, tctx, &r); torture_assert_ntstatus_ok(tctx, status, "EnumServicesStatus failed!"); if (W_ERROR_EQUAL(r.out.result, WERR_MORE_DATA)) { - r.in.buf_size = *r.out.bytes_needed; - r.out.service = talloc_array(tctx, uint8_t, *r.out.bytes_needed); + r.in.buf_size = bytes_needed; + r.out.service = talloc_array(tctx, uint8_t, bytes_needed); status = dcerpc_svcctl_EnumServicesStatusW(p, tctx, &r); @@ -156,7 +158,7 @@ static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_ service = (struct ENUM_SERVICE_STATUS *)r.out.service; } - for(i = 0; i < *r.out.services_returned; i++) { + for(i = 0; i < services_returned; i++) { printf("Type: %d, State: %d\n", service[i].status.type, service[i].status.state); } -- cgit From 4e0bbb6e7919212572ba66b8808d8cef1ec3e772 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:26:25 +0100 Subject: svcctl: fix idl for EnumServicesStatusExW. Guenther --- librpc/idl/svcctl.idl | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 5050098518..92360501fb 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -572,12 +572,12 @@ import "misc.idl", "security.idl"; [in] uint32 info_level, [in] uint32 type, [in] uint32 state, - [out] uint8 services[buf_size], - [in] uint32 buf_size, - [out,ref] uint32 *bytes_needed, - [out,ref] uint32 *service_returned, - [in,out,unique] uint32 *resume_handle, - [out,ref] [string,charset(UTF16)] uint16 **group_name + [out,ref,size_is(buf_size)] uint8 *services, + [in] [range(0,262144)] uint32 buf_size, + [out,ref] [range(0,262144)] uint32 *bytes_needed, + [out,ref] [range(0,262144)] uint32 *service_returned, + [in,out,unique] [range(0,262144)] uint32 *resume_handle, + [in,unique] [string,charset(UTF16)] uint16 *group_name ); /*****************/ -- cgit From abbd539082022166b7e3a222eb3dc050b3ae7279 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:29:03 +0100 Subject: svcctl: fix idl for svcctl_QueryServiceConfig2W. Guenther --- librpc/idl/svcctl.idl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 92360501fb..7e18245e86 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -535,9 +535,9 @@ import "misc.idl", "security.idl"; WERROR svcctl_QueryServiceConfig2W( [in,ref] policy_handle *handle, [in] uint32 info_level, - [out] uint8 buffer[buf_size], - [in] uint32 buf_size, - [out,ref] uint32 *bytes_needed + [out,ref,size_is(buf_size)] uint8 *buffer, + [in] [range(0,8192)] uint32 buf_size, + [out,ref] [range(0,8192)] uint32 *bytes_needed ); /*****************/ -- cgit From 2409f216cfb74079687929d670b8ebc29e54a038 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:36:47 +0100 Subject: s4-smbtorture: add test for svcctl_QueryServiceConfig2W. Guenther --- source4/torture/rpc/svcctl.c | 49 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 4c5ccd75ee..0e440a3621 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -118,6 +118,53 @@ static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerp return true; } +static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerpc_pipe *p) +{ + struct svcctl_QueryServiceConfig2W r; + struct policy_handle h, s; + NTSTATUS status; + + uint32_t info_level = 0; + uint8_t *buffer; + uint32_t buf_size = 0; + uint32_t bytes_needed = 0; + + if (!test_OpenSCManager(p, tctx, &h)) + return false; + + if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + return false; + + buffer = talloc(tctx, uint8_t); + + r.in.handle = &s; + r.in.info_level = 1; + r.in.buf_size = buf_size; + r.out.buffer = buffer; + r.out.bytes_needed = &bytes_needed; + + status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!"); + + if (W_ERROR_EQUAL(r.out.result, WERR_INSUFFICIENT_BUFFER)) { + r.in.buf_size = bytes_needed; + buffer = talloc_array(tctx, uint8_t, bytes_needed); + r.out.buffer = buffer; + + status = dcerpc_svcctl_QueryServiceConfig2W(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "QueryServiceConfig2W failed!"); + torture_assert_werr_ok(tctx, r.out.result, "QueryServiceConfig2W failed!"); + } + + if (!test_CloseServiceHandle(p, tctx, &s)) + return false; + + if (!test_CloseServiceHandle(p, tctx, &h)) + return false; + + return true; +} + static bool test_EnumServicesStatus(struct torture_context *tctx, struct dcerpc_pipe *p) { struct svcctl_EnumServicesStatusW r; @@ -195,6 +242,8 @@ struct torture_suite *torture_rpc_svcctl(TALLOC_CTX *mem_ctx) test_EnumServicesStatus); torture_rpc_tcase_add_test(tcase, "QueryServiceStatusEx", test_QueryServiceStatusEx); + torture_rpc_tcase_add_test(tcase, "QueryServiceConfig2W", + test_QueryServiceConfig2W); return suite; } -- cgit From 738d066768a8aebf0d9522e49d30e2df0ad4f07b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:41:40 +0100 Subject: svcctl: fix idl for svcctl_EnumServicesStatusW. Guenther --- librpc/idl/svcctl.idl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 7e18245e86..381fd6356a 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -218,10 +218,10 @@ import "misc.idl", "security.idl"; [in,ref] policy_handle *handle, [in] uint32 type, [in] uint32 state, - [in] uint32 buf_size, - [out,size_is(buf_size)] uint8 service[*], - [out,ref] uint32 *bytes_needed, - [out,ref] uint32 *services_returned, + [out,ref,size_is(buf_size)] uint8 *service, + [in] [range(0,262144)] uint32 buf_size, + [out,ref] [range(0,262144)] uint32 *bytes_needed, + [out,ref] [range(0,262144)] uint32 *services_returned, [in,out,unique] uint32 *resume_handle ); -- cgit From 5b4140a99767db9f0dfa02049e4dcff23a7fdb83 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:54:16 +0100 Subject: svcctl: fill in SERVICE_CONTROL from s3. Guenther --- librpc/idl/svcctl.idl | 12 +++++++++--- source3/include/rpc_svcctl.h | 8 -------- source3/librpc/gen_ndr/cli_svcctl.c | 2 +- source3/librpc/gen_ndr/cli_svcctl.h | 2 +- source3/librpc/gen_ndr/ndr_svcctl.c | 34 +++++++++++++++++++++++++++++++--- source3/librpc/gen_ndr/ndr_svcctl.h | 1 + source3/librpc/gen_ndr/svcctl.h | 14 +++++++++++--- 7 files changed, 54 insertions(+), 19 deletions(-) diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 381fd6356a..4b88f5e5f4 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -89,13 +89,19 @@ import "misc.idl", "security.idl"; /*****************/ /* Function 0x01 */ - typedef enum { - FIXME=1 + /* Service Controls */ + + typedef [v1_enum] enum { + SVCCTL_CONTROL_STOP = 0x00000001, + SVCCTL_CONTROL_PAUSE = 0x00000002, + SVCCTL_CONTROL_CONTINUE = 0x00000003, + SVCCTL_CONTROL_INTERROGATE = 0x00000004, + SVCCTL_CONTROL_SHUTDOWN = 0x00000005 } SERVICE_CONTROL; WERROR svcctl_ControlService( [in,ref] policy_handle *handle, - [in] uint32 control, + [in] SERVICE_CONTROL control, [out,ref] SERVICE_STATUS *service_status ); diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h index 27858405e7..7dd849d5b4 100644 --- a/source3/include/rpc_svcctl.h +++ b/source3/include/rpc_svcctl.h @@ -103,14 +103,6 @@ #define SVCCTL_DEMAND_START 0x00000003 #define SVCCTL_DISABLED 0x00000004 -/* Service Controls */ - -#define SVCCTL_CONTROL_STOP 0x00000001 -#define SVCCTL_CONTROL_PAUSE 0x00000002 -#define SVCCTL_CONTROL_CONTINUE 0x00000003 -#define SVCCTL_CONTROL_INTERROGATE 0x00000004 -#define SVCCTL_CONTROL_SHUTDOWN 0x00000005 - #define SVC_HANDLE_IS_SCM 0x0000001 #define SVC_HANDLE_IS_SERVICE 0x0000002 #define SVC_HANDLE_IS_DBLOCK 0x0000003 diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index e5fd4dac87..f67b447c6a 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -53,7 +53,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint32_t control /* [in] */, + enum SERVICE_CONTROL control /* [in] */, struct SERVICE_STATUS *service_status /* [out] [ref] */, WERROR *werror) { diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 02abbadf1e..4e4e223243 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -8,7 +8,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint32_t control /* [in] */, + enum SERVICE_CONTROL control /* [in] */, struct SERVICE_STATUS *service_status /* [out] [ref] */, WERROR *werror); NTSTATUS rpccli_svcctl_DeleteService(struct rpc_pipe_client *cli, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index d04c89b9a1..b417ba0a5c 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -297,6 +297,34 @@ _PUBLIC_ void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *nam ndr->depth--; } +static enum ndr_err_code ndr_push_SERVICE_CONTROL(struct ndr_push *ndr, int ndr_flags, enum SERVICE_CONTROL r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_SERVICE_CONTROL(struct ndr_pull *ndr, int ndr_flags, enum SERVICE_CONTROL *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r) +{ + const char *val = NULL; + + switch (r) { + case SVCCTL_CONTROL_STOP: val = "SVCCTL_CONTROL_STOP"; break; + case SVCCTL_CONTROL_PAUSE: val = "SVCCTL_CONTROL_PAUSE"; break; + case SVCCTL_CONTROL_CONTINUE: val = "SVCCTL_CONTROL_CONTINUE"; break; + case SVCCTL_CONTROL_INTERROGATE: val = "SVCCTL_CONTROL_INTERROGATE"; break; + case SVCCTL_CONTROL_SHUTDOWN: val = "SVCCTL_CONTROL_SHUTDOWN"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + static enum ndr_err_code ndr_push_svcctl_MgrAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); @@ -646,7 +674,7 @@ static enum ndr_err_code ndr_push_svcctl_ControlService(struct ndr_push *ndr, in return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.control)); + NDR_CHECK(ndr_push_SERVICE_CONTROL(ndr, NDR_SCALARS, r->in.control)); } if (flags & NDR_OUT) { if (r->out.service_status == NULL) { @@ -672,7 +700,7 @@ static enum ndr_err_code ndr_pull_svcctl_ControlService(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.control)); + NDR_CHECK(ndr_pull_SERVICE_CONTROL(ndr, NDR_SCALARS, &r->in.control)); NDR_PULL_ALLOC(ndr, r->out.service_status); ZERO_STRUCTP(r->out.service_status); } @@ -703,7 +731,7 @@ _PUBLIC_ void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "control", r->in.control); + ndr_print_SERVICE_CONTROL(ndr, "control", r->in.control); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ndr_svcctl.h b/source3/librpc/gen_ndr/ndr_svcctl.h index 0bebd3401a..8d7739a7db 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.h +++ b/source3/librpc/gen_ndr/ndr_svcctl.h @@ -106,6 +106,7 @@ void ndr_print_ENUM_SERVICE_STATUS(struct ndr_print *ndr, const char *name, cons enum ndr_err_code ndr_push_svcctl_ServerType(struct ndr_push *ndr, int ndr_flags, uint32_t r); enum ndr_err_code ndr_pull_svcctl_ServerType(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *name, uint32_t r); +void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r); void ndr_print_svcctl_MgrAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r); diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index b098eb1c42..631cc2af7a 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -81,11 +81,19 @@ struct ENUM_SERVICE_STATUS { enum SERVICE_CONTROL #ifndef USE_UINT_ENUMS { - FIXME=1 + SVCCTL_CONTROL_STOP=0x00000001, + SVCCTL_CONTROL_PAUSE=0x00000002, + SVCCTL_CONTROL_CONTINUE=0x00000003, + SVCCTL_CONTROL_INTERROGATE=0x00000004, + SVCCTL_CONTROL_SHUTDOWN=0x00000005 } #else { __donnot_use_enum_SERVICE_CONTROL=0x7FFFFFFF} -#define FIXME ( 1 ) +#define SVCCTL_CONTROL_STOP ( 0x00000001 ) +#define SVCCTL_CONTROL_PAUSE ( 0x00000002 ) +#define SVCCTL_CONTROL_CONTINUE ( 0x00000003 ) +#define SVCCTL_CONTROL_INTERROGATE ( 0x00000004 ) +#define SVCCTL_CONTROL_SHUTDOWN ( 0x00000005 ) #endif ; @@ -137,7 +145,7 @@ struct svcctl_CloseServiceHandle { struct svcctl_ControlService { struct { struct policy_handle *handle;/* [ref] */ - uint32_t control; + enum SERVICE_CONTROL control; } in; struct { -- cgit From 0e801722e335c1bd17897848bf63d2acf4576b2e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:54:46 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_svcctl.c | 34 +++---- source3/librpc/gen_ndr/cli_svcctl.h | 32 +++---- source3/librpc/gen_ndr/ndr_svcctl.c | 182 +++++++++++++++++++++++++----------- source3/librpc/gen_ndr/srv_svcctl.c | 6 -- source3/librpc/gen_ndr/svcctl.h | 34 +++---- 5 files changed, 179 insertions(+), 109 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index f67b447c6a..9f11a40d7e 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -702,10 +702,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli, struct policy_handle *handle /* [in] [ref] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint32_t buf_size /* [in] */, - uint8_t *service /* [out] [size_is(buf_size)] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *services_returned /* [out] [ref] */, + uint8_t *service /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *services_returned /* [out] [ref,range(0,262144)] */, uint32_t *resume_handle /* [in,out] [unique] */, WERROR *werror) { @@ -1976,9 +1976,9 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceConfig2W r; @@ -2027,9 +2027,9 @@ NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceStatusEx r; @@ -2144,12 +2144,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, uint32_t info_level /* [in] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint8_t *services /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *service_returned /* [out] [ref] */, - uint32_t *resume_handle /* [in,out] [unique] */, - const char **group_name /* [out] [ref,charset(UTF16)] */, + uint8_t *services /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *service_returned /* [out] [ref,range(0,262144)] */, + uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */, + const char *group_name /* [in] [unique,charset(UTF16)] */, WERROR *werror) { struct EnumServicesStatusExW r; @@ -2162,6 +2162,7 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, r.in.state = state; r.in.buf_size = buf_size; r.in.resume_handle = resume_handle; + r.in.group_name = group_name; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(EnumServicesStatusExW, &r); @@ -2192,7 +2193,6 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, if (resume_handle && r.out.resume_handle) { *resume_handle = *r.out.resume_handle; } - *group_name = *r.out.group_name; /* Return result */ if (werror) { diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 4e4e223243..78c9bf40d8 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -104,10 +104,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli, struct policy_handle *handle /* [in] [ref] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint32_t buf_size /* [in] */, - uint8_t *service /* [out] [size_is(buf_size)] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *services_returned /* [out] [ref] */, + uint8_t *service /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *services_returned /* [out] [ref,range(0,262144)] */, uint32_t *resume_handle /* [in,out] [unique] */, WERROR *werror); NTSTATUS rpccli_svcctl_OpenSCManagerW(struct rpc_pipe_client *cli, @@ -292,17 +292,17 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_EnumServicesStatusExA(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, @@ -323,12 +323,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, uint32_t info_level /* [in] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint8_t *services /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *service_returned /* [out] [ref] */, - uint32_t *resume_handle /* [in,out] [unique] */, - const char **group_name /* [out] [ref,charset(UTF16)] */, + uint8_t *services /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *service_returned /* [out] [ref,range(0,262144)] */, + uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */, + const char *group_name /* [in] [unique,charset(UTF16)] */, WERROR *werror); NTSTATUS rpccli_svcctl_SCSendTSMessage(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index b417ba0a5c..2bccde9ba0 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -2123,6 +2123,9 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusW(struct ndr_push *nd } } if (flags & NDR_OUT) { + if (r->out.service == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.service, r->in.buf_size)); if (r->out.bytes_needed == NULL) { @@ -2162,6 +2165,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { NDR_PULL_ALLOC(ndr, r->in.resume_handle); @@ -2174,6 +2180,8 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } + NDR_PULL_ALLOC_N(ndr, r->out.service, r->in.buf_size); + memset(r->out.service, 0, (r->in.buf_size) * sizeof(*r->out.service)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); NDR_PULL_ALLOC(ndr, r->out.services_returned); @@ -2181,7 +2189,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service)); - NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); + } NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); @@ -2189,6 +2199,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.services_returned); @@ -2196,6 +2209,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd _mem_save_services_returned_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.services_returned, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.services_returned)); + if (*r->out.services_returned < 0 || *r->out.services_returned > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_services_returned_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { @@ -2245,7 +2261,10 @@ _PUBLIC_ void ndr_print_svcctl_EnumServicesStatusW(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_EnumServicesStatusW"); ndr->depth++; + ndr_print_ptr(ndr, "service", r->out.service); + ndr->depth++; ndr_print_array_uint8(ndr, "service", r->out.service, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5333,6 +5352,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2W(struct ndr_push *n NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { + if (r->out.buffer == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5359,20 +5382,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); + memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.buffer) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5398,7 +5435,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfig2W(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfig2W"); ndr->depth++; + ndr_print_ptr(ndr, "buffer", r->out.buffer); + ndr->depth++; ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5420,6 +5460,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceStatusEx(struct ndr_push *n NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { + if (r->out.buffer == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5446,20 +5490,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); + memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.buffer) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5485,7 +5543,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceStatusEx(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceStatusEx"); ndr->depth++; + ndr_print_ptr(ndr, "buffer", r->out.buffer); + ndr->depth++; ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5716,8 +5777,19 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in if (r->in.resume_handle) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle)); } + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.group_name)); + if (r->in.group_name) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.group_name, ndr_charset_length(r->in.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } } if (flags & NDR_OUT) { + if (r->out.services == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5731,16 +5803,6 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in if (r->out.resume_handle) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle)); } - if (r->out.group_name == NULL) { - return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); - } - NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.group_name)); - if (*r->out.group_name) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16))); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16))); - NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - } NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -5755,7 +5817,6 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in TALLOC_CTX *_mem_save_service_returned_0; TALLOC_CTX *_mem_save_resume_handle_0; TALLOC_CTX *_mem_save_group_name_0; - TALLOC_CTX *_mem_save_group_name_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -5770,6 +5831,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { NDR_PULL_ALLOC(ndr, r->in.resume_handle); @@ -5780,24 +5844,51 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, 0); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle)); + if (*r->in.resume_handle < 0 || *r->in.resume_handle > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name)); + if (_ptr_group_name) { + NDR_PULL_ALLOC(ndr, r->in.group_name); + } else { + r->in.group_name = NULL; + } + if (r->in.group_name) { + _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.group_name, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.group_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.group_name)); + if (ndr_get_array_length(ndr, &r->in.group_name) > ndr_get_array_size(ndr, &r->in.group_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.group_name), ndr_get_array_length(ndr, &r->in.group_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.group_name, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, 0); + } + NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size); + memset(r->out.services, 0, (r->in.buf_size) * sizeof(*r->out.services)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); NDR_PULL_ALLOC(ndr, r->out.service_returned); ZERO_STRUCTP(r->out.service_returned); - NDR_PULL_ALLOC(ndr, r->out.group_name); - ZERO_STRUCTP(r->out.group_name); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.services)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.services, ndr_get_array_size(ndr, &r->out.services)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, ndr_get_array_size(ndr, &r->out.services))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.service_returned); @@ -5805,6 +5896,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_service_returned_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.service_returned, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.service_returned)); + if (*r->out.service_returned < 0 || *r->out.service_returned > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_returned_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { @@ -5816,33 +5910,15 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, 0); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); - } - if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->out.group_name); - } - _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.group_name, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name)); - if (_ptr_group_name) { - NDR_PULL_ALLOC(ndr, *r->out.group_name); - } else { - *r->out.group_name = NULL; - } - if (*r->out.group_name) { - _mem_save_group_name_1 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0); - NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name)); - NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name)); - if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name)); + if (*r->out.resume_handle < 0 || *r->out.resume_handle > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.services) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.services, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5871,12 +5947,21 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle); } ndr->depth--; + ndr_print_ptr(ndr, "group_name", r->in.group_name); + ndr->depth++; + if (r->in.group_name) { + ndr_print_string(ndr, "group_name", r->in.group_name); + } + ndr->depth--; ndr->depth--; } if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "EnumServicesStatusExW"); ndr->depth++; + ndr_print_ptr(ndr, "services", r->out.services); + ndr->depth++; ndr_print_array_uint8(ndr, "services", r->out.services, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5891,15 +5976,6 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle); } ndr->depth--; - ndr_print_ptr(ndr, "group_name", r->out.group_name); - ndr->depth++; - ndr_print_ptr(ndr, "group_name", *r->out.group_name); - ndr->depth++; - if (*r->out.group_name) { - ndr_print_string(ndr, "group_name", *r->out.group_name); - } - ndr->depth--; - ndr->depth--; ndr_print_WERROR(ndr, "result", r->out.result); ndr->depth--; } diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index 2349b4fd93..f37111137e 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -3445,12 +3445,6 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) } r->out.resume_handle = r->in.resume_handle; - r->out.group_name = talloc_zero(r, const char *); - if (r->out.group_name == NULL) { - talloc_free(r); - return false; - } - r->out.result = _EnumServicesStatusExW(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index 631cc2af7a..9baa122e56 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -341,14 +341,14 @@ struct svcctl_EnumServicesStatusW { struct policy_handle *handle;/* [ref] */ uint32_t type; uint32_t state; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,262144)] */ uint32_t *resume_handle;/* [unique] */ } in; struct { - uint8_t *service;/* [size_is(buf_size)] */ - uint32_t *bytes_needed;/* [ref] */ - uint32_t *services_returned;/* [ref] */ + uint8_t *service;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,262144)] */ + uint32_t *services_returned;/* [ref,range(0,262144)] */ uint32_t *resume_handle;/* [unique] */ WERROR result; } out; @@ -729,12 +729,12 @@ struct svcctl_QueryServiceConfig2W { struct { struct policy_handle *handle;/* [ref] */ uint32_t info_level; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *buffer; - uint32_t *bytes_needed;/* [ref] */ + uint8_t *buffer;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,8192)] */ WERROR result; } out; @@ -745,12 +745,12 @@ struct svcctl_QueryServiceStatusEx { struct { struct policy_handle *handle;/* [ref] */ uint32_t info_level; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *buffer; - uint32_t *bytes_needed;/* [ref] */ + uint8_t *buffer;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,8192)] */ WERROR result; } out; @@ -785,16 +785,16 @@ struct EnumServicesStatusExW { uint32_t info_level; uint32_t type; uint32_t state; - uint32_t buf_size; - uint32_t *resume_handle;/* [unique] */ + uint32_t buf_size;/* [range(0,262144)] */ + const char *group_name;/* [unique,charset(UTF16)] */ + uint32_t *resume_handle;/* [unique,range(0,262144)] */ } in; struct { - uint8_t *services; - uint32_t *bytes_needed;/* [ref] */ - uint32_t *service_returned;/* [ref] */ - const char **group_name;/* [ref,charset(UTF16)] */ - uint32_t *resume_handle;/* [unique] */ + uint8_t *services;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,262144)] */ + uint32_t *service_returned;/* [ref,range(0,262144)] */ + uint32_t *resume_handle;/* [unique,range(0,262144)] */ WERROR result; } out; -- cgit From 0cba859f12177aaf3ef2d96663f0a51f61c24d56 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Mon, 17 Nov 2008 15:23:34 +0100 Subject: s3 create-tarball.sh: Remove dashes in git commands. Newer git versions (e.g. 1.6.0.2) do not provide the 'git-' commands any longer. Karolin --- release-scripts/create-tarball | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/release-scripts/create-tarball b/release-scripts/create-tarball index 04728d835d..ab27f08222 100755 --- a/release-scripts/create-tarball +++ b/release-scripts/create-tarball @@ -137,7 +137,7 @@ function createReleaseTag return 0 fi - if [ "x`git-tag -l ${OPT_TAG}`" != "x" ]; then + if [ "x`git tag -l ${OPT_TAG}`" != "x" ]; then echo -n "Tag exists. Do you wish to overwrite? (y/N): " read answer @@ -155,7 +155,7 @@ function createReleaseTag fi fi - git-tag -u ${OPT_KEYID} ${OPT_TAG} + git tag -u ${OPT_KEYID} ${OPT_TAG} exitOnError $? "Failed to create tag" return 0 @@ -170,7 +170,7 @@ function main cd $TOPDIR - git-checkout ${OPT_BRANCH} + git checkout ${OPT_BRANCH} exitOnError $? "Invalid branch name \"${OPT_BRANCH}\"" (cd source3 && ./script/mkversion.sh) @@ -188,7 +188,7 @@ function main echo "Creating release tarball for Samba $version" /bin/rm -rf ../samba-${version} - git-archive --format=tar --prefix=samba-${version}/ HEAD | (cd .. && tar xf -) + git archive --format=tar --prefix=samba-${version}/ HEAD | (cd .. && tar xf -) exitOnError $? "Failed to create release directory tree" pushd ../samba-${version} -- cgit From 0b1015d73edd437fdc85dd765e59cb5ae232afac Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 17 Nov 2008 10:21:29 -0800 Subject: Fix build warning introduced by making SERVICE_CONTROL an enum --- source3/rpc_server/srv_svcctl_nt.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 4beab6488b..0bed13e522 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -517,11 +517,9 @@ WERROR _svcctl_ControlService(pipes_struct *p, return info->ops->service_status( info->name, r->out.service_status ); + default: + return WERR_ACCESS_DENIED; } - - /* default control action */ - - return WERR_ACCESS_DENIED; } /******************************************************************** -- cgit From a48abdaa811c76e64a3383fe970e62b7bbb3582c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 18:25:01 +0100 Subject: s3-libnet-samsync: use enctype 23 for vampired keytab entries. Guenther --- source3/libnet/libnet_samsync_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 4b0cc06d94..0341641a4c 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -90,7 +90,7 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, ctx->dns_domain_name); entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16); entry.kvno = ads_get_kvno(ctx->ads, entry.name); - entry.enctype = ENCTYPE_NULL; + entry.enctype = ENCTYPE_ARCFOUR_HMAC; NT_STATUS_HAVE_NO_MEMORY(entry.name); NT_STATUS_HAVE_NO_MEMORY(entry.principal); -- cgit From d8df43e65d507710de72c6743f43127ad14019fc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 17 Nov 2008 14:13:20 -0800 Subject: Fix bug #5900 reported by monyo@samba.gr.jp - vfs_readonly.so does not work. Jeremy. --- source3/include/proto.h | 3 ++- source3/modules/vfs_readonly.c | 13 +++++++++++++ source3/smbd/share_access.c | 6 ++++-- source3/smbd/uid.c | 3 ++- 4 files changed, 21 insertions(+), 4 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 5f9203a21f..33425849d1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8459,7 +8459,8 @@ bool user_ok_token(const char *username, const char *domain, struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + struct nt_user_token *token, + connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source3/modules/vfs_readonly.c b/source3/modules/vfs_readonly.c index d4ddf32e3a..58c83e5e1b 100644 --- a/source3/modules/vfs_readonly.c +++ b/source3/modules/vfs_readonly.c @@ -64,12 +64,25 @@ static int readonly_connect(vfs_handle_struct *handle, "period", period_def); if (period && period[0] && period[1]) { + int i; time_t current_time = time(NULL); time_t begin_period = get_date(period[0], ¤t_time); time_t end_period = get_date(period[1], ¤t_time); if ((current_time >= begin_period) && (current_time <= end_period)) { + connection_struct *conn = handle->conn; + handle->conn->read_only = True; + + /* Wipe out the VUID cache. */ + for (i=0; i< VUID_CACHE_SIZE; i++) { + struct vuid_cache_entry *ent = ent = &conn->vuid_cache.array[i]; + ent->vuid = UID_FIELD_INVALID; + TALLOC_FREE(ent->server_info); + ent->read_only = false; + ent->admin_user = false; + } + conn->vuid_cache.next_entry = 0; } return SMB_VFS_NEXT_CONNECT(handle, service, user); diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index f5f79c86e5..9dbacc2998 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -252,9 +252,11 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + struct nt_user_token *token, + connection_struct *conn) { - bool result = lp_readonly(snum); + int snum = SNUM(conn); + bool result = conn->read_only; if (lp_readlist(snum) != NULL) { if (token_contains_name_in_list(username, domain, diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 045de6f2d3..c238f40cfd 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -88,7 +88,8 @@ static bool check_user_ok(connection_struct *conn, uint16_t vuid, readonly_share = is_share_read_only_for_token( server_info->unix_name, pdb_get_domain(server_info->sam_account), - server_info->ptok, snum); + server_info->ptok, + conn); if (!readonly_share && !share_access_check(server_info->ptok, lp_servicename(snum), -- cgit From 9ea794417e8bad3da4236f4071a0d8a23612ac8a Mon Sep 17 00:00:00 2001 From: Davide Sfriso Date: Mon, 17 Nov 2008 15:38:56 -0800 Subject: Fix bug #5906 when running winbindd on a Samba PDC. Winbindd crash on 'getent group' Jeremy. --- source3/winbindd/winbindd_passdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 0cf4540cfe..101854ae94 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -639,13 +639,13 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, sid_type_lookup(lsa_names[i].type))); continue; } - if (!((*names)[i] = talloc_strdup((*names), + if (!((*names)[num_mapped] = talloc_strdup((*names), lsa_names[i].name))) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - (*name_types)[i] = lsa_names[i].type; + (*name_types)[num_mapped] = lsa_names[i].type; num_mapped += 1; } -- cgit From ab55ecb881bfabe427ecb874d2dff2b5c2a7e84a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Tue, 18 Nov 2008 01:35:10 +0100 Subject: Explicitly include samba4 includes.h to fix the build. --- lib/torture/torture.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/torture/torture.c b/lib/torture/torture.c index 6b2a5b1061..0ef5f612e6 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -18,7 +18,7 @@ along with this program. If not, see . */ -#include "includes.h" +#include "source4/include/includes.h" #include "../torture/torture.h" #include "../lib/util/dlinklist.h" #include "param/param.h" -- cgit From 1a48107cc4667f22b05fdfce952f9dcdcfaa0c7a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 15:49:27 +0100 Subject: s3-libnet-samsync: add support for partial replication. Guenther --- source3/libnet/libnet_samsync.c | 119 ++++++++++++++++++++++++++++++++++++---- source3/libnet/libnet_samsync.h | 17 ++++++ 2 files changed, 124 insertions(+), 12 deletions(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 00caf2b8c1..2e7063e4ea 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -282,8 +282,58 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, * libnet_samsync */ -NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, - struct samsync_context *ctx) +void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, + struct netr_ChangeLogEntry *e) +{ + ZERO_STRUCTP(e); + + e->db_index = o->database_id; + e->delta_type = o->object_type; + + switch (e->delta_type) { + case NETR_DELTA_DOMAIN: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_DELETE_ALIAS: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_TRUST: + case NETR_DELTA_DELETE_ACCOUNT: + case NETR_DELTA_DELETE_SECRET: + case NETR_DELTA_DELETE_GROUP2: + case NETR_DELTA_DELETE_USER2: + case NETR_DELTA_MODIFY_COUNT: + break; + case NETR_DELTA_USER: + case NETR_DELTA_GROUP: + case NETR_DELTA_GROUP_MEMBER: + case NETR_DELTA_ALIAS: + case NETR_DELTA_ALIAS_MEMBER: + e->object_rid = o->object_identifier.rid; + break; + case NETR_DELTA_SECRET: + e->object.object_name = o->object_identifier.name; + e->flags = NETR_CHANGELOG_NAME_INCLUDED; + break; + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_POLICY: + e->object.object_sid = o->object_identifier.sid; + e->flags = NETR_CHANGELOG_SID_INCLUDED; + break; + default: + break; + } +} + +/** + * libnet_samsync_delta + */ + +static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, + struct samsync_context *ctx, + struct netr_ChangeLogEntry *e) { NTSTATUS result; TALLOC_CTX *mem_ctx; @@ -313,16 +363,28 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, netlogon_creds_client_step(ctx->cli->dc, &credential); - result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, - logon_server, - computername, - &credential, - &return_authenticator, - database_id, - restart_state, - &sync_context, - &delta_enum_array, - 0xffff); + if (ctx->single_object_replication) { + result = rpccli_netr_DatabaseRedo(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + *e, + 0, + &delta_enum_array); + } else { + result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + } + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { return result; } @@ -383,6 +445,39 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, return result; } +/** + * libnet_samsync + */ + +NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, + struct samsync_context *ctx) +{ + NTSTATUS status = NT_STATUS_OK; + int i = 0; + + if (!ctx->single_object_replication) { + return libnet_samsync_delta(database_id, ctx, NULL); + } + + for (i=0; inum_objects; i++) { + + struct netr_ChangeLogEntry e; + + if (ctx->objects[i].database_id != database_id) { + continue; + } + + libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e); + + status = libnet_samsync_delta(database_id, ctx, &e); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return status; +} + /** * pull_netr_AcctLockStr */ diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 1f10d2c1c0..4a356e2eed 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -33,6 +33,16 @@ typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, bool, struct samsync_context *); +struct samsync_object { + uint16_t database_id; + uint16_t object_type; + union { + uint32_t rid; + const char *name; + struct dom_sid sid; + } object_identifier; +}; + struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; @@ -46,6 +56,13 @@ struct samsync_context { char *result_message; char *error_message; + bool single_object_replication; + bool force_full_replication; + bool clean_old_entries; + + uint32_t num_objects; + struct samsync_object *objects; + struct rpc_pipe_client *cli; samsync_delta_fn_t delta_fn; void *private_data; -- cgit From 2ac4b434302ad5e9c105a709fe02431f17a0fecc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 16:25:40 +0100 Subject: s3-net-vampire: add support for partial replication (individual deltas). Guenther --- source3/utils/net_rpc_samsync.c | 109 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 73e6dd03cb..9fab949130 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -26,6 +26,81 @@ #include "includes.h" #include "utils/net.h" +static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx, + int argc, + const char **argv, + bool *do_single_object_replication, + struct samsync_object **objects, + uint32_t *num_objects) +{ + int i; + + if (argc > 0) { + *do_single_object_replication = true; + } + + for (i=0; iis_dc = (info.basic.role & (DS_ROLE_PRIMARY_DC|DS_ROLE_BACKUP_DC)); + dc_info->is_pdc = (info.basic.role & DS_ROLE_PRIMARY_DC); + dc_info->is_ad = (info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING); + dc_info->is_mixed_mode = (info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE); + dc_info->netbios_domain_name = talloc_strdup(mem_ctx, info.basic.domain); + dc_info->dns_domain_name = talloc_strdup(mem_ctx, info.basic.dns_domain); + dc_info->forest_name = talloc_strdup(mem_ctx, info.basic.forest); + + return NT_STATUS_OK; +} -- cgit From 4be8d9cca011cc090e19b2b43b59455d7e6a4b89 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 19:00:26 +0100 Subject: s3-net: use net_scan_dc in net rpc vampire keytab. Guenther --- source3/utils/net_rpc_samsync.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9fab949130..22c6d25402 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -457,6 +457,9 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) { int ret = 0; + NTSTATUS status; + struct cli_state *cli = NULL; + struct net_dc_info dc_info; if (c->display_usage || (argc < 1)) { d_printf("Usage:\n" @@ -465,14 +468,30 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) return 0; } - ret = run_rpc_command(c, NULL, &ndr_table_drsuapi.syntax_id, - NET_FLAGS_SEAL, - rpc_vampire_keytab_ds_internals, argc, argv); - if (ret == 0) { - return 0; + status = net_make_ipc_connection(c, 0, &cli); + if (!NT_STATUS_IS_OK(status)) { + return -1; } - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, - rpc_vampire_keytab_internals, - argc, argv); + status = net_scan_dc(c, cli, &dc_info); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + if (!dc_info.is_ad) { + printf("DC is not running Active Directory\n"); + return -1; + } + + if (dc_info.is_mixed_mode) { + ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_keytab_internals, argc, argv); + } else { + ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id, + NET_FLAGS_SEAL, + rpc_vampire_keytab_ds_internals, argc, argv); + } + + return ret; } -- cgit From 9f86dd715a3d79d17c9366293f0dccdf95cc31ba Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 13:25:50 +0100 Subject: s3-net: add "net rpc vampire passdb" that allows to take arguments. Guenther --- source3/utils/net_proto.h | 1 + source3/utils/net_rpc.c | 8 ++++++++ source3/utils/net_rpc_samsync.c | 13 +++++++++++++ 3 files changed, 22 insertions(+) diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 128f88b0d3..c058a0166f 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -359,6 +359,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, TALLOC_CTX *mem_ctx, int argc, const char **argv); +int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv); int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv); NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, const DOM_SID *domain_sid, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 10f2a324a3..8c79cea021 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6370,6 +6370,14 @@ static int rpc_vampire(struct net_context *c, int argc, const char **argv) "net rpc vampire keytab\n" " Dump remote SAM database to Kerberos keytab file" }, + { + "passdb", + rpc_vampire_passdb, + NET_TRANSPORT_RPC, + "Dump remote SAM database to passdb", + "net rpc vampire passdb\n" + " Dump remote SAM database to passdb" + }, {NULL, NULL, 0, NULL, NULL} }; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 22c6d25402..3b97718634 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -248,6 +248,19 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, return result; } +int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv) +{ + if (c->display_usage) { + d_printf("Usage:\n" + "net rpc vampire passdb\n" + " Dump remote SAM database to passdb\n"); + return 0; + } + + return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, + rpc_vampire_internals, argc, argv); +} + NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, const DOM_SID *domain_sid, const char *domain_name, -- cgit From 0861a7122e5772d4a987afb3e77baa2faa99fb32 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 01:16:53 +0100 Subject: s3-libnet: move add_to_keytab_entries to libnet_keytab. Guenther --- source3/libnet/libnet_dssync_keytab.c | 111 ++++++++++++--------------------- source3/libnet/libnet_keytab.c | 33 ++++++++++ source3/libnet/libnet_proto.h | 7 +++ source3/libnet/libnet_samsync_keytab.c | 29 +++++---- 4 files changed, 93 insertions(+), 87 deletions(-) diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 6a3139d6ad..a05bfdcbe2 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -24,39 +24,6 @@ #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) -/** - * Internal helper function to add data to the list - * of keytab entries. It builds the prefix from the input. - */ -static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, - struct libnet_keytab_context *ctx, - uint32_t kvno, - const char *name, - const char *prefix, - const krb5_enctype enctype, - DATA_BLOB blob) -{ - struct libnet_keytab_entry entry; - - entry.kvno = kvno; - entry.name = talloc_strdup(mem_ctx, name); - entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s", - prefix ? prefix : "", - prefix ? "/" : "", - name, ctx->dns_domain_name); - entry.enctype = enctype; - entry.password = blob; - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); - NT_STATUS_HAVE_NO_MEMORY(ctx->entries); - - return NT_STATUS_OK; -} - static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob **pold_utdv) { @@ -134,10 +101,10 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, goto done; } - status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, - ctx->nc_dn, "UTDV", - ENCTYPE_NULL, - blob); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0, + ctx->nc_dn, "UTDV", + ENCTYPE_NULL, + blob); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -391,11 +358,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } if (name) { - status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, - "SAMACCOUNTNAME", - ENCTYPE_NULL, - data_blob_talloc(mem_ctx, name, - strlen(name) + 1)); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, + "SAMACCOUNTNAME", + ENCTYPE_NULL, + data_blob_talloc(mem_ctx, name, + strlen(name) + 1)); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -454,9 +421,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUGADD(1,("\n")); - status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, - ENCTYPE_ARCFOUR_HMAC, - data_blob_talloc(mem_ctx, nt_passwd, 16)); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, + ENCTYPE_ARCFOUR_HMAC, + data_blob_talloc(mem_ctx, nt_passwd, 16)); if (!NT_STATUS_IS_OK(status)) { return status; @@ -469,11 +436,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno, - name, - NULL, - pkb4->keys[i].keytype, - *pkb4->keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, + name, + NULL, + pkb4->keys[i].keytype, + *pkb4->keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -482,11 +449,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->old_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, - name, - NULL, - pkb4->old_keys[i].keytype, - *pkb4->old_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb4->old_keys[i].keytype, + *pkb4->old_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -495,11 +462,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->older_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 2, - name, - NULL, - pkb4->older_keys[i].keytype, - *pkb4->older_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 2, + name, + NULL, + pkb4->older_keys[i].keytype, + *pkb4->older_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -511,10 +478,10 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb3->keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, - NULL, - pkb3->keys[i].keytype, - *pkb3->keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, + NULL, + pkb3->keys[i].keytype, + *pkb3->keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -523,11 +490,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb3->old_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, - name, - NULL, - pkb3->old_keys[i].keytype, - *pkb3->old_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb3->old_keys[i].keytype, + *pkb3->old_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -549,9 +516,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } for (; idns_domain_name); + entry.enctype = enctype; + entry.password = blob; + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, + &ctx->entries, &ctx->count); + NT_STATUS_HAVE_NO_MEMORY(ctx->entries); + + return NT_STATUS_OK; +} + #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 69a16c1c7d..9a193b724d 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,6 +55,13 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const krb5_enctype enctype, TALLOC_CTX *mem_ctx); +NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx, + struct libnet_keytab_context *ctx, + uint32_t kvno, + const char *name, + const char *prefix, + const krb5_enctype enctype, + DATA_BLOB blob); #endif /* The following definitions come from libnet/libnet_samsync.c */ diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 0341641a4c..5c17d010aa 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -78,27 +78,26 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, bool last_query, struct libnet_keytab_context *ctx) { - struct libnet_keytab_entry entry; + NTSTATUS status; + uint32_t kvno = 0; + DATA_BLOB blob; if (memcmp(r->ntpassword.hash, ctx->zero_buf, 16) == 0) { return NT_STATUS_OK; } - entry.name = talloc_strdup(mem_ctx, r->account_name.string); - entry.principal = talloc_asprintf(mem_ctx, "%s@%s", - r->account_name.string, - ctx->dns_domain_name); - entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16); - entry.kvno = ads_get_kvno(ctx->ads, entry.name); - entry.enctype = ENCTYPE_ARCFOUR_HMAC; - - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - + kvno = ads_get_kvno(ctx->ads, r->account_name.string); + blob = data_blob_const(r->ntpassword.hash, 16); - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, + kvno, + r->account_name.string, + NULL, + ENCTYPE_ARCFOUR_HMAC, + blob); + if (!NT_STATUS_IS_OK(status)) { + return status; + } return NT_STATUS_OK; } -- cgit From 10572d1bf46da4e5dce2e9744778d8cffa312cb0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:28:34 +0100 Subject: s3-libnet-samsync: add samsync_ops. Guenther --- source3/libnet/libnet_samsync.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 4a356e2eed..42bf8d1537 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -32,6 +32,21 @@ typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, struct netr_DELTA_ENUM_ARRAY *, bool, struct samsync_context *); +struct samsync_ops { + NTSTATUS (*startup)(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID id, + uint64_t *sequence_num); + NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID id, + struct netr_DELTA_ENUM_ARRAY *array, + bool last_query, + struct samsync_context *ctx); + NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID id, + uint64_t sequence_num); +}; struct samsync_object { uint16_t database_id; @@ -64,6 +79,9 @@ struct samsync_context { struct samsync_object *objects; struct rpc_pipe_client *cli; + + const struct samsync_ops *ops; + samsync_delta_fn_t delta_fn; void *private_data; }; -- cgit From d10293dfdc1c2aded1305191161dbd31521557bf Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:29:11 +0100 Subject: s3-libnet-samsync: add samsync_ops to all samsync modules. Guenther --- source3/libnet/libnet_samsync.h | 5 +++++ source3/libnet/libnet_samsync_display.c | 4 ++++ source3/libnet/libnet_samsync_keytab.c | 4 ++++ source3/libnet/libnet_samsync_ldif.c | 4 ++++ source3/libnet/libnet_samsync_passdb.c | 4 ++++ 5 files changed, 21 insertions(+) diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 42bf8d1537..2f0f049fb9 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -86,6 +86,11 @@ struct samsync_context { void *private_data; }; +extern const struct samsync_ops libnet_samsync_ldif_ops; +extern const struct samsync_ops libnet_samsync_keytab_ops; +extern const struct samsync_ops libnet_samsync_display_ops; +extern const struct samsync_ops libnet_samsync_passdb_ops; + NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 1dd9a1add5..5a0c3088cf 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -300,3 +300,7 @@ NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +const struct samsync_ops libnet_samsync_display_ops = { + .process_objects = display_sam_entries, +}; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 5c17d010aa..b68d70145c 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -188,3 +188,7 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, } #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ + +const struct samsync_ops libnet_samsync_keytab_ops = { + .process_objects = fetch_sam_entries_keytab, +}; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index dd5380b6b8..245ebe0b9f 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1226,3 +1226,7 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, } #endif + +const struct samsync_ops libnet_samsync_ldif_ops = { + .process_objects = fetch_sam_entries_ldif, +}; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 7ace77cace..6e068e0f41 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -786,3 +786,7 @@ NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +const struct samsync_ops libnet_samsync_passdb_ops = { + .process_objects = fetch_sam_entries, +}; -- cgit From eef8de5c887e013f5b05742a74fbb130596c62d3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:31:59 +0100 Subject: s3-libnet-samsync: use samsync_ops. Guenther --- source3/libnet/libnet_samsync.c | 7 ++++--- source3/libnet/libnet_samsync.h | 27 --------------------------- source3/libnet/libnet_samsync_display.c | 10 +++++----- source3/libnet/libnet_samsync_keytab.c | 20 ++++++++++---------- source3/libnet/libnet_samsync_ldif.c | 20 ++++++++++---------- source3/libnet/libnet_samsync_passdb.c | 10 +++++----- source3/utils/net_rpc_samsync.c | 8 ++++---- 7 files changed, 38 insertions(+), 64 deletions(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 2e7063e4ea..e57c2a5e11 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -408,9 +408,10 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, delta_enum_array); /* Process results */ - callback_status = ctx->delta_fn(mem_ctx, database_id, - delta_enum_array, - NT_STATUS_IS_OK(result), ctx); + callback_status = ctx->ops->process_objects(mem_ctx, database_id, + delta_enum_array, + NT_STATUS_IS_OK(result), + ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; goto out; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 2f0f049fb9..23a3746fc9 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -27,11 +27,6 @@ enum net_samsync_mode { struct samsync_context; -typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, - enum netr_SamDatabaseID, - struct netr_DELTA_ENUM_ARRAY *, - bool, - struct samsync_context *); struct samsync_ops { NTSTATUS (*startup)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, @@ -82,7 +77,6 @@ struct samsync_context { const struct samsync_ops *ops; - samsync_delta_fn_t delta_fn; void *private_data; }; @@ -90,24 +84,3 @@ extern const struct samsync_ops libnet_samsync_ldif_ops; extern const struct samsync_ops libnet_samsync_keytab_ops; extern const struct samsync_ops libnet_samsync_display_ops; extern const struct samsync_ops libnet_samsync_passdb_ops; - -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 5a0c3088cf..5fdf327b74 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -285,11 +285,11 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { int i; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index b68d70145c..679f9df480 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -105,11 +105,11 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; @@ -178,11 +178,11 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, #else -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 245ebe0b9f..7f794e7d8c 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1156,11 +1156,11 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { NTSTATUS status; int i; @@ -1216,11 +1216,11 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, #else /* HAVE_LDAP */ -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 6e068e0f41..10c7ff110f 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -772,11 +772,11 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { int i; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3b97718634..6b23db74cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -123,7 +123,7 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_DUMP; ctx->cli = pipe_hnd; - ctx->delta_fn = display_sam_entries; + ctx->ops = &libnet_samsync_display_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -206,7 +206,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries; + ctx->ops = &libnet_samsync_passdb_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -292,7 +292,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries_ldif; + ctx->ops = &libnet_samsync_ldif_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -377,7 +377,7 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries_keytab; + ctx->ops = &libnet_samsync_keytab_ops; ctx->domain_name = domain_name; ctx->username = c->opt_user_name; ctx->password = c->opt_password; -- cgit From 677921b9a3176c3feb9f07b8a0ed9e887c3c46fc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 17:14:19 +0100 Subject: s3-libnet-samsync: call init and close ops function where appropriate. Guenther --- source3/libnet/libnet_samsync.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index e57c2a5e11..ab7ca21bda 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -336,6 +336,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, struct netr_ChangeLogEntry *e) { NTSTATUS result; + NTSTATUS callback_status; TALLOC_CTX *mem_ctx; const char *logon_server = ctx->cli->desthost; const char *computername = global_myname(); @@ -345,13 +346,26 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, uint32_t sync_context = 0; const char *debug_str; DATA_BLOB session_key; + uint64_t sequence_num = 0; ZERO_STRUCT(return_authenticator); + if (!ctx->ops) { + return NT_STATUS_INVALID_PARAMETER; + } + if (!(mem_ctx = talloc_init("libnet_samsync"))) { return NT_STATUS_NO_MEMORY; } + if (ctx->ops->startup) { + result = ctx->ops->startup(mem_ctx, ctx, + database_id, &sequence_num); + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + } + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); if (debug_str) { d_fprintf(stderr, "%s\n", debug_str); @@ -359,7 +373,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - NTSTATUS callback_status; netlogon_creds_client_step(ctx->cli->dc, &credential); @@ -425,6 +438,15 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); out: + + if (NT_STATUS_IS_OK(result) && ctx->ops->finish) { + callback_status = ctx->ops->finish(mem_ctx, ctx, + database_id, sequence_num); + if (!NT_STATUS_IS_OK(callback_status)) { + result = callback_status; + } + } + if (NT_STATUS_IS_ERR(result) && !ctx->error_message) { ctx->error_message = talloc_asprintf(ctx, -- cgit From 8c671597550d4fde385f6ef011dfdc7b3695f9f4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 19:34:56 +0100 Subject: s3-libnet-samsync: move all modules to startup,process,finish callbacks. Guenther --- source3/libnet/libnet_samsync.c | 1 - source3/libnet/libnet_samsync.h | 1 - source3/libnet/libnet_samsync_display.c | 4 +- source3/libnet/libnet_samsync_keytab.c | 112 ++++++++++++++++++++++---------- source3/libnet/libnet_samsync_ldif.c | 105 +++++++++++++++++++++--------- source3/libnet/libnet_samsync_passdb.c | 1 - 6 files changed, 153 insertions(+), 71 deletions(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index ab7ca21bda..ff2ba951bf 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -423,7 +423,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, - NT_STATUS_IS_OK(result), ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 23a3746fc9..cbd35fa327 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -35,7 +35,6 @@ struct samsync_ops { NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID id, struct netr_DELTA_ENUM_ARRAY *array, - bool last_query, struct samsync_context *ctx); NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 5fdf327b74..675fcd5a0d 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -163,7 +163,6 @@ static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, - bool last_query, struct samsync_context *ctx) { union netr_DELTA_UNION u = r->delta_union; @@ -288,14 +287,13 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { int i; for (i = 0; i < r->num_deltas; i++) { display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], - last_query, ctx); + ctx); } return NT_STATUS_OK; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 679f9df480..4ec03af886 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -75,7 +75,6 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, uint32_t rid, struct netr_DELTA_USER *r, - bool last_query, struct libnet_keytab_context *ctx) { NTSTATUS status; @@ -105,35 +104,50 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) { - NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; - static struct libnet_keytab_context *keytab_ctx = NULL; - int i; + NTSTATUS status; + struct libnet_keytab_context *keytab_ctx; - if (!keytab_ctx) { - ret = libnet_keytab_init(mem_ctx, ctx->output_filename, - &keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - goto out; - } + ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); + if (ret) { + return krb5_to_nt_status(ret); } + keytab_ctx->clean_old_entries = ctx->clean_old_entries; + ctx->private_data = keytab_ctx; + status = keytab_ad_connect(mem_ctx, ctx->domain_name, ctx->username, ctx->password, keytab_ctx); if (!NT_STATUS_IS_OK(status)) { - goto out; + TALLOC_FREE(keytab_ctx); + return status; } + return status; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + struct samsync_context *ctx) +{ + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; + + NTSTATUS status = NT_STATUS_OK; + int i; + for (i = 0; i < r->num_deltas; i++) { if (r->delta_enum[i].delta_type != NETR_DELTA_USER) { @@ -143,52 +157,78 @@ static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, status = fetch_sam_entry_keytab(mem_ctx, database_id, r->delta_enum[i].delta_id_union.rid, r->delta_enum[i].delta_union.user, - last_query, keytab_ctx); if (!NT_STATUS_IS_OK(status)) { goto out; } } + out: + return status; +} - if (last_query) { - - ret = libnet_keytab_add(keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to add entries to keytab %s: %s", - keytab_ctx->keytab_name, error_message(ret)); - goto out; - } +/**************************************************************** +****************************************************************/ - ctx->result_message = talloc_asprintf(mem_ctx, - "Vampired %d accounts to keytab %s", - keytab_ctx->count, - keytab_ctx->keytab_name); +static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; + krb5_error_code ret; + NTSTATUS status; + ret = libnet_keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); TALLOC_FREE(keytab_ctx); + return status; } - return NT_STATUS_OK; - out: + ctx->result_message = talloc_asprintf(ctx, + "Vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + TALLOC_FREE(keytab_ctx); - return status; + return NT_STATUS_OK; } #else +static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } +static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ const struct samsync_ops libnet_samsync_keytab_ops = { + .startup = init_keytab, .process_objects = fetch_sam_entries_keytab, + .finish = close_keytab }; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 7f794e7d8c..495a828749 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -32,6 +32,10 @@ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; +/* global counters */ +static uint32_t g_index = 0; +static uint32_t a_index = 0; + /* Structure for mapping accounts to groups */ /* Array element is the group rid */ typedef struct _groupmap { @@ -1046,8 +1050,8 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, struct samsync_context *ctx, - uint32_t *a_index, - uint32_t *g_index) + uint32_t *a_index_p, + uint32_t *g_index_p) { union netr_DELTA_UNION u = r->delta_union; union netr_DELTA_ID_UNION id = r->delta_id_union; @@ -1061,34 +1065,34 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, case NETR_DELTA_GROUP: fetch_group_info_to_ldif(mem_ctx, u.group, - &l->groupmap[*g_index], + &l->groupmap[*g_index_p], l->add_file, ctx->domain_sid_str, l->suffix); - (*g_index)++; + (*g_index_p)++; break; case NETR_DELTA_USER: fetch_account_info_to_ldif(mem_ctx, u.user, l->groupmap, - &l->accountmap[*a_index], + &l->accountmap[*a_index_p], l->add_file, ctx->domain_sid_str, l->suffix, l->num_alloced); - (*a_index)++; + (*a_index_p)++; break; case NETR_DELTA_ALIAS: fetch_alias_info_to_ldif(mem_ctx, u.alias, - &l->groupmap[*g_index], + &l->groupmap[*g_index_p], l->add_file, ctx->domain_sid_str, l->suffix, database_id); - (*g_index)++; + (*g_index_p)++; break; case NETR_DELTA_GROUP_MEMBER: @@ -1156,15 +1160,12 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) { NTSTATUS status; - int i; - uint32_t g_index = 0, a_index = 0; struct samsync_ldif_context *ldif_ctx = (struct samsync_ldif_context *)ctx->private_data; @@ -1174,11 +1175,27 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, ctx->domain_sid_str, &ldif_ctx); if (!NT_STATUS_IS_OK(status)) { - goto failed; + return status; } ctx->private_data = ldif_ctx; + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + struct samsync_context *ctx) +{ + NTSTATUS status; + int i; + struct samsync_ldif_context *ldif_ctx = + (struct samsync_ldif_context *)ctx->private_data; + status = ldif_realloc_maps(mem_ctx, ldif_ctx, r->num_deltas); if (!NT_STATUS_IS_OK(status)) { goto failed; @@ -1193,18 +1210,6 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, } } - /* This was the last query */ - if (last_query) { - ldif_write_output(database_id, ldif_ctx); - if (ldif_ctx->ldif_file != stdout) { - ctx->result_message = talloc_asprintf(mem_ctx, - "Vampired %d accounts and %d groups to %s", - a_index, g_index, ctx->output_filename); - } - ldif_free_context(ldif_ctx); - ctx->private_data = NULL; - } - return NT_STATUS_OK; failed: @@ -1214,19 +1219,61 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, return status; } +/**************************************************************** +****************************************************************/ + +static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + struct samsync_ldif_context *ldif_ctx = + (struct samsync_ldif_context *)ctx->private_data; + + /* This was the last query */ + ldif_write_output(database_id, ldif_ctx); + if (ldif_ctx->ldif_file != stdout) { + ctx->result_message = talloc_asprintf(ctx, + "Vampired %d accounts and %d groups to %s", + a_index, g_index, ctx->output_filename); + } + + ldif_free_context(ldif_ctx); + ctx->private_data = NULL; + + return NT_STATUS_OK; +} + #else /* HAVE_LDAP */ +static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } +static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + #endif const struct samsync_ops libnet_samsync_ldif_ops = { + .startup = init_ldif, .process_objects = fetch_sam_entries_ldif, + .finish = close_ldif, }; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 10c7ff110f..08c8190d41 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -775,7 +775,6 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { int i; -- cgit From 90513515096f0b82d3e9d1cb23df73aa26f267a8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 02:01:03 +0100 Subject: s3-libnet-samsync: pass sequence number pointer to process routine. Guenther --- source3/libnet/libnet_samsync.c | 1 + source3/libnet/libnet_samsync.h | 1 + source3/libnet/libnet_samsync_display.c | 1 + source3/libnet/libnet_samsync_keytab.c | 2 ++ source3/libnet/libnet_samsync_ldif.c | 2 ++ source3/libnet/libnet_samsync_passdb.c | 1 + 6 files changed, 8 insertions(+) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index ff2ba951bf..43891ce829 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -423,6 +423,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, + &sequence_num, ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index cbd35fa327..3a686a7f45 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -35,6 +35,7 @@ struct samsync_ops { NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID id, struct netr_DELTA_ENUM_ARRAY *array, + uint64_t *sequence_num, struct samsync_context *ctx); NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 675fcd5a0d..c8d9ec6f09 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -287,6 +287,7 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { int i; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 4ec03af886..7eeae3a1a0 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -140,6 +140,7 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { struct libnet_keytab_context *keytab_ctx = @@ -212,6 +213,7 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 495a828749..c72eadf03f 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1189,6 +1189,7 @@ static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { NTSTATUS status; @@ -1257,6 +1258,7 @@ static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 08c8190d41..388b10a0fa 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -775,6 +775,7 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { int i; -- cgit From 6aaf220f9e20815a32d166c1c5953e41152e1c99 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 03:45:38 +0100 Subject: s3-libnet-samsync: use netr_DatabaseDeltas unless full replication enforced. Guenther --- source3/libnet/libnet_samsync.