From 1b5c1ae7424ba2fad857adf3701a5809ba3b27fe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Dec 2007 21:21:17 +0100 Subject: Very quick conversion of net_conf functions into the libnet_conf layer. Certainly needs cleanup later. Guenther (This used to be commit 2b41ac926de76804a50681bd246b3a20e112853b) --- source3/libnet/libnet_conf.c | 149 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) create mode 100644 source3/libnet/libnet_conf.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c new file mode 100644 index 0000000000..f394e02e20 --- /dev/null +++ b/source3/libnet/libnet_conf.c @@ -0,0 +1,149 @@ +/* + * Unix SMB/CIFS implementation. + * libnet smbconf registry Support + * Copyright (C) Michael Adam 2007 + * Copyright (C) Guenther Deschner 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" + +/* + * Open a subkey of KEY_SMBCONF (i.e a service) + * - variant without error output (q = quiet)- + */ +WERROR libnet_smbconf_open_path_q(TALLOC_CTX *ctx, const char *subkeyname, + uint32 desired_access, + struct registry_key **key) +{ + WERROR werr = WERR_OK; + char *path = NULL; + NT_USER_TOKEN *token; + + if (!(token = registry_create_admin_token(ctx))) { + DEBUG(1, ("Error creating admin token\n")); + goto done; + } + + if (subkeyname == NULL) { + path = talloc_strdup(ctx, KEY_SMBCONF); + } else { + path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, subkeyname); + } + + werr = reg_open_path(ctx, path, desired_access, + token, key); + +done: + TALLOC_FREE(path); + return werr; +} + +/* + * check if a subkey of KEY_SMBCONF of a given name exists + */ +bool libnet_smbconf_key_exists(TALLOC_CTX *ctx, const char *subkeyname) +{ + bool ret = False; + WERROR werr = WERR_OK; + TALLOC_CTX *mem_ctx; + struct registry_key *key; + + if (!(mem_ctx = talloc_new(ctx))) { + d_fprintf(stderr, "ERROR: Out of memory...!\n"); + goto done; + } + + werr = libnet_smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key); + if (W_ERROR_IS_OK(werr)) { + ret = True; + } + +done: + TALLOC_FREE(mem_ctx); + return ret; +} + +/* + * Open a subkey of KEY_SMBCONF (i.e a service) + * - variant with error output - + */ +WERROR libnet_smbconf_open_path(TALLOC_CTX *ctx, const char *subkeyname, + uint32 desired_access, + struct registry_key **key) +{ + WERROR werr = WERR_OK; + + werr = libnet_smbconf_open_path_q(ctx, subkeyname, desired_access, key); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error opening registry path '%s\\%s': %s\n", + KEY_SMBCONF, + (subkeyname == NULL) ? "" : subkeyname, + dos_errstr(werr)); + } + + return werr; +} + +/* + * open the base key KEY_SMBCONF + */ +WERROR libnet_smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, + struct registry_key **key) +{ + return libnet_smbconf_open_path(ctx, NULL, desired_access, key); +} + +/* + * create a subkey of KEY_SMBCONF + */ +WERROR libnet_reg_createkey_internal(TALLOC_CTX *ctx, + const char * subkeyname, + struct registry_key **newkey) +{ + WERROR werr = WERR_OK; + struct registry_key *create_parent = NULL; + TALLOC_CTX *create_ctx; + enum winreg_CreateAction action = REG_ACTION_NONE; + + /* create a new talloc ctx for creation. it will hold + * the intermediate parent key (SMBCONF) for creation + * and will be destroyed when leaving this function... */ + if (!(create_ctx = talloc_new(ctx))) { + werr = WERR_NOMEM; + goto done; + } + + werr = libnet_smbconf_open_basepath(create_ctx, REG_KEY_WRITE, &create_parent); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + werr = reg_createkey(ctx, create_parent, subkeyname, + REG_KEY_WRITE, newkey, &action); + if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { + d_fprintf(stderr, "Key '%s' already exists.\n", subkeyname); + werr = WERR_ALREADY_EXISTS; + } + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error creating key %s: %s\n", + subkeyname, dos_errstr(werr)); + } + +done: + TALLOC_FREE(create_ctx); + return werr; +} + -- cgit From 913d220e0becf7359762c08e68fa433f4cc5cf44 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Dec 2007 21:25:41 +0100 Subject: Add libnet_JoinCtx structure. Guenther (This used to be commit 13c46b1407117c93b8f0275cc16ea5aa49596750) --- source3/libnet/libnet_join.h | 48 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 source3/libnet/libnet_join.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h new file mode 100644 index 0000000000..9596733cee --- /dev/null +++ b/source3/libnet/libnet_join.h @@ -0,0 +1,48 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Join Support + * Copyright (C) Guenther Deschner 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef __LIBNET_JOIN_H__ +#define __LIBNET_JOIN_H__ + +struct libnet_JoinCtx { + struct { + const char *server_name; + const char *domain_name; + const char *account_ou; + const char *admin_account; + const char *password; + uint32_t join_flags; + const char *os_version; + const char *os_string; + const char *upn; + bool modify_config; + } in; + + struct { + char *account_name; + char *netbios_domain_name; + char *dns_domain_name; + char *dn; + bool modified_config; + struct dom_sid *domain_sid; + WERROR result; + } out; +}; + +#endif -- cgit From 5bf7319ac49a850288f2caaa60c248450d504348 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Dec 2007 21:31:44 +0100 Subject: Add libnet_Join(). Heavily based on existing code in net_ads_join(). Guenther (This used to be commit fb6315b68b16d64625457881302fd191f90defa0) --- source3/libnet/libnet_join.c | 354 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 354 insertions(+) create mode 100644 source3/libnet/libnet_join.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c new file mode 100644 index 0000000000..ce5b1b7b10 --- /dev/null +++ b/source3/libnet/libnet_join.c @@ -0,0 +1,354 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Join Support + * Copyright (C) Gerald (Jerry) Carter 2006 + * Copyright (C) Guenther Deschner 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#include "includes.h" +#include "libnet/libnet_join.h" +#include "libnet/libnet_proto.h" + +static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + struct cli_state *cli = NULL; + struct rpc_pipe_client *pipe_hnd = NULL; + const char *password = NULL; + POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + WERROR werr; + char *acct_name; + const char *const_acct_name; + uint32 user_rid; + uint32 num_rids, *name_types, *user_rids; + uint32 flags = 0x3e8; + uint32 acb_info = ACB_WSTRUST; + uint32 fields_present; + uchar pwbuf[532]; + SAM_USERINFO_CTR ctr; + SAM_USER_INFO_25 p25; + const int infolevel = 25; + struct MD5Context md5ctx; + uchar md5buffer[16]; + DATA_BLOB digested_session_key; + uchar md4_trust_password[16]; + + password = talloc_strdup(mem_ctx, + generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); + W_ERROR_HAVE_NO_MEMORY(password); + + status = cli_full_connection(&cli, NULL, r->in.server_name, + NULL, 0, + "IPC$", "IPC", + r->in.admin_account, + NULL, //r->in.domain_name, + r->in.password, + 0, Undefined, NULL); + + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status); + if (!pipe_hnd) { + werr = ntstatus_to_werror(status); + goto done; + } + + status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol, + 5, + &r->out.netbios_domain_name, + &r->out.domain_sid); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + status = rpccli_lsa_query_info_policy2(pipe_hnd, mem_ctx, &lsa_pol, + 12, + &r->out.netbios_domain_name, + &r->out.dns_domain_name, + NULL, + NULL, + &r->out.domain_sid); + + rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); + cli_rpc_pipe_close(pipe_hnd); + + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); + if (!pipe_hnd) { + werr = ntstatus_to_werror(status); + goto done; + } + + status = rpccli_samr_connect(pipe_hnd, mem_ctx, + SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + r->out.domain_sid, + &domain_pol); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); + strlower_m(acct_name); + const_acct_name = acct_name; + + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, + acct_name, ACB_WSTRUST, + 0xe005000b, &user_pol, &user_rid); + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { + werr = WERR_SETUP_ALREADY_JOINED; + goto done; + } + } + + if (NT_STATUS_IS_OK(status)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + } + + status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, + &domain_pol, flags, 1, + &const_acct_name, + &num_rids, &user_rids, &name_types); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + if (name_types[0] != SID_NAME_USER) { + werr = ntstatus_to_werror(NT_STATUS_INVALID_WORKSTATION); + goto done; + } + + user_rid = user_rids[0]; + + status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, + &user_pol); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + E_md4hash(r->in.password, md4_trust_password); + encode_pw_buffer(pwbuf, r->in.password, STR_UNICODE); + + generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); + digested_session_key = data_blob_talloc(mem_ctx, 0, 16); + + MD5Init(&md5ctx); + MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); + MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length); + MD5Final(digested_session_key.data, &md5ctx); + + SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); + memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); + + acb_info |= ACB_PWNOEXP; +#if 0 + if ( dom_type == ND_TYPE_AD ) { +#if !defined(ENCTYPE_ARCFOUR_HMAC) + acb_info |= ACB_USE_DES_KEY_ONLY; +#endif + ;; + } +#endif + ZERO_STRUCT(ctr); + ZERO_STRUCT(p25); + + fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS; + init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf); + + ctr.switch_value = infolevel; + ctr.info.id25 = &p25; + + status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, + infolevel, &cli->user_session_key, + &ctr); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto done; + } + + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + cli_rpc_pipe_close(pipe_hnd); + + if (!secrets_store_domain_sid(r->out.netbios_domain_name, + r->out.domain_sid)) + { + werr = WERR_GENERAL_FAILURE; + goto done; + } + + if (!secrets_store_machine_password(password, + r->out.netbios_domain_name, + SEC_CHAN_WKSTA)) + { + werr = WERR_GENERAL_FAILURE; + goto done; + } + + werr = WERR_OK; + done: + if (cli) { + cli_shutdown(cli); + } + + return werr; +} + +static WERROR do_modify_val_config(struct registry_key *key, + const char *val_name, + const char *val_data) +{ + struct registry_value val; + + ZERO_STRUCT(val); + + val.type = REG_SZ; + val.v.sz.str = CONST_DISCARD(char *, val_data); + val.v.sz.len = strlen(val_data) + 1; + + return reg_setvalue(key, val_name, &val); +} + +static WERROR do_modify_vals_config(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct registry_key *key) +{ + WERROR werr; + bool is_ad = false; + + if (r->out.dns_domain_name) { + is_ad = true; + } + + werr = do_modify_val_config(key, "security", "domain"); + W_ERROR_NOT_OK_RETURN(werr); + + werr = do_modify_val_config(key, "workgroup", + r->out.netbios_domain_name); + W_ERROR_NOT_OK_RETURN(werr); + + if (is_ad) { + werr = do_modify_val_config(key, "security", "ads"); + W_ERROR_NOT_OK_RETURN(werr); + + werr = do_modify_val_config(key, "realm", + r->out.dns_domain_name); + W_ERROR_NOT_OK_RETURN(werr); + } + + return werr; +} + +static WERROR do_DomainJoinConfig(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + WERROR werr; + struct registry_key *key = NULL; + + if (!W_ERROR_IS_OK(r->out.result)) { + return r->out.result; + } + + if (!r->in.modify_config) { + return WERR_OK; + } + + if (!registry_init_regdb()) { + return WERR_REG_IO_FAILURE; + } + + if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { + werr = libnet_reg_createkey_internal(mem_ctx, + GLOBAL_NAME, &key); + } else { + werr = libnet_smbconf_open_path(mem_ctx, + GLOBAL_NAME, + REG_KEY_WRITE, &key); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + werr = do_modify_vals_config(mem_ctx, r, key); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + r->out.modified_config = true; + r->out.result = werr; + + return werr; +} + +WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx **r) +{ + struct libnet_JoinCtx *ctx; + + ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); + if (!ctx) { + return WERR_NOMEM; + } + + *r = ctx; + + return WERR_OK; +} + +WERROR libnet_Join(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + WERROR werr; + + if (!r->in.domain_name) { + return WERR_INVALID_PARAM; + } + + if (r->in.modify_config && !lp_include_registry_globals()) { + return WERR_NOT_SUPPORTED; + } + + werr = do_DomainJoin(mem_ctx, r); + + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + werr = do_DomainJoinConfig(mem_ctx, r); + + return werr; +} -- cgit From 41410c86cc698f997dd82a143fd92277060384b0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Dec 2007 12:22:20 +0100 Subject: Some libnet and netapi build fixes. Guenther (This used to be commit 1d47247283f7bc75291007be3fde72b1d3d95b99) --- source3/libnet/libnet.h | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 source3/libnet/libnet.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h new file mode 100644 index 0000000000..fa24c3b40a --- /dev/null +++ b/source3/libnet/libnet.h @@ -0,0 +1,26 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Support + * Copyright (C) Guenther Deschner 2007 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef __LIBNET_H__ +#define __LIBNET_H__ + +#include "libnet/libnet_join.h" +#include "libnet/libnet_proto.h" + +#endif -- cgit From c5a84374b6b2af7adff807a739fb1dc279bd4a58 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Dec 2007 17:37:24 +0100 Subject: Make sure we also support non-domain join. Guenther (This used to be commit c818f5505a124a6f0bb9274a1ba4a6147d2f17b3) --- source3/libnet/libnet_join.c | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index ce5b1b7b10..dd3d2254d8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -250,6 +250,16 @@ static WERROR do_modify_vals_config(TALLOC_CTX *mem_ctx, WERROR werr; bool is_ad = false; + if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { + + werr = do_modify_val_config(key, "security", "user"); + W_ERROR_NOT_OK_RETURN(werr); + + werr = do_modify_val_config(key, "workgroup", + r->in.domain_name); + return werr; + } + if (r->out.dns_domain_name) { is_ad = true; } @@ -273,8 +283,8 @@ static WERROR do_modify_vals_config(TALLOC_CTX *mem_ctx, return werr; } -static WERROR do_DomainJoinConfig(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) { WERROR werr; struct registry_key *key = NULL; @@ -342,13 +352,18 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, return WERR_NOT_SUPPORTED; } - werr = do_DomainJoin(mem_ctx, r); + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { + werr = do_DomainJoin(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + } + + werr = do_JoinConfig(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { return werr; } - werr = do_DomainJoinConfig(mem_ctx, r); - return werr; } -- cgit From b6347c06935fc769b4bd6cdcbca63c633ba12614 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Dec 2007 10:16:40 +0100 Subject: Making do_DomainJoin return NTSTATUS again. Guenther (This used to be commit 91b884989891881b8abea70e11b87c16c574daaa) --- source3/libnet/libnet_join.c | 38 +++++++++++++++----------------------- 1 file changed, 15 insertions(+), 23 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index dd3d2254d8..f787a2d632 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -22,15 +22,14 @@ #include "libnet/libnet_join.h" #include "libnet/libnet_proto.h" -static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; const char *password = NULL; POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - WERROR werr; char *acct_name; const char *const_acct_name; uint32 user_rid; @@ -49,7 +48,7 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); - W_ERROR_HAVE_NO_MEMORY(password); + NT_STATUS_HAVE_NO_MEMORY(password); status = cli_full_connection(&cli, NULL, r->in.server_name, NULL, 0, @@ -60,20 +59,17 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status); if (!pipe_hnd) { - werr = ntstatus_to_werror(status); goto done; } status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -82,7 +78,6 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, &r->out.netbios_domain_name, &r->out.domain_sid); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -99,14 +94,12 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); if (!pipe_hnd) { - werr = ntstatus_to_werror(status); goto done; } status = rpccli_samr_connect(pipe_hnd, mem_ctx, SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -115,7 +108,6 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, r->out.domain_sid, &domain_pol); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -128,7 +120,6 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, 0xe005000b, &user_pol, &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { - werr = WERR_SETUP_ALREADY_JOINED; goto done; } } @@ -142,12 +133,11 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, &const_acct_name, &num_rids, &user_rids, &name_types); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } if (name_types[0] != SID_NAME_USER) { - werr = ntstatus_to_werror(NT_STATUS_INVALID_WORKSTATION); + status = NT_STATUS_INVALID_WORKSTATION; goto done; } @@ -157,7 +147,6 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, &user_pol); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -197,7 +186,6 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, infolevel, &cli->user_session_key, &ctr); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); goto done; } @@ -207,7 +195,7 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, if (!secrets_store_domain_sid(r->out.netbios_domain_name, r->out.domain_sid)) { - werr = WERR_GENERAL_FAILURE; + status = NT_STATUS_INTERNAL_DB_ERROR; goto done; } @@ -215,17 +203,17 @@ static WERROR do_DomainJoin(TALLOC_CTX *mem_ctx, r->out.netbios_domain_name, SEC_CHAN_WKSTA)) { - werr = WERR_GENERAL_FAILURE; + status = NT_STATUS_INTERNAL_DB_ERROR; goto done; } - werr = WERR_OK; + status = NT_STATUS_OK; done: if (cli) { cli_shutdown(cli); } - return werr; + return status; } static WERROR do_modify_val_config(struct registry_key *key, @@ -343,6 +331,7 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { WERROR werr; + NTSTATUS status; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -354,9 +343,12 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = do_DomainJoin(mem_ctx, r); - if (!W_ERROR_IS_OK(werr)) { - return werr; + status = do_DomainJoin(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + return WERR_SETUP_ALREADY_JOINED; + } + return ntstatus_to_werror(status); } } -- cgit From f3476faa36adeacea4301aff823ec021588cca2e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Dec 2007 10:31:12 +0100 Subject: In libnet join code, try lsa query with level 12 first. Guenther (This used to be commit f0e8d744c92d2602722e04be6266196941362d63) --- source3/libnet/libnet_join.