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 43891ce829..5711b231c7 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -376,7 +376,8 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, netlogon_creds_client_step(ctx->cli->dc, &credential); - if (ctx->single_object_replication) { + if (ctx->single_object_replication && + !ctx->force_full_replication) { result = rpccli_netr_DatabaseRedo(ctx->cli, mem_ctx, logon_server, computername, @@ -385,6 +386,16 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, *e, 0, &delta_enum_array); + } else if (!ctx->force_full_replication && (sequence_num > 0)) { + result = rpccli_netr_DatabaseDeltas(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + &sequence_num, + &delta_enum_array, + 0xffff); } else { result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, logon_server, -- cgit From a079c500a6491aa2e2e9fed265096ebee7de1c8b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:42:59 +0100 Subject: s3-libnet-samsync: pass back sequence number from fetch_sam_entries_keytab. Guenther --- source3/libnet/libnet_samsync_keytab.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 7eeae3a1a0..7bafad9b0b 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -151,7 +151,22 @@ static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, for (i = 0; i < r->num_deltas; i++) { - if (r->delta_enum[i].delta_type != NETR_DELTA_USER) { + switch (r->delta_enum[i].delta_type) { + case NETR_DELTA_USER: + break; + case NETR_DELTA_DOMAIN: + if (sequence_num) { + *sequence_num = + r->delta_enum[i].delta_union.domain->sequence_num; + } + continue; + case NETR_DELTA_MODIFY_COUNT: + if (sequence_num) { + *sequence_num = + *r->delta_enum[i].delta_union.modified_count; + } + continue; + default: continue; } -- cgit From b8769141e65dd640b9ab4fca409579ec8fcfe8f7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:49:37 +0100 Subject: s3-libnet-samsync: refactor libnet_samsync. Guenther --- source3/libnet/libnet_samsync.c | 123 +++++++++++++++++++++------------------- 1 file changed, 66 insertions(+), 57 deletions(-) diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 5711b231c7..4351810169 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -331,46 +331,24 @@ void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, * libnet_samsync_delta */ -static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, +static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num, struct samsync_context *ctx, struct netr_ChangeLogEntry *e) { NTSTATUS result; NTSTATUS callback_status; - TALLOC_CTX *mem_ctx; const char *logon_server = ctx->cli->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; uint16_t restart_state = 0; uint32_t sync_context = 0; - const char *debug_str; DATA_BLOB session_key; - uint64_t sequence_num = 0; ZERO_STRUCT(return_authenticator); - if (!ctx->ops) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (!(mem_ctx = talloc_init("libnet_samsync"))) { - return NT_STATUS_NO_MEMORY; - } - - if (ctx->ops->startup) { - result = ctx->ops->startup(mem_ctx, ctx, - database_id, &sequence_num); - if (!NT_STATUS_IS_OK(result)) { - goto out; - } - } - - debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); - if (debug_str) { - d_fprintf(stderr, "%s\n", debug_str); - } - do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; @@ -386,14 +364,15 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, *e, 0, &delta_enum_array); - } else if (!ctx->force_full_replication && (sequence_num > 0)) { + } else if (!ctx->force_full_replication && + sequence_num && (*sequence_num > 0)) { result = rpccli_netr_DatabaseDeltas(ctx->cli, mem_ctx, logon_server, computername, &credential, &return_authenticator, database_id, - &sequence_num, + sequence_num, &delta_enum_array, 0xffff); } else { @@ -434,7 +413,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, - &sequence_num, + sequence_num, ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; @@ -450,32 +429,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, out: - if (NT_STATUS_IS_OK(result) && ctx->ops->finish) { - callback_status = ctx->ops->finish(mem_ctx, ctx, - database_id, sequence_num); - if (!NT_STATUS_IS_OK(callback_status)) { - result = callback_status; - } - } - - if (NT_STATUS_IS_ERR(result) && !ctx->error_message) { - - ctx->error_message = talloc_asprintf(ctx, - "Failed to fetch %s database: %s", - samsync_database_str(database_id), - nt_errstr(result)); - - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { - - ctx->error_message = - talloc_asprintf_append(ctx->error_message, - "\nPerhaps %s is a Windows native mode domain?", - ctx->domain_name); - } - } - - talloc_destroy(mem_ctx); - return result; } @@ -487,10 +440,37 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, struct samsync_context *ctx) { NTSTATUS status = NT_STATUS_OK; + NTSTATUS callback_status; + TALLOC_CTX *mem_ctx; + const char *debug_str; + uint64_t sequence_num = 0; int i = 0; + if (!(mem_ctx = talloc_new(ctx))) { + return NT_STATUS_NO_MEMORY; + } + + if (!ctx->ops) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (ctx->ops->startup) { + status = ctx->ops->startup(mem_ctx, ctx, + database_id, &sequence_num); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); + if (debug_str) { + d_fprintf(stderr, "%s\n", debug_str); + } + if (!ctx->single_object_replication) { - return libnet_samsync_delta(database_id, ctx, NULL); + status = libnet_samsync_delta(mem_ctx, database_id, + &sequence_num, ctx, NULL); + goto done; } for (i=0; inum_objects; i++) { @@ -503,12 +483,41 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e); - status = libnet_samsync_delta(database_id, ctx, &e); + status = libnet_samsync_delta(mem_ctx, database_id, + &sequence_num, ctx, &e); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } } + done: + + if (NT_STATUS_IS_OK(status) && ctx->ops->finish) { + callback_status = ctx->ops->finish(mem_ctx, ctx, + database_id, sequence_num); + if (!NT_STATUS_IS_OK(callback_status)) { + status = callback_status; + } + } + + if (NT_STATUS_IS_ERR(status) && !ctx->error_message) { + + ctx->error_message = talloc_asprintf(ctx, + "Failed to fetch %s database: %s", + samsync_database_str(database_id), + nt_errstr(status)); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + + ctx->error_message = + talloc_asprintf_append(ctx->error_message, + "\nPerhaps %s is a Windows native mode domain?", + ctx->domain_name); + } + } + + talloc_destroy(mem_ctx); + return status; } -- cgit From 6ef719bf92f6a6b9cdbd35d6b9c6e9d4d4f0dde5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:52:35 +0100 Subject: s3-libnet-samsync: store samsync sequence number state in keytab. Guenther --- source3/libnet/libnet_samsync_keytab.c | 53 +++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 7bafad9b0b..cdb344604d 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -112,6 +112,9 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, krb5_error_code ret = 0; NTSTATUS status; struct libnet_keytab_context *keytab_ctx; + struct libnet_keytab_entry *entry; + uint64_t old_sequence_num = 0; + const char *principal = NULL; ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); if (ret) { @@ -131,6 +134,20 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, return status; } + principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s", + keytab_ctx->dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(principal); + + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry && (entry->password.length == 8)) { + old_sequence_num = BVAL(entry->password.data, 0); + } + + if (sequence_num) { + *sequence_num = old_sequence_num; + } + return status; } @@ -194,6 +211,37 @@ static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, (struct libnet_keytab_context *)ctx->private_data; krb5_error_code ret; NTSTATUS status; + struct libnet_keytab_entry *entry; + uint64_t old_sequence_num = 0; + const char *principal = NULL; + + principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s", + keytab_ctx->dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(principal); + + + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry && (entry->password.length == 8)) { + old_sequence_num = BVAL(entry->password.data, 0); + } + + + if (sequence_num > old_sequence_num) { + DATA_BLOB blob; + blob = data_blob_talloc_zero(mem_ctx, 8); + SBVAL(blob.data, 0, sequence_num); + + status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, + 0, + "SEQUENCE_NUM", + NULL, + ENCTYPE_NULL, + blob); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } ret = libnet_keytab_add(keytab_ctx); if (ret) { @@ -210,9 +258,12 @@ static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, keytab_ctx->count, keytab_ctx->keytab_name); + status = NT_STATUS_OK; + + done: TALLOC_FREE(keytab_ctx); - return NT_STATUS_OK; + return status; } #else -- cgit From 6ce29dc9add1252b0ded9d2c1c2b6bae74604cc4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Nov 2008 17:03:38 +0100 Subject: Fix trans2findfirst for the large directory optimization With case sensitive = yes preserve case = no short preserve case = no default case = upper a "dir FOO.txt" would not find "FOO.TXT" because FOO.txt ends up unconverted in the mask for mask_match. Jeremy, please check! Volker --- source3/smbd/filename.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 562f1e8d94..3eb2d63734 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -206,6 +206,11 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, *pp_saved_last_component = talloc_strdup(ctx, orig_path); } + if (conn->case_sensitive && !conn->case_preserve && + !conn->short_case_preserve) { + strnorm(*pp_saved_last_component, + lp_defaultcase(SNUM(conn))); + } } if (!(name = talloc_strdup(ctx, orig_path))) { -- cgit From 93fd28a350c1f2652a24daead8ca6e4c8ff696cb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Nov 2008 10:57:54 -0800 Subject: Re-structure Volker's patch to "Fix trans2findfirst for the large directory optimization". Makes the change clearer. Jeremy. --- source3/smbd/filename.c | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 3eb2d63734..392264bfc0 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -194,30 +194,39 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, return result; } + if (!(name = talloc_strdup(ctx, orig_path))) { + DEBUG(0, ("talloc_strdup failed\n")); + return NT_STATUS_NO_MEMORY; + } + + /* + * Large directory fix normalization. If we're case sensitive, and + * the case preserving parameters are set to "no", normalize the case of + * the incoming filename from the client WHETHER IT EXISTS OR NOT ! + * This is in conflict with the current (3.0.20) man page, but is + * what people expect from the "large directory howto". I'll update + * the man page. Thanks to jht@samba.org for finding this. JRA. + */ + + if (conn->case_sensitive && !conn->case_preserve && + !conn->short_case_preserve) { + strnorm(name, lp_defaultcase(SNUM(conn))); + } + /* * Ensure saved_last_component is valid even if file exists. */ if(pp_saved_last_component) { - end = strrchr_m(orig_path, '/'); + end = strrchr_m(name, '/'); if (end) { *pp_saved_last_component = talloc_strdup(ctx, end + 1); } else { *pp_saved_last_component = talloc_strdup(ctx, - orig_path); - } - if (conn->case_sensitive && !conn->case_preserve && - !conn->short_case_preserve) { - strnorm(*pp_saved_last_component, - lp_defaultcase(SNUM(conn))); + name); } } - if (!(name = talloc_strdup(ctx, orig_path))) { - DEBUG(0, ("talloc_strdup failed\n")); - return NT_STATUS_NO_MEMORY; - } - if (!lp_posix_pathnames()) { stream = strchr_m(name, ':'); @@ -232,20 +241,6 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, } } - /* - * Large directory fix normalization. If we're case sensitive, and - * the case preserving parameters are set to "no", normalize the case of - * the incoming filename from the client WHETHER IT EXISTS OR NOT ! - * This is in conflict with the current (3.0.20) man page, but is - * what people expect from the "large directory howto". I'll update - * the man page. Thanks to jht@samba.org for finding this. JRA. - */ - - if (conn->case_sensitive && !conn->case_preserve && - !conn->short_case_preserve) { - strnorm(name, lp_defaultcase(SNUM(conn))); - } - start = name; /* If we're providing case insentive semantics or -- cgit From 69debd45e56428aceaac607994e61ecd66a73daa Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 18 Nov 2008 11:25:14 -0800 Subject: libsmb: Fix up pointer passed to cli_send_trans in cli_link_internal --- source3/libsmb/clifile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 1c525363f7..a9e81082ea 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -66,7 +66,7 @@ static bool cli_link_internal(struct cli_state *cli, const char *oldname, const -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 2, /* param, length, max */ - (char *)&data, data_len, cli->max_xmit /* data, length, max */ + data, data_len, cli->max_xmit /* data, length, max */ )) { SAFE_FREE(data); SAFE_FREE(param); -- cgit From 0e62bb39de93433dfeb7f822ec1026da7ed643f4 Mon Sep 17 00:00:00 2001 From: Dina Fine Date: Tue, 18 Nov 2008 12:45:42 -0800 Subject: Fix bug #5908 - Samba 3.0.32 - internal change notify on share directory fails" --- source3/smbd/notify.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index 5a517654bf..2d0811bc1c 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -339,6 +339,9 @@ void notify_fname(connection_struct *conn, uint32 action, uint32 filter, { char *fullpath; + if (path[0] == '.' && path[1] == '/') { + path += 2; + } if (asprintf(&fullpath, "%s/%s", conn->connectpath, path) == -1) { DEBUG(0, ("asprintf failed\n")); return; -- cgit From 9a7900fb38b9690bf51ab638c0f0629f2557b870 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Fri, 14 Nov 2008 19:16:12 -0800 Subject: Whitespace and >80 column cleanups. --- source3/libads/ldap.c | 24 ++++++------- source3/winbindd/winbindd_ads.c | 76 ++++++++++++++++++++------------------- source3/winbindd/winbindd_group.c | 4 +-- 3 files changed, 53 insertions(+), 51 deletions(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2dcd1fd6ae..c651b33efe 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3111,15 +3111,15 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, /** * pull a DOM_SID from an extended dn string - * @param mem_ctx TALLOC_CTX + * @param mem_ctx TALLOC_CTX * @param extended_dn string * @param flags string type of extended_dn * @param sid pointer to a DOM_SID * @return boolean inidicating success **/ -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, +bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, DOM_SID *sid) { char *p, *q, *dn; @@ -3132,7 +3132,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) { return False; } - /* + /* * ADS_EXTENDED_DN_HEX_STRING: * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de * @@ -3155,13 +3155,13 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, if (!q) { return False; } - + *q = '\0'; DEBUG(100,("ads_get_sid_from_extended_dn: sid string is %s\n", p)); switch (flags) { - + case ADS_EXTENDED_DN_STRING: if (!string_to_sid(sid, p)) { return False; @@ -3200,9 +3200,9 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, * @param sids pointer to sid array to allocate * @return the count of SIDs pulled **/ - int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - LDAPMessage *msg, + int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + LDAPMessage *msg, const char *field, enum ads_extended_dn_flags flags, DOM_SID **sids) @@ -3211,7 +3211,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, size_t dn_count; char **dn_strings; - if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, + if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, &dn_count)) == NULL) { return 0; } @@ -3224,7 +3224,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, for (i=0; iname)); + DEBUG(10,("lookup_usergroups_memberof: No incoming trust for " + "domain %s\n", domain->name)); return NT_STATUS_OK; } @@ -671,16 +671,16 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, goto done; } - rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, - ADS_EXTENDED_DN_HEX_STRING, + rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, + ADS_EXTENDED_DN_HEX_STRING, &strings, &num_strings); if (!ADS_ERR_OK(rc)) { - DEBUG(1,("lookup_usergroups_memberof ads_search member=%s: %s\n", - user_dn, ads_errstr(rc))); + DEBUG(1,("lookup_usergroups_memberof ads_search " + "member=%s: %s\n", user_dn, ads_errstr(rc))); return ads_ntstatus(rc); } - + *user_sids = NULL; num_groups = 0; @@ -700,8 +700,8 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, for (i=0; iname, + DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name, sid_string_dbg(group_sid))); *num_names = 0; @@ -935,12 +935,12 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if ( !winbindd_can_contact_domain( domain ) ) { DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n", - domain->name)); + domain->name)); return NT_STATUS_OK; } ads = ads_cached_connection(domain); - + if (!ads) { domain->last_status = NT_STATUS_SERVER_DISABLED; goto done; @@ -952,8 +952,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, } /* search for all members of the group */ - if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", - sidbinstr))) + if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", + sidbinstr))) { SAFE_FREE(sidbinstr); DEBUG(1, ("ads: lookup_groupmem: talloc_asprintf for ldap_exp failed!\n")); @@ -966,21 +966,21 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, args.val = ADS_EXTENDED_DN_HEX_STRING; args.critical = True; - rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, + rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, ldap_exp, &args, "member", &members, &num_members); if (!ADS_ERR_OK(rc)) { DEBUG(0,("ads_ranged_search failed with: %s\n", ads_errstr(rc))); status = NT_STATUS_UNSUCCESSFUL; goto done; - } - + } + DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members)); - + /* Now that we have a list of sids, we need to get the * lists of names and name_types belonging to these sids. - * even though conceptually not quite clean, we use the - * RPC call lsa_lookup_sids for this since it can handle a + * even though conceptually not quite clean, we use the + * RPC call lsa_lookup_sids for this since it can handle a * list of sids. ldap calls can just resolve one sid at a time. * * At this stage, the sids are still hidden in the exetended dn @@ -988,7 +988,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, * stated above: In extracting the sids from the member strings, * we try to resolve as many sids as possible from the * cache. Only the rest is passed to the lsa_lookup_sids call. */ - + if (num_members) { (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); (*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members); @@ -1015,11 +1015,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, char *name, *domain_name; DOM_SID sid; - if (!ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, &sid)) { + if (!ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, + &sid)) { status = NT_STATUS_INVALID_PARAMETER; goto done; } - if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, &name_type)) { + if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, + &name_type)) { DEBUG(10,("ads: lookup_groupmem: got sid %s from " "cache\n", sid_string_dbg(&sid))); sid_copy(&(*sid_mem)[*num_names], &sid); @@ -1052,23 +1054,23 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, goto done; } - status = rpccli_lsa_lookup_sids(cli, tmp_ctx, + status = rpccli_lsa_lookup_sids(cli, tmp_ctx, &lsa_policy, - num_nocache, - sid_mem_nocache, - &domains_nocache, - &names_nocache, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, &name_types_nocache); if (NT_STATUS_IS_OK(status) || - NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) + NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { - /* Copy the entries over from the "_nocache" arrays - * to the result arrays, skipping the gaps the + /* Copy the entries over from the "_nocache" arrays + * to the result arrays, skipping the gaps the * lookup_sids call left. */ for (i=0; i < num_nocache; i++) { - if (((names_nocache)[i] != NULL) && - ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) + if (((names_nocache)[i] != NULL) && + ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) { sid_copy(&(*sid_mem)[*num_names], &sid_mem_nocache[i]); diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 8e56138bb5..3422fdba1c 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -585,7 +585,7 @@ static bool fill_grent_mem(struct winbindd_domain *domain, } /* Real work goes here. Create a list of group names to - expand startign with the initial one. Pass that to + expand starting with the initial one. Pass that to expand_groups() which returns a list of more group names to expand. Do this up to the max search depth. */ @@ -922,7 +922,7 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, nt_status = normalize_name_unmap(s->state->mem_ctx, raw_name, &mapped_name); - /* basiuc whitespace reversal */ + /* basic whitespace reversal */ if (NT_STATUS_IS_OK(nt_status)) { s->group_name = talloc_asprintf(s->state->mem_ctx, "%s%c%s", -- cgit From 6d59be1e6d83d4faf145c9b6d574bab9f2acb36a Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sat, 15 Nov 2008 13:07:15 -0800 Subject: Fix extended DN parse error when AD object does not have a SID. Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof() --- source3/include/proto.h | 8 +++--- source3/libads/ldap.c | 62 +++++++++++++++++++++++++---------------- source3/winbindd/winbindd_ads.c | 55 ++++++++++++++++++++++++------------ 3 files changed, 79 insertions(+), 46 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 33425849d1..1cdf6c9cbc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1920,10 +1920,10 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***ous, size_t *num_ous); -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, - DOM_SID *sid); +ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, + DOM_SID *sid); char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index c651b33efe..f55cfa784a 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3115,45 +3115,51 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, * @param extended_dn string * @param flags string type of extended_dn * @param sid pointer to a DOM_SID - * @return boolean inidicating success + * @return NT_STATUS_OK on success, + * NT_INVALID_PARAMETER on error, + * NT_STATUS_NOT_FOUND if no SID present **/ -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, - DOM_SID *sid) +ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, + DOM_SID *sid) { char *p, *q, *dn; if (!extended_dn) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } /* otherwise extended_dn gets stripped off */ if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } /* * ADS_EXTENDED_DN_HEX_STRING: * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de * * ADS_EXTENDED_DN_STRING (only with w2k3): - ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de + * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de + * + * Object with no SID, such as an Exchange Public Folder + * ;CN=public,CN=Microsoft Exchange System Objects,DC=sd2k3ms,DC=west,DC=isilon,DC=com */ p = strchr(dn, ';'); if (!p) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (strncmp(p, ";'); if (!q) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } *q = '\0'; @@ -3164,7 +3170,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, case ADS_EXTENDED_DN_STRING: if (!string_to_sid(sid, p)) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } break; case ADS_EXTENDED_DN_HEX_STRING: { @@ -3173,21 +3179,21 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p)); if (buf_len == 0) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (!sid_parse(buf, buf_len, sid)) { DEBUG(10,("failed to parse sid\n")); - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } break; } default: DEBUG(10,("unknown extended dn format\n")); - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - return True; + return ADS_ERROR_NT(NT_STATUS_OK); } /** @@ -3208,7 +3214,8 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, DOM_SID **sids) { int i; - size_t dn_count; + ADS_STATUS rc; + size_t dn_count, ret_count = 0; char **dn_strings; if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, @@ -3223,18 +3230,25 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, } for (i=0; ilast_status = NT_STATUS_SERVER_DISABLED; - goto done; + return NT_STATUS_UNSUCCESSFUL; } rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, @@ -693,21 +694,26 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, group_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_strings + 1); if (!group_sids) { - TALLOC_FREE(strings); status = NT_STATUS_NO_MEMORY; goto done; } for (i=0; i Date: Wed, 19 Nov 2008 00:10:15 +0100 Subject: Move wireshark conformance file to top-level. --- librpc/idl/security.cnf | 1 + source4/librpc/idl/security.cnf | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) create mode 100644 librpc/idl/security.cnf delete mode 100644 source4/librpc/idl/security.cnf diff --git a/librpc/idl/security.cnf b/librpc/idl/security.cnf new file mode 100644 index 0000000000..37da8c7423 --- /dev/null +++ b/librpc/idl/security.cnf @@ -0,0 +1 @@ +NOEMIT diff --git a/source4/librpc/idl/security.cnf b/source4/librpc/idl/security.cnf deleted file mode 100644 index 37da8c7423..0000000000 --- a/source4/librpc/idl/security.cnf +++ /dev/null @@ -1 +0,0 @@ -NOEMIT -- cgit From 041c5cf3b5a2fba6ad49e049601b626d5b04ac3e Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Mon, 27 Oct 2008 23:46:44 -0700 Subject: Added ability to set id mappings in wbinfo. The two new parameters are: --set-uid-mapping --set-gid-mapping These allow wbinfo to create new, or override existing id mappings in the idmap backend. These expose the exisiting ability of libwbclient and winbindd to do this, up through a command line utility. --- source3/nsswitch/wbinfo.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 84f01e19ff..27df52f92c 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -130,6 +130,31 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, return true; } +/* Parse string of "uid,sid" or "gid,sid" into separate int and string values. + * Return true if input was valid, false otherwise. */ +static bool parse_mapping_arg(char *arg, int *id, char **sid) +{ + char *tmp, *endptr; + + if (!arg || !*arg) + return false; + + tmp = strtok(arg, ","); + *sid = strtok(NULL, ","); + + if (!tmp || !*tmp || !*sid || !**sid) + return false; + + /* Because atoi() can return 0 on invalid input, which would be a valid + * UID/GID we must use strtol() and do error checking */ + *id = strtol(tmp, &endptr, 10); + + if (endptr[0] != '\0') + return false; + + return true; +} + /* pull pwent info for a given user */ static bool wbinfo_get_userinfo(char *user) @@ -738,6 +763,54 @@ static bool wbinfo_allocate_gid(void) return true; } +static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcSetUidMapping(uid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("uid %d now mapped to sid %s\n", uid, sid_str); + + return true; +} + +static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcSetGidMapping(gid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("gid %d now mapped to sid %s\n", gid, sid_str); + + return true; +} + /* Convert sid to string */ static bool wbinfo_lookupsid(const char *sid_str) @@ -1414,6 +1487,8 @@ enum { OPT_USERSIDS, OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, + OPT_SET_UID_MAPPING, + OPT_SET_GID_MAPPING, OPT_SEPARATOR, OPT_LIST_ALL_DOMAINS, OPT_LIST_OWN_DOMAIN, @@ -1431,8 +1506,10 @@ int main(int argc, char **argv, char **envp) TALLOC_CTX *frame = talloc_stackframe(); poptContext pc; static char *string_arg; + char *string_subarg = NULL; static char *opt_domain_name; static int int_arg; + int int_subarg = -1; int result = 1; bool verbose = false; @@ -1459,6 +1536,8 @@ int main(int argc, char **argv, char **envp) "Get a new UID out of idmap" }, { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID, "Get a new GID out of idmap" }, + { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" }, + { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, @@ -1627,6 +1706,26 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_SET_UID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_set_uid_mapping(int_subarg, string_subarg)) + { + d_fprintf(stderr, "Could not create or modify " + "uid to sid mapping\n"); + goto done; + } + break; + case OPT_SET_GID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_set_gid_mapping(int_subarg, string_subarg)) + { + d_fprintf(stderr, "Could not create or modify " + "gid to sid mapping\n"); + goto done; + } + break; case 't': if (!wbinfo_check_secret()) { d_fprintf(stderr, "Could not check secret\n"); -- cgit From 00c6271d5cbbfe808b81906d5be2b328e4f25b30 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Mon, 27 Oct 2008 23:37:55 -0700 Subject: Added ability to remove id mappings in wbinfo and libwbclient. The idmap_tdb backend already provides an interface to remove existing id mappings. This commit plumbs that ability up through, winbindd, libwbclient, and wbinfo. Added new winbindd command: WINBINDD_REMOVE_MAPPING Added new libwbclient interfaces: wbcRemoveUidMapping() and wbcRemoveGidMapping() Added new wbinfo options: --remove-uid-mapping --remove-gid-mapping Increased libwbclient version to 0.2 Increased winbind interface version to 20 --- source3/include/proto.h | 1 + source3/nsswitch/libwbclient/wbc_idmap.c | 86 ++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 9 +++- source3/nsswitch/wbinfo.c | 74 +++++++++++++++++++++++++ source3/nsswitch/winbind_struct_protocol.h | 6 ++- source3/winbindd/idmap.c | 17 ++++++ source3/winbindd/idmap_tdb.c | 14 ++++- source3/winbindd/winbindd.c | 1 + source3/winbindd/winbindd_idmap.c | 63 ++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 6 +++ source3/winbindd/winbindd_sid.c | 42 +++++++++++++++ 11 files changed, 315 insertions(+), 4 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 1cdf6c9cbc..45f66203e1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8665,6 +8665,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domname, NTSTATUS idmap_new_mapping(const struct dom_sid *psid, enum id_type type, struct unixid *pxid); NTSTATUS idmap_set_mapping(const struct id_map *map); +NTSTATUS idmap_remove_mapping(const struct id_map *map); /* The following definitions come from winbindd/idmap_cache.c */ diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 1615fd33ee..6652f67636 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -362,6 +362,92 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } +/** @brief Remove a user id mapping + * + * @param uid Uid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = uid; + request.data.dual_idmapset.type = _ID_TYPE_UID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Remove a group id mapping + * + * @param gid Gid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = gid; + request.data.dual_idmapset.type = _ID_TYPE_GID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /** @brief Set the highwater mark for allocated uids. * * @param uid_hwm The new uid highwater mark value diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 662e0cdf8d..9c3d1998e0 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -57,9 +57,12 @@ const char *wbcErrorString(wbcErr error); /** * @brief Some useful details about the wbclient library * + * 0.1: Initial version + * 0.2: Added wbcRemoveUidMapping() + * Added wbcRemoveGidMapping() **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 1 +#define WBCLIENT_MINOR_VERSION 2 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; @@ -555,6 +558,10 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); + +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); + wbcErr wbcSetUidHwm(uid_t uid_hwm); wbcErr wbcSetGidHwm(gid_t gid_hwm); diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 27df52f92c..d5eee7e8f8 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -811,6 +811,54 @@ static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str) return true; } +static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcRemoveUidMapping(uid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("Removed uid %d to sid %s mapping\n", uid, sid_str); + + return true; +} + +static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcRemoveGidMapping(gid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("Removed gid %d to sid %s mapping\n", gid, sid_str); + + return true; +} + /* Convert sid to string */ static bool wbinfo_lookupsid(const char *sid_str) @@ -1489,6 +1537,8 @@ enum { OPT_ALLOCATE_GID, OPT_SET_UID_MAPPING, OPT_SET_GID_MAPPING, + OPT_REMOVE_UID_MAPPING, + OPT_REMOVE_GID_MAPPING, OPT_SEPARATOR, OPT_LIST_ALL_DOMAINS, OPT_LIST_OWN_DOMAIN, @@ -1538,6 +1588,8 @@ int main(int argc, char **argv, char **envp) "Get a new GID out of idmap" }, { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" }, { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" }, + { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" }, + { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, @@ -1726,6 +1778,28 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_REMOVE_UID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_remove_uid_mapping(int_subarg, + string_subarg)) + { + d_fprintf(stderr, "Could not remove uid to sid " + "mapping\n"); + goto done; + } + break; + case OPT_REMOVE_GID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_remove_gid_mapping(int_subarg, + string_subarg)) + { + d_fprintf(stderr, "Could not remove gid to sid " + "mapping\n"); + goto done; + } + break; case 't': if (!wbinfo_check_secret()) { d_fprintf(stderr, "Could not check secret\n"); diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index 169b4a8c95..e16103465f 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -41,7 +41,9 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 19 +/* Version 20: added WINBINDD_REMOVE_MAPPING command */ + +#define WINBIND_INTERFACE_VERSION 20 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -104,6 +106,7 @@ enum winbindd_cmd { WINBINDD_ALLOCATE_UID, WINBINDD_ALLOCATE_GID, WINBINDD_SET_MAPPING, + WINBINDD_REMOVE_MAPPING, WINBINDD_SET_HWM, /* Miscellaneous other stuff */ @@ -150,6 +153,7 @@ enum winbindd_cmd { WINBINDD_DUAL_UID2SID, WINBINDD_DUAL_GID2SID, WINBINDD_DUAL_SET_MAPPING, + WINBINDD_DUAL_REMOVE_MAPPING, WINBINDD_DUAL_SET_HWM, /* Wrapper around possibly blocking unix nss calls */ diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index cfc5597f42..054df9be05 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -788,3 +788,20 @@ NTSTATUS idmap_set_mapping(const struct id_map *map) return dom->methods->set_mapping(dom, map); } + +NTSTATUS idmap_remove_mapping(const struct id_map *map) +{ + struct idmap_domain *dom; + + dom = idmap_find_domain(NULL); + if (dom == NULL) { + DEBUG(3, ("no default domain, no place to write\n")); + return NT_STATUS_ACCESS_DENIED; + } + if (dom->methods->remove_mapping == NULL) { + DEBUG(3, ("default domain not writable\n")); + return NT_STATUS_MEDIA_WRITE_PROTECTED; + } + + return dom->methods->remove_mapping(dom, map); +} diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index f9d3a9fbff..7c4de5f6fb 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -875,8 +875,13 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ ksid = string_term_tdb_data(ksidstr); /* *DELETE* previous mappings if any. - * This is done both SID and [U|G]ID passed in */ - + * This is done for both the SID and [U|G]ID passed in */ + + /* NOTE: We should lock both the ksid and kid records here, before + * making modifications. However, because tdb_chainlock() is a + * blocking call we could create an unrecoverable deadlock, so for now + * we only lock the ksid record. */ + /* Lock the record for this SID. */ if (tdb_chainlock(ctx->tdb, ksid) != 0) { DEBUG(10,("Failed to lock record %s. Error %s\n", @@ -981,6 +986,11 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct ksid = string_term_tdb_data(ksidstr); kid = string_term_tdb_data(kidstr); + /* NOTE: We should lock both the ksid and kid records here, before + * making modifications. However, because tdb_chainlock() is a + * blocking call we could create an unrecoverable deadlock, so for now + * we only lock the ksid record. */ + /* Lock the record for this SID. */ if (tdb_chainlock(ctx->tdb, ksid) != 0) { DEBUG(10,("Failed to lock record %s. Error %s\n", diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index ce1a1fe52f..9e8a5a613e 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -343,6 +343,7 @@ static struct winbindd_dispatch_table { { WINBINDD_ALLOCATE_UID, winbindd_allocate_uid, "ALLOCATE_UID" }, { WINBINDD_ALLOCATE_GID, winbindd_allocate_gid, "ALLOCATE_GID" }, { WINBINDD_SET_MAPPING, winbindd_set_mapping, "SET_MAPPING" }, + { WINBINDD_REMOVE_MAPPING, winbindd_remove_mapping, "REMOVE_MAPPING" }, { WINBINDD_SET_HWM, winbindd_set_hwm, "SET_HWMS" }, /* Miscellaneous */ diff --git a/source3/winbindd/winbindd_idmap.c b/source3/winbindd/winbindd_idmap.c index d8c67dc21c..94a8c78a85 100644 --- a/source3/winbindd/winbindd_idmap.c +++ b/source3/winbindd/winbindd_idmap.c @@ -111,6 +111,65 @@ enum winbindd_result winbindd_dual_set_mapping(struct winbindd_domain *domain, return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } +static void winbindd_remove_mapping_recv(TALLOC_CTX *mem_ctx, bool success, + struct winbindd_response *response, + void *c, void *private_data) +{ + void (*cont)(void *priv, bool succ) = (void (*)(void *, bool))c; + + if (!success) { + DEBUG(5, ("Could not trigger idmap_remove_mapping\n")); + cont(private_data, False); + return; + } + + if (response->result != WINBINDD_OK) { + DEBUG(5, ("idmap_remove_mapping returned an error\n")); + cont(private_data, False); + return; + } + + cont(private_data, True); +} + +void winbindd_remove_mapping_async(TALLOC_CTX *mem_ctx, + const struct id_map *map, + void (*cont)(void *private_data, bool success), + void *private_data) +{ + struct winbindd_request request; + ZERO_STRUCT(request); + request.cmd = WINBINDD_DUAL_REMOVE_MAPPING; + request.data.dual_idmapset.id = map->xid.id; + request.data.dual_idmapset.type = map->xid.type; + sid_to_fstring(request.data.dual_idmapset.sid, map->sid); + + do_async(mem_ctx, idmap_child(), &request, winbindd_remove_mapping_recv, + (void *)cont, private_data); +} + +enum winbindd_result winbindd_dual_remove_mapping( + struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + struct id_map map; + DOM_SID sid; + NTSTATUS result; + + DEBUG(3, ("[%5lu]: dual_idmapremove\n", (unsigned long)state->pid)); + + if (!string_to_sid(&sid, state->request.data.dual_idmapset.sid)) + return WINBINDD_ERROR; + + map.sid = &sid; + map.xid.id = state->request.data.dual_idmapset.id; + map.xid.type = state->request.data.dual_idmapset.type; + map.status = ID_MAPPED; + + result = idmap_remove_mapping(&map); + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; +} + static void winbindd_set_hwm_recv(TALLOC_CTX *mem_ctx, bool success, struct winbindd_response *response, void *c, void *private_data) @@ -485,6 +544,10 @@ static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = { .name = "DUAL_SET_MAPPING", .struct_cmd = WINBINDD_DUAL_SET_MAPPING, .struct_fn = winbindd_dual_set_mapping, + },{ + .name = "DUAL_REMOVE_MAPPING", + .struct_cmd = WINBINDD_DUAL_REMOVE_MAPPING, + .struct_fn = winbindd_dual_remove_mapping, },{ .name = "DUAL_SET_HWMS", .struct_cmd = WINBINDD_DUAL_SET_HWM, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 65ad47dd03..4f3d10f57f 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -353,6 +353,11 @@ void winbindd_set_mapping_async(TALLOC_CTX *mem_ctx, const struct id_map *map, void *private_data); enum winbindd_result winbindd_dual_set_mapping(struct winbindd_domain *domain, struct winbindd_cli_state *state); +void winbindd_remove_mapping_async(TALLOC_CTX *mem_ctx, const struct id_map *map, + void (*cont)(void *private_data, bool success), + void *private_data); +enum winbindd_result winbindd_dual_remove_mapping(struct winbindd_domain *domain, + struct winbindd_cli_state *state); void winbindd_set_hwm_async(TALLOC_CTX *mem_ctx, const struct unixid *xid, void (*cont)(void *private_data, bool success), void *private_data); @@ -505,6 +510,7 @@ void winbindd_sid_to_uid(struct winbindd_cli_state *state); void winbindd_sid_to_gid(struct winbindd_cli_state *state); void winbindd_sids_to_unixids(struct winbindd_cli_state *state); void winbindd_set_mapping(struct winbindd_cli_state *state); +void winbindd_remove_mapping(struct winbindd_cli_state *state); void winbindd_set_hwm(struct winbindd_cli_state *state); void winbindd_uid_to_sid(struct winbindd_cli_state *state); void winbindd_gid_to_sid(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_sid.c b/source3/winbindd/winbindd_sid.c index 274786fa63..d8bd863037 100644 --- a/source3/winbindd/winbindd_sid.c +++ b/source3/winbindd/winbindd_sid.c @@ -415,6 +415,48 @@ void winbindd_set_mapping(struct winbindd_cli_state *state) set_mapping_recv, state); } +static void remove_mapping_recv(void *private_data, bool success) +{ + struct winbindd_cli_state *state = + talloc_get_type_abort(private_data, struct winbindd_cli_state); + + if (!success) { + DEBUG(5, ("Could not remove sid mapping\n")); + request_error(state); + return; + } + + request_ok(state); +} + +void winbindd_remove_mapping(struct winbindd_cli_state *state) +{ + struct id_map map; + DOM_SID sid; + + DEBUG(3, ("[%5lu]: remove id map\n", (unsigned long)state->pid)); + + if ( ! state->privileged) { + DEBUG(0, ("Only root is allowed to remove mappings!\n")); + request_error(state); + return; + } + + if (!string_to_sid(&sid, state->request.data.dual_idmapset.sid)) { + DEBUG(1, ("Could not get convert sid %s from string\n", + state->request.data.sid)); + request_error(state); + return; + } + + map.sid = &sid; + map.xid.id = state->request.data.dual_idmapset.id; + map.xid.type = state->request.data.dual_idmapset.type; + + winbindd_remove_mapping_async(state->mem_ctx, &map, + remove_mapping_recv, state); +} + static void set_hwm_recv(void *private_data, bool success) { struct winbindd_cli_state *state = -- cgit From ce44a2032362c6160931663af67e2e2e663b0c63 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Mon, 27 Oct 2008 23:36:36 -0700 Subject: Clean-up various trailing space and >80 column lines. --- source3/nsswitch/libwbclient/wbclient.c | 2 +- source3/nsswitch/libwbclient/wbclient.h | 4 +-- source3/nsswitch/wb_common.c | 2 +- source3/nsswitch/wbinfo.c | 8 ++--- source3/nsswitch/winbind_struct_protocol.h | 2 +- source3/winbindd/idmap_tdb.c | 49 ++++++++++++++++++------------ source3/winbindd/winbindd.c | 2 +- source3/winbindd/winbindd_sid.c | 3 +- 8 files changed, 42 insertions(+), 30 deletions(-) diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index bdde562a93..c0b7e0675a 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -59,7 +59,7 @@ wbcErr wbcRequestResponse(int cmd, wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; - /* for some calls the request and/or response cna be NULL */ + /* for some calls the request and/or response can be NULL */ nss_status = winbindd_request_response(cmd, request, response); diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 9c3d1998e0..639f7f359f 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -361,7 +361,7 @@ struct wbcLogonUserInfo { #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008 -#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 +#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100 @@ -388,7 +388,7 @@ struct wbcLogonUserInfo { #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */ #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */ #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */ -#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ +#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ struct wbcAuthErrorInfo { diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6e6d2bbbf8..a1646215bd 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -314,7 +314,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) if ((need_priv != 0) && (is_privileged == 0)) { winbind_close_sock(); } - + if (winbindd_fd != -1) { return winbindd_fd; } diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index d5eee7e8f8..d14cfe94b7 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -75,7 +75,7 @@ static char winbind_separator_int(bool strict) /* HACK: (this module should not call lp_ funtions) */ sep = *lp_winbind_separator(); } - + return sep; } @@ -1604,7 +1604,7 @@ int main(int argc, char **argv, char **envp) { "user-domgroups", 0, POPT_ARG_STRING, &string_arg, OPT_USERDOMGROUPS, "Get user domain groups", "SID" }, { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" }, - { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, + { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME, "Get a DC name for a foreign domain", "domainname" }, @@ -1613,7 +1613,7 @@ int main(int argc, char **argv, char **envp) { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" }, { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" }, #ifdef WITH_FAKE_KASERVER - { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, + { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, #endif #ifdef HAVE_KRB5 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" }, @@ -1665,7 +1665,7 @@ int main(int argc, char **argv, char **envp) load_interfaces(); - pc = poptGetContext(NULL, argc, (const char **)argv, long_options, + pc = poptGetContext(NULL, argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); while((opt = poptGetNextOpt(pc)) != -1) { diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index e16103465f..36873f2096 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -97,7 +97,7 @@ enum winbindd_cmd { /* Lookup functions */ - WINBINDD_SID_TO_UID, + WINBINDD_SID_TO_UID, WINBINDD_SID_TO_GID, WINBINDD_SIDS_TO_XIDS, WINBINDD_UID_TO_SID, diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index 7c4de5f6fb..4c8cceb691 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -820,10 +820,11 @@ done: } /********************************** - set a mapping. + set a mapping. **********************************/ -static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_map *map) +static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, + const struct id_map *map) { struct idmap_tdb_context *ctx; NTSTATUS ret; @@ -839,17 +840,19 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data.dptr = NULL; /* TODO: should we filter a set_mapping using low/high filters ? */ - + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); switch (map->xid.type) { case ID_TYPE_UID: - kidstr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "UID %lu", + (unsigned long)map->xid.id); break; - + case ID_TYPE_GID: - kidstr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "GID %lu", + (unsigned long)map->xid.id); break; default: @@ -891,7 +894,8 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data = tdb_fetch(ctx->tdb, ksid); if (data.dptr) { - DEBUG(10, ("Deleting existing mapping %s <-> %s\n", (const char *)data.dptr, ksidstr )); + DEBUG(10, ("Deleting existing mapping %s <-> %s\n", + (const char *)data.dptr, ksidstr )); tdb_delete(ctx->tdb, data); tdb_delete(ctx->tdb, ksid); SAFE_FREE(data.dptr); @@ -899,20 +903,23 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data = tdb_fetch(ctx->tdb, kid); if (data.dptr) { - DEBUG(10,("Deleting existing mapping %s <-> %s\n", (const char *)data.dptr, kidstr )); + DEBUG(10,("Deleting existing mapping %s <-> %s\n", + (const char *)data.dptr, kidstr )); tdb_delete(ctx->tdb, data); tdb_delete(ctx->tdb, kid); SAFE_FREE(data.dptr); } if (tdb_store(ctx->tdb, ksid, kid, TDB_INSERT) == -1) { - DEBUG(0, ("Error storing SID -> ID: %s\n", tdb_errorstr(ctx->tdb))); + DEBUG(0, ("Error storing SID -> ID: %s\n", + tdb_errorstr(ctx->tdb))); tdb_chainunlock(ctx->tdb, ksid); ret = NT_STATUS_UNSUCCESSFUL; goto done; } if (tdb_store(ctx->tdb, kid, ksid, TDB_INSERT) == -1) { - DEBUG(0, ("Error stroing ID -> SID: %s\n", tdb_errorstr(ctx->tdb))); + DEBUG(0, ("Error storing ID -> SID: %s\n", + tdb_errorstr(ctx->tdb))); /* try to remove the previous stored SID -> ID map */ tdb_delete(ctx->tdb, ksid); tdb_chainunlock(ctx->tdb, ksid); @@ -932,10 +939,11 @@ done: } /********************************** - remove a mapping. + remove a mapping. **********************************/ -static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct id_map *map) +static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, + const struct id_map *map) { struct idmap_tdb_context *ctx; NTSTATUS ret; @@ -951,17 +959,19 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct data.dptr = NULL; /* TODO: should we filter a remove_mapping using low/high filters ? */ - + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); switch (map->xid.type) { case ID_TYPE_UID: - kidstr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "UID %lu", + (unsigned long)map->xid.id); break; - + case ID_TYPE_GID: - kidstr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "GID %lu", + (unsigned long)map->xid.id); break; default: @@ -1011,16 +1021,17 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct if ((data.dsize != kid.dsize) || (memcmp(data.dptr, kid.dptr, data.dsize) != 0)) { DEBUG(10,("Specified SID does not map to specified ID\n")); - DEBUGADD(10,("Actual mapping is %s -> %s\n", ksidstr, (const char *)data.dptr)); + DEBUGADD(10,("Actual mapping is %s -> %s\n", ksidstr, + (const char *)data.dptr)); tdb_chainunlock(ctx->tdb, ksid); ret = NT_STATUS_NONE_MAPPED; goto done; } - + DEBUG(10, ("Removing %s <-> %s map\n", ksidstr, kidstr)); /* Delete previous mappings. */ - + DEBUG(10, ("Deleting existing mapping %s -> %s\n", ksidstr, kidstr )); tdb_delete(ctx->tdb, ksid); diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 9e8a5a613e..82af55800f 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -368,7 +368,7 @@ static struct winbindd_dispatch_table { { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" }, { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" }, - + /* End of list */ { WINBINDD_NUM_CMDS, NULL, "NONE" } diff --git a/source3/winbindd/winbindd_sid.c b/source3/winbindd/winbindd_sid.c index d8bd863037..641b18ebbd 100644 --- a/source3/winbindd/winbindd_sid.c +++ b/source3/winbindd/winbindd_sid.c @@ -370,7 +370,8 @@ void winbindd_sid_to_gid(struct winbindd_cli_state *state) range from random SIDs. */ backend: - winbindd_lookupsid_async( state->mem_ctx, &sid, sid2gid_lookupsid_recv, state ); + winbindd_lookupsid_async( state->mem_ctx, &sid, sid2gid_lookupsid_recv, + state ); } static void set_mapping_recv(void *private_data, bool success) -- cgit From 314e5cfa7ff9d4decb7edaed42b7cbe0ad5a7b3c Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 18 Nov 2008 16:47:23 -0800 Subject: s3/s4 build: Fix makefile expression to work on more systems --- source4/build/make/python.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/build/make/python.mk b/source4/build/make/python.mk index e307ba74bb..67a3e86215 100644 --- a/source4/build/make/python.mk +++ b/source4/build/make/python.mk @@ -46,7 +46,7 @@ swig:: pythonmods .SUFFIXES: _wrap.c .i .py %_wrap.c %.py: %.i - [ "$(SWIG)" == "no" ] || $(SWIG) -O -Wall -python -keyword -I../source4 $< + [ "$(SWIG)" = "no" ] || $(SWIG) -O -Wall -python -keyword -I../source4 $< realdistclean:: @echo "Removing SWIG output files" -- cgit From 1115b7b342fe8749a385c5c4e213b8d2520f6c84 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 18 Nov 2008 16:52:58 -0800 Subject: s3/s4 build: Fix execinfo and sasl build error when the libs/headers are in non-standard locations. These configure checks have the correct flags at configure time, so let's pass them through so they are used at compile time. --- lib/util/fault.m4 | 14 ++++++++++++-- source4/auth/config.m4 | 6 +++++- 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/util/fault.m4 b/lib/util/fault.m4 index b24e63641c..da077af31d 100644 --- a/lib/util/fault.m4 +++ b/lib/util/fault.m4 @@ -1,5 +1,15 @@ AC_CHECK_HEADERS(execinfo.h) AC_SEARCH_LIBS_EXT(backtrace, [execinfo], EXECINFO_LIBS) AC_CHECK_FUNC_EXT(backtrace, $EXECINFO_LIBS) -SMB_EXT_LIB(EXECINFO,[${EXECINFO_LIBS}]) -SMB_ENABLE(EXECINFO) + + +if test x"$ac_cv_header_execinfo_h" = x"yes" -a x"$ac_cv_func_ext_backtrace" = x"yes";then + SMB_ENABLE(EXECINFO, YES) + EXECINFO_CFLAGS="$CFLAGS" + EXECINFO_CPPFLAGS="$CPPFLAGS" + EXECINFO_LDFLAGS="$LDFLAGS" +else + SMB_ENABLE(EXECINFO,NO) +fi + +SMB_EXT_LIB(EXECINFO, [${EXECINFO_LIBS}], [${EXECINFO_CFLAGS}], [${EXECINFO_CPPFLAGS}], [${EXECINFO_LDFLAGS}]) diff --git a/source4/auth/config.m4 b/source4/auth/config.m4 index 1338b775ec..a271a9f6fe 100644 --- a/source4/auth/config.m4 +++ b/source4/auth/config.m4 @@ -20,11 +20,15 @@ AC_CHECK_FUNCS(crypt16 getauthuid getpwanam) AC_CHECK_HEADERS(sasl/sasl.h) AC_CHECK_LIB_EXT(sasl2, SASL_LIBS, sasl_client_init) -SMB_EXT_LIB(SASL, $SASL_LIBS) if test x"$ac_cv_header_sasl_sasl_h" = x"yes" -a x"$ac_cv_lib_ext_sasl2_sasl_client_init" = x"yes";then SMB_ENABLE(SASL,YES) SMB_ENABLE(cyrus_sasl,YES) + SASL_CFLAGS="$CFLAGS" + SASL_CPPFLAGS="$CPPFLAGS" + SASL_LDFLAGS="$LDFLAGS" else SMB_ENABLE(cyrus_sasl,NO) fi + +SMB_EXT_LIB(SASL, $SASL_LIBS, [${SASL_CFLAGS}], [${SASL_CPPFLAGS}], [${SASL_LDFLAGS}]) -- cgit From 12e72140b944f844e7f44f21a087ab4a4ecc51a7 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 19 Nov 2008 13:16:38 +0100 Subject: build-docs: Use 'git clean' instead of 'git-clean'. Karolin --- release-scripts/build-docs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/release-scripts/build-docs b/release-scripts/build-docs index fa38d8dd2c..c138149f6c 100755 --- a/release-scripts/build-docs +++ b/release-scripts/build-docs @@ -4,7 +4,7 @@ DOCSRCDIR=`dirname $0`/../docs-xml cd $DOCSRCDIR || exit 1 -git-clean -d -x -f +git clean -d -x -f autoconf && \ ./configure --with-papersize=letter && \ make smbdotconf/parameters.all.xml && \ -- cgit From 6216e5cbd7da928cfbfd501393fbe91ac72bbd3f Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Wed, 19 Nov 2008 13:08:41 +0100 Subject: manpages: Document new wbinfo idmapping options. --set-uid/gid-mapping --remove-uid/gid-mapping Karolin (cherry picked from commit c9965d544f615fea1ba3609d7348407130ab1ec9) --- docs-xml/manpages-3/wbinfo.1.xml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs-xml/manpages-3/wbinfo.1.xml b/docs-xml/manpages-3/wbinfo.1.xml index 72a2380dde..abb1c7f53f 100644 --- a/docs-xml/manpages-3/wbinfo.1.xml +++ b/docs-xml/manpages-3/wbinfo.1.xml @@ -39,10 +39,14 @@ --own-domain -p -r user + --remove-uid-mapping uid,sid + --remove-gid-mapping gid,sid -s sid --separator --sequence --set-auth-user user%password + --set-uid-mapping uid,sid + --set-gid-mapping gid,sid -S sid -t -u @@ -333,6 +337,29 @@ the operation will fail. + + --remove-uid-mapping uid,sid + Remove an existing uid to sid mapping + entry from the IDmap backend. + + + + --remove-gid-mapping gid,sid + Remove an existing gid to sid + mapping entry from the IDmap backend. + + + + --set-uid-mapping uid,sid + Create a new or modify an existing uid to sid + mapping in the IDmap backend. + + + + --set-gid-mapping gid,sid + Create a new or modify an existing gid to sid + mapping in the IDmap backend. + &stdarg.version; &stdarg.help; -- cgit From 42523498b9a65b5b585a5d1564e61a6528f52926 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 19 Nov 2008 16:24:04 +0100 Subject: Fix path for torture.h. --- source4/headermap.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/headermap.txt b/source4/headermap.txt index cb5a4fab4c..ec9fedae2d 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -50,7 +50,7 @@ rpc_server/common/common.h: dcerpc_server/common.h libcli/auth/credentials.h: domain_credentials.h ../lib/util/charset/charset.h: charset.h libcli/ldap/ldap.h: ldap.h -lib/torture/torture.h: torture.h +../lib/torture/torture.h: torture.h libcli/libcli.h: client.h librpc/gen_ndr/nbt.h: gen_ndr/nbt.h librpc/gen_ndr/ntp_signd.h: gen_ndr/ntp_signd.h -- cgit From cd82c07943c329149572473546cae732c977308c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 11:22:50 -0800 Subject: Fix bug #5904 - libnss_wins causes SIGABRT while servicing getaddrinfo() request. Jeremy. --- source3/nsswitch/wins.c | 63 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 48 insertions(+), 15 deletions(-) diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 2f82997aaf..e028eb8cf2 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -24,6 +24,14 @@ #include #endif +#if HAVE_PTHREAD_H +#include +#endif + +#if HAVE_PTHREAD +static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif + #ifndef INADDRSZ #define INADDRSZ 4 #endif @@ -320,11 +328,16 @@ NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, char *buffer, size_t buflen, int *h_errnop) { + NSS_STATUS nss_status = NSS_STATUS_SUCCESS; struct in_addr *ip_list; int i, count; fstring name; size_t namelen; +#if HAVE_PTHREAD + pthread_mutex_lock(&wins_nss_mutex); +#endif + memset(he, '\0', sizeof(*he)); fstrcpy(name, hostname); @@ -332,8 +345,10 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, ip_list = lookup_byname_backend(name, &count); - if (!ip_list) - return NSS_STATUS_NOTFOUND; + if (!ip_list) { + nss_status = NSS_STATUS_NOTFOUND; + goto out; + } /* Copy h_name */ @@ -341,7 +356,8 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if ((he->h_name = get_static(&buffer, &buflen, namelen)) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } memcpy(he->h_name, name, namelen); @@ -353,20 +369,23 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if (get_static(&buffer, &buflen, i) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } if ((he->h_addr_list = (char **)get_static( &buffer, &buflen, (count + 1) * sizeof(char *))) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } for (i = 0; i < count; i++) { if ((he->h_addr_list[i] = get_static(&buffer, &buflen, INADDRSZ)) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } memcpy(he->h_addr_list[i], &ip_list[i], INADDRSZ); } @@ -385,16 +404,27 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if ((i = (unsigned long)(buffer) % sizeof(char*)) != 0) i = sizeof(char*) - i; - if (get_static(&buffer, &buflen, i) == NULL) - return NSS_STATUS_TRYAGAIN; + if (get_static(&buffer, &buflen, i) == NULL) { + nss_status = NSS_STATUS_TRYAGAIN; + goto out; + } if ((he->h_aliases = (char **)get_static( - &buffer, &buflen, sizeof(char *))) == NULL) - return NSS_STATUS_TRYAGAIN; + &buffer, &buflen, sizeof(char *))) == NULL) { + nss_status = NSS_STATUS_TRYAGAIN; + goto out; + } he->h_aliases[0] = NULL; - return NSS_STATUS_SUCCESS; + nss_status = NSS_STATUS_SUCCESS; + + out: + +#if HAVE_PTHREAD + pthread_mutex_unlock(&wins_nss_mutex); +#endif + return nss_status; } @@ -402,12 +432,15 @@ NSS_STATUS _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, char *buffer, size_t buflen, int *h_errnop) { + NSS_STATUS nss_status; + if(af!=AF_INET) { *h_errnop = NO_DATA; - return NSS_STATUS_UNAVAIL; + nss_status = NSS_STATUS_UNAVAIL; + } else { + nss_status = _nss_wins_gethostbyname_r( + name, he, buffer, buflen, h_errnop); } - - return _nss_wins_gethostbyname_r( - name, he, buffer, buflen, h_errnop); + return nss_status; } #endif -- cgit From d53219704282bc6792416796dd6398875386243e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 12:24:53 -0800 Subject: Add functions to delete NTACL on posix ACL set. Jeremy. --- source3/modules/vfs_acl_tdb.c | 212 +++++++++++++++++++++++++--------------- source3/modules/vfs_acl_xattr.c | 100 +++++++++++++++++++ 2 files changed, 235 insertions(+), 77 deletions(-) diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 1924812cf7..915f73233d 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -1,5 +1,5 @@ /* - * Store Windows ACLs in xattrs, or a tdb if configured that way. + * Store Windows ACLs in a tdb. * * Copyright (C) Volker Lendecke, 2008 * Copyright (C) Jeremy Allison, 2008 @@ -72,7 +72,7 @@ static bool acl_tdb_init(struct db_context **pp_db) Lower ref count and close acl_db if zero. *******************************************************************/ -static void free_acl_xattr_data(void **pptr) +static void free_acl_tdb_data(void **pptr) { struct db_context **pp_db = (struct db_context **)pptr; @@ -87,7 +87,7 @@ static void free_acl_xattr_data(void **pptr) Fetch_lock the tdb acl record for a file *******************************************************************/ -static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, +static struct db_record *acl_tdb_lock(TALLOC_CTX *mem_ctx, struct db_context *db, const struct file_id *id) { @@ -99,6 +99,33 @@ static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, sizeof(id_buf))); } +/******************************************************************* + Delete the tdb acl record for a file +*******************************************************************/ + +static NTSTATUS acl_tdb_delete(vfs_handle_struct *handle, + struct db_context *db, + SMB_STRUCT_STAT *psbuf) +{ + NTSTATUS status; + struct file_id id = vfs_file_id_from_sbuf(handle->conn, psbuf); + struct db_record *rec = acl_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("acl_tdb_delete: rec == NULL\n")); + TALLOC_FREE(rec); + return NT_STATUS_OK; + } + + status = rec->delete_rec(rec); + TALLOC_FREE(rec); + return status; +} + /******************************************************************* Parse out a struct security_descriptor from a DATA_BLOB. *******************************************************************/ @@ -311,10 +338,10 @@ static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, } /******************************************************************* - Store a DATA_BLOB into an xattr given a pathname. + Store a DATA_BLOB into an tdb given a pathname. *******************************************************************/ -static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, +static NTSTATUS get_nt_acl_tdb_internal(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, @@ -328,7 +355,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, name = fsp->fsp_name; } - DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name)); + DEBUG(10, ("get_nt_acl_tdb_internal: name=%s\n", name)); status = get_acl_blob(ctx, handle, fsp, name, &blob); if (!NT_STATUS_IS_OK(status)) { @@ -416,7 +443,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, DEBUG(10,("inherit_new_acl: check directory %s\n", parent_name)); - status = get_nt_acl_xattr_internal(handle, + status = get_nt_acl_tdb_internal(handle, NULL, parent_name, (OWNER_SECURITY_INFORMATION | @@ -493,7 +520,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, Check ACL on open. For new files inherit from parent directory. *********************************************************************/ -static int open_acl_xattr(vfs_handle_struct *handle, +static int open_acl_tdb(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, @@ -502,7 +529,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, uint32_t access_granted = 0; struct security_descriptor *pdesc = NULL; bool file_existed = true; - NTSTATUS status = get_nt_acl_xattr_internal(handle, + NTSTATUS status = get_nt_acl_tdb_internal(handle, NULL, fname, (OWNER_SECURITY_INFORMATION | @@ -516,7 +543,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, fsp->access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("open_acl_xattr: file %s open " + DEBUG(10,("open_acl_tdb: file %s open " "refused with error %s\n", fname, nt_errstr(status) )); @@ -527,7 +554,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, file_existed = false; } - DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " + DEBUG(10,("open_acl_tdb: get_nt_acl_attr_internal for " "file %s returned %s\n", fname, nt_errstr(status) )); @@ -547,12 +574,10 @@ static int open_acl_xattr(vfs_handle_struct *handle, On unlink we need to delete the tdb record (if using tdb). *********************************************************************/ -static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) +static int unlink_acl_tdb(vfs_handle_struct *handle, const char *path) { SMB_STRUCT_STAT sbuf; - struct file_id id; struct db_context *db; - struct db_record *rec; int ret; SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); @@ -567,24 +592,7 @@ static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) return -1; } - id = vfs_file_id_from_sbuf(handle->conn, &sbuf); - - rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); - - /* - * If rec == NULL there's not much we can do about it - */ - - if (rec == NULL) { - DEBUG(10,("unlink_acl_xattr: path %s rec == NULL\n", - path )); - TALLOC_FREE(rec); - return 0; - } - - rec->delete_rec(rec); - TALLOC_FREE(rec); - + acl_tdb_delete(handle, db, &sbuf); return 0; } @@ -592,7 +600,7 @@ static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) Store an inherited SD on mkdir. *********************************************************************/ -static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +static int mkdir_acl_tdb(vfs_handle_struct *handle, const char *path, mode_t mode) { int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode); @@ -608,12 +616,11 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m On rmdir we need to delete the tdb record (if using tdb). *********************************************************************/ -static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) +static int rmdir_acl_tdb(vfs_handle_struct *handle, const char *path) { + SMB_STRUCT_STAT sbuf; - struct file_id id; struct db_context *db; - struct db_record *rec; int ret; SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); @@ -623,29 +630,11 @@ static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) } ret = SMB_VFS_NEXT_RMDIR(handle, path); - if (ret == -1) { return -1; } - id = vfs_file_id_from_sbuf(handle->conn, &sbuf); - - rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); - - /* - * If rec == NULL there's not much we can do about it - */ - - if (rec == NULL) { - DEBUG(10,("rmdir_acl_xattr: path %s rec == NULL\n", - path )); - TALLOC_FREE(rec); - return 0; - } - - rec->delete_rec(rec); - TALLOC_FREE(rec); - + acl_tdb_delete(handle, db, &sbuf); return 0; } @@ -653,21 +642,21 @@ static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) Fetch a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS fget_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { - NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp, + NTSTATUS status = get_nt_acl_tdb_internal(handle, fsp, NULL, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { - DEBUG(10,("fget_nt_acl_xattr: returning xattr sd for file %s\n", + DEBUG(10,("fget_nt_acl_tdb: returning tdb sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } - DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + DEBUG(10,("fget_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n", fsp->fsp_name, nt_errstr(status) )); @@ -679,21 +668,21 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Fetch a security descriptor given a pathname. *********************************************************************/ -static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, +static NTSTATUS get_nt_acl_tdb(vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { - NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, + NTSTATUS status = get_nt_acl_tdb_internal(handle, NULL, name, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { - DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n", + DEBUG(10,("get_nt_acl_tdb: returning tdb sd for file %s\n", name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } - DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + DEBUG(10,("get_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n", name, nt_errstr(status) )); @@ -705,14 +694,14 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, Store a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { NTSTATUS status; DATA_BLOB blob; if (DEBUGLEVEL >= 10) { - DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", + DEBUG(10,("fset_nt_acl_tdb: incoming sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); @@ -768,7 +757,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } if (DEBUGLEVEL >= 10) { - DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", + DEBUG(10,("fset_nt_acl_tdb: storing tdb sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); @@ -783,7 +772,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Handle opening the storage tdb if so configured. *******************************************************************/ -static int connect_acl_xattr(struct vfs_handle_struct *handle, +static int connect_acl_tdb(struct vfs_handle_struct *handle, const char *service, const char *user) { @@ -800,34 +789,103 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle, return -1; } - SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_xattr_data, + SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data, struct db_context, return -1); return 0; } +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_tdb(vfs_handle_struct *handle, + const char *path, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + SMB_STRUCT_STAT sbuf; + struct db_context *db; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + path, + type, + theacl); + if (ret == -1) { + return -1; + } + + acl_tdb_delete(handle, db, &sbuf); + return 0; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_tdb(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + SMB_STRUCT_STAT sbuf; + struct db_context *db; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (fsp->is_directory || fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } + if (ret == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + acl_tdb_delete(handle, db, &sbuf); + return 0; +} + /* VFS operations structure */ static vfs_op_tuple skel_op_tuples[] = { - {SMB_VFS_OP(connect_acl_xattr), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(connect_acl_tdb), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(mkdir_acl_tdb), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(rmdir_acl_tdb), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(unlink_acl_xattr), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(open_acl_tdb), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(unlink_acl_tdb), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, /* NT File ACL operations */ - {SMB_VFS_OP(fget_nt_acl_xattr),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fget_nt_acl_tdb),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(get_nt_acl_tdb), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fset_nt_acl_tdb),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_tdb), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_tdb), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -NTSTATUS vfs_acl_xattr_init(void) +NTSTATUS vfs_acl_tdb_init(void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_tdb", skel_op_tuples); } diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index bc3edd7d04..e0d0ef1414 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -607,6 +607,98 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return NT_STATUS_OK; } +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_xattr(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + name, + type, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_REMOVEXATTR(handle, name, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_FREMOVEXATTR(handle, fsp, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_xattr(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + name, + type, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_REMOVEXATTR(handle->conn, name, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + /* VFS operations structure */ static vfs_op_tuple skel_op_tuples[] = @@ -620,6 +712,14 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys__acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From 2865be8a1c1d928ad86453e6dbf1c2a3508ad127 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 12:38:38 +0100 Subject: pidl: fix generated s3-server in,out,ref qualifiers that are used for buffer allocation. Guenther --- pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm index e5d8f1c1d2..eb3cdf20cb 100644 --- a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm +++ b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm @@ -142,6 +142,13 @@ sub ParseFunction($$) my @dir = @{$_->{DIRECTION}}; if (grep(/in/, @dir) and grep(/out/, @dir)) { pidl "r->out.$_->{NAME} = r->in.$_->{NAME};"; + } + } + + foreach (@{$fn->{ELEMENTS}}) { + my @dir = @{$_->{DIRECTION}}; + if (grep(/in/, @dir) and grep(/out/, @dir)) { + # noop } elsif (grep(/out/, @dir) and not has_property($_, "represent_as")) { AllocOutVar($_, "r", "r->out.$_->{NAME}", $env); -- cgit From 07b3a1e988deae2e2d8d619fb2792dd0a719504f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 22:00:43 +0100 Subject: s3-build: re-run make samba3-idl after pidl change. Guenther --- source3/librpc/gen_ndr/srv_lsa.c | 28 ++++++++++++++-------------- source3/librpc/gen_ndr/srv_netlogon.c | 10 +++++----- source3/librpc/gen_ndr/srv_ntsvcs.c | 6 +++--- source3/librpc/gen_ndr/srv_srvsvc.c | 20 ++++++++++---------- source3/librpc/gen_ndr/srv_svcctl.c | 16 ++++++++-------- source3/librpc/gen_ndr/srv_winreg.c | 2 +- source3/librpc/gen_ndr/srv_wkssvc.c | 6 +++--- 7 files changed, 44 insertions(+), 44 deletions(-) diff --git a/source3/librpc/gen_ndr/srv_lsa.c b/source3/librpc/gen_ndr/srv_lsa.c index b0893623a8..c30f276800 100644 --- a/source3/librpc/gen_ndr/srv_lsa.c +++ b/source3/librpc/gen_ndr/srv_lsa.c @@ -1128,14 +1128,14 @@ static bool api_lsa_LookupNames(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames(p, r); if (p->rng_fault_state) { @@ -1210,14 +1210,14 @@ static bool api_lsa_LookupSids(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids(p, r); if (p->rng_fault_state) { @@ -4444,14 +4444,14 @@ static bool api_lsa_LookupSids2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids2(p, r); if (p->rng_fault_state) { @@ -4526,14 +4526,14 @@ static bool api_lsa_LookupNames2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames2(p, r); if (p->rng_fault_state) { @@ -5272,14 +5272,14 @@ static bool api_lsa_LookupNames3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames3(p, r); if (p->rng_fault_state) { @@ -5872,14 +5872,14 @@ static bool api_lsa_LookupSids3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids3(p, r); if (p->rng_fault_state) { @@ -5954,14 +5954,14 @@ static bool api_lsa_LookupNames4(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames4(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c index 9546b2551b..2cb2978af2 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.c +++ b/source3/librpc/gen_ndr/srv_netlogon.c @@ -871,6 +871,7 @@ static bool api_netr_AccountSync(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; + r->out.recordid = r->in.recordid; r->out.buffer = talloc_zero(r, struct netr_AccountBuffer); if (r->out.buffer == NULL) { talloc_free(r); @@ -895,7 +896,6 @@ static bool api_netr_AccountSync(pipes_struct *p) return false; } - r->out.recordid = r->in.recordid; r->out.result = _netr_AccountSync(p, r); if (p->rng_fault_state) { @@ -1290,13 +1290,13 @@ static bool api_netr_ServerAuthenticate2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.negotiate_flags = r->in.negotiate_flags; r->out.return_credentials = talloc_zero(r, struct netr_Credential); if (r->out.return_credentials == NULL) { talloc_free(r); return false; } - r->out.negotiate_flags = r->in.negotiate_flags; r->out.result = _netr_ServerAuthenticate2(p, r); if (p->rng_fault_state) { @@ -2146,13 +2146,13 @@ static bool api_netr_ServerAuthenticate3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.negotiate_flags = r->in.negotiate_flags; r->out.return_credentials = talloc_zero(r, struct netr_Credential); if (r->out.return_credentials == NULL) { talloc_free(r); return false; } - r->out.negotiate_flags = r->in.negotiate_flags; r->out.rid = talloc_zero(r, uint32_t); if (r->out.rid == NULL) { talloc_free(r); @@ -3186,6 +3186,7 @@ static bool api_netr_LogonSamLogonEx(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.flags = r->in.flags; r->out.validation = talloc_zero(r, union netr_Validation); if (r->out.validation == NULL) { talloc_free(r); @@ -3198,7 +3199,6 @@ static bool api_netr_LogonSamLogonEx(pipes_struct *p) return false; } - r->out.flags = r->in.flags; r->out.result = _netr_LogonSamLogonEx(p, r); if (p->rng_fault_state) { @@ -3685,6 +3685,7 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; + r->out.flags = r->in.flags; r->out.validation = talloc_zero(r, union netr_Validation); if (r->out.validation == NULL) { talloc_free(r); @@ -3697,7 +3698,6 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) return false; } - r->out.flags = r->in.flags; r->out.result = _netr_LogonSamLogonWithFlags(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.c b/source3/librpc/gen_ndr/srv_ntsvcs.c index ae28b9932e..288f3ed5d7 100644 --- a/source3/librpc/gen_ndr/srv_ntsvcs.c +++ b/source3/librpc/gen_ndr/srv_ntsvcs.c @@ -782,13 +782,13 @@ static bool api_PNP_GetDeviceList(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.length = r->in.length; r->out.buffer = talloc_zero_array(r, uint16_t, *r->out.length); if (r->out.buffer == NULL) { talloc_free(r); return false; } - r->out.length = r->in.length; r->out.result = _PNP_GetDeviceList(p, r); if (p->rng_fault_state) { @@ -1017,14 +1017,14 @@ static bool api_PNP_GetDeviceRegProp(pipes_struct *p) ZERO_STRUCT(r->out); r->out.reg_data_type = r->in.reg_data_type; + r->out.buffer_size = r->in.buffer_size; + r->out.needed = r->in.needed; r->out.buffer = talloc_zero_array(r, uint8_t, *r->out.buffer_size); if (r->out.buffer == NULL) { talloc_free(r); return false; } - r->out.buffer_size = r->in.buffer_size; - r->out.needed = r->in.needed; r->out.result = _PNP_GetDeviceRegProp(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_srvsvc.c b/source3/librpc/gen_ndr/srv_srvsvc.c index f995930b89..59f51ba774 100644 --- a/source3/librpc/gen_ndr/srv_srvsvc.c +++ b/source3/librpc/gen_ndr/srv_srvsvc.c @@ -46,13 +46,13 @@ static bool api_srvsvc_NetCharDevEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetCharDevEnum(p, r); if (p->rng_fault_state) { @@ -281,13 +281,13 @@ static bool api_srvsvc_NetCharDevQEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetCharDevQEnum(p, r); if (p->rng_fault_state) { @@ -664,13 +664,13 @@ static bool api_srvsvc_NetConnEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetConnEnum(p, r); if (p->rng_fault_state) { @@ -746,13 +746,13 @@ static bool api_srvsvc_NetFileEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetFileEnum(p, r); if (p->rng_fault_state) { @@ -981,13 +981,13 @@ static bool api_srvsvc_NetSessEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetSessEnum(p, r); if (p->rng_fault_state) { @@ -1211,13 +1211,13 @@ static bool api_srvsvc_NetShareEnumAll(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetShareEnumAll(p, r); if (p->rng_fault_state) { @@ -1829,13 +1829,13 @@ static bool api_srvsvc_NetDiskEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetDiskEnum(p, r); if (p->rng_fault_state) { @@ -2064,13 +2064,13 @@ static bool api_srvsvc_NetTransportEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.transports = r->in.transports; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetTransportEnum(p, r); if (p->rng_fault_state) { @@ -2451,13 +2451,13 @@ static bool api_srvsvc_NetPathCanonicalize(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.pathtype = r->in.pathtype; r->out.can_path = talloc_zero_array(r, uint8_t, r->in.maxbuf); if (r->out.can_path == NULL) { talloc_free(r); return false; } - r->out.pathtype = r->in.pathtype; r->out.result = _srvsvc_NetPathCanonicalize(p, r); if (p->rng_fault_state) { @@ -2825,13 +2825,13 @@ static bool api_srvsvc_NetShareEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetShareEnum(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index f37111137e..5b30bf00f7 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -1139,6 +1139,7 @@ static bool api_svcctl_EnumServicesStatusW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.service = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.service == NULL) { talloc_free(r); @@ -1157,7 +1158,6 @@ static bool api_svcctl_EnumServicesStatusW(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _svcctl_EnumServicesStatusW(p, r); if (p->rng_fault_state) { @@ -1637,13 +1637,13 @@ static bool api_svcctl_GetServiceDisplayNameW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.display_name = talloc_zero(r, const char *); if (r->out.display_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceDisplayNameW(p, r); if (p->rng_fault_state) { @@ -1718,13 +1718,13 @@ static bool api_svcctl_GetServiceKeyNameW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.key_name = talloc_zero(r, const char *); if (r->out.key_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceKeyNameW(p, r); if (p->rng_fault_state) { @@ -2124,6 +2124,7 @@ static bool api_svcctl_EnumServicesStatusA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.service = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.service == NULL) { talloc_free(r); @@ -2142,7 +2143,6 @@ static bool api_svcctl_EnumServicesStatusA(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _svcctl_EnumServicesStatusA(p, r); if (p->rng_fault_state) { @@ -2615,13 +2615,13 @@ static bool api_svcctl_GetServiceDisplayNameA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.display_name = talloc_zero(r, const char *); if (r->out.display_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceDisplayNameA(p, r); if (p->rng_fault_state) { @@ -2696,13 +2696,13 @@ static bool api_svcctl_GetServiceKeyNameA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.key_name = talloc_zero(r, const char *); if (r->out.key_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceKeyNameA(p, r); if (p->rng_fault_state) { @@ -3327,6 +3327,7 @@ static bool api_EnumServicesStatusExA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.services = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.services == NULL) { talloc_free(r); @@ -3345,7 +3346,6 @@ static bool api_EnumServicesStatusExA(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.group_name = talloc_zero(r, const char *); if (r->out.group_name == NULL) { talloc_free(r); @@ -3426,6 +3426,7 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.services = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.services == NULL) { talloc_free(r); @@ -3444,7 +3445,6 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _EnumServicesStatusExW(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_winreg.c b/source3/librpc/gen_ndr/srv_winreg.c index 77b0a1c5d2..ac70b41219 100644 --- a/source3/librpc/gen_ndr/srv_winreg.c +++ b/source3/librpc/gen_ndr/srv_winreg.c @@ -520,13 +520,13 @@ static bool api_winreg_CreateKey(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.action_taken = r->in.action_taken; r->out.new_handle = talloc_zero(r, struct policy_handle); if (r->out.new_handle == NULL) { talloc_free(r); return false; } - r->out.action_taken = r->in.action_taken; r->out.result = _winreg_CreateKey(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_wkssvc.c b/source3/librpc/gen_ndr/srv_wkssvc.c index 9c07fa86ea..61a5be081f 100644 --- a/source3/librpc/gen_ndr/srv_wkssvc.c +++ b/source3/librpc/gen_ndr/srv_wkssvc.c @@ -201,13 +201,13 @@ static bool api_wkssvc_NetWkstaEnumUsers(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.entries_read = talloc_zero(r, uint32_t); if (r->out.entries_read == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetWkstaEnumUsers(p, r); if (p->rng_fault_state) { @@ -438,13 +438,13 @@ static bool api_wkssvc_NetWkstaTransportEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.total_entries = talloc_zero(r, uint32_t); if (r->out.total_entries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetWkstaTransportEnum(p, r); if (p->rng_fault_state) { @@ -896,13 +896,13 @@ static bool api_wkssvc_NetrUseEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.entries_read = talloc_zero(r, uint32_t); if (r->out.entries_read == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetrUseEnum(p, r); if (p->rng_fault_state) { -- cgit From 9b40d26e30518c666e4dad9cf55ec319cf19e28e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 23:02:49 +0100 Subject: s3-rpcclient: fix cmd_ntsvcs_get_dev_reg_prop. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 11f16d3462..eb620d06b2 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -149,13 +149,13 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, const char *devicepath = NULL; uint32_t property = DEV_REGPROP_DESC; uint32_t reg_data_type = REG_NONE; - uint8_t buffer; + uint8_t *buffer; uint32_t buffer_size = 0; uint32_t needed = 0; uint32_t flags = 0; if (argc < 2) { - printf("usage: %s [devicepath]\n", argv[0]); + printf("usage: %s [devicepath] [buffersize]\n", argv[0]); return WERR_OK; } @@ -166,11 +166,14 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, needed = buffer_size; } + buffer = talloc_array(mem_ctx, uint8_t, buffer_size); + W_ERROR_HAVE_NO_MEMORY(buffer); + status = rpccli_PNP_GetDeviceRegProp(cli, mem_ctx, devicepath, property, ®_data_type, - &buffer, + buffer, &buffer_size, &needed, flags, -- cgit From 12fdb5eb4628db08a665791fb76d15e9f5894478 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 11:21:45 +0100 Subject: s3-ntsvcs: use pidl for _PNP_GetDeviceRegProp. Guenther --- source3/rpc_server/srv_ntsvcs.c | 18 +--------------- source3/rpc_server/srv_ntsvcs_nt.c | 43 +++++++++++++++++++------------------- 2 files changed, 23 insertions(+), 38 deletions(-) diff --git a/source3/rpc_server/srv_ntsvcs.c b/source3/rpc_server/srv_ntsvcs.c index 5010990b58..840da3eec4 100644 --- a/source3/rpc_server/srv_ntsvcs.c +++ b/source3/rpc_server/srv_ntsvcs.c @@ -97,23 +97,7 @@ static bool api_ntsvcs_validate_device_instance(pipes_struct *p) static bool api_ntsvcs_get_device_reg_property(pipes_struct *p) { - NTSVCS_Q_GET_DEVICE_REG_PROPERTY q_u; - NTSVCS_R_GET_DEVICE_REG_PROPERTY r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!ntsvcs_io_q_get_device_reg_property("", &q_u, data, 0)) - return False; - - r_u.status = _ntsvcs_get_device_reg_property(p, &q_u, &r_u); - - if(!ntsvcs_io_r_get_device_reg_property("", &r_u, rdata, 0)) - return False; - - return True; + return proxy_ntsvcs_call(p, NDR_PNP_GETDEVICEREGPROP); } /******************************************************************* diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c index 268da52896..abeb2ca856 100644 --- a/source3/rpc_server/srv_ntsvcs_nt.c +++ b/source3/rpc_server/srv_ntsvcs_nt.c @@ -93,26 +93,26 @@ WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, } /******************************************************************** +_PNP_GetDeviceRegProp ********************************************************************/ -WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u ) +WERROR _PNP_GetDeviceRegProp(pipes_struct *p, + struct PNP_GetDeviceRegProp *r) { - fstring devicepath; char *ptr; REGVAL_CTR *values; REGISTRY_VALUE *val; - rpcstr_pull(devicepath, q_u->devicepath.buffer, sizeof(devicepath), q_u->devicepath.uni_str_len*2, 0); - - switch( q_u->property ) { + switch( r->in.property ) { case DEV_REGPROP_DESC: + /* just parse the service name from the device path and then lookup the display name */ - if ( !(ptr = strrchr_m( devicepath, '\\' )) ) + if ( !(ptr = strrchr_m( r->in.devicepath, '\\' )) ) return WERR_GENERAL_FAILURE; *ptr = '\0'; - if ( !(ptr = strrchr_m( devicepath, '_' )) ) + if ( !(ptr = strrchr_m( r->in.devicepath, '_' )) ) return WERR_GENERAL_FAILURE; ptr++; @@ -124,16 +124,27 @@ WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG return WERR_GENERAL_FAILURE; } - r_u->unknown1 = 0x1; /* always 1...tested using a remove device manager connection */ - r_u->size = reg_init_regval_buffer( &r_u->value, val ); - r_u->needed = r_u->size; + if (*r->in.buffer_size < val->size) { + *r->out.needed = val->size; + *r->out.buffer_size = 0; + TALLOC_FREE( values ); + return WERR_CM_BUFFER_SMALL; + } + r->out.buffer = (uint8_t *)talloc_memdup(p->mem_ctx, val->data_p, val->size); TALLOC_FREE(values); + if (!r->out.buffer) { + return WERR_NOMEM; + } + + *r->out.reg_data_type = REG_SZ; /* always 1...tested using a remove device manager connection */ + *r->out.buffer_size = val->size; + *r->out.needed = val->size; break; default: - r_u->unknown1 = 0x00437c98; + *r->out.reg_data_type = 0x00437c98; /* ??? */ return WERR_CM_NO_SUCH_VALUE; } @@ -279,16 +290,6 @@ WERROR _PNP_GetDepth(pipes_struct *p, /**************************************************************** ****************************************************************/ -WERROR _PNP_GetDeviceRegProp(pipes_struct *p, - struct PNP_GetDeviceRegProp *r) -{ - p->rng_fault_state = true; - return WERR_NOT_SUPPORTED; -} - -/**************************************************************** -****************************************************************/ - WERROR _PNP_SetDeviceRegProp(pipes_struct *p, struct PNP_SetDeviceRegProp *r) { -- cgit From f9d691d9d808ec2f91f3f469fe2201b0909a8552 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 12:49:20 +0100 Subject: s3-ntsvcs: remove old hand-marshalling for ntsvcs getdevregprop. Guenther --- source3/include/proto.h | 7 ----- source3/include/rpc_ntsvcs.h | 19 ----------- source3/rpc_client/cli_reg.c | 17 ---------- source3/rpc_parse/parse_misc.c | 54 ------------------------------- source3/rpc_parse/parse_ntsvcs.c | 68 ---------------------------------------- source3/rpc_parse/parse_prs.c | 33 ------------------- 6 files changed, 198 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 45f66203e1..dd4b9d15f7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5296,7 +5296,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 reg_type, uint32 access_mask, POLICY_HND *reg_hnd); -uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ); /* The following definitions come from rpc_client/cli_samr.c */ @@ -5910,8 +5909,6 @@ void init_rpc_blob_str(RPC_DATA_BLOB *str, const char *buf, int len); void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf); void init_rpc_blob_bytes(RPC_DATA_BLOB *str, uint8 *buf, size_t len); bool smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth); -void init_regval_buffer(REGVAL_BUFFER *str, const uint8 *buf, size_t len); -bool smb_io_regval_buffer(const char *desc, prs_struct *ps, int depth, REGVAL_BUFFER *buf2); void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf); void copy_unistr2(UNISTR2 *str, const UNISTR2 *from); void init_string2(STRING2 *str, const char *buf, size_t max_len, size_t str_len); @@ -5974,8 +5971,6 @@ bool policy_handle_is_valid(const POLICY_HND *hnd); bool ntsvcs_io_q_get_device_list(const char *desc, NTSVCS_Q_GET_DEVICE_LIST *q_u, prs_struct *ps, int depth); bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u, prs_struct *ps, int depth); -bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth); -bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u, prs_struct *ps, int depth); /* The following definitions come from rpc_parse/parse_prs.c */ @@ -6031,7 +6026,6 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin bool prs_uint16uni(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len); bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len); bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str); -bool prs_regval_buffer(bool charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf); bool prs_string2(bool charmode, const char *name, prs_struct *ps, int depth, STRING2 *str); bool prs_unistr2(bool charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str); bool prs_unistr3(bool charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth); @@ -6824,7 +6818,6 @@ WERROR _PNP_GetVersion(pipes_struct *p, WERROR _PNP_GetDeviceListSize(pipes_struct *p, struct PNP_GetDeviceListSize *r); WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, NTSVCS_R_GET_DEVICE_LIST *r_u ); -WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u ); WERROR _PNP_ValidateDeviceInstance(pipes_struct *p, struct PNP_ValidateDeviceInstance *r); WERROR _PNP_GetHwProfInfo(pipes_struct *p, diff --git a/source3/include/rpc_ntsvcs.h b/source3/include/rpc_ntsvcs.h index 0056d16eb9..dc74298cb9 100644 --- a/source3/include/rpc_ntsvcs.h +++ b/source3/include/rpc_ntsvcs.h @@ -47,23 +47,4 @@ typedef struct { WERROR status; } NTSVCS_R_GET_DEVICE_LIST; -/**************************/ - -typedef struct { - UNISTR2 devicepath; - uint32 property; - uint32 unknown2; - uint32 buffer_size1; - uint32 buffer_size2; - uint32 unknown5; -} NTSVCS_Q_GET_DEVICE_REG_PROPERTY; - -typedef struct { - uint32 unknown1; - REGVAL_BUFFER value; - uint32 size; - uint32 needed; - WERROR status; -} NTSVCS_R_GET_DEVICE_REG_PROPERTY; - #endif /* _RPC_NTSVCS_H */ diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index ba98e25d63..2ed7119f4b 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -60,20 +60,3 @@ NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - -/******************************************************************* - Fill in a REGVAL_BUFFER for the data given a REGISTRY_VALUE - *******************************************************************/ - -uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ) -{ - uint32 real_size = 0; - - if ( !buf2 || !val ) - return 0; - - real_size = regval_size(val); - init_regval_buffer( buf2, (unsigned char*)regval_data_p(val), real_size ); - - return real_size; -} diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index cf989c8b5e..169e5cb560 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -557,60 +557,6 @@ bool smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth) return True; } -/******************************************************************* - Inits a REGVAL_BUFFER structure. -********************************************************************/ - -void init_regval_buffer(REGVAL_BUFFER *str, const uint8 *buf, size_t len) -{ - ZERO_STRUCTP(str); - - /* max buffer size (allocated size) */ - str->buf_max_len = len; - str->offset = 0; - str->buf_len = buf != NULL ? len : 0; - - if (buf != NULL) { - SMB_ASSERT(str->buf_max_len >= str->buf_len); - str->buffer = (uint16 *)TALLOC_ZERO(talloc_tos(), - str->buf_max_len); - if (str->buffer == NULL) - smb_panic("init_regval_buffer: talloc fail"); - memcpy(str->buffer, buf, str->buf_len); - } -} - -/******************************************************************* - Reads or writes a REGVAL_BUFFER structure. - the uni_max_len member tells you how large the buffer is. - the uni_str_len member tells you how much of the buffer is really used. -********************************************************************/ - -bool smb_io_regval_buffer(const char *desc, prs_struct *ps, int depth, REGVAL_BUFFER *buf2) -{ - - prs_debug(ps, depth, desc, "smb_io_regval_buffer"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("buf_max_len", ps, depth, &buf2->buf_max_len)) - return False; - if(!prs_uint32("offset ", ps, depth, &buf2->offset)) - return False; - if(!prs_uint32("buf_len ", ps, depth, &buf2->buf_len)) - return False; - - /* buffer advanced by indicated length of string - NOT by searching for null-termination */ - - if(!prs_regval_buffer(True, "buffer ", ps, depth, buf2)) - return False; - - return True; -} - /******************************************************************* creates a UNISTR2 structure: sets up the buffer, too ********************************************************************/ diff --git a/source3/rpc_parse/parse_ntsvcs.c b/source3/rpc_parse/parse_ntsvcs.c index 2b15a45506..17b51fa751 100644 --- a/source3/rpc_parse/parse_ntsvcs.c +++ b/source3/rpc_parse/parse_ntsvcs.c @@ -77,71 +77,3 @@ bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u return True; } - -/******************************************************************* -********************************************************************/ - -bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth) -{ - if (q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "ntsvcs_io_q_get_device_reg_property"); - depth++; - - if(!prs_align(ps)) - return False; - - if ( !prs_io_unistr2("devicepath", ps, depth, &q_u->devicepath) ) - return False; - if( !prs_align(ps) ) - return False; - - if ( !prs_uint32("property", ps, depth, &q_u->property) ) - return False; - if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) ) - return False; - if ( !prs_uint32("buffer_size1", ps, depth, &q_u->buffer_size1) ) - return False; - if ( !prs_uint32("buffer_size2", ps, depth, &q_u->buffer_size2) ) - return False; - if ( !prs_uint32("unknown5", ps, depth, &q_u->unknown5) ) - return False; - - return True; - -} - -/******************************************************************* -********************************************************************/ - -bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u, prs_struct *ps, int depth) -{ - if ( !r_u ) - return False; - - prs_debug(ps, depth, desc, "ntsvcs_io_r_get_device_reg_property"); - depth++; - - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32("unknown1", ps, depth, &r_u->unknown1) ) - return False; - - if ( !smb_io_regval_buffer("value", ps, depth, &r_u->value) ) - return False; - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32("size", ps, depth, &r_u->size) ) - return False; - - if ( !prs_uint32("needed", ps, depth, &r_u->needed) ) - return False; - - if(!prs_werror("status", ps, depth, &r_u->status)) - return False; - - return True; -} diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index a0d3ed7397..acc0cc88ef 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1055,39 +1055,6 @@ bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUF return True; } -/****************************************************************** - Stream a "not" unicode string, length/buffer specified separately, - in byte chars. String is in little-endian format. - ********************************************************************/ - -bool prs_regval_buffer(bool charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf) -{ - char *p; - char *q = prs_mem_get(ps, buf->buf_len); - if (q == NULL) - return False; - - if (UNMARSHALLING(ps)) { - if (buf->buf_len > buf->buf_max_len) { - return False; - } - if ( buf->buf_max_len ) { - buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len); - if ( buf->buffer == NULL ) - return False; - } else { - buf->buffer = NULL; - } - } - - p = (char *)buf->buffer; - - dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2); - ps->data_offset += buf->buf_len; - - return True; -} - /****************************************************************** Stream a string, length/buffer specified separately, in uint8 chars. -- cgit From 31a8c4df1305b63729e49a61e27bc9e1825af0d0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 14:51:55 -0800 Subject: Fix build farm breakage. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index e0d0ef1414..c28ba839be 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -714,7 +714,7 @@ static vfs_op_tuple skel_op_tuples[] = /* POSIX ACL operations. */ {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(sys__acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, /* POSIX ACL operations. */ {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, -- cgit From 54e832c171e7763483a5ad872b23c89496477767 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 00:01:41 +0100 Subject: s4-smbtorture: fix segfault in RPC-EVENTLOG test. Guenther --- source4/torture/rpc/eventlog.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/torture/rpc/eventlog.c b/source4/torture/rpc/eventlog.c index d5665ad07d..31d91c056b 100644 --- a/source4/torture/rpc/eventlog.c +++ b/source4/torture/rpc/eventlog.c @@ -46,8 +46,8 @@ static bool get_policy_handle(struct torture_context *tctx, unknown0.unknown1 = 0x0001; r.in.unknown0 = &unknown0; - init_lsa_String(r.in.logname, "dns server"); - init_lsa_String(r.in.servername, NULL); + init_lsa_String(&logname, "dns server"); + init_lsa_String(&servername, NULL); r.in.logname = &logname; r.in.servername = &servername; r.in.unknown2 = 0x00000001; -- cgit From da683d6a73a37d18aa8fca52ef2b4837c7ff1345 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 16:49:03 -0800 Subject: This code mixes up int and uint32 when pulling out of a TDB. This is very bad. Fixing... May fix bug #5891, not sure. Jeremy. --- source3/rpc_server/srv_eventlog_lib.c | 42 ++++++++++++++++++----------------- source3/rpc_server/srv_eventlog_nt.c | 8 +++---- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c index 9215a86d3f..c4a7828b6c 100644 --- a/source3/rpc_server/srv_eventlog_lib.c +++ b/source3/rpc_server/srv_eventlog_lib.c @@ -140,13 +140,13 @@ int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention ) return True if we made enough room to accommodate needed bytes ********************************************************************/ -static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, +static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32_t needed, bool whack_by_date ) { - int start_record, i, new_start; - int end_record; - int nbytes, reclen, len, Retention, MaxSize; - int tresv1, trecnum, timegen, timewr; + int32_t start_record, i, new_start; + int32_t end_record; + int32_t reclen, tresv1, trecnum, timegen, timewr; + int nbytes, len, Retention, MaxSize; TDB_DATA key, ret; time_t current_time, exp_time; @@ -173,16 +173,17 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, nbytes = 0; DEBUG( 3, - ( "MaxSize [%d] Retention [%d] Current Time [%d] exp_time [%d]\n", - MaxSize, Retention, (uint32)current_time, (uint32)exp_time ) ); + ( "MaxSize [%d] Retention [%d] Current Time [%u] exp_time [%u]\n", + MaxSize, Retention, (unsigned int)current_time, (unsigned int)exp_time ) ); DEBUG( 3, - ( "Start Record [%d] End Record [%d]\n", start_record, - end_record ) ); + ( "Start Record [%u] End Record [%u]\n", + (unsigned int)start_record, + (unsigned int)end_record )); for ( i = start_record; i < end_record; i++ ) { /* read a record, add the amt to nbytes */ - key.dsize = sizeof( int32 ); - key.dptr = ( uint8 * ) ( int32 * ) & i; + key.dsize = sizeof(int32_t); + key.dptr = (unsigned char *)&i; ret = tdb_fetch( the_tdb, key ); if ( ret.dsize == 0 ) { DEBUG( 8, @@ -198,12 +199,13 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, if (len == -1) { DEBUG( 10,("make_way_for_eventlogs: tdb_unpack failed.\n")); tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD ); + SAFE_FREE( ret.dptr ); return False; } DEBUG( 8, - ( "read record %d, record size is [%d], total so far [%d]\n", - i, reclen, nbytes ) ); + ( "read record %u, record size is [%d], total so far [%d]\n", + (unsigned int)i, reclen, nbytes ) ); SAFE_FREE( ret.dptr ); @@ -220,14 +222,14 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, } DEBUG( 3, - ( "nbytes [%d] needed [%d] start_record is [%d], should be set to [%d]\n", - nbytes, needed, start_record, i ) ); + ( "nbytes [%d] needed [%d] start_record is [%u], should be set to [%u]\n", + nbytes, needed, (unsigned int)start_record, (unsigned int)i ) ); /* todo - remove eventlog entries here and set starting record to start_record... */ new_start = i; if ( start_record != new_start ) { for ( i = start_record; i < new_start; i++ ) { - key.dsize = sizeof( int32 ); - key.dptr = ( uint8 * ) ( int32 * ) & i; + key.dsize = sizeof(int32_t); + key.dptr = (unsigned char *)&i; tdb_delete( the_tdb, key ); } @@ -267,7 +269,7 @@ bool prune_eventlog( TDB_CONTEXT * tdb ) /******************************************************************** ********************************************************************/ -bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32 needed ) +bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32_t needed ) { int calcd_size; int MaxSize, Retention; @@ -313,7 +315,7 @@ bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32 needed ) ELOG_TDB *elog_open_tdb( char *logname, bool force_clear ) { TDB_CONTEXT *tdb = NULL; - uint32 vers_id; + uint32_t vers_id; ELOG_TDB *ptr; char *tdbpath = NULL; ELOG_TDB *tdb_node = NULL; @@ -454,7 +456,7 @@ int write_eventlog_tdb( TDB_CONTEXT * the_tdb, Eventlog_entry * ee ) uint8 *packed_ee; TALLOC_CTX *mem_ctx = NULL; TDB_DATA kbuf, ebuf; - uint32 n_packed; + uint32_t n_packed; if ( !ee ) return 0; diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index eec5b1d736..de2bafc969 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -290,8 +290,8 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, Eventlog_entry *ee = NULL; TDB_DATA ret, key; - int srecno; - int reclen; + int32_t srecno; + int32_t reclen; int len; char *wpsource = NULL; @@ -300,10 +300,10 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, char *wpstrs = NULL; char *puserdata = NULL; - key.dsize = sizeof(int32); + key.dsize = sizeof(int32_t); srecno = recno; - key.dptr = ( uint8 * ) &srecno; + key.dptr = (unsigned char *)&srecno; ret = tdb_fetch( tdb, key ); -- cgit From 172628dca2b8553b8b7273a645393d5c96daa67e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Nov 2008 16:31:44 +0100 Subject: eventlog: don't crash in sync_eventlog_params(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When freeing the talloc ctx at the end of the routine, it must be a talloc ctx created inside. talloc_tos() needs to be valid after the function finishes, since callers (may) have data attached to it. Michael Signed-off-by: Günther Deschner --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index de2bafc969..71257dfdb5 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -426,7 +426,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) struct registry_value *value; WERROR wresult; char *elogname = info->logname; - TALLOC_CTX *ctx = talloc_tos(); + TALLOC_CTX *ctx = talloc_stackframe(); bool ret = false; DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); -- cgit From afd57a16d87bbe5d7fd447742c693d6f185206a9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 23:44:07 +0100 Subject: s3-eventlog: move non rpc eventlog headers to own include file. Guenther --- source3/include/eventlog.h | 41 +++++++++++++++++++++++++++++++++++++++++ source3/include/includes.h | 1 + source3/include/rpc_eventlog.h | 23 ----------------------- 3 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 source3/include/eventlog.h diff --git a/source3/include/eventlog.h b/source3/include/eventlog.h new file mode 100644 index 0000000000..16affe3313 --- /dev/null +++ b/source3/include/eventlog.h @@ -0,0 +1,41 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Marcin Krzysztof Porwit 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* Defines for TDB keys */ +#define EVT_OLDEST_ENTRY "INFO/oldest_entry" +#define EVT_NEXT_RECORD "INFO/next_record" +#define EVT_VERSION "INFO/version" +#define EVT_MAXSIZE "INFO/maxsize" +#define EVT_RETENTION "INFO/retention" + +#define ELOG_APPL "Application" +#define ELOG_SYS "System" +#define ELOG_SEC "Security" + +typedef struct elog_tdb { + struct elog_tdb *prev, *next; + char *name; + TDB_CONTEXT *tdb; + int ref_count; +} ELOG_TDB; + +#define ELOG_TDB_CTX(x) ((x)->tdb) + + +#define EVENTLOG_DATABASE_VERSION_V1 1 diff --git a/source3/include/includes.h b/source3/include/includes.h index 4399c734d0..38d6ec06b9 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -654,6 +654,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); #include "async_smb.h" #include "async_sock.h" #include "services.h" +#include "eventlog.h" #include "lib/smbconf/smbconf.h" diff --git a/source3/include/rpc_eventlog.h b/source3/include/rpc_eventlog.h index 3f5d03ed63..f17e448d9e 100644 --- a/source3/include/rpc_eventlog.h +++ b/source3/include/rpc_eventlog.h @@ -35,29 +35,6 @@ /* Event types */ /* defined in librpc/gen_ndr/eventlog.h */ -/* Defines for TDB keys */ -#define EVT_OLDEST_ENTRY "INFO/oldest_entry" -#define EVT_NEXT_RECORD "INFO/next_record" -#define EVT_VERSION "INFO/version" -#define EVT_MAXSIZE "INFO/maxsize" -#define EVT_RETENTION "INFO/retention" - -#define ELOG_APPL "Application" -#define ELOG_SYS "System" -#define ELOG_SEC "Security" - -typedef struct elog_tdb { - struct elog_tdb *prev, *next; - char *name; - TDB_CONTEXT *tdb; - int ref_count; -} ELOG_TDB; - -#define ELOG_TDB_CTX(x) ((x)->tdb) - - -#define EVENTLOG_DATABASE_VERSION_V1 1 - /***********************************/ typedef struct -- cgit From 70f55ddb7012f8cc44520088949bdfa4484c3a8b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 10:55:03 +0100 Subject: s3-eventlog: avoid passing down full prs_struct in eventlog server. Guenther --- source3/rpc_server/srv_eventlog_nt.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 71257dfdb5..c679b54fcc 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -283,7 +283,7 @@ static int elog_size( EVENTLOG_INFO *info ) Eventlog_entry. returns NULL if it can't get the record for some reason. ********************************************************************/ -static Eventlog_entry *get_eventlog_record(prs_struct *ps, +static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx, TDB_CONTEXT *tdb, int recno) { @@ -321,7 +321,7 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, if ( !len ) return NULL; - ee = TALLOC_ARRAY(ps->mem_ctx, Eventlog_entry, 1); + ee = TALLOC_ARRAY(mem_ctx, Eventlog_entry, 1); if (!ee) { return NULL; } @@ -491,13 +491,13 @@ done: /******************************************************************** ********************************************************************/ -static Eventlog_entry *read_package_entry( prs_struct * ps, +static Eventlog_entry *read_package_entry( TALLOC_CTX *mem_ctx, Eventlog_entry * entry ) { uint8 *offset; Eventlog_entry *ee_new = NULL; - ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 ); + ee_new = TALLOC_ZERO_ARRAY(mem_ctx, Eventlog_entry, 1 ); if ( ee_new == NULL ) { return NULL; } @@ -536,10 +536,10 @@ static Eventlog_entry *read_package_entry( prs_struct * ps, DEBUG( 10, ( "entry->record.length is [%d].\n", entry->record.length ) ); entry->data = - PRS_ALLOC_MEM( ps, uint8, - entry->record.length - - sizeof( Eventlog_record ) - - sizeof( entry->record.length ) ); + TALLOC_ZERO_ARRAY(mem_ctx, uint8_t, + entry->record.length - + sizeof( Eventlog_record ) - + sizeof( entry->record.length )); if ( entry->data == NULL ) { return NULL; } @@ -761,7 +761,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* assume that when the record fetch fails, that we are done */ - entry = get_eventlog_record (ps, ELOG_TDB_CTX(info->etdb), record_number); + entry = get_eventlog_record (ps->mem_ctx, ELOG_TDB_CTX(info->etdb), record_number); if (!entry) { break; } @@ -770,7 +770,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* Now see if there is enough room to add */ - if ( !(ee_new = read_package_entry( ps, entry )) ) + if ( !(ee_new = read_package_entry( ps->mem_ctx, entry )) ) return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { -- cgit From 2736650f0ca55d9d9f47e689a8848902c11ccec2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 13:29:44 +0100 Subject: eventlog: fill in some unknowns and use flags bitmap in IDL. Guenther --- librpc/idl/eventlog.idl | 8 ++++---- source4/torture/rpc/eventlog.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/librpc/idl/eventlog.idl b/librpc/idl/eventlog.idl index ce25dd65ff..bab4cb90c7 100644 --- a/librpc/idl/eventlog.idl +++ b/librpc/idl/eventlog.idl @@ -11,7 +11,7 @@ import "lsa.idl", "security.idl"; helpstring("Event Logger") ] interface eventlog { - typedef bitmap { + typedef [bitmap32bit] bitmap { EVENTLOG_SEQUENTIAL_READ = 0x0001, EVENTLOG_SEEK_READ = 0x0002, EVENTLOG_FORWARDS_READ = 0x0004, @@ -100,8 +100,8 @@ import "lsa.idl", "security.idl"; [in,unique] eventlog_OpenUnknown0 *unknown0, [in,ref] lsa_String *logname, [in,ref] lsa_String *servername, - [in] uint32 unknown2, - [in] uint32 unknown3, + [in] uint32 major_version, + [in] uint32 minor_version, [out] policy_handle *handle ); @@ -117,7 +117,7 @@ import "lsa.idl", "security.idl"; /* Function: 0x0a */ NTSTATUS eventlog_ReadEventLogW( [in] policy_handle *handle, - [in] uint32 flags, + [in] eventlogReadFlags flags, [in] uint32 offset, [in] [range(0,0x7FFFF)] uint32 number_of_bytes, [out,ref,size_is(number_of_bytes)] uint8 *data, diff --git a/source4/torture/rpc/eventlog.c b/source4/torture/rpc/eventlog.c index 31d91c056b..e89cdd3ea9 100644 --- a/source4/torture/rpc/eventlog.c +++ b/source4/torture/rpc/eventlog.c @@ -50,8 +50,8 @@ static bool get_policy_handle(struct torture_context *tctx, init_lsa_String(&servername, NULL); r.in.logname = &logname; r.in.servername = &servername; - r.in.unknown2 = 0x00000001; - r.in.unknown3 = 0x00000001; + r.in.major_version = 0x00000001; + r.in.minor_version = 0x00000001; r.out.handle = handle; torture_assert_ntstatus_ok(tctx, -- cgit From 6ed83d3d4533ff7a290f1e674e5e82895319d18d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 13:30:34 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_eventlog.c | 8 +++---- source3/librpc/gen_ndr/cli_eventlog.h | 4 ++-- source3/librpc/gen_ndr/eventlog.h | 4 ++-- source3/librpc/gen_ndr/ndr_eventlog.c | 43 +++++++++++++++++++++++++++-------- source3/librpc/gen_ndr/ndr_eventlog.h | 1 + 5 files changed, 43 insertions(+), 17 deletions(-) diff --git a/source3/librpc/gen_ndr/cli_eventlog.c b/source3/librpc/gen_ndr/cli_eventlog.c index 08456fc994..02d8fb2e65 100644 --- a/source3/librpc/gen_ndr/cli_eventlog.c +++ b/source3/librpc/gen_ndr/cli_eventlog.c @@ -278,8 +278,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, struct eventlog_OpenUnknown0 *unknown0 /* [in] [unique] */, struct lsa_String *logname /* [in] [ref] */, struct lsa_String *servername /* [in] [ref] */, - uint32_t unknown2 /* [in] */, - uint32_t unknown3 /* [in] */, + uint32_t major_version /* [in] */, + uint32_t minor_version /* [in] */, struct policy_handle *handle /* [out] [ref] */) { struct eventlog_OpenEventLogW r; @@ -289,8 +289,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, r.in.unknown0 = unknown0; r.in.logname = logname; r.in.servername = servername; - r.in.unknown2 = unknown2; - r.in.unknown3 = unknown3; + r.in.major_version = major_version; + r.in.minor_version = minor_version; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(eventlog_OpenEventLogW, &r); diff --git a/source3/librpc/gen_ndr/cli_eventlog.h b/source3/librpc/gen_ndr/cli_eventlog.h index 6945683340..0594a06f59 100644 --- a/source3/librpc/gen_ndr/cli_eventlog.h +++ b/source3/librpc/gen_ndr/cli_eventlog.h @@ -27,8 +27,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, struct eventlog_OpenUnknown0 *unknown0 /* [in] [unique] */, struct lsa_String *logname /* [in] [ref] */, struct lsa_String *servername /* [in] [ref] */, - uint32_t unknown2 /* [in] */, - uint32_t unknown3 /* [in] */, + uint32_t major_version /* [in] */, + uint32_t minor_version /* [in] */, struct policy_handle *handle /* [out] [ref] */); NTSTATUS rpccli_eventlog_RegisterEventSourceW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx); diff --git a/source3/librpc/gen_ndr/eventlog.h b/source3/librpc/gen_ndr/eventlog.h index 0fd929dd99..76b9e863bb 100644 --- a/source3/librpc/gen_ndr/eventlog.h +++ b/source3/librpc/gen_ndr/eventlog.h @@ -131,8 +131,8 @@ struct eventlog_OpenEventLogW { struct eventlog_OpenUnknown0 *unknown0;/* [unique] */ struct lsa_String *logname;/* [ref] */ struct lsa_String *servername;/* [ref] */ - uint32_t unknown2; - uint32_t unknown3; + uint32_t major_version; + uint32_t minor_version; } in; struct { diff --git a/source3/librpc/gen_ndr/ndr_eventlog.c b/source3/librpc/gen_ndr/ndr_eventlog.c index f0c7ee4d61..12fa9fcec4 100644 --- a/source3/librpc/gen_ndr/ndr_eventlog.c +++ b/source3/librpc/gen_ndr/ndr_eventlog.c @@ -5,6 +5,31 @@ #include "librpc/gen_ndr/ndr_lsa.h" #include "librpc/gen_ndr/ndr_security.h" +static enum ndr_err_code ndr_push_eventlogReadFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_eventlogReadFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_eventlogReadFlags(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_SEQUENTIAL_READ", EVENTLOG_SEQUENTIAL_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_SEEK_READ", EVENTLOG_SEEK_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_FORWARDS_READ", EVENTLOG_FORWARDS_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_BACKWARDS_READ", EVENTLOG_BACKWARDS_READ, r); + ndr->depth--; +} + static enum ndr_err_code ndr_push_eventlog_OpenUnknown0(struct ndr_push *ndr, int ndr_flags, const struct eventlog_OpenUnknown0 *r) { if (ndr_flags & NDR_SCALARS) { @@ -635,8 +660,8 @@ static enum ndr_err_code ndr_push_eventlog_OpenEventLogW(struct ndr_push *ndr, i return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown3)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.major_version)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.minor_version)); } if (flags & NDR_OUT) { if (r->out.handle == NULL) { @@ -684,8 +709,8 @@ static enum ndr_err_code ndr_pull_eventlog_OpenEventLogW(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.major_version)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.minor_version)); NDR_PULL_ALLOC(ndr, r->out.handle); ZERO_STRUCTP(r->out.handle); } @@ -726,8 +751,8 @@ _PUBLIC_ void ndr_print_eventlog_OpenEventLogW(struct ndr_print *ndr, const char ndr->depth++; ndr_print_lsa_String(ndr, "servername", r->in.servername); ndr->depth--; - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); - ndr_print_uint32(ndr, "unknown3", r->in.unknown3); + ndr_print_uint32(ndr, "major_version", r->in.major_version); + ndr_print_uint32(ndr, "minor_version", r->in.minor_version); ndr->depth--; } if (flags & NDR_OUT) { @@ -832,7 +857,7 @@ static enum ndr_err_code ndr_push_eventlog_ReadEventLogW(struct ndr_push *ndr, i return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); + NDR_CHECK(ndr_push_eventlogReadFlags(ndr, NDR_SCALARS, r->in.flags)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offset)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.number_of_bytes)); } @@ -870,7 +895,7 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); + NDR_CHECK(ndr_pull_eventlogReadFlags(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.number_of_bytes)); if (r->in.number_of_bytes < 0 || r->in.number_of_bytes > 0x7FFFF) { @@ -925,7 +950,7 @@ _PUBLIC_ void ndr_print_eventlog_ReadEventLogW(struct ndr_print *ndr, const char ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "flags", r->in.flags); + ndr_print_eventlogReadFlags(ndr, "flags", r->in.flags); ndr_print_uint32(ndr, "offset", r->in.offset); ndr_print_uint32(ndr, "number_of_bytes", r->in.number_of_bytes); ndr->depth--; diff --git a/source3/librpc/gen_ndr/ndr_eventlog.h b/source3/librpc/gen_ndr/ndr_eventlog.h index 6c6e679eca..6002f35a7d 100644 --- a/source3/librpc/gen_ndr/ndr_eventlog.h +++ b/source3/librpc/gen_ndr/ndr_eventlog.h @@ -60,6 +60,7 @@ extern const struct ndr_interface_table ndr_table_eventlog; #define NDR_EVENTLOG_FLUSHEVENTLOG (0x17) #define NDR_EVENTLOG_CALL_COUNT (24) +void ndr_print_eventlogReadFlags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_eventlog_OpenUnknown0(struct ndr_print *ndr, const char *name, const struct eventlog_OpenUnknown0 *r); enum ndr_err_code ndr_push_eventlog_Record(struct ndr_push *ndr, int ndr_flags, const struct eventlog_Record *r); enum ndr_err_code ndr_pull_eventlog_Record(struct ndr_pull *ndr, int ndr_flags, struct eventlog_Record *r); -- cgit From f0e75484a7a4fc5646f7fed6cfb736a009526f59 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 13:33:24 +0100 Subject: s3-eventlog: remove trailing whitespace. Guenther --- source3/rpc_server/srv_eventlog_nt.c | 88 ++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 44 deletions(-) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index c679b54fcc..612db1c469 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -1,20 +1,20 @@ -/* +/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Marcin Krzysztof Porwit 2005, * Copyright (C) Brian Moran 2005, * Copyright (C) Gerald (Jerry) Carter 2005. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ @@ -40,10 +40,10 @@ typedef struct { static void free_eventlog_info( void *ptr ) { EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr; - + if ( elog->etdb ) elog_close_tdb( elog->etdb, False ); - + TALLOC_FREE( elog ); } @@ -72,21 +72,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; NTSTATUS status; - - if ( !tdbname ) + + if ( !tdbname ) return False; - + /* get the security descriptor for the file */ - + sec_desc = get_nt_acl_no_snum( info, tdbname ); TALLOC_FREE( tdbname ); - + if ( !sec_desc ) { - DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", + DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", tdbname)); return False; } - + /* root free pass */ if ( geteuid() == sec_initial_uid() ) { @@ -95,21 +95,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) } /* run the check, try for the max allowed */ - + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, &info->access_granted); - + if ( sec_desc ) TALLOC_FREE( sec_desc ); - + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", nt_errstr(status))); return False; } - + /* we have to have READ permission for a successful open */ - + return ( info->access_granted & SA_RIGHT_FILE_READ_DATA ); } @@ -120,7 +120,7 @@ static bool elog_validate_logname( const char *name ) { int i; const char **elogs = lp_eventlog_list(); - + if (!elogs) { return False; } @@ -129,7 +129,7 @@ static bool elog_validate_logname( const char *name ) if ( strequal( name, elogs[i] ) ) return True; } - + return False; } @@ -178,19 +178,19 @@ static bool get_oldest_entry_hook( EVENTLOG_INFO * info ) static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) { EVENTLOG_INFO *elog; - + /* first thing is to validate the eventlog name */ if ( !elog_validate_logname( logname ) ) return NT_STATUS_OBJECT_PATH_INVALID; - + if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) ) return NT_STATUS_NO_MEMORY; - + elog->logname = talloc_strdup( elog, logname ); - + /* Open the tdb first (so that we can create any new tdbs if necessary). - We have to do this as root and then use an internal access check + We have to do this as root and then use an internal access check on the file permissions since you can only have a tdb open once in a single process */ @@ -201,30 +201,30 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !elog->etdb ) { /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !strequal( logname, ELOG_APPL ) ) { - + TALLOC_FREE( elog->logname ); - - elog->logname = talloc_strdup( elog, ELOG_APPL ); + + elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + become_root(); elog->etdb = elog_open_tdb( elog->logname, False ); unbecome_root(); - } - + } + if ( !elog->etdb ) { TALLOC_FREE( elog ); - return NT_STATUS_ACCESS_DENIED; /* ??? */ + return NT_STATUS_ACCESS_DENIED; /* ??? */ } } - + /* now do the access check. Close the tdb if we fail here */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { @@ -232,9 +232,9 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + /* create the policy handle */ - + if ( !create_policy_hnd ( p, hnd, free_eventlog_info, ( void * ) elog ) ) { free_eventlog_info( elog ); @@ -246,7 +246,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !get_oldest_entry_hook( elog ) ) { DEBUG(3,("elog_open: Successfully opened eventlog but can't " "get any information on internal records!\n")); - } + } elog->current_record = elog->oldest_entry; @@ -413,7 +413,7 @@ static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx, } /******************************************************************** - note that this can only be called AFTER the table is constructed, + note that this can only be called AFTER the table is constructed, since it uses the table to find the tdb handle ********************************************************************/ @@ -440,9 +440,9 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) uiMaxSize = 0x80000; uiRetention = 604800; - /* the general idea is to internally open the registry - key and retrieve the values. That way we can continue - to use the same fetch/store api that we use in + /* the general idea is to internally open the registry + key and retrieve the values. That way we can continue + to use the same fetch/store api that we use in srv_reg_nt.c */ path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); @@ -625,13 +625,13 @@ NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, if (r->in.logname->string) { logname = r->in.logname->string; } - + DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n", servername, logname )); - + /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) ) return result; -- cgit From 53903d9eb1e50a98ff5fae305a1f74fc9ae73143 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Nov 2008 10:45:18 -0800 Subject: Fix the build, by some cut-and-paste error I got two versions of the same functions here. Jeremy. --- source3/modules/vfs_acl_xattr.c | 50 ----------------------------------------- 1 file changed, 50 deletions(-) diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index c28ba839be..2edb441741 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -611,52 +611,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Remove a Windows ACL - we're setting the underlying POSIX ACL. *********************************************************************/ -static int sys_acl_set_file_xattr(vfs_handle_struct *handle, - const char *name, - SMB_ACL_TYPE_T type, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, - name, - type, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_REMOVEXATTR(handle, name, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - -static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, - files_struct *fsp, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, - fsp, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_FREMOVEXATTR(handle, fsp, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - static int sys_acl_set_file_xattr(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T type, @@ -716,10 +670,6 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, - /* POSIX ACL operations. */ - {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From 98bf3ee2f614cf89ab4920c69d2872b6d786c4b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Nov 2008 10:56:14 -0800 Subject: Second part of fix for bug #5891 - smbd crashed when viewing the eventlog exported by "eventlog list". Don't leak memory on error paths. Jeremy. --- source3/rpc_server/srv_eventlog_nt.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 612db1c469..4ff10390f7 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -433,7 +433,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) if ( !info->etdb ) { DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) ); - return False; + goto done; } /* set resonable defaults. 512Kb on size and 1 week on time */ @@ -447,7 +447,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); if (!path) { - return false; + goto done; } wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(), @@ -457,14 +457,13 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) DEBUG( 4, ( "sync_eventlog_params: Failed to open key [%s] (%s)\n", path, win_errstr( wresult ) ) ); - return false; + goto done; } wresult = reg_queryvalue(key, key, "Retention", &value); if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"Retention\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiRetention = value->v.dword; @@ -473,7 +472,6 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"MaxSize\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiMaxSize = value->v.dword; -- cgit From 293372ff8d32a48d764171ecca3a8c55dfe0e818 Mon Sep 17 00:00:00 2001 From: Yasuma Takeda Date: Thu, 20 Nov 2008 11:38:37 -0800 Subject: Fix bug #5909 - MS-DFS does not work on Vista, if link name includes multibyte character. --- source3/smbd/msdfs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 32240ff0d5..1504b19169 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -923,7 +923,6 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, static int setup_ver2_dfs_referral(const char *pathname, char **ppdata, struct junction_map *junction, - int consumedcnt, bool self_referral) { char* pdata = *ppdata; @@ -988,7 +987,8 @@ static int setup_ver2_dfs_referral(const char *pathname, memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen); /* create the header */ - SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ + SSVAL(pdata,0,requestedpathlen - 2); /* UCS2 of path consumed minus + 2 byte null */ /* number of referral in this pkt */ SSVAL(pdata,2,junction->referral_count); if(self_referral) { @@ -1037,7 +1037,6 @@ static int setup_ver2_dfs_referral(const char *pathname, static int setup_ver3_dfs_referral(const char *pathname, char **ppdata, struct junction_map *junction, - int consumedcnt, bool self_referral) { char *pdata = *ppdata; @@ -1084,7 +1083,8 @@ static int setup_ver3_dfs_referral(const char *pathname, *ppdata = pdata; /* create the header */ - SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ + SSVAL(pdata,0,reqpathlen - 2); /* UCS2 of path consumed minus + 2 byte null */ SSVAL(pdata,2,junction->referral_count); /* number of referral */ if(self_referral) { SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); @@ -1224,11 +1224,11 @@ int setup_dfs_referral(connection_struct *orig_conn, case 2: reply_size = setup_ver2_dfs_referral(pathnamep, ppdata, junction, - consumedcnt, self_referral); + self_referral); break; case 3: reply_size = setup_ver3_dfs_referral(pathnamep, ppdata, - junction, consumedcnt, self_referral); + junction, self_referral); break; default: DEBUG(0,("setup_dfs_referral: Invalid dfs referral " -- cgit From 2b85288e82d33cc62b1d669d50daad93e008711a Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 19 Nov 2008 17:29:49 -0800 Subject: s3 build: Fix incomplete types warnings --- lib/util/util.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/util/util.h b/lib/util/util.h index ec1cfef110..dced557acb 100644 --- a/lib/util/util.h +++ b/lib/util/util.h @@ -21,6 +21,8 @@ #ifndef _SAMBA_UTIL_H_ #define _SAMBA_UTIL_H_ +#include + #if _SAMBA_BUILD_ == 4 #include "../lib/util/charset/charset.h" #endif @@ -124,9 +126,6 @@ void CatchChildLeaveStatus(void); /* The following definitions come from lib/util/system.c */ - -struct in_addr; - /************************************************************************** A wrapper for gethostbyname() that tries avoids looking up hostnames in the root domain, which can cause dial-on-demand links to come up for no -- cgit From 03e0d0fb3791d0350199e396b562d3830f0fa095 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 21 Nov 2008 00:53:11 +0100 Subject: s3-winbindd: for now only change machine pwd when not using a system krb5 keytab. Guenther --- source3/winbindd/winbindd_dual.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 03d1e043bf..9153585c26 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1279,6 +1279,7 @@ static bool fork_domain_child(struct winbindd_child *child) } if (child->domain && child->domain->primary && + !lp_use_kerberos_keytab() && lp_server_role() == ROLE_DOMAIN_MEMBER) { struct timeval next_change; -- cgit From 363fe115368639225673d628a2ccc067928f4289 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Thu, 20 Nov 2008 18:03:33 -0800 Subject: s3/s4 build: Fix "might be unitialized" warning --- lib/torture/torture.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/torture/torture.c b/lib/torture/torture.c index 0ef5f612e6..9ad29ba9d0 100644 --- a/lib/torture/torture.c +++ b/lib/torture/torture.c @@ -310,7 +310,7 @@ static bool internal_torture_run_test(struct torture_context *context, bool already_setup) { bool success; - char *old_testname; + char *old_testname = NULL; if (tcase == NULL || strcmp(test->name, tcase->name) != 0) { old_testname = context->active_testname; -- cgit From 35ac6236bdf560f8ea3e4c2e268cdb0c9c71e1cd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 13:37:03 +0100 Subject: s3-libnetjoin: try to show a better error message upon invalid configuration. Guenther --- source3/libnet/libnet_join.c | 61 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 11 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6935e000dc..bb59a2b0a2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1638,24 +1638,31 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { + bool valid_security = false; + bool valid_workgroup = false; + bool valid_realm = false; + /* check if configuration is already set correctly */ + valid_workgroup = strequal(lp_workgroup(), r->out.netbios_domain_name); + switch (r->out.domain_is_ad) { case false: - if ((strequal(lp_workgroup(), - r->out.netbios_domain_name)) && - (lp_security() == SEC_DOMAIN)) { + valid_security = (lp_security() == SEC_DOMAIN); + if (valid_workgroup && valid_security) { /* nothing to be done */ return WERR_OK; } break; case true: - if ((strequal(lp_workgroup(), - r->out.netbios_domain_name)) && - (strequal(lp_realm(), - r->out.dns_domain_name)) && - ((lp_security() == SEC_ADS) || - (lp_security() == SEC_DOMAIN))) { + valid_realm = strequal(lp_realm(), r->out.dns_domain_name); + switch (lp_security()) { + case SEC_DOMAIN: + case SEC_ADS: + valid_security = true; + } + + if (valid_workgroup && valid_realm && valid_security) { /* nothing to be done */ return WERR_OK; } @@ -1665,9 +1672,41 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, /* check if we are supposed to manipulate configuration */ if (!r->in.modify_config) { + + char *wrong_conf = talloc_strdup(mem_ctx, ""); + + if (!valid_workgroup) { + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"workgroup\" set to '%s', should be '%s'", + lp_workgroup(), r->out.netbios_domain_name); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + + if (!valid_realm) { + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"realm\" set to '%s', should be '%s'", + lp_realm(), r->out.dns_domain_name); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + + if (!valid_security) { + const char *sec; + switch (lp_security()) { + case SEC_SHARE: sec = "share"; break; + case SEC_USER: sec = "user"; break; + case SEC_DOMAIN: sec = "domain"; break; + case SEC_ADS: sec = "ads"; break; + } + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"security\" set to '%s', should be %s", + sec, r->out.domain_is_ad ? + "either 'domain' or 'ads'" : "'domain'"); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + libnet_join_set_error_string(mem_ctx, r, - "Invalid configuration and configuration modification " - "was not requested"); + "Invalid configuration (%s) and configuration modification " + "was not requested", wrong_conf); return WERR_CAN_NOT_COMPLETE; } -- cgit From 98e1dd64ab5a5a0f9298684e09ab4637606b5b7c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 21 Nov 2008 15:56:30 +0100 Subject: s3-libnetjoin: fix build warning. Guenther --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bb59a2b0a2..bd127f8607 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1690,7 +1690,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, } if (!valid_security) { - const char *sec; + const char *sec = NULL; switch (lp_security()) { case SEC_SHARE: sec = "share"; break; case SEC_USER: sec = "user"; break; -- cgit From 9164b14a9fb1fee9ddec275032bb911d34b683d5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Fri, 21 Nov 2008 17:57:44 +0100 Subject: Fix include path for installation. --- source4/torture/smbtorture.