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f787a2d632..18421056da 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -73,14 +73,6 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol, - 5, - &r->out.netbios_domain_name, - &r->out.domain_sid); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - status = rpccli_lsa_query_info_policy2(pipe_hnd, mem_ctx, &lsa_pol, 12, &r->out.netbios_domain_name, @@ -89,6 +81,16 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, NULL, &r->out.domain_sid); + if (!NT_STATUS_IS_OK(status)) { + status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol, + 5, + &r->out.netbios_domain_name, + &r->out.domain_sid); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); cli_rpc_pipe_close(pipe_hnd); -- cgit From 41467ffc6d2588bfc9cd112586f6036c185536b2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Dec 2007 11:02:39 +0100 Subject: Add libnet_Unjoin(), libnet_UnjoinCtx and friends. Guenther (This used to be commit 89e8abb1163984eed358a4da9be4699a8e3a43f9) --- source3/libnet/libnet_join.c | 226 ++++++++++++++++++++++++++++++++++++++++++- source3/libnet/libnet_join.h | 17 ++++ 2 files changed, 239 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 18421056da..68434bd391 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -218,6 +218,119 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, return status; } +static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + struct cli_state *cli = NULL; + struct rpc_pipe_client *pipe_hnd = NULL; + POLICY_HND sam_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *acct_name; + uint32 flags = 0x3e8; + const char *const_acct_name; + uint32 user_rid; + uint32 num_rids, *name_types, *user_rids; + SAM_USERINFO_CTR ctr, *qctr = NULL; + SAM_USER_INFO_16 p16; + + status = cli_full_connection(&cli, NULL, r->in.server_name, + NULL, 0, + "IPC$", "IPC", + r->in.admin_account, + NULL, //r->in.domain_name, + r->in.password, + 0, Undefined, NULL); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); + if (!pipe_hnd) { + goto done; + } + + status = rpccli_samr_connect(pipe_hnd, mem_ctx, + SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + r->in.domain_sid, + &domain_pol); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); + strlower_m(acct_name); + const_acct_name = acct_name; + + status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, + &domain_pol, flags, 1, + &const_acct_name, + &num_rids, &user_rids, &name_types); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + if (name_types[0] != SID_NAME_USER) { + status = NT_STATUS_INVALID_WORKSTATION; + goto done; + } + + user_rid = user_rids[0]; + + status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, &user_pol); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, + &user_pol, 16, &qctr); + if (!NT_STATUS_IS_OK(status)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + goto done; + } + + ZERO_STRUCT(ctr); + ctr.switch_value = 16; + ctr.info.id16 = &p16; + + p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED; + + status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, + &cli->user_session_key, &ctr); + + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + + if (!secrets_delete_machine_password_ex(lp_workgroup())) { + status = NT_STATUS_INTERNAL_DB_ERROR; + goto done; + } + + if (!secrets_delete_domain_sid(lp_workgroup())) { + status = NT_STATUS_INTERNAL_DB_ERROR; + goto done; + } + +done: + rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol); + + cli_rpc_pipe_close(pipe_hnd); + + if (cli) { + cli_shutdown(cli); + } + + return status; +} + static WERROR do_modify_val_config(struct registry_key *key, const char *val_name, const char *val_data) @@ -233,9 +346,9 @@ static WERROR do_modify_val_config(struct registry_key *key, return reg_setvalue(key, val_name, &val); } -static WERROR do_modify_vals_config(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r, - struct registry_key *key) +static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct registry_key *key) { WERROR werr; bool is_ad = false; @@ -273,6 +386,24 @@ static WERROR do_modify_vals_config(TALLOC_CTX *mem_ctx, return werr; } +static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r, + struct registry_key *key) +{ + WERROR werr; + + if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { + + werr = do_modify_val_config(key, "security", "user"); + W_ERROR_NOT_OK_RETURN(werr); + } + + reg_deletevalue(key, "realm"); + + return werr; +} + + static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -303,7 +434,48 @@ static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, return werr; } - werr = do_modify_vals_config(mem_ctx, r, key); + werr = do_join_modify_vals_config(mem_ctx, r, key); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + r->out.modified_config = true; + r->out.result = werr; + + return werr; +} + +static WERROR do_UnjoinConfig(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + WERROR werr; + struct registry_key *key = NULL; + + if (!W_ERROR_IS_OK(r->out.result)) { + return r->out.result; + } + + if (!r->in.modify_config) { + return WERR_OK; + } + + if (!registry_init_regdb()) { + return WERR_REG_IO_FAILURE; + } + + if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { + werr = libnet_reg_createkey_internal(mem_ctx, + GLOBAL_NAME, &key); + } else { + werr = libnet_smbconf_open_path(mem_ctx, + GLOBAL_NAME, + REG_KEY_WRITE, &key); + } + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + werr = do_unjoin_modify_vals_config(mem_ctx, r, key); if (!W_ERROR_IS_OK(werr)) { return werr; } @@ -329,6 +501,21 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, return WERR_OK; } +WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx **r) +{ + struct libnet_UnjoinCtx *ctx; + + ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); + if (!ctx) { + return WERR_NOMEM; + } + + *r = ctx; + + return WERR_OK; +} + WERROR libnet_Join(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -361,3 +548,34 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, return werr; } + +WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + WERROR werr; + NTSTATUS status; + + printf("libnet_Unjoin\n"); + + if (r->in.modify_config && !lp_include_registry_globals()) { + return WERR_NOT_SUPPORTED; + } + + if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { + + status = do_DomainUnjoin(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return WERR_SETUP_NOT_JOINED; + } + return ntstatus_to_werror(status); + } + } + + werr = do_UnjoinConfig(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + return werr; +} diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 9596733cee..46ab27e8b0 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -39,8 +39,25 @@ struct libnet_JoinCtx { char *netbios_domain_name; char *dns_domain_name; char *dn; + struct dom_sid *domain_sid; bool modified_config; + WERROR result; + } out; +}; + +struct libnet_UnjoinCtx { + struct { + const char *server_name; + const char *domain_name; + const char *admin_account; + const char *password; + uint32_t unjoin_flags; + bool modify_config; struct dom_sid *domain_sid; + } in; + + struct { + bool modified_config; WERROR result; } out; }; -- cgit From 991112eda710c97dff607dd615c777023395da65 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Dec 2007 16:07:40 +0100 Subject: Implement NetServerSetInfo level 1005 in local mode with smbconf registry. Guenther (This used to be commit 15c2bc15f20a677c3c94895150e396275de6ac9b) --- source3/libnet/libnet_conf.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index f394e02e20..8bc5161268 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -147,3 +147,49 @@ done: return werr; } +static WERROR do_modify_val_config(struct registry_key *key, + const char *val_name, + const char *val_data) +{ + struct registry_value val; + + ZERO_STRUCT(val); + + val.type = REG_SZ; + val.v.sz.str = CONST_DISCARD(char *, val_data); + val.v.sz.len = strlen(val_data) + 1; + + return reg_setvalue(key, val_name, &val); +} + +WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, + const char *param, + const char *val) +{ + WERROR werr; + struct registry_key *key = NULL; + + if (!lp_include_registry_globals()) { + return WERR_NOT_SUPPORTED; + } + + if (!registry_init_regdb()) { + return WERR_REG_IO_FAILURE; + } + + if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { + werr = libnet_reg_createkey_internal(mem_ctx, + GLOBAL_NAME, &key); + } else { + werr = libnet_smbconf_open_path(mem_ctx, + GLOBAL_NAME, + REG_KEY_WRITE, &key); + } + + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + return do_modify_val_config(key, param, val); +} + -- cgit From 3537af86c409ea7478e3414a17d7ff3779e4bdbe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Dec 2007 12:13:04 +0100 Subject: Fix typo. Guenther (This used to be commit b95801db595109e8eade7cf7c344f281c8684249) --- source3/libnet/libnet_join.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 68434bd391..b1ebed3e15 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -555,8 +555,6 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, WERROR werr; NTSTATUS status; - printf("libnet_Unjoin\n"); - if (r->in.modify_config && !lp_include_registry_globals()) { return WERR_NOT_SUPPORTED; } -- cgit From 3f5d5bc300cc3061bc7066b8b48b68b2b5d55c5d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 21 Dec 2007 23:04:26 +0100 Subject: Until we better understand the WKSSVC_JOIN_FLAGS_JOIN_DC_ACCOUNT make sure we are not joining as a DC. Guenther (This used to be commit bf3ffbb5d2e8588e0041f0b890b590c58f8fcecf) --- source3/libnet/libnet_join.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b1ebed3e15..c1ff8bb052 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -530,6 +530,10 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, return WERR_NOT_SUPPORTED; } + if (IS_DC) { + return WERR_SETUP_DOMAIN_CONTROLLER; + } + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { status = do_DomainJoin(mem_ctx, r); -- cgit From 30a788bd2027648de1a1bc0922f40c1c00b727bd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 22 Dec 2007 00:12:59 +0100 Subject: Fix uninitialized error code in do_unjoin_modify_vals_config(). Guenther (This used to be commit c890ebc3cad7222007e62227ec1f28d978310cbf) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c1ff8bb052..2994c3f59d 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -390,7 +390,7 @@ static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r, struct registry_key *key) { - WERROR werr; + WERROR werr = WERR_OK; if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { -- cgit From aeea4bfadd98f23df71c5754bef7defc42d2f67f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 01:43:13 +0100 Subject: Make libnet_smbconf_open_path_q() static. Michael (This used to be commit 8cf8ed9de8c3f41588fa93bd102f61f5b8b493c4) --- source3/libnet/libnet_conf.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 8bc5161268..dcaa7689b3 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -24,9 +24,10 @@ * Open a subkey of KEY_SMBCONF (i.e a service) * - variant without error output (q = quiet)- */ -WERROR libnet_smbconf_open_path_q(TALLOC_CTX *ctx, const char *subkeyname, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_open_path_q(TALLOC_CTX *ctx, + const char *subkeyname, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; -- cgit From ec3e8587ecdef8e4a52d4c37ac379d9e414b861b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 02:44:29 +0100 Subject: Move smbconf_value_exists() to libnet/net_conf.c renaming it to libnet_smbconf_value_exists(). Michael (This used to be commit ba71c6844588f0342589163f514385911e7331e7) --- source3/libnet/libnet_conf.c | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index dcaa7689b3..9f64e7fc0d 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -194,3 +194,20 @@ WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, return do_modify_val_config(key, param, val); } +bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, + struct registry_key *key, + const char *param) +{ + bool ret = False; + WERROR werr = WERR_OK; + struct registry_value *value = NULL; + + werr = reg_queryvalue(ctx, key, param, &value); + if (W_ERROR_IS_OK(werr)) { + ret = True; + } + + TALLOC_FREE(value); + return ret; +} + -- cgit From b04708866f146ada8a7cc353347244df54821fbf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 02:55:25 +0100 Subject: Move logic of net_smbconf_delparm() to libnet/libnet_conf.c Logic in new function libnet_smbconf_delparm(). Michael (This used to be commit 0cff79e3552e91ba0b6bc054802d28afcf4e8da4) --- source3/libnet/libnet_conf.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 9f64e7fc0d..960ee80dbc 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -194,7 +194,7 @@ WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, return do_modify_val_config(key, param, val); } -bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, +static bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, struct registry_key *key, const char *param) { @@ -211,3 +211,26 @@ bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, return ret; } +WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, + const char *service, + const char *param) +{ + struct registry_key *key = NULL; + WERROR werr = WERR_OK; + + if (!libnet_smbconf_key_exists(mem_ctx, service)) { + return WERR_NO_SUCH_SERVICE; + } + + werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_READ, &key); + W_ERROR_NOT_OK_RETURN(werr); + + if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { + return WERR_INVALID_PARAM; + } + + werr = reg_deletevalue(key, param); + W_ERROR_NOT_OK_RETURN(werr); + + return WERR_OK; +} -- cgit From bd2b8f0f7b5a98917162bc5a27ffa4ee4cbebc54 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:02:19 +0100 Subject: Replace direct deletion of registry value by use of libnet_smbconf_delparm(). Michael (This used to be commit 415fc0a5261f4d941027e5d5305fcea882724aef) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2994c3f59d..fe7fb7dd73 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -398,7 +398,7 @@ static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, W_ERROR_NOT_OK_RETURN(werr); } - reg_deletevalue(key, "realm"); + werr = libnet_smbconf_delparm(mem_ctx, "GLOBAL", "realm"); return werr; } -- cgit From 88a424a4d37b61af4e126869a16a2ca43d878056 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:13:30 +0100 Subject: Remove occurrences of registry_key from libnet_join.c Replace duplicated logic by calls of libnet_smbconf_set_global_param() from libnet_conf.c, pushing logic from do_JoinConfig() and do_UnjoinConfig() to do_join_modify_vals_config() and do_unjoin_modify_vals_config() respectively. Only the net_conf api functions should be exported by libnet_conf.c, not the lower level registry access functions. Michael (This used to be commit 81b9f1301d61f05f9153be61d62c13e82cecf7e2) --- source3/libnet/libnet_join.c | 82 +++++++++----------------------------------- 1 file changed, 17 insertions(+), 65 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index fe7fb7dd73..68244e5156 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -331,35 +331,20 @@ done: return status; } -static WERROR do_modify_val_config(struct registry_key *key, - const char *val_name, - const char *val_data) -{ - struct registry_value val; - - ZERO_STRUCT(val); - - val.type = REG_SZ; - val.v.sz.str = CONST_DISCARD(char *, val_data); - val.v.sz.len = strlen(val_data) + 1; - - return reg_setvalue(key, val_name, &val); -} - static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r, - struct registry_key *key) + struct libnet_JoinCtx *r) { WERROR werr; bool is_ad = false; if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { - werr = do_modify_val_config(key, "security", "user"); + werr = libnet_smbconf_set_global_param(mem_ctx, "security", + "user"); W_ERROR_NOT_OK_RETURN(werr); - werr = do_modify_val_config(key, "workgroup", - r->in.domain_name); + werr = libnet_smbconf_set_global_param(mem_ctx, "workgroup", + r->in.domain_name); return werr; } @@ -367,19 +352,20 @@ static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, is_ad = true; } - werr = do_modify_val_config(key, "security", "domain"); + werr = libnet_smbconf_set_global_param(mem_ctx, "security", "domain"); W_ERROR_NOT_OK_RETURN(werr); - werr = do_modify_val_config(key, "workgroup", - r->out.netbios_domain_name); + werr = libnet_smbconf_set_global_param(mem_ctx, "workgroup", + r->out.netbios_domain_name); W_ERROR_NOT_OK_RETURN(werr); if (is_ad) { - werr = do_modify_val_config(key, "security", "ads"); + werr = libnet_smbconf_set_global_param(mem_ctx, "security", + "ads"); W_ERROR_NOT_OK_RETURN(werr); - werr = do_modify_val_config(key, "realm", - r->out.dns_domain_name); + werr = libnet_smbconf_set_global_param(mem_ctx, "realm", + r->out.dns_domain_name); W_ERROR_NOT_OK_RETURN(werr); } @@ -387,14 +373,14 @@ static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, } static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, - struct libnet_UnjoinCtx *r, - struct registry_key *key) + struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = do_modify_val_config(key, "security", "user"); + werr = libnet_smbconf_set_global_param(mem_ctx, "security", + "user"); W_ERROR_NOT_OK_RETURN(werr); } @@ -408,7 +394,6 @@ static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { WERROR werr; - struct registry_key *key = NULL; if (!W_ERROR_IS_OK(r->out.result)) { return r->out.result; @@ -418,23 +403,7 @@ static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, return WERR_OK; } - if (!registry_init_regdb()) { - return WERR_REG_IO_FAILURE; - } - - if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { - werr = libnet_reg_createkey_internal(mem_ctx, - GLOBAL_NAME, &key); - } else { - werr = libnet_smbconf_open_path(mem_ctx, - GLOBAL_NAME, - REG_KEY_WRITE, &key); - } - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - - werr = do_join_modify_vals_config(mem_ctx, r, key); + werr = do_join_modify_vals_config(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { return werr; } @@ -449,7 +418,6 @@ static WERROR do_UnjoinConfig(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { WERROR werr; - struct registry_key *key = NULL; if (!W_ERROR_IS_OK(r->out.result)) { return r->out.result; @@ -459,23 +427,7 @@ static WERROR do_UnjoinConfig(TALLOC_CTX *mem_ctx, return WERR_OK; } - if (!registry_init_regdb()) { - return WERR_REG_IO_FAILURE; - } - - if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { - werr = libnet_reg_createkey_internal(mem_ctx, - GLOBAL_NAME, &key); - } else { - werr = libnet_smbconf_open_path(mem_ctx, - GLOBAL_NAME, - REG_KEY_WRITE, &key); - } - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - - werr = do_unjoin_modify_vals_config(mem_ctx, r, key); + werr = do_unjoin_modify_vals_config(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From 31d436e54c2ec56ae59527feb9a31d13eca44f6d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:34:36 +0100 Subject: Move reg_setvalue_internal() to libnet_conf.c renaming it to libnet_smbconf_setvalue_internal() Michael (This used to be commit 7cb51a1d6d95704225d9ab22e88cc76fa910d38c) --- source3/libnet/libnet_conf.c | 72 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 960ee80dbc..d42e5ad227 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -148,6 +148,78 @@ done: return werr; } + +/* + * add a value to a key. + */ +WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, + const char *valname, + const char *valstr) +{ + struct registry_value val; + WERROR werr = WERR_OK; + char *subkeyname; + const char *canon_valname; + const char *canon_valstr; + + if (!lp_canonicalize_parameter_with_value(valname, valstr, + &canon_valname, + &canon_valstr)) + { + if (canon_valname == NULL) { + d_fprintf(stderr, "invalid parameter '%s' given\n", + valname); + } else { + d_fprintf(stderr, "invalid value '%s' given for " + "parameter '%s'\n", valstr, valname); + } + werr = WERR_INVALID_PARAM; + goto done; + } + + ZERO_STRUCT(val); + + val.type = REG_SZ; + val.v.sz.str = CONST_DISCARD(char *, canon_valstr); + val.v.sz.len = strlen(canon_valstr) + 1; + + if (registry_smbconf_valname_forbidden(canon_valname)) { + d_fprintf(stderr, "Parameter '%s' not allowed in registry.\n", + canon_valname); + werr = WERR_INVALID_PARAM; + goto done; + } + + subkeyname = strrchr_m(key->key->name, '\\'); + if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) { + d_fprintf(stderr, "Invalid registry key '%s' given as " + "smbconf section.\n", key->key->name); + werr = WERR_INVALID_PARAM; + goto done; + } + subkeyname++; + if (!strequal(subkeyname, GLOBAL_NAME) && + lp_parameter_is_global(valname)) + { + d_fprintf(stderr, "Global paramter '%s' not allowed in " + "service definition ('%s').\n", canon_valname, + subkeyname); + werr = WERR_INVALID_PARAM; + goto done; + } + + werr = reg_setvalue(key, canon_valname, &val); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, + "Error adding value '%s' to " + "key '%s': %s\n", + canon_valname, key->key->name, dos_errstr(werr)); + } + +done: + return werr; +} + static WERROR do_modify_val_config(struct registry_key *key, const char *val_name, const char *val_data) -- cgit From 62f08d3dd9b1f1d53a8e9ecf352fbbfb4c12c484 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:41:55 +0100 Subject: Move net_conf_setparm() to libnet_conf.c renaming it to libnet_smbconf_setparm() Michael (This used to be commit 60f49b22b5aa125ff6cb358a258a1be99c378d7a) --- source3/libnet/libnet_conf.