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h index 28e82f3abd..c1363fd4c1 100644 --- a/source4/torture/smbtorture.h +++ b/source4/torture/smbtorture.h @@ -21,7 +21,7 @@ #ifndef __SMBTORTURE_H__ #define __SMBTORTURE_H__ -#include "lib/torture/torture.h" +#include "../lib/torture/torture.h" struct smbcli_state; -- cgit From 97fb05c2c0d0b08f3ed5aa7358a4d6d8c1725012 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 12:14:53 -0800 Subject: First part of fix for bug #5903 - vfs_streams_xattr breaks contents of the file. Restructures parts of open code so that fsp must be allocated before calling open_file_ntcreate(_internal). Also fix up file ref-counting inside files.c. Jeremy. --- source3/include/proto.h | 6 +- source3/printing/printfsp.c | 15 +---- source3/smbd/close.c | 8 +-- source3/smbd/fake_file.c | 1 - source3/smbd/files.c | 74 ++++++++++------------- source3/smbd/open.c | 143 +++++++++++++++++++++++++------------------- source3/smbd/reply.c | 9 ++- 7 files changed, 131 insertions(+), 125 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index dd4b9d15f7..2cf1a9645e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4866,7 +4866,7 @@ bool sysv_cache_reload(void); NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, const char *fname, - uint16_t current_vuid, files_struct **result); + uint16_t current_vuid, files_struct *fsp); void print_fsp_end(files_struct *fsp, enum file_close_type close_type); /* The following definitions come from printing/printing.c */ @@ -7860,9 +7860,9 @@ void file_sync_all(connection_struct *conn); void file_free(struct smb_request *req, files_struct *fsp); files_struct *file_fnum(uint16 fnum); files_struct *file_fsp(struct smb_request *req, uint16 fid); -NTSTATUS dup_file_fsp(struct smb_request *req, files_struct *fsp, +void dup_file_fsp(struct smb_request *req, files_struct *from, uint32 access_mask, uint32 share_access, - uint32 create_options, files_struct **result); + uint32 create_options, files_struct *to); /* The following definitions come from smbd/ipc.c */ diff --git a/source3/printing/printfsp.c b/source3/printing/printfsp.c index a247cd8427..5481d95650 100644 --- a/source3/printing/printfsp.c +++ b/source3/printing/printfsp.c @@ -27,19 +27,13 @@ print_job_start(). NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, const char *fname, - uint16_t current_vuid, files_struct **result) + uint16_t current_vuid, files_struct *fsp) { int jobid; SMB_STRUCT_STAT sbuf; - files_struct *fsp; fstring name; NTSTATUS status; - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - fstrcpy( name, "Remote Downlevel Document"); if (fname) { const char *p = strrchr(fname, '/'); @@ -53,7 +47,6 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, jobid = print_job_start(conn->server_info, SNUM(conn), name, NULL); if (jobid == -1) { status = map_nt_error_from_unix(errno); - file_free(req, fsp); return status; } @@ -62,7 +55,6 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, if (fsp->rap_print_jobid == 0) { /* We need to delete the entry in the tdb. */ pjob_delete(lp_const_servicename(SNUM(conn)), jobid); - file_free(req, fsp); return NT_STATUS_ACCESS_DENIED; /* No errno around here */ } @@ -81,14 +73,11 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, fsp->sent_oplock_break = NO_BREAK_SENT; fsp->is_directory = False; string_set(&fsp->fsp_name,print_job_fname(lp_const_servicename(SNUM(conn)),jobid)); - fsp->wcp = NULL; + fsp->wcp = NULL; SMB_VFS_FSTAT(fsp, &sbuf); fsp->mode = sbuf.st_mode; fsp->file_id = vfs_file_id_from_sbuf(conn, &sbuf); - conn->num_files_open++; - - *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index d4c531ab19..ce918ab6a3 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -106,8 +106,7 @@ static void check_magic(struct files_struct *fsp) static NTSTATUS close_filestruct(files_struct *fsp) { NTSTATUS status = NT_STATUS_OK; - connection_struct *conn = fsp->conn; - + if (fsp->fh->fd != -1) { if(flush_write_cache(fsp, CLOSE_FLUSH) == -1) { status = map_nt_error_from_unix(errno); @@ -115,9 +114,8 @@ static NTSTATUS close_filestruct(files_struct *fsp) delete_write_cache(fsp); } - conn->num_files_open--; return status; -} +} /**************************************************************************** If any deferred opens are waiting on this close, notify them. @@ -583,7 +581,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, DEBUG(2,("%s closed file %s (numopen=%d) %s\n", conn->server_info->unix_name,fsp->fsp_name, - conn->num_files_open, + conn->num_files_open - 1, nt_errstr(status) )); file_free(req, fsp); diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 58b09604c4..7feedcc9f9 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -141,7 +141,6 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, return NT_STATUS_NO_MEMORY; } - conn->num_files_open++; *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/files.c b/source3/smbd/files.c index d3bfce7499..1a3a997e59 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -129,6 +129,8 @@ NTSTATUS file_new(struct smb_request *req, connection_struct *conn, ZERO_STRUCT(fsp_fi_cache); + conn->num_files_open++; + *result = fsp; return NT_STATUS_OK; } @@ -420,9 +422,7 @@ void file_free(struct smb_request *req, files_struct *fsp) DEBUG(5,("freed files structure %d (%d used)\n", fsp->fnum, files_used)); - /* this is paranoia, just in case someone tries to reuse the - information */ - ZERO_STRUCTP(fsp); + fsp->conn->num_files_open--; if ((req != NULL) && (fsp == req->chain_fsp)) { req->chain_fsp = NULL; @@ -438,6 +438,10 @@ void file_free(struct smb_request *req, files_struct *fsp) vfs_remove_fsp_extension(fsp->vfs_extension->owner, fsp); } + /* this is paranoia, just in case someone tries to reuse the + information */ + ZERO_STRUCTP(fsp); + SAFE_FREE(fsp); } @@ -484,46 +488,34 @@ files_struct *file_fsp(struct smb_request *req, uint16 fid) Duplicate the file handle part for a DOS or FCB open. ****************************************************************************/ -NTSTATUS dup_file_fsp(struct smb_request *req, files_struct *fsp, +void dup_file_fsp(struct smb_request *req, files_struct *from, uint32 access_mask, uint32 share_access, - uint32 create_options, files_struct **result) + uint32 create_options, files_struct *to) { - NTSTATUS status; - files_struct *dup_fsp; - - status = file_new(NULL, fsp->conn, &dup_fsp); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - SAFE_FREE(dup_fsp->fh); - - dup_fsp->fh = fsp->fh; - dup_fsp->fh->ref_count++; - - dup_fsp->file_id = fsp->file_id; - dup_fsp->initial_allocation_size = fsp->initial_allocation_size; - dup_fsp->mode = fsp->mode; - dup_fsp->file_pid = fsp->file_pid; - dup_fsp->vuid = fsp->vuid; - dup_fsp->open_time = fsp->open_time; - dup_fsp->access_mask = access_mask; - dup_fsp->share_access = share_access; - dup_fsp->oplock_type = fsp->oplock_type; - dup_fsp->can_lock = fsp->can_lock; - dup_fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; - if (!CAN_WRITE(fsp->conn)) { - dup_fsp->can_write = False; + SAFE_FREE(to->fh); + + to->fh = from->fh; + to->fh->ref_count++; + + to->file_id = from->file_id; + to->initial_allocation_size = from->initial_allocation_size; + to->mode = from->mode; + to->file_pid = from->file_pid; + to->vuid = from->vuid; + to->open_time = from->open_time; + to->access_mask = access_mask; + to->share_access = share_access; + to->oplock_type = from->oplock_type; + to->can_lock = from->can_lock; + to->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; + if (!CAN_WRITE(from->conn)) { + to->can_write = False; } else { - dup_fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? True : False; + to->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? True : False; } - dup_fsp->print_file = fsp->print_file; - dup_fsp->modified = fsp->modified; - dup_fsp->is_directory = fsp->is_directory; - dup_fsp->aio_write_behind = fsp->aio_write_behind; - string_set(&dup_fsp->fsp_name,fsp->fsp_name); - - *result = dup_fsp; - return NT_STATUS_OK; + to->print_file = from->print_file; + to->modified = from->modified; + to->is_directory = from->is_directory; + to->aio_write_behind = from->aio_write_behind; + string_set(&to->fsp_name,from->fsp_name); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 3fd0d1a03a..aca64917b5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -462,7 +462,7 @@ static NTSTATUS open_file(files_struct *fsp, conn->server_info->unix_name, fsp->fsp_name, BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), - conn->num_files_open + 1)); + conn->num_files_open)); errno = 0; return NT_STATUS_OK; @@ -951,9 +951,10 @@ static bool open_match_attributes(connection_struct *conn, Try and find a duplicated file handle. ****************************************************************************/ -static files_struct *fcb_or_dos_open(struct smb_request *req, +static NTSTATUS fcb_or_dos_open(struct smb_request *req, connection_struct *conn, - const char *fname, + files_struct *fsp_to_dup_into, + const char *fname, struct file_id id, uint16 file_pid, uint16 vuid, @@ -962,7 +963,6 @@ static files_struct *fcb_or_dos_open(struct smb_request *req, uint32 create_options) { files_struct *fsp; - files_struct *dup_fsp; DEBUG(5,("fcb_or_dos_open: attempting old open semantics for " "file %s.\n", fname )); @@ -991,23 +991,21 @@ static files_struct *fcb_or_dos_open(struct smb_request *req, } if (!fsp) { - return NULL; + return NT_STATUS_NOT_FOUND; } /* quite an insane set of semantics ... */ if (is_executable(fname) && (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) { DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n")); - return NULL; + return NT_STATUS_INVALID_PARAMETER; } /* We need to duplicate this fsp. */ - if (!NT_STATUS_IS_OK(dup_file_fsp(req, fsp, access_mask, share_access, - create_options, &dup_fsp))) { - return NULL; - } + dup_file_fsp(req, fsp, access_mask, share_access, + create_options, fsp_to_dup_into); - return dup_fsp; + return NT_STATUS_OK; } /**************************************************************************** @@ -1249,10 +1247,10 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, } /**************************************************************************** - Open a file with a share mode. + Open a file with a share mode. Passed in an already created files_struct *. ****************************************************************************/ -NTSTATUS open_file_ntcreate(connection_struct *conn, +static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, struct smb_request *req, const char *fname, SMB_STRUCT_STAT *psbuf, @@ -1264,7 +1262,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, int oplock_request, /* internal Samba oplock codes. */ /* Information (FILE_EXISTS etc.) */ int *pinfo, - files_struct **result) + files_struct *fsp) { int flags=0; int flags2=0; @@ -1274,7 +1272,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, bool new_file_created = False; struct file_id id; NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED; - files_struct *fsp = NULL; mode_t new_unx_mode = (mode_t)0; mode_t unx_mode = (mode_t)0; int info; @@ -1291,7 +1288,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, ZERO_STRUCT(id); if (conn->printer) { - /* + /* * Printers are handled completely differently. * Most of the passed parameters are ignored. */ @@ -1302,7 +1299,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname)); - return print_fsp_open(req, conn, fname, req->vuid, result); + return print_fsp_open(req, conn, fname, req->vuid, fsp); } if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, @@ -1366,7 +1363,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, status = check_name(conn, fname); if (!NT_STATUS_IS_OK(status)) { return status; - } + } if (!posix_open) { new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; @@ -1533,7 +1530,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, flags2 |= O_SYNC; } #endif /* O_SYNC */ - + if (posix_open && (access_mask & FILE_APPEND_DATA)) { flags2 |= O_APPEND; } @@ -1560,11 +1557,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); fsp->share_access = share_access; fsp->fh->private_options = create_options; @@ -1589,7 +1581,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, fname, &old_write_time); if (lck == NULL) { - file_free(req, fsp); DEBUG(0, ("Could not get share mode lock\n")); return NT_STATUS_SHARING_VIOLATION; } @@ -1600,7 +1591,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, oplock_request)) { schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1620,7 +1610,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, oplock_request)) { schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } } @@ -1628,7 +1617,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { /* DELETE_PENDING is not deferred for a second */ TALLOC_FREE(lck); - file_free(req, fsp); return status; } @@ -1643,33 +1631,31 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (create_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS| NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) { - files_struct *fsp_dup; - if (req == NULL) { DEBUG(0, ("DOS open without an SMB " "request!\n")); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_INTERNAL_ERROR; } /* Use the client requested access mask here, * not the one we open with. */ - fsp_dup = fcb_or_dos_open(req, conn, fname, id, - req->smbpid, - req->vuid, - access_mask, - share_access, - create_options); - - if (fsp_dup) { + status = fcb_or_dos_open(req, + conn, + fsp, + fname, + id, + req->smbpid, + req->vuid, + access_mask, + share_access, + create_options); + + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); - file_free(req, fsp); if (pinfo) { *pinfo = FILE_WAS_OPENED; } - conn->num_files_open++; - *result = fsp_dup; return NT_STATUS_OK; } } @@ -1697,7 +1683,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, can_access = False; } - /* + /* * If we're returning a share violation, ensure we * cope with the braindead 1 second delay. */ @@ -1750,7 +1736,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } else { status = NT_STATUS_ACCESS_DENIED; } - file_free(req, fsp); return status; } @@ -1788,7 +1773,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (lck != NULL) { TALLOC_FREE(lck); } - file_free(req, fsp); return fsp_open; } @@ -1819,7 +1803,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, DEBUG(0, ("open_file_ntcreate: Could not get share " "mode lock for %s\n", fname)); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1830,7 +1813,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1849,7 +1831,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } } @@ -1858,7 +1839,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, struct deferred_open_record state; fd_close(fsp); - file_free(req, fsp); state.delayed_for_oplocks = False; state.id = id; @@ -1900,7 +1880,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1926,7 +1905,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, status = map_nt_error_from_unix(errno); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return status; } } @@ -1958,7 +1936,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, *pinfo = info; } - /* + /* * Setup the oplock info in both the shared memory and * file structs. */ @@ -1990,14 +1968,13 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, del_share_mode(lck, fsp); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return status; } /* Note that here we set the *inital* delete on close flag, not the regular one. The magic gets handled in close. */ fsp->initial_delete_on_close = True; } - + if (new_file_created) { /* Files should be initially set as archive */ if (lp_map_archive(SNUM(conn)) || @@ -2066,10 +2043,57 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } TALLOC_FREE(lck); - conn->num_files_open++; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a file with a share mode. +****************************************************************************/ + +NTSTATUS open_file_ntcreate(connection_struct *conn, + struct smb_request *req, + const char *fname, + SMB_STRUCT_STAT *psbuf, + uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ + uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ + uint32 create_disposition, /* FILE_OPEN_IF etc. */ + uint32 create_options, /* options such as delete on close. */ + uint32 new_dos_attributes, /* attributes used for new file. */ + int oplock_request, /* internal Samba oplock codes. */ + /* Information (FILE_EXISTS etc.) */ + int *pinfo, + files_struct **result) +{ + NTSTATUS status; + files_struct *fsp = NULL; + + *result = NULL; + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + return status; + } + + status = open_file_ntcreate_internal(conn, + req, + fname, + psbuf, + access_mask, + share_access, + create_disposition, + create_options, + new_dos_attributes, + oplock_request, + pinfo, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + return status; + } *result = fsp; - return NT_STATUS_OK; + return status; } /**************************************************************************** @@ -2097,10 +2121,9 @@ NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY, 0, FILE_WRITE_DATA, FILE_WRITE_DATA); - /* + /* * This is not a user visible file open. - * Don't set a share mode and don't increment - * the conn->num_files_open. + * Don't set a share mode. */ if (!NT_STATUS_IS_OK(status)) { @@ -2431,8 +2454,6 @@ NTSTATUS open_directory(connection_struct *conn, *pinfo = info; } - conn->num_files_open++; - *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c363ed5609..1f99db2de4 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4558,8 +4558,15 @@ void reply_printopen(struct smb_request *req) return; } + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + END_PROFILE(SMBsplopen); + return; + } + /* Open for exclusive use, write only. */ - status = print_fsp_open(req, conn, NULL, req->vuid, &fsp); + status = print_fsp_open(req, conn, NULL, req->vuid, fsp); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); -- cgit From fa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Nov 2008 16:57:44 +0100 Subject: s3-winbindd_ads: prevent negative GM/ cache entries due to broken connections The ads lookup_groupmem() function calls lda_lookupsids to resolve sids to names. This is tried only once. So in case the connection was broken, e.g. closed by the server (without a reset packet), there will be an empty GM/ cache entry for the requested group which will prevent proper working of access checks among other checks for the expiry period. This patch works around this problem by retrying once if the lsa_lookupsids call fails, re-establishing the dc-connection, as we already do in many other places (e.g. the winbindd retry methods for the rpc layer). Michael --- source3/winbindd/winbindd_ads.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 18cc1cbd03..94a24278eb 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1081,6 +1081,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, &names_nocache, &name_types_nocache); + if (!(NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || + NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) + { + DEBUG(1, ("lsa_lookupsids call failed with %s " + "- retrying...\n", nt_errstr(status))); + + status = cm_connect_lsa(domain, tmp_ctx, &cli, + &lsa_policy); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpccli_lsa_lookup_sids(cli, tmp_ctx, + &lsa_policy, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, + &name_types_nocache); + } + if (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { -- cgit From e179c41718d4d92a825dbcaea0120a0bd3befc43 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Nov 2008 02:26:50 +0100 Subject: s3-winbindd_ads: use the reconnect methods instead of the rpc methods directly Some of the ads methods just point to the rpc methods. This makes winbindd_ads use the reconnect methods instead of calling the rpc methods directly in order to prevent negative cache entries for e.g. name_to_sid, when the dc has closed the connection without sending a reset. Michael --- source3/winbindd/winbindd_ads.c | 81 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 6 deletions(-) diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 94a24278eb..5c7d491849 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -401,6 +401,47 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, return NT_STATUS_OK; } +/* convert a single name to a sid in a domain - use rpc methods */ +static NTSTATUS name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + enum winbindd_cmd orig_cmd, + const char *domain_name, + const char *name, + DOM_SID *sid, + enum lsa_SidType *type) +{ + return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd, + domain_name, name, + sid, type); +} + +/* convert a domain SID to a user or group name - use rpc methods */ +static NTSTATUS sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) +{ + return reconnect_methods.sid_to_name(domain, mem_ctx, sid, + domain_name, name, type); +} + +/* convert a list of rids to names - use rpc methods */ +static NTSTATUS rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) +{ + return reconnect_methods.rids_to_names(domain, mem_ctx, sid, + rids, num_rids, + domain_name, names, types); +} + /* If you are looking for "dn_lookup": Yes, it used to be here! * It has gone now since it was a major speed bottleneck in * lookup_groupmem (its only use). It has been replaced by @@ -903,6 +944,18 @@ done: return status; } +/* Lookup aliases a user is member of - use rpc methods */ +static NTSTATUS lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 num_sids, const DOM_SID *sids, + uint32 *num_aliases, uint32 **alias_rids) +{ + return reconnect_methods.lookup_useraliases(domain, mem_ctx, + num_sids, sids, + num_aliases, + alias_rids); +} + /* find the members of a group, given a group rid and domain */ @@ -1194,6 +1247,22 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) return ads_ntstatus(rc); } +/* find the lockout policy of a domain - use rpc methods */ +static NTSTATUS lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo12 *policy) +{ + return reconnect_methods.lockout_policy(domain, mem_ctx, policy); +} + +/* find the password policy of a domain - use rpc methods */ +static NTSTATUS password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *policy) +{ + return reconnect_methods.password_policy(domain, mem_ctx, policy); +} + /* get a list of trusted domains */ static NTSTATUS trusted_domains(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -1384,16 +1453,16 @@ struct winbindd_methods ads_methods = { query_user_list, enum_dom_groups, enum_local_groups, - msrpc_name_to_sid, - msrpc_sid_to_name, - msrpc_rids_to_names, + name_to_sid, + sid_to_name, + rids_to_names, query_user, lookup_usergroups, - msrpc_lookup_useraliases, + lookup_useraliases, lookup_groupmem, sequence_number, - msrpc_lockout_policy, - msrpc_password_policy, + lockout_policy, + password_policy, trusted_domains, }; -- cgit From dd54e680143675698330f49b9aed7188f37bec65 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Nov 2008 23:17:05 +0100 Subject: s3-winbindd: make all winbind rpc-methods static. Now that the methods are no longer needed in winbindd_ads, we can make them static again. Michael --- source3/winbindd/winbindd_proto.h | 34 --------------------- source3/winbindd/winbindd_rpc.c | 63 ++++++++++++++++++++------------------- 2 files changed, 32 insertions(+), 65 deletions(-) diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 4f3d10f57f..9de385e3b3 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -467,40 +467,6 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai /* The following definitions come from winbindd/winbindd_reconnect.c */ -/* The following definitions come from winbindd/winbindd_rpc.c */ - -NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, - const char *domain_name, - const char *name, - DOM_SID *sid, - enum lsa_SidType *type); -NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **domain_name, - char **name, - enum lsa_SidType *type); -NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - uint32 *rids, - size_t num_rids, - char **domain_name, - char ***names, - enum lsa_SidType **types); -NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 num_sids, const DOM_SID *sids, - uint32 *num_aliases, uint32 **alias_rids); -NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo12 *lockout_policy); -NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo1 *password_policy); - /* The following definitions come from winbindd/winbindd_sid.c */ void winbindd_lookupsid(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 7dea342a53..0070bde2cc 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -265,13 +265,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, } /* convert a single name to a sid in a domain */ -NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, - const char *domain_name, - const char *name, - DOM_SID *sid, - enum lsa_SidType *type) +static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + enum winbindd_cmd original_cmd, + const char *domain_name, + const char *name, + DOM_SID *sid, + enum lsa_SidType *type) { NTSTATUS result; DOM_SID *sids = NULL; @@ -331,12 +331,12 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, /* convert a domain SID to a user or group name */ -NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **domain_name, - char **name, - enum lsa_SidType *type) +static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) { char **domains; char **names; @@ -384,14 +384,14 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, return NT_STATUS_OK; } -NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - uint32 *rids, - size_t num_rids, - char **domain_name, - char ***names, - enum lsa_SidType **types) +static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) { char **domains; NTSTATUS result; @@ -638,10 +638,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, #define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ -NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 num_sids, const DOM_SID *sids, - uint32 *num_aliases, uint32 **alias_rids) +static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 num_sids, const DOM_SID *sids, + uint32 *num_aliases, + uint32 **alias_rids) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol; @@ -1104,9 +1105,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, } /* find the lockout policy for a domain */ -NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo12 *lockout_policy) +static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo12 *lockout_policy) { NTSTATUS result; struct rpc_pipe_client *cli; @@ -1145,9 +1146,9 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, } /* find the password policy for a domain */ -NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo1 *password_policy) +static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *password_policy) { NTSTATUS result; struct rpc_pipe_client *cli; -- cgit From 8d674e351ada654ab79d635851ac73cef71d4753 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 15:42:03 -0800 Subject: Second part of the fix for bug #5903 - vfs_streams_xattr breaks contents of the file (also fix a bad merge of the previous patch from 3.3). Jeremy. --- source3/modules/vfs_streams_xattr.c | 61 ++++++++++++++++++++++++++++++++++++- source3/smbd/open.c | 61 ++++++++++++++++++++++++++++--------- 2 files changed, 106 insertions(+), 16 deletions(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index b74c4f7902..9df88e5e19 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -624,7 +624,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); struct ea_struct ea; NTSTATUS status; - size_t length, overlap; + size_t length, overlap; if (sio == NULL) { return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); @@ -651,6 +651,63 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return overlap; } +static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_OFF_T offset) +{ + int ret; + uint8 *tmp; + struct ea_struct ea; + NTSTATUS status; + struct stream_io *sio = + (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); + + DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n", + fsp->fsp_name, + (double)offset )); + + if (sio == NULL) { + return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); + } + + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + sio->base, sio->xattr_name, &ea); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + tmp = TALLOC_REALLOC_ARRAY(talloc_tos(), ea.value.data, uint8, + offset + 1); + + if (tmp == NULL) { + TALLOC_FREE(ea.value.data); + errno = ENOMEM; + return -1; + } + + /* Did we expand ? */ + if (ea.value.length < offset + 1) { + memset(&tmp[ea.value.length], '\0', + offset + 1 - ea.value.length); + } + + ea.value.data = tmp; + ea.value.length = offset + 1; + ea.value.data[offset] = 0; + + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + + TALLOC_FREE(ea.value.data); + + if (ret == -1) { + return -1; + } + + return 0; +} + /* VFS operations structure */ static vfs_op_tuple streams_xattr_ops[] = { @@ -672,6 +729,8 @@ static vfs_op_tuple streams_xattr_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_xattr_ftruncate), SMB_VFS_OP_FTRUNCATE, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} diff --git a/source3/smbd/open.c b/source3/smbd/open.c index aca64917b5..a6867e077c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1651,7 +1651,7 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, share_access, create_options); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); if (pinfo) { *pinfo = FILE_WAS_OPENED; @@ -2878,10 +2878,42 @@ NTSTATUS create_file_unixpath(connection_struct *conn, * Ordinary file case. */ - status = open_file_ntcreate( - conn, req, fname, &sbuf, access_mask, share_access, - create_disposition, create_options, file_attributes, - oplock_request, &info, &fsp); + if (base_fsp) { + /* + * We're opening the stream element of a base_fsp + * we already opened. We need to initialize + * the fsp first, and set up the base_fsp pointer. + */ + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fsp->base_fsp = base_fsp; + + status = open_file_ntcreate_internal(conn, + req, + fname, + &sbuf, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + &info, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; + } + } else { + status = open_file_ntcreate( + conn, req, fname, &sbuf, access_mask, share_access, + create_disposition, create_options, file_attributes, + oplock_request, &info, &fsp); + } if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { @@ -2908,6 +2940,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, goto fail; } + fsp->base_fsp = base_fsp; + /* * According to the MS documentation, the only time the security * descriptor is applied to the opened file is iff we *created* the @@ -2994,16 +3028,6 @@ NTSTATUS create_file_unixpath(connection_struct *conn, DEBUG(10, ("create_file_unixpath: info=%d\n", info)); - /* - * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In - * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would - * also close fsp->base_fsp which we have to also do explicitly in - * this routine here, as not in all "goto fail:" we have the fsp set - * up already to be initialized with the base_fsp. - */ - - fsp->base_fsp = base_fsp; - *result = fsp; if (pinfo != NULL) { *pinfo = info; @@ -3022,6 +3046,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status))); if (fsp != NULL) { + if (base_fsp && fsp->base_fsp == base_fsp) { + /* + * The close_file below will close + * fsp->base_fsp. + */ + base_fsp = NULL; + } close_file(req, fsp, ERROR_CLOSE); fsp = NULL; } -- cgit From ecd8c5d3078f4fd06586485665f956520b2314a3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 16:02:31 -0800 Subject: Use fxattr calls whenever possible (trying to work around the strange Linux kernel oplock bug). Jeremy. --- source3/modules/vfs_streams_xattr.c | 70 +++++++++++++++++++++++++++---------- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 9df88e5e19..2ea5336295 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -64,14 +64,16 @@ static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) return result; } -static ssize_t get_xattr_size(connection_struct *conn, const char *fname, - const char *xattr_name) +static ssize_t get_xattr_size(connection_struct *conn, + files_struct *fsp, + const char *fname, + const char *xattr_name) { NTSTATUS status; struct ea_struct ea; ssize_t result; - status = get_ea_value(talloc_tos(), conn, NULL, fname, + status = get_ea_value(talloc_tos(), conn, fsp, fname, xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -100,7 +102,8 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, io->base, io->xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, + io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; } @@ -144,7 +147,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname, goto fail; } - sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, NULL, base, xattr_name); if (sbuf->st_size == -1) { errno = ENOENT; goto fail; @@ -191,7 +194,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname, goto fail; } - sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, NULL, base, xattr_name); if (sbuf->st_size == -1) { errno = ENOENT; goto fail; @@ -300,22 +303,40 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (SMB_VFS_SETXATTR( - handle->conn, base, xattr_name, - &null, sizeof(null), - flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; + if (fsp->base_fsp->fh->fd != -1) { + if (SMB_VFS_FSETXATTR( + fsp->base_fsp, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } + } else { + if (SMB_VFS_SETXATTR( + handle->conn, base, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } } } } if (flags & O_TRUNC) { char null = '\0'; - if (SMB_VFS_SETXATTR( - handle->conn, base, xattr_name, - &null, sizeof(null), - flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; + if (fsp->base_fsp->fh->fd != -1) { + if (SMB_VFS_FSETXATTR( + fsp->base_fsp, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } + } else { + if (SMB_VFS_SETXATTR( + handle->conn, base, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } } } @@ -603,10 +624,15 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); - + } else { + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + } TALLOC_FREE(ea.value.data); if (ret == -1) { @@ -695,9 +721,15 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); + } else { + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + } TALLOC_FREE(ea.value.data); -- cgit From c23a6dc3ec4f9a5ea5ab4f8cb9cd62aa6cacc3a4 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Fri, 14 Nov 2008 18:41:17 -0800 Subject: FreeBSD configure check for backtrace_symbols On FreeBSD backtrace_symbols is defined in libexecinfo.so.1. Look for it there as well. --- source3/configure.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index 1adb56ad91..287189f093 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1033,6 +1033,8 @@ AC_CHECK_FUNCS(gettext dgettext) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) +# libexecinfo provides backtrace_symbols on FreeBSD +AC_SEARCH_LIBS(backtrace_symbols, [execinfo]) AC_CHECK_FUNCS(backtrace_symbols) AC_CHECK_LIB(exc, trace_back_stack) -- cgit From 3d30d5945cf561c5baf2716d8f41870cecf947c0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Nov 2008 12:48:26 +0100 Subject: [s3]nfs4_acls: make prototype header match definition for smb_set_nt_acl_nfs4() Add the const from nfs4_acls.c to nfs4_acls.h This fixes my build of the zfsacl module on solaris. Michael --- source3/modules/nfs4_acls.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index 0f783aa977..a227c6e0fc 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -144,7 +144,7 @@ typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *); NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd, + const SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native); #endif /* __NFS4_ACLS_H__ */ -- cgit From 83ff6979f504d50caf725ee62549604630b69be7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 18:20:38 -0800 Subject: Fix the logic bug that caused us to run into kernel oplocks on an open for a stream inside a file with stream_xattr module. On opening the base_fsp we must break existing oplocks. Jeremy. --- source3/modules/vfs_streams_xattr.c | 68 ++++++++++++++++++------------------- source3/smbd/open.c | 8 ++++- 2 files changed, 41 insertions(+), 35 deletions(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 2ea5336295..3555654dac 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -102,7 +102,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, + sbuf->st_size = get_xattr_size(handle->conn, fsp, io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; @@ -249,29 +249,29 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, /* * We use baseflags to turn off nasty side-effects when opening the * underlying file. - */ - baseflags = flags; - baseflags &= ~O_TRUNC; - baseflags &= ~O_EXCL; - baseflags &= ~O_CREAT; - - hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); - - /* It is legit to open a stream on a directory, but the base - * fd has to be read-only. - */ - if ((hostfd == -1) && (errno == EISDIR)) { - baseflags &= ~O_ACCMODE; - baseflags |= O_RDONLY; - hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, - mode); - } + */ + baseflags = flags; + baseflags &= ~O_TRUNC; + baseflags &= ~O_EXCL; + baseflags &= ~O_CREAT; + + hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); + + /* It is legit to open a stream on a directory, but the base + * fd has to be read-only. + */ + if ((hostfd == -1) && (errno == EISDIR)) { + baseflags &= ~O_ACCMODE; + baseflags |= O_RDONLY; + hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, + mode); + } - if (hostfd == -1) { + if (hostfd == -1) { goto fail; - } + } - status = get_ea_value(talloc_tos(), handle->conn, NULL, base, + status = get_ea_value(talloc_tos(), handle->conn, fsp, base, xattr_name, &ea); DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); @@ -303,9 +303,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (fsp->base_fsp->fh->fd != -1) { + if (fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp->base_fsp, xattr_name, + fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -323,9 +323,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, if (flags & O_TRUNC) { char null = '\0'; - if (fsp->base_fsp->fh->fd != -1) { + if (fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp->base_fsp, xattr_name, + fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -600,7 +600,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -624,12 +624,12 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - if (fsp->base_fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + if (fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, sio->xattr_name, ea.value.data, ea.value.length, 0); } @@ -656,7 +656,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -696,7 +696,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -721,12 +721,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - if (fsp->base_fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + if (fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, sio->xattr_name, ea.value.data, ea.value.length, 0); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a6867e077c..018d104d0b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2830,7 +2830,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, break; } - status = create_file_unixpath(conn, NULL, base, 0, + DEBUG(10, ("Recursing into create_file_unixpath for " + "base %s\n", base)); + + /* This call will break any oplock on the base file, + * but will not actually open an underlying fd. */ + + status = create_file_unixpath(conn, req, base, 0, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, -- cgit From 338303eb379320411829ee3dd1621e490f8d7fe1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 22:48:37 -0800 Subject: Rever 83ff6979f504d50caf725ee62549604630b69be7 - "Fix the logic bug that caused us to run into kernel oplocks on an open for a stream inside a file with stream_xattr module. On opening the base_fsp we must break existing oplocks." as it broke make test. Jeremy. --- source3/modules/vfs_streams_xattr.c | 68 ++++++++++++++++++------------------- source3/smbd/open.c | 8 +---- 2 files changed, 35 insertions(+), 41 deletions(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 3555654dac..2ea5336295 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -102,7 +102,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, fsp, + sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; @@ -249,29 +249,29 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, /* * We use baseflags to turn off nasty side-effects when opening the * underlying file. - */ - baseflags = flags; - baseflags &= ~O_TRUNC; - baseflags &= ~O_EXCL; - baseflags &= ~O_CREAT; - - hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); - - /* It is legit to open a stream on a directory, but the base - * fd has to be read-only. - */ - if ((hostfd == -1) && (errno == EISDIR)) { - baseflags &= ~O_ACCMODE; - baseflags |= O_RDONLY; - hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, - mode); - } + */ + baseflags = flags; + baseflags &= ~O_TRUNC; + baseflags &= ~O_EXCL; + baseflags &= ~O_CREAT; + + hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); + + /* It is legit to open a stream on a directory, but the base + * fd has to be read-only. + */ + if ((hostfd == -1) && (errno == EISDIR)) { + baseflags &= ~O_ACCMODE; + baseflags |= O_RDONLY; + hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, + mode); + } - if (hostfd == -1) { + if (hostfd == -1) { goto fail; - } + } - status = get_ea_value(talloc_tos(), handle->conn, fsp, base, + status = get_ea_value(talloc_tos(), handle->conn, NULL, base, xattr_name, &ea); DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); @@ -303,9 +303,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (fsp->fh->fd != -1) { + if (fsp->base_fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp, xattr_name, + fsp->base_fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -323,9 +323,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, if (flags & O_TRUNC) { char null = '\0'; - if (fsp->fh->fd != -1) { + if (fsp->base_fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp, xattr_name, + fsp->base_fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -600,7 +600,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -624,12 +624,12 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - if (fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, sio->xattr_name, ea.value.data, ea.value.length, 0); } @@ -656,7 +656,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -696,7 +696,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -721,12 +721,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - if (fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, sio->xattr_name, ea.value.data, ea.value.length, 0); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 018d104d0b..a6867e077c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2830,13 +2830,7 @@ NTSTATUS create_file_unixpath(connection_struct *conn, break; } - DEBUG(10, ("Recursing into create_file_unixpath for " - "base %s\n", base)); - - /* This call will break any oplock on the base file, - * but will not actually open an underlying fd. */ - - status = create_file_unixpath(conn, req, base, 0, + status = create_file_unixpath(conn, NULL, base, 0, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, -- cgit From d205766e60be96449930f270b0a77002dffab278 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 22:51:20 -0800 Subject: Fix a C90 error. Jeremy. --- source3/modules/vfs_streams_depot.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index e7ecedaaed..0d6e0e02c1 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -116,6 +116,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, char *id_hex; struct file_id id; uint8 id_buf[16]; + const char *rootdir; tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); @@ -124,7 +125,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - const char *rootdir = lp_parm_const_string( + rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", tmp); TALLOC_FREE(tmp); @@ -149,7 +150,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, first = hash & 0xff; second = (hash >> 8) & 0xff; - id_hex = hex_encode(talloc_tos(), id_buf, sizeof(id_buf)); + id_hex = hex_encode_talloc(talloc_tos(), id_buf, sizeof(id_buf)); if (id_hex == NULL) { errno = ENOMEM; -- cgit From a6aa72001e3fdd36112a839cf3e40dd2d636f254 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 22 Nov 2008 18:31:52 +0100 Subject: Add "net machinepw" Provide a C-based alternative to the python script "mymachinepw" --- source4/utils/net/config.mk | 1 + source4/utils/net/net.c | 2 + source4/utils/net/net_machinepw.c | 91 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 94 insertions(+) create mode 100644 source4/utils/net/net_machinepw.c diff --git a/source4/utils/net/config.mk b/source4/utils/net/config.mk index 93b51e1e28..b2f0fcf6b1 100644 --- a/source4/utils/net/config.mk +++ b/source4/utils/net/config.mk @@ -16,6 +16,7 @@ PRIVATE_DEPENDENCIES = \ net_OBJ_FILES = $(addprefix $(utilssrcdir)/net/, \ net.o \ + net_machinepw.o \ net_password.o \ net_time.o \ net_join.o \ diff --git a/source4/utils/net/net.c b/source4/utils/net/net.c index 81584e4398..4d1b202ccb 100644 --- a/source4/utils/net/net.c +++ b/source4/utils/net/net.c @@ -107,6 +107,8 @@ static const struct net_functable net_functable[] = { {"vampire", "join and syncronise an AD domain onto the local server\n", net_vampire, net_vampire_usage}, {"samsync", "synchronise into the local ldb the sam of an NT4 domain\n", net_samsync_ldb, net_samsync_ldb_usage}, {"user", "manage user accounts\n", net_user, net_user_usage}, + {"machinepw", "Get a machine password out of our SAM", net_machinepw, + net_machinepw_usage}, {NULL, NULL, NULL, NULL} }; diff --git a/source4/utils/net/net_machinepw.c b/source4/utils/net/net_machinepw.c new file mode 100644 index 0000000000..8c2fac9557 --- /dev/null +++ b/source4/utils/net/net_machinepw.c @@ -0,0 +1,91 @@ +/* + Samba Unix/Linux SMB client library + Distributed SMB/CIFS Server Management Utility + + Copyright (C) 2008 Volker Lendecke + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "utils/net/net.h" +#include "libnet/libnet.h" +#include "libcli/security/security.h" +#include "param/secrets.h" +#include "param/param.h" +#include "lib/events/events.h" + +int net_machinepw_usage(struct net_context *ctx, int argc, const char **argv) +{ + d_printf("net machinepw \n"); + return -1; +} + +int net_machinepw(struct net_context *ctx, int argc, const char **argv) +{ + struct ldb_context *secrets; + TALLOC_CTX *mem_ctx; + struct event_context *ev; + struct ldb_message **msgs; + int res; + int num_records; + const char *attrs[] = { "secret", NULL }; + const char *secret; + + if (argc != 1) { + net_machinepw_usage(ctx, argc, argv); + return -1; + } + + mem_ctx = talloc_new(ctx); + if (mem_ctx == NULL) { + d_fprintf(stderr, "talloc_new failed\n"); + return -1; + } + + ev = event_context_init(mem_ctx); + if (ev == NULL) { + d_fprintf(stderr, "event_context_init failed\n"); + goto fail; + } + + secrets = secrets_db_connect(mem_ctx, ev, ctx->lp_ctx); + if (secrets == NULL) { + d_fprintf(stderr, "secrets_db_connect failed\n"); + goto fail; + } + + num_records = gendb_search(secrets, mem_ctx, NULL, &msgs, attrs, + "(&(objectclass=primaryDomain)" + "(samaccountname=%s))", argv[0]); + if (num_records != 1) { + d_fprintf(stderr, "gendb_search returned %d records, " + "expected 1\n", num_records); + goto fail; + } + + secret = ldb_msg_find_attr_as_string(msgs[0], "secret", NULL); + if (secret == NULL) { + d_fprintf(stderr, "machine account contains no secret\n"); + goto fail; + } + + printf("%s\n", secret); + talloc_free(mem_ctx); + return 0; + + fail: + talloc_free(mem_ctx); + return -1; +} -- cgit From 84e37eb5f56e2979cae89b96bc25ae746d7efab9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 22 Nov 2008 23:25:14 +0100 Subject: s3 build: don't specify ZLIB_LIBS (i.e. "-lz") in object collections. This causes make to fail on at least HP-UX and MacOS X with message "no rule to make target -lz" or similar, when these object collections are specified in dependencies. Michael --- source3/Makefile.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 4a0590c8ed..8498447cfc 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -931,7 +931,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) \ MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ @@ -939,7 +939,7 @@ MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) NSSTEST_OBJ = torture/nsstest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ @@ -958,7 +958,7 @@ LOG2PCAP_OBJ = utils/log2pcaphex.o LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \ -- cgit From 71c782c72af496c86491d16ef384a5b320f9616f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 01:11:29 +0100 Subject: s3-build: do not auto-genereate ndr tables but use checked-in tables. This removes the build-dependency on perl that was introduced in commit e0905c30908b4d621030689d33de28a13c04a690. The tables can now be re-built with "make ndr-tables". This is also called by make samba3-idl to ensure that the tables are updated after idl changes. This hopefully fixes the build on some build farm hosts (e.g. gwen). Michael --- source3/Makefile.in | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 8498447cfc..60ea4e2cfd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1235,10 +1235,13 @@ samba3-idl:: ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ ../librpc/idl/named_pipe_auth.idl librpc/idl/dom_sid.idl + @$(MAKE) ndr-tables -librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h - @echo "Generating $@" - @$(PERL) ../librpc/tables.pl $^ > $@ +NDR_TABLES = librpc/gen_ndr/tables.c + +ndr-tables:: librpc/gen_ndr/*.h + @echo "Generating $(NDR_TABLES)" + @$(PERL) ../librpc/tables.pl $^ > $(NDR_TABLES) ##################################################################### -- cgit From 09bc3a2f9c3847aafdb2e6cc2651baba62f2489e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 01:59:30 +0100 Subject: s3 build: when detecting to use internal zlib, put "-I../lib/zlib" first in CFLAGS This should fix a build error on our Tru64 build farm box where a zlib.h is found in an include path handed in via external CFLAGS, but that zlib.h belongs to an old zlib. So in ndr_compression.c, "#include " includes the wrong header for the internal zlib. Michael --- source3/configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/configure.in b/source3/configure.in index 287189f093..9214d031b3 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6256,7 +6256,7 @@ AC_ZLIB([ZLIB_OBJS=""], [ do ZLIB_OBJS="$ZLIB_OBJS ../lib/zlib/$o" done - CFLAGS="$CFLAGS -I../lib/zlib" + CFLAGS="-I../lib/zlib $CFLAGS" ]) dnl Remove -L/usr/lib/? from LDFLAGS and LIBS -- cgit From 3080fd66243f8f0c4b34be845a7dfd922242b685 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sun, 23 Nov 2008 11:24:29 +0100 Subject: RPC sessions on np connections need the real session key transferred --- source4/rpc_server/dcerpc_server.c | 4 ++-- source4/rpc_server/service_rpc.c | 5 +++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c index 6f3f6799e7..6e888e5259 100644 --- a/source4/rpc_server/dcerpc_server.c +++ b/source4/rpc_server/dcerpc_server.c @@ -251,8 +251,8 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx, return NT_STATUS_OK; } -static NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p, - DATA_BLOB *session_key) +NTSTATUS dcesrv_inherited_session_key(struct dcesrv_connection *p, + DATA_BLOB *session_key) { if (p->auth_state.session_info->session_key.length) { *session_key = p->auth_state.session_info->session_key; diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c index e526b17db1..bb4d6bdaf2 100644 --- a/source4/rpc_server/service_rpc.c +++ b/source4/rpc_server/service_rpc.c @@ -27,6 +27,7 @@ #include "auth/gensec/gensec.h" #include "../lib/util/dlinklist.h" #include "rpc_server/dcerpc_server.h" +#include "rpc_server/dcerpc_server_proto.h" #include "lib/events/events.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" @@ -139,6 +140,10 @@ static void dcesrv_sock_accept(struct stream_connection *srv_conn) dcesrv_conn->transport.get_my_addr = dcesrv_sock_get_my_addr; dcesrv_conn->transport.get_peer_addr = dcesrv_sock_get_peer_addr; + if (dcesrv_sock->endpoint->ep_description->transport == NCACN_NP) { + dcesrv_conn->auth_state.session_key = dcesrv_inherited_session_key; + } + srv_conn->private = dcesrv_conn; irpc_add_name(srv_conn->msg_ctx, "rpc_server"); -- cgit From 34fc529d95c3e45e7c4b81246864b3de5ca73fd8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 12:13:48 +0100 Subject: fix the build --- source4/utils/net/net_machinepw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source4/utils/net/net_machinepw.c b/source4/utils/net/net_machinepw.c index 8c2fac9557..710d889c19 100644 --- a/source4/utils/net/net_machinepw.c +++ b/source4/utils/net/net_machinepw.c @@ -25,6 +25,7 @@ #include "param/secrets.h" #include "param/param.h" #include "lib/events/events.h" +#include "lib/util/util_ldb.h" int net_machinepw_usage(struct net_context *ctx, int argc, const char **argv) { @@ -38,7 +39,6 @@ int net_machinepw(struct net_context *ctx, int argc, const char **argv) TALLOC_CTX *mem_ctx; struct event_context *ev; struct ldb_message **msgs; - int res; int num_records; const char *attrs[] = { "secret", NULL }; const char *secret; -- cgit From 9c3173142d3c9e0157a76ed32987cfb910d49a93 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 19:37:36 +0100 Subject: Fix an uninitialized variable warning Andreas Schneider, please check! --- source3/nsswitch/pam_winbind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1daa05ea17..be22ff3f5e 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2316,7 +2316,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, struct wbcLogoffUserParams logoff; struct wbcAuthErrorInfo *error = NULL; const char *user; - wbcErr wbc_status; + wbcErr wbc_status = WBC_ERR_SUCCESS; retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); if (retval) { -- cgit From 671d68d573e1b39ab816989b6d5bf41da3f56e78 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 17 Nov 2008 16:38:02 +0100 Subject: ctags: Ignore source3/includes/proto.h for tags. --- source3/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/Makefile.in b/source3/Makefile.in index 60ea4e2cfd..37c48d4286 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2791,7 +2791,7 @@ etags:: etags --append `find $(srcdir)/../source4/dsdb -name "*.[ch]"` ctags:: - ctags `find $(srcdir)/.. -name "*.[ch]"` + ctags `find $(srcdir)/.. -name "*.[ch]" | grep -v include/proto\.h` realclean:: clean -rm -f config.log bin/.dummy script/findsmb script/gen-8bit-gap.sh -- cgit From 526c609d5f4d892e534fa3db42d5e2cf103b08f3 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 22:20:58 +0100 Subject: s3-rpcclient: Fix a compile warning. --- source3/rpc_client/init_netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index 4318a94076..b2ad1a5bcb 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -206,7 +206,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, if (pipe_session_key && pipe_session_key_len != 16) { DEBUG(0,("serverinfo_to_SamInfo3: invalid " - "pipe_session_key_len[%u] != 16\n", + "pipe_session_key_len[%d] != 16\n", pipe_session_key_len)); return NT_STATUS_INTERNAL_ERROR; } -- cgit From ed27d91068ca45a2f2924cb2d53c3fdf856c5c47 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 22:21:26 +0100 Subject: Add auth_serversupplied_info to create_conn_struct srvsvc needs it, as will printing --- source3/include/proto.h | 3 ++- source3/rpc_server/srv_srvsvc_nt.c | 10 ++++------ source3/smbd/msdfs.c | 19 +++++++++++++++---- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 2cf1a9645e..a024d683f3 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7957,7 +7957,8 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, connection_struct **pconn, int snum, const char *path, - char **poldcwd); + struct auth_serversupplied_info *server_info, + char **poldcwd); /* The following definitions come from smbd/negprot.c */ diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 9d9e9af59b..274deab88b 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2050,7 +2050,8 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, } nt_status = create_conn_struct(talloc_tos(), &conn, snum, - lp_pathname(snum), &oldcwd); + lp_pathname(snum), p->server_info, + &oldcwd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_conn_struct failed: %s\n", nt_errstr(nt_status))); @@ -2058,8 +2059,6 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, goto error_exit; } - conn->server_info = p->server_info; - nt_status = create_file( conn, /* conn */ NULL, /* req */ @@ -2165,7 +2164,8 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, } nt_status = create_conn_struct(talloc_tos(), &conn, snum, - lp_pathname(snum), &oldcwd); + lp_pathname(snum), p->server_info, + &oldcwd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_conn_struct failed: %s\n", nt_errstr(nt_status))); @@ -2173,8 +2173,6 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } - conn->server_info = p->server_info; - nt_status = create_file( conn, /* conn */ NULL, /* req */ diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 1504b19169..d46be64262 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -219,6 +219,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, connection_struct **pconn, int snum, const char *path, + struct auth_serversupplied_info *server_info, char **poldcwd) { connection_struct *conn; @@ -254,6 +255,15 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, conn->params->service = snum; + if (server_info != NULL) { + conn->server_info = copy_serverinfo(conn, server_info); + if (conn->server_info == NULL) { + DEBUG(0, ("copy_serverinfo failed\n")); + TALLOC_FREE(conn); + return NT_STATUS_NO_MEMORY; + } + } + set_conn_connectpath(conn, connpath); if (!smbd_vfs_init(conn)) { @@ -881,7 +891,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, } status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum), - &oldpath); + NULL, &oldpath); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(pdp); return status; @@ -1321,7 +1331,7 @@ static bool junction_to_local_path(const struct junction_map *jucn, return False; } status = create_conn_struct(talloc_tos(), conn_out, snum, - lp_pathname(snum), oldpath); + lp_pathname(snum), NULL, oldpath); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -1455,7 +1465,7 @@ static int count_dfs_links(TALLOC_CTX *ctx, int snum) */ status = create_conn_struct(talloc_tos(), &conn, snum, connect_path, - &cwd); + NULL, &cwd); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("create_conn_struct failed: %s\n", nt_errstr(status))); @@ -1523,7 +1533,8 @@ static int form_junctions(TALLOC_CTX *ctx, * Fake up a connection struct for the VFS layer. */ - status = create_conn_struct(ctx, &conn, snum, connect_path, &cwd); + status = create_conn_struct(ctx, &conn, snum, connect_path, NULL, + &cwd); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("create_conn_struct failed: %s\n", nt_errstr(status))); -- cgit From b416135f6b00ea23ba8ded9d425ed7226980b36d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 10:43:10 +0100 Subject: libcli/nbt: fix some extrasemi compile warnings. Michael --- libcli/nbt/libnbt.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/libcli/nbt/libnbt.h b/libcli/nbt/libnbt.h index e03352d7cf..7d8ca49e9a 100644 --- a/libcli/nbt/libnbt.h +++ b/libcli/nbt/libnbt.h @@ -331,9 +331,9 @@ NTSTATUS nbt_name_reply_send(struct nbt_name_socket *nbtsock, struct nbt_name_packet *request); -NDR_SCALAR_PROTO(wrepl_nbt_name, const struct nbt_name *); -NDR_SCALAR_PROTO(nbt_string, const char *); -NDR_BUFFER_PROTO(nbt_name, struct nbt_name); +NDR_SCALAR_PROTO(wrepl_nbt_name, const struct nbt_name *) +NDR_SCALAR_PROTO(nbt_string, const char *) +NDR_BUFFER_PROTO(nbt_name, struct nbt_name) NTSTATUS nbt_rcode_to_ntstatus(uint8_t rcode); struct composite_context; -- cgit From a36415a5651c598e1dd28e163995e266dad51130 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 23:54:27 +0100 Subject: s3-rpcclient; Really fix compile warning. Screwed up in 526c609d, now the real fix. --- source3/rpc_client/init_netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index b2ad1a5bcb..6f7a541f72 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -206,7 +206,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, if (pipe_session_key && pipe_session_key_len != 16) { DEBUG(0,("serverinfo_to_SamInfo3: invalid " - "pipe_session_key_len[%d] != 16\n", + "pipe_session_key_len[%zu] != 16\n", pipe_session_key_len)); return NT_STATUS_INTERNAL_ERROR; } -- cgit From 798b9e1ad6bbdcf873285d0e1c5008e566744162 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 23 Nov 2008 18:20:19 -0800 Subject: Fix to allow setting of NULL DACL/SACL This is a modification of Jeremy's 7522ef15aca2429ef57c75d8297dd8121e79c9da commit. If no DACL/SACL is present in the packet, the SEC_INFO field should still be passed down as is to the VFS layer to signal the creation of a NULL DACL/SACL. As seen in metze RAW-ACL test_nttrans_create_null_dacl(), a NULL DACL is set regardless of the SEC_DESC_DACL_PRESENT bit being set. --- source3/smbd/nttrans.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 52c16e2ac6..8a18c87903 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -721,21 +721,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, return status; } - if (psd->owner_sid==0) { + if (psd->owner_sid == NULL) { security_info_sent &= ~OWNER_SECURITY_INFORMATION; } - if (psd->group_sid==0) { + if (psd->group_sid == NULL) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; } - if (psd->sacl==0) { - security_info_sent &= ~SACL_SECURITY_INFORMATION; - } - if (security_info_sent & DACL_SECURITY_INFORMATION) { - psd->type |= SEC_DESC_DACL_PRESENT; - } - if (psd->dacl==0) { - security_info_sent &= ~DACL_SECURITY_INFORMATION; - } /* Convert all the generic bits. */ security_acl_map_generic(psd->dacl, &file_generic_mapping); -- cgit From 783ab0480b7c1454a95cdb414d3277a8fa543e9a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 22:46:08 +0100 Subject: Convert move_driver_to_download_area to use create_conn_struct This removes a use of struct current_user and the vuid The become_user() here is unnecessary, within the spoolss handling code we have switched to the authenticated pipe user anyway. Jerry, please check! --- source3/include/proto.h | 5 ++-- source3/printing/nt_printing.c | 56 +++++++++++++++---------------------- source3/rpc_server/srv_spoolss_nt.c | 3 +- 3 files changed, 28 insertions(+), 36 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index a024d683f3..abb65ac654 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4775,8 +4775,9 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version); const char *get_short_archi(const char *long_archi); WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user); -WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, - struct current_user *user, WERROR *perr); +WERROR move_driver_to_download_area(struct pipes_struct *p, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, WERROR *perr); int pack_devicemode(NT_DEVICEMODE *nt_devmode, uint8 *buf, int buflen); uint32 del_a_printer(const char *sharename); NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 11370272a2..71d906cb41 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1796,8 +1796,9 @@ static char* ffmt(unsigned char *c){ /**************************************************************************** ****************************************************************************/ -WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, - struct current_user *user, WERROR *perr) +WERROR move_driver_to_download_area(struct pipes_struct *p, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, WERROR *perr) { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver; @@ -1805,14 +1806,15 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract char *new_dir = NULL; char *old_name = NULL; char *new_name = NULL; - DATA_BLOB null_pw; - connection_struct *conn; + connection_struct *conn = NULL; NTSTATUS nt_status; - fstring res_type; SMB_STRUCT_STAT st; int i; TALLOC_CTX *ctx = talloc_tos(); int ver = 0; + char *oldcwd; + fstring printdollar; + int printdollar_snum; *perr = WERR_OK; @@ -1831,38 +1833,24 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract return WERR_UNKNOWN_PRINTER_DRIVER; } - /* - * Connect to the print$ share under the same account as the user connected to the rpc pipe. - * Note we must be root to do this. - */ - - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status); - unbecome_root(); + fstrcpy(printdollar, "print$"); - if (conn == NULL) { - DEBUG(0,("move_driver_to_download_area: Unable to connect\n")); - *perr = ntstatus_to_werror(nt_status); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + *perr = WERR_NO_SUCH_SHARE; return WERR_NO_SUCH_SHARE; } - /* - * Save who we are - we are temporarily becoming the connection user. - */ - - if (!become_user(conn, conn->vuid)) { - DEBUG(0,("move_driver_to_download_area: Can't become user!\n")); - return WERR_ACCESS_DENIED; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + p->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("move_driver_to_download_area: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + *perr = ntstatus_to_werror(nt_status); + return *perr; } - /* WE ARE NOW RUNNING AS USER conn->vuid !!!!! */ - - /* - * make the directories version and version\driver_name - * under the architecture directory. - */ DEBUG(5,("Creating first directory\n")); new_dir = talloc_asprintf(ctx, "%s/%d", @@ -2092,8 +2080,10 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract err_exit: - close_cnum(conn, user->vuid); - unbecome_user(); + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } if (W_ERROR_EQUAL(*perr, WERR_OK)) { return WERR_OK; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 59c1323a0f..cc958aa8a6 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7860,7 +7860,8 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, goto done; DEBUG(5,("Moving driver to final destination\n")); - if( !W_ERROR_IS_OK(err = move_driver_to_download_area(driver, level, &p->pipe_user, &err)) ) { + if( !W_ERROR_IS_OK(err = move_driver_to_download_area(p, driver, level, + &err)) ) { goto done; } -- cgit From cb4f8573ba5fe7164be8adee8af7fbec9ec18ab0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:01:24 +0100 Subject: Convert get_correct_cversion to use create_conn_struct Jerry, please check! --- source3/include/proto.h | 5 +- source3/printing/nt_printing.c | 95 +++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 2 +- 3 files changed, 54 insertions(+), 48 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index abb65ac654..d3cc8c9f12 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4773,8 +4773,9 @@ bool delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR void update_a_form(nt_forms_struct **list, const FORM *form, int count); int get_ntdrivers(fstring **list, const char *architecture, uint32 version); const char *get_short_archi(const char *long_archi); -WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, - uint32 level, struct current_user *user); +WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level); WERROR move_driver_to_download_area(struct pipes_struct *p, NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, WERROR *perr); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 71d906cb41..fc73cb55d2 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1454,18 +1454,21 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr /**************************************************************************** Determine the correct cVersion associated with an architecture and driver ****************************************************************************/ -static uint32 get_correct_cversion(const char *architecture, fstring driverpath_in, - struct current_user *user, WERROR *perr) +static uint32 get_correct_cversion(struct pipes_struct *p, + const char *architecture, + fstring driverpath_in, + WERROR *perr) { int cversion; NTSTATUS nt_status; char *driverpath = NULL; - DATA_BLOB null_pw; - fstring res_type; files_struct *fsp = NULL; SMB_STRUCT_STAT st; - connection_struct *conn; + connection_struct *conn = NULL; NTSTATUS status; + char *oldcwd; + fstring printdollar; + int printdollar_snum; SET_STAT_INVALID(st); @@ -1485,28 +1488,21 @@ static uint32 get_correct_cversion(const char *architecture, fstring driverpath_ return 3; } - /* - * Connect to the print$ share under the same account as the user connected - * to the rpc pipe. Note we must still be root to do this. - */ - - /* Null password is ok - we are already an authenticated user... */ - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status); - unbecome_root(); + fstrcpy(printdollar, "print$"); - if (conn == NULL) { - DEBUG(0,("get_correct_cversion: Unable to connect\n")); - *perr = ntstatus_to_werror(nt_status); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + *perr = WERR_NO_SUCH_SHARE; return -1; } - /* We are temporarily becoming the connection user. */ - if (!become_user(conn, user->vuid)) { - DEBUG(0,("get_correct_cversion: Can't become user!\n")); - *perr = WERR_ACCESS_DENIED; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + p->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("get_correct_cversion: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + *perr = ntstatus_to_werror(nt_status); return -1; } @@ -1583,27 +1579,28 @@ static uint32 get_correct_cversion(const char *architecture, fstring driverpath_ DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n", driverpath, cversion)); - close_file(NULL, fsp, NORMAL_CLOSE); - close_cnum(conn, user->vuid); - unbecome_user(); - *perr = WERR_OK; - return cversion; - + goto done; - error_exit: - - if(fsp) + error_exit: + cversion = -1; + done: + if (fsp != NULL) { close_file(NULL, fsp, NORMAL_CLOSE); - - close_cnum(conn, user->vuid); - unbecome_user(); - return -1; + } + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } + if (cversion != -1) { + *perr = WERR_OK; + } + return cversion; } /**************************************************************************** ****************************************************************************/ -static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver, - struct current_user *user) +static WERROR clean_up_driver_struct_level_3(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) { const char *architecture; fstring new_name; @@ -1661,7 +1658,9 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri * NT 4: cversion=2 * NT2K: cversion=3 */ - if ((driver->cversion = get_correct_cversion( architecture, driver->driverpath, user, &err)) == -1) + if ((driver->cversion = get_correct_cversion(rpc_pipe, architecture, + driver->driverpath, + &err)) == -1) return err; return WERR_OK; @@ -1669,7 +1668,8 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri /**************************************************************************** ****************************************************************************/ -static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver, struct current_user *user) +static WERROR clean_up_driver_struct_level_6(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver) { const char *architecture; fstring new_name; @@ -1728,7 +1728,9 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri * NT2K: cversion=3 */ - if ((driver->version = get_correct_cversion(architecture, driver->driverpath, user, &err)) == -1) + if ((driver->version = get_correct_cversion(rpc_pipe, architecture, + driver->driverpath, + &err)) == -1) return err; return WERR_OK; @@ -1736,21 +1738,24 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri /**************************************************************************** ****************************************************************************/ -WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, - uint32 level, struct current_user *user) +WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level) { switch (level) { case 3: { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; driver=driver_abstract.info_3; - return clean_up_driver_struct_level_3(driver, user); + return clean_up_driver_struct_level_3(rpc_pipe, + driver); } case 6: { NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver; driver=driver_abstract.info_6; - return clean_up_driver_struct_level_6(driver, user); + return clean_up_driver_struct_level_6(rpc_pipe, + driver); } default: return WERR_INVALID_PARAM; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index cc958aa8a6..b032ce2aad 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7855,7 +7855,7 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, } DEBUG(5,("Cleaning driver's information\n")); - err = clean_up_driver_struct(driver, level, &p->pipe_user); + err = clean_up_driver_struct(p, driver, level); if (!W_ERROR_IS_OK(err)) goto done; -- cgit From c25f5c778acd7918551a6234d749854a0e8ea562 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:13:11 +0100 Subject: Convert delete_driver_files to use create_conn_struct Jerry, please check! --- source3/include/proto.h | 5 +-- source3/printing/nt_printing.c | 62 +++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 10 +++--- 3 files changed, 41 insertions(+), 36 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index d3cc8c9f12..853d827f2b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4821,8 +4821,9 @@ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level, uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level); bool printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3 ); bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ); -WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user, - uint32 version, bool delete_files ); +WERROR delete_printer_driver(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, + uint32 version, bool delete_files ); WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr); bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **secdesc_ctr); void map_printer_permissions(SEC_DESC *sd); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index fc73cb55d2..244b3aee03 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -5196,49 +5196,44 @@ bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ) this. ****************************************************************************/ -static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user ) +static bool delete_driver_files(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3) { int i = 0; char *s; const char *file; connection_struct *conn; - DATA_BLOB null_pw; NTSTATUS nt_status; - fstring res_type; SMB_STRUCT_STAT st; + char *oldcwd; + fstring printdollar; + int printdollar_snum; + bool ret = false; if ( !info_3 ) return False; DEBUG(6,("delete_driver_files: deleting driver [%s] - version [%d]\n", info_3->name, info_3->cversion)); - /* - * Connect to the print$ share under the same account as the - * user connected to the rpc pipe. Note we must be root to - * do this. - */ + fstrcpy(printdollar, "print$"); - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir( "print$", null_pw, res_type, user->vuid, &nt_status ); - unbecome_root(); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + return false; + } - if ( !conn ) { - DEBUG(0,("delete_driver_files: Unable to connect\n")); - return False; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + rpc_pipe->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("delete_driver_files: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + return false; } if ( !CAN_WRITE(conn) ) { DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n")); - return False; - } - - /* Save who we are - we are temporarily becoming the connection user. */ - - if ( !become_user(conn, conn->vuid) ) { - DEBUG(0,("delete_driver_files: Can't become user!\n")); - return False; + goto fail; } /* now delete the files; must strip the '\print$' string from @@ -5299,9 +5294,15 @@ static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct } } - unbecome_user(); - - return true; + goto done; + fail: + ret = false; + done: + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } + return ret; } /**************************************************************************** @@ -5309,8 +5310,9 @@ static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct previously looked up. ***************************************************************************/ -WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user, - uint32 version, bool delete_files ) +WERROR delete_printer_driver(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, + uint32 version, bool delete_files ) { char *key = NULL; const char *arch; @@ -5360,7 +5362,7 @@ WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct cur */ if ( delete_files ) - delete_driver_files( info_3, user ); + delete_driver_files(rpc_pipe, info_3); DEBUG(5,("delete_printer_driver: driver delete successful [%s]\n", key)); SAFE_FREE(key); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index b032ce2aad..46aed7ce65 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -2070,7 +2070,8 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER /* if we get to here, we now have 2 driver info structures to remove */ /* remove the Win2k driver first*/ - status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, False ); + status_win2k = delete_printer_driver( + p, info_win2k.info_3, 3, False ); free_a_printer_driver( info_win2k, 3 ); /* this should not have failed---if it did, report to client */ @@ -2082,7 +2083,7 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER } } - status = delete_printer_driver(info.info_3, &p->pipe_user, version, False); + status = delete_printer_driver(p, info.info_3, version, False); /* if at least one of the deletes succeeded return OK */ @@ -2205,7 +2206,8 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV /* if we get to here, we now have 2 driver info structures to remove */ /* remove the Win2k driver first*/ - status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, delete_files); + status_win2k = delete_printer_driver( + p, info_win2k.info_3, 3, delete_files); free_a_printer_driver( info_win2k, 3 ); /* this should not have failed---if it did, report to client */ @@ -2215,7 +2217,7 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV } } - status = delete_printer_driver(info.info_3, &p->pipe_user, version, delete_files); + status = delete_printer_driver(p, info.info_3, version, delete_files); if ( W_ERROR_IS_OK(status) || W_ERROR_IS_OK(status_win2k) ) status = WERR_OK; -- cgit From 6f840dd678f8f19b84c042816e75e85d1077904e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:14:39 +0100 Subject: Remove unused make_connection_with_chdir() --- source3/include/proto.h | 4 ---- source3/smbd/service.c | 32 -------------------------------- 2 files changed, 36 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 853d827f2b..605066f763 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8422,10 +8422,6 @@ bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); int find_service(fstring service); -connection_struct *make_connection_with_chdir(const char *service_in, - DATA_BLOB password, - const char *dev, uint16 vuid, - NTSTATUS *status); connection_struct *make_connection(const char *service_in, DATA_BLOB password, const char *pdev, uint16 vuid, NTSTATUS *status); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 05197021a3..0dea615fb5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1123,38 +1123,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } -/*************************************************************************************** - Simple wrapper function for make_connection() to include a call to - vfs_chdir() - **************************************************************************************/ - -connection_struct *make_connection_with_chdir(const char *service_in, - DATA_BLOB password, - const char *dev, uint16 vuid, - NTSTATUS *status) -{ - connection_struct *conn = NULL; - - conn = make_connection(service_in, password, dev, vuid, status); - - /* - * make_connection() does not change the directory for us any more - * so we have to do it as a separate step --jerry - */ - - if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { - DEBUG(0,("make_connection_with_chdir: Can't change " - "directory to %s for [print$] (%s)\n", - conn->connectpath,strerror(errno))); - yield_connection(conn, lp_servicename(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; - return NULL; - } - - return conn; -} - /**************************************************************************** Make a connection to a service. * -- cgit From 907f126d3e84b7acddf70f8da12010d6b22d8e99 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:48:17 +0100 Subject: Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! --- source3/include/ntdomain.h | 6 --- source3/include/proto.h | 1 - source3/rpc_server/srv_dfs_nt.c | 4 +- source3/rpc_server/srv_eventlog_nt.c | 4 +- source3/rpc_server/srv_lsa_nt.c | 42 +++++++++++--------- source3/rpc_server/srv_ntsvcs_nt.c | 3 +- source3/rpc_server/srv_pipe.c | 50 +----------------------- source3/rpc_server/srv_pipe_hnd.c | 10 ----- source3/rpc_server/srv_samr_nt.c | 74 ++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 41 +++++++++++--------- source3/rpc_server/srv_srvsvc_nt.c | 48 +++++++++-------------- source3/rpc_server/srv_svcctl_nt.c | 20 ++++++---- source3/rpc_server/srv_winreg_nt.c | 10 +++-- source3/rpc_server/srv_wkssvc_nt.c | 4 +- source3/smbd/uid.c | 6 +-- 15 files changed, 132 insertions(+), 191 deletions(-) diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index e6c97c69dc..1684e2d432 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -230,12 +230,6 @@ typedef struct pipes_struct { struct dcinfo *dc; /* Keeps the creds data from netlogon. */ - /* - * Unix user name and credentials used when a pipe is authenticated. - */ - - struct current_user pipe_user; - /* * Set to true when an RPC bind has been done on this pipe. */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 605066f763..a02672351c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6966,7 +6966,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p); bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len, NTSTATUS *pstatus); bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len); -struct current_user *get_current_user(struct current_user *user, pipes_struct *p); void free_pipe_rpc_context( PIPE_RPC_FNS *list ); bool api_pipe_request(pipes_struct *p); diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index 661d262dc4..bef8d83103 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -48,7 +48,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r) NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } @@ -113,7 +113,7 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 4ff10390f7..d12b490d21 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -209,7 +209,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } @@ -227,7 +227,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn /* now do the access check. Close the tdb if we fail here */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { elog_close_tdb( elog->etdb, False ); TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f4e891ca8c..05452112ca 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -381,9 +381,10 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + status = se_access_check(psd, p->server_info->ptok, des_access, + &acc_granted); if (!NT_STATUS_IS_OK(status)) { - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { return status; } DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", @@ -393,7 +394,7 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* This is needed for lsa_open_account and rpcclient .... :-) */ - if (p->pipe_user.ut.uid == sec_initial_uid()) + if (p->server_info->utok.uid == sec_initial_uid()) acc_granted = LSA_POLICY_ALL_ACCESS; /* associate the domain SID with the (unique) handle. */ @@ -432,9 +433,10 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + status = se_access_check(psd, p->server_info->ptok, des_access, + &acc_granted); if (!NT_STATUS_IS_OK(status)) { - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { return status; } DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", @@ -1539,8 +1541,9 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; if ( is_privileged_sid( r->in.sid ) ) @@ -1726,8 +1729,9 @@ NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; if (!pdb_getgrsid(&map, info->sid)) @@ -1755,8 +1759,9 @@ NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -1795,8 +1800,9 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -1952,8 +1958,9 @@ NTSTATUS _lsa_AddAccountRights(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -2001,8 +2008,9 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c index abeb2ca856..f2c85bbd3e 100644 --- a/source3/rpc_server/srv_ntsvcs_nt.c +++ b/source3/rpc_server/srv_ntsvcs_nt.c @@ -116,7 +116,8 @@ WERROR _PNP_GetDeviceRegProp(pipes_struct *p, return WERR_GENERAL_FAILURE; ptr++; - if ( !(values = svcctl_fetch_regvalues( ptr, p->pipe_user.nt_user_token )) ) + if ( !(values = svcctl_fetch_regvalues( + ptr, p->server_info->ptok))) return WERR_GENERAL_FAILURE; if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) ) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 2c31d7b3f1..5610e0bf71 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -614,11 +614,6 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) ZERO_STRUCT(reply); - /* Set up for non-authenticated user. */ - TALLOC_FREE(p->pipe_user.nt_user_token); - p->pipe_user.ut.ngroups = 0; - SAFE_FREE( p->pipe_user.ut.groups); - /* this has to be done as root in order to verify the password */ become_root(); status = auth_ntlmssp_update(a, *p_resp_blob, &reply); @@ -656,29 +651,8 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) "workstation: %s\n", a->ntlmssp_state->user, a->ntlmssp_state->domain, a->ntlmssp_state->workstation)); - /* - * Store the UNIX credential data (uid/gid pair) in the pipe structure. - */ - - p->pipe_user.ut.uid = a->server_info->utok.uid; - p->pipe_user.ut.gid = a->server_info->utok.gid; - - p->pipe_user.ut.ngroups = a->server_info->utok.ngroups; - if (p->pipe_user.ut.ngroups) { - if (!(p->pipe_user.ut.groups = (gid_t *)memdup( - a->server_info->utok.groups, - sizeof(gid_t) * p->pipe_user.ut.ngroups))) { - DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); - return False; - } - } - - if (a->server_info->ptok) { - p->pipe_user.nt_user_token = - dup_nt_token(NULL, a->server_info->ptok); - } else { + if (a->server_info->ptok == NULL) { DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); - p->pipe_user.nt_user_token = NULL; return False; } @@ -1711,11 +1685,6 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) case RPC_ANONYMOUS_AUTH_TYPE: /* Unauthenticated bind request. */ - /* Get the authenticated pipe user from current_user */ - if (!copy_current_user(&p->pipe_user, ¤t_user)) { - DEBUG(10, ("Could not copy current user\n")); - goto err_exit; - } /* We're finished - no more packets. */ p->auth.auth_type = PIPE_AUTH_TYPE_NONE; /* We must set the pipe auth_level here also. */ @@ -2225,23 +2194,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss return True; } -/**************************************************************************** - Return a user struct for a pipe user. -****************************************************************************/ - -struct current_user *get_current_user(struct current_user *user, pipes_struct *p) -{ - if (p->pipe_bound && - (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP || - (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { - memcpy(user, &p->pipe_user, sizeof(struct current_user)); - } else { - memcpy(user, ¤t_user, sizeof(struct current_user)); - } - - return user; -} - /**************************************************************************** Find the set of RPC functions associated with this context_id ****************************************************************************/ diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d359b9b339..03a0f72b33 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -162,13 +162,6 @@ static struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, p->endian = RPC_LITTLE_ENDIAN; - ZERO_STRUCT(p->pipe_user); - - p->pipe_user.vuid = vuid; - p->pipe_user.ut.uid = (uid_t)-1; - p->pipe_user.ut.gid = (gid_t)-1; - p->pipe_user.nt_user_token = dup_nt_token(NULL, server_info->ptok); - /* * Initialize the outgoing RPC data buffer with no memory. */ @@ -900,9 +893,6 @@ static int close_internal_rpc_pipe_hnd(struct pipes_struct *p) /* Free the handles database. */ close_policy_by_pipe(p); - TALLOC_FREE(p->pipe_user.nt_user_token); - SAFE_FREE(p->pipe_user.ut.groups); - DLIST_REMOVE(InternalPipes, p); ZERO_STRUCTP(p); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 62ac1cb5c3..3cc86edd62 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -632,7 +632,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, return status; /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 ); se_map_generic( &des_access, &dom_generic_mapping ); @@ -640,7 +640,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, se_priv_copy( &se_rights, &se_machine_account ); se_priv_add( &se_rights, &se_add_users ); - status = access_check_samr_object( psd, p->pipe_user.nt_user_token, + status = access_check_samr_object( psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access, &acc_granted, "_samr_OpenDomain" ); @@ -2166,7 +2166,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, /* check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); se_map_generic(&des_access, &usr_generic_mapping); @@ -2174,7 +2174,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, se_priv_copy( &se_rights, &se_machine_account ); se_priv_add( &se_rights, &se_add_users ); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_OpenUser"); @@ -3179,7 +3179,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, { se_priv_copy( &se_rights, &se_machine_account ); can_add_account = user_has_privileges( - p->pipe_user.nt_user_token, &se_rights ); + p->server_info->ptok, &se_rights ); } /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ @@ -3188,7 +3188,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, { se_priv_copy( &se_rights, &se_add_users ); can_add_account = user_has_privileges( - p->pipe_user.nt_user_token, &se_rights ); + p->server_info->ptok, &se_rights ); } else /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ @@ -3197,13 +3197,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, /* only Domain Admins can add a BDC or domain trust */ se_priv_copy( &se_rights, &se_priv_none ); can_add_account = nt_token_check_domain_rid( - p->pipe_user.nt_user_token, + p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS ); } } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), can_add_account ? "True":"False" )); /********** BEGIN Admin BLOCK **********/ @@ -3228,13 +3228,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, sid_compose(&sid, get_global_sam_sid(), *r->out.rid); - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); se_map_generic(&des_access, &usr_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_CreateUser2"); @@ -3291,7 +3291,7 @@ NTSTATUS _samr_Connect(pipes_struct *p, was observed from a win98 client trying to enumerate users (when configured user level access control on shares) --jerry */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); se_map_generic( &des_access, &sam_generic_mapping ); info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN); @@ -3327,12 +3327,12 @@ NTSTATUS _samr_Connect2(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect2"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3378,12 +3378,12 @@ NTSTATUS _samr_Connect4(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect4"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3429,12 +3429,12 @@ NTSTATUS _samr_Connect5(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect5"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3598,7 +3598,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0); se_map_generic(&des_access,&ali_generic_mapping); @@ -3606,7 +3606,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); - status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access, &acc_granted, "_samr_OpenAlias"); @@ -4165,20 +4165,20 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, acb_info = pdb_get_acct_ctrl(pwd); if (acb_info & ACB_WSTRUST) - has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token, + has_enough_rights = user_has_privileges(p->server_info->ptok, &se_machine_account); else if (acb_info & ACB_NORMAL) - has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token, + has_enough_rights = user_has_privileges(p->server_info->ptok, &se_add_users); else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { if (lp_enable_privileges()) { - has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token, + has_enough_rights = nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS); } } DEBUG(5, ("_samr_SetUserInfo: %s does%s possess sufficient rights\n", - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), has_enough_rights ? "" : " not")); /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */ @@ -4556,7 +4556,7 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p, DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid))); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4606,7 +4606,7 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, sid_string_dbg(&alias_sid))); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4661,7 +4661,7 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4719,7 +4719,7 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4790,9 +4790,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, /* For machine accounts it's the SeMachineAccountPrivilege that counts. */ if ( acb_info & ACB_WSTRUST ) { - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account ); } else { - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); } /******** BEGIN SeAddUsers BLOCK *********/ @@ -4864,7 +4864,7 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4939,7 +4939,7 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, DEBUG(10, ("lookup on Local SID\n")); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5008,7 +5008,7 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5082,7 +5082,7 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p, name = r->in.alias_name->string; se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); result = can_create(p->mem_ctx, name); if (!NT_STATUS_IS_OK(result)) { @@ -5294,7 +5294,7 @@ NTSTATUS _samr_SetGroupInfo(pipes_struct *p, return NT_STATUS_INVALID_INFO_CLASS; } - can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5396,7 +5396,7 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p, return NT_STATUS_INVALID_INFO_CLASS; } - can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5484,14 +5484,14 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, return status; /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0); se_map_generic(&des_access,&grp_generic_mapping); se_priv_copy( &se_rights, &se_add_users ); - status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access, &acc_granted, "_samr_OpenGroup"); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 46aed7ce65..744de67db4 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -388,7 +388,8 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } - return delete_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, Printer->sharename ); + return delete_printer_hook(p->mem_ctx, p->server_info->ptok, + Printer->sharename ); } /**************************************************************************** @@ -1656,13 +1657,13 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->pipe_user.ut.uid != 0) && - !user_has_privileges(p->pipe_user.nt_user_token, + if ((p->server_info->utok.uid != 0) && + !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), NULL, NULL, - p->pipe_user.nt_user_token, + p->server_info->ptok, lp_printer_admin(snum))) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -1715,8 +1716,8 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, return WERR_ACCESS_DENIED; } - if (!user_ok_token(uidtoname(p->pipe_user.ut.uid), NULL, - p->pipe_user.nt_user_token, snum) || + if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL, + p->server_info->ptok, snum) || !print_access_check(p->server_info, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); @@ -2018,11 +2019,11 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->pipe_user.ut.uid != 0) - && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop ) + if ( (p->server_info->utok.uid != 0) + && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), NULL, - NULL, p->pipe_user.nt_user_token, + uidtoname(p->server_info->utok.uid), NULL, + NULL, p->server_info->ptok, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; @@ -2116,11 +2117,11 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->pipe_user.ut.uid != 0) - && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop ) + if ( (p->server_info->utok.uid != 0) + && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), NULL, NULL, - p->pipe_user.nt_user_token, lp_printer_admin(-1)) ) + uidtoname(p->server_info->utok.uid), NULL, NULL, + p->server_info->ptok, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; } @@ -6390,7 +6391,8 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, { /* add_printer_hook() will call reload_services() */ - if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) { + if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + printer) ) { result = WERR_ACCESS_DENIED; goto done; } @@ -7730,7 +7732,8 @@ static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_ trying to add a printer like this --jerry */ if (*lp_addprinter_cmd() ) { - if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) { + if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + printer) ) { free_a_printer(&printer,2); return WERR_ACCESS_DENIED; } @@ -9938,10 +9941,10 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: - return process_xcvtcp_command( p->pipe_user.nt_user_token, command, + return process_xcvtcp_command( p->server_info->ptok, command, &q_u->indata, &r_u->outdata, &r_u->needed ); case SPLHND_PORTMON_LOCAL: - return process_xcvlocal_command( p->pipe_user.nt_user_token, command, + return process_xcvlocal_command( p->server_info->ptok, command, &q_u->indata, &r_u->outdata, &r_u->needed ); } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 274deab88b..bf3669022d 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -262,7 +262,7 @@ static void init_srv_share_info_1(pipes_struct *p, struct srvsvc_NetShareInfo1 * remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -289,7 +289,7 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 * remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } path = talloc_asprintf(p->mem_ctx, @@ -355,7 +355,7 @@ static void init_srv_share_info_501(pipes_struct *p, struct srvsvc_NetShareInfo5 remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -383,7 +383,7 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5 remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum)); @@ -422,7 +422,7 @@ static void init_srv_share_info_1004(pipes_struct *p, struct srvsvc_NetShareInfo remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -1225,7 +1225,6 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, struct srvsvc_NetSessDel *r) { struct sessionid *session_list; - struct current_user user; int num_sessions, snum; const char *username; const char *machine; @@ -1246,12 +1245,11 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, werr = WERR_ACCESS_DENIED; - get_current_user(&user, p); - /* fail out now if you are not root or not a domain admin */ - if ((user.ut.uid != sec_initial_uid()) && - ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) { + if ((p->server_info->utok.uid != sec_initial_uid()) && + ( ! nt_token_check_domain_rid(p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS))) { goto done; } @@ -1263,7 +1261,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, NTSTATUS ntstat; - if (user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { not_root = True; become_root(); } @@ -1466,7 +1464,6 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname) WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, struct srvsvc_NetShareSetInfo *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; char *comment = NULL; @@ -1510,13 +1507,11 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); /* fail out now if you are not root and not a disk op */ - if ( user.ut.uid != sec_initial_uid() && !is_disk_op ) + if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; switch (r->in.level) { @@ -1683,7 +1678,6 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, WERROR _srvsvc_NetShareAdd(pipes_struct *p, struct srvsvc_NetShareAdd *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; char *comment = NULL; @@ -1704,11 +1698,9 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, *r->out.parm_error = 0; } - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { @@ -1868,7 +1860,6 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, WERROR _srvsvc_NetShareDel(pipes_struct *p, struct srvsvc_NetShareDel *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; int ret; @@ -1901,11 +1892,9 @@ WERROR _srvsvc_NetShareDel(pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - get_current_user(&user,p); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { @@ -2409,17 +2398,14 @@ static void enum_file_close_fn( const struct share_mode_entry *e, WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r) { - struct current_user user; SE_PRIV se_diskop = SE_DISK_OPERATOR; bool is_disk_op; DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op) { + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 0bed13e522..6692160ba2 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -272,7 +272,8 @@ WERROR _svcctl_OpenSCManagerW(pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &scm_generic_map ); - status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted ); + status = svcctl_access_check( sec_desc, p->server_info->ptok, + r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -309,7 +310,8 @@ WERROR _svcctl_OpenServiceW(pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &svc_generic_map ); - status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted ); + status = svcctl_access_check( sec_desc, p->server_info->ptok, + r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -347,7 +349,8 @@ WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, service = r->in.service_name; - display_name = svcctl_lookup_dispname(p->mem_ctx, service, p->pipe_user.nt_user_token ); + display_name = svcctl_lookup_dispname(p->mem_ctx, service, + p->server_info->ptok); if (!display_name) { display_name = ""; } @@ -424,7 +427,7 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT size_t buffer_size = 0; WERROR result = WERR_OK; SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle ); - NT_USER_TOKEN *token = p->pipe_user.nt_user_token; + NT_USER_TOKEN *token = p->server_info->ptok; /* perform access checks */ @@ -680,7 +683,8 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, *r->out.bytes_needed = r->in.buf_size; - wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, p->pipe_user.nt_user_token ); + wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, + p->server_info->ptok); if ( !W_ERROR_IS_OK(wresult) ) return wresult; @@ -723,7 +727,8 @@ WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CO SERVICE_DESCRIPTION desc_buf; const char *description; - description = svcctl_lookup_description(p->mem_ctx, info->name, p->pipe_user.nt_user_token ); + description = svcctl_lookup_description( + p->mem_ctx, info->name, p->server_info->ptok); ZERO_STRUCTP( &desc_buf ); @@ -903,7 +908,8 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, /* store the new SD */ - if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) ) + if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, + p->server_info->ptok) ) return WERR_ACCESS_DENIED; return WERR_OK; diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 7e842ed54d..1131033b04 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -70,7 +70,7 @@ static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd, if (parent == NULL) { result = reg_openhive(NULL, subkeyname, access_desired, - p->pipe_user.nt_user_token, &key); + p->server_info->ptok, &key); } else { result = reg_openkey(NULL, parent, subkeyname, access_desired, @@ -556,7 +556,8 @@ WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateS return WERR_NOMEM; } - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + can_shutdown = user_has_privileges( p->server_info->ptok, + &se_remote_shutdown ); /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root Take the error return from the script and provide it as the Windows return code. */ @@ -594,7 +595,8 @@ WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShu if (!*abort_shutdown_script) return WERR_ACCESS_DENIED; - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + can_shutdown = user_has_privileges( p->server_info->ptok, + &se_remote_shutdown ); /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ @@ -682,7 +684,7 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r) /* user must posses SeRestorePrivilege for this this proceed */ - if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) ) + if ( !user_has_privileges( p->server_info->ptok, &se_restore ) ) return WERR_ACCESS_DENIED; DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n", diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 0a54b0dd3f..7071b55e7c 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -293,7 +293,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct nt_user_token *token = p->pipe_user.nt_user_token; + struct nt_user_token *token = p->server_info->ptok; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -368,7 +368,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct nt_user_token *token = p->pipe_user.nt_user_token; + struct nt_user_token *token = p->server_info->ptok; if (!r->in.account || !r->in.encrypted_password) { return WERR_INVALID_PARAM; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index c238f40cfd..ca7df264e2 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -318,9 +318,9 @@ bool become_authenticated_pipe_user(pipes_struct *p) if (!push_sec_ctx()) return False; - set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid, - p->pipe_user.ut.ngroups, p->pipe_user.ut.groups, - p->pipe_user.nt_user_token); + set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid, + p->server_info->utok.ngroups, p->server_info->utok.groups, + p->server_info->ptok); return True; } -- cgit From f340ed1348ca5f514dcd85a273559ecb9ff1615f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 24 Nov 2008 08:56:46 +0100 Subject: Fix nonempty blank lines --- source3/include/ntdomain.h | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 1684e2d432..cc99ad74c2 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -5,17 +5,17 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1997 Copyright (C) Paul Ashton 1997 Copyright (C) Jeremy Allison 2000-2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -27,7 +27,7 @@ * A bunch of stuff that was put into smb.h * in the NTDOM branch - it didn't belong there. */ - + typedef struct _prs_struct { bool io; /* parsing in or out of data stream */ /* @@ -138,7 +138,7 @@ struct dcinfo { struct netr_Credential seed_chal; struct netr_Credential clnt_chal; /* Client credential */ struct netr_Credential srv_chal; /* Server credential */ - + unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ unsigned char mach_pw[16]; /* md4(machine password) */ @@ -154,13 +154,13 @@ struct dcinfo { typedef struct pipe_rpc_fns { struct pipe_rpc_fns *next, *prev; - + /* RPC function table associated with the current rpc_bind (associated by context) */ - + const struct api_struct *cmds; int n_cmds; uint32 context_id; - + } PIPE_RPC_FNS; /* @@ -217,12 +217,12 @@ typedef struct pipes_struct { fstring name; fstring pipe_srv_name; - + /* linked list of rpc dispatch tables associated with the open rpc contexts */ - + PIPE_RPC_FNS *contexts; - + RPC_HDR hdr; /* Incoming RPC header. */ RPC_HDR_REQ hdr_req; /* Incoming request header. */ @@ -233,13 +233,13 @@ typedef struct pipes_struct { /* * Set to true when an RPC bind has been done on this pipe. */ - + bool pipe_bound; - + /* * Set to true when we should return fault PDU's for everything. */ - + bool fault_state; /* @@ -253,13 +253,13 @@ typedef struct pipes_struct { */ bool rng_fault_state; - + /* * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's */ - + bool endian; - + /* * Struct to deal with multiple pdu inputs. */ -- cgit From 26461a72da5a646fcc6023bb4f82c66e17a8529b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 24 Nov 2008 15:04:12 +0100 Subject: s3:libads/ldap.c: return an error instead of crashing when no realm is given The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam --- source3/libads/ldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f55cfa784a..932e42e076 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -301,11 +301,11 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) if ( use_own_domain ) c_realm = lp_workgroup(); } + } - if ( !c_realm || !*c_realm ) { - DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); - return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ - } + if ( !c_realm || !*c_realm ) { + DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); + return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } realm = c_realm; -- cgit From 51b840a07e84ab342f7b116171519219b3f9b1e1 Mon Sep 17 00:00:00 2001 From: Mathias Dietz Date: Wed, 12 Nov 2008 14:32:45 +0100 Subject: Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so As of GPFS 3.2.1 PTF8 libgpfs will be available as GPL, so we don't need the special libgpfs_gpl lib anymore. For backwards compatibility with pre-PTF8 GPFS installations, still look there. --- source3/modules/gpfs.c | 92 ++++++++++++++++++++++++-------------------------- 1 file changed, 45 insertions(+), 47 deletions(-) diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c index a0d33fa33a..4e76b97ccf 100644 --- a/source3/modules/gpfs.c +++ b/source3/modules/gpfs.c @@ -24,7 +24,6 @@ #include "gpfs_gpl.h" #include "vfs_gpfs.h" -static void *libgpfs_handle = NULL; static bool gpfs_share_modes; static bool gpfs_leases; @@ -135,65 +134,64 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return gpfs_putacl_fn(pathname, flags, acl); } -void init_gpfs(void) +static bool init_gpfs_function_lib(void *plibhandle_pointer, + const char *libname, + void *pfn_pointer, const char *fn_name) { - if (libgpfs_handle != NULL) { - return; - } - - libgpfs_handle = dlopen("libgpfs_gpl.so", RTLD_LAZY); - - if (libgpfs_handle == NULL) { - DEBUG(10, ("dlopen for libgpfs_gpl failed: %s\n", - strerror(errno))); - return; + bool did_open_here = false; + void **libhandle_pointer = (void **)plibhandle_pointer; + void **fn_pointer = (void **)pfn_pointer; + + if (*libhandle_pointer == NULL) { + *libhandle_pointer = dlopen(libname, RTLD_LAZY); + did_open_here = true; + } + if (*libhandle_pointer == NULL) { + DEBUG(10, ("Could not open lib %s\n", libname)); + return false; + } + + *fn_pointer = dlsym(*libhandle_pointer, fn_name); + if (*fn_pointer == NULL) { + DEBUG(10, ("Did not find symbol %s in lib %s\n", + fn_name, libname)); + if (did_open_here) { + dlclose(*libhandle_pointer); + *libhandle_pointer = NULL; + } + return false; } - DEBUG(10, ("libgpfs_gpl.so loaded\n")); - - gpfs_set_share_fn = dlsym(libgpfs_handle, "gpfs_set_share"); - if (gpfs_set_share_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_set_share'\n")); - goto failed; - } + return true; +} - gpfs_set_lease_fn = dlsym(libgpfs_handle, "gpfs_set_lease"); - if (gpfs_set_lease_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_set_lease'\n")); - dlclose(libgpfs_handle); +static bool init_gpfs_function(void *fn_pointer, const char *fn_name) +{ + static void *libgpfs_handle = NULL; + static void *libgpfs_gpl_handle = NULL; - goto failed; + if (init_gpfs_function_lib(&libgpfs_handle, "libgpfs.so", + fn_pointer, fn_name)) { + return true; } - - gpfs_getacl_fn = dlsym(libgpfs_handle, "gpfs_getacl"); - if (gpfs_getacl_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_getacl'\n")); - goto failed; + if (init_gpfs_function_lib(&libgpfs_gpl_handle, "libgpfs_gpl.so", + fn_pointer, fn_name)) { + return true; } + return false; +} - gpfs_putacl_fn = dlsym(libgpfs_handle, "gpfs_putacl"); - if (gpfs_putacl_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_putacl'\n")); - goto failed; - } +void init_gpfs(void) +{ + init_gpfs_function(&gpfs_set_share_fn, "gpfs_set_share"); + init_gpfs_function(&gpfs_set_lease_fn, "gpfs_set_lease"); + init_gpfs_function(&gpfs_getacl_fn, "gpfs_getacl"); + init_gpfs_function(&gpfs_putacl_fn, "gpfs_putacl"); gpfs_share_modes = lp_parm_bool(-1, "gpfs", "sharemodes", True); gpfs_leases = lp_parm_bool(-1, "gpfs", "leases", True); return; - -failed: - dlclose(libgpfs_handle); - /* leave libgpfs_handle != NULL around, no point - in trying twice */ - gpfs_set_share_fn = NULL; - gpfs_set_lease_fn = NULL; - gpfs_getacl_fn = NULL; - gpfs_putacl_fn = NULL; } #else -- cgit From 2c458935933daf219be276b06c6eb1b5752f2638 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 24 Nov 2008 15:28:11 -0800 Subject: Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that will have to be fixed another way. Jeremy. --- source3/smbd/posix_acls.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 7ca2ed787b..0529d2765e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3211,6 +3211,9 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) return ret; } +#if 0 +/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /**************************************************************************** Take care of parent ACL inheritance. ****************************************************************************/ @@ -3398,6 +3401,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, *pp_new_sd = psd; return status; } +#endif /**************************************************************************** Reply to set a security descriptor on an fsp. security_info_sent is the @@ -3510,6 +3514,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); +#if 0 + /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx * for details and also the log trace in bug #4308. JRA. */ @@ -3527,6 +3534,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC } psd = new_sd; } +#endif acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, &file_ace_list, &dir_ace_list, security_info_sent, psd); -- cgit From 417f187645de49ab35d2918c3ca0185a452e32b1 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Sun, 16 Nov 2008 17:40:03 -0800 Subject: Allow SYSLOG_FACILITY to be modified with a new configure option called --with-syslog-facility --- source3/configure.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/source3/configure.in b/source3/configure.in index 9214d031b3..90339d770c 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4368,6 +4368,22 @@ AC_ARG_WITH(syslog, AC_MSG_RESULT(no) ) +################################################# +# check for custom syslog facility +AC_MSG_CHECKING(whether to use a custom syslog facility) +AC_ARG_WITH(syslog-facility, +[AS_HELP_STRING([--with-syslog-facility], [Use a custom syslog facility (default=none)])], +[ + if test "$withval" = "no" ; then + AC_MSG_ERROR([argument to --with-syslog-facility must be a string]) + else + if test "$withval" != "yes" ; then + syslog_facility="$withval" + AC_DEFINE_UNQUOTED(SYSLOG_FACILITY,$syslog_facility, [syslog facility to log to]) + fi + fi +]) + ################################################# # check for experimental disk-quotas support -- cgit From d1d9c06294596cc34e19277b77a5316b8f3d2200 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 00:57:33 +0100 Subject: libwbclient: Add placeholder functions for wbcQuery[GSU]idTo[GSU]id --- source3/nsswitch/libwbclient/wbc_idmap.c | 68 ++++++++++++++++++++++++++++++-- source3/nsswitch/libwbclient/wbclient.h | 12 ++++++ 2 files changed, 76 insertions(+), 4 deletions(-) diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 6652f67636..81b369c87c 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -24,7 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a Windows SID to a Unix uid +/** @brief Convert a Windows SID to a Unix uid, allocating an uid if needed * * @param *sid Pointer to the domain SID to be resolved * @param *puid Pointer to the resolved uid_t value @@ -71,7 +71,22 @@ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID +/** @brief Convert a Windows SID to a Unix uid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Unix uid to a Windows SID, allocating a SID if needed * * @param uid Unix uid to be resolved * @param *sid Pointer to the resolved domain SID @@ -112,7 +127,22 @@ done: return wbc_status; } -/** @brief Convert a Windows SID to a Unix gid +/** @brief Convert a Unix uid to a Windows SID if there already is a mapping + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed * * @param *sid Pointer to the domain SID to be resolved * @param *pgid Pointer to the resolved gid_t value @@ -159,7 +189,22 @@ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID +/** @brief Convert a Windows SID to a Unix gid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Unix gid to a Windows SID, allocating a SID if needed * * @param gid Unix gid to be resolved * @param *sid Pointer to the resolved domain SID @@ -200,6 +245,21 @@ done: return wbc_status; } +/** @brief Convert a Unix gid to a Windows SID if there already is a mapping + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + /** @brief Obtain a new uid from Winbind * * @param *puid *pointer to the allocated uid diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 639f7f359f..2495b9604a 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -541,15 +541,27 @@ wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid); +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid); + wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid); +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid); + wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid); + wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid); +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid); + wbcErr wbcAllocateUid(uid_t *puid); wbcErr wbcAllocateGid(gid_t *pgid); -- cgit From ddf821685436f7f49f49dda8fb4abb63ea1945cb Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 11:17:42 +0100 Subject: libwbclient: Add placeholder function for WINBINDD_GETGRLST --- source3/nsswitch/libwbclient/wbc_pwd.c | 14 ++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 2 ++ 2 files changed, 16 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 0d17b312ef..5bb9a9fde4 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -376,6 +376,20 @@ wbcErr wbcGetgrent(struct group **grp) return WBC_ERR_NOT_IMPLEMENTED; } +/** @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetgrlist(struct group **grp) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + /** @brief Return the unix group array belonging to the given user * * @param *account The given user name diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 2495b9604a..9e74e1ed3c 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -602,6 +602,8 @@ wbcErr wbcEndgrent(void); wbcErr wbcGetgrent(struct group **grp); +wbcErr wbcGetgrlist(struct group **grp); + wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups); -- cgit From 1fac1447038fef0c68620f69788d48abe4349fd7 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 11:18:40 +0100 Subject: libwbclient: Fix typo in wbcGetgrent docstring. --- source3/nsswitch/libwbclient/wbc_pwd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 5bb9a9fde4..70d3f3ce9d 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -364,7 +364,7 @@ wbcErr wbcEndgrent(void) return wbc_status; } -/** @brief Return the next struct passwd* entry from the pwent iterator +/** @brief Return the next struct group* entry from the pwent iterator * * @param **grp Pointer to resulting struct group* from the query. * -- cgit From 6485c99074fee57c016a202216570fce749d36c1 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 15:16:17 +0100 Subject: libwbclient: Add placeholder function for WINBINDD_CCACHE_NTLMAUTH --- source3/nsswitch/libwbclient/wbc_pam.c | 15 +++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 713ba2e65b..401d2ad2c3 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -1095,3 +1095,18 @@ done: return wbc_status; } + +/** @brief Authenticate a user with cached credentials + * + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 9e74e1ed3c..cb31360407 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -440,6 +440,30 @@ struct wbcLogoffUserParams { struct wbcNamedBlob *blobs; }; +/** @brief Credential cache log-on parameters + * + */ + +struct wbcCredentialCacheParams { + const char *account_name; + const char *domain_name; + enum wbcCredentialCacheLevel { + WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1 + } level; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + + +/** @brief Info returned by credential cache auth + * + */ + +struct wbcCredentialCacheInfo { + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + /* * DomainControllerInfo struct */ @@ -683,6 +707,10 @@ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, enum wbcPasswordChangeRejectReason *reject_reason, struct wbcUserPasswordPolicyInfo **policy); +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error); + /* * Resolve functions */ -- cgit From 5856364af6e074410d521a4cdab893df998a04bd Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 16:36:01 +0100 Subject: libwbclient: Implement wbcGetpwent --- source3/nsswitch/libwbclient/wbc_pwd.c | 79 +++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 2 deletions(-) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 70d3f3ce9d..87908bb5e7 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -24,6 +24,11 @@ #include "libwbclient.h" +/** @brief The maximum number of pwent structs to get from winbindd + * + */ +#define MAX_GETPWENT_USERS 500 + /** * **/ @@ -284,6 +289,21 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) return wbc_status; } +/** @brief Number of cached passwd structs + * + */ +static uint32_t pw_cache_size; + +/** @brief Position of the pwent context + * + */ +static uint32_t pw_cache_idx; + +/** @brief Winbindd response containing the passwd structs + * + */ +static struct winbindd_response pw_response; + /** @brief Reset the passwd iterator * * @return #wbcErr @@ -293,6 +313,15 @@ wbcErr wbcSetpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (pw_cache_size > 0) { + pw_cache_idx = pw_cache_size = 0; + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + } + } + + ZERO_STRUCT(pw_response); + wbc_status = wbcRequestResponse(WINBINDD_SETPWENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -310,6 +339,13 @@ wbcErr wbcEndpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (pw_cache_size > 0) { + pw_cache_idx = pw_cache_size = 0; + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + } + } + wbc_status = wbcRequestResponse(WINBINDD_ENDPWENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -320,14 +356,53 @@ wbcErr wbcEndpwent(void) /** @brief Return the next struct passwd* entry from the pwent iterator * - * @param **pwd Pointer to resulting struct group* from the query. + * @param **pwd Pointer to resulting struct passwd* from the query. * * @return #wbcErr **/ wbcErr wbcGetpwent(struct passwd **pwd) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_pw *wb_pw; + + /* If there's a cached result, return that. */ + if (pw_cache_idx < pw_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + pw_cache_idx = 0; + + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + ZERO_STRUCT(pw_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETPWENT_USERS; + + wbc_status = wbcRequestResponse(WINBINDD_GETPWENT, &request, + &pw_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + pw_cache_size = pw_response.data.num_entries; + +return_result: + + wb_pw = (struct winbindd_pw *) pw_response.extra_data.data; + + *pwd = copy_passwd_entry(&wb_pw[pw_cache_idx]); + + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + pw_cache_idx++; + +done: + return wbc_status; } /** @brief Reset the group iterator -- cgit From 9d2c2a7a0e9e69c8fa2ce81af79007da0e32605b Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 17:11:09 +0100 Subject: libwbclient: Implement wbcGetgrent and wbcGetgrlist --- source3/nsswitch/libwbclient/wbc_pwd.c | 123 ++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 2 deletions(-) diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 87908bb5e7..d54a5af4fc 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -29,6 +29,11 @@ */ #define MAX_GETPWENT_USERS 500 +/** @brief The maximum number of grent structs to get from winbindd + * + */ +#define MAX_GETGRENT_GROUPS 500 + /** * **/ @@ -405,6 +410,21 @@ done: return wbc_status; } +/** @brief Number of cached group structs + * + */ +static uint32_t gr_cache_size; + +/** @brief Position of the grent context + * + */ +static uint32_t gr_cache_idx; + +/** @brief Winbindd response containing the group structs + * + */ +static struct winbindd_response gr_response; + /** @brief Reset the group iterator * * @return #wbcErr @@ -414,6 +434,15 @@ wbcErr wbcSetgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (gr_cache_size > 0) { + gr_cache_idx = gr_cache_size = 0; + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + } + } + + ZERO_STRUCT(gr_response); + wbc_status = wbcRequestResponse(WINBINDD_SETGRENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -431,6 +460,13 @@ wbcErr wbcEndgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (gr_cache_size > 0) { + gr_cache_idx = gr_cache_size = 0; + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + } + } + wbc_status = wbcRequestResponse(WINBINDD_ENDGRENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -448,7 +484,51 @@ wbcErr wbcEndgrent(void) wbcErr wbcGetgrent(struct group **grp) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + uint32_t mem_ofs; + + /* If there's a cached result, return that. */ + if (gr_cache_idx < gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + gr_cache_idx = 0; + + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + ZERO_STRUCT(gr_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(WINBINDD_GETGRENT, &request, + &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + mem_ofs = wb_gr[gr_cache_idx].gr_mem_ofs + + gr_cache_size * sizeof(struct winbindd_gr); + + *grp = copy_group_entry(&wb_gr[gr_cache_idx], + ((char *)gr_response.extra_data.data)+mem_ofs); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + gr_cache_idx++; + +done: + return wbc_status; } /** @brief Return the next struct group* entry from the pwent iterator @@ -462,7 +542,46 @@ wbcErr wbcGetgrent(struct group **grp) wbcErr wbcGetgrlist(struct group **grp) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + + /* If there's a cached result, return that. */ + if (gr_cache_idx < gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + gr_cache_idx = 0; + + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + ZERO_STRUCT(gr_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(WINBINDD_GETGRLST, &request, + &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + *grp = copy_group_entry(&wb_gr[gr_cache_idx], NULL); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + gr_cache_idx++; + +done: + return wbc_status; } /** @brief Return the unix group array belonging to the given user -- cgit From bf04324592695fd6e711ba25a89d47e1b61fa33e Mon Sep 17 00:00:00 2001 From: Nils Goroll Date: Mon, 17 Nov 2008 00:55:16 +0100 Subject: [s3]zfsacl: Prevent calling POSIX ACL vfs methods on zfs share. This is a proposed fix for Bugs #5135 and #5446. Signed-off-by: Michael Adam --- source3/modules/vfs_zfsacl.c | 83 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 3688b2386e..650666e921 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -212,9 +212,92 @@ static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } +/* nils.goroll@hamburg.de 2008-06-16 : + + See also + - https://bugzilla.samba.org/show_bug.cgi?id=5446 + - http://bugs.opensolaris.org/view_bug.do?bug_id=6688240 + + Solaris supports NFSv4 and ZFS ACLs through a common system call, acl(2) + with ACE_SETACL / ACE_GETACL / ACE_GETACLCNT, which is being wrapped for + use by samba in this module. + + As the acl(2) interface is identical for ZFS and for NFS, this module, + vfs_zfsacl, can not only be used for ZFS, but also for sharing NFSv4 + mounts on Solaris. + + But while "traditional" POSIX DRAFT ACLs (using acl(2) with SETACL + / GETACL / GETACLCNT) fail for ZFS, the Solaris NFS client + implemets a compatibility wrapper, which will make calls to + traditional ACL calls though vfs_solarisacl succeed. As the + compatibility wrapper's implementation is (by design) incomplete, + we want to make sure that it is never being called. + + As long as Samba does not support an exiplicit method for a module + to define conflicting vfs methods, we should override all conflicting + methods here. + + For this to work, we need to make sure that this module is initialised + *after* vfs_solarisacl + + Function declarations taken from vfs_solarisacl +*/ + +SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type) +{ + return (SMB_ACL_T)NULL; +} +SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + int fd) +{ + return (SMB_ACL_T)NULL; +} + +int zfsacl_fail__sys_acl_set_file(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + return(-1); +} + +int zfsacl_fail__sys_acl_set_fd(vfs_handle_struct *handle, + files_struct *fsp, + int fd, SMB_ACL_T theacl) +{ + return(-1); +} + +int zfsacl_fail__sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) +{ + return(-1); +} + /* VFS operations structure */ static vfs_op_tuple zfsacl_ops[] = { + /* invalidate conflicting VFS methods */ + {SMB_VFS_OP(zfsacl_fail__sys_acl_get_file), + SMB_VFS_OP_SYS_ACL_GET_FILE, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_get_fd), + SMB_VFS_OP_SYS_ACL_GET_FD, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_set_file), + SMB_VFS_OP_SYS_ACL_SET_FILE, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_set_fd), + SMB_VFS_OP_SYS_ACL_SET_FD, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_delete_def_file), + SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, + SMB_VFS_LAYER_OPAQUE}, + + /* actual methods */ {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, -- cgit From afbfbd7f4c656fa4ed036314837024be8cd634c9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Nov 2008 10:29:41 +0100 Subject: [s3]zfsacl: "return" is not a function. Michael --- source3/modules/vfs_zfsacl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 650666e921..a5b0490c8d 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -261,20 +261,20 @@ int zfsacl_fail__sys_acl_set_file(vfs_handle_struct *handle, SMB_ACL_TYPE_T type, SMB_ACL_T theacl) { - return(-1); + return -1; } int zfsacl_fail__sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T theacl) { - return(-1); + return -1; } int zfsacl_fail__sys_acl_delete_def_file(vfs_handle_struct *handle, const char *path) { - return(-1); + return -1; } /* VFS operations structure */ -- cgit From 6a4957d35d50e6508917aca62b282ae4904187c8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 22:59:40 +0100 Subject: UNFINISHED - s3:idmap_ad: multi-domain Michael --- source3/winbindd/idmap_ad.c | 152 ++++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 60a2d8642a..5904b4f624 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -43,31 +43,33 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; + ADS_STRUCT *ad_idmap_ads; + struct posix_schema *ad_schema; + enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; }; NTSTATUS init_module(void); -static ADS_STRUCT *ad_idmap_ads = NULL; -static struct posix_schema *ad_schema = NULL; -static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; - /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(void) +static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ad_idmap_ads != NULL) { + if (ctx->ad_idmap_ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ad_idmap_ads; + ads = ctx->ad_idmap_ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -83,8 +85,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ad_idmap_ads = NULL; - TALLOC_FREE( ad_schema ); + ctx->ad_idmap_ads = NULL; + TALLOC_FREE(ctx->ad_schema); } } @@ -118,7 +120,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = False; - ad_idmap_ads = ads; + ctx->ad_idmap_ads = ads; return ads; } @@ -126,28 +128,31 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(void) +static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); - + ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom); + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + if ( !ads ) return NULL; /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ad_schema ) + if ( ctx->ad_schema ) return ads; /* Otherwise, set the schema model */ - if ( (ad_map_type == WB_POSIX_MAP_SFU) || - (ad_map_type == WB_POSIX_MAP_SFU20) || - (ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || + (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || + (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; - schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); + schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema); if ( !ADS_ERR_OK(schema_status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); return NULL; @@ -191,16 +196,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } /* schema mode */ - if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ad_map_type = WB_POSIX_MAP_RFC2307; + if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN ) + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -284,14 +289,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -308,7 +313,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ad_schema->posix_uidnumber_attr, + ctx->ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -322,7 +327,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ad_schema->posix_gidnumber_attr, + ctx->ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -405,10 +410,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -495,14 +500,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -592,10 +597,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -653,7 +658,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) ad_idmap_ads = NULL; } - TALLOC_FREE( ad_schema ); + TALLOC_FREE( ctx->ad_schema ); return NT_STATUS_OK; } @@ -671,15 +676,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU) ) { DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } @@ -689,15 +694,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU20) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU20) ) { DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; return NT_STATUS_OK; } @@ -707,15 +712,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) ) { DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -725,7 +730,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *ctx, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -744,6 +749,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Only do query if we are online */ if (idmap_is_offline()) { @@ -755,7 +763,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ads_internal = ad_idmap_cached_connection(); - if ( !ads_internal || !ad_schema ) { + if ( !ads_internal || !ctx->ad_schema ) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -766,12 +774,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -781,13 +789,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ad_schema->posix_homedir_attr; - attrs[1] = ad_schema->posix_shell_attr; - attrs[2] = ad_schema->posix_gecos_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[0] = ctx->ad_schema->posix_homedir_attr; + attrs[1] = ctx->ad_schema->posix_shell_attr; + attrs[2] = ctx->ad_schema->posix_gecos_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -801,12 +809,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -835,6 +843,9 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -852,12 +863,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ad_schema->posix_uid_attr; + attrs[0] = ctx->ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -873,7 +884,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr ); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -908,6 +919,9 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -925,14 +939,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ad_schema->posix_uid_attr, + ctx->ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; -- cgit From 03304c5152c8d56030a6e79e37f106a786ed0f64 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Nov 2008 15:24:43 +0100 Subject: Revert "UNFINISHED - s3:idmap_ad: multi-domain" This reverts commit 6a4957d35d50e6508917aca62b282ae4904187c8. Sorry - this got accidentially pushed. Michael --- source3/winbindd/idmap_ad.c | 152 ++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 83 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 5904b4f624..60a2d8642a 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -43,33 +43,31 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; - ADS_STRUCT *ad_idmap_ads; - struct posix_schema *ad_schema; - enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; }; NTSTATUS init_module(void); +static ADS_STRUCT *ad_idmap_ads = NULL; +static struct posix_schema *ad_schema = NULL; +static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; + /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) +static ADS_STRUCT *ad_idmap_cached_connection_internal(void) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ctx->ad_idmap_ads != NULL) { + if (ad_idmap_ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ctx->ad_idmap_ads; + ads = ad_idmap_ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -85,8 +83,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ctx->ad_idmap_ads = NULL; - TALLOC_FREE(ctx->ad_schema); + ad_idmap_ads = NULL; + TALLOC_FREE( ad_schema ); } } @@ -120,7 +118,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) ads->is_mine = False; - ctx->ad_idmap_ads = ads; + ad_idmap_ads = ads; return ads; } @@ -128,31 +126,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom) +static ADS_STRUCT *ad_idmap_cached_connection(void) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom); - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - + ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); + if ( !ads ) return NULL; /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ctx->ad_schema ) + if ( ad_schema ) return ads; /* Otherwise, set the schema model */ - if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || - (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || - (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ad_map_type == WB_POSIX_MAP_SFU) || + (ad_map_type == WB_POSIX_MAP_SFU20) || + (ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; - schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema); + schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); if ( !ADS_ERR_OK(schema_status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); return NULL; @@ -196,16 +191,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } /* schema mode */ - if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) + ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ctx->ad_map_type = WB_POSIX_MAP_SFU; + ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ctx->ad_map_type = WB_POSIX_MAP_SFU20; + ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -289,14 +284,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { + if ( (ads = ad_idmap_cached_connection()) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ctx->ad_schema->posix_uidnumber_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[2] = ad_schema->posix_uidnumber_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -313,7 +308,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ctx->ad_schema->posix_uidnumber_attr, + ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -327,7 +322,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ctx->ad_schema->posix_gidnumber_attr, + ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -410,10 +405,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ctx->ad_schema->posix_uidnumber_attr : - ctx->ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ad_schema->posix_uidnumber_attr : + ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -500,14 +495,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { + if ( (ads = ad_idmap_cached_connection()) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ctx->ad_schema->posix_uidnumber_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[2] = ad_schema->posix_uidnumber_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -597,10 +592,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ctx->ad_schema->posix_uidnumber_attr : - ctx->ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ad_schema->posix_uidnumber_attr : + ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -658,7 +653,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) ad_idmap_ads = NULL; } - TALLOC_FREE( ctx->ad_schema ); + TALLOC_FREE( ad_schema ); return NT_STATUS_OK; } @@ -676,15 +671,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_SFU) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_SFU) ) { DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_SFU; + ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } @@ -694,15 +689,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_SFU20) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_SFU20) ) { DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_SFU20; + ad_map_type = WB_POSIX_MAP_SFU20; return NT_STATUS_OK; } @@ -712,15 +707,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_RFC2307) ) { DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -730,7 +725,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -749,9 +744,6 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Only do query if we are online */ if (idmap_is_offline()) { @@ -763,7 +755,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ads_internal = ad_idmap_cached_connection(); - if ( !ads_internal || !ctx->ad_schema ) { + if ( !ads_internal || !ad_schema ) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -774,12 +766,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -789,13 +781,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ctx->ad_schema->posix_homedir_attr; - attrs[1] = ctx->ad_schema->posix_shell_attr; - attrs[2] = ctx->ad_schema->posix_gecos_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[0] = ad_schema->posix_homedir_attr; + attrs[1] = ad_schema->posix_shell_attr; + attrs[2] = ad_schema->posix_gecos_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -809,12 +801,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -843,9 +835,6 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -863,12 +852,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ctx->ad_schema) { + if (!ads_internal || !ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ctx->ad_schema->posix_uid_attr; + attrs[0] = ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -884,7 +873,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -919,9 +908,6 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -939,14 +925,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ctx->ad_schema) { + if (!ads_internal || !ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ctx->ad_schema->posix_uid_attr, + ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; -- cgit From 948218643a04e8bf28de5c716cb9e4115d8b2aa0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:19:35 +0100 Subject: s3-samr: fix _samr_LookupNames return code. Guenther --- source3/rpc_server/srv_samr_nt.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 3cc86edd62..ba9d911c2b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1794,6 +1794,7 @@ NTSTATUS _samr_LookupNames(pipes_struct *p, DOM_SID pol_sid; uint32 acc_granted; struct samr_Ids rids, types; + uint32_t num_mapped = 0; DEBUG(5,("_samr_LookupNames: %d\n", __LINE__)); @@ -1841,10 +1842,18 @@ NTSTATUS _samr_LookupNames(pipes_struct *p, } if (type[i] != SID_NAME_UNKNOWN) { - status = NT_STATUS_OK; + num_mapped++; } } + if (num_mapped == num_rids) { + status = NT_STATUS_OK; + } else if (num_mapped == 0) { + status = NT_STATUS_NONE_MAPPED; + } else { + status = STATUS_SOME_UNMAPPED; + } + rids.count = num_rids; rids.ids = rid; -- cgit From f5a87e35d252934cf1c5bc27f4e3290520345d47 Mon Sep 17 00:00:00 2001 From: Sam Liddicott Date: Tue, 25 Nov 2008 15:41:07 +0100 Subject: Make sure dom_sid.h is installed. --- source4/headermap.txt | 1 + source4/librpc/config.mk | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/source4/headermap.txt b/source4/headermap.txt index ec9fedae2d..b6edaac414 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -43,6 +43,7 @@ librpc/gen_ndr/samr.h: gen_ndr/samr.h librpc/gen_ndr/ndr_samr.h: gen_ndr/ndr_samr.h librpc/gen_ndr/ndr_samr_c.h: gen_ndr/ndr_samr_c.h librpc/gen_ndr/security.h: gen_ndr/security.h +librpc/gen_ndr/dom_sid.h: gen_ndr/dom_sid.h auth/credentials/credentials.h: credentials.h auth/credentials/credentials_krb5.h: credentials/krb5.h rpc_server/dcerpc_server.h: dcerpc_server.h diff --git a/source4/librpc/config.mk b/source4/librpc/config.mk index 19c76b26e7..97da760832 100644 --- a/source4/librpc/config.mk +++ b/source4/librpc/config.mk @@ -57,7 +57,8 @@ NDR_SECURITY_OBJ_FILES = $(gen_ndrsrcdir)/ndr_security.o \ $(gen_ndrsrcdir)/ndr_dom_sid.o \ $(ndrsrcdir)/ndr_dom_sid.o -PUBLIC_HEADERS += $(gen_ndrsrcdir)/security.h +PUBLIC_HEADERS += $(addprefix $(gen_ndrsrcdir)/, security.h dom_sid.h) + [SUBSYSTEM::NDR_AUDIOSRV] PUBLIC_DEPENDENCIES = LIBNDR -- cgit From d3fa3c080f4509d8d043b26f3bee157f026d6e8a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 25 Nov 2008 15:53:56 -0800 Subject: Fix bug #5914 - Build failure: redefinition of struct name_list Jeremy. --- source3/utils/smbtree.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index ce2de4d7fe..9fc02bac13 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -30,15 +30,15 @@ static enum tree_level level = LEV_SHARE; /* Holds a list of workgroups or servers */ -struct name_list { - struct name_list *prev, *next; +struct smb_name_list { + struct smb_name_list *prev, *next; char *name, *comment; uint32 server_type; }; -static struct name_list *workgroups, *servers, *shares; +static struct smb_name_list *workgroups, *servers, *shares; -static void free_name_list(struct name_list *list) +static void free_name_list(struct smb_name_list *list) { while(list) DLIST_REMOVE(list, list); @@ -47,10 +47,10 @@ static void free_name_list(struct name_list *list) static void add_name(const char *machine_name, uint32 server_type, const char *comment, void *state) { - struct name_list **name_list = (struct name_list **)state; - struct name_list *new_name; + struct smb_name_list **name_list = (struct smb_name_list **)state; + struct smb_name_list *new_name; - new_name = SMB_MALLOC_P(struct name_list); + new_name = SMB_MALLOC_P(struct smb_name_list); if (!new_name) return; @@ -222,7 +222,7 @@ static bool get_shares(char *server_name, struct user_auth_info *user_info) static bool print_tree(struct user_auth_info *user_info) { - struct name_list *wg, *sv, *sh; + struct smb_name_list *wg, *sv, *sh; /* List workgroups */ -- cgit From f1d887251d33055d3f5dc858044a1ead63d25e78 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Nov 2008 16:22:11 +0100 Subject: Use a simple shell loop instead of _AC_SUBST_VARS. Autoconf has removed _AC_SUBST_VARS in newer versions. --- source4/build/m4/public.m4 | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4 index d61e00b22e..461b25c6af 100644 --- a/source4/build/m4/public.m4 +++ b/source4/build/m4/public.m4 @@ -188,10 +188,19 @@ use strict; use vars qw(%enabled %config); -%config = (AC_FOREACH([AC_Var], m4_defn([_AC_SUBST_VARS]), [ - AC_Var => '$AC_Var',]) -); +%config = ( +CEOF + +for ac_var in $ac_subst_vars +do + eval ac_val=\$$ac_var + if echo "$skip_vars" | grep -v " $ac_var " >/dev/null 2>/dev/null; then + echo "$ac_var => '$ac_val'," >> $1 + fi +done +cat >>$1< Date: Wed, 29 Oct 2008 14:12:04 +0100 Subject: Fix circular dependency error with autoconf 2.6.3. Signed-off-by: Andreas Schneider --- lib/replace/autoconf-2.60.m4 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/replace/autoconf-2.60.m4 b/lib/replace/autoconf-2.60.m4 index acdcd38efe..2d5dbc1661 100644 --- a/lib/replace/autoconf-2.60.m4 +++ b/lib/replace/autoconf-2.60.m4 @@ -179,6 +179,7 @@ AC_DEFUN([AC_PROG_CC_C99], # ------------------------ # Enable extensions on systems that normally disable them, # typically due to standards-conformance issues. +m4_ifndef([AC_USE_SYSTEM_EXTENSIONS],[ AC_DEFUN([AC_USE_SYSTEM_EXTENSIONS], [ AC_BEFORE([$0], [AC_COMPILE_IFELSE]) @@ -208,3 +209,4 @@ AC_DEFUN([AC_USE_SYSTEM_EXTENSIONS], AC_DEFINE([__EXTENSIONS__]) AC_DEFINE([_POSIX_PTHREAD_SEMANTICS]) ]) +]) -- cgit From 8e9c5f8c006d5753b7bda0df16eadbcf802df0c9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Nov 2008 16:55:32 +0100 Subject: Don't filter out any variables for config.pm, only for config.mk. --- source3/samba4.m4 | 1 + source4/build/m4/public.m4 | 4 +--- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/source3/samba4.m4 b/source3/samba4.m4 index 5a3ae36884..9ef3d71fd0 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -131,6 +131,7 @@ builddir="$builddir/../source4" oldsrcdir="$srcdir" srcdir="$srcdir/../source4" AC_SUBST(srcdir) +AC_SUBST(builddir) SMB_WRITE_PERLVARS(../source4/build/smb_build/config.pm) builddir="$oldbuilddir" srcdir="$oldsrcdir" diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4 index 461b25c6af..5be4189e06 100644 --- a/source4/build/m4/public.m4 +++ b/source4/build/m4/public.m4 @@ -194,9 +194,7 @@ CEOF for ac_var in $ac_subst_vars do eval ac_val=\$$ac_var - if echo "$skip_vars" | grep -v " $ac_var " >/dev/null 2>/dev/null; then - echo "$ac_var => '$ac_val'," >> $1 - fi + echo "$ac_var => '$ac_val'," >> $1 done cat >>$1< Date: Wed, 26 Nov 2008 18:20:51 +0100 Subject: Move netr_SamDatabaseID8Bit to netlogon.idl to prevent problems with forward enum declarations when compiled with C++. --- librpc/idl/misc.idl | 19 ------------- librpc/idl/netlogon.idl | 2 ++ librpc/idl/samr.idl | 16 +++++++++++ librpc/ndr/ndr_netlogon.c | 1 + source3/librpc/gen_ndr/misc.h | 35 ----------------------- source3/librpc/gen_ndr/ndr_misc.c | 53 ----------------------------------- source3/librpc/gen_ndr/ndr_misc.h | 6 ---- source3/librpc/gen_ndr/ndr_netlogon.c | 34 ++++++---------------- source3/librpc/gen_ndr/ndr_ntsvcs.c | 2 +- source3/librpc/gen_ndr/ndr_samr.c | 53 +++++++++++++++++++++++++++++++++++ source3/librpc/gen_ndr/ndr_samr.h | 6 ++++ source3/librpc/gen_ndr/netlogon.h | 3 ++ source3/librpc/gen_ndr/samr.h | 32 +++++++++++++++++++++ 13 files changed, 122 insertions(+), 140 deletions(-) diff --git a/librpc/idl/misc.idl b/librpc/idl/misc.idl index 1182ef1fc2..1907195252 100644 --- a/librpc/idl/misc.idl +++ b/librpc/idl/misc.idl @@ -2,15 +2,11 @@ miscellaneous IDL structures */ -cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID") - [ pointer_default(unique) ] interface misc { - typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit; - typedef [public,noprint,gensize,noejs] struct { uint32 time_low; uint16 time_mid; @@ -39,19 +35,4 @@ interface misc SEC_CHAN_DOMAIN = 4, SEC_CHAN_BDC = 6 } netr_SchannelType; - - /* SAM database types */ - typedef [public,v1_enum] enum { - SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */ - SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */ - SAM_DATABASE_PRIVS = 2 /* Privileges */ - } netr_SamDatabaseID; - - typedef [public,v1_enum] enum { - SAMR_REJECT_OTHER = 0, - SAMR_REJECT_TOO_SHORT = 1, - SAMR_REJECT_IN_HISTORY = 2, - SAMR_REJECT_COMPLEXITY = 5 - } samr_RejectReason; - } diff --git a/librpc/idl/netlogon.idl b/librpc/idl/netlogon.idl index e9b5170e9d..cf4da7adfa 100644 --- a/librpc/idl/netlogon.idl +++ b/librpc/idl/netlogon.idl @@ -9,6 +9,7 @@ import "misc.idl", "lsa.idl", "samr.idl", "security.idl", "nbt.idl"; #include "idl_types.h" cpp_quote("#define netr_DeltaEnum8Bit netr_DeltaEnum") +cpp_quote("#define netr_SamDatabaseID8Bit netr_SamDatabaseID") [ uuid("12345678-1234-abcd-ef00-01234567cffb"), @@ -23,6 +24,7 @@ interface netlogon typedef bitmap samr_AcctFlags samr_AcctFlags; typedef bitmap samr_GroupAttrs samr_GroupAttrs; typedef enum netr_DeltaEnum8Bit netr_DeltaEnum8Bit; + typedef enum netr_SamDatabaseID8Bit netr_SamDatabaseID8Bit; /*****************/ /* Function 0x00 */ diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index ee179407d4..6ef069ac4b 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -17,6 +17,22 @@ import "misc.idl", "lsa.idl", "security.idl"; { typedef bitmap security_secinfo security_secinfo; + /* SAM database types */ + typedef [public,v1_enum] enum { + SAM_DATABASE_DOMAIN = 0, /* Domain users and groups */ + SAM_DATABASE_BUILTIN = 1, /* BUILTIN users and groups */ + SAM_DATABASE_PRIVS = 2 /* Privileges */ + } netr_SamDatabaseID; + + typedef [public,v1_enum] enum { + SAMR_REJECT_OTHER = 0, + SAMR_REJECT_TOO_SHORT = 1, + SAMR_REJECT_IN_HISTORY = 2, + SAMR_REJECT_COMPLEXITY = 5 + } samr_RejectReason; + + + /* account control (acct_flags) bits */ typedef [public,bitmap32bit] bitmap { ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ diff --git a/librpc/ndr/ndr_netlogon.c b/librpc/ndr/ndr_netlogon.c index 61a88c7a47..411f3b9ba0 100644 --- a/librpc/ndr/ndr_netlogon.c +++ b/librpc/ndr/ndr_netlogon.c @@ -22,6 +22,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_netlogon.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_samr.h" _PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID8Bit(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID8Bit r) { diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index e439f7f43d..d1cf64e0eb 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -2,12 +2,9 @@ #include -#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_misc #define _HEADER_misc -enum netr_SamDatabaseID8Bit; - struct GUID { uint32_t time_low; uint16_t time_mid; @@ -45,36 +42,4 @@ enum netr_SchannelType #endif ; -enum netr_SamDatabaseID -#ifndef USE_UINT_ENUMS - { - SAM_DATABASE_DOMAIN=0, - SAM_DATABASE_BUILTIN=1, - SAM_DATABASE_PRIVS=2 -} -#else - { __donnot_use_enum_netr_SamDatabaseID=0x7FFFFFFF} -#define SAM_DATABASE_DOMAIN ( 0 ) -#define SAM_DATABASE_BUILTIN ( 1 ) -#define SAM_DATABASE_PRIVS ( 2 ) -#endif -; - -enum samr_RejectReason -#ifndef USE_UINT_ENUMS - { - SAMR_REJECT_OTHER=0, - SAMR_REJECT_TOO_SHORT=1, - SAMR_REJECT_IN_HISTORY=2, - SAMR_REJECT_COMPLEXITY=5 -} -#else - { __donnot_use_enum_samr_RejectReason=0x7FFFFFFF} -#define SAMR_REJECT_OTHER ( 0 ) -#define SAMR_REJECT_TOO_SHORT ( 1 ) -#define SAMR_REJECT_IN_HISTORY ( 2 ) -#define SAMR_REJECT_COMPLEXITY ( 5 ) -#endif -; - #endif /* _HEADER_misc */ diff --git a/source3/librpc/gen_ndr/ndr_misc.c b/source3/librpc/gen_ndr/ndr_misc.c index 22c416a0d7..971cbdac24 100644 --- a/source3/librpc/gen_ndr/ndr_misc.c +++ b/source3/librpc/gen_ndr/ndr_misc.c @@ -132,56 +132,3 @@ _PUBLIC_ void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *nam ndr_print_enum(ndr, name, "ENUM", val, r); } -_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r) -{ - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r) -{ - uint32_t v; - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *r = v; - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r) -{ - const char *val = NULL; - - switch (r) { - case SAM_DATABASE_DOMAIN: val = "SAM_DATABASE_DOMAIN"; break; - case SAM_DATABASE_BUILTIN: val = "SAM_DATABASE_BUILTIN"; break; - case SAM_DATABASE_PRIVS: val = "SAM_DATABASE_PRIVS"; break; - } - ndr_print_enum(ndr, name, "ENUM", val, r); -} - -_PUBLIC_ enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r) -{ - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r) -{ - uint32_t v; - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *r = v; - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r) -{ - const char *val = NULL; - - switch (r) { - case SAMR_REJECT_OTHER: val = "SAMR_REJECT_OTHER"; break; - case SAMR_REJECT_TOO_SHORT: val = "SAMR_REJECT_TOO_SHORT"; break; - case SAMR_REJECT_IN_HISTORY: val = "SAMR_REJECT_IN_HISTORY"; break; - case SAMR_REJECT_COMPLEXITY: val = "SAMR_REJECT_COMPLEXITY"; break; - } - ndr_print_enum(ndr, name, "ENUM", val, r); -} - diff --git a/source3/librpc/gen_ndr/ndr_misc.h b/source3/librpc/gen_ndr/ndr_misc.h index a15a781367..b907af0605 100644 --- a/source3/librpc/gen_ndr/ndr_misc.h +++ b/source3/librpc/gen_ndr/ndr_misc.h @@ -20,10 +20,4 @@ void ndr_print_policy_handle(struct ndr_print *ndr, const char *name, const stru enum ndr_err_code ndr_push_netr_SchannelType(struct ndr_push *ndr, int ndr_flags, enum netr_SchannelType r); enum ndr_err_code ndr_pull_netr_SchannelType(struct ndr_pull *ndr, int ndr_flags, enum netr_SchannelType *r); void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *name, enum netr_SchannelType r); -enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r); -enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r); -void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r); -enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r); -enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r); -void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r); #endif /* _HEADER_NDR_misc */ diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index ac23c36a7c..c4102eba6e 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -363,8 +363,6 @@ static enum ndr_err_code ndr_push_netr_PasswordInfo(struct ndr_push *ndr, int nd } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_netr_IdentityInfo(ndr, NDR_BUFFERS, &r->identity_info)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -379,8 +377,6 @@ static enum ndr_err_code ndr_pull_netr_PasswordInfo(struct ndr_pull *ndr, int nd } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_BUFFERS, &r->identity_info)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2212,7 +2208,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEY16(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->pwd)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->pwd)); } return NDR_ERR_SUCCESS; } @@ -2227,7 +2222,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEY16(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->pwd)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->pwd)); } return NDR_ERR_SUCCESS; } @@ -2305,8 +2299,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEYS2(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2320,8 +2312,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEYS2(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2343,7 +2333,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEY_UNION(struct ndr_push *ndr, int NDR_CHECK(ndr_push_netr_USER_KEYS2(ndr, NDR_SCALARS, &r->keys2)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEYS2(ndr, NDR_BUFFERS, &r->keys2)); } return NDR_ERR_SUCCESS; } @@ -2355,7 +2344,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEY_UNION(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_netr_USER_KEYS2(ndr, NDR_SCALARS, &r->keys2)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEYS2(ndr, NDR_BUFFERS, &r->keys2)); } return NDR_ERR_SUCCESS; } @@ -2376,7 +2364,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_USER_KEYS(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_netr_USER_KEY_UNION(ndr, NDR_SCALARS, &r->keys)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEY_UNION(ndr, NDR_BUFFERS, &r->keys)); } return NDR_ERR_SUCCESS; } @@ -2389,7 +2376,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_USER_KEYS(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_netr_USER_KEY_UNION(ndr, NDR_SCALARS, &r->keys)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEY_UNION(ndr, NDR_BUFFERS, &r->keys)); } return NDR_ERR_SUCCESS; } @@ -2537,8 +2523,6 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); @@ -2602,8 +2586,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); @@ -9608,7 +9590,7 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i if (r->in.new_password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.new_password)); } if (flags & NDR_OUT) { if (r->out.return_authenticator == NULL) { @@ -9675,7 +9657,7 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i } _mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.new_password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC); NDR_PULL_ALLOC(ndr, r->out.return_authenticator); ZERO_STRUCTP(r->out.return_authenticator); @@ -13210,7 +13192,7 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i if (r->out.password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -13284,7 +13266,7 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i } _mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); } @@ -14704,11 +14686,11 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * if (r->out.password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password)); if (r->out.password2 == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password2)); NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -14785,14 +14767,14 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * } _mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.password2); } _mem_save_password2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password2, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password2)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password2_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index a63ed6f77a..ced6fb7767 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3857,7 +3857,7 @@ static const struct ndr_interface_call ntsvcs_calls[] = { static const char * const ntsvcs_endpoint_strings[] = { "ncacn_np:[\\pipe\\ntsvcs]", - "ncacn_np:[\\pipe\\plugplay]", + "ncacn_np:[\\pipe\\plugplay]", }; static const struct ndr_interface_string_array ntsvcs_endpoints = { diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index e1b8fd17f9..52b8c72f75 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -6,6 +6,59 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_lsa.h" #include "librpc/gen_ndr/ndr_security.h" +_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r) +{ + const char *val = NULL; + + switch (r) { + case SAM_DATABASE_DOMAIN: val = "SAM_DATABASE_DOMAIN"; break; + case SAM_DATABASE_BUILTIN: val = "SAM_DATABASE_BUILTIN"; break; + case SAM_DATABASE_PRIVS: val = "SAM_DATABASE_PRIVS"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + +_PUBLIC_ enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r) +{ + const char *val = NULL; + + switch (r) { + case SAMR_REJECT_OTHER: val = "SAMR_REJECT_OTHER"; break; + case SAMR_REJECT_TOO_SHORT: val = "SAMR_REJECT_TOO_SHORT"; break; + case SAMR_REJECT_IN_HISTORY: val = "SAMR_REJECT_IN_HISTORY"; break; + case SAMR_REJECT_COMPLEXITY: val = "SAMR_REJECT_COMPLEXITY"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + _PUBLIC_ enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); diff --git a/source3/librpc/gen_ndr/ndr_samr.h b/source3/librpc/gen_ndr/ndr_samr.h index 1f582061f9..64e09e18ef 100644 --- a/source3/librpc/gen_ndr/ndr_samr.h +++ b/source3/librpc/gen_ndr/ndr_samr.h @@ -148,6 +148,12 @@ extern const struct ndr_interface_table ndr_table_samr; #define NDR_SAMR_VALIDATEPASSWORD (0x43) #define NDR_SAMR_CALL_COUNT (68) +enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r); +enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r); +void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r); +enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r); +enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r); +void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r); enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r); enum ndr_err_code ndr_pull_samr_AcctFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); void ndr_print_samr_AcctFlags(struct ndr_print *ndr, const char *name, uint32_t r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index 51cca4083b..4d9b549e75 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -8,6 +8,7 @@ #include "librpc/gen_ndr/security.h" #include "librpc/gen_ndr/nbt.h" #define netr_DeltaEnum8Bit netr_DeltaEnum +#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_netlogon #define _HEADER_netlogon @@ -15,6 +16,8 @@ #define DS_GFTI_UPDATE_TDO ( 0x1 ) enum netr_DeltaEnum8Bit; +enum netr_SamDatabaseID8Bit; + struct netr_UasInfo { const char *account_name;/* [unique,charset(UTF16)] */ uint32_t priv; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index d900c29d5e..f0bbc58e64 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -36,6 +36,38 @@ #define SAMR_ENUM_USERS_MULTIPLIER ( 54 ) #define PASS_MUST_CHANGE_AT_NEXT_LOGON ( 0x01 ) #define PASS_DONT_CHANGE_AT_NEXT_LOGON ( 0x00 ) +enum netr_SamDatabaseID +#ifndef USE_UINT_ENUMS + { + SAM_DATABASE_DOMAIN=0, + SAM_DATABASE_BUILTIN=1, + SAM_DATABASE_PRIVS=2 +} +#else + { __donnot_use_enum_netr_SamDatabaseID=0x7FFFFFFF} +#define SAM_DATABASE_DOMAIN ( 0 ) +#define SAM_DATABASE_BUILTIN ( 1 ) +#define SAM_DATABASE_PRIVS ( 2 ) +#endif +; + +enum samr_RejectReason +#ifndef USE_UINT_ENUMS + { + SAMR_REJECT_OTHER=0, + SAMR_REJECT_TOO_SHORT=1, + SAMR_REJECT_IN_HISTORY=2, + SAMR_REJECT_COMPLEXITY=5 +} +#else + { __donnot_use_enum_samr_RejectReason=0x7FFFFFFF} +#define SAMR_REJECT_OTHER ( 0 ) +#define SAMR_REJECT_TOO_SHORT ( 1 ) +#define SAMR_REJECT_IN_HISTORY ( 2 ) +#define SAMR_REJECT_COMPLEXITY ( 5 ) +#endif +; + /* bitmap samr_AcctFlags */ #define ACB_DISABLED ( 0x00000001 ) #define ACB_HOMDIRREQ ( 0x00000002 ) -- cgit From 114f519233cd37bfd623db820e888469c75fab26 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 17:14:06 +0100 Subject: Fix the offset checks in the trans routines This fixes a potential crash bug, a client can make us read memory we should not read. Luckily I got the disp checks right... Volker (cherry picked from commit 64a1d80851da5b05e70ec6c96f6e9bd473748369) (cherry picked from commit f04c5650a3aeca23591ddc781c4b297caaf9bb3f) --- source3/smbd/ipc.c | 6 +++--- source3/smbd/nttrans.c | 6 +++--- source3/smbd/trans2.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 26a4212ec9..a617756a53 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -769,10 +769,10 @@ void reply_transs(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8a18c87903..329ba23ddd 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2818,10 +2818,10 @@ void reply_nttranss(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index c385c6ccb1..0c63588ccc 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7811,10 +7811,10 @@ void reply_transs2(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } -- cgit From 5aebfd9086eead8aad526827661ab10679414891 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 09:44:51 +0100 Subject: s4-smbtorture: fix some build warnings. Guenther --- source4/torture/rpc/svcctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 0e440a3621..8d8f43a0cf 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -91,7 +91,7 @@ static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerp buffer = talloc(tctx, uint8_t); r.in.handle = &s; - r.in.info_level = 0; + r.in.info_level = info_level; r.in.buf_size = buf_size; r.out.buffer = buffer; r.out.bytes_needed = &bytes_needed; @@ -124,7 +124,7 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp struct policy_handle h, s; NTSTATUS status; - uint32_t info_level = 0; + uint32_t info_level = 1; uint8_t *buffer; uint32_t buf_size = 0; uint32_t bytes_needed = 0; @@ -138,7 +138,7 @@ static bool test_QueryServiceConfig2W(struct torture_context *tctx, struct dcerp buffer = talloc(tctx, uint8_t); r.in.handle = &s; - r.in.info_level = 1; + r.in.info_level = info_level; r.in.buf_size = buf_size; r.out.buffer = buffer; r.out.bytes_needed = &bytes_needed; -- cgit From e09f658be72b6304e541da02dce843de79488d1c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:18:39 +0100 Subject: s3-samr: add init_samr_user_info5. Guenther --- source3/include/proto.h | 19 +++++++++++++++++ source3/rpc_client/init_samr.c | 47 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index a02672351c..73be87b6fc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5644,6 +5644,25 @@ void init_samr_alias_info1(struct samr_AliasInfoAll *r, const char *description); void init_samr_alias_info3(struct lsa_String *r, const char *description); +void init_samr_user_info5(struct samr_UserInfo5 *r, + const char *account_name, + const char *full_name, + uint32_t rid, + uint32_t primary_gid, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + NTTIME last_logon, + NTTIME last_logoff, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + NTTIME last_password_change, + NTTIME acct_expiry, + uint32_t acct_flags); void init_samr_user_info7(struct samr_UserInfo7 *r, const char *account_name); void init_samr_user_info9(struct samr_UserInfo9 *r, diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 283be0d98b..43809c03d1 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -251,6 +251,53 @@ void init_samr_alias_info3(struct lsa_String *r, init_lsa_String(r, description); } +/******************************************************************* + inits a samr_UserInfo5 structure. +********************************************************************/ + +void init_samr_user_info5(struct samr_UserInfo5 *r, + const char *account_name, + const char *full_name, + uint32_t rid, + uint32_t primary_gid, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + NTTIME last_logon, + NTTIME last_logoff, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + NTTIME last_password_change, + NTTIME acct_expiry, + uint32_t acct_flags) +{ + DEBUG(5, ("init_samr_user_info5\n")); + + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + r->rid = rid; + r->primary_gid = primary_gid; + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->description, description); + init_lsa_String(&r->workstations, workstations); + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->logon_hours = logon_hours; + r->bad_password_count = bad_password_count; + r->logon_count = logon_count; + r->last_password_change = last_password_change; + r->acct_expiry = acct_expiry; + r->acct_flags = acct_flags; +} + + /******************************************************************* inits a samr_UserInfo7 structure. ********************************************************************/ -- cgit From bed91c0e463ed425288f7b4223739108c1fced45 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:21:37 +0100 Subject: s3-samr: add support for _samr_QueryUserInfo level 5. Guenther --- source3/rpc_server/srv_samr_nt.c | 108 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index ba9d911c2b..0623dfb4f9 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2248,6 +2248,108 @@ static NTSTATUS init_samr_parameters_string(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx, + struct samr_UserInfo5 *r, + DOM_SID *user_sid, + DOM_SID *domain_sid) +{ + struct samu *pw = NULL; + bool ret; + const DOM_SID *sid_user, *sid_group; + uint32_t rid, primary_gid; + NTTIME last_logon, last_logoff, last_password_change, + acct_expiry; + const char *account_name, *full_name, *home_directory, *home_drive, + *logon_script, *profile_path, *description, + *workstations, *comment; + struct samr_LogonHours logon_hours; + + ZERO_STRUCTP(r); + + if (!(pw = samu_new(mem_ctx))) { + return NT_STATUS_NO_MEMORY; + } + + become_root(); + ret = pdb_getsampwsid(pw, user_sid); + unbecome_root(); + + if (ret == False) { + DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(pw); + return NT_STATUS_NO_SUCH_USER; + } + + samr_clear_sam_passwd(pw); + + DEBUG(3,("User:[%s]\n", pdb_get_username(pw))); + + sid_user = pdb_get_user_sid(pw); + + if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) { + DEBUG(0, ("get_user_info_5: User %s has SID %s, \nwhich conflicts with " + "the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_user), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } + + become_root(); + sid_group = pdb_get_group_sid(pw); + unbecome_root(); + + if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) { + DEBUG(0, ("get_user_info_5: User %s has Primary Group SID %s, \n" + "which conflicts with the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_group), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } + + unix_to_nt_time(&last_logon, pdb_get_logon_time(pw)); + unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw)); + unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw)); + unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw)); + + account_name = talloc_strdup(mem_ctx, pdb_get_username(pw)); + full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw)); + home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw)); + home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw)); + logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw)); + profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw)); + description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw)); + workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw)); + comment = talloc_strdup(mem_ctx, pdb_get_comment(pw)); + + logon_hours = get_logon_hours_from_pdb(mem_ctx, pw); + + init_samr_user_info5(r, + account_name, + full_name, + rid, + primary_gid, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + last_logon, + last_logoff, + logon_hours, + pdb_get_bad_password_count(pw), + pdb_get_logon_count(pw), + last_password_change, + acct_expiry, + pdb_get_acct_ctrl(pw)); + + TALLOC_FREE(pw); + + return NT_STATUS_OK; +} + /************************************************************************* get_user_info_7. Safe. Only gives out account_name. *************************************************************************/ @@ -2677,6 +2779,12 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level)); switch (r->in.level) { + case 5: + status = get_user_info_5(p->mem_ctx, &user_info->info5, &info->sid, &domain_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + break; case 7: status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid); if (!NT_STATUS_IS_OK(status)) { -- cgit From 9c2ed82d07a4c989896610d91aa2ff1614c579aa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 15:50:28 +0100 Subject: s3-samr: support samr_QueryUserInfo2 as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 0623dfb4f9..b0c317f22b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2837,6 +2837,21 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, return status; } +/**************************************************************** +****************************************************************/ + +NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, + struct samr_QueryUserInfo2 *r) +{ + struct samr_QueryUserInfo u; + + u.in.user_handle = r->in.user_handle; + u.in.level = r->in.level; + u.out.info = r->out.info; + + return _samr_QueryUserInfo(p, &u); +} + /******************************************************************* _samr_GetGroupsForUser ********************************************************************/ @@ -6012,16 +6027,6 @@ NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, - struct samr_QueryUserInfo2 *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p, struct samr_AddMultipleMembersToAlias *r) { -- cgit From 5f9524a9561ba3b29113ac0d2894617f1c6c40e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 15:51:35 +0100 Subject: s3-samr: support samr_CreateUser as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index b0c317f22b..4b8fa67208 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3396,6 +3396,26 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + +NTSTATUS _samr_CreateUser(pipes_struct *p, + struct samr_CreateUser *r) +{ + struct samr_CreateUser2 c; + uint32_t access_granted; + + c.in.domain_handle = r->in.domain_handle; + c.in.account_name = r->in.account_name; + c.in.acct_flags = ACB_NORMAL; + c.in.access_mask = r->in.access_mask; + c.out.user_handle = r->out.user_handle; + c.out.access_granted = &access_granted; + c.out.rid = r->out.rid; + + return _samr_CreateUser2(p, &c); +} + /******************************************************************* _samr_Connect ********************************************************************/ @@ -5977,16 +5997,6 @@ NTSTATUS _samr_Shutdown(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _samr_CreateUser(pipes_struct *p, - struct samr_CreateUser *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p, struct samr_SetMemberAttributesOfGroup *r) { -- cgit From d94f3e3db35580af366017e100b2047b96d85a9d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:21:49 +0100 Subject: s3-samr: avoid enumeration and user creation on builtin domain handle. Guenther --- source3/rpc_server/srv_samr_nt.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b8fa67208..71eec0a59c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; + if (info->builtin_domain) { + DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n")); + return NT_STATUS_OK; + } + status = access_check_samr_function(info->acc_granted, SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_QueryDisplayInfo"); @@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, &disp_info)) return NT_STATUS_INVALID_HANDLE; + if (disp_info->builtin_domain) { + DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n")); + return NT_STATUS_ACCESS_DENIED; + } + nt_status = access_check_samr_function(acc_granted, SAMR_DOMAIN_ACCESS_CREATE_USER, "_samr_CreateUser2"); -- cgit From e398eed15a7a94d2a53d3bb865927a9db411008c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:22:39 +0100 Subject: s3-samr: fix return code for invalid name in _samr_LookupDomain. Guenther --- source3/rpc_server/srv_samr_nt.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 71eec0a59c..537d58fac1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3650,6 +3650,9 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p, } domain_name = r->in.domain_name->string; + if (!domain_name) { + return NT_STATUS_INVALID_PARAMETER; + } sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2); if (!sid) { -- cgit From 257d99d0cd441697d67b52f3e7c260c17a4a0916 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:25:46 +0100 Subject: s3-samr: fix return code for invalid password sets in SetUserInfo. Guenther --- source3/rpc_server/srv_samr_nt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 537d58fac1..332d41b1b0 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4053,7 +4053,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, &len, STR_UNICODE)) { TALLOC_FREE(pwd); - return NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_WRONG_PASSWORD; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { @@ -4410,7 +4410,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, if (!set_user_info_pw(info->info24.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; @@ -4431,7 +4431,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, } if (!set_user_info_pw(info->info25.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; @@ -4447,7 +4447,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, if (!set_user_info_pw(info->info26.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; -- cgit From 6a627b440e8b3f42db2a8a27047dd3482bad0d28 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 17:29:30 +0100 Subject: s3-samr: never allow to alter pwdlastset directly. Guenther --- source3/rpc_server/srv_samr_nt.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 332d41b1b0..c45be02ab8 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3959,6 +3959,11 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + /* we need to separately check for an account rename first */ if (id21->account_name.string && @@ -4042,6 +4047,12 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", pdb_get_username(pwd))); @@ -4220,6 +4231,11 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + copy_id25_to_sam_passwd(pwd, id25); /* write the change out */ -- cgit From 599707c87a739811ba426e44b11189e1ddba078e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 15:44:20 +0100 Subject: Remove two direct inbuf references from reply_sesssetup_and_X_spnego() --- source3/smbd/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index fde6cdc160..24a201013a 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1171,7 +1171,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) const char *p2; uint16 data_blob_len = SVAL(req->vwv+7, 0); enum remote_arch_types ra_type = get_remote_arch(); - int vuid = SVAL(req->inbuf,smb_uid); + int vuid = req->vuid; user_struct *vuser = NULL; NTSTATUS status = NT_STATUS_OK; uint16 smbpid = req->smbpid; @@ -1203,7 +1203,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) file_save("negotiate.dat", blob1.data, blob1.length); #endif - p2 = (char *)req->inbuf + smb_vwv13 + data_blob_len; + p2 = (char *)req->buf + data_blob_len; p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, STR_TERMINATE); -- cgit From 4a322398c5ffaf238eba1e7bfbe47e2d093c7c4d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:03:07 +0100 Subject: Remove an unused variable --- source3/smbd/trans2.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 0c63588ccc..3a28bd424f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7533,7 +7533,6 @@ void reply_trans2(struct smb_request *req) unsigned int psoff; unsigned int pscnt; unsigned int tran_call; - unsigned int size; unsigned int av_size; struct trans_state *state; NTSTATUS result; @@ -7551,7 +7550,6 @@ void reply_trans2(struct smb_request *req) psoff = SVAL(req->vwv+10, 0); pscnt = SVAL(req->vwv+9, 0); tran_call = SVAL(req->vwv+14, 0); - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); result = allow_new_trans(conn->pending_trans, req->mid); -- cgit From 9da3101e449649f0614240f13157ac81e17b2e90 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:14:12 +0100 Subject: Remove the variable "size" from reply_trans This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker --- source3/smbd/ipc.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a617756a53..bf9b1d87c5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -503,7 +503,6 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - unsigned int size; unsigned int av_size; START_PROFILE(SMBtrans); @@ -514,7 +513,6 @@ void reply_trans(struct smb_request *req) return; } - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); dsoff = SVAL(req->vwv+12, 0); dscnt = SVAL(req->vwv+11, 0); @@ -624,6 +622,19 @@ void reply_trans(struct smb_request *req) if (state->setup_count) { unsigned int i; + + /* + * No overflow possible here, state->setup_count is an + * unsigned int, being filled by a single byte from + * CVAL(req->vwv+13, 0) above. The cast in the comparison + * below is not necessary, it's here to clarify things. The + * validity of req->vwv and req->wct has been checked in + * init_smb_request already. + */ + if (state->setup_count + 14 > (unsigned int)req->wct) { + goto bad_param; + } + if((state->setup = TALLOC_ARRAY( state, uint16, state->setup_count)) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u " @@ -636,17 +647,10 @@ void reply_trans(struct smb_request *req) END_PROFILE(SMBtrans); return; } - if (req->inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > - req->inbuf + size) - goto bad_param; - if ((smb_vwv14+(state->setup_count*SIZEOFWORD) < smb_vwv14) || - (smb_vwv14+(state->setup_count*SIZEOFWORD) < - (state->setup_count*SIZEOFWORD))) - goto bad_param; - for (i=0;isetup_count;i++) - state->setup[i] = SVAL(req->inbuf, - smb_vwv14+i*SIZEOFWORD); + for (i=0;isetup_count;i++) { + state->setup[i] = SVAL(req->vwv + 14 + i, 0); + } } state->received_param = pscnt; -- cgit From 738271fc2026b2911b7d20a73496989641714df3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:14:12 +0100 Subject: Remove the variable "size" from reply_nttrans This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker --- source3/smbd/nttrans.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 329ba23ddd..b516f02c21 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2529,7 +2529,6 @@ void reply_nttrans(struct smb_request *req) uint16 function_code; NTSTATUS result; struct trans_state *state; - uint32_t size; uint32_t av_size; START_PROFILE(SMBnttrans); @@ -2540,7 +2539,6 @@ void reply_nttrans(struct smb_request *req) return; } - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); pscnt = IVAL(req->vwv+9, 1); psoff = IVAL(req->vwv+11, 1); @@ -2676,6 +2674,19 @@ void reply_nttrans(struct smb_request *req) if(state->setup_count > 0) { DEBUG(10,("reply_nttrans: state->setup_count = %d\n", state->setup_count)); + + /* + * No overflow possible here, state->setup_count is an + * unsigned int, being filled by a single byte from + * CVAL(req->vwv+13, 0) above. The cast in the comparison + * below is not necessary, it's here to clarify things. The + * validity of req->vwv and req->wct has been checked in + * init_smb_request already. + */ + if ((state->setup_count/2) + 19 > (unsigned int)req->wct) { + goto bad_param; + } + state->setup = (uint16 *)TALLOC(state, state->setup_count); if (state->setup == NULL) { DEBUG(0,("reply_nttrans : Out of memory\n")); @@ -2687,14 +2698,6 @@ void reply_nttrans(struct smb_request *req) return; } - if ((smb_nt_SetupStart + state->setup_count < smb_nt_SetupStart) || - (smb_nt_SetupStart + state->setup_count < state->setup_count)) { - goto bad_param; - } - if (smb_nt_SetupStart + state->setup_count > size) { - goto bad_param; - } - memcpy(state->setup, req->vwv+19, state->setup_count); dump_data(10, (uint8 *)state->setup, state->setup_count); } -- cgit From 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:48:20 +0100 Subject: Move cli_trans_oob to lib/util.c Rename it to trans_oob, it will be used in the server routines. --- source3/include/proto.h | 1 + source3/lib/util.c | 19 +++++++++++++++++++ source3/libsmb/clitrans.c | 21 ++++----------------- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 73be87b6fc..71f12a6844 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid); bool procid_valid(const struct server_id *pid); bool procid_is_local(const struct server_id *pid); int this_is_smp(void); +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length); bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); diff --git a/source3/lib/util.c b/source3/lib/util.c index 5007fb72ef..074b523ae0 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2878,6 +2878,25 @@ int this_is_smp(void) #endif } +/**************************************************************** + Check if offset/length fit into bufsize. Should probably be + merged with is_offset_safe, but this would require a rewrite + of lanman.c. Later :-) +****************************************************************/ + +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) +{ + if ((offset + length < offset) || (offset + length < length)) { + /* wrap */ + return true; + } + if ((offset > bufsize) || (offset + length > bufsize)) { + /* overflow */ + return true; + } + return false; +} + /**************************************************************** Check if an offset into a buffer is safe. If this returns True it's safe to indirect into the byte at diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index c929f0b7a9..bbdfb75fcd 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req, } } -static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) -{ - if ((offset + length < offset) || (offset + length < length)) { - /* wrap */ - return true; - } - if ((offset > bufsize) || (offset + length > bufsize)) { - /* overflow */ - return true; - } - return false; -} - static NTSTATUS cli_pull_trans(struct async_req *req, struct cli_request *cli_req, uint8_t smb_cmd, bool expect_first_reply, @@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req, * length. Likewise for param_ofs/param_disp. */ - if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) - || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param) - || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) - || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { + if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) + || trans_oob(*ptotal_param, *pparam_disp, *pnum_param) + || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) + || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } -- cgit From 2719216d60088eb3f10a2e3e968f15e8089b5491 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 17:08:57 +0100 Subject: Consolidate the buffer checks for the reply_trans style functions This is the one where I found the problem that led to 3.2.5. So if there is one checkin in the last year that I would like others to review and *understand*, it is this one :-) Volker --- source3/smbd/ipc.c | 73 ++++++++++++------------------------------------ source3/smbd/nttrans.c | 75 ++++++++++++-------------------------------------- source3/smbd/trans2.c | 75 ++++++++++++-------------------------------------- 3 files changed, 54 insertions(+), 169 deletions(-) diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bf9b1d87c5..649ead4682 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -503,7 +503,6 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - unsigned int av_size; START_PROFILE(SMBtrans); @@ -513,7 +512,6 @@ void reply_trans(struct smb_request *req) return; } - av_size = smb_len(req->inbuf); dsoff = SVAL(req->vwv+12, 0); dscnt = SVAL(req->vwv+11, 0); psoff = SVAL(req->vwv+10, 0); @@ -559,6 +557,12 @@ void reply_trans(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many. */ state->data = (char *)SMB_MALLOC(state->total_data+100); @@ -573,21 +577,16 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(&state->data[state->total_data], 0, 100); - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many */ state->param = (char *)SMB_MALLOC(state->total_param+100); @@ -603,17 +602,6 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(&state->param[state->total_param], 0, 100); - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -696,7 +684,6 @@ void reply_transs(struct smb_request *req) connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - unsigned int av_size; START_PROFILE(SMBtranss); @@ -729,8 +716,6 @@ void reply_transs(struct smb_request *req) if (SVAL(req->vwv+1, 0) < state->total_data) state->total_data = SVAL(req->vwv+1, 0); - av_size = smb_len(req->inbuf); - pcnt = SVAL(req->vwv+2, 0); poff = SVAL(req->vwv+3, 0); pdisp = SVAL(req->vwv+4, 0); @@ -747,41 +732,19 @@ void reply_transs(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index b516f02c21..fe2029eeed 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2529,7 +2529,6 @@ void reply_nttrans(struct smb_request *req) uint16 function_code; NTSTATUS result; struct trans_state *state; - uint32_t av_size; START_PROFILE(SMBnttrans); @@ -2539,7 +2538,6 @@ void reply_nttrans(struct smb_request *req) return; } - av_size = smb_len(req->inbuf); pscnt = IVAL(req->vwv+9, 1); psoff = IVAL(req->vwv+11, 1); dscnt = IVAL(req->vwv+13, 1); @@ -2616,6 +2614,12 @@ void reply_nttrans(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) { @@ -2627,21 +2631,16 @@ void reply_nttrans(struct smb_request *req) return; } - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) { @@ -2654,17 +2653,6 @@ void reply_nttrans(struct smb_request *req) return; } - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -2741,8 +2729,6 @@ void reply_nttranss(struct smb_request *req) connection_struct *conn = req->conn; uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - uint32_t av_size; - uint32_t size; START_PROFILE(SMBnttranss); @@ -2776,9 +2762,6 @@ void reply_nttranss(struct smb_request *req) state->total_data = IVAL(req->vwv+3, 1); } - size = smb_len(req->inbuf) + 4; - av_size = smb_len(req->inbuf); - pcnt = IVAL(req->vwv+5, 1); poff = IVAL(req->vwv+7, 1); pdisp = IVAL(req->vwv+9, 1); @@ -2795,41 +2778,19 @@ void reply_nttranss(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp, smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 3a28bd424f..cc8c61175b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7533,7 +7533,6 @@ void reply_trans2(struct smb_request *req) unsigned int psoff; unsigned int pscnt; unsigned int tran_call; - unsigned int av_size; struct trans_state *state; NTSTATUS result; @@ -7550,7 +7549,6 @@ void reply_trans2(struct smb_request *req) psoff = SVAL(req->vwv+10, 0); pscnt = SVAL(req->vwv+9, 0); tran_call = SVAL(req->vwv+14, 0); - av_size = smb_len(req->inbuf); result = allow_new_trans(conn->pending_trans, req->mid); if (!NT_STATUS_IS_OK(result)) { @@ -7632,6 +7630,12 @@ void reply_trans2(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ state->data = (char *)SMB_MALLOC(state->total_data); @@ -7644,21 +7648,16 @@ void reply_trans2(struct smb_request *req) return; } - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ state->param = (char *)SMB_MALLOC(state->total_param); @@ -7672,17 +7671,6 @@ void reply_trans2(struct smb_request *req) return; } - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -7730,8 +7718,6 @@ void reply_transs2(struct smb_request *req) connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - unsigned int size; - unsigned int av_size; START_PROFILE(SMBtranss2); @@ -7743,9 +7729,6 @@ void reply_transs2(struct smb_request *req) return; } - size = smb_len(req->inbuf)+4; - av_size = smb_len(req->inbuf); - for (state = conn->pending_trans; state != NULL; state = state->next) { if (state->mid == req->mid) { @@ -7783,41 +7766,19 @@ void reply_transs2(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || -- cgit From a790dcbc4ec2f3b29045ab9919cca5a9ca038e26 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 9 Nov 2008 12:07:57 +0100 Subject: Remove inbuf references from the trans2ioctl code --- source3/smbd/trans2.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cc8c61175b..4dc2001042 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7269,8 +7269,8 @@ static void call_trans2ioctl(connection_struct *conn, return; } - if ((SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL) - && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + if ((SVAL(req->vwv+16, 0) == LMCAT_SPL) + && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) { *ppdata = (char *)SMB_REALLOC(*ppdata, 32); if (*ppdata == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); @@ -7613,8 +7613,8 @@ void reply_trans2(struct smb_request *req) */ if ( (state->setup_count == 4) && (tran_call == TRANSACT2_IOCTL) - && (SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL) - && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + && (SVAL(req->vwv+16, 0) == LMCAT_SPL) + && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) { DEBUG(2,("Got Trans2 DevIOctl jobid\n")); } else { DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",state->setup_count)); -- cgit From 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 9 Nov 2008 17:25:40 +0100 Subject: Remove "conn" parameter from np_open, smb_request contains it --- source3/include/proto.h | 4 ++-- source3/rpc_server/srv_pipe_hnd.c | 5 +++-- source3/smbd/nttrans.c | 2 +- source3/smbd/pipes.c | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 71f12a6844..59df098d0d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6996,8 +6996,8 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p); void init_rpc_pipe_hnd(void); bool fsp_is_np(struct files_struct *fsp); -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, - const char *name, struct files_struct **pfsp); +NTSTATUS np_open(struct smb_request *smb_req, const char *name, + struct files_struct **pfsp); NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len, ssize_t *nwritten); NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 03a0f72b33..1cff95dcab 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1078,9 +1078,10 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, return NULL; } -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, - const char *name, struct files_struct **pfsp) +NTSTATUS np_open(struct smb_request *smb_req, const char *name, + struct files_struct **pfsp) { + struct connection_struct *conn = smb_req->conn; NTSTATUS status; struct files_struct *fsp; const char **proxy_list; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fe2029eeed..18dd7d5c26 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -284,7 +284,7 @@ static void nt_open_pipe(char *fname, connection_struct *conn, /* Strip \\ off the name. */ fname++; - status = np_open(req, conn, fname, &fsp); + status = np_open(req, fname, &fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index b52b1b02d0..261f12cb08 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -78,7 +78,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) } #endif - status = np_open(req, conn, fname, &fsp); + status = np_open(req, fname, &fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, -- cgit From 1be5be5b83d860372cf6b7aedfd6511b44d092e9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Nov 2008 16:31:49 +0100 Subject: samr: fix samr_UserInfo24 and samr_UserInfo26. Guenther --- librpc/idl/samr.idl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/librpc/idl/samr.idl b/librpc/idl/samr.idl index 6ef069ac4b..140782cdae 100644 --- a/librpc/idl/samr.idl +++ b/librpc/idl/samr.idl @@ -971,7 +971,7 @@ import "misc.idl", "lsa.idl", "security.idl"; typedef struct { samr_CryptPassword password; - uint8 pw_len; + uint8 password_expired; } samr_UserInfo24; typedef [flag(NDR_PAHEX)] struct { @@ -985,7 +985,7 @@ import "misc.idl", "lsa.idl", "security.idl"; typedef struct { samr_CryptPasswordEx password; - uint8 pw_len; + uint8 password_expired; } samr_UserInfo26; typedef [switch_type(uint16)] union { -- cgit From 408cd5b09d5079d73f0ea8819a4505a04e40f8ea Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Nov 2008 16:32:18 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/ndr_samr.c | 12 ++++++------ source3/librpc/gen_ndr/samr.h | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index 52b8c72f75..40082e7f04 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -3014,7 +3014,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo24(struct ndr_push *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3026,7 +3026,7 @@ static enum ndr_err_code ndr_pull_samr_UserInfo24(struct ndr_pull *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3038,7 +3038,7 @@ _PUBLIC_ void ndr_print_samr_UserInfo24(struct ndr_print *ndr, const char *name, ndr_print_struct(ndr, name, "samr_UserInfo24"); ndr->depth++; ndr_print_samr_CryptPassword(ndr, "password", &r->password); - ndr_print_uint8(ndr, "pw_len", r->pw_len); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } @@ -3127,7 +3127,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo26(struct ndr_push *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); NDR_CHECK(ndr_push_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3139,7 +3139,7 @@ static enum ndr_err_code ndr_pull_samr_UserInfo26(struct ndr_pull *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); NDR_CHECK(ndr_pull_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3151,7 +3151,7 @@ _PUBLIC_ void ndr_print_samr_UserInfo26(struct ndr_print *ndr, const char *name, ndr_print_struct(ndr, name, "samr_UserInfo26"); ndr->depth++; ndr_print_samr_CryptPasswordEx(ndr, "password", &r->password); - ndr_print_uint8(ndr, "pw_len", r->pw_len); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index f0bbc58e64..9e7e3c5c69 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -554,7 +554,7 @@ struct samr_UserInfo23 { struct samr_UserInfo24 { struct samr_CryptPassword password; - uint8_t pw_len; + uint8_t password_expired; }; struct samr_CryptPasswordEx { @@ -568,7 +568,7 @@ struct samr_UserInfo25 { struct samr_UserInfo26 { struct samr_CryptPasswordEx password; - uint8_t pw_len; + uint8_t password_expired; }; union samr_UserInfo { -- cgit From 4d7485df96b45054aa8f4fcac38b25847f34ca87 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Nov 2008 18:49:37 +0100 Subject: s3-samr: fix init_samr_user_info{23,24} callers. Guenther --- source3/include/proto.h | 7 +++---- source3/libnet/libnet_join.c | 3 ++- source3/rpc_client/init_samr.c | 13 ++++++------- source3/utils/net_rpc.c | 2 +- source3/utils/net_rpc_join.c | 3 ++- 5 files changed, 14 insertions(+), 14 deletions(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 59df098d0d..0087b5bb4d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5733,11 +5733,10 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint8_t nt_password_set, uint8_t lm_password_set, uint8_t password_expired, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf); void init_samr_user_info24(struct samr_UserInfo24 *r, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bd127f8607..498c7af3f0 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -941,7 +941,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, &cli->user_session_key, &crypt_pwd); - init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24); + init_samr_user_info24(&user_info.info24, &crypt_pwd, + PASS_DONT_CHANGE_AT_NEXT_LOGON); status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 43809c03d1..19dd0b3c09 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -457,8 +457,7 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint8_t nt_password_set, uint8_t lm_password_set, uint8_t password_expired, - uint8_t data[516], - uint8_t pw_len) + struct samr_CryptPassword *pwd_buf) { memset(r, '\0', sizeof(*r)); init_samr_user_info21(&r->info, @@ -491,7 +490,7 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, lm_password_set, password_expired); - memcpy(r->password.data, data, sizeof(r->password.data)); + r->password = *pwd_buf; } /************************************************************************* @@ -499,13 +498,13 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, *************************************************************************/ void init_samr_user_info24(struct samr_UserInfo24 *r, - uint8_t data[516], - uint8_t pw_len) + struct samr_CryptPassword *pwd_buf, + uint8_t password_expired) { DEBUG(10, ("init_samr_user_info24:\n")); - memcpy(r->password.data, data, sizeof(r->password.data)); - r->pw_len = pw_len; + r->password = *pwd_buf; + r->password_expired = password_expired; } /************************************************************************* diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 8c79cea021..3c8ce0326e 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5253,7 +5253,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, hours, 0, 0, 0, 0, 0, 0, 0, - crypt_pwd.data, 24); + &crypt_pwd); result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 2fe464a000..8070a6282b 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -339,7 +339,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) &cli->user_session_key, &crypt_pwd); - init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24); + init_samr_user_info24(&set_info.info24, &crypt_pwd, + PASS_DONT_CHANGE_AT_NEXT_LOGON); CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, -- cgit From 296fae7561bf1ec425b884bd7d1f914b7faac36a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 17:45:01 +0100 Subject: s4-samr: fix samr passwdord_expired callers. Guenther --- source4/libnet/libnet_passwd.c | 5 ++--- source4/torture/rpc/samba3rpc.c | 8 ++++++-- source4/torture/rpc/samr.c | 5 ++--- source4/torture/rpc/testjoin.c | 2 +- 4 files changed, 11 insertions(+), 9 deletions(-) diff --git a/source4/libnet/libnet_passwd.c b/source4/libnet/libnet_passwd.c index 976606e72c..80de6134b5 100644 --- a/source4/libnet/libnet_passwd.c +++ b/source4/libnet/libnet_passwd.c @@ -307,7 +307,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_26(struct libnet_context *ctx, TA /* prepare samr_SetUserInfo2 level 26 */ ZERO_STRUCT(u_info); encode_pw_buffer(u_info.info26.password.data, r->samr_handle.in.newpassword, STR_UNICODE); - u_info.info26.pw_len = strlen(r->samr_handle.in.newpassword); + u_info.info26.password_expired = 0; status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key); if (!NT_STATUS_IS_OK(status)) { @@ -410,8 +410,7 @@ static NTSTATUS libnet_SetPassword_samr_handle_24(struct libnet_context *ctx, TA /* prepare samr_SetUserInfo2 level 24 */ ZERO_STRUCT(u_info); encode_pw_buffer(u_info.info24.password.data, r->samr_handle.in.newpassword, STR_UNICODE); - /* w2k3 ignores this length */ - u_info.info24.pw_len = strlen_m(r->samr_handle.in.newpassword)*2; + u_info.info24.password_expired = 0; status = dcerpc_fetch_session_key(r->samr_handle.in.dcerpc_pipe, &session_key); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/samba3rpc.c b/source4/torture/rpc/samba3rpc.c index 1148262dfe..f1e7e5a367 100644 --- a/source4/torture/rpc/samba3rpc.c +++ b/source4/torture/rpc/samba3rpc.c @@ -768,6 +768,10 @@ static bool join3(struct smbcli_state *cli, i21->acct_flags = ACB_WSTRUST; i21->fields_present = SAMR_FIELD_FULL_NAME | SAMR_FIELD_ACCT_FLAGS | SAMR_FIELD_PASSWORD; + /* this would break the test result expectations + i21->fields_present |= SAMR_FIELD_EXPIRED_FLAG; + i21->password_expired = 1; + */ encode_pw_buffer(u_info.info25.password.data, cli_credentials_get_password(wks_creds), @@ -808,8 +812,8 @@ static bool join3(struct smbcli_state *cli, encode_pw_buffer(u_info.info24.password.data, cli_credentials_get_password(wks_creds), STR_UNICODE); - u_info.info24.pw_len = - strlen_m(cli_credentials_get_password(wks_creds))*2; + /* just to make this test pass */ + u_info.info24.password_expired = 1; status = dcerpc_fetch_session_key(samr_pipe, &session_key); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 87690178a7..6115c0c2a1 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -570,8 +570,7 @@ static bool test_SetUserPass(struct dcerpc_pipe *p, struct torture_context *tctx s.in.level = 24; encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE); - /* w2k3 ignores this length */ - u.info24.pw_len = strlen_m(newpass) * 2; + u.info24.password_expired = 0; status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { @@ -709,7 +708,7 @@ static bool test_SetUserPassEx(struct dcerpc_pipe *p, struct torture_context *tc s.in.level = 26; encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE); - u.info26.pw_len = strlen(newpass); + u.info26.password_expired = 0; status = dcerpc_fetch_session_key(p, &session_key); if (!NT_STATUS_IS_OK(status)) { diff --git a/source4/torture/rpc/testjoin.c b/source4/torture/rpc/testjoin.c index 3b56d5b0ad..c93358015c 100644 --- a/source4/torture/rpc/testjoin.c +++ b/source4/torture/rpc/testjoin.c @@ -247,7 +247,7 @@ again: s.in.level = 24; encode_pw_buffer(u.info24.password.data, random_pw, STR_UNICODE); - u.info24.pw_len = strlen(random_pw); + u.info24.password_expired = 0; status = dcerpc_fetch_session_key(join->p, &session_key); if (!NT_STATUS_IS_OK(status)) { -- cgit From 206375c8cf802582eec94bc9fb5f71f9b89650f1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 01:56:09 +0100 Subject: s4-smbtorture: add samr_rand_pass_silent. Guenther --- source4/torture/rpc/samr.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 6115c0c2a1..808eac0a89 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -508,12 +508,19 @@ static bool test_SetUserInfo(struct dcerpc_pipe *p, struct torture_context *tctx /* generate a random password for password change tests */ -static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len) +static char *samr_rand_pass_silent(TALLOC_CTX *mem_ctx, int min_len) { size_t len = MAX(8, min_len) + (random() % 6); char *s = generate_random_str(mem_ctx, len); + return s; +} + +static char *samr_rand_pass(TALLOC_CTX *mem_ctx, int min_len) +{ + char *s = samr_rand_pass_silent(mem_ctx, min_len); printf("Generated password '%s'\n", s); return s; + } /* -- cgit From bd95b6b4160760b33bedb14b247fa302507962a4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 12:04:09 +0100 Subject: s4-smbtorture: add test_SetUserPass_level_ex. Guenther --- source4/torture/rpc/samr.c | 131 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 808eac0a89..02124e6f04 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -846,6 +846,137 @@ static bool test_SetUserPass_25(struct dcerpc_pipe *p, struct torture_context *t return ret; } +static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + uint16_t level, + uint32_t fields_present, + char **password, uint8_t password_expired, + bool use_setinfo2, NTSTATUS expected_error) +{ + NTSTATUS status; + struct samr_SetUserInfo s; + struct samr_SetUserInfo2 s2; + union samr_UserInfo u; + bool ret = true; + DATA_BLOB session_key; + DATA_BLOB confounded_session_key = data_blob_talloc(tctx, NULL, 16); + struct MD5Context ctx; + uint8_t confounder[16]; + char *newpass; + struct samr_GetUserPwInfo pwp; + struct samr_PwInfo info; + int policy_min_pw_len = 0; + pwp.in.user_handle = handle; + pwp.out.info = &info; + + status = dcerpc_samr_GetUserPwInfo(p, tctx, &pwp); + if (NT_STATUS_IS_OK(status)) { + policy_min_pw_len = pwp.out.info->min_password_length; + } + newpass = samr_rand_pass_silent(tctx, policy_min_pw_len); + + if (use_setinfo2) { + s2.in.user_handle = handle; + s2.in.info = &u; + s2.in.level = level; + } else { + s.in.user_handle = handle; + s.in.info = &u; + s.in.level = level; + } + + ZERO_STRUCT(u); + + switch (level) { + case 21: + u.info21.fields_present = fields_present; + u.info21.password_expired = password_expired; + + break; + case 23: + u.info23.info.fields_present = fields_present; + u.info23.info.password_expired = password_expired; + + encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE); + + break; + case 24: + u.info24.password_expired = password_expired; + + encode_pw_buffer(u.info24.password.data, newpass, STR_UNICODE); + + break; + case 25: + u.info25.info.fields_present = fields_present; + u.info25.info.password_expired = password_expired; + + encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE); + + break; + case 26: + u.info26.password_expired = password_expired; + + encode_pw_buffer(u.info26.password.data, newpass, STR_UNICODE); + + break; + } + + status = dcerpc_fetch_session_key(p, &session_key); + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo level %u - no session key - %s\n", + s.in.level, nt_errstr(status)); + return false; + } + + generate_random_buffer((uint8_t *)confounder, 16); + + MD5Init(&ctx); + MD5Update(&ctx, confounder, 16); + MD5Update(&ctx, session_key.data, session_key.length); + MD5Final(confounded_session_key.data, &ctx); + + switch (level) { + case 23: + arcfour_crypt_blob(u.info23.password.data, 516, &session_key); + break; + case 24: + arcfour_crypt_blob(u.info24.password.data, 516, &session_key); + break; + case 25: + arcfour_crypt_blob(u.info25.password.data, 516, &confounded_session_key); + memcpy(&u.info25.password.data[516], confounder, 16); + break; + case 26: + arcfour_crypt_blob(u.info26.password.data, 516, &confounded_session_key); + memcpy(&u.info26.password.data[516], confounder, 16); + break; + } + + if (use_setinfo2) { + status = dcerpc_samr_SetUserInfo2(p, tctx, &s2); + } else { + status = dcerpc_samr_SetUserInfo(p, tctx, &s); + } + + if (NT_STATUS_IS_ERR(expected_error)) { + torture_assert_ntstatus_equal(tctx, status, expected_error, ""); + return true; + } + + if (!NT_STATUS_IS_OK(status)) { + printf("SetUserInfo%s level %u failed - %s\n", + use_setinfo2 ? "2":"", level, nt_errstr(status)); + ret = false; + } else { + if (level != 21) { + *password = newpass; + } + } + + return ret; +} + static bool test_SetAliasInfo(struct dcerpc_pipe *p, struct torture_context *tctx, struct policy_handle *handle) { -- cgit From 89ad20789cd3e3418cd22dd7b40f72fecf9f4c8d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 02:46:25 +0100 Subject: s4-smbtorture: add test for samr password_expired flag while setting passwords. Guenther --- source4/torture/rpc/samr.c | 402 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 401 insertions(+), 1 deletion(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 02124e6f04..b0dac39f2b 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -29,6 +29,8 @@ #include "libcli/security/security.h" #include "torture/rpc/rpc.h" +#include + #define TEST_ACCOUNT_NAME "samrtorturetest" #define TEST_ALIASNAME "samrtorturetestalias" #define TEST_GROUPNAME "samrtorturetestgroup" @@ -2270,6 +2272,399 @@ static bool test_TestPrivateFunctionsUser(struct dcerpc_pipe *p, struct torture_ return true; } +static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + bool use_info2, + NTTIME *pwdlastset) +{ + NTSTATUS status; + uint16_t levels[] = { /* 3, */ 5, 21 }; + int i; + NTTIME pwdlastset3 = 0; + NTTIME pwdlastset5 = 0; + NTTIME pwdlastset21 = 0; + + torture_comment(tctx, "Testing QueryUserInfo%s level 5 and 21 call ", + use_info2 ? "2":""); + + for (i=0; iinfo3.last_password_change; + break; + case 5: + pwdlastset5 = info->info5.last_password_change; + break; + case 21: + pwdlastset21 = info->info21.last_password_change; + break; + default: + return false; + } + } + /* torture_assert_int_equal(tctx, pwdlastset3, pwdlastset5, + "pwdlastset mixup"); */ + torture_assert_int_equal(tctx, pwdlastset5, pwdlastset21, + "pwdlastset mixup"); + + *pwdlastset = pwdlastset21; + + torture_comment(tctx, "(pwdlastset: %lld)\n", *pwdlastset); + + return true; +} + +static bool test_SetPassword_level(struct dcerpc_pipe *p, + struct torture_context *tctx, + struct policy_handle *handle, + uint16_t level, + uint32_t fields_present, + uint8_t password_expired, + NTSTATUS expected_error, + bool use_setinfo2, + char **password, + bool use_queryinfo2, + NTTIME *pwdlastset) +{ + const char *fields = NULL; + bool ret = true; + + switch (level) { + case 21: + case 23: + case 25: + fields = talloc_asprintf(tctx, "(fields_present: 0x%08x)", + fields_present); + break; + default: + break; + } + + torture_comment(tctx, "Testing SetUserInfo%s level %d call " + "(password_expired: %d) %s\n", + use_setinfo2 ? "2":"", level, password_expired, + fields ? fields : ""); + + switch (level) { + case 21: + case 23: + case 24: + case 25: + case 26: + if (!test_SetUserPass_level_ex(p, tctx, handle, level, + fields_present, + password, + password_expired, + use_setinfo2, + expected_error)) { + ret = false; + } + break; + default: + return false; + } + + if (!test_QueryUserInfo_pwdlastset(p, tctx, handle, + use_queryinfo2, + pwdlastset)) { + ret = false; + } + + return ret; +} + +static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, + struct torture_context *tctx, + uint32_t acct_flags, + struct policy_handle *handle, + char **password) +{ + int i, s, q; + bool ret = true; + int delay = 500000; + bool set_levels[] = { false, true }; + bool query_levels[] = { false, true }; + + struct { + uint16_t level; + uint8_t password_expired_nonzero; + uint32_t fields_present; + bool query_info2; + bool set_info2; + NTSTATUS set_error; + } pwd_tests[] = { + + /* level 21 */ + { + .level = 21, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_EXPIRED_FLAG + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, + .set_error = NT_STATUS_ACCESS_DENIED +#if 0 + /* FIXME */ + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 | + SAMR_FIELD_LAST_PWD_CHANGE, + .query_info2 = false, + .set_error = NT_STATUS_ACCESS_DENIED +#endif + + /* level 23 */ + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_EXPIRED_FLAG + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, + .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_LAST_PWD_CHANGE | + SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2, + .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_LAST_PWD_CHANGE | + SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 | + SAMR_FIELD_EXPIRED_FLAG, + .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 | + SAMR_FIELD_EXPIRED_FLAG + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 + },{ + + /* level 24 */ + + .level = 24, + .password_expired_nonzero = 1 + },{ + .level = 24, + .password_expired_nonzero = 24 + },{ + + /* level 25 */ + + .level = 25, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, + .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 25, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_EXPIRED_FLAG, + },{ + .level = 25, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 | + SAMR_FIELD_EXPIRED_FLAG + },{ + .level = 25, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_PASSWORD | + SAMR_FIELD_PASSWORD2 + },{ + + /* level 26 */ + + .level = 26, + .password_expired_nonzero = 1 + },{ + .level = 26, + .password_expired_nonzero = 24 + } + }; + + if (torture_setting_bool(tctx, "samba3", false)) { + delay = 1000000; + printf("Samba3 has second granularity, setting delay to: %d\n", + delay); + return ret; + } + + for (i=0; i= pwdlastset_new) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n", + pwdlastset_old, pwdlastset_new); + ret = false; + } + if (pwdlastset_new == 0) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected non-0 pwdlastset, got: %lld\n", + pwdlastset_new); + ret = false; + } + pwdlastset_old = pwdlastset_new; + + usleep(delay); + + /* set #3 */ + + if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, + pwd_tests[i].fields_present, + pwd_tests[i].password_expired_nonzero, + pwd_tests[i].set_error, + set_levels[s], + password, + query_levels[q], + &pwdlastset_new)) { + ret = false; + } + + if (pwdlastset_old == pwdlastset_new) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected last pwdlastset (%lld) != new pwdlastset (%lld)\n", + pwdlastset_old, pwdlastset_new); + ret = false; + } + + /* pwdlastset must be 0 afterwards, except for a level 23 and 25 + * set without the SAMR_FIELD_EXPIRED_FLAG */ + + switch (pwd_tests[i].level) { + case 23: + case 25: + if ((pwdlastset_new != 0) && + !(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG)) { + break; + } + default: + if (pwdlastset_new != 0) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected pwdLastSet 0, got %lld\n", + pwdlastset_old); + ret = false; + } + break; + } + } + } + } + + return ret; +} static bool test_user_ops(struct dcerpc_pipe *p, struct torture_context *tctx, @@ -2363,7 +2758,12 @@ static bool test_user_ops(struct dcerpc_pipe *p, ret = false; } } - + + /* test last password change timestamp behaviour */ + if (!test_SetPassword_pwdlastset(p, tctx, user_handle, &password)) { + ret = false; + } + for (i = 0; password_fields[i]; i++) { if (!test_SetUserPass_23(p, tctx, user_handle, password_fields[i], &password)) { ret = false; -- cgit From 465466e1afa70e0fa1076963ae67a96e9e5b4cbb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 12:09:39 +0100 Subject: s4-smbtorture: move test to SAMR-PASSWORDS-PWDLASTSET. Guenther --- source4/torture/rpc/rpc.c | 1 + source4/torture/rpc/samr.c | 46 +++++++++++++++++++++++++++++++++++++++++----- 2 files changed, 42 insertions(+), 5 deletions(-) diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c index 7fe5827ea1..7f6b06d000 100644 --- a/source4/torture/rpc/rpc.c +++ b/source4/torture/rpc/rpc.c @@ -395,6 +395,7 @@ NTSTATUS torture_rpc_init(void) torture_suite_add_simple_test(suite, "SAMR", torture_rpc_samr); torture_suite_add_simple_test(suite, "SAMR-USERS", torture_rpc_samr_users); torture_suite_add_simple_test(suite, "SAMR-PASSWORDS", torture_rpc_samr_passwords); + torture_suite_add_simple_test(suite, "SAMR-PASSWORDS-PWDLASTSET", torture_rpc_samr_passwords_pwdlastset); torture_suite_add_suite(suite, torture_rpc_netlogon(suite)); torture_suite_add_suite(suite, torture_rpc_remote_pac(suite)); torture_suite_add_simple_test(suite, "SAMLOGON", torture_rpc_samlogon); diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index b0dac39f2b..98e6a5a445 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -39,6 +39,7 @@ enum torture_samr_choice { TORTURE_SAMR_PASSWORDS, + TORTURE_SAMR_PASSWORDS_PWDLASTSET, TORTURE_SAMR_USER_ATTRIBUTES, TORTURE_SAMR_OTHER }; @@ -2759,11 +2760,6 @@ static bool test_user_ops(struct dcerpc_pipe *p, } } - /* test last password change timestamp behaviour */ - if (!test_SetPassword_pwdlastset(p, tctx, user_handle, &password)) { - ret = false; - } - for (i = 0; password_fields[i]; i++) { if (!test_SetUserPass_23(p, tctx, user_handle, password_fields[i], &password)) { ret = false; @@ -2819,6 +2815,23 @@ static bool test_user_ops(struct dcerpc_pipe *p, } break; + + case TORTURE_SAMR_PASSWORDS_PWDLASTSET: + + /* test last password change timestamp behaviour */ + if (!test_SetPassword_pwdlastset(p, tctx, base_acct_flags, + user_handle, &password)) { + ret = false; + } + + if (ret == true) { + torture_comment(tctx, "pwdLastSet test succeeded\n"); + } else { + torture_warning(tctx, "pwdLastSet test failed\n"); + } + + break; + case TORTURE_SAMR_OTHER: /* We just need the account to exist */ break; @@ -5036,6 +5049,7 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx, switch (which_ops) { case TORTURE_SAMR_USER_ATTRIBUTES: case TORTURE_SAMR_PASSWORDS: + case TORTURE_SAMR_PASSWORDS_PWDLASTSET: ret &= test_CreateUser2(p, tctx, &domain_handle, sid, which_ops); ret &= test_CreateUser(p, tctx, &domain_handle, &user_handle, sid, which_ops); /* This test needs 'complex' users to validate */ @@ -5383,3 +5397,25 @@ bool torture_rpc_samr_passwords(struct torture_context *torture) return ret; } +bool torture_rpc_samr_passwords_pwdlastset(struct torture_context *torture) +{ + NTSTATUS status; + struct dcerpc_pipe *p; + bool ret = true; + struct policy_handle handle; + + status = torture_rpc_connection(torture, &p, &ndr_table_samr); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + ret &= test_Connect(p, torture, &handle); + + ret &= test_EnumDomains(p, torture, &handle, + TORTURE_SAMR_PASSWORDS_PWDLASTSET); + + ret &= test_samr_handle_Close(p, torture, &handle); + + return ret; +} + -- cgit From 4b687944f382185fafccc41f3ec4737a72e55448 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 12:10:56 +0100 Subject: s4-smbtorture: allow to disable full testing of all possible opcode combinations. Guenther --- source4/torture/rpc/samr.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 98e6a5a445..86a959df7c 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2406,7 +2406,7 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, struct policy_handle *handle, char **password) { - int i, s, q; + int i, s = 0, q = 0; bool ret = true; int delay = 500000; bool set_levels[] = { false, true }; @@ -2530,10 +2530,20 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, return ret; } + /* set to 1 to enable testing for all possible opcode + (SetUserInfo, SetUserInfo2, QueryUserInfo, QueryUserInfo2) + combinations */ +#if 0 +#define TEST_SET_LEVELS 1 +#define TEST_QUERY_LEVELS 1 +#endif for (i=0; i Date: Thu, 27 Nov 2008 17:25:13 +0100 Subject: selftest: s4 does not have a pwdlastset implementation yet. Guenther --- source4/selftest/skip | 1 + 1 file changed, 1 insertion(+) diff --git a/source4/selftest/skip b/source4/selftest/skip index a3dfdbfbb7..f1500ff315 100644 --- a/source4/selftest/skip +++ b/source4/selftest/skip @@ -23,6 +23,7 @@ base.scan.maxfid raw.hold.oplock # Not a test, but a way to block other clients for a test raw.ping.pong # Needs second server to test rpc.samr_accessmask +samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet raw.scan.eamax samba4.ntvfs.cifs.raw.qfileinfo.ipc smb2.notify -- cgit From 143097d71c15c1624446b56205639e0b863d35fe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 11:15:29 +0100 Subject: s3-samr: add init_samr_user_info25 and init_samr_user_info26. Guenther --- source3/include/proto.h | 33 ++++++++++++++++ source3/rpc_client/init_samr.c | 85 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 0087b5bb4d..2dd9b61b56 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5737,6 +5737,39 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, void init_samr_user_info24(struct samr_UserInfo24 *r, struct samr_CryptPassword *pwd_buf, uint8_t password_expired); +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + struct samr_CryptPasswordEx *pwd_buf); +void init_samr_user_info26(struct samr_UserInfo26 *r, + struct samr_CryptPasswordEx *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 19dd0b3c09..473fae73af 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -507,6 +507,91 @@ void init_samr_user_info24(struct samr_UserInfo24 *r, r->password_expired = password_expired; } +/************************************************************************* + init_samr_user_info25 + *************************************************************************/ + +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + struct samr_CryptPasswordEx *pwd_buf) +{ + DEBUG(10, ("init_samr_user_info25:\n")); + + memset(r, '\0', sizeof(*r)); + init_samr_user_info21(&r->info, + last_logon, + last_logoff, + last_password_change, + acct_expiry, + allow_password_change, + force_password_change, + account_name, + full_name, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + comment, + parameters, + rid, + primary_gid, + acct_flags, + fields_present, + logon_hours, + bad_password_count, + logon_count, + country_code, + code_page, + nt_password_set, + lm_password_set, + password_expired); + + r->password = *pwd_buf; +} + +/************************************************************************* + init_samr_user_info26 + *************************************************************************/ + +void init_samr_user_info26(struct samr_UserInfo26 *r, + struct samr_CryptPasswordEx *pwd_buf, + uint8_t password_expired) +{ + DEBUG(10, ("init_samr_user_info26:\n")); + + r->password = *pwd_buf; + r->password_expired = password_expired; +} + /************************************************************************* inits a samr_CryptPasswordEx structure *************************************************************************/ -- cgit From fd2a15fa7813f5560bd7fdb9b5ed8e3880cae387 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 21:58:25 +0100 Subject: s4-smbtorture: fix RPC-SAMR-PASSWORDS-PWDLASTSET with samba3 option. Guenther --- source4/torture/rpc/samr.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index 86a959df7c..f63e66a18d 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -2527,7 +2527,6 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, delay = 1000000; printf("Samba3 has second granularity, setting delay to: %d\n", delay); - return ret; } /* set to 1 to enable testing for all possible opcode -- cgit From 1cf5c154aaab8b8c45145343e00ec452c6d0f5b5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 22:01:18 +0100 Subject: s4-smbtorture: add some more testcases to pwdlastset test. Guenther --- source4/torture/rpc/samr.c | 148 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 118 insertions(+), 30 deletions(-) diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c index f63e66a18d..01ff01674c 100644 --- a/source4/torture/rpc/samr.c +++ b/source4/torture/rpc/samr.c @@ -870,6 +870,8 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, struct samr_GetUserPwInfo pwp; struct samr_PwInfo info; int policy_min_pw_len = 0; + const char *comment = NULL; + pwp.in.user_handle = handle; pwp.out.info = &info; @@ -889,17 +891,23 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, s.in.level = level; } + if (fields_present & SAMR_FIELD_COMMENT) { + comment = talloc_asprintf(tctx, "comment: %d\n", time(NULL)); + } + ZERO_STRUCT(u); switch (level) { case 21: u.info21.fields_present = fields_present; u.info21.password_expired = password_expired; + u.info21.comment.string = comment; break; case 23: u.info23.info.fields_present = fields_present; u.info23.info.password_expired = password_expired; + u.info23.info.comment.string = comment; encode_pw_buffer(u.info23.password.data, newpass, STR_UNICODE); @@ -913,6 +921,7 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, case 25: u.info25.info.fields_present = fields_present; u.info25.info.password_expired = password_expired; + u.info25.info.comment.string = comment; encode_pw_buffer(u.info25.password.data, newpass, STR_UNICODE); @@ -962,8 +971,16 @@ static bool test_SetUserPass_level_ex(struct dcerpc_pipe *p, status = dcerpc_samr_SetUserInfo(p, tctx, &s); } - if (NT_STATUS_IS_ERR(expected_error)) { - torture_assert_ntstatus_equal(tctx, status, expected_error, ""); + if (!NT_STATUS_IS_OK(expected_error)) { + if (use_setinfo2) { + torture_assert_ntstatus_equal(tctx, + s2.out.result, + expected_error, "SetUserInfo2 failed"); + } else { + torture_assert_ntstatus_equal(tctx, + s.out.result, + expected_error, "SetUserInfo failed"); + } return true; } @@ -2431,6 +2448,16 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, .password_expired_nonzero = 1, .fields_present = SAMR_FIELD_LAST_PWD_CHANGE, .set_error = NT_STATUS_ACCESS_DENIED + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = 0, + .set_error = NT_STATUS_INVALID_PARAMETER + },{ + .level = 21, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_COMMENT, + #if 0 /* FIXME */ },{ @@ -2478,7 +2505,16 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, .level = 23, .password_expired_nonzero = 1, .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 + SAMR_FIELD_PASSWORD2, + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_COMMENT, + },{ + .level = 23, + .password_expired_nonzero = 1, + .fields_present = 0, + .set_error = NT_STATUS_INVALID_PARAMETER },{ /* level 24 */ @@ -2510,7 +2546,11 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, .level = 25, .password_expired_nonzero = 1, .fields_present = SAMR_FIELD_PASSWORD | - SAMR_FIELD_PASSWORD2 + SAMR_FIELD_PASSWORD2, + },{ + .level = 25, + .password_expired_nonzero = 1, + .fields_present = SAMR_FIELD_COMMENT, },{ /* level 26 */ @@ -2546,17 +2586,20 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, NTTIME pwdlastset_old = 0; NTTIME pwdlastset_new = 0; - /* set #1 */ - torture_comment(tctx, "------------------------------\n" "Testing pwdLastSet attribute for flags: 0x%08x " "(s: %d (l: %d), q: %d)\n", acct_flags, s, pwd_tests[i].level, q); + /* set #1 */ + + /* set a password and force password change (pwdlastset 0) by + * setting the password expired flag to a non-0 value */ + if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, pwd_tests[i].fields_present, - pwd_tests[i].password_expired_nonzero, /* will set pwdlast to 0 */ + pwd_tests[i].password_expired_nonzero, pwd_tests[i].set_error, set_levels[s], password, @@ -2570,10 +2613,11 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, continue; } - /* pwdlastset must be 0 afterwards, except for a level 23 and 25 + /* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25 * set without the SAMR_FIELD_EXPIRED_FLAG */ switch (pwd_tests[i].level) { + case 21: case 23: case 25: if ((pwdlastset_new != 0) && @@ -2598,10 +2642,12 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, /* set #2 */ + /* set a password, pwdlastset needs to get updated (increased + * value), password_expired value used here is 0 */ + if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, pwd_tests[i].fields_present, 0, - /* will normally update (increase) the pwdlast */ pwd_tests[i].set_error, set_levels[s], password, @@ -2611,27 +2657,50 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, ret = false; } - /* pwdlastset must not be 0 afterwards and must be larger then - * the old value */ + /* when a password has been changed, pwdlastset must not be 0 afterwards + * and must be larger then the old value */ - if (pwdlastset_old >= pwdlastset_new) { - torture_warning(tctx, "pwdLastSet test failed: " - "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n", - pwdlastset_old, pwdlastset_new); - ret = false; - } - if (pwdlastset_new == 0) { - torture_warning(tctx, "pwdLastSet test failed: " - "expected non-0 pwdlastset, got: %lld\n", - pwdlastset_new); - ret = false; + switch (pwd_tests[i].level) { + case 21: + case 23: + case 25: + + /* SAMR_FIELD_EXPIRED_FLAG has not been set and no + * password has been changed, old and new pwdlastset + * need to be the same value */ + + if (!(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG) && + !((pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD) || + (pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD2))) + { + torture_assert_int_equal(tctx, pwdlastset_old, + pwdlastset_new, "pwdlastset must be equal"); + break; + } + default: + if (pwdlastset_old >= pwdlastset_new) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected last pwdlastset (%lld) < new pwdlastset (%lld)\n", + pwdlastset_old, pwdlastset_new); + ret = false; + } + if (pwdlastset_new == 0) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected non-0 pwdlastset, got: %lld\n", + pwdlastset_new); + ret = false; + } } + pwdlastset_old = pwdlastset_new; usleep(delay); /* set #3 */ + /* set a password and force password change (pwdlastset 0) by + * setting the password expired flag to a non-0 value */ + if (!test_SetPassword_level(p, tctx, handle, pwd_tests[i].level, pwd_tests[i].fields_present, pwd_tests[i].password_expired_nonzero, @@ -2643,24 +2712,43 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p, ret = false; } - if (pwdlastset_old == pwdlastset_new) { - torture_warning(tctx, "pwdLastSet test failed: " - "expected last pwdlastset (%lld) != new pwdlastset (%lld)\n", - pwdlastset_old, pwdlastset_new); - ret = false; - } - - /* pwdlastset must be 0 afterwards, except for a level 23 and 25 + /* pwdlastset must be 0 afterwards, except for a level 21, 23 and 25 * set without the SAMR_FIELD_EXPIRED_FLAG */ switch (pwd_tests[i].level) { + case 21: case 23: case 25: if ((pwdlastset_new != 0) && !(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG)) { + torture_comment(tctx, "not considering a non-0 " + "pwdLastSet as a an error as the " + "SAMR_FIELD_EXPIRED_FLAG has not " + "been set\n"); + break; + } + + /* SAMR_FIELD_EXPIRED_FLAG has not been set and no + * password has been changed, old and new pwdlastset + * need to be the same value */ + + if (!(pwd_tests[i].fields_present & SAMR_FIELD_EXPIRED_FLAG) && + !((pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD) || + (pwd_tests[i].fields_present & SAMR_FIELD_PASSWORD2))) + { + torture_assert_int_equal(tctx, pwdlastset_old, + pwdlastset_new, "pwdlastset must be equal"); break; } default: + + if (pwdlastset_old == pwdlastset_new) { + torture_warning(tctx, "pwdLastSet test failed: " + "expected last pwdlastset (%lld) != new pwdlastset (%lld)\n", + pwdlastset_old, pwdlastset_new); + ret = false; + } + if (pwdlastset_new != 0) { torture_warning(tctx, "pwdLastSet test failed: " "expected pwdLastSet 0, got %lld\n", -- cgit From 42adfd1be2237bbe5430fe972143b548b42f6edb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Nov 2008 00:10:18 +0100 Subject: s3-libnetjoin: remove unused md4_trust_password, found by metze. Guenther --- source3/libnet/libnet_join.c | 5 ----- 1 file changed, 5 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 498c7af3f0..d9335b6a4b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -762,7 +762,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32_t user_rid; uint32_t acct_flags = ACB_WSTRUST; - uchar md4_trust_password[16]; struct samr_Ids user_rids; struct samr_Ids name_types; union samr_UserInfo user_info; @@ -898,10 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - /* Create a random machine account password and generate the hash */ - - E_md4hash(r->in.machine_password, md4_trust_password); - init_samr_CryptPasswordEx(r->in.machine_password, &cli->user_session_key, &crypt_pwd_ex); -- cgit From 28099876f9a39f56a54fd2540532309c0d1e2877 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Nov 2008 00:12:26 +0100 Subject: s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze. Guenther --- source3/libnet/libnet_join.c | 45 ++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d9335b6a4b..908fb78ab4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -897,10 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - init_samr_CryptPasswordEx(r->in.machine_password, - &cli->user_session_key, - &crypt_pwd_ex); - /* Fill in the additional account flags now */ acct_flags |= ACB_PWNOEXP; @@ -911,23 +907,40 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ;; } - /* Set password and account flags on machine account */ - - ZERO_STRUCT(user_info.info25); - - user_info.info25.info.fields_present = ACCT_NT_PWD_SET | - ACCT_LM_PWD_SET | - SAMR_FIELD_ACCT_FLAGS; - - user_info.info25.info.acct_flags = acct_flags; - memcpy(&user_info.info25.password.data, crypt_pwd_ex.data, - sizeof(crypt_pwd_ex.data)); + /* Set account flags on machine account */ + ZERO_STRUCT(user_info.info16); + user_info.info16.acct_flags = acct_flags; status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, &user_pol, - 25, + 16, &user_info); + if (!NT_STATUS_IS_OK(status)) { + + rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); + + libnet_join_set_error_string(mem_ctx, r, + "Failed to set account flags for machine account (%s)\n", + nt_errstr(status)); + goto done; + } + + /* Set password on machine account - first try level 26 */ + + init_samr_CryptPasswordEx(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd_ex); + + init_samr_user_info26(&user_info.info26, &crypt_pwd_ex, + PASS_DONT_CHANGE_AT_NEXT_LOGON); + + status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 26, + &user_info); + if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { /* retry with level 24 */ -- cgit From 88909acb6c462e34750c9b3b1346bec6112be5cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:25:17 +0100 Subject: fix nonempty blank lines --- source3/libsmb/cliconnect.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 1588ae3efe..b0fdc9920b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -468,7 +468,7 @@ static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob) SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); - + SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE); SSVAL(cli->outbuf,smb_vwv3,2); @@ -504,10 +504,10 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli) NT_STATUS_MORE_PROCESSING_REQUIRED)) { return blob2; } - + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); - + p = smb_buf(cli->inbuf); blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3)); @@ -696,14 +696,14 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use /* wrap it in SPNEGO */ msg1 = spnego_gen_auth(blob_out); } - + /* now send that blob on its way */ if (!cli_session_setup_blob_send(cli, msg1)) { DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n")); nt_status = NT_STATUS_UNSUCCESSFUL; } else { blob = cli_session_setup_blob_receive(cli); - + nt_status = cli_nt_error(cli); if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) { if (cli->smb_rw_error == SMB_READ_BAD_SIG) { @@ -715,7 +715,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use } data_blob_free(&msg1); } - + if (!blob.length) { if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_UNSUCCESSFUL; @@ -761,11 +761,11 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use data_blob_free(&key); if (res) { - + /* 'resign' the last message, so we get the right sequence numbers for checking the first reply from the server */ cli_calculate_sign_mac(cli, cli->outbuf); - + if (!cli_check_sign_mac(cli, cli->inbuf)) { nt_status = NT_STATUS_ACCESS_DENIED; } @@ -849,10 +849,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, if (pass && *pass) { int ret; - + use_in_memory_ccache(); ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); - + if (ret){ TALLOC_FREE(principal); DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); @@ -861,7 +861,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, return ADS_ERROR_KRB5(ret); } } - + /* If we get a bad principal, try to guess it if we have a valid host NetBIOS name. */ @@ -1132,7 +1132,7 @@ bool cli_send_tconX(struct cli_state *cli, * Non-encrypted passwords - convert to DOS codepage before using. */ passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE); - + } else { if (passlen) { memcpy(pword, pass, passlen); @@ -1175,7 +1175,7 @@ bool cli_send_tconX(struct cli_state *cli, /* almost certainly win95 - enable bug fixes */ cli->win95 = True; } - + /* Make sure that we have the optional support 16-bit field. WCT > 2 */ /* Avoids issues when connecting to Win9x boxes sharing files */ @@ -1198,11 +1198,11 @@ bool cli_tdis(struct cli_state *cli) SCVAL(cli->outbuf,smb_com,SMBtdis); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - + cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; - + if (cli_is_error(cli)) { return False; } @@ -1265,7 +1265,7 @@ bool cli_negprot(struct cli_state *cli) prots[numprots].name && prots[numprots].prot<=cli->protocol; numprots++) plength += strlen(prots[numprots].name)+2; - + cli_set_message(cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); @@ -1399,7 +1399,7 @@ bool cli_session_request(struct cli_state *cli, memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); - + /* put in the destination name */ p = cli->outbuf+len; name_mangle(cli->called .name, p, cli->called .name_type); @@ -1605,11 +1605,11 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (!my_name) my_name = global_myname(); - + if (!(cli = cli_initialise())) { return NT_STATUS_NO_MEMORY; } - + make_nmb_name(&calling, my_name, 0x0); make_nmb_name(&called , dest_host, 0x20); -- cgit From 95873566e3723ce5197b0a7a1689bc9b0b8b9dfd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:30:00 +0100 Subject: Do not build the session request if it si not used anyway --- source3/libsmb/cliconnect.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index b0fdc9920b..8b7ac7d718 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1397,6 +1397,10 @@ bool cli_session_request(struct cli_state *cli, char *p; int len = 4; + /* 445 doesn't have session request */ + if (cli->port == 445) + return True; + memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); @@ -1410,10 +1414,6 @@ bool cli_session_request(struct cli_state *cli, name_mangle(cli->calling.name, p, cli->calling.name_type); len += name_len(p); - /* 445 doesn't have session request */ - if (cli->port == 445) - return True; - /* send a session request (RFC 1002) */ /* setup the packet length * Remove four bytes from the length count, since the length -- cgit From d253a367ef04e4b00b9b87cbe61d2b19bf95a185 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:43:12 +0100 Subject: fix nonempty blank lines --- source3/include/ntlmssp.h | 5 ++--- source3/libsmb/ntlmssp.c | 54 +++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 30 deletions(-) diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index b014b2170c..f6f9563b7c 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -98,9 +98,9 @@ typedef struct ntlmssp_state DATA_BLOB lm_resp; DATA_BLOB nt_resp; DATA_BLOB session_key; - + uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */ - + void *auth_context; /** @@ -171,5 +171,4 @@ typedef struct ntlmssp_state response in at the time we want to process it. Store it here, until we need it */ DATA_BLOB stored_response; - } NTLMSSP_STATE; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index a0e54ce769..aa45fc518a 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -11,12 +11,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -60,7 +60,7 @@ static const struct ntlmssp_callbacks { void debug_ntlmssp_flags(uint32 neg_flags) { DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags)); - + if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_OEM) @@ -109,7 +109,7 @@ void debug_ntlmssp_flags(uint32 neg_flags) * Default challenge generation code. * */ - + static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) { static uchar chal[8]; @@ -122,7 +122,7 @@ static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) * Default 'we can set the challenge to anything we like' implementation * */ - + static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { return True; @@ -134,7 +134,7 @@ static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) * Does not actually do anything, as the value is always in the structure anyway. * */ - + static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { SMB_ASSERT(challenge->length == 8); @@ -277,7 +277,7 @@ void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature) ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } } - + /** * Next state function for the NTLMSSP state machine * @@ -304,7 +304,7 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, if (!in.length && ntlmssp_state->stored_response.length) { input = ntlmssp_state->stored_response; - + /* we only want to read the stored response once - overwrite it */ ntlmssp_state->stored_response = data_blob_null; } else { @@ -685,7 +685,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SAFE_FREE(workstation); data_blob_free(&encrypted_session_key); auth_flags = 0; - + /* Try again with a shorter string (Win9X truncates this packet) */ if (ntlmssp_state->unicode) { parse_string = "CdBBUUU"; @@ -753,23 +753,23 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a client challenge - + However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful. */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { struct MD5Context md5_session_nonce_ctx; SMB_ASSERT(ntlmssp_state->internal_chal.data && ntlmssp_state->internal_chal.length == 8); - + doing_ntlm2 = True; memcpy(session_nonce, ntlmssp_state->internal_chal.data, 8); memcpy(&session_nonce[8], ntlmssp_state->lm_resp.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); - + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, session_nonce_hash, 8); /* LM response is no longer useful */ @@ -812,7 +812,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); - + } else { DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n")); session_key = data_blob_null; @@ -892,7 +892,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } data_blob_free(&encrypted_session_key); - + /* Only one authentication allowed per server state. */ ntlmssp_state->expected_state = NTLMSSP_DONE; @@ -910,7 +910,7 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) TALLOC_CTX *mem_ctx; mem_ctx = talloc_init("NTLMSSP context"); - + *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); @@ -968,7 +968,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, } else { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; } - + if (ntlmssp_state->use_ntlmv2) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -1021,7 +1021,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - + data_blob_free(&server_domain_blob); DEBUG(3, ("Got challenge flags:\n")); @@ -1079,7 +1079,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* session key is all zeros */ session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16); - + /* not doing NLTM2 without a password */ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; } else if (ntlmssp_state->use_ntlmv2) { @@ -1092,7 +1092,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* TODO: if the remote server is standalone, then we should replace 'domain' with the server name as supplied above */ - + if (!SMBNTLMv2encrypt_hash(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->nt_hash, &challenge_blob, @@ -1107,14 +1107,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, uchar session_nonce[16]; uchar session_nonce_hash[16]; uchar user_session_key[16]; - + lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); generate_random_buffer(lm_response.data, 8); memset(lm_response.data+8, 0, 16); memcpy(session_nonce, challenge_blob.data, 8); memcpy(&session_nonce[8], lm_response.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8); MD5Update(&md5_session_nonce_ctx, lm_response.data, 8); @@ -1123,7 +1123,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("NTLMSSP challenge set by NTLM2\n")); DEBUG(5, ("challenge is: \n")); dump_data(5, session_nonce_hash, 8); - + nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash, session_nonce_hash, @@ -1141,11 +1141,11 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, lm_response.data); } - + nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data, nt_response.data); - + session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { @@ -1188,7 +1188,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->get_global_myname(), encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { - + return NT_STATUS_NO_MEMORY; } @@ -1216,7 +1216,7 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) TALLOC_CTX *mem_ctx; mem_ctx = talloc_init("NTLMSSP Client context"); - + *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); -- cgit From 8fc15ab96d198dce6da2324bbd589a5e9e66740e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:54:32 +0100 Subject: remove the explicit mem_ctx from ntlmssp_state, use the state itself --- source3/include/ntlmssp.h | 1 - source3/libsmb/ntlmssp.c | 87 ++++++++++++++++++++++------------------------- source3/utils/ntlm_auth.c | 7 ++-- 3 files changed, 45 insertions(+), 50 deletions(-) diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index f6f9563b7c..55b9249ea7 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -77,7 +77,6 @@ enum NTLM_MESSAGE_TYPE typedef struct ntlmssp_state { - TALLOC_CTX *mem_ctx; unsigned int ref_count; enum NTLMSSP_ROLE role; enum server_types server_role; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index aa45fc518a..cc13476935 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -148,7 +148,7 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) { - ntlmssp_state->user = talloc_strdup(ntlmssp_state->mem_ctx, user ? user : "" ); + ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" ); if (!ntlmssp_state->user) { return NT_STATUS_NO_MEMORY; } @@ -164,9 +164,9 @@ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state, const unsigned char nt_hash[16]) { ntlmssp_state->lm_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, lm_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16); ntlmssp_state->nt_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, nt_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, nt_hash, 16); if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) { TALLOC_FREE(ntlmssp_state->lm_hash); TALLOC_FREE(ntlmssp_state->nt_hash); @@ -201,7 +201,8 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password */ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { - ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain ? domain : "" ); + ntlmssp_state->domain = talloc_strdup(ntlmssp_state, + domain ? domain : "" ); if (!ntlmssp_state->domain) { return NT_STATUS_NO_MEMORY; } @@ -214,7 +215,7 @@ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) */ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) { - ntlmssp_state->workstation = talloc_strdup(ntlmssp_state->mem_ctx, workstation); + ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation); if (!ntlmssp_state->workstation) { return NT_STATUS_NO_MEMORY; } @@ -229,8 +230,9 @@ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *works NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state, DATA_BLOB response) { - ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state->mem_ctx, - response.data, response.length); + ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, + response.data, + response.length); return NT_STATUS_OK; } @@ -357,16 +359,13 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx; - (*ntlmssp_state)->ref_count--; if ((*ntlmssp_state)->ref_count == 0) { data_blob_free(&(*ntlmssp_state)->chal); data_blob_free(&(*ntlmssp_state)->lm_resp); data_blob_free(&(*ntlmssp_state)->nt_resp); - - talloc_destroy(mem_ctx); + TALLOC_FREE(*ntlmssp_state); } *ntlmssp_state = NULL; @@ -562,13 +561,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, if (target_name == NULL) return NT_STATUS_INVALID_PARAMETER; - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); - ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, cryptkey, 8); + ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, + cryptkey, 8); /* This should be a 'netbios domain -> DNS domain' mapping */ - dnsdomname = get_mydnsdomname(ntlmssp_state->mem_ctx); + dnsdomname = get_mydnsdomname(ntlmssp_state); if (!dnsdomname) { - dnsdomname = talloc_strdup(ntlmssp_state->mem_ctx, ""); + dnsdomname = talloc_strdup(ntlmssp_state, ""); } if (!dnsdomname) { return NT_STATUS_NO_MEMORY; @@ -770,7 +770,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, MD5Update(&md5_session_nonce_ctx, session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, session_nonce_hash, 8); + ntlmssp_state->chal = data_blob_talloc( + ntlmssp_state, session_nonce_hash, 8); /* LM response is no longer useful */ data_blob_free(&ntlmssp_state->lm_resp); @@ -807,7 +808,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* Handle the different session key derivation for NTLM2 */ if (doing_ntlm2) { if (user_session_key.data && user_session_key.length == 16) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); hmac_md5(user_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); @@ -820,7 +822,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { if (lm_session_key.data && lm_session_key.length >= 8) { if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -831,7 +834,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, uint8 zeros[24]; ZERO_STRUCT(zeros); session_key = data_blob_talloc( - ntlmssp_state->mem_ctx, NULL, 16); + ntlmssp_state, NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -875,9 +878,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SamOEMhash(encrypted_session_key.data, session_key.data, encrypted_session_key.length); - ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, - encrypted_session_key.data, - encrypted_session_key.length); + ntlmssp_state->session_key = data_blob_talloc( + ntlmssp_state, encrypted_session_key.data, + encrypted_session_key.length); dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length); } @@ -907,20 +910,15 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_SERVER; - (*ntlmssp_state)->mem_ctx = mem_ctx; (*ntlmssp_state)->get_challenge = get_challenge; (*ntlmssp_state)->set_challenge = set_challenge; (*ntlmssp_state)->may_set_challenge = may_set_challenge; @@ -1062,7 +1060,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state->mem_ctx, + ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state, server_domain); SAFE_FREE(server_domain); @@ -1078,7 +1076,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ZERO_STRUCT(zeros); /* session key is all zeros */ - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16); + session_key = data_blob_talloc(ntlmssp_state, zeros, 16); /* not doing NLTM2 without a password */ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; @@ -1108,7 +1106,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, uchar session_nonce_hash[16]; uchar user_session_key[16]; - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + lm_response = data_blob_talloc(ntlmssp_state, NULL, 24); generate_random_buffer(lm_response.data, 8); memset(lm_response.data+8, 0, 16); @@ -1124,12 +1122,12 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("challenge is: \n")); dump_data(5, session_nonce_hash, 8); - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash, session_nonce_hash, nt_response.data); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); SMBsesskeygen_ntv1(ntlmssp_state->nt_hash, NULL, user_session_key); hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data); @@ -1137,16 +1135,17 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, } else { /* lanman auth is insecure, it may be disabled */ if (lp_client_lanman_auth()) { - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + lm_response = data_blob_talloc(ntlmssp_state, + NULL, 24); SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, lm_response.data); } - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data, nt_response.data); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data, @@ -1174,7 +1173,9 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* Mark the new session key as the 'real' session key */ data_blob_free(&session_key); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, client_session_key, sizeof(client_session_key)); + session_key = data_blob_talloc(ntlmssp_state, + client_session_key, + sizeof(client_session_key)); } /* this generates the actual auth packet */ @@ -1213,21 +1214,15 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP Client context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_CLIENT; - (*ntlmssp_state)->mem_ctx = mem_ctx; - (*ntlmssp_state)->get_global_myname = global_myname; (*ntlmssp_state)->get_domain = lp_workgroup; diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index fbb105bfe6..8aa8e5e0f9 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -547,7 +547,8 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB if (memcmp(user_sess_key, zeros, 16) != 0) { *user_session_key = data_blob(user_sess_key, 16); } - ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name); + ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state, + unix_name); SAFE_FREE(unix_name); } else { DEBUG(NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED) ? 0 : 3, @@ -567,7 +568,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u nt_lm_owf_gen (opt_password, nt_pw, lm_pw); - nt_status = ntlm_password_check(ntlmssp_state->mem_ctx, + nt_status = ntlm_password_check(ntlmssp_state, &ntlmssp_state->chal, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, @@ -578,7 +579,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u lm_pw, nt_pw, user_session_key, lm_session_key); if (NT_STATUS_IS_OK(nt_status)) { - ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, + ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user); -- cgit From 8340d100f6048776f6fd87704a10e7c103714ae7 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 30 Nov 2008 15:51:38 -0800 Subject: Set PRESENT flag when returning NULL [SD]ACL like Windows does. This could also be handled inside each ACL VFS module, by setting the PRESENT flag when a NULL [SD]ACL is created. --- source3/smbd/nttrans.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 18dd7d5c26..777073e6ba 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1587,12 +1587,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, status = SMB_VFS_FGET_NT_ACL( fsp, security_info_wanted, &psd); } - if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); return; } + /* If the SACL/DACL is NULL, but was requested, we mark that it is + * present in the reply to match Windows behavior */ + if (psd->sacl == NULL && + security_info_wanted & SACL_SECURITY_INFORMATION) + psd->type |= SEC_DESC_SACL_PRESENT; + if (psd->dacl == NULL && + security_info_wanted & DACL_SECURITY_INFORMATION) + psd->type |= SEC_DESC_DACL_PRESENT; + sd_size = ndr_size_security_descriptor(psd, 0); DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); -- cgit From 757a1f5132747807f7870097fab358b150f2790b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:17:55 +0100 Subject: s3:winbindd/nss_info: change nss_map_{to|from}_alias to take nss_domain_entry instead of just the domain name Michael --- source3/include/nss_info.h | 10 ++++++---- source3/winbindd/idmap_ad.c | 6 +++--- source3/winbindd/idmap_adex/idmap_adex.c | 16 ++++++++-------- source3/winbindd/idmap_hash/idmap_hash.c | 6 +++--- source3/winbindd/nss_info.c | 4 ++-- source3/winbindd/nss_info_template.c | 4 ++-- 6 files changed, 24 insertions(+), 22 deletions(-) diff --git a/source3/include/nss_info.h b/source3/include/nss_info.h index e756136b76..0224be099f 100644 --- a/source3/include/nss_info.h +++ b/source3/include/nss_info.h @@ -66,10 +66,12 @@ struct nss_info_methods { TALLOC_CTX *ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, char **shell, char **gecos, gid_t *p_gid); - NTSTATUS (*map_to_alias)( TALLOC_CTX *mem_ctx, const char *domain, - const char *name, char **alias ); - NTSTATUS (*map_from_alias)( TALLOC_CTX *mem_ctx, const char *domain, - const char *alias, char **name ); + NTSTATUS (*map_to_alias)(TALLOC_CTX *mem_ctx, + struct nss_domain_entry *e, + const char *name, char **alias); + NTSTATUS (*map_from_alias)(TALLOC_CTX *mem_ctx, + struct nss_domain_entry *e, + const char *alias, char **name); NTSTATUS (*close_fn)( void ); }; diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 60a2d8642a..0f2ac5127e 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -824,7 +824,7 @@ done: *********************************************************************/ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias) { @@ -838,7 +838,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, /* Check incoming parameters */ - if ( !domain || !name || !*alias) { + if ( !e || !e->domain || !name || !*alias) { nt_status = NT_STATUS_INVALID_PARAMETER; goto done; } @@ -896,7 +896,7 @@ done: *********************************************************************/ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name ) { diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c index 7596b1cbd8..7e186ca8a1 100644 --- a/source3/winbindd/idmap_adex/idmap_adex.c +++ b/source3/winbindd/idmap_adex/idmap_adex.c @@ -329,9 +329,9 @@ static NTSTATUS _nss_adex_get_info(struct /********************************************************************** *********************************************************************/ -static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, const char - *domain, const char - *name, char **alias) +static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, + struct nss_domain_entry *e, + const char *name, char **alias) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct likewise_cell *cell = NULL; @@ -344,7 +344,7 @@ static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, const char BAIL_ON_NTSTATUS_ERROR(nt_status); } - nt_status = cell->provider->map_to_alias(mem_ctx, domain, + nt_status = cell->provider->map_to_alias(mem_ctx, e->domain, name, alias); /* go ahead and allow the cache mgr to mark this in @@ -360,9 +360,9 @@ done: /********************************************************************** *********************************************************************/ -static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, const char - *domain, const char - *alias, char **name) +static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, + struct nss_domain_entry *e, + const char *alias, char **name) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct likewise_cell *cell = NULL; @@ -376,7 +376,7 @@ static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, const char } - nt_status = cell->provider->map_from_alias(mem_ctx, domain, + nt_status = cell->provider->map_from_alias(mem_ctx, e->domain, alias, name); /* go ahead and allow the cache mgr to mark this in diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index a050f99bc8..7dd94aede0 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -304,14 +304,14 @@ done: *********************************************************************/ static NTSTATUS nss_hash_map_to_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; const char *value; - value = talloc_asprintf(mem_ctx, "%s\\%s", domain, name); + value = talloc_asprintf(mem_ctx, "%s\\%s", e->domain, name); BAIL_ON_PTR_NT_ERROR(value, nt_status); nt_status = mapfile_lookup_key(mem_ctx, value, alias); @@ -325,7 +325,7 @@ done: *********************************************************************/ static NTSTATUS nss_hash_map_from_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name) { diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 0e8cb60257..c35df4fbed 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -295,7 +295,7 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) m = p->backend->methods; - return m->map_to_alias( mem_ctx, domain, name, alias ); + return m->map_to_alias(mem_ctx, p, name, alias); } @@ -316,7 +316,7 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) m = p->backend->methods; - return m->map_from_alias( mem_ctx, domain, alias, name ); + return m->map_from_alias( mem_ctx, p, alias, name ); } /******************************************************************** diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c index d8f903ddd0..f44c73f3a6 100644 --- a/source3/winbindd/nss_info_template.c +++ b/source3/winbindd/nss_info_template.c @@ -62,7 +62,7 @@ static NTSTATUS nss_template_get_info( struct nss_domain_entry *e, *********************************************************************/ static NTSTATUS nss_template_map_to_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias ) { @@ -73,7 +73,7 @@ static NTSTATUS nss_template_map_to_alias( TALLOC_CTX *mem_ctx, *********************************************************************/ static NTSTATUS nss_template_map_from_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name ) { -- cgit From 67cc93c4a237921d2b54d20bfde5eb6754c13271 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:05:19 +0100 Subject: s3:winbindd/idmap_util: unify entering debug messages and add ouput of domain Michael --- source3/winbindd/idmap_util.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index 9f876618be..9abf425f3e 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -33,7 +33,8 @@ NTSTATUS idmap_uid_to_sid(const char *domname, DOM_SID *sid, uid_t uid) struct id_map map; bool expired; - DEBUG(10,("uid = [%lu]\n", (unsigned long)uid)); + DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n", + (unsigned long)uid, domname?domname:"NULL")); if (idmap_cache_find_uid2sid(uid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_uid2sid found %d%s\n", uid, @@ -85,7 +86,8 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid) struct id_map map; bool expired; - DEBUG(10,("gid = [%lu]\n", (unsigned long)gid)); + DEBUG(10,("idmap_gid_to_si: gid = [%lu], domain = '%s'\n", + (unsigned long)gid, domname?domname:"NULL")); if (idmap_cache_find_gid2sid(gid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid, @@ -137,7 +139,8 @@ NTSTATUS idmap_sid_to_uid(const char *dom_name, DOM_SID *sid, uid_t *uid) struct id_map map; bool expired; - DEBUG(10,("idmap_sid_to_uid: sid = [%s]\n", sid_string_dbg(sid))); + DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n", + sid_string_dbg(sid), dom_name)); if (idmap_cache_find_sid2uid(sid, uid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n", @@ -209,7 +212,8 @@ NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID *sid, gid_t *gid) struct id_map map; bool expired; - DEBUG(10,("idmap_sid_to_gid: sid = [%s]\n", sid_string_dbg(sid))); + DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n", + sid_string_dbg(sid), domname)); if (idmap_cache_find_sid2gid(sid, gid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n", -- cgit From 5f5fa28c5d95c0ab117a33061c318eabd4a92246 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:08:46 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_find_domain(). Michael --- source3/winbindd/idmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 054df9be05..0062c7588e 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -461,6 +461,9 @@ static struct idmap_domain *idmap_find_domain(const char *domname) struct idmap_domain *result; int i; + DEBUG(10, ("idmap_find_domain called for domain '%s'\n", + domname?domname:"NULL")); + /* * Always init the default domain, we can't go without one */ -- cgit From 7b4e54359fcd455c4aaf6a4c3d9f510d7ab17c02 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:40:01 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_unixid_to_sid Michael --- source3/winbindd/idmap.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 0062c7588e..3e7be8cb7a 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -728,6 +728,10 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; + DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " + "(type %d)\n", + domname?domname:"NULL", id->xid.id, id->xid.type)); + maps[0] = id; maps[1] = NULL; -- cgit From 11d5b1a21a4ca3bbc9b9233a6afb2cb4546b736e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:40:42 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_sid_to_unixid Michael --- source3/winbindd/idmap.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 3e7be8cb7a..aaba7e53ee 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -758,6 +758,9 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; + DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n", + domain?domain:"NULL", sid_string_dbg(id->sid))); + maps[0] = id; maps[1] = NULL; -- cgit From 73fddcd656718fcd2aeb1b452e4f8a8c2b19fa65 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 15:16:22 +0100 Subject: s3:winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info() in preparation to using the idmap_ad_context there Michael --- source3/winbindd/idmap_ad.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 0f2ac5127e..170c1d954e 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -725,7 +725,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *ctx, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -766,9 +766,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_gecos_attr ); if (gid) { if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) @@ -787,7 +787,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, attrs[3] = ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -801,9 +801,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_gecos_attr); if (gid) { if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) -- cgit From be233ae32a573ba5048dff9d9fa30869493cf4ff Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 22:23:34 +0100 Subject: s3:winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to common function. Michael --- source3/winbindd/idmap_ad.c | 82 ++++++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 34 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 170c1d954e..93cc7f04d8 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -666,58 +666,72 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) Initialize the {sfu,sfu20,rfc2307} state ***********************************************************************/ -static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) +static const char *wb_posix_map_unknown_string = "WB_POSIX_MAP_UNKNOWN"; +static const char *wb_posix_map_template_string = "WB_POSIX_MAP_TEMPLATE"; +static const char *wb_posix_map_sfu_string = "WB_POSIX_MAP_SFU"; +static const char *wb_posix_map_sfu20_string = "WB_POSIX_MAP_SFU20"; +static const char *wb_posix_map_rfc2307_string = "WB_POSIX_MAP_RFC2307"; +static const char *wb_posix_map_unixinfo_string = "WB_POSIX_MAP_UNIXINFO"; + +static const char *ad_map_type_string(enum wb_posix_mapping map_type) { - /* Sanity check if we have previously been called with a - different schema model */ - - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU) ) - { - DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); - return NT_STATUS_NOT_SUPPORTED; + switch (map_type) { + case WB_POSIX_MAP_TEMPLATE: + return wb_posix_map_template_string; + break; + case WB_POSIX_MAP_SFU: + return wb_posix_map_sfu_string; + break; + case WB_POSIX_MAP_SFU20: + return wb_posix_map_sfu20_string; + break; + case WB_POSIX_MAP_RFC2307: + return wb_posix_map_rfc2307_string; + break; + case WB_POSIX_MAP_UNIXINFO: + return wb_posix_map_unixinfo_string; + break; + default: + return WB_POSIX_MAP_UNKNOWN; } - - ad_map_type = WB_POSIX_MAP_SFU; - - return NT_STATUS_OK; } -static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) +static NTSTATUS nss_ad_generic_init(struct nss_domain_entry *e, + enum wb_posix_mapping new_ad_map_type) { /* Sanity check if we have previously been called with a different schema model */ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU20) ) + (ad_map_type != new_ad_map_type)) { - DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); + DEBUG(0,("nss_ad_generic_init: " + "Cannot set Posix map type to %s. " + "Map type has already been set to %s." + "Mixed schema models not supported!\n", + ad_map_type_string(new_ad_map_type), + ad_map_type_string(ad_map_type))); return NT_STATUS_NOT_SUPPORTED; } - - ad_map_type = WB_POSIX_MAP_SFU20; + + ad_map_type = new_ad_map_type; return NT_STATUS_OK; } -static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) +static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) { - /* Sanity check if we have previously been called with a - different schema model */ - - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_RFC2307) ) - { - DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); - return NT_STATUS_NOT_SUPPORTED; - } - - ad_map_type = WB_POSIX_MAP_RFC2307; + return nss_ad_generic_init(e, WB_POSIX_MAP_SFU); +} - return NT_STATUS_OK; +static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) +{ + return nss_ad_generic_init(e, WB_POSIX_MAP_SFU20); +} + +static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) +{ + return nss_ad_generic_init(e, WB_POSIX_MAP_RFC2307); } -- cgit From 484fa90aefe131d5dd67c458b365045dbf6c7e78 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 23:09:49 +0100 Subject: s3:winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661) This initial fix does at least work for explicitly configured domains. The patch has a few disadvantages: 1. It does work only for explicitly configured domains, not with the default backend (idmap backend = ad), since it relies on the domain name being passed in via the idmap_domain. One workaround for this would be to create clones of the default idmap_domain for domains not explicitly configured. 2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection. The problem here is that only the NetBIOS domain name (workgroup name) is passed in via the idmap_domain struct, and the module has to establish a connection to the domain based on that information. find_domain_from_name_noinit() has the disadvantage that it uses the state of the domain list at fork time (unless used from the main winbindd). But this should be ok as long as the primary domain was reachable at start time. For nss_info, the situation is similar - This will only work for domains explicitly configured in smb.conf as follows: "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4" Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20) will fail since the domain name is not passed in with the nss_domain_entry. Michael --- source3/winbindd/idmap_ad.c | 347 ++++++++++++++++++++++++++++---------------- 1 file changed, 221 insertions(+), 126 deletions(-) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 93cc7f04d8..967a36b3ce 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -9,6 +9,7 @@ * Copyright (C) Andrew Bartlett 2003 * Copyright (C) Gerald (Jerry) Carter 2004-2007 * Copyright (C) Luke Howard 2001-2004 + * Copyright (C) Michael Adam 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,6 +26,7 @@ */ #include "includes.h" +#include "winbindd.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -43,31 +45,39 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; + ADS_STRUCT *ads; + struct posix_schema *ad_schema; + enum wb_posix_mapping ad_map_type; /* WB_POSIX_MAP_UNKNOWN */ }; NTSTATUS init_module(void); -static ADS_STRUCT *ad_idmap_ads = NULL; -static struct posix_schema *ad_schema = NULL; -static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; - /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(void) +static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; + struct idmap_ad_context *ctx; + char *ldap_server = NULL; + char *realm = NULL; + struct winbindd_domain *wb_dom; + + DEBUG(10, ("ad_idmap_cached_connection: called for domain '%s'\n", + dom->name)); - if (ad_idmap_ads != NULL) { + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + if (ctx->ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ad_idmap_ads; + ads = ctx->ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -76,15 +86,15 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) (uint32)expire-(uint32)now, (uint32) expire, (uint32) now)); if ( ads->config.realm && (expire > time(NULL))) { - return ads; + return ADS_SUCCESS; } else { /* we own this ADS_STRUCT so make sure it goes away */ DEBUG(7,("Deleting expired krb5 credential cache\n")); ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ad_idmap_ads = NULL; - TALLOC_FREE( ad_schema ); + ctx->ads = NULL; + TALLOC_FREE( ctx->ad_schema ); } } @@ -93,9 +103,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1); } - if ( (ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL ) { + /* + * At this point we only have the NetBIOS domain name. + * Check if we can get server nam and realm from SAF cache + * and the domain list. + */ + ldap_server = saf_fetch(dom->name); + DEBUG(10, ("ldap_server from saf cache: '%s'\n", ldap_server?ldap_server:"")); + + wb_dom = find_domain_from_name_noinit(dom->name); + if (wb_dom == NULL) { + DEBUG(10, ("find_domain_from_name_noinit did not find domain '%s'\n", + dom->name)); + realm = NULL; + } else { + DEBUG(10, ("find_domain_from_name_noinit found realm '%s' for " + " domain '%s'\n", wb_dom->alt_name, dom->name)); + realm = wb_dom->alt_name; + } + + if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) { DEBUG(1,("ads_init failed\n")); - return NULL; + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } /* the machine acct password might have change - fetch it every time */ @@ -107,54 +136,57 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) /* setup server affinity */ - get_dc_name( NULL, ads->auth.realm, dc_name, &dc_ip ); + get_dc_name(dom->name, realm, dc_name, &dc_ip ); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { DEBUG(1, ("ad_idmap_init: failed to connect to AD\n")); ads_destroy(&ads); - return NULL; + return status; } ads->is_mine = False; - ad_idmap_ads = ads; + ctx->ads = ads; - return ads; + return ADS_SUCCESS; } /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(void) +static ADS_STATUS ad_idmap_cached_connection(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); - - if ( !ads ) - return NULL; + ADS_STATUS status; + struct idmap_ad_context * ctx; + + status = ad_idmap_cached_connection_internal(dom); + if (!ADS_ERR_OK(status)) { + return status; + } + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ad_schema ) - return ads; + if ( ctx->ad_schema ) { + return ADS_SUCCESS; + } /* Otherwise, set the schema model */ - if ( (ad_map_type == WB_POSIX_MAP_SFU) || - (ad_map_type == WB_POSIX_MAP_SFU20) || - (ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || + (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || + (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) { - ADS_STATUS schema_status; - - schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); - if ( !ADS_ERR_OK(schema_status) ) { + status = ads_check_posix_schema_mapping(NULL, ctx->ads, ctx->ad_map_type, &ctx->ad_schema); + if ( !ADS_ERR_OK(status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); - return NULL; } } - return ads; + return status; } /************************************************************************ @@ -190,17 +222,18 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } } + /* default map type */ + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + /* schema mode */ - if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -256,7 +289,6 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map TALLOC_CTX *memctx; struct idmap_ad_context *ctx; ADS_STATUS rc; - ADS_STRUCT *ads; const char *attrs[] = { "sAMAccountType", "objectSid", NULL, /* uidnumber */ @@ -284,14 +316,16 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { - DEBUG(1, ("ADS uninitialized\n")); + rc = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; + /* ret = ads_ntstatus(rc); */ goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -308,7 +342,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ad_schema->posix_uidnumber_attr, + ctx->ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -322,7 +356,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ad_schema->posix_gidnumber_attr, + ctx->ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -348,14 +382,14 @@ again: filter = talloc_asprintf_append_buffer(filter, ")"); CHECK_ALLOC_DONE(filter); - rc = ads_search_retry(ads, &res, filter, attrs); + rc = ads_search_retry(ctx->ads, &res, filter, attrs); if (!ADS_ERR_OK(rc)) { DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if ( (count = ads_count_replies(ads, res)) == 0 ) { + if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) { DEBUG(10, ("No IDs found\n")); } @@ -368,9 +402,9 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, entry); + entry = ads_first_entry(ctx->ads, entry); } else { /* following ones */ - entry = ads_next_entry(ads, entry); + entry = ads_next_entry(ctx->ads, entry); } if ( !entry ) { @@ -379,13 +413,13 @@ again: } /* first check if the SID is present */ - if (!ads_pull_sid(ads, entry, "objectSid", &sid)) { + if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) { DEBUG(2, ("Could not retrieve SID from entry\n")); continue; } /* get type */ - if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) { + if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) { DEBUG(1, ("could not get SAM account type\n")); continue; } @@ -405,9 +439,9 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, + if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, &id)) { DEBUG(1, ("Could not get unix ID\n")); @@ -439,7 +473,7 @@ again: } if (res) { - ads_msgfree(ads, res); + ads_msgfree(ctx->ads, res); } if (ids[idx]) { /* still some values to map */ @@ -468,7 +502,6 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map TALLOC_CTX *memctx; struct idmap_ad_context *ctx; ADS_STATUS rc; - ADS_STRUCT *ads; const char *attrs[] = { "sAMAccountType", "objectSid", NULL, /* attr_uidnumber */ @@ -495,14 +528,22 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { - DEBUG(1, ("ADS uninitialized\n")); + rc = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc))); + ret = NT_STATUS_UNSUCCESSFUL; + /* ret = ads_ntstatus(rc); */ + goto done; + } + + if (ctx->ad_schema == NULL) { + DEBUG(0, ("haven't got ctx->ad_schema ! \n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -529,14 +570,14 @@ again: CHECK_ALLOC_DONE(filter); DEBUG(10, ("Filter: [%s]\n", filter)); - rc = ads_search_retry(ads, &res, filter, attrs); + rc = ads_search_retry(ctx->ads, &res, filter, attrs); if (!ADS_ERR_OK(rc)) { DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if ( (count = ads_count_replies(ads, res)) == 0 ) { + if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) { DEBUG(10, ("No IDs found\n")); } @@ -549,9 +590,9 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, entry); + entry = ads_first_entry(ctx->ads, entry); } else { /* following ones */ - entry = ads_next_entry(ads, entry); + entry = ads_next_entry(ctx->ads, entry); } if ( !entry ) { @@ -560,7 +601,7 @@ again: } /* first check if the SID is present */ - if (!ads_pull_sid(ads, entry, "objectSid", &sid)) { + if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) { DEBUG(2, ("Could not retrieve SID from entry\n")); continue; } @@ -572,7 +613,7 @@ again: } /* get type */ - if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) { + if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) { DEBUG(1, ("could not get SAM account type\n")); continue; } @@ -592,9 +633,9 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, + if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, &id)) { DEBUG(1, ("Could not get unix ID\n")); @@ -619,7 +660,7 @@ again: } if (res) { - ads_msgfree(ads, res); + ads_msgfree(ctx->ads, res); } if (ids[idx]) { /* still some values to map */ @@ -644,16 +685,18 @@ done: static NTSTATUS idmap_ad_close(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_ads; + struct idmap_ad_context * ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ads != NULL) { + if (ctx->ads != NULL) { /* we own this ADS_STRUCT so make sure it goes away */ - ads->is_mine = True; - ads_destroy( &ads ); - ad_idmap_ads = NULL; + ctx->ads->is_mine = True; + ads_destroy( &ctx->ads ); + ctx->ads = NULL; } - TALLOC_FREE( ad_schema ); + TALLOC_FREE( ctx->ad_schema ); return NT_STATUS_OK; } @@ -678,43 +721,69 @@ static const char *ad_map_type_string(enum wb_posix_mapping map_type) switch (map_type) { case WB_POSIX_MAP_TEMPLATE: return wb_posix_map_template_string; - break; case WB_POSIX_MAP_SFU: return wb_posix_map_sfu_string; - break; case WB_POSIX_MAP_SFU20: return wb_posix_map_sfu20_string; - break; case WB_POSIX_MAP_RFC2307: return wb_posix_map_rfc2307_string; - break; case WB_POSIX_MAP_UNIXINFO: return wb_posix_map_unixinfo_string; - break; default: - return WB_POSIX_MAP_UNKNOWN; + return wb_posix_map_unknown_string; } } static NTSTATUS nss_ad_generic_init(struct nss_domain_entry *e, enum wb_posix_mapping new_ad_map_type) { - /* Sanity check if we have previously been called with a - different schema model */ + struct idmap_domain *dom; + struct idmap_ad_context *ctx; + + if (e->state != NULL) { + dom = talloc_get_type(e->state, struct idmap_domain); + } else { + dom = TALLOC_ZERO_P(e, struct idmap_domain); + if (dom == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + e->state = dom; + } + + if (e->domain != NULL) { + dom->name = talloc_strdup(dom, e->domain); + if (dom->name == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + } + + if (dom->private_data != NULL) { + ctx = talloc_get_type(dom->private_data, + struct idmap_ad_context); + } else { + ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context); + if (ctx == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + dom->private_data = ctx; + } - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != new_ad_map_type)) + if ((ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != new_ad_map_type)) { - DEBUG(0,("nss_ad_generic_init: " - "Cannot set Posix map type to %s. " - "Map type has already been set to %s." - "Mixed schema models not supported!\n", - ad_map_type_string(new_ad_map_type), - ad_map_type_string(ad_map_type))); - return NT_STATUS_NOT_SUPPORTED; + DEBUG(2, ("nss_ad_generic_init: " + "Warning: overriding previously set posix map type " + "%s for domain %s with map type %s.\n", + ad_map_type_string(ctx->ad_map_type), + dom->name, + ad_map_type_string(new_ad_map_type))); } - ad_map_type = new_ad_map_type; + ctx->ad_map_type = new_ad_map_type; return NT_STATUS_OK; } @@ -737,6 +806,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /************************************************************************ ***********************************************************************/ + static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, TALLOC_CTX *mem_ctx, @@ -747,7 +817,6 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, char **gecos, uint32 *gid ) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {NULL, /* attr_homedir */ NULL, /* attr_shell */ NULL, /* attr_gecos */ @@ -758,18 +827,24 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } - /* We are assuming that the internal ADS_STRUCT is for the - same forest as the incoming *ads pointer */ + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - ads_internal = ad_idmap_cached_connection(); + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if ( !ads_internal || !ad_schema ) { + if (!ctx->ad_schema) { + DEBUG(10, ("nss_ad_get_info: no ad_schema configured!\n")); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -780,12 +855,15 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_gecos_attr ); + DEBUG(10, ("nss_ad_get_info: using given ads connection and " + "LDAP message (%p)\n", msg)); + + *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -795,10 +873,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ad_schema->posix_homedir_attr; - attrs[1] = ad_schema->posix_shell_attr; - attrs[2] = ad_schema->posix_gecos_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + DEBUG(10, ("nss_ad_get_info: no ads connection given, doing our " + "own query\n")); + + attrs[0] = ctx->ad_schema->posix_homedir_attr; + attrs[1] = ctx->ad_schema->posix_shell_attr; + attrs[2] = ctx->ad_schema->posix_gecos_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); @@ -809,18 +890,18 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - ads_status = ads_search_retry(ads_internal, &msg_internal, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg_internal, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ctx->ads, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -828,7 +909,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, done: if (msg_internal) { - ads_msgfree(ads_internal, msg_internal); + ads_msgfree(ctx->ads, msg_internal); } return nt_status; @@ -842,13 +923,14 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, const char *name, char **alias) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {NULL, /* attr_uid */ NULL }; char *filter = NULL; LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Check incoming parameters */ @@ -864,14 +946,20 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - ads_internal = ad_idmap_cached_connection(); + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if (!ads_internal || !ad_schema) { + if (!ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ad_schema->posix_uid_attr; + attrs[0] = ctx->ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -881,13 +969,13 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - ads_status = ads_search_retry(ads_internal, &msg, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ctx->ads, mem_ctx, msg, ctx->ad_schema->posix_uid_attr); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -900,7 +988,7 @@ done: talloc_destroy(filter); } if (msg) { - ads_msgfree(ads_internal, msg); + ads_msgfree(ctx->ads, msg); } return nt_status; @@ -914,7 +1002,6 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, const char *alias, char **name ) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {"sAMAccountName", NULL }; char *filter = NULL; @@ -922,6 +1009,8 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Check incoming parameters */ @@ -937,29 +1026,35 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, goto done; } - ads_internal = ad_idmap_cached_connection(); + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if (!ads_internal || !ad_schema) { + if (!ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ad_schema->posix_uid_attr, + ctx->ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; goto done; } - ads_status = ads_search_retry(ads_internal, &msg, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - username = ads_pull_string(ads_internal, mem_ctx, msg, + username = ads_pull_string(ctx->ads, mem_ctx, msg, "sAMAccountName"); if (!username) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -980,7 +1075,7 @@ done: talloc_destroy(filter); } if (msg) { - ads_msgfree(ads_internal, msg); + ads_msgfree(ctx->ads, msg); } return nt_status; -- cgit From 82ee6d2f7d254a704574744bf9f25dcb0e2ab7cf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:50:26 +0100 Subject: s3:winbindd/idmap_ad: add entry debug message to nss_ad_get_info() Michael --- source3/winbindd/idmap_ad.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 967a36b3ce..05d7d98cae 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -830,6 +830,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, struct idmap_domain *dom; struct idmap_ad_context *ctx; + DEBUG(10, ("nss_ad_get_info called for sid [%s] in domain '%s'\n", + sid_string_dbg(sid), e->domain?e->domain:"NULL")); + /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; -- cgit From 1048c2ccbea1ce76719a6ac320ec9104e896db8f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:54:42 +0100 Subject: s3:winbindd/nss_info: add debugging to nss_init() Michael --- source3/winbindd/nss_info.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index c35df4fbed..7df1eeeb01 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -158,6 +158,9 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) continue; } + DEBUG(10, ("parsed backend = '%s', domain = '%s'\n", + backend, domain)); + /* validate the backend */ if ( (nss_backend = nss_get_backend( backend )) == NULL ) { @@ -197,6 +200,10 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) nss_domain->domain)); } + DEBUG(10, ("nss_init: nss domain initialized: " + "domain = '%s', backend = '%s'\n", + domain, backend)); + /* cleanup */ SAFE_FREE( backend ); -- cgit From 09d05bcffe9553d28876daed86ea0761f2506997 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:57:41 +0100 Subject: s3:winbindd/nss_info: add entry debug message to nss_get_info() Michael --- source3/winbindd/nss_info.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 7df1eeeb01..245274b238 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -273,6 +273,9 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) struct nss_domain_entry *p; struct nss_info_methods *m; + DEBUG(10, ("nss_get_info called for sid [%s] in domain '%s'\n", + sid_string_dbg(user_sid), domain?domain:"NULL")); + if ( (p = find_nss_domain( domain )) == NULL ) { DEBUG(4,("nss_get_info: Failed to find nss domain pointer for %s\n", domain )); -- cgit From af6f1b4085d82e44277b2505875f667065586eb6 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 23:00:19 +0100 Subject: s3:winbindd_cache: add debugging to get_nss_info_cached() Michael --- source3/winbindd/winbindd_cache.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 360e915bc4..2f4a6ffe56 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4222,7 +4222,14 @@ do_query: nt_status = nss_get_info( domain->name, user_sid, ctx, ads, msg, homedir, shell, gecos, p_gid ); + DEBUG(10, ("nss_get_info returned %s\n", nt_errstr(nt_status))); + if ( NT_STATUS_IS_OK(nt_status) ) { + DEBUG(10, ("result:\n\thomedir = '%s'\n", *homedir)); + DEBUGADD(10, ("\tshell = '%s'\n", *shell)); + DEBUGADD(10, ("\tgecos = '%s'\n", *gecos)); + DEBUGADD(10, ("\tgid = '%u'\n", *p_gid)); + wcache_save_user_pwinfo( domain, nt_status, user_sid, *homedir, *shell, *gecos, *p_gid ); } -- cgit From a7e60befdce5f6d131cbe5789cc94dbd2624fd38 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 00:56:50 +0100 Subject: s3:winbindd/nss_info: whitespace cleanup. Remove trailing spaces and fix tab / space mixup. Michael --- source3/winbindd/nss_info.c | 68 ++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 35 deletions(-) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 245274b238..29393a565e 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. Idmap NSS headers @@ -8,12 +8,12 @@ modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ @@ -48,14 +48,14 @@ static struct nss_function_entry *nss_get_backend(const char *name ) { struct nss_function_entry *entry; - if ((version != SMB_NSS_INFO_INTERFACE_VERSION)) { + if ((version != SMB_NSS_INFO_INTERFACE_VERSION)) { DEBUG(0, ("smb_register_idmap_nss: Failed to register idmap_nss module.\n" - "The module was compiled against SMB_NSS_INFO_INTERFACE_VERSION %d,\n" - "current SMB_NSS_INFO_INTERFACE_VERSION is %d.\n" - "Please recompile against the current version of samba!\n", + "The module was compiled against SMB_NSS_INFO_INTERFACE_VERSION %d,\n" + "current SMB_NSS_INFO_INTERFACE_VERSION is %d.\n" + "Please recompile against the current version of samba!\n", version, SMB_NSS_INFO_INTERFACE_VERSION)); return NT_STATUS_OBJECT_TYPE_MISMATCH; - } + } if (!name || !name[0] || !methods) { DEBUG(0,("smb_register_idmap_nss: called with NULL pointer or empty name!\n")); @@ -89,12 +89,12 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) int len; *backend = *domain = NULL; - + if ( !config ) return False; - + p = strchr( config, ':' ); - + /* if no : then the string must be the backend name only */ if ( !p ) { @@ -107,13 +107,13 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( strlen(p+1) > 0 ) { *domain = SMB_STRDUP( p+1 ); } - + len = PTR_DIFF(p,config)+1; if ( (q = SMB_MALLOC_ARRAY( char, len )) == NULL ) { SAFE_FREE( *backend ); return False; } - + StrnCpy( q, config, len-1); q[len-1] = '\0'; *backend = q; @@ -122,7 +122,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) } /******************************************************************** - Each nss backend must not store global state, but rather be able + Each nss backend must not store global state, but rather be able to initialize the state on a per domain basis. *******************************************************************/ @@ -139,12 +139,12 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( NT_STATUS_IS_OK(nss_initialized) ) return NT_STATUS_OK; - + /* The "template" backend should alqays be registered as it is a static module */ if ( (nss_backend = nss_get_backend( "template" )) == NULL ) { - static_init_nss_info; + static_init_nss_info; } /* Create the list of nss_domains (loading any shared plugins @@ -152,10 +152,10 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) for ( i=0; nss_list && nss_list[i]; i++ ) { - if ( !parse_nss_parm(nss_list[i], &backend, &domain) ) { + if ( !parse_nss_parm(nss_list[i], &backend, &domain) ) { DEBUG(0,("nss_init: failed to parse \"%s\"!\n", nss_list[i])); - continue; + continue; } DEBUG(10, ("parsed backend = '%s', domain = '%s'\n", @@ -169,17 +169,16 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( !NT_STATUS_IS_OK(status) ) { continue; } - + /* try again */ if ( (nss_backend = nss_get_backend( backend )) == NULL ) { DEBUG(0,("nss_init: unregistered backend %s!. Skipping\n", backend)); continue; } - } - /* fill in the nss_domain_entry and add it to the + /* fill in the nss_domain_entry and add it to the list of domains */ nss_domain = TALLOC_ZERO_P( nss_domain_list, struct nss_domain_entry ); @@ -187,15 +186,15 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) DEBUG(0,("nss_init: talloc() failure!\n")); return NT_STATUS_NO_MEMORY; } - + nss_domain->backend = nss_backend; nss_domain->domain = talloc_strdup( nss_domain, domain ); /* Try to init and ave the result */ nss_domain->init_status = nss_domain->backend->methods->init( nss_domain ); - DLIST_ADD( nss_domain_list, nss_domain ); - if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { + DLIST_ADD( nss_domain_list, nss_domain ); + if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { DEBUG(0,("nss_init: Failed to init backend for %s domain!\n", nss_domain->domain)); } @@ -207,7 +206,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) /* cleanup */ SAFE_FREE( backend ); - SAFE_FREE( domain ); + SAFE_FREE( domain ); } if ( !nss_domain_list ) { @@ -217,10 +216,9 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) /* we shouild default to use template here */ } - - + nss_initialized = NT_STATUS_OK; - + return NT_STATUS_OK; } @@ -229,7 +227,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) static struct nss_domain_entry *find_nss_domain( const char *domain ) { - NTSTATUS status; + NTSTATUS status; struct nss_domain_entry *p; status = nss_init( lp_winbind_nss_info() ); @@ -238,20 +236,20 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) nt_errstr(status))); return NULL; } - + for ( p=nss_domain_list; p; p=p->next ) { if ( strequal( p->domain, domain ) ) break; } - + /* If we didn't find a match, then use the default nss info */ if ( !p ) { if ( !nss_domain_list ) { return NULL; } - - p = nss_domain_list; + + p = nss_domain_list; } if ( !NT_STATUS_IS_OK( p->init_status ) ) { @@ -281,10 +279,10 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) domain )); return NT_STATUS_NOT_FOUND; } - + m = p->backend->methods; - return m->get_nss_info( p, user_sid, ctx, ads, msg, + return m->get_nss_info( p, user_sid, ctx, ads, msg, homedir, shell, gecos, p_gid ); } -- cgit From 37be1f6d086084206b5153a15c2ac2e18793cceb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 02:01:44 +0100 Subject: s3:winbindd/nss_info: fix default backend handling for ad backends. This fixes "winbind nss info = rfc2307" (or sfu or sfu20). Originally, only explicitly configured domains (like "rfc2307:domain") worked with the ad module, since the domain name was not passed backe to the module. This is fixed by recording the first backend listed without domain in the "winbind nss info" parameter as the default backend, and creating new nss_domain entries (using this default backend) on the fly as requests for domains which are not explicitly configured are encountered. Michael --- source3/winbindd/nss_info.c | 84 ++++++++++++++++++++++++++++++++------------- 1 file changed, 61 insertions(+), 23 deletions(-) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 29393a565e..a7b642440f 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -3,6 +3,7 @@ Idmap NSS headers Copyright (C) Gerald Carter 2006 + Copyright (C) Michael Adam 2008 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -22,6 +23,7 @@ #include "nss_info.h" static struct nss_function_entry *backends = NULL; +static struct nss_function_entry *default_backend = NULL; static struct nss_domain_entry *nss_domain_list = NULL; /********************************************************************** @@ -121,6 +123,42 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) return True; } +NTSTATUS nss_domain_list_add_domain(const char *domain, + struct nss_function_entry *nss_backend) +{ + struct nss_domain_entry *nss_domain; + + nss_domain = TALLOC_ZERO_P(nss_domain_list, struct nss_domain_entry); + if (!nss_domain) { + DEBUG(0, ("nss_domain_list_add_domain: talloc() failure!\n")); + return NT_STATUS_NO_MEMORY; + } + + nss_domain->backend = nss_backend; + if (domain) { + nss_domain->domain = talloc_strdup(nss_domain, domain); + if (!nss_domain->domain) { + DEBUG(0, ("nss_domain_list_add_domain: talloc() " + "failure!\n")); + TALLOC_FREE(nss_domain); + return NT_STATUS_NO_MEMORY; + } + } + + nss_domain->init_status = nss_domain->backend->methods->init(nss_domain); + if (!NT_STATUS_IS_OK(nss_domain->init_status)) { + DEBUG(0, ("nss_init: Failed to init backend '%s' for domain " + "'%s'!\n", nss_backend->name, nss_domain->domain)); + } + + DLIST_ADD(nss_domain_list, nss_domain); + + DEBUG(10, ("Added domain '%s' with backend '%s' to nss_domain_list.\n", + domain, nss_backend->name)); + + return NT_STATUS_OK; +} + /******************************************************************** Each nss backend must not store global state, but rather be able to initialize the state on a per domain basis. @@ -178,31 +216,21 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) } } - /* fill in the nss_domain_entry and add it to the - list of domains */ - - nss_domain = TALLOC_ZERO_P( nss_domain_list, struct nss_domain_entry ); - if ( !nss_domain ) { - DEBUG(0,("nss_init: talloc() failure!\n")); - return NT_STATUS_NO_MEMORY; + /* + * The first config item of the list without an explicit domain + * is treated as the default nss info backend. + */ + if ((domain == NULL) && (default_backend == NULL)) { + DEBUG(10, ("nss_init: using '%s' as default backend.\n", + backend)); + default_backend = nss_backend; } - nss_domain->backend = nss_backend; - nss_domain->domain = talloc_strdup( nss_domain, domain ); - - /* Try to init and ave the result */ - - nss_domain->init_status = nss_domain->backend->methods->init( nss_domain ); - DLIST_ADD( nss_domain_list, nss_domain ); - if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { - DEBUG(0,("nss_init: Failed to init backend for %s domain!\n", - nss_domain->domain)); + status = nss_domain_list_add_domain(domain, nss_backend); + if (!NT_STATUS_IS_OK(status)) { + return status; } - DEBUG(10, ("nss_init: nss domain initialized: " - "domain = '%s', backend = '%s'\n", - domain, backend)); - /* cleanup */ SAFE_FREE( backend ); @@ -242,13 +270,23 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) break; } - /* If we didn't find a match, then use the default nss info */ + /* If we didn't find a match, then use the default nss backend */ if ( !p ) { - if ( !nss_domain_list ) { + if (!default_backend) { + return NULL; + } + + status = nss_domain_list_add_domain(domain, default_backend); + if (!NT_STATUS_IS_OK(status)) { return NULL; } + /* + * HACK ALERT: + * Here, we use the fact that the new domain was added at + * the beginning of the list... + */ p = nss_domain_list; } -- cgit From c77435caaf46734429fc3cea2e612cc17ca0d7ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:22:02 +0100 Subject: s3:winbindd/nss_info: make nss_domain_list_add_domain() static Michael --- source3/winbindd/nss_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index a7b642440f..8ba9b079c1 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -123,8 +123,8 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) return True; } -NTSTATUS nss_domain_list_add_domain(const char *domain, - struct nss_function_entry *nss_backend) +static NTSTATUS nss_domain_list_add_domain(const char *domain, + struct nss_function_entry *nss_backend) { struct nss_domain_entry *nss_domain; -- cgit From 0744c32678da3757d5e16802e4c153bae72b961a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:22:33 +0100 Subject: s3:winbindd/nss_info: remove unused variable from nss_init() Michael --- source3/winbindd/nss_info.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 8ba9b079c1..734c009602 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -171,7 +171,6 @@ static NTSTATUS nss_domain_list_add_domain(const char *domain, int i; char *backend, *domain; struct nss_function_entry *nss_backend; - struct nss_domain_entry *nss_domain; /* check for previous successful initializations */ -- cgit From 7bd7846df7a28b9a066fd4d862de0e4d81aadb86 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 30 Nov 2008 16:26:10 -0800 Subject: Make nt4_compatible_acls() non-static for use by VFS ACL modules. --- source3/include/proto.h | 1 + source3/smbd/posix_acls.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/source3/include/proto.h b/source3/include/proto.h index 2dd9b61b56..4bc524f40a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8226,6 +8226,7 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req); /* The following definitions come from smbd/posix_acls.c */ void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid); +bool nt4_compatible_acls(void); NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd); SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl); NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0529d2765e..97fd3b2bbe 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -870,7 +870,7 @@ static void merge_aces( canon_ace **pp_list_head ) Check if we need to return NT4.x compatible ACL entries. ****************************************************************************/ -static bool nt4_compatible_acls(void) +bool nt4_compatible_acls(void) { int compat = lp_acl_compatibility(); -- cgit From e021ecea45bbd41fb671d3f0cb8f5c271f14ba7f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 06:20:22 +0100 Subject: s3:vfs_tsmsm: fix potential segfault (freeing uninitialized buffer) Michael --- source3/modules/vfs_tsmsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_tsmsm.c b/source3/modules/vfs_tsmsm.c index ee958b1be5..6fb1d1d2d4 100644 --- a/source3/modules/vfs_tsmsm.c +++ b/source3/modules/vfs_tsmsm.c @@ -148,7 +148,7 @@ static bool tsmsm_is_offline(struct vfs_handle_struct *handle, dm_attrname_t dmname; int ret, lerrno; bool offline; - char *buf; + char *buf = NULL; size_t buflen; /* if the file has more than FILE_IS_ONLINE_RATIO of blocks available, -- cgit From 81fc50b4867acf63e624abeda8b3b48c4d300f93 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Tue, 2 Dec 2008 08:37:27 +0800 Subject: Fix script installmo.sh when no .po file exists --- source3/script/installmo.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/source3/script/installmo.sh b/source3/script/installmo.sh index a1f9c58e27..9c4ab1eefe 100644 --- a/source3/script/installmo.sh +++ b/source3/script/installmo.sh @@ -24,6 +24,10 @@ for dir in $SRCDIR/locale/*; do for f in $SRCDIR/locale/$MODULE/*.po; do BASE=`basename $f` LANGUAGE=`echo $BASE | sed 's/\.po//g'` + if test "$LANGUAGE" = '*'; then + echo "No .po file exists!" + exit 0 + fi FNAME="$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/$MODULE.mo" if test ! -d "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/"; then mkdir -p "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/" -- cgit From 4f0661ace8c83be6686d7f81af77ccf243dbb992 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 1 Dec 2008 17:35:19 +0100 Subject: Fix a debug message, append the correct \n --- source3/smbd/trans2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 4dc2001042..9719d5c386 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1135,7 +1135,7 @@ static uint32 unix_filetype(mode_t mode) return UNIX_TYPE_SOCKET; #endif - DEBUG(0,("unix_filetype: unknown filetype %u", (unsigned)mode)); + DEBUG(0,("unix_filetype: unknown filetype %u\n", (unsigned)mode)); return UNIX_TYPE_UNKNOWN; } -- cgit From c7c591c19fc4d17a900a0f15df9973b801c076c3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 19:50:26 +0100 Subject: s3-samr: modify logging in _samr_Connect2 so that it can be called from other calls as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c45be02ab8..11aa4e3609 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3478,14 +3478,26 @@ NTSTATUS _samr_Connect2(pipes_struct *p, uint32 des_access = r->in.access_mask; NTSTATUS nt_status; size_t sd_size; + const char *fn = "_samr_Connect2"; + switch (p->hdr_req.opnum) { + case NDR_SAMR_CONNECT2: + fn = "_samr_Connect2"; + break; + case NDR_SAMR_CONNECT4: + fn = "_samr_Connect4"; + break; + case NDR_SAMR_CONNECT5: + fn = "_samr_Connect5"; + break; + } - DEBUG(5,("_samr_Connect2: %d\n", __LINE__)); + DEBUG(5,("%s: %d\n", fn, __LINE__)); /* Access check */ if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to _samr_Connect2\n")); + DEBUG(3, ("access denied to %s\n", fn)); return NT_STATUS_ACCESS_DENIED; } @@ -3495,7 +3507,7 @@ NTSTATUS _samr_Connect2(pipes_struct *p, se_map_generic(&des_access, &sam_generic_mapping); nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect2"); + NULL, 0, des_access, &acc_granted, fn); if ( !NT_STATUS_IS_OK(nt_status) ) return nt_status; @@ -3511,7 +3523,7 @@ NTSTATUS _samr_Connect2(pipes_struct *p, if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - DEBUG(5,("_samr_Connect2: %d\n", __LINE__)); + DEBUG(5,("%s: %d\n", fn, __LINE__)); return nt_status; } -- cgit From 24fec0a8d727a51ffe214af5ee62bb7a730ce539 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 19:51:27 +0100 Subject: s3-samr: avoid code duplication for identical code in _samr_Connect2, 4 and 5. Guenther --- source3/rpc_server/srv_samr_nt.c | 93 +++++++--------------------------------- 1 file changed, 15 insertions(+), 78 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 11aa4e3609..4b913bace1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3535,48 +3535,13 @@ NTSTATUS _samr_Connect2(pipes_struct *p, NTSTATUS _samr_Connect4(pipes_struct *p, struct samr_Connect4 *r) { - struct samr_info *info = NULL; - SEC_DESC *psd = NULL; - uint32 acc_granted; - uint32 des_access = r->in.access_mask; - NTSTATUS nt_status; - size_t sd_size; - - - DEBUG(5,("_samr_Connect4: %d\n", __LINE__)); - - /* Access check */ - - if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to samr_Connect4\n")); - return NT_STATUS_ACCESS_DENIED; - } - - map_max_allowed_access(p->server_info->ptok, &des_access); - - make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); - se_map_generic(&des_access, &sam_generic_mapping); + struct samr_Connect2 c; - nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect4"); - - if ( !NT_STATUS_IS_OK(nt_status) ) - return nt_status; - - /* associate the user's SID and access granted with the new handle. */ - if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; - - info->acc_granted = acc_granted; - info->status = r->in.access_mask; /* ??? */ - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - DEBUG(5,("_samr_Connect4: %d\n", __LINE__)); + c.in.system_name = r->in.system_name; + c.in.access_mask = r->in.access_mask; + c.out.connect_handle = r->out.connect_handle; - return NT_STATUS_OK; + return _samr_Connect2(p, &c); } /******************************************************************* @@ -3586,50 +3551,22 @@ NTSTATUS _samr_Connect4(pipes_struct *p, NTSTATUS _samr_Connect5(pipes_struct *p, struct samr_Connect5 *r) { - struct samr_info *info = NULL; - SEC_DESC *psd = NULL; - uint32 acc_granted; - uint32 des_access = r->in.access_mask; - NTSTATUS nt_status; - size_t sd_size; + NTSTATUS status; + struct samr_Connect2 c; struct samr_ConnectInfo1 info1; - DEBUG(5,("_samr_Connect5: %d\n", __LINE__)); + info1.client_version = SAMR_CONNECT_AFTER_W2K; + info1.unknown2 = 0; - /* Access check */ + c.in.system_name = r->in.system_name; + c.in.access_mask = r->in.access_mask; + c.out.connect_handle = r->out.connect_handle; - if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to samr_Connect5\n")); - return NT_STATUS_ACCESS_DENIED; + status = _samr_Connect2(p, &c); + if (!NT_STATUS_IS_OK(status)) { + return status; } - map_max_allowed_access(p->server_info->ptok, &des_access); - - make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); - se_map_generic(&des_access, &sam_generic_mapping); - - nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect5"); - - if ( !NT_STATUS_IS_OK(nt_status) ) - return nt_status; - - /* associate the user's SID and access granted with the new handle. */ - if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; - - info->acc_granted = acc_granted; - info->status = r->in.access_mask; /* ??? */ - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - DEBUG(5,("_samr_Connect5: %d\n", __LINE__)); - - info1.client_version = SAMR_CONNECT_AFTER_W2K; - info1.unknown2 = 0; - *r->out.level_out = 1; r->out.info_out->info1 = info1; -- cgit From 49a8bd5e14fdb78197fc821fca72f0ba201f5f39 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:01:09 -0800 Subject: s3:smbd: '|' isn't allowed in windows filenames metze --- source3/smbd/reply.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1f99db2de4..d23f9c106e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -119,7 +119,7 @@ static NTSTATUS check_path_syntax_internal(char *path, if (!(*s & 0x80)) { if (!posix_path) { - if (*s <= 0x1f) { + if (*s <= 0x1f || *s == '|') { return NT_STATUS_OBJECT_NAME_INVALID; } switch (*s) { -- cgit From edde763d3f981f9ccdf65feffd85a591fb1708c1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:22:55 -0800 Subject: s3:smbd: correctly verify stream names to pass RAW-STREAMS metze --- source3/smbd/reply.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index d23f9c106e..a1833b55df 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path, const char *s = path; NTSTATUS ret = NT_STATUS_OK; bool start_of_name_component = True; + bool stream_started = false; *p_last_component_contains_wcard = False; while (*s) { - if (IS_PATH_SEP(*s,posix_path)) { + if (stream_started) { + switch (*s) { + case '/': + case '\\': + return NT_STATUS_OBJECT_NAME_INVALID; + case ':': + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (strchr_m(&s[1], ':')) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (StrCaseCmp(s, ":$DATA") != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + break; + } + } + + if (!stream_started && *s == ':') { + if (*p_last_component_contains_wcard) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + /* stream names allow more characters than file names */ + stream_started = true; + start_of_name_component = false; + posix_path = true; + + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + } + + if (!stream_started && IS_PATH_SEP(*s,posix_path)) { /* * Safe to assume is not the second part of a mb char * as this is handled below. -- cgit From 936037c7dabab1654d4d5e398b2a6ef2d640fc17 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:27:47 -0800 Subject: s3:smbd: wildcard characters are allowed in stream names We only check the filename of the basefile now. metze --- source3/smbd/open.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a6867e077c..a8cc5c9118 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -332,6 +332,7 @@ static NTSTATUS open_file(files_struct *fsp, if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) || (!file_existed && (local_flags & O_CREAT)) || ((local_flags & O_TRUNC) == O_TRUNC) ) { + const char *wild; /* * We can't actually truncate here as the file may be locked. @@ -353,8 +354,17 @@ static NTSTATUS open_file(files_struct *fsp, #endif /* Don't create files with Microsoft wildcard characters. */ + if (fsp->base_fsp) { + /* + * wildcard characters are allowed in stream names + * only test the basefilename + */ + wild = fsp->base_fsp->fsp_name; + } else { + wild = path; + } if ((local_flags & O_CREAT) && !file_existed && - ms_has_wild(path)) { + ms_has_wild(wild)) { return NT_STATUS_OBJECT_NAME_INVALID; } -- cgit From 0b7430b0541af98fe3661069d93fafca42f321ec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 22:20:41 +0100 Subject: s3-samr: fix various potential memleaks in samr_SetUserInfo. Was there any reason why we did all these individual TALLOC_FREEs ? Guenther --- source3/rpc_server/srv_samr_nt.c | 45 ++-------------------------------------- 1 file changed, 2 insertions(+), 43 deletions(-) diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b913bace1..3b8c3a1547 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3774,13 +3774,11 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx, if (id7 == NULL) { DEBUG(5, ("set_user_info_7: NULL id7\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } if (!id7->account_name.string) { DEBUG(5, ("set_user_info_7: failed to get new username\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -3800,7 +3798,6 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx, rc = pdb_rename_sam_account(pwd, id7->account_name.string); - TALLOC_FREE(pwd); return rc; } @@ -3813,23 +3810,18 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16, { if (id16 == NULL) { DEBUG(5, ("set_user_info_16: NULL id16\n")); - TALLOC_FREE(pwd); return False; } /* FIX ME: check if the value is really changed --metze */ if (!pdb_set_acct_ctrl(pwd, id16->acct_flags, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -3842,29 +3834,23 @@ static bool set_user_info_18(struct samr_UserInfo18 *id18, { if (id18 == NULL) { DEBUG(2, ("set_user_info_18: id18 is NULL\n")); - TALLOC_FREE(pwd); return False; } if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); return True; } @@ -3884,12 +3870,9 @@ static bool set_user_info_20(struct samr_UserInfo20 *id20, /* write the change out */ if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -3909,7 +3892,6 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, } if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -3938,7 +3920,6 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("set_user_info_21: failed to rename account: %s\n", nt_errstr(status))); - TALLOC_FREE(pwd); return status; } @@ -3969,12 +3950,9 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, /* write the change out */ if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } - TALLOC_FREE(pwd); - return NT_STATUS_OK; } @@ -3997,7 +3975,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, } if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4012,12 +3989,10 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, &plaintext_buf, &len, STR_UNICODE)) { - TALLOC_FREE(pwd); return NT_STATUS_WRONG_PASSWORD; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4034,7 +4009,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, struct passwd *passwd; if (pdb_get_username(pwd) == NULL) { DEBUG(1, ("chgpasswd: User without name???\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4044,7 +4018,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, } if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } TALLOC_FREE(passwd); @@ -4056,17 +4029,13 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) && (!NT_STATUS_IS_OK(status = pdb_set_unix_primary_group(mem_ctx, pwd)))) { - TALLOC_FREE(pwd); return status; } if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } - TALLOC_FREE(pwd); - return NT_STATUS_OK; } @@ -4097,12 +4066,10 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, &plaintext_buf, &len, STR_UNICODE)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { - TALLOC_FREE(pwd); return False; } @@ -4118,7 +4085,6 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, if (pdb_get_username(pwd) == NULL) { DEBUG(1, ("chgpasswd: User without name???\n")); - TALLOC_FREE(pwd); return False; } @@ -4128,7 +4094,6 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, } if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { - TALLOC_FREE(pwd); return False; } TALLOC_FREE(passwd); @@ -4156,12 +4121,9 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, /* update the SAMBA password */ if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -4181,7 +4143,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, } if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4189,7 +4150,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, /* write the change out */ if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } @@ -4208,9 +4168,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, } } - /* WARNING: No TALLOC_FREE(pwd), we are about to set the password - * hereafter! */ - return NT_STATUS_OK; } @@ -4422,6 +4379,8 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, done: + TALLOC_FREE(pwd); + if (has_enough_rights) { unbecome_root(); } -- cgit From 8edd7752447e178d2e99b23997d475790efb5af2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:31:43 -0800 Subject: s3:smbd: construct the correct newname for stream renames The Windows Explorer creates temporary streams and renames them later via SFILEINFO_RENAME_INFO. The newname comes in as ":Stream:$DATA". metze --- source3/smbd/trans2.c | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 9719d5c386..8532c85d7b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -5353,26 +5353,42 @@ static NTSTATUS smb_file_rename_information(connection_struct *conn, return NT_STATUS_NOT_SUPPORTED; } - /* Create the base directory. */ - base_name = talloc_strdup(ctx, fname); - if (!base_name) { - return NT_STATUS_NO_MEMORY; - } - p = strrchr_m(base_name, '/'); - if (p) { - p[1] = '\0'; + if (fsp && fsp->base_fsp) { + if (newname[0] != ':') { + return NT_STATUS_NOT_SUPPORTED; + } + base_name = talloc_asprintf(ctx, "%s%s", + fsp->base_fsp->fsp_name, + newname); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } } else { - base_name = talloc_strdup(ctx, "./"); + if (is_ntfs_stream_name(newname)) { + return NT_STATUS_NOT_SUPPORTED; + } + + /* Create the base directory. */ + base_name = talloc_strdup(ctx, fname); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } + p = strrchr_m(base_name, '/'); + if (p) { + p[1] = '\0'; + } else { + base_name = talloc_strdup(ctx, "./"); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } + } + /* Append the new name. */ + base_name = talloc_asprintf_append(base_name, + "%s", + newname); if (!base_name) { return NT_STATUS_NO_MEMORY; } - } - /* Append the new name. */ - base_name = talloc_asprintf_append(base_name, - "%s", - newname); - if (!base_name) { - return NT_STATUS_NO_MEMORY; } if (fsp) { -- cgit From 4659215a00da0e2ef65d98e6feb020c89563cdba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:35:28 -0800 Subject: s3:smbd: return DELETE_PENDING on path based operations on streams, when the main file was deleted. metze --- source3/smbd/trans2.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 8532c85d7b..cc7b87f448 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3999,6 +3999,46 @@ static void call_trans2qfilepathinfo(connection_struct *conn, return; } + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && is_ntfs_stream_name(fname)) { + char *base; + SMB_STRUCT_STAT bsbuf; + + status = split_ntfs_stream_name(talloc_tos(), fname, + &base, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("create_file_unixpath: " + "split_ntfs_stream_name failed: %s\n", + nt_errstr(status))); + reply_nterror(req, status); + return; + } + + SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */ + + if (INFO_LEVEL_IS_UNIX(info_level)) { + /* Always do lstat for UNIX calls. */ + if (SMB_VFS_LSTAT(conn,base,&bsbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_LSTAT of %s failed (%s)\n",base,strerror(errno))); + reply_unixerror(req,ERRDOS,ERRbadpath); + return; + } + } else { + if (SMB_VFS_STAT(conn,base,&bsbuf) != 0) { + DEBUG(3,("call_trans2qfilepathinfo: fileinfo of %s failed (%s)\n",base,strerror(errno))); + reply_unixerror(req,ERRDOS,ERRbadpath); + return; + } + } + + fileid = vfs_file_id_from_sbuf(conn, &bsbuf); + get_file_infos(fileid, &delete_pending, NULL); + if (delete_pending) { + reply_nterror(req, NT_STATUS_DELETE_PENDING); + return; + } + } + if (INFO_LEVEL_IS_UNIX(info_level)) { /* Always do lstat for UNIX calls. */ if (SMB_VFS_LSTAT(conn,fname,&sbuf)) { -- cgit From d1d9dc557434f4eb48cf53269920f43861e8c116 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:45:55 -0800 Subject: s3:smbd: write times should be set on the base file instead of the stream name metze --- source3/smbd/trans2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cc7b87f448..7b051d389f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4957,7 +4957,11 @@ NTSTATUS smb_set_file_time(connection_struct *conn, time_to_asc(convert_timespec_to_time_t(ts[1])) )); if (fsp != NULL) { - set_sticky_write_time_fsp(fsp, ts[1]); + if (fsp->base_fsp) { + set_sticky_write_time_fsp(fsp->base_fsp, ts[1]); + } else { + set_sticky_write_time_fsp(fsp, ts[1]); + } } else { set_sticky_write_time_path(conn, fname, vfs_file_id_from_sbuf(conn, psbuf), @@ -4967,6 +4971,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn, DEBUG(10,("smb_set_file_time: setting utimes to modified values.\n")); + if (fsp && fsp->base_fsp) { + fname = fsp->base_fsp->fsp_name; + } + if(file_ntimes(conn, fname, ts)!=0) { return map_nt_error_from_unix(errno); } -- cgit From 787b0536b7a8d3b13bcb3b0f1d8f7ef7d99f4561 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:52:28 -0800 Subject: s3:smbd: only try and fallback to open a directory if it's not a stream open metze --- source3/smbd/open.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a8cc5c9118..420a65b562 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2927,6 +2927,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { + /* A stream open never opens a directory */ + + if (base_fsp) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + /* * Fail the open if it was explicitly a non-directory * file. -- cgit From 9ae1a17c95185aab928d3e362c37caf5d752c411 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:54:53 -0800 Subject: s3:streams_xattr: add support for renaming streams metze --- source3/modules/vfs_streams_xattr.c | 143 +++++++++++++++++++++++++++++++++++- 1 file changed, 142 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 2ea5336295..e96f616e31 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -94,7 +94,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10, ("streams_xattr_fstat called for %d\n", fsp->fh->fd)); - if (io == NULL) { + if (io == NULL || fsp->base_fsp == NULL) { return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); } @@ -136,6 +136,10 @@ static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname, return -1; } + if (sname == NULL){ + return SMB_VFS_NEXT_STAT(handle, base, sbuf); + } + if (SMB_VFS_STAT(handle->conn, base, sbuf) == -1) { goto fail; } @@ -183,6 +187,10 @@ static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname, goto fail; } + if (sname == NULL){ + return SMB_VFS_NEXT_LSTAT(handle, base, sbuf); + } + if (SMB_VFS_LSTAT(handle->conn, base, sbuf) == -1) { goto fail; } @@ -239,6 +247,12 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, goto fail; } + if (sname == NULL) { + hostfd = SMB_VFS_NEXT_OPEN(handle, base, fsp, flags, mode); + talloc_free(frame); + return hostfd; + } + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { @@ -391,6 +405,10 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, const char *fname) goto fail; } + if (sname == NULL){ + return SMB_VFS_NEXT_UNLINK(handle, base); + } + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { @@ -413,6 +431,127 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, const char *fname) return ret; } +static int streams_xattr_rename(vfs_handle_struct *handle, + const char *oldname, + const char *newname) +{ + NTSTATUS status; + TALLOC_CTX *frame = NULL; + char *obase; + char *ostream; + char *nbase; + char *nstream; + const char *base; + int ret = -1; + char *oxattr_name; + char *nxattr_name; + bool o_is_stream; + bool n_is_stream; + ssize_t oret; + ssize_t nret; + struct ea_struct ea; + + o_is_stream = is_ntfs_stream_name(oldname); + n_is_stream = is_ntfs_stream_name(newname); + + if (!o_is_stream && !n_is_stream) { + return SMB_VFS_NEXT_RENAME(handle, oldname, newname); + } + + if (!(o_is_stream && n_is_stream)) { + errno = ENOSYS; + goto fail; + } + + frame = talloc_stackframe(); + if (!frame) { + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), oldname, &obase, &ostream); + if (!NT_STATUS_IS_OK(status)) { + errno = EINVAL; + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), newname, &nbase, &nstream); + if (!NT_STATUS_IS_OK(status)) { + errno = EINVAL; + goto fail; + } + + /*TODO: maybe call SMB_VFS_NEXT_RENAME() both streams are NULL (::$DATA) */ + if (ostream == NULL) { + errno = ENOSYS; + goto fail; + } + + if (nstream == NULL) { + errno = ENOSYS; + goto fail; + } + + /* the new base should be empty */ + if (StrCaseCmp(obase, nbase) != 0) { + errno = ENOSYS; + goto fail; + } + + if (StrCaseCmp(ostream, nstream) == 0) { + goto done; + } + + base = obase; + + oxattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, ostream); + if (oxattr_name == NULL) { + errno = ENOMEM; + goto fail; + } + + nxattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, nstream); + if (nxattr_name == NULL) { + errno = ENOMEM; + goto fail; + } + + /* read the old stream */ + status = get_ea_value(talloc_tos(), handle->conn, NULL, + base, oxattr_name, &ea); + if (!NT_STATUS_IS_OK(status)) { + errno = ENOENT; + goto fail; + } + + /* (over)write the new stream */ + nret = SMB_VFS_SETXATTR(handle->conn, base, nxattr_name, + ea.value.data, ea.value.length, 0); + if (nret < 0) { + if (errno == ENOATTR) { + errno = ENOENT; + } + goto fail; + } + + /* remove the old stream */ + oret = SMB_VFS_REMOVEXATTR(handle->conn, base, oxattr_name); + if (oret < 0) { + if (errno == ENOATTR) { + errno = ENOENT; + } + goto fail; + } + + done: + errno = 0; + ret = 0; + fail: + TALLOC_FREE(frame); + return ret; +} + static NTSTATUS walk_xattr_streams(connection_struct *conn, files_struct *fsp, const char *fname, bool (*fn)(struct ea_struct *ea, @@ -761,6 +900,8 @@ static vfs_op_tuple streams_xattr_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_xattr_rename), SMB_VFS_OP_RENAME, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_ftruncate), SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_streaminfo), SMB_VFS_OP_STREAMINFO, -- cgit From ce310f666d4896ab2cc13514fc5eb55157028cd0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:59:21 -0800 Subject: s3:streams_depot: map 'file::$DATA' to just 'file' metze --- source3/modules/vfs_streams_depot.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 0d6e0e02c1..80c693190c 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -271,6 +271,11 @@ static char *stream_name(vfs_handle_struct *handle, const char *fname, goto fail; } + /* if it's the ::$DATA stream just return the base file name */ + if (!sname) { + return base; + } + dirname = stream_dir(handle, base, NULL, create_dir); if (dirname == NULL) { @@ -410,6 +415,7 @@ static int streams_depot_open(vfs_handle_struct *handle, const char *fname, { TALLOC_CTX *frame; char *base = NULL; + char *sname = NULL; SMB_STRUCT_STAT base_sbuf; char *stream_fname; int ret = -1; @@ -421,11 +427,16 @@ static int streams_depot_open(vfs_handle_struct *handle, const char *fname, frame = talloc_stackframe(); if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), fname, - &base, NULL))) { + &base, &sname))) { errno = ENOMEM; goto done; } + if (!sname) { + ret = SMB_VFS_NEXT_OPEN(handle, base, fsp, flags, mode); + goto done; + } + ret = SMB_VFS_NEXT_STAT(handle, base, &base_sbuf); if (ret == -1) { -- cgit From 549c2cb7a88340be4069a4d60a413627818aee9f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:10:04 -0800 Subject: s3:streams_depot: add support for stream renames metze --- source3/modules/vfs_streams_depot.c | 74 +++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 80c693190c..f8a8d97743 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -498,6 +498,78 @@ static int streams_depot_unlink(vfs_handle_struct *handle, const char *fname) return SMB_VFS_NEXT_UNLINK(handle, fname); } +static int streams_depot_rename(vfs_handle_struct *handle, + const char *oldname, + const char *newname) +{ + TALLOC_CTX *frame = NULL; + int ret = -1; + bool old_is_stream; + bool new_is_stream; + char *obase = NULL; + char *osname = NULL; + char *nbase = NULL; + char *nsname = NULL; + char *ostream_fname = NULL; + char *nstream_fname = NULL; + + DEBUG(10, ("streams_depot_rename called for %s => %s\n", + oldname, newname)); + + old_is_stream = is_ntfs_stream_name(oldname); + new_is_stream = is_ntfs_stream_name(newname); + + if (!old_is_stream && !new_is_stream) { + return SMB_VFS_NEXT_RENAME(handle, oldname, newname); + } + + if (!(old_is_stream && new_is_stream)) { + errno = ENOSYS; + return -1; + } + + frame = talloc_stackframe(); + + if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), oldname, + &obase, &osname))) { + errno = ENOMEM; + goto done; + } + + if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), oldname, + &nbase, &nsname))) { + errno = ENOMEM; + goto done; + } + + /* for now don't allow renames from or to the default stream */ + if (!osname || !nsname) { + errno = ENOSYS; + goto done; + } + + if (StrCaseCmp(obase, nbase) != 0) { + errno = ENOSYS; + goto done; + } + + ostream_fname = stream_name(handle, oldname, false); + if (ostream_fname == NULL) { + return -1; + } + + nstream_fname = stream_name(handle, newname, false); + if (nstream_fname == NULL) { + return -1; + } + + ret = SMB_VFS_NEXT_RENAME(handle, ostream_fname, nstream_fname); + +done: + TALLOC_FREE(frame); + return ret; +} + static bool add_one_stream(TALLOC_CTX *mem_ctx, unsigned int *num_streams, struct stream_struct **streams, const char *name, SMB_OFF_T size, @@ -648,6 +720,8 @@ static vfs_op_tuple streams_depot_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_depot_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_depot_rename), SMB_VFS_OP_RENAME, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_depot_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} -- cgit From d53f82a1cf9a369ae3e657fea845f19313f06eb4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:11:33 -0800 Subject: s3:streams_depot: fix valgrind bug lp_parm_const_string() doesn't talloc the default value metze --- source3/modules/vfs_streams_depot.c | 1 - 1 file changed, 1 deletion(-) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index f8a8d97743..9e0a5895ea 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -128,7 +128,6 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", tmp); - TALLOC_FREE(tmp); if (base_sbuf == NULL) { if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) { -- cgit From b0c0b949feb7646d4c4077a04de2c0acd7720e44 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:20:21 -0800 Subject: s3:streams_depot: add an option to disable the xattr checks streams_depot:check_valid=no is useful when the filesystem has no xattr support and files are only published via samba. metze --- source3/modules/vfs_streams_depot.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 9e0a5895ea..69d34940fd 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -67,10 +67,15 @@ static uint32_t hash_fn(DATA_BLOB key) #define SAMBA_XATTR_MARKER "user.SAMBA_STREAMS" -static bool file_is_valid(vfs_handle_struct *handle, const char *path) +static bool file_is_valid(vfs_handle_struct *handle, const char *path, + bool check_valid) { char buf; + if (!check_valid) { + return true; + } + DEBUG(10, ("file_is_valid (%s) called\n", path)); if (SMB_VFS_NEXT_GETXATTR(handle, path, SAMBA_XATTR_MARKER, @@ -87,11 +92,16 @@ static bool file_is_valid(vfs_handle_struct *handle, const char *path) return true; } -static bool mark_file_valid(vfs_handle_struct *handle, const char *path) +static bool mark_file_valid(vfs_handle_struct *handle, const char *path, + bool check_valid) { char buf = '1'; int ret; + if (!check_valid) { + return true; + } + DEBUG(10, ("marking file %s as valid\n", path)); ret = SMB_VFS_NEXT_SETXATTR(handle, path, SAMBA_XATTR_MARKER, @@ -116,8 +126,12 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, char *id_hex; struct file_id id; uint8 id_buf[16]; + bool check_valid; const char *rootdir; + check_valid = lp_parm_bool(SNUM(handle->conn), + "streams_depot", "check_valid", true); + tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); if (tmp == NULL) { @@ -174,7 +188,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - if (file_is_valid(handle, base_path)) { + if (file_is_valid(handle, base_path, check_valid)) { return result; } @@ -244,7 +258,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - if (!mark_file_valid(handle, base_path)) { + if (!mark_file_valid(handle, base_path, check_valid)) { goto fail; } -- cgit From 0b169748ce879ce7a1b6b9d9d4f4bc9b1b7045e0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:21:34 -0800 Subject: s3:vfs: fix FCHMOD_ACL macros metze --- source3/include/vfs_macros.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 7b3aeaa2c7..8fbc21b12d 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -92,7 +92,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_CHMOD_ACL(conn, name, mode) ((conn)->vfs.ops.chmod_acl((conn)->vfs.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs.ops.sys_acl_get_entry((conn)->vfs.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs.ops.sys_acl_get_tag_type((conn)->vfs.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) @@ -217,7 +217,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_OPAQUE_CHMOD_ACL(conn, name, mode) ((conn)->vfs_opaque.ops.chmod_acl((conn)->vfs_opaque.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_OPAQUE_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs_opaque.ops.sys_acl_get_entry((conn)->vfs_opaque.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_OPAQUE_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs_opaque.ops.sys_acl_get_tag_type((conn)->vfs_opaque.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) @@ -343,7 +343,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_NEXT_CHMOD_ACL(handle, name, mode) ((handle)->vfs_next.ops.chmod_acl((handle)->vfs_next.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id, entry_p) ((handle)->vfs_next.ops.sys_acl_get_entry((handle)->vfs_next.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d, tag_type_p) ((handle)->vfs_next.ops.sys_acl_get_tag_type((handle)->vfs_next.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) -- cgit From e6a2ce970bf24a1ff588ee2f492e47b88145992f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:23:30 -0800 Subject: s3:smbd: give the correct error when trying to replace a stream metze --- source3/smbd/reply.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index a1833b55df..11c713ab4a 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5496,6 +5496,12 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, return NT_STATUS_OBJECT_NAME_COLLISION; } + if(replace_if_exists && dst_exists) { + if (is_ntfs_stream_name(newname)) { + return NT_STATUS_INVALID_PARAMETER; + } + } + if (dst_exists) { struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1); files_struct *dst_fsp = file_find_di_first(fileid); -- cgit From a8004a4ef5713a2005ae6ead1d510f30080ecb6f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:25:20 -0800 Subject: s3:streams_xattr: recheck fsp->fsp_name after a rename metze --- source3/modules/vfs_streams_xattr.c | 65 +++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index e96f616e31..6530a1813b 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -29,6 +29,9 @@ struct stream_io { char *base; char *xattr_name; + void *fsp_name_ptr; + files_struct *fsp; + vfs_handle_struct *handle; }; static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) @@ -85,6 +88,49 @@ static ssize_t get_xattr_size(connection_struct *conn, return result; } +static bool streams_xattr_recheck(struct stream_io *sio) +{ + NTSTATUS status; + char *base = NULL; + char *sname = NULL; + char *xattr_name = NULL; + + if (sio->fsp->fsp_name == sio->fsp_name_ptr) { + return true; + } + + status = split_ntfs_stream_name(talloc_tos(), sio->fsp->fsp_name, + &base, &sname); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + if (sname == NULL) { + /* how can this happen */ + errno = EINVAL; + return false; + } + + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); + if (xattr_name == NULL) { + return false; + } + + TALLOC_FREE(sio->xattr_name); + TALLOC_FREE(sio->base); + sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(sio->handle, sio->fsp), + xattr_name); + sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(sio->handle, sio->fsp), + base); + sio->fsp_name_ptr = sio->fsp->fsp_name; + + if ((sio->xattr_name == NULL) || (sio->base == NULL)) { + return false; + } + + return true; +} static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_STRUCT_STAT *sbuf) @@ -98,6 +144,10 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); } + if (!streams_xattr_recheck(io)) { + return -1; + } + if (SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf) == -1) { return -1; } @@ -365,6 +415,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, xattr_name); sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), base); + sio->fsp_name_ptr = fsp->fsp_name; + sio->handle = handle; + sio->fsp = fsp; if ((sio->xattr_name == NULL) || (sio->base == NULL)) { errno = ENOMEM; @@ -739,6 +792,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -795,6 +852,10 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -835,6 +896,10 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { -- cgit From 65169a43b321cd06d2f9474183ca8195c6182333 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:26:58 -0800 Subject: s3:streams_xattr: fstat should do a stat on the base file The behavior of stat and fstat should be the same. metze --- source3/modules/vfs_streams_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 6530a1813b..ecfc31970d 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -148,7 +148,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - if (SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf) == -1) { + if (SMB_VFS_STAT(handle->conn, io->base, sbuf) == -1) { return -1; } -- cgit From e605fdc81c64eeb37a9d77493df42c0bb010f41f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:28:27 -0800 Subject: s3:smbd: close the low level fd of the base_fsp, if the file was created metze --- source3/smbd/open.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 420a65b562..f98415ee33 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2852,6 +2852,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, "%s\n", base, nt_errstr(status))); goto fail; } + /* we don't need to low level fd */ + fd_close(base_fsp); } /* -- cgit From a8595bf506ca43e7060d696f182982703885fa08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:37:13 -0800 Subject: s3:selftest: test the streams_depot module as it passes make test The streams_xattr module only passes sometimes on my laptop. metze --- source3/script/tests/selftest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index d41d0f36cf..3b65aaa760 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -205,7 +205,7 @@ cat >$SERVERCONFFILE<