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index d42e5ad227..00dc1d473d 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -235,6 +235,27 @@ static WERROR do_modify_val_config(struct registry_key *key, return reg_setvalue(key, val_name, &val); } +WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, + const char *service, + const char *param, + const char *valstr) +{ + WERROR werr; + struct registry_key *key = NULL; + + if (!libnet_smbconf_key_exists(mem_ctx, service)) { + werr = libnet_reg_createkey_internal(mem_ctx, service, &key); + } else { + werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_WRITE, + &key); + } + W_ERROR_NOT_OK_RETURN(werr); + + werr = libnet_smbconf_reg_setvalue_internal(key, param, valstr); + + return werr; +} + WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, const char *param, const char *val) -- cgit From b6527f3d29dccc4b86252e7d6722371e61870e80 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:47:16 +0100 Subject: Reorder libnet_conf.c some, adding "section" comments. Michael (This used to be commit b9f22adfd3e67046b7d786b5b338e078b4cdc6df) --- source3/libnet/libnet_conf.c | 48 +++++++++++++++++++++++++++----------------- 1 file changed, 30 insertions(+), 18 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 00dc1d473d..f364e4fb64 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -20,6 +20,13 @@ #include "includes.h" +/********************************************************************** + * + * Helper functions (mostly registry related) + * TODO: These should be eventually static. + + **********************************************************************/ + /* * Open a subkey of KEY_SMBCONF (i.e a service) * - variant without error output (q = quiet)- @@ -77,6 +84,23 @@ done: return ret; } +static bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, + struct registry_key *key, + const char *param) +{ + bool ret = False; + WERROR werr = WERR_OK; + struct registry_value *value = NULL; + + werr = reg_queryvalue(ctx, key, param, &value); + if (W_ERROR_IS_OK(werr)) { + ret = True; + } + + TALLOC_FREE(value); + return ret; +} + /* * Open a subkey of KEY_SMBCONF (i.e a service) * - variant with error output - @@ -148,7 +172,6 @@ done: return werr; } - /* * add a value to a key. */ @@ -235,6 +258,12 @@ static WERROR do_modify_val_config(struct registry_key *key, return reg_setvalue(key, val_name, &val); } +/********************************************************************** + * + * The actual net conf api functions, that are exported. + * + **********************************************************************/ + WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, const char *service, const char *param, @@ -287,23 +316,6 @@ WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, return do_modify_val_config(key, param, val); } -static bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, - struct registry_key *key, - const char *param) -{ - bool ret = False; - WERROR werr = WERR_OK; - struct registry_value *value = NULL; - - werr = reg_queryvalue(ctx, key, param, &value); - if (W_ERROR_IS_OK(werr)) { - ret = True; - } - - TALLOC_FREE(value); - return ret; -} - WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, const char *service, const char *param) -- cgit From a48f3c8a964fe6b320a052a6251354351f8d98e0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 03:52:00 +0100 Subject: Make libnet_smbconf_set_global_param() call libnet_smbconf_setparm(). This not only removes duplicate logic, but also the use of libnet_smbconf_reg_setvalue_internal() instead of do_modify_val_config() which is removed, does add important tests and canonicalizations. Michael (This used to be commit fa844866493ee270f31faa3eca77cdff16b26301) --- source3/libnet/libnet_conf.c | 61 +++++++++++--------------------------------- 1 file changed, 15 insertions(+), 46 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index f364e4fb64..9d06f8287b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,21 +243,6 @@ done: return werr; } -static WERROR do_modify_val_config(struct registry_key *key, - const char *val_name, - const char *val_data) -{ - struct registry_value val; - - ZERO_STRUCT(val); - - val.type = REG_SZ; - val.v.sz.str = CONST_DISCARD(char *, val_data); - val.v.sz.len = strlen(val_data) + 1; - - return reg_setvalue(key, val_name, &val); -} - /********************************************************************** * * The actual net conf api functions, that are exported. @@ -285,37 +270,6 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, return werr; } -WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, - const char *param, - const char *val) -{ - WERROR werr; - struct registry_key *key = NULL; - - if (!lp_include_registry_globals()) { - return WERR_NOT_SUPPORTED; - } - - if (!registry_init_regdb()) { - return WERR_REG_IO_FAILURE; - } - - if (!libnet_smbconf_key_exists(mem_ctx, GLOBAL_NAME)) { - werr = libnet_reg_createkey_internal(mem_ctx, - GLOBAL_NAME, &key); - } else { - werr = libnet_smbconf_open_path(mem_ctx, - GLOBAL_NAME, - REG_KEY_WRITE, &key); - } - - if (!W_ERROR_IS_OK(werr)) { - return werr; - } - - return do_modify_val_config(key, param, val); -} - WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, const char *service, const char *param) @@ -339,3 +293,18 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, return WERR_OK; } + + +/********************************************************************** + * + * Convenience functions, that are also exportet. + * + **********************************************************************/ + +WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, + const char *param, + const char *val) +{ + return libnet_smbconf_setparm(mem_ctx, GLOBAL_NAME, param, val); +} + -- cgit From d1c2280cd44e40a4398115c7d862ac0c296c98bc Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 04:10:15 +0100 Subject: Rename libnet_reg_createkey_internal() to libnet_smbconf_reg_createkey_internal(). Michael (This used to be commit 0e7f215f54c68b2d40f65f90ed11c41e1a7ef5ed) --- source3/libnet/libnet_conf.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 9d06f8287b..69a105f8f5 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -134,9 +134,9 @@ WERROR libnet_smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, /* * create a subkey of KEY_SMBCONF */ -WERROR libnet_reg_createkey_internal(TALLOC_CTX *ctx, - const char * subkeyname, - struct registry_key **newkey) +WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, + const char * subkeyname, + struct registry_key **newkey) { WERROR werr = WERR_OK; struct registry_key *create_parent = NULL; @@ -258,7 +258,8 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, struct registry_key *key = NULL; if (!libnet_smbconf_key_exists(mem_ctx, service)) { - werr = libnet_reg_createkey_internal(mem_ctx, service, &key); + werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, + &key); } else { werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_WRITE, &key); -- cgit From 8f163d5c5ae48a3ff1974e936b9316781eceff8a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 15:07:20 +0100 Subject: Move logic of net_conf_getparm() to libnet_conf.c. Michael (This used to be commit d3a20c4d5a8109334cd3ed665ba60cfcc4425059) --- source3/libnet/libnet_conf.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 69a105f8f5..121ec35468 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -271,6 +271,30 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, return werr; } +WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, + const char *service, + const char *param, + struct registry_value **value) +{ + WERROR werr; + struct registry_key *key = NULL; + + if (!libnet_smbconf_key_exists(mem_ctx, service)) { + return WERR_NO_SUCH_SERVICE; + } + + werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_READ, &key); + W_ERROR_NOT_OK_RETURN(werr); + + if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { + return WERR_INVALID_PARAM; + } + + werr = reg_queryvalue(mem_ctx, key, param, value); + + return werr; +} + WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, const char *service, const char *param) -- cgit From 6306005f4c12275df2f0cd2c2a95493bea36824d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 23:02:47 +0100 Subject: Remove redundant check of return value. Michael (This used to be commit 29f46c2d45e7ad7f8a9a525f9ac82c050a510967) --- source3/libnet/libnet_conf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 121ec35468..9eb5c16adc 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -314,9 +314,8 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, } werr = reg_deletevalue(key, param); - W_ERROR_NOT_OK_RETURN(werr); - return WERR_OK; + return werr; } -- cgit From 44860bce54d448316d2ac0bb9b0a2d0677d6c4eb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Dec 2007 23:58:58 +0100 Subject: Fix rights error in libnet_smbconf_delparm(). Introduced by additional test for existence of given parameter. Michael (This used to be commit 0fe095e85ca981e5660a67f3fb7d7965ae62c667) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 9eb5c16adc..3a64c3d844 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -306,7 +306,7 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, return WERR_NO_SUCH_SERVICE; } - werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_READ, &key); + werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_ALL, &key); W_ERROR_NOT_OK_RETURN(werr); if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { -- cgit From 225dbe6c02e45b30541acb21f60cc20ddcfbf362 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 00:47:43 +0100 Subject: Don't leak memory in libnet_smbconf_getparm(). Michael (This used to be commit 09e62c765401102480d39a483bfffaf5a054babc) --- source3/libnet/libnet_conf.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3a64c3d844..d9a9e7de9b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -280,18 +280,24 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, struct registry_key *key = NULL; if (!libnet_smbconf_key_exists(mem_ctx, service)) { - return WERR_NO_SUCH_SERVICE; + werr = WERR_NO_SUCH_SERVICE; + goto done; } werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_READ, &key); - W_ERROR_NOT_OK_RETURN(werr); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { - return WERR_INVALID_PARAM; + werr = WERR_INVALID_PARAM; + goto done; } werr = reg_queryvalue(mem_ctx, key, param, value); +done: + TALLOC_FREE(key); return werr; } -- cgit From c74579f49149171e731ae9b5a8e77c579d120cbb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 00:53:22 +0100 Subject: Make libnet_smbconf_key_exists() use talloc_stackframe(). And not pass a talloc context. Michael (This used to be commit 7e8451f2f03b246801783aaf4b3d54465292f8f7) --- source3/libnet/libnet_conf.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index d9a9e7de9b..26e17f2ea3 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -62,24 +62,18 @@ done: /* * check if a subkey of KEY_SMBCONF of a given name exists */ -bool libnet_smbconf_key_exists(TALLOC_CTX *ctx, const char *subkeyname) +bool libnet_smbconf_key_exists(const char *subkeyname) { bool ret = False; WERROR werr = WERR_OK; - TALLOC_CTX *mem_ctx; - struct registry_key *key; - - if (!(mem_ctx = talloc_new(ctx))) { - d_fprintf(stderr, "ERROR: Out of memory...!\n"); - goto done; - } + TALLOC_CTX *mem_ctx = talloc_stackframe(); + struct registry_key *key = NULL; werr = libnet_smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = True; } -done: TALLOC_FREE(mem_ctx); return ret; } @@ -257,7 +251,7 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, WERROR werr; struct registry_key *key = NULL; - if (!libnet_smbconf_key_exists(mem_ctx, service)) { + if (!libnet_smbconf_key_exists(service)) { werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, &key); } else { @@ -279,7 +273,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, WERROR werr; struct registry_key *key = NULL; - if (!libnet_smbconf_key_exists(mem_ctx, service)) { + if (!libnet_smbconf_key_exists(service)) { werr = WERR_NO_SUCH_SERVICE; goto done; } @@ -308,7 +302,7 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, struct registry_key *key = NULL; WERROR werr = WERR_OK; - if (!libnet_smbconf_key_exists(mem_ctx, service)) { + if (!libnet_smbconf_key_exists(service)) { return WERR_NO_SUCH_SERVICE; } -- cgit From 434f0bcb02fe9df247527e1fa0372c94359f2f07 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 00:56:24 +0100 Subject: Make libnet_smbconf_value_exists() use talloc_stackframe(). And not pass a talloc context. Michael (This used to be commit 2983aba9d092e6ede43f6eb521c17fe3f304d041) --- source3/libnet/libnet_conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 26e17f2ea3..35eb740588 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -78,12 +78,12 @@ bool libnet_smbconf_key_exists(const char *subkeyname) return ret; } -static bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, - struct registry_key *key, +static bool libnet_smbconf_value_exists(struct registry_key *key, const char *param) { bool ret = False; WERROR werr = WERR_OK; + TALLOC_CTX *ctx = talloc_stackframe(); struct registry_value *value = NULL; werr = reg_queryvalue(ctx, key, param, &value); @@ -91,7 +91,7 @@ static bool libnet_smbconf_value_exists(TALLOC_CTX *ctx, ret = True; } - TALLOC_FREE(value); + TALLOC_FREE(ctx); return ret; } @@ -283,7 +283,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { + if (!libnet_smbconf_value_exists(key, param)) { werr = WERR_INVALID_PARAM; goto done; } @@ -309,7 +309,7 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_ALL, &key); W_ERROR_NOT_OK_RETURN(werr); - if (!libnet_smbconf_value_exists(mem_ctx, key, param)) { + if (!libnet_smbconf_value_exists(key, param)) { return WERR_INVALID_PARAM; } -- cgit From 92b1ef15df560c9cc0429bc5ecb4084efe05610f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 00:57:04 +0100 Subject: Use the appropriate boolean constants. Michael (This used to be commit 45e3e2451adc1490b62d39d486c169ad53e1d3f3) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 35eb740588..ebf2d6654f 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -64,14 +64,14 @@ done: */ bool libnet_smbconf_key_exists(const char *subkeyname) { - bool ret = False; + bool ret = false; WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; werr = libnet_smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { - ret = True; + ret = true; } TALLOC_FREE(mem_ctx); @@ -81,14 +81,14 @@ bool libnet_smbconf_key_exists(const char *subkeyname) static bool libnet_smbconf_value_exists(struct registry_key *key, const char *param) { - bool ret = False; + bool ret = false; WERROR werr = WERR_OK; TALLOC_CTX *ctx = talloc_stackframe(); struct registry_value *value = NULL; werr = reg_queryvalue(ctx, key, param, &value); if (W_ERROR_IS_OK(werr)) { - ret = True; + ret = true; } TALLOC_FREE(ctx); -- cgit From 713221e1c52db2df787ec8ec66c14f17b168cc78 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 01:00:46 +0100 Subject: Do not leak memory in libnet_smbconf_setparm(). Michael (This used to be commit a657b1c9f17d3cebc86b596f1f2d244750d70a6d) --- source3/libnet/libnet_conf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ebf2d6654f..4945413bb1 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -258,10 +258,14 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_WRITE, &key); } - W_ERROR_NOT_OK_RETURN(werr); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } werr = libnet_smbconf_reg_setvalue_internal(key, param, valstr); +done: + TALLOC_FREE(key); return werr; } -- cgit From 3177cece659b12114e37033a22becc595649d07a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 24 Dec 2007 01:03:14 +0100 Subject: Do not leak memory in libnet_smbconf_delparm(). Michael (This used to be commit 49cfe2b9ebe03d5985187890445b775047f8a2f4) --- source3/libnet/libnet_conf.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 4945413bb1..a371915a36 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -311,14 +311,19 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, } werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_ALL, &key); - W_ERROR_NOT_OK_RETURN(werr); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } if (!libnet_smbconf_value_exists(key, param)) { - return WERR_INVALID_PARAM; + werr = WERR_INVALID_PARAM; + goto done; } werr = reg_deletevalue(key, param); +done: + TALLOC_FREE(key); return werr; } -- cgit From c9f65929b733353baec531c4735749a754f051c5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 02:21:30 +0100 Subject: Move reg_delkey_internal() to libnet/libnet_conf.c Michael (This used to be commit c1b863fd0520ce64a1bad5e2fa3f69afcc2c78d5) --- source3/libnet/libnet_conf.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index a371915a36..30342e1e43 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,6 +243,30 @@ done: * **********************************************************************/ +/* + * delete a subkey of KEY_SMBCONF + */ +WERROR reg_delkey_internal(TALLOC_CTX *ctx, const char *keyname) +{ + WERROR werr = WERR_OK; + struct registry_key *key = NULL; + + werr = libnet_smbconf_open_basepath(ctx, REG_KEY_WRITE, &key); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + werr = reg_deletekey_recursive(key, key, keyname); + if (!W_ERROR_IS_OK(werr)) { + d_fprintf(stderr, "Error deleting registry key %s\\%s: %s\n", + KEY_SMBCONF, keyname, dos_errstr(werr)); + } + +done: + TALLOC_FREE(key); + return werr; +} + WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, const char *service, const char *param, -- cgit From 9c20b9a731d581ae8bbf4f9ef66c3b7ded7e4122 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 02:24:39 +0100 Subject: Rename reg_delkey_internal() to libnet_smbconf_delshare(). Michael (This used to be commit 7d501f0d78ec57509d0bc5ef0dc16fcd24ee27e7) --- source3/libnet/libnet_conf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 30342e1e43..ad02930ce4 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,10 +243,10 @@ done: * **********************************************************************/ -/* - * delete a subkey of KEY_SMBCONF +/** + * delete a service from configuration */ -WERROR reg_delkey_internal(TALLOC_CTX *ctx, const char *keyname) +WERROR libnet_smbconf_delshare(TALLOC_CTX *ctx, const char *keyname) { WERROR werr = WERR_OK; struct registry_key *key = NULL; -- cgit From 86486fcc9826663f7bf03fe4ceb354818415d089 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 02:31:41 +0100 Subject: Simplify libnet_smbconf_delshare(). Remove talloc context parameter. Remove d_printf error message. Michael (This used to be commit 870d35c04889603843bae989fb9c01396b4c6ed1) --- source3/libnet/libnet_conf.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ad02930ce4..4c5a0829d6 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -246,24 +246,21 @@ done: /** * delete a service from configuration */ -WERROR libnet_smbconf_delshare(TALLOC_CTX *ctx, const char *keyname) +WERROR libnet_smbconf_delshare(const char *servicename) { WERROR werr = WERR_OK; struct registry_key *key = NULL; + TALLOC_CTX *ctx = talloc_stackframe(); werr = libnet_smbconf_open_basepath(ctx, REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } - werr = reg_deletekey_recursive(key, key, keyname); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error deleting registry key %s\\%s: %s\n", - KEY_SMBCONF, keyname, dos_errstr(werr)); - } + werr = reg_deletekey_recursive(key, key, servicename); done: - TALLOC_FREE(key); + TALLOC_FREE(ctx); return werr; } -- cgit From 8e53343a74ab6c8947523ca9bd9a8c1583a8691e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 02:55:07 +0100 Subject: Move drop_smbconf_internal() to libnet_conf.c Michael (This used to be commit 4c2a3396bb687703f6b74655fda2014d1f75200b) --- source3/libnet/libnet_conf.c | 50 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 4c5a0829d6..e81b8b4111 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,6 +243,56 @@ done: * **********************************************************************/ +WERROR drop_smbconf_internal(TALLOC_CTX *ctx) +{ + char *path, *p; + WERROR werr = WERR_OK; + NT_USER_TOKEN *token; + struct registry_key *parent_key = NULL; + struct registry_key *new_key = NULL; + TALLOC_CTX* tmp_ctx = NULL; + enum winreg_CreateAction action; + + tmp_ctx = talloc_new(ctx); + if (tmp_ctx == NULL) { + werr = WERR_NOMEM; + goto done; + } + + if (!(token = registry_create_admin_token(tmp_ctx))) { + /* what is the appropriate error code here? */ + werr = WERR_CAN_NOT_COMPLETE; + goto done; + } + + path = talloc_strdup(tmp_ctx, KEY_SMBCONF); + if (path == NULL) { + d_fprintf(stderr, "ERROR: out of memory!\n"); + werr = WERR_NOMEM; + goto done; + } + p = strrchr(path, '\\'); + *p = '\0'; + werr = reg_open_path(tmp_ctx, path, REG_KEY_WRITE, token, &parent_key); + + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + werr = reg_deletekey_recursive(tmp_ctx, parent_key, p+1); + + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + werr = reg_createkey(tmp_ctx, parent_key, p+1, REG_KEY_WRITE, + &new_key, &action); + +done: + TALLOC_FREE(tmp_ctx); + return werr; +} + /** * delete a service from configuration */ -- cgit From 2764f5a0a6404b1ade9b996783e0a131b7b2d231 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:01:59 +0100 Subject: Rename drop_smbconf_internal() to libnet_smbconf_drop(). Michael (This used to be commit 5873e6a1f8242e07b1699366a536350a7199c28c) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index e81b8b4111..bc8dc9e4d0 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,7 +243,7 @@ done: * **********************************************************************/ -WERROR drop_smbconf_internal(TALLOC_CTX *ctx) +WERROR libnet_smbconf_drop(TALLOC_CTX *ctx) { char *path, *p; WERROR werr = WERR_OK; -- cgit From e5a87c2543dea12488250eb8e15dcfe02b34dfe1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:05:06 +0100 Subject: Remove talloc context parameter from libnet_smbconf_drop(). Make use of talloc_stackframe. Michael (This used to be commit aaceab1153f6c2a2adde83681913c771a16ca81f) --- source3/libnet/libnet_conf.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index bc8dc9e4d0..c85579b8e0 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,29 +243,23 @@ done: * **********************************************************************/ -WERROR libnet_smbconf_drop(TALLOC_CTX *ctx) +WERROR libnet_smbconf_drop(void) { char *path, *p; WERROR werr = WERR_OK; NT_USER_TOKEN *token; struct registry_key *parent_key = NULL; struct registry_key *new_key = NULL; - TALLOC_CTX* tmp_ctx = NULL; + TALLOC_CTX* mem_ctx = talloc_stackframe(); enum winreg_CreateAction action; - tmp_ctx = talloc_new(ctx); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - if (!(token = registry_create_admin_token(tmp_ctx))) { + if (!(token = registry_create_admin_token(mem_ctx))) { /* what is the appropriate error code here? */ werr = WERR_CAN_NOT_COMPLETE; goto done; } - path = talloc_strdup(tmp_ctx, KEY_SMBCONF); + path = talloc_strdup(mem_ctx, KEY_SMBCONF); if (path == NULL) { d_fprintf(stderr, "ERROR: out of memory!\n"); werr = WERR_NOMEM; @@ -273,23 +267,23 @@ WERROR libnet_smbconf_drop(TALLOC_CTX *ctx) } p = strrchr(path, '\\'); *p = '\0'; - werr = reg_open_path(tmp_ctx, path, REG_KEY_WRITE, token, &parent_key); + werr = reg_open_path(mem_ctx, path, REG_KEY_WRITE, token, &parent_key); if (!W_ERROR_IS_OK(werr)) { goto done; } - werr = reg_deletekey_recursive(tmp_ctx, parent_key, p+1); + werr = reg_deletekey_recursive(mem_ctx, parent_key, p+1); if (!W_ERROR_IS_OK(werr)) { goto done; } - werr = reg_createkey(tmp_ctx, parent_key, p+1, REG_KEY_WRITE, + werr = reg_createkey(mem_ctx, parent_key, p+1, REG_KEY_WRITE, &new_key, &action); done: - TALLOC_FREE(tmp_ctx); + TALLOC_FREE(mem_ctx); return werr; } -- cgit From efd218fb070f4f819d313455660e74970fee7689 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:06:48 +0100 Subject: Remove a d_fprintf() from libnet_smbconf_drop(). Michael (This used to be commit 078e5e98b3589cec78893d44146a653dad9a7460) --- source3/libnet/libnet_conf.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index c85579b8e0..5b3dea58ef 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -261,7 +261,6 @@ WERROR libnet_smbconf_drop(void) path = talloc_strdup(mem_ctx, KEY_SMBCONF); if (path == NULL) { - d_fprintf(stderr, "ERROR: out of memory!\n"); werr = WERR_NOMEM; goto done; } -- cgit From dff8e6b62c8f2a517e867a9137c8e1a777b129ad Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:08:00 +0100 Subject: Add comment header to function libnet_smbconf_drop(). Michael (This used to be commit e94edb6bdbc9379b48679d7c72618acfe862fe52) --- source3/libnet/libnet_conf.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 5b3dea58ef..c9b4f20de3 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -243,6 +243,9 @@ done: * **********************************************************************/ +/** + * Drop the whole configuration (restarting empty). + */ WERROR libnet_smbconf_drop(void) { char *path, *p; -- cgit From a66a5fd94bfb8a41bdb46aedf7eba28b55fbdaaf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:16:25 +0100 Subject: Typofix in comment. Michael (This used to be commit 5039a70246a475176fa8212ad78b430f2211951f) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index c9b4f20de3..be9edad4e9 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -397,7 +397,7 @@ done: /********************************************************************** * - * Convenience functions, that are also exportet. + * Convenience functions that are also exported. * **********************************************************************/ -- cgit From f3b0469b4a623c3ef17e2453bf40eb52778b5c42 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:29:05 +0100 Subject: Remove talloc context parameter from libnet_smbconf_setparm(). Make use of talloc stackframe internally. This removes talloc contxt from net_conf_setparm. Michael (This used to be commit efaffefc438f8375a083b194ac7a09e563000d3c) --- source3/libnet/libnet_conf.c | 11 +++++------ source3/libnet/libnet_join.c | 17 +++++++---------- 2 files changed, 12 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index be9edad4e9..6ea97a82eb 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -310,13 +310,13 @@ done: return werr; } -WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, - const char *service, +WERROR libnet_smbconf_setparm(const char *service, const char *param, const char *valstr) { WERROR werr; struct registry_key *key = NULL; + TALLOC_CTX *mem_ctx = talloc_stackframe(); if (!libnet_smbconf_key_exists(service)) { werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, @@ -332,7 +332,7 @@ WERROR libnet_smbconf_setparm(TALLOC_CTX *mem_ctx, werr = libnet_smbconf_reg_setvalue_internal(key, param, valstr); done: - TALLOC_FREE(key); + TALLOC_FREE(mem_ctx); return werr; } @@ -401,10 +401,9 @@ done: * **********************************************************************/ -WERROR libnet_smbconf_set_global_param(TALLOC_CTX *mem_ctx, - const char *param, +WERROR libnet_smbconf_set_global_param(const char *param, const char *val) { - return libnet_smbconf_setparm(mem_ctx, GLOBAL_NAME, param, val); + return libnet_smbconf_setparm(GLOBAL_NAME, param, val); } diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 68244e5156..4f5c09cf47 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -339,11 +339,10 @@ static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { - werr = libnet_smbconf_set_global_param(mem_ctx, "security", - "user"); + werr = libnet_smbconf_set_global_param("security", "user"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param(mem_ctx, "workgroup", + werr = libnet_smbconf_set_global_param("workgroup", r->in.domain_name); return werr; } @@ -352,19 +351,18 @@ static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, is_ad = true; } - werr = libnet_smbconf_set_global_param(mem_ctx, "security", "domain"); + werr = libnet_smbconf_set_global_param("security", "domain"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param(mem_ctx, "workgroup", + werr = libnet_smbconf_set_global_param("workgroup", r->out.netbios_domain_name); W_ERROR_NOT_OK_RETURN(werr); if (is_ad) { - werr = libnet_smbconf_set_global_param(mem_ctx, "security", - "ads"); + werr = libnet_smbconf_set_global_param("security", "ads"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param(mem_ctx, "realm", + werr = libnet_smbconf_set_global_param("realm", r->out.dns_domain_name); W_ERROR_NOT_OK_RETURN(werr); } @@ -379,8 +377,7 @@ static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = libnet_smbconf_set_global_param(mem_ctx, "security", - "user"); + werr = libnet_smbconf_set_global_param("security", "user"); W_ERROR_NOT_OK_RETURN(werr); } -- cgit From 44631bfd4d418cbf1ca4309057e6161cdce50bd4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:34:04 +0100 Subject: Remove talloc context parameter from libnet_smbconf_delparm(). Make use of talloc stackframe internally. This removes talloc contxt from net_conf_delparm. Michael (This used to be commit 16f137393881edc78c9322f038ba38e53e3ee07d) --- source3/libnet/libnet_conf.c | 6 +++--- source3/libnet/libnet_join.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 6ea97a82eb..bb0e637b33 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -366,12 +366,12 @@ done: return werr; } -WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, - const char *service, +WERROR libnet_smbconf_delparm(const char *service, const char *param) { struct registry_key *key = NULL; WERROR werr = WERR_OK; + TALLOC_CTX *mem_ctx = talloc_stackframe(); if (!libnet_smbconf_key_exists(service)) { return WERR_NO_SUCH_SERVICE; @@ -390,7 +390,7 @@ WERROR libnet_smbconf_delparm(TALLOC_CTX *mem_ctx, werr = reg_deletevalue(key, param); done: - TALLOC_FREE(key); + TALLOC_FREE(mem_ctx); return werr; } diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4f5c09cf47..e8d114d747 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -381,7 +381,7 @@ static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, W_ERROR_NOT_OK_RETURN(werr); } - werr = libnet_smbconf_delparm(mem_ctx, "GLOBAL", "realm"); + werr = libnet_smbconf_delparm("GLOBAL", "realm"); return werr; } -- cgit From fc8be9d710fba6c05b098fafa7fb383a663853e2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:38:06 +0100 Subject: Remove now unneeded talloc ctx parameter from do_unjoin_modify_vals_config(). Michael (This used to be commit 4f7375a110a69530d6ef9781573f45a5bf8391a5) --- source3/libnet/libnet_join.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index e8d114d747..b9ed4d56c7 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -370,8 +370,7 @@ static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, return werr; } -static WERROR do_unjoin_modify_vals_config(TALLOC_CTX *mem_ctx, - struct libnet_UnjoinCtx *r) +static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; @@ -424,7 +423,7 @@ static WERROR do_UnjoinConfig(TALLOC_CTX *mem_ctx, return WERR_OK; } - werr = do_unjoin_modify_vals_config(mem_ctx, r); + werr = do_unjoin_modify_vals_config(r); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From d25661a615a4c22dfe1e5c3a882f3be55cc5631f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:39:31 +0100 Subject: Remove now unneeded talloc ctx parameter from do_UnjoinConfig(). Michael (This used to be commit 92b8e5ea4ba26d663ea4e6fb65e4225d8259ea60) --- source3/libnet/libnet_join.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b9ed4d56c7..663728a7a9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -410,8 +410,7 @@ static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, return werr; } -static WERROR do_UnjoinConfig(TALLOC_CTX *mem_ctx, - struct libnet_UnjoinCtx *r) +static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) { WERROR werr; @@ -522,7 +521,7 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, } } - werr = do_UnjoinConfig(mem_ctx, r); + werr = do_UnjoinConfig(r); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From 8445e820f29702c06d9bc71642ed58f63ffcc1c5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:40:35 +0100 Subject: Remove now unneeded talloc ctx parameter from do_join_modify_vals_config(). Michael (This used to be commit f8823ae1232022ed3f7f9be6b8959d413e8aed19) --- source3/libnet/libnet_join.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 663728a7a9..5301674f41 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -331,8 +331,7 @@ done: return status; } -static WERROR do_join_modify_vals_config(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; bool is_ad = false; @@ -399,7 +398,7 @@ static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, return WERR_OK; } - werr = do_join_modify_vals_config(mem_ctx, r); + werr = do_join_modify_vals_config(r); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From a107e8421d8571d529be3cf1b7d4e0b8bde2cca9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Dec 2007 03:41:34 +0100 Subject: Remove now unneeded talloc ctx parameter from do_JoinConfig(). Michael (This used to be commit be985d8d0ce80d12aa7f0b447b16b14aa0362826) --- source3/libnet/libnet_join.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5301674f41..6edcdb8945 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -385,8 +385,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) } -static WERROR do_JoinConfig(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static WERROR do_JoinConfig(struct libnet_JoinCtx *r) { WERROR werr; @@ -491,7 +490,7 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, } } - werr = do_JoinConfig(mem_ctx, r); + werr = do_JoinConfig(r); if (!W_ERROR_IS_OK(werr)) { return werr; } -- cgit From e8cfbb0f4c58b45eb2585a8f130af017fd83adc8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Dec 2007 00:53:19 +0100 Subject: Rename libnet_smbconf_open_path_q() to libnet_smbconf_open_path() removing previouse libnet_smbconf_open_path() and adding DEBUG output (instead of d_fprintf error output) to new libnet_smbconf_open_path(). Michael (This used to be commit e63cc54fab8a0b03573f76305eab366a3ee4eda1) --- source3/libnet/libnet_conf.c | 37 ++++++++++--------------------------- 1 file changed, 10 insertions(+), 27 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index bb0e637b33..3598f6c23c 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -29,12 +29,11 @@ /* * Open a subkey of KEY_SMBCONF (i.e a service) - * - variant without error output (q = quiet)- */ -static WERROR libnet_smbconf_open_path_q(TALLOC_CTX *ctx, - const char *subkeyname, - uint32 desired_access, - struct registry_key **key) +WERROR libnet_smbconf_open_path(TALLOC_CTX *ctx, + const char *subkeyname, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; @@ -54,6 +53,11 @@ static WERROR libnet_smbconf_open_path_q(TALLOC_CTX *ctx, werr = reg_open_path(ctx, path, desired_access, token, key); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(1, ("Error opening registry path '%s': %s\n", + path, dos_errstr(werr))); + } + done: TALLOC_FREE(path); return werr; @@ -69,7 +73,7 @@ bool libnet_smbconf_key_exists(const char *subkeyname) TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_smbconf_open_path_q(mem_ctx, subkeyname, REG_KEY_READ, &key); + werr = libnet_smbconf_open_path(mem_ctx, subkeyname, REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = true; } @@ -95,27 +99,6 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, return ret; } -/* - * Open a subkey of KEY_SMBCONF (i.e a service) - * - variant with error output - - */ -WERROR libnet_smbconf_open_path(TALLOC_CTX *ctx, const char *subkeyname, - uint32 desired_access, - struct registry_key **key) -{ - WERROR werr = WERR_OK; - - werr = libnet_smbconf_open_path_q(ctx, subkeyname, desired_access, key); - if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error opening registry path '%s\\%s': %s\n", - KEY_SMBCONF, - (subkeyname == NULL) ? "" : subkeyname, - dos_errstr(werr)); - } - - return werr; -} - /* * open the base key KEY_SMBCONF */ -- cgit From 18ea20e19b59d3151ca59f0576211f855931f839 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Dec 2007 00:58:11 +0100 Subject: Rename libnet_smbconf_open_path() to libnet_smbconf_reg_open_path(). Michael (This used to be commit 4b0e636965bd37e7c0deecb7b5eff0cc4487408b) --- source3/libnet/libnet_conf.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3598f6c23c..59989eccd5 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -30,10 +30,10 @@ /* * Open a subkey of KEY_SMBCONF (i.e a service) */ -WERROR libnet_smbconf_open_path(TALLOC_CTX *ctx, - const char *subkeyname, - uint32 desired_access, - struct registry_key **key) +WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *ctx, + const char *subkeyname, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; @@ -73,7 +73,8 @@ bool libnet_smbconf_key_exists(const char *subkeyname) TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_smbconf_open_path(mem_ctx, subkeyname, REG_KEY_READ, &key); + werr = libnet_smbconf_reg_open_path(mem_ctx, subkeyname, REG_KEY_READ, + &key); if (W_ERROR_IS_OK(werr)) { ret = true; } @@ -105,7 +106,7 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, WERROR libnet_smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, struct registry_key **key) { - return libnet_smbconf_open_path(ctx, NULL, desired_access, key); + return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); } /* @@ -305,8 +306,8 @@ WERROR libnet_smbconf_setparm(const char *service, werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, &key); } else { - werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_WRITE, - &key); + werr = libnet_smbconf_reg_open_path(mem_ctx, service, + REG_KEY_WRITE, &key); } if (!W_ERROR_IS_OK(werr)) { goto done; @@ -332,7 +333,8 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_READ, &key); + werr = libnet_smbconf_reg_open_path(mem_ctx, service, REG_KEY_READ, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -360,7 +362,7 @@ WERROR libnet_smbconf_delparm(const char *service, return WERR_NO_SUCH_SERVICE; } - werr = libnet_smbconf_open_path(mem_ctx, service, REG_KEY_ALL, &key); + werr = libnet_smbconf_reg_open_path(mem_ctx, service, REG_KEY_ALL, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From afca308742795a34e58f7a049c9a8d86cdff80c1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Dec 2007 01:01:14 +0100 Subject: Rename libnet_smbconf_open_basepath() to libnet_smbconf_reg_open_basepath(). Michael (This used to be commit 4c0e7270c42788e7f77c402032ae74cf0f8a7106) --- source3/libnet/libnet_conf.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 59989eccd5..3c765769fe 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -103,8 +103,8 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, /* * open the base key KEY_SMBCONF */ -WERROR libnet_smbconf_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, - struct registry_key **key) +WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, + struct registry_key **key) { return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); } @@ -129,7 +129,8 @@ WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, goto done; } - werr = libnet_smbconf_open_basepath(create_ctx, REG_KEY_WRITE, &create_parent); + werr = libnet_smbconf_reg_open_basepath(create_ctx, REG_KEY_WRITE, + &create_parent); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -282,7 +283,7 @@ WERROR libnet_smbconf_delshare(const char *servicename) struct registry_key *key = NULL; TALLOC_CTX *ctx = talloc_stackframe(); - werr = libnet_smbconf_open_basepath(ctx, REG_KEY_WRITE, &key); + werr = libnet_smbconf_reg_open_basepath(ctx, REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From f99af84e6a48c8e3e3e4af9f06d31669a6fb2d90 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Dec 2007 01:03:28 +0100 Subject: Move libnet_smbconf_reg_open_basepath() in source file to group helper functions more logically. Michael (This used to be commit 3fa3891f8721e9f02594cd1be2dc6b9b88692416) --- source3/libnet/libnet_conf.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3c765769fe..93e13009a4 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -63,6 +63,15 @@ done: return werr; } +/* + * open the base key KEY_SMBCONF + */ +WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, + struct registry_key **key) +{ + return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); +} + /* * check if a subkey of KEY_SMBCONF of a given name exists */ @@ -100,15 +109,6 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, return ret; } -/* - * open the base key KEY_SMBCONF - */ -WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, - struct registry_key **key) -{ - return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); -} - /* * create a subkey of KEY_SMBCONF */ -- cgit From dfa8d9356cea0dd6a1b013a72c3d68c026deb511 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 00:05:23 +0100 Subject: Move format_value() to libnet_conf.c. Michael (This used to be commit 3422a5048ad4b7f789ec233356885d78dbdacf9a) --- source3/libnet/libnet_conf.c | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 93e13009a4..5389d856b3 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -222,6 +222,40 @@ done: return werr; } +char *format_value(TALLOC_CTX *mem_ctx, struct registry_value *value) +{ + char *result = NULL; + + /* what if mem_ctx = NULL? */ + + switch (value->type) { + case REG_DWORD: + result = talloc_asprintf(mem_ctx, "%d", value->v.dword); + break; + case REG_SZ: + case REG_EXPAND_SZ: + result = talloc_asprintf(mem_ctx, "%s", value->v.sz.str); + break; + case REG_MULTI_SZ: { + uint32 j; + for (j = 0; j < value->v.multi_sz.num_strings; j++) { + result = talloc_asprintf(mem_ctx, "\"%s\" ", + value->v.multi_sz.strings[j]); + } + break; + } + case REG_BINARY: + result = talloc_asprintf(mem_ctx, "binary (%d bytes)", + (int)value->v.binary.length); + break; + default: + result = talloc_asprintf(mem_ctx, ""); + break; + } + return result; +} + + /********************************************************************** * * The actual net conf api functions, that are exported. -- cgit From 4b75bc63bb82f2322acdb013f1cfa9eb36419856 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 01:17:39 +0100 Subject: Rename format_value() to libnet_smbconf_format_registry_value(). Michael (This used to be commit 95d5dd9bb0546181cd499e6deabff562166412e3) --- source3/libnet/libnet_conf.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 5389d856b3..dfea724497 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -222,7 +222,8 @@ done: return werr; } -char *format_value(TALLOC_CTX *mem_ctx, struct registry_value *value) +char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, + struct registry_value *value) { char *result = NULL; @@ -362,6 +363,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, { WERROR werr; struct registry_key *key = NULL; + struct registry_value *value = NULL; if (!libnet_smbconf_key_exists(service)) { werr = WERR_NO_SUCH_SERVICE; -- cgit From eb356fbafc4b6e0d94b1ba75c6c466262e3221e5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 02:12:33 +0100 Subject: Hide the registry backend from libnet_smbconf_getparm(). Return a formatted string of the value instead. Michael (This used to be commit 7d0ec5bae155cda6620db04dcb7bd43db59241aa) --- source3/libnet/libnet_conf.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index dfea724497..1e9e033205 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -359,12 +359,17 @@ done: WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, const char *service, const char *param, - struct registry_value **value) + char **valstr) { - WERROR werr; + WERROR werr = WERR_OK; struct registry_key *key = NULL; struct registry_value *value = NULL; + if (valstr == NULL) { + werr = WERR_INVALID_PARAM; + goto done; + } + if (!libnet_smbconf_key_exists(service)) { werr = WERR_NO_SUCH_SERVICE; goto done; @@ -381,10 +386,20 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - werr = reg_queryvalue(mem_ctx, key, param, value); + werr = reg_queryvalue(mem_ctx, key, param, &value); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + *valstr = libnet_smbconf_format_registry_value(mem_ctx, value); + + if (*valstr == NULL) { + werr = WERR_NOMEM; + } done: TALLOC_FREE(key); + TALLOC_FREE(value); return werr; } -- cgit From 618b0efbbcc42beff60da4fe57ad6a6162b5e3f0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 02:16:38 +0100 Subject: Handle NULL talloc context in libnet_smbconf_format_registry_value(). Maybe we should generate a new context instead of returning NULL? Michael (This used to be commit d7aaec713e17f93eed5177f0c3468deb625402a8) --- source3/libnet/libnet_conf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 1e9e033205..3335c37299 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -227,7 +227,10 @@ char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, { char *result = NULL; - /* what if mem_ctx = NULL? */ + /* alternatively, create a new talloc context? */ + if (mem_ctx == NULL) { + return result; + } switch (value->type) { case REG_DWORD: -- cgit From b5b51b530fedf2190f675adbc1ba6e333a86ac0d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 02:18:44 +0100 Subject: Add a comment header for libnet_smbconf_format_registry_value(). Michael (This used to be commit 80e73407ea326cc68cd8728845c7a1c0907e2201) --- source3/libnet/libnet_conf.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3335c37299..6603de0199 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -222,6 +222,13 @@ done: return werr; } +/** + * format a registry_value into a string. + * + * This is intended to be used for smbconf registry values, + * which are ar stored as REG_SZ values, so the incomplete + * handling should be ok. + */ char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, struct registry_value *value) { -- cgit From 27f0130434d978cf98bab4db38718cd1d3856535 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 02:26:33 +0100 Subject: Add a couple of comment headers to the main libnet_conf functions. Michael (This used to be commit e9694ae20e1da1d8c1cbb252e630815b561647dd) --- source3/libnet/libnet_conf.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 6603de0199..a8a8e01538 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -340,6 +340,9 @@ done: return werr; } +/** + * set a configuration parameter to the value provided. + */ WERROR libnet_smbconf_setparm(const char *service, const char *param, const char *valstr) @@ -366,6 +369,9 @@ done: return werr; } +/** + * get the value of a configuration parameter as a string + */ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, const char *service, const char *param, @@ -413,6 +419,9 @@ done: return werr; } +/** + * delete a parameter from configuration + */ WERROR libnet_smbconf_delparm(const char *service, const char *param) { -- cgit From f8c39cbb7b3e4df3c07735575bc5f31717b22f66 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 03:38:13 +0100 Subject: Move functionality of net_conf_showshare() to libnet_conf.c The functionality is moved to a new function libnet_smbconf_getshare(). This returns the parameters of the given share as two lists: the list of parameter names and the list of matching (formatted) parameter values. The retrieval and formatting is done in a new internal helper function libnet_smbconf_reg_get_values() that is to become the replacement for list_values() from net_conf.c once functionality of net_conf_list() has been moved to libnet_conf, too. Michael (This used to be commit 198232bd525cfac933b4885e6b330ebf4ac2c8ae) --- source3/libnet/libnet_conf.c | 89 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 89 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index a8a8e01538..ca25a5cc50 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -266,6 +266,71 @@ char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, return result; } +/** + * Get the values of a key as a list of value names + * and a list of value strings (ordered) + */ +static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, + struct registry_key *key, + uint32_t *num_values, + char ***value_names, + char ***value_strings) +{ + TALLOC_CTX *tmp_ctx; + WERROR werr = WERR_OK; + uint32_t count; + struct registry_value *valvalue = NULL; + char *valname = NULL; + char **tmp_valnames = NULL; + char **tmp_valstrings = NULL; + + if ((num_values == NULL) || (value_names == NULL) || + (value_strings == NULL)) + { + werr = WERR_INVALID_PARAM; + goto done; + } + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + werr = WERR_NOMEM; + goto done; + } + + for (count = 0; + W_ERROR_IS_OK(werr = reg_enumvalue(tmp_ctx, key, count, &valname, + &valvalue)); + count++) + { + tmp_valnames = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_valnames, + char *, count + 1); + tmp_valstrings = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_valstrings, + char *, count + 1); + if ((tmp_valstrings == NULL) || (tmp_valnames == NULL)) { + werr = WERR_NOMEM; + goto done; + } + tmp_valnames[count] = talloc_strdup(tmp_valnames, valname); + tmp_valstrings[count] = + libnet_smbconf_format_registry_value(tmp_valstrings, + valvalue); + } + if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { + goto done; + } + + werr = WERR_OK; + + *num_values = count - 1; + if (count > 0) { + *value_names = talloc_move(mem_ctx, &tmp_valnames); + *value_strings = talloc_move(mem_ctx, &tmp_valstrings); + } + +done: + TALLOC_FREE(tmp_ctx); + return werr; +} /********************************************************************** * @@ -319,6 +384,30 @@ done: return werr; } +/** + * get a definition of a share (service) from configuration. + */ +WERROR libnet_smbconf_getshare(TALLOC_CTX *mem_ctx, const char *servicename, + uint32_t *num_params, char ***param_names, + char ***param_values) +{ + WERROR werr = WERR_OK; + struct registry_key *key = NULL; + + werr = libnet_smbconf_reg_open_path(mem_ctx, servicename, REG_KEY_READ, + &key); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + werr = libnet_smbconf_reg_get_values(mem_ctx, key, num_params, + param_names, param_values); + +done: + TALLOC_FREE(key); + return werr; +} + /** * delete a service from configuration */ -- cgit From 2a642a6e2b42c2b111870f95fe6dd38e875766f1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 12:52:09 +0100 Subject: Move functionality of net_conf_listshares() to libnet_conf.c into new function libnet_smbconf_getshares(). Michael (This used to be commit 306c7e4d9cecac4c2c0ea1172bd585c3c17d4541) --- source3/libnet/libnet_conf.c | 53 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ca25a5cc50..a67a361f6e 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -384,6 +384,59 @@ done: return werr; } +WERROR libnet_smbconf_getshares(TALLOC_CTX *mem_ctx, uint32_t *num_shares, + char ***share_names) +{ + uint32_t count; + TALLOC_CTX *tmp_ctx; + WERROR werr = WERR_OK; + struct registry_key *key = NULL; + char *subkey_name = NULL; + char **tmp_share_names = NULL; + + if ((num_shares == NULL) || (share_names == NULL)) { + werr = WERR_INVALID_PARAM; + goto done; + } + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + werr = WERR_NOMEM; + goto done; + } + + werr = libnet_smbconf_reg_open_basepath(tmp_ctx, + SEC_RIGHTS_ENUM_SUBKEYS, + &key); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + for (count = 0; + W_ERROR_IS_OK(werr = reg_enumkey(tmp_ctx, key, count, + &subkey_name, NULL)); + count++) + { + tmp_share_names = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_share_names, + char *, count + 1); + tmp_share_names[count] = talloc_strdup(tmp_ctx, subkey_name); + } + if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { + goto done; + } + + werr = WERR_OK; + + *num_shares = count - 1; + if (count > 0) { + *share_names = talloc_move(mem_ctx, &tmp_share_names); + } + +done: + TALLOC_FREE(tmp_ctx); + return werr; +} + /** * get a definition of a share (service) from configuration. */ -- cgit From cf90b67d59340e55d2941c63db5cef98d0d71613 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 12:53:19 +0100 Subject: Add a comment header for libnet_smbconf_getshares(). Michael (This used to be commit 7b51535f2f76b5c3c18620ffd9ac64505357e6db) --- source3/libnet/libnet_conf.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index a67a361f6e..5d15c88252 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -384,6 +384,9 @@ done: return werr; } +/** + * get the list of share names defined in the configuration. + */ WERROR libnet_smbconf_getshares(TALLOC_CTX *mem_ctx, uint32_t *num_shares, char ***share_names) { -- cgit From 1c03f6b6081a54f6b6e684d9a76be039fd468444 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 12:55:42 +0100 Subject: Rename libnet_smbconf_getshares() to libnet_smbconf_get_share_names(). Michael (This used to be commit 9b3b9aa7e1044719a5112b9e5446e6fbdd7cecf9) --- source3/libnet/libnet_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 5d15c88252..99fde86adc 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -387,8 +387,8 @@ done: /** * get the list of share names defined in the configuration. */ -WERROR libnet_smbconf_getshares(TALLOC_CTX *mem_ctx, uint32_t *num_shares, - char ***share_names) +WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, + char ***share_names) { uint32_t count; TALLOC_CTX *tmp_ctx; -- cgit From d38aa8d0371dd48a0bed3a38069b9125d3dfb440 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Dec 2007 16:35:51 +0100 Subject: Fix uninitalized variables (This used to be commit 2322fe718728178990fdc3696b84f5de7ae7701b) --- source3/libnet/libnet_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 99fde86adc..23b9131bae 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -276,7 +276,7 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, char ***value_names, char ***value_strings) { - TALLOC_CTX *tmp_ctx; + TALLOC_CTX *tmp_ctx = NULL; WERROR werr = WERR_OK; uint32_t count; struct registry_value *valvalue = NULL; @@ -391,7 +391,7 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, char ***share_names) { uint32_t count; - TALLOC_CTX *tmp_ctx; + TALLOC_CTX *tmp_ctx = NULL; WERROR werr = WERR_OK; struct registry_key *key = NULL; char *subkey_name = NULL; -- cgit From 0e8ca78720ed0fff3853b8dbd407d41044aa4275 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 14:32:13 +0100 Subject: Move talloc-appending a string to an array to its own helper function libnet_smbconf_add_string_to_array(). Michael (This used to be commit f4a4c1b26a03cd0f334e00912d32f15c73474ff1) --- source3/libnet/libnet_conf.c | 62 ++++++++++++++++++++++++++++++++++---------- 1 file changed, 49 insertions(+), 13 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 23b9131bae..ad8deda04c 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -27,6 +27,33 @@ **********************************************************************/ +/** + * add a string to a talloced array of strings. + */ +static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, + char ***array, + uint32_t count, + const char *string) +{ + WERROR werr = WERR_OK; + char **new_array = NULL; + + if ((array == NULL) || (string == NULL)) { + return WERR_INVALID_PARAM; + } + + new_array = TALLOC_REALLOC_ARRAY(mem_ctx, *array, char *, count + 1); + if (new_array == NULL) { + return WERR_NOMEM; + } + + new_array[count] = talloc_strdup(new_array, string); + + *array = new_array; + + return WERR_OK; +} + /* * Open a subkey of KEY_SMBCONF (i.e a service) */ @@ -302,18 +329,24 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, &valvalue)); count++) { - tmp_valnames = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_valnames, - char *, count + 1); - tmp_valstrings = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_valstrings, - char *, count + 1); - if ((tmp_valstrings == NULL) || (tmp_valnames == NULL)) { - werr = WERR_NOMEM; + char *valstring; + + werr = libnet_smbconf_add_string_to_array(tmp_ctx, + &tmp_valnames, + count, valname); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + valstring = libnet_smbconf_format_registry_value(tmp_ctx, + valvalue); + werr = libnet_smbconf_add_string_to_array(tmp_ctx, + &tmp_valstrings, + count, + valstring); + if (!W_ERROR_IS_OK(werr)) { goto done; } - tmp_valnames[count] = talloc_strdup(tmp_valnames, valname); - tmp_valstrings[count] = - libnet_smbconf_format_registry_value(tmp_valstrings, - valvalue); } if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { goto done; @@ -420,9 +453,12 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, &subkey_name, NULL)); count++) { - tmp_share_names = TALLOC_REALLOC_ARRAY(tmp_ctx, tmp_share_names, - char *, count + 1); - tmp_share_names[count] = talloc_strdup(tmp_ctx, subkey_name); + werr = libnet_smbconf_add_string_to_array(tmp_ctx, + &tmp_share_names, + count, subkey_name); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } } if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { goto done; -- cgit From e8cb7cecf2dde62f271a37376cefa5179eb7b7bc Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 14:38:42 +0100 Subject: Make sure libnet_smbconf_get_share_names() always lists "global" first. And don't return count-1 but count. Michael (This used to be commit b7cb9b78231512dc4a88c307048d7fb5334fa319) --- source3/libnet/libnet_conf.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ad8deda04c..636e966a37 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -424,6 +424,7 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, char ***share_names) { uint32_t count; + uint32_t added_count = 0; TALLOC_CTX *tmp_ctx = NULL; WERROR werr = WERR_OK; struct registry_key *key = NULL; @@ -441,6 +442,17 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, goto done; } + /* make sure "global" is always listed first */ + if (libnet_smbconf_key_exists(GLOBAL_NAME)) { + werr = libnet_smbconf_add_string_to_array(tmp_ctx, + &tmp_share_names, + 0, GLOBAL_NAME); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + added_count++; + } + werr = libnet_smbconf_reg_open_basepath(tmp_ctx, SEC_RIGHTS_ENUM_SUBKEYS, &key); @@ -453,21 +465,26 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, &subkey_name, NULL)); count++) { + if (strequal(subkey_name, GLOBAL_NAME)) { + continue; + } + werr = libnet_smbconf_add_string_to_array(tmp_ctx, &tmp_share_names, - count, subkey_name); + added_count, + subkey_name); if (!W_ERROR_IS_OK(werr)) { goto done; } + added_count++; } if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { goto done; } - werr = WERR_OK; - *num_shares = count - 1; - if (count > 0) { + *num_shares = added_count; + if (added_count > 0) { *share_names = talloc_move(mem_ctx, &tmp_share_names); } -- cgit From a6d6fbb73d56d3b96ccf55c1d028c5af00d83386 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 17:02:27 +0100 Subject: Dont return count - 1 but count from libnet_smbconf_reg_get_values(). Michael (This used to be commit ded60dec7d75db7df485a159fb6bf628d8e24805) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 636e966a37..300ea916cd 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -354,7 +354,7 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, werr = WERR_OK; - *num_values = count - 1; + *num_values = count; if (count > 0) { *value_names = talloc_move(mem_ctx, &tmp_valnames); *value_strings = talloc_move(mem_ctx, &tmp_valstrings); -- cgit From 397b4d5397e87fa60e35ac1f36facf2411ebc126 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 17:06:49 +0100 Subject: Return NULL (instead of unchanged) for no shares/parameters defined. Michael (This used to be commit bfe3d1462f52d2849611fc58ad70fa08b4917077) --- source3/libnet/libnet_conf.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 300ea916cd..3f5265a452 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -358,6 +358,9 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, if (count > 0) { *value_names = talloc_move(mem_ctx, &tmp_valnames); *value_strings = talloc_move(mem_ctx, &tmp_valstrings); + } else { + *value_names = NULL; + *value_strings = NULL; } done: @@ -486,6 +489,8 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, *num_shares = added_count; if (added_count > 0) { *share_names = talloc_move(mem_ctx, &tmp_share_names); + } else { + *share_names = NULL; } done: -- cgit From df93c1aa57c33f188548fc3de6719170c472b5eb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 21:59:28 +0100 Subject: Include libnet/libnet.h in libnet_conf.c to have prototypes available. Michael (This used to be commit 4842438c396b93007fc4f4dded437567e562a2dc) --- source3/libnet/libnet_conf.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3f5265a452..6d0e65e932 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -19,6 +19,7 @@ */ #include "includes.h" +#include "libnet/libnet.h" /********************************************************************** * -- cgit From fe47e2e85585c1f7f9455747f1ef5d4c20501960 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 22:08:11 +0100 Subject: Add a function libnet_smbconf_get_config() to libnet_conf.c This gets the whole config as a set of lists (of share names and corresponding lists of parameter names and values). The function is an aggregate of libnet_smbconf_get_share_names() and libnet_smbconf_getshare(). Michael (This used to be commit 94e97a72548a7f76a5273346d472e3ba5b24795a) --- source3/libnet/libnet_conf.c | 84 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 84 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 6d0e65e932..642b6880ec 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -421,6 +421,90 @@ done: return werr; } +/** + * Get the whole configuration as lists of strings with counts: + * + * num_shares : number of shares + * share_names : list of length num_shares of share names + * num_params : list of length num_shares of parameter counts for each share + * param_names : list of lists of parameter names for each share + * param_values : list of lists of parameter values for each share + */ +WERROR libnet_smbconf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, + char ***share_names, uint32_t **num_params, + char ****param_names, char ****param_values) +{ + WERROR werr = WERR_OK; + TALLOC_CTX *tmp_ctx = NULL; + uint32_t tmp_num_shares; + char **tmp_share_names; + uint32_t *tmp_num_params; + char ***tmp_param_names; + char ***tmp_param_values; + uint32_t count; + + if ((num_shares == NULL) || (share_names == NULL) || + (num_params == NULL) || (param_names == NULL) || + (param_values == NULL)) + { + werr = WERR_INVALID_PARAM; + goto done; + } + + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + werr = WERR_NOMEM; + goto done; + } + + werr = libnet_smbconf_get_share_names(tmp_ctx, &tmp_num_shares, + &tmp_share_names); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + tmp_num_params = TALLOC_ARRAY(tmp_ctx, uint32_t, tmp_num_shares); + tmp_param_names = TALLOC_ARRAY(tmp_ctx, char **, tmp_num_shares); + tmp_param_values = TALLOC_ARRAY(tmp_ctx, char **, tmp_num_shares); + + if ((tmp_num_params == NULL) || (tmp_param_names == NULL) || + (tmp_param_values == NULL)) + { + werr = WERR_NOMEM; + goto done; + } + + for (count = 0; count < tmp_num_shares; count++) { + werr = libnet_smbconf_getshare(mem_ctx, tmp_share_names[count], + &tmp_num_params[count], + &tmp_param_names[count], + &tmp_param_values[count]); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + } + + werr = WERR_OK; + + *num_shares = tmp_num_shares; + if (tmp_num_shares > 0) { + *share_names = talloc_move(mem_ctx, &tmp_share_names); + *num_params = talloc_move(mem_ctx, &tmp_num_params); + *param_names = talloc_move(mem_ctx, &tmp_param_names); + *param_values = talloc_move(mem_ctx, &tmp_param_values); + } else { + *share_names = NULL; + *num_params = NULL; + *param_names = NULL; + *param_values = NULL; + } + +done: + TALLOC_FREE(tmp_ctx); + return werr; +} + + /** * get the list of share names defined in the configuration. */ -- cgit From 59128c783761c6f823971e7aa9513834a7be4b7d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 22:11:09 +0100 Subject: Remove list_values() from net_conf.c - it is not needed any more. Also make libnet.c:libnet_smbconf_format_registry_value() static. (There are nor more external callers.) Michael (This used to be commit ac7baa17e89d2363b5b3db85de9c842b596dea25) --- source3/libnet/libnet_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 642b6880ec..3c04c1333f 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -257,8 +257,8 @@ done: * which are ar stored as REG_SZ values, so the incomplete * handling should be ok. */ -char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, - struct registry_value *value) +static char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, + struct registry_value *value) { char *result = NULL; -- cgit From 1f992517ec67be36b03decefcac03ba71eec8705 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 22:29:00 +0100 Subject: Make libnet_smbconf_reg_open_basepath() static. Michael (This used to be commit 8e87dd79ba4e3aeceb26c7b4e131053172f077cd) --- source3/libnet/libnet_conf.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3c04c1333f..099754cbf4 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -94,8 +94,9 @@ done: /* * open the base key KEY_SMBCONF */ -WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, + uint32 desired_access, + struct registry_key **key) { return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); } -- cgit From d674b95357b34a89b915af68fa12aa6b4169198d Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 29 Dec 2007 22:29:33 +0100 Subject: Make libnet_smbconf_reg_open_path() static. Michael (This used to be commit 6447bae71c99407485307dd508603c73d5bb9823) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 099754cbf4..1069abcfbd 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -58,10 +58,10 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, /* * Open a subkey of KEY_SMBCONF (i.e a service) */ -WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *ctx, - const char *subkeyname, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *ctx, + const char *subkeyname, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; -- cgit From 80957726b694ea59da306c1be2e08b213936dc93 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Dec 2007 22:27:45 +0100 Subject: Remove all d_fprintf-s from libnet_conf.c Replacing them buy DEBUG statements and filling in d_fprintfs in callers in net_conf.c. Michael (This used to be commit 1f0122d8d4ec0f67eaedd5df7383c1b45f37290f) --- source3/libnet/libnet_conf.c | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 1069abcfbd..a637aedbbc 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -167,12 +167,12 @@ WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, werr = reg_createkey(ctx, create_parent, subkeyname, REG_KEY_WRITE, newkey, &action); if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { - d_fprintf(stderr, "Key '%s' already exists.\n", subkeyname); + DEBUG(10, ("Key '%s' already exists.\n", subkeyname)); werr = WERR_ALREADY_EXISTS; } if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, "Error creating key %s: %s\n", - subkeyname, dos_errstr(werr)); + DEBUG(5, ("Error creating key %s: %s\n", + subkeyname, dos_errstr(werr))); } done: @@ -198,11 +198,11 @@ WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, &canon_valstr)) { if (canon_valname == NULL) { - d_fprintf(stderr, "invalid parameter '%s' given\n", - valname); + DEBUG(5, ("invalid parameter '%s' given\n", + valname)); } else { - d_fprintf(stderr, "invalid value '%s' given for " - "parameter '%s'\n", valstr, valname); + DEBUG(5, ("invalid value '%s' given for " + "parameter '%s'\n", valstr, valname)); } werr = WERR_INVALID_PARAM; goto done; @@ -215,16 +215,16 @@ WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, val.v.sz.len = strlen(canon_valstr) + 1; if (registry_smbconf_valname_forbidden(canon_valname)) { - d_fprintf(stderr, "Parameter '%s' not allowed in registry.\n", - canon_valname); + DEBUG(5, ("Parameter '%s' not allowed in registry.\n", + canon_valname)); werr = WERR_INVALID_PARAM; goto done; } subkeyname = strrchr_m(key->key->name, '\\'); if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) { - d_fprintf(stderr, "Invalid registry key '%s' given as " - "smbconf section.\n", key->key->name); + DEBUG(5, ("Invalid registry key '%s' given as " + "smbconf section.\n", key->key->name)); werr = WERR_INVALID_PARAM; goto done; } @@ -232,19 +232,18 @@ WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, if (!strequal(subkeyname, GLOBAL_NAME) && lp_parameter_is_global(valname)) { - d_fprintf(stderr, "Global paramter '%s' not allowed in " + DEBUG(5, ("Global paramter '%s' not allowed in " "service definition ('%s').\n", canon_valname, - subkeyname); + subkeyname)); werr = WERR_INVALID_PARAM; goto done; } werr = reg_setvalue(key, canon_valname, &val); if (!W_ERROR_IS_OK(werr)) { - d_fprintf(stderr, - "Error adding value '%s' to " + DEBUG(5, ("Error adding value '%s' to " "key '%s': %s\n", - canon_valname, key->key->name, dos_errstr(werr)); + canon_valname, key->key->name, dos_errstr(werr))); } done: -- cgit From 0f2e7c73817eba0ebf1e98cabc38700560adb600 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Dec 2007 22:29:54 +0100 Subject: Remove an unused variable. Michael (This used to be commit 7bac935b65565099c0dfb34cab0dec73dd5fb479) --- source3/libnet/libnet_conf.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index a637aedbbc..8fe2c76ea3 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -36,7 +36,6 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, uint32_t count, const char *string) { - WERROR werr = WERR_OK; char **new_array = NULL; if ((array == NULL) || (string == NULL)) { -- cgit From e8a680cdf391255fcbdacd1dcebc0f5a947408f1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 31 Dec 2007 01:14:44 +0100 Subject: Rename libnet_smbconf_key_exists() to libnet_smbconf_share_exists() and move it to the api section of libnet_conf.c Michael (This used to be commit 9b5d8f4d95ebfd47831906019e11227aecc83aa1) --- source3/libnet/libnet_conf.c | 48 ++++++++++++++++++++++---------------------- 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 8fe2c76ea3..1b13b5bdc9 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -100,26 +100,6 @@ static WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); } -/* - * check if a subkey of KEY_SMBCONF of a given name exists - */ -bool libnet_smbconf_key_exists(const char *subkeyname) -{ - bool ret = false; - WERROR werr = WERR_OK; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - struct registry_key *key = NULL; - - werr = libnet_smbconf_reg_open_path(mem_ctx, subkeyname, REG_KEY_READ, - &key); - if (W_ERROR_IS_OK(werr)) { - ret = true; - } - - TALLOC_FREE(mem_ctx); - return ret; -} - static bool libnet_smbconf_value_exists(struct registry_key *key, const char *param) { @@ -530,7 +510,7 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, } /* make sure "global" is always listed first */ - if (libnet_smbconf_key_exists(GLOBAL_NAME)) { + if (libnet_smbconf_share_exists(GLOBAL_NAME)) { werr = libnet_smbconf_add_string_to_array(tmp_ctx, &tmp_share_names, 0, GLOBAL_NAME); @@ -582,6 +562,26 @@ done: return werr; } +/** + * check if a share/service of a given name exists + */ +bool libnet_smbconf_share_exists(const char *subkeyname) +{ + bool ret = false; + WERROR werr = WERR_OK; + TALLOC_CTX *mem_ctx = talloc_stackframe(); + struct registry_key *key = NULL; + + werr = libnet_smbconf_reg_open_path(mem_ctx, subkeyname, REG_KEY_READ, + &key); + if (W_ERROR_IS_OK(werr)) { + ret = true; + } + + TALLOC_FREE(mem_ctx); + return ret; +} + /** * get a definition of a share (service) from configuration. */ @@ -638,7 +638,7 @@ WERROR libnet_smbconf_setparm(const char *service, struct registry_key *key = NULL; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_smbconf_key_exists(service)) { + if (!libnet_smbconf_share_exists(service)) { werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, &key); } else { @@ -673,7 +673,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - if (!libnet_smbconf_key_exists(service)) { + if (!libnet_smbconf_share_exists(service)) { werr = WERR_NO_SUCH_SERVICE; goto done; } @@ -716,7 +716,7 @@ WERROR libnet_smbconf_delparm(const char *service, WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_smbconf_key_exists(service)) { + if (!libnet_smbconf_share_exists(service)) { return WERR_NO_SUCH_SERVICE; } -- cgit From 8598bbbcb111103a592f4dcf25199a20b4de258c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 31 Dec 2007 03:57:45 +0100 Subject: Make the last two helper functions in libnet_conf.c static. Now the registry backend is completely hidden from the API. Michael (This used to be commit 5608c398ad9a0d05d651905a81dd92b7a0e120ff) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 1b13b5bdc9..21fe8572ea 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -120,9 +120,9 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, /* * create a subkey of KEY_SMBCONF */ -WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, - const char * subkeyname, - struct registry_key **newkey) +static WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, + const char * subkeyname, + struct registry_key **newkey) { WERROR werr = WERR_OK; struct registry_key *create_parent = NULL; @@ -162,7 +162,7 @@ done: /* * add a value to a key. */ -WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, +static WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, const char *valname, const char *valstr) { -- cgit From 83d74c10a27f2b90682f52fec677bfee67591400 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:35:09 +0100 Subject: Rename libnet_smbconf_reg_open_basepath() to libnet_smbconf_reg_open_basekey(). Michael (This used to be commit 9e953a94e9b3a060769938ef6af25623e446c180) --- source3/libnet/libnet_conf.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 21fe8572ea..2de4341e5d 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -93,9 +93,9 @@ done: /* * open the base key KEY_SMBCONF */ -static WERROR libnet_smbconf_reg_open_basepath(TALLOC_CTX *ctx, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_reg_open_basekey(TALLOC_CTX *ctx, + uint32 desired_access, + struct registry_key **key) { return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); } @@ -137,8 +137,8 @@ static WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, goto done; } - werr = libnet_smbconf_reg_open_basepath(create_ctx, REG_KEY_WRITE, - &create_parent); + werr = libnet_smbconf_reg_open_basekey(create_ctx, REG_KEY_WRITE, + &create_parent); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -520,9 +520,9 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, added_count++; } - werr = libnet_smbconf_reg_open_basepath(tmp_ctx, - SEC_RIGHTS_ENUM_SUBKEYS, - &key); + werr = libnet_smbconf_reg_open_basekey(tmp_ctx, + SEC_RIGHTS_ENUM_SUBKEYS, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -615,7 +615,7 @@ WERROR libnet_smbconf_delshare(const char *servicename) struct registry_key *key = NULL; TALLOC_CTX *ctx = talloc_stackframe(); - werr = libnet_smbconf_reg_open_basepath(ctx, REG_KEY_WRITE, &key); + werr = libnet_smbconf_reg_open_basekey(ctx, REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From 102fda5c2954b620bb68f0c6e4acf1e6510fd62a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:43:29 +0100 Subject: Choose a more apropriate parameter name. Michael (This used to be commit 39a73b6291fd028d44fc2712afa76abf1fcff9cb) --- source3/libnet/libnet_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 2de4341e5d..469c72e650 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -565,14 +565,14 @@ done: /** * check if a share/service of a given name exists */ -bool libnet_smbconf_share_exists(const char *subkeyname) +bool libnet_smbconf_share_exists(const char *servicename) { bool ret = false; WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_smbconf_reg_open_path(mem_ctx, subkeyname, REG_KEY_READ, + werr = libnet_smbconf_reg_open_path(mem_ctx, servicename, REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = true; -- cgit From d191bb126b778207e1eec7cb03e59554cdc88ada Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:44:47 +0100 Subject: Hey, it is 2008 now. :-) Michael (This used to be commit a1d3f60ea753a158447bb0208441453b76a0f3b9) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 469c72e650..ea8361a873 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * libnet smbconf registry Support - * Copyright (C) Michael Adam 2007 + * Copyright (C) Michael Adam 2007-2008 * Copyright (C) Guenther Deschner 2007 * * This program is free software; you can redistribute it and/or modify -- cgit From c995a633715fa225637211b88650d9436702778b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:49:53 +0100 Subject: Rename libnet_smbconf_reg_open_path() to libnet_smbconf_reg_open_service_key(). Michael (This used to be commit d95b4935d3a97ca9c4b7990bbcf4e85c81c79516) --- source3/libnet/libnet_conf.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ea8361a873..73949de8a1 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -54,13 +54,13 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, return WERR_OK; } -/* +/** * Open a subkey of KEY_SMBCONF (i.e a service) */ -static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *ctx, - const char *subkeyname, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, + const char *subkeyname, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; @@ -97,7 +97,8 @@ static WERROR libnet_smbconf_reg_open_basekey(TALLOC_CTX *ctx, uint32 desired_access, struct registry_key **key) { - return libnet_smbconf_reg_open_path(ctx, NULL, desired_access, key); + return libnet_smbconf_reg_open_service_key(ctx, NULL, desired_access, + key); } static bool libnet_smbconf_value_exists(struct registry_key *key, @@ -572,8 +573,8 @@ bool libnet_smbconf_share_exists(const char *servicename) TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_smbconf_reg_open_path(mem_ctx, servicename, REG_KEY_READ, - &key); + werr = libnet_smbconf_reg_open_service_key(mem_ctx, servicename, + REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = true; } @@ -592,8 +593,8 @@ WERROR libnet_smbconf_getshare(TALLOC_CTX *mem_ctx, const char *servicename, WERROR werr = WERR_OK; struct registry_key *key = NULL; - werr = libnet_smbconf_reg_open_path(mem_ctx, servicename, REG_KEY_READ, - &key); + werr = libnet_smbconf_reg_open_service_key(mem_ctx, servicename, + REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -642,8 +643,8 @@ WERROR libnet_smbconf_setparm(const char *service, werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, &key); } else { - werr = libnet_smbconf_reg_open_path(mem_ctx, service, - REG_KEY_WRITE, &key); + werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, + REG_KEY_WRITE, &key); } if (!W_ERROR_IS_OK(werr)) { goto done; @@ -678,8 +679,8 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - werr = libnet_smbconf_reg_open_path(mem_ctx, service, REG_KEY_READ, - &key); + werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, + REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -720,7 +721,8 @@ WERROR libnet_smbconf_delparm(const char *service, return WERR_NO_SUCH_SERVICE; } - werr = libnet_smbconf_reg_open_path(mem_ctx, service, REG_KEY_ALL, &key); + werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, + REG_KEY_ALL, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From a6fb71e55b583119c28e74e8aa54dd1b5a0fc3af Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:51:36 +0100 Subject: Use a better parameter name. Michael (This used to be commit 3972deb90c4b645fb4d207a7e132cd7e180e78bb) --- source3/libnet/libnet_conf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 73949de8a1..144026dbb5 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -58,7 +58,7 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, * Open a subkey of KEY_SMBCONF (i.e a service) */ static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, - const char *subkeyname, + const char *servicename, uint32 desired_access, struct registry_key **key) { @@ -71,10 +71,10 @@ static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, goto done; } - if (subkeyname == NULL) { + if (servicename == NULL) { path = talloc_strdup(ctx, KEY_SMBCONF); } else { - path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, subkeyname); + path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, servicename); } werr = reg_open_path(ctx, path, desired_access, -- cgit From b344dafa62a6d9e4af1063f612150cc9f9fe3b81 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:52:55 +0100 Subject: Fix setting of error code in error path. Michael (This used to be commit 8a7954a9ae13df527ccedb1004ee4f87d506ce5b) --- source3/libnet/libnet_conf.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 144026dbb5..514fd245ad 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -68,6 +68,8 @@ static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, if (!(token = registry_create_admin_token(ctx))) { DEBUG(1, ("Error creating admin token\n")); + /* what is the appropriate error code here? */ + werr = WERR_CAN_NOT_COMPLETE; goto done; } -- cgit From f9bb8a345ed311f74adc30b164383170048b8dc5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 00:53:34 +0100 Subject: Add debug output in error path. Michael (This used to be commit a58ccbc6d70613f7572bc80621935d81f9e290e3) --- source3/libnet/libnet_conf.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 514fd245ad..7980dbbe4c 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -371,6 +371,7 @@ WERROR libnet_smbconf_drop(void) enum winreg_CreateAction action; if (!(token = registry_create_admin_token(mem_ctx))) { + DEBUG(1, ("Error creating admin token\n")); /* what is the appropriate error code here? */ werr = WERR_CAN_NOT_COMPLETE; goto done; -- cgit From 3bf57a4d824b75dcbfea074e4e10d57f1d907682 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 01:07:30 +0100 Subject: Abstract opening of registry path out of libnet_smbconf_reg_open_service_key(). Creates new function libnet_smbconf_reg_open_path(). Use libnet_smbconf_reg_open_path() directly in libnet_smbconf_reg_open_basekey(). Return error in libnet_smbconf_reg_open_service_key() when NULL servicename is given. Michael (This used to be commit 1e46b479638c54e8bd7ba939bc7aba18a27b5155) --- source3/libnet/libnet_conf.c | 57 +++++++++++++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 7980dbbe4c..0bc7c63471 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -57,36 +57,61 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, /** * Open a subkey of KEY_SMBCONF (i.e a service) */ -static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, - const char *servicename, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, + const char *path, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; - char *path = NULL; NT_USER_TOKEN *token; - if (!(token = registry_create_admin_token(ctx))) { + if (path == NULL) { + DEBUG(1, ("Error: NULL path string given\n")); + werr = WERR_INVALID_PARAM; + goto done; + } + + token = registry_create_admin_token(mem_ctx); + if (token == NULL) { DEBUG(1, ("Error creating admin token\n")); /* what is the appropriate error code here? */ werr = WERR_CAN_NOT_COMPLETE; goto done; } - if (servicename == NULL) { - path = talloc_strdup(ctx, KEY_SMBCONF); - } else { - path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, servicename); - } - - werr = reg_open_path(ctx, path, desired_access, - token, key); + werr = reg_open_path(mem_ctx, path, desired_access, token, key); if (!W_ERROR_IS_OK(werr)) { DEBUG(1, ("Error opening registry path '%s': %s\n", path, dos_errstr(werr))); } +done: + return werr; +} + +/** + * Open a subkey of KEY_SMBCONF (i.e a service) + */ +static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, + const char *servicename, + uint32 desired_access, + struct registry_key **key) +{ + WERROR werr = WERR_OK; + char *path = NULL; + NT_USER_TOKEN *token; + + if (servicename == NULL) { + DEBUG(3, ("Error: NULL servicename given.\n")); + werr = WERR_INVALID_PARAM; + goto done; + } + + path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, servicename); + + werr = libnet_smbconf_reg_open_path(ctx, path, desired_access, key); + done: TALLOC_FREE(path); return werr; @@ -99,8 +124,8 @@ static WERROR libnet_smbconf_reg_open_basekey(TALLOC_CTX *ctx, uint32 desired_access, struct registry_key **key) { - return libnet_smbconf_reg_open_service_key(ctx, NULL, desired_access, - key); + return libnet_smbconf_reg_open_path(ctx, KEY_SMBCONF, desired_access, + key); } static bool libnet_smbconf_value_exists(struct registry_key *key, -- cgit From 3c9f7c7a64e886ae54beb4242b227a9a223520e1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 01:12:23 +0100 Subject: Use libnet_smbconf_reg_open_path() in libnet_smbconf_drop(). Replaces creation of token and direct use of reg_open_path. Michael (This used to be commit 7e407e18be0761e7004acfbd2376c3a435922c25) --- source3/libnet/libnet_conf.c | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 0bc7c63471..ca5b0c408f 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -395,13 +395,6 @@ WERROR libnet_smbconf_drop(void) TALLOC_CTX* mem_ctx = talloc_stackframe(); enum winreg_CreateAction action; - if (!(token = registry_create_admin_token(mem_ctx))) { - DEBUG(1, ("Error creating admin token\n")); - /* what is the appropriate error code here? */ - werr = WERR_CAN_NOT_COMPLETE; - goto done; - } - path = talloc_strdup(mem_ctx, KEY_SMBCONF); if (path == NULL) { werr = WERR_NOMEM; @@ -409,7 +402,8 @@ WERROR libnet_smbconf_drop(void) } p = strrchr(path, '\\'); *p = '\0'; - werr = reg_open_path(mem_ctx, path, REG_KEY_WRITE, token, &parent_key); + werr = libnet_smbconf_reg_open_path(mem_ctx, path, REG_KEY_WRITE, + &parent_key); if (!W_ERROR_IS_OK(werr)) { goto done; -- cgit From ad1cc905b2eef9ebfe727a6061aec62a22574c8b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 01:26:31 +0100 Subject: Don't leak: Use a temporary context for the admin token and free it. Michael (This used to be commit 9d7502115e0f6cdfd27943d52f0de04447582b92) --- source3/libnet/libnet_conf.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ca5b0c408f..995fc1b303 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -64,6 +64,7 @@ static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, { WERROR werr = WERR_OK; NT_USER_TOKEN *token; + TALLOC_CTX *tmp_ctx = NULL; if (path == NULL) { DEBUG(1, ("Error: NULL path string given\n")); @@ -71,7 +72,13 @@ static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, goto done; } - token = registry_create_admin_token(mem_ctx); + tmp_ctx = talloc_new(mem_ctx); + if (tmp_ctx == NULL) { + werr = WERR_NOMEM; + goto done; + } + + token = registry_create_admin_token(tmp_ctx); if (token == NULL) { DEBUG(1, ("Error creating admin token\n")); /* what is the appropriate error code here? */ @@ -87,6 +94,7 @@ static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, } done: + TALLOC_FREE(tmp_ctx); return werr; } -- cgit From 40079c4eb47b590a88ac8d568a5d5f039bc02af6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 10:39:19 +0100 Subject: Remove unused vars. Guenther (This used to be commit ff3f0006d167a9bca85919bf6115d73413554909) --- source3/libnet/libnet_conf.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 995fc1b303..ebdfd75744 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -108,7 +108,6 @@ static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, { WERROR werr = WERR_OK; char *path = NULL; - NT_USER_TOKEN *token; if (servicename == NULL) { DEBUG(3, ("Error: NULL servicename given.\n")); @@ -397,7 +396,6 @@ WERROR libnet_smbconf_drop(void) { char *path, *p; WERROR werr = WERR_OK; - NT_USER_TOKEN *token; struct registry_key *parent_key = NULL; struct registry_key *new_key = NULL; TALLOC_CTX* mem_ctx = talloc_stackframe(); -- cgit From fd597c7e6d1b5d89c75dd24f2b62916ec81a67ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 11:30:14 +0100 Subject: Add libnet_conf API function libnet_smbconf_create_share(). And make libnet_smbconf_setparm() return error if the share does not already exist. Adapt net_conf_addshare to this new situation. Michael (This used to be commit de349bd26db3341815f6d8f6c18a5ca1fd664dca) --- source3/libnet/libnet_conf.c | 31 ++++++++++++++++++++++++++----- 1 file changed, 26 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ebdfd75744..2c67d4735e 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -611,6 +611,27 @@ bool libnet_smbconf_share_exists(const char *servicename) return ret; } +/** + * Add a service if it does not already exist. + */ +WERROR libnet_smbconf_create_share(const char *servicename) +{ + WERROR werr; + TALLOC_CTX *mem_ctx = talloc_stackframe(); + struct registry_key *key = NULL; + + if (libnet_smbconf_share_exists(servicename)) { + werr = WERR_ALREADY_EXISTS; + goto done; + } + + werr = libnet_smbconf_reg_createkey_internal(mem_ctx, servicename, &key); + +done: + TALLOC_FREE(mem_ctx); + return werr; +} + /** * get a definition of a share (service) from configuration. */ @@ -668,12 +689,12 @@ WERROR libnet_smbconf_setparm(const char *service, TALLOC_CTX *mem_ctx = talloc_stackframe(); if (!libnet_smbconf_share_exists(service)) { - werr = libnet_smbconf_reg_createkey_internal(mem_ctx, service, - &key); - } else { - werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, - REG_KEY_WRITE, &key); + werr = WERR_NO_SUCH_SERVICE; + goto done; } + + werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, + REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From a750e223b3c6e78aa911a52eaa62c85af62f842b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 11:32:00 +0100 Subject: Rename libnet_smbconf_reg_createkey_internal to libnet_smbconf_reg_create_service_key. Michael (This used to be commit 08056a2c8160a44d27744467da467faea9ba0686) --- source3/libnet/libnet_conf.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 2c67d4735e..f435882b3b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -155,7 +155,7 @@ static bool libnet_smbconf_value_exists(struct registry_key *key, /* * create a subkey of KEY_SMBCONF */ -static WERROR libnet_smbconf_reg_createkey_internal(TALLOC_CTX *ctx, +static WERROR libnet_smbconf_reg_create_service_key(TALLOC_CTX *ctx, const char * subkeyname, struct registry_key **newkey) { @@ -625,7 +625,7 @@ WERROR libnet_smbconf_create_share(const char *servicename) goto done; } - werr = libnet_smbconf_reg_createkey_internal(mem_ctx, servicename, &key); + werr = libnet_smbconf_reg_create_service_key(mem_ctx, servicename, &key); done: TALLOC_FREE(mem_ctx); -- cgit From e0ea759807882091fac07e7b200ad82bc78fcc4f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 11:33:17 +0100 Subject: Fix a comment. Michael (This used to be commit 2d0c7fe44f075205db1713ef2d69006f7192c490) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index f435882b3b..304c53c0d0 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -55,7 +55,7 @@ static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, } /** - * Open a subkey of KEY_SMBCONF (i.e a service) + * Open a registry key specified by "path" */ static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, const char *path, -- cgit From 984aa7a1560a4d052a0c8260d230be4b89303bd7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 11:35:21 +0100 Subject: Rename libnet_smbconf_reg_setvalue_internal() to libnet_smbconf_reg_set_value(). Michael (This used to be commit 3fc3fee88afd9e8b6232afc140a07090b4215c23) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 304c53c0d0..01c4237f20 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -197,9 +197,9 @@ done: /* * add a value to a key. */ -static WERROR libnet_smbconf_reg_setvalue_internal(struct registry_key *key, - const char *valname, - const char *valstr) +static WERROR libnet_smbconf_reg_set_value(struct registry_key *key, + const char *valname, + const char *valstr) { struct registry_value val; WERROR werr = WERR_OK; @@ -699,7 +699,7 @@ WERROR libnet_smbconf_setparm(const char *service, goto done; } - werr = libnet_smbconf_reg_setvalue_internal(key, param, valstr); + werr = libnet_smbconf_reg_set_value(key, param, valstr); done: TALLOC_FREE(mem_ctx); -- cgit From b0994bead72bcd5f4346592be8264f5056612c95 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 13:17:15 +0100 Subject: In libnetjoin don't mix admin password with machine account pwd. Guenther (This used to be commit 5b2eec21c27f07653e2dbb75c0f9ab4a60736773) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6edcdb8945..ae3ed060fe 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -152,8 +152,8 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, goto done; } - E_md4hash(r->in.password, md4_trust_password); - encode_pw_buffer(pwbuf, r->in.password, STR_UNICODE); + E_md4hash(password, md4_trust_password); + encode_pw_buffer(pwbuf, password, STR_UNICODE); generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); digested_session_key = data_blob_talloc(mem_ctx, 0, 16); -- cgit From 46123918506112d02db42e19407057dd943b8720 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:31:23 +0100 Subject: Rename libnet_smbconf_add_string_to_array() to libnet_conf_add_string_to_array(). This is the start of making nomenclature more consistent (functions in libnet_conf.c should be called libnet_conf_*, not libnet_smbconf_* ... Michael (This used to be commit 0dd3967bfd88a4d90941e80134c549f5ade63ad0) --- source3/libnet/libnet_conf.c | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 01c4237f20..68726fa5d9 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -31,10 +31,10 @@ /** * add a string to a talloced array of strings. */ -static WERROR libnet_smbconf_add_string_to_array(TALLOC_CTX *mem_ctx, - char ***array, - uint32_t count, - const char *string) +static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, + char ***array, + uint32_t count, + const char *string) { char **new_array = NULL; @@ -346,19 +346,19 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, { char *valstring; - werr = libnet_smbconf_add_string_to_array(tmp_ctx, - &tmp_valnames, - count, valname); + werr = libnet_conf_add_string_to_array(tmp_ctx, + &tmp_valnames, + count, valname); if (!W_ERROR_IS_OK(werr)) { goto done; } valstring = libnet_smbconf_format_registry_value(tmp_ctx, valvalue); - werr = libnet_smbconf_add_string_to_array(tmp_ctx, - &tmp_valstrings, - count, - valstring); + werr = libnet_conf_add_string_to_array(tmp_ctx, + &tmp_valstrings, + count, + valstring); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -540,9 +540,9 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, /* make sure "global" is always listed first */ if (libnet_smbconf_share_exists(GLOBAL_NAME)) { - werr = libnet_smbconf_add_string_to_array(tmp_ctx, - &tmp_share_names, - 0, GLOBAL_NAME); + werr = libnet_conf_add_string_to_array(tmp_ctx, + &tmp_share_names, + 0, GLOBAL_NAME); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -565,10 +565,10 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, continue; } - werr = libnet_smbconf_add_string_to_array(tmp_ctx, - &tmp_share_names, - added_count, - subkey_name); + werr = libnet_conf_add_string_to_array(tmp_ctx, + &tmp_share_names, + added_count, + subkey_name); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From e598b93d2faf568c6ac03b0ca32dcf22fa0e1352 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:33:10 +0100 Subject: Rename libnet_smbconf_reg_open_path() to libnet_conf_reg_open_path(). Michael (This used to be commit 9868364e2c7827ac7914bee711a65d4456a5e366) --- source3/libnet/libnet_conf.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 68726fa5d9..86b2d8b605 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -57,10 +57,10 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, /** * Open a registry key specified by "path" */ -static WERROR libnet_smbconf_reg_open_path(TALLOC_CTX *mem_ctx, - const char *path, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, + const char *path, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; NT_USER_TOKEN *token; @@ -117,7 +117,7 @@ static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, servicename); - werr = libnet_smbconf_reg_open_path(ctx, path, desired_access, key); + werr = libnet_conf_reg_open_path(ctx, path, desired_access, key); done: TALLOC_FREE(path); @@ -131,8 +131,7 @@ static WERROR libnet_smbconf_reg_open_basekey(TALLOC_CTX *ctx, uint32 desired_access, struct registry_key **key) { - return libnet_smbconf_reg_open_path(ctx, KEY_SMBCONF, desired_access, - key); + return libnet_conf_reg_open_path(ctx, KEY_SMBCONF, desired_access, key); } static bool libnet_smbconf_value_exists(struct registry_key *key, @@ -408,8 +407,8 @@ WERROR libnet_smbconf_drop(void) } p = strrchr(path, '\\'); *p = '\0'; - werr = libnet_smbconf_reg_open_path(mem_ctx, path, REG_KEY_WRITE, - &parent_key); + werr = libnet_conf_reg_open_path(mem_ctx, path, REG_KEY_WRITE, + &parent_key); if (!W_ERROR_IS_OK(werr)) { goto done; -- cgit From dde8701b85d88a5536a21d80a161c67c7e8634c9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:36:25 +0100 Subject: Rename libnet_smbconf_reg_open_service_key() to libnet_conf_reg_open_service_key(). Michael (This used to be commit 4d86d2dd6f0a577e446ccb4b362b3cd80f819600) --- source3/libnet/libnet_conf.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 86b2d8b605..735fddcfd2 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -101,10 +101,10 @@ done: /** * Open a subkey of KEY_SMBCONF (i.e a service) */ -static WERROR libnet_smbconf_reg_open_service_key(TALLOC_CTX *ctx, - const char *servicename, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *ctx, + const char *servicename, + uint32 desired_access, + struct registry_key **key) { WERROR werr = WERR_OK; char *path = NULL; @@ -600,8 +600,8 @@ bool libnet_smbconf_share_exists(const char *servicename) TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_smbconf_reg_open_service_key(mem_ctx, servicename, - REG_KEY_READ, &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, servicename, + REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = true; } @@ -641,8 +641,8 @@ WERROR libnet_smbconf_getshare(TALLOC_CTX *mem_ctx, const char *servicename, WERROR werr = WERR_OK; struct registry_key *key = NULL; - werr = libnet_smbconf_reg_open_service_key(mem_ctx, servicename, - REG_KEY_READ, &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, servicename, + REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -692,8 +692,8 @@ WERROR libnet_smbconf_setparm(const char *service, goto done; } - werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, - REG_KEY_WRITE, &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_WRITE, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -727,8 +727,8 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, - REG_KEY_READ, &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_READ, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -769,8 +769,8 @@ WERROR libnet_smbconf_delparm(const char *service, return WERR_NO_SUCH_SERVICE; } - werr = libnet_smbconf_reg_open_service_key(mem_ctx, service, - REG_KEY_ALL, &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_ALL, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From cd84256866d6d2bbd7494b67ae96c3546902e794 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:38:55 +0100 Subject: Rename libnet_smbconf_reg_open_basekey() to libnet_conf_reg_open_base_key(). Michael (This used to be commit c2ba52b2c34abc42b4ff7945715dc36e08a2f112) --- source3/libnet/libnet_conf.c | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 735fddcfd2..53d70bd4f6 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -127,9 +127,9 @@ done: /* * open the base key KEY_SMBCONF */ -static WERROR libnet_smbconf_reg_open_basekey(TALLOC_CTX *ctx, - uint32 desired_access, - struct registry_key **key) +static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *ctx, + uint32 desired_access, + struct registry_key **key) { return libnet_conf_reg_open_path(ctx, KEY_SMBCONF, desired_access, key); } @@ -171,8 +171,8 @@ static WERROR libnet_smbconf_reg_create_service_key(TALLOC_CTX *ctx, goto done; } - werr = libnet_smbconf_reg_open_basekey(create_ctx, REG_KEY_WRITE, - &create_parent); + werr = libnet_conf_reg_open_base_key(create_ctx, REG_KEY_WRITE, + &create_parent); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -548,9 +548,8 @@ WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, added_count++; } - werr = libnet_smbconf_reg_open_basekey(tmp_ctx, - SEC_RIGHTS_ENUM_SUBKEYS, - &key); + werr = libnet_conf_reg_open_base_key(tmp_ctx, SEC_RIGHTS_ENUM_SUBKEYS, + &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -664,7 +663,7 @@ WERROR libnet_smbconf_delshare(const char *servicename) struct registry_key *key = NULL; TALLOC_CTX *ctx = talloc_stackframe(); - werr = libnet_smbconf_reg_open_basekey(ctx, REG_KEY_WRITE, &key); + werr = libnet_conf_reg_open_base_key(ctx, REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From d3e54d913c705337d3caf88ee72d38c7f45f0949 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:40:40 +0100 Subject: Rename libnet_smbconf_value_exists() to libnet_conf_value_exists(). Michael (This used to be commit 49f740797bb7fc5edacbd4c3e8b1eb1aab131ea4) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 53d70bd4f6..0032d549eb 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -134,8 +134,8 @@ static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *ctx, return libnet_conf_reg_open_path(ctx, KEY_SMBCONF, desired_access, key); } -static bool libnet_smbconf_value_exists(struct registry_key *key, - const char *param) +static bool libnet_conf_value_exists(struct registry_key *key, + const char *param) { bool ret = false; WERROR werr = WERR_OK; @@ -732,7 +732,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - if (!libnet_smbconf_value_exists(key, param)) { + if (!libnet_conf_value_exists(key, param)) { werr = WERR_INVALID_PARAM; goto done; } @@ -774,7 +774,7 @@ WERROR libnet_smbconf_delparm(const char *service, goto done; } - if (!libnet_smbconf_value_exists(key, param)) { + if (!libnet_conf_value_exists(key, param)) { werr = WERR_INVALID_PARAM; goto done; } -- cgit From 340cb434db8d3e063a2fb15cb74e550e90c4cf95 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:42:40 +0100 Subject: Rename libnet_smbconf_reg_create_service_key() to libnet_conf_reg_create_service_key(). Michael (This used to be commit cd1846943cbcc02ea9fa3b9237bd02e667a475db) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 0032d549eb..b88242ef8a 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -154,9 +154,9 @@ static bool libnet_conf_value_exists(struct registry_key *key, /* * create a subkey of KEY_SMBCONF */ -static WERROR libnet_smbconf_reg_create_service_key(TALLOC_CTX *ctx, - const char * subkeyname, - struct registry_key **newkey) +static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *ctx, + const char * subkeyname, + struct registry_key **newkey) { WERROR werr = WERR_OK; struct registry_key *create_parent = NULL; @@ -623,7 +623,7 @@ WERROR libnet_smbconf_create_share(const char *servicename) goto done; } - werr = libnet_smbconf_reg_create_service_key(mem_ctx, servicename, &key); + werr = libnet_conf_reg_create_service_key(mem_ctx, servicename, &key); done: TALLOC_FREE(mem_ctx); -- cgit From 547c3583e42e22e42432a10c79803219ee043dc7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:43:34 +0100 Subject: Rename libnet_smbconf_reg_set_value() to libnet_conf_reg_set_value(). Michael (This used to be commit 96b2923bc3c57700352869627c38609529d53cd2) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index b88242ef8a..594e1f7a1d 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -196,9 +196,9 @@ done: /* * add a value to a key. */ -static WERROR libnet_smbconf_reg_set_value(struct registry_key *key, - const char *valname, - const char *valstr) +static WERROR libnet_conf_reg_set_value(struct registry_key *key, + const char *valname, + const char *valstr) { struct registry_value val; WERROR werr = WERR_OK; @@ -697,7 +697,7 @@ WERROR libnet_smbconf_setparm(const char *service, goto done; } - werr = libnet_smbconf_reg_set_value(key, param, valstr); + werr = libnet_conf_reg_set_value(key, param, valstr); done: TALLOC_FREE(mem_ctx); -- cgit From 6ab11e5f981618f58ebd82b89a79846ac048aadf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:45:14 +0100 Subject: Rename libnet_smbconf_format_registry_value() to libnet_conf_format_registry_value(). Michael (This used to be commit 3f9f35335127a673639fa30c88cdea6c79f04b92) --- source3/libnet/libnet_conf.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 594e1f7a1d..9a0cd9ff2f 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -270,8 +270,8 @@ done: * which are ar stored as REG_SZ values, so the incomplete * handling should be ok. */ -static char *libnet_smbconf_format_registry_value(TALLOC_CTX *mem_ctx, - struct registry_value *value) +static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx, + struct registry_value *value) { char *result = NULL; @@ -352,8 +352,8 @@ static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, goto done; } - valstring = libnet_smbconf_format_registry_value(tmp_ctx, - valvalue); + valstring = libnet_conf_format_registry_value(tmp_ctx, + valvalue); werr = libnet_conf_add_string_to_array(tmp_ctx, &tmp_valstrings, count, @@ -742,7 +742,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - *valstr = libnet_smbconf_format_registry_value(mem_ctx, value); + *valstr = libnet_conf_format_registry_value(mem_ctx, value); if (*valstr == NULL) { werr = WERR_NOMEM; -- cgit From 12a0cd531060f6a54c7600f3682bbb37fe91bac1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:46:45 +0100 Subject: Rename libnet_smbconf_reg_get_values() to libnet_conf_reg_get_values(). Now all internal helper functions are converted to the consistent naming scheme. Michael (This used to be commit c23e6636a886d93b98c9439ba081def0385f67ac) --- source3/libnet/libnet_conf.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 9a0cd9ff2f..191692dc62 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -311,11 +311,11 @@ static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx, * Get the values of a key as a list of value names * and a list of value strings (ordered) */ -static WERROR libnet_smbconf_reg_get_values(TALLOC_CTX *mem_ctx, - struct registry_key *key, - uint32_t *num_values, - char ***value_names, - char ***value_strings) +static WERROR libnet_conf_reg_get_values(TALLOC_CTX *mem_ctx, + struct registry_key *key, + uint32_t *num_values, + char ***value_names, + char ***value_strings) { TALLOC_CTX *tmp_ctx = NULL; WERROR werr = WERR_OK; @@ -646,8 +646,8 @@ WERROR libnet_smbconf_getshare(TALLOC_CTX *mem_ctx, const char *servicename, goto done; } - werr = libnet_smbconf_reg_get_values(mem_ctx, key, num_params, - param_names, param_values); + werr = libnet_conf_reg_get_values(mem_ctx, key, num_params, + param_names, param_values); done: TALLOC_FREE(key); -- cgit From 05ff62cf78447dc8caacf4a9d0b4b746f8d8e481 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:48:56 +0100 Subject: Rename libnet_smbconf_drop() to libnet_conf_drop(). Michael (This used to be commit 42ae33a96228e916d7d530d844be6937a80d4fea) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 191692dc62..f9f1759de2 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -391,7 +391,7 @@ done: /** * Drop the whole configuration (restarting empty). */ -WERROR libnet_smbconf_drop(void) +WERROR libnet_conf_drop(void) { char *path, *p; WERROR werr = WERR_OK; -- cgit From 90837d048b18ae72199b6f7ed7e1d17b0cc71102 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:50:55 +0100 Subject: Rename libnet_smbconf_get_config() to libnet_conf_get_config(). Michael (This used to be commit e8f7c07699b5b93acd81b24bca908769f0b5e8d8) --- source3/libnet/libnet_conf.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index f9f1759de2..ec055439d7 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -437,9 +437,9 @@ done: * param_names : list of lists of parameter names for each share * param_values : list of lists of parameter values for each share */ -WERROR libnet_smbconf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, - char ***share_names, uint32_t **num_params, - char ****param_names, char ****param_values) +WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, + char ***share_names, uint32_t **num_params, + char ****param_names, char ****param_values) { WERROR werr = WERR_OK; TALLOC_CTX *tmp_ctx = NULL; -- cgit From daf1a460c821f247c43c22f1e26785d3acdb3ac3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:53:04 +0100 Subject: Rename libnet_smbconf_get_share_names() to libnet_conf_get_share_names(). Michael (This used to be commit 2e4beee66b3672c3259b312aca3d482598731119) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ec055439d7..3cd3933b1f 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -464,8 +464,8 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, goto done; } - werr = libnet_smbconf_get_share_names(tmp_ctx, &tmp_num_shares, - &tmp_share_names); + werr = libnet_conf_get_share_names(tmp_ctx, &tmp_num_shares, + &tmp_share_names); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -515,8 +515,8 @@ done: /** * get the list of share names defined in the configuration. */ -WERROR libnet_smbconf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, - char ***share_names) +WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, + char ***share_names) { uint32_t count; uint32_t added_count = 0; -- cgit From 630de5f555b7fb897e1bb700b2a0a3d8d611e9bd Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:54:31 +0100 Subject: Rename libnet_smbconf_share_exists() to libnet_conf_share_exists(). Michael (This used to be commit 3258758e5c8dfc2c681e1285cb34aaacae697a55) --- source3/libnet/libnet_conf.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3cd3933b1f..cf11a42329 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -538,7 +538,7 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, } /* make sure "global" is always listed first */ - if (libnet_smbconf_share_exists(GLOBAL_NAME)) { + if (libnet_conf_share_exists(GLOBAL_NAME)) { werr = libnet_conf_add_string_to_array(tmp_ctx, &tmp_share_names, 0, GLOBAL_NAME); @@ -592,7 +592,7 @@ done: /** * check if a share/service of a given name exists */ -bool libnet_smbconf_share_exists(const char *servicename) +bool libnet_conf_share_exists(const char *servicename) { bool ret = false; WERROR werr = WERR_OK; @@ -618,7 +618,7 @@ WERROR libnet_smbconf_create_share(const char *servicename) TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - if (libnet_smbconf_share_exists(servicename)) { + if (libnet_conf_share_exists(servicename)) { werr = WERR_ALREADY_EXISTS; goto done; } @@ -686,7 +686,7 @@ WERROR libnet_smbconf_setparm(const char *service, struct registry_key *key = NULL; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_smbconf_share_exists(service)) { + if (!libnet_conf_share_exists(service)) { werr = WERR_NO_SUCH_SERVICE; goto done; } @@ -721,7 +721,7 @@ WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, goto done; } - if (!libnet_smbconf_share_exists(service)) { + if (!libnet_conf_share_exists(service)) { werr = WERR_NO_SUCH_SERVICE; goto done; } @@ -764,7 +764,7 @@ WERROR libnet_smbconf_delparm(const char *service, WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_smbconf_share_exists(service)) { + if (!libnet_conf_share_exists(service)) { return WERR_NO_SUCH_SERVICE; } -- cgit From 3f3a29ed509916751e8ead326dba3e2221cab199 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:55:43 +0100 Subject: Rename libnet_smbconf_create_share() to libnet_conf_create_share(). Michael (This used to be commit 6bc4ee210855dbfbee9e86b59e90b08ecb3a9df9) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index cf11a42329..be45e30d50 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -612,7 +612,7 @@ bool libnet_conf_share_exists(const char *servicename) /** * Add a service if it does not already exist. */ -WERROR libnet_smbconf_create_share(const char *servicename) +WERROR libnet_conf_create_share(const char *servicename) { WERROR werr; TALLOC_CTX *mem_ctx = talloc_stackframe(); -- cgit From e1aa474a32a8b6faa952ad4e9e2e91b8727ad56e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 13:59:14 +0100 Subject: Rename libnet_smbconf_getshare() to libnet_conf_get_share(). Michael (This used to be commit 1575612f1936312125e7778a9a4227e444ea36cf) --- source3/libnet/libnet_conf.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index be45e30d50..594dea9603 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -482,10 +482,10 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, } for (count = 0; count < tmp_num_shares; count++) { - werr = libnet_smbconf_getshare(mem_ctx, tmp_share_names[count], - &tmp_num_params[count], - &tmp_param_names[count], - &tmp_param_values[count]); + werr = libnet_conf_get_share(mem_ctx, tmp_share_names[count], + &tmp_num_params[count], + &tmp_param_names[count], + &tmp_param_values[count]); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -633,9 +633,9 @@ done: /** * get a definition of a share (service) from configuration. */ -WERROR libnet_smbconf_getshare(TALLOC_CTX *mem_ctx, const char *servicename, - uint32_t *num_params, char ***param_names, - char ***param_values) +WERROR libnet_conf_get_share(TALLOC_CTX *mem_ctx, const char *servicename, + uint32_t *num_params, char ***param_names, + char ***param_values) { WERROR werr = WERR_OK; struct registry_key *key = NULL; -- cgit From e89411effda51f9012d1830d18adcb968637baac Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:01:50 +0100 Subject: Rename libnet_smbconf_delshare() to libnet_conf_delete_share(). Michael (This used to be commit 2075baf551ca7fc6bcee6b93f63fd7fbf75f9a50) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 594dea9603..0f11bbbc49 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -657,7 +657,7 @@ done: /** * delete a service from configuration */ -WERROR libnet_smbconf_delshare(const char *servicename) +WERROR libnet_conf_delete_share(const char *servicename) { WERROR werr = WERR_OK; struct registry_key *key = NULL; -- cgit From b9f904b59d867c290675ec1013218ba7333253c5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:06:09 +0100 Subject: Rename libnet_smbconf_setparm() to libnet_conf_set_parameter(). Michael (This used to be commit e00cb415d30b3e72ccfb7e5c366c95ec0f9c6247) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 0f11bbbc49..ad9ae4994b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -678,9 +678,9 @@ done: /** * set a configuration parameter to the value provided. */ -WERROR libnet_smbconf_setparm(const char *service, - const char *param, - const char *valstr) +WERROR libnet_conf_set_parameter(const char *service, + const char *param, + const char *valstr) { WERROR werr; struct registry_key *key = NULL; @@ -796,6 +796,6 @@ done: WERROR libnet_smbconf_set_global_param(const char *param, const char *val) { - return libnet_smbconf_setparm(GLOBAL_NAME, param, val); + return libnet_conf_set_parameter(GLOBAL_NAME, param, val); } -- cgit From 55771b356d632ffe7d1d773670a71366e3d7302a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:08:45 +0100 Subject: Rename libnet_smbconf_getparm() to libnet_conf_get_parameter(). Michael (This used to be commit d08556dbc7071933feaeec538f01ac8f6a637b1d) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ad9ae4994b..f5504b78d5 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -707,10 +707,10 @@ done: /** * get the value of a configuration parameter as a string */ -WERROR libnet_smbconf_getparm(TALLOC_CTX *mem_ctx, - const char *service, - const char *param, - char **valstr) +WERROR libnet_conf_get_parameter(TALLOC_CTX *mem_ctx, + const char *service, + const char *param, + char **valstr) { WERROR werr = WERR_OK; struct registry_key *key = NULL; -- cgit From 2476254ccdf629d7889b9cff458a6e1097fc71ba Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:11:20 +0100 Subject: Rename libnet_smbconf_delparm() to libnet_conf_delete_parameter(). Michael (This used to be commit 073eeca51e46da6a687175aadbfdbb9e029532d6) --- source3/libnet/libnet_conf.c | 3 +-- source3/libnet/libnet_join.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index f5504b78d5..fbe47b212b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -757,8 +757,7 @@ done: /** * delete a parameter from configuration */ -WERROR libnet_smbconf_delparm(const char *service, - const char *param) +WERROR libnet_conf_delete_parameter(const char *service, const char *param) { struct registry_key *key = NULL; WERROR werr = WERR_OK; diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index ae3ed060fe..00ab608274 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -379,7 +379,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) W_ERROR_NOT_OK_RETURN(werr); } - werr = libnet_smbconf_delparm("GLOBAL", "realm"); + werr = libnet_conf_delete_parameter("GLOBAL", "realm"); return werr; } -- cgit From 5655ae7a2468e8fc93b1a8d9ac4b2f35abbf3703 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:15:05 +0100 Subject: Rename libnet_smbconf_set_global_param() to libnet_conf_set_global_parameter(). Now all functions are converted to the consistent naming scheme. Michael (This used to be commit a559533c0c8a80f3f4078bbc2675de395359485f) --- source3/libnet/libnet_conf.c | 4 ++-- source3/libnet/libnet_join.c | 18 +++++++++--------- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index fbe47b212b..ea3f708883 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -792,8 +792,8 @@ done: * **********************************************************************/ -WERROR libnet_smbconf_set_global_param(const char *param, - const char *val) +WERROR libnet_conf_set_global_parameter(const char *param, + const char *val) { return libnet_conf_set_parameter(GLOBAL_NAME, param, val); } diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 00ab608274..478cccf725 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -338,11 +338,11 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { - werr = libnet_smbconf_set_global_param("security", "user"); + werr = libnet_conf_set_global_parameter("security", "user"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param("workgroup", - r->in.domain_name); + werr = libnet_conf_set_global_parameter("workgroup", + r->in.domain_name); return werr; } @@ -350,18 +350,18 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) is_ad = true; } - werr = libnet_smbconf_set_global_param("security", "domain"); + werr = libnet_conf_set_global_parameter("security", "domain"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param("workgroup", - r->out.netbios_domain_name); + werr = libnet_conf_set_global_parameter("workgroup", + r->out.netbios_domain_name); W_ERROR_NOT_OK_RETURN(werr); if (is_ad) { - werr = libnet_smbconf_set_global_param("security", "ads"); + werr = libnet_conf_set_global_parameter("security", "ads"); W_ERROR_NOT_OK_RETURN(werr); - werr = libnet_smbconf_set_global_param("realm", + werr = libnet_conf_set_global_parameter("realm", r->out.dns_domain_name); W_ERROR_NOT_OK_RETURN(werr); } @@ -375,7 +375,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = libnet_smbconf_set_global_param("security", "user"); + werr = libnet_conf_set_global_parameter("security", "user"); W_ERROR_NOT_OK_RETURN(werr); } -- cgit From 30829d1bdad9387650486f05280a2061af19796a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:17:42 +0100 Subject: Use GLOBAL_NAME constant. Michael (This used to be commit 4c404d627ccfaf1c17f4b6b1ebab6fce357d9ab1) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 478cccf725..c289ad33e5 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -379,7 +379,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) W_ERROR_NOT_OK_RETURN(werr); } - werr = libnet_conf_delete_parameter("GLOBAL", "realm"); + werr = libnet_conf_delete_parameter(GLOBAL_NAME, "realm"); return werr; } -- cgit From 6dce6ba0a6551c4db29ccf51e346f20ea1f8430e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 14:34:31 +0100 Subject: Add a comment header and do some slight reformatting. Michael (This used to be commit 5d557e3f95b8d53114c25ba7fa3e564a50be9e05) --- source3/libnet/libnet_conf.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ea3f708883..86ef3e5517 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -124,7 +124,7 @@ done: return werr; } -/* +/** * open the base key KEY_SMBCONF */ static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *ctx, @@ -134,6 +134,9 @@ static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *ctx, return libnet_conf_reg_open_path(ctx, KEY_SMBCONF, desired_access, key); } +/** + * check if a value exists in a given registry key + */ static bool libnet_conf_value_exists(struct registry_key *key, const char *param) { @@ -151,7 +154,7 @@ static bool libnet_conf_value_exists(struct registry_key *key, return ret; } -/* +/** * create a subkey of KEY_SMBCONF */ static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *ctx, @@ -193,7 +196,7 @@ done: return werr; } -/* +/** * add a value to a key. */ static WERROR libnet_conf_reg_set_value(struct registry_key *key, @@ -792,8 +795,7 @@ done: * **********************************************************************/ -WERROR libnet_conf_set_global_parameter(const char *param, - const char *val) +WERROR libnet_conf_set_global_parameter(const char *param, const char *val) { return libnet_conf_set_parameter(GLOBAL_NAME, param, val); } -- cgit From 5470f8f638505b8dccc11ca0038632aa472608d8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 3 Jan 2008 15:33:09 +0100 Subject: Make libnet_conf handle opening/initialization of the registry. Open state is currently tracked by a global variable to avoid double initialization. Later, this can possibly be replaced by a conf-context created by an initialization function and passed around to the other api functions. Michael (This used to be commit 77713e776405800ac54c692a77cd4efd153042cb) --- source3/libnet/libnet_conf.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 86ef3e5517..665261723b 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -21,6 +21,11 @@ #include "includes.h" #include "libnet/libnet.h" +/* + * yuck - static variable to keep track of the registry initialization. + */ +static bool registry_initialized = false; + /********************************************************************** * * Helper functions (mostly registry related) @@ -54,6 +59,26 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, return WERR_OK; } +static WERROR libnet_conf_reg_initialize(void) +{ + WERROR werr = WERR_OK; + + if (registry_initialized) { + goto done; + } + + if (!registry_init_regdb()) { + /* proper error code? */ + werr = WERR_GENERAL_FAILURE; + goto done; + } + + registry_initialized = true; + +done: + return werr; +} + /** * Open a registry key specified by "path" */ @@ -78,6 +103,13 @@ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, goto done; } + werr = libnet_conf_reg_initialize(); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(1, ("Error initializing registry: %s\n", + dos_errstr(werr))); + goto done; + } + token = registry_create_admin_token(tmp_ctx); if (token == NULL) { DEBUG(1, ("Error creating admin token\n")); -- cgit From 192700bd08ba893cad9fb38f80231ad7cf9eb89f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jan 2008 16:46:26 +0100 Subject: Use different error code for libnet_conf initialization failure. Guenther (This used to be commit 65537eae842065a1dd68d8e532e61502b61e1dbe) --- source3/libnet/libnet_conf.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 665261723b..c8e55a70b2 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -68,8 +68,7 @@ static WERROR libnet_conf_reg_initialize(void) } if (!registry_init_regdb()) { - /* proper error code? */ - werr = WERR_GENERAL_FAILURE; + werr = WERR_REG_IO_FAILURE; goto done; } -- cgit From 8dc1bf89a7ab78eb88a796e8d09e563b4d7d9649 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 11:21:53 +0100 Subject: Robustness fix for libnet join when unjoining. Guenther (This used to be commit d7f01d940feb7dfedb6c4b8b88f5443434e03428) --- source3/libnet/libnet_join.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c289ad33e5..70777df247 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -319,10 +319,11 @@ static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, } done: - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); - rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol); - - cli_rpc_pipe_close(pipe_hnd); + if (pipe_hnd) { + rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol); + cli_rpc_pipe_close(pipe_hnd); + } if (cli) { cli_shutdown(cli); -- cgit From 0399df22f0f0999338e48d7b9598a7b2f7b9aab5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 17:01:52 +0100 Subject: In libnet_join finally separate the admin from the machine pwd entirely. Guenther (This used to be commit d88bb94f0ef00ddbb48498797bd11448e0d74645) --- source3/libnet/libnet_join.c | 28 +++++++++++++++------------- source3/libnet/libnet_join.h | 7 ++++--- 2 files changed, 19 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 70777df247..26b4320267 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * libnet Join Support * Copyright (C) Gerald (Jerry) Carter 2006 - * Copyright (C) Guenther Deschner 2007 + * Copyright (C) Guenther Deschner 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,7 +27,6 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - const char *password = NULL; POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; @@ -46,17 +45,19 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, DATA_BLOB digested_session_key; uchar md4_trust_password[16]; - password = talloc_strdup(mem_ctx, - generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); - NT_STATUS_HAVE_NO_MEMORY(password); + if (!r->in.machine_password) { + r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); + NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); + } status = cli_full_connection(&cli, NULL, r->in.server_name, NULL, 0, "IPC$", "IPC", r->in.admin_account, - NULL, //r->in.domain_name, - r->in.password, - 0, Undefined, NULL); + NULL, + r->in.admin_password, + 0, + Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -152,15 +153,16 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, goto done; } - E_md4hash(password, md4_trust_password); - encode_pw_buffer(pwbuf, password, STR_UNICODE); + E_md4hash(r->in.machine_password, md4_trust_password); + encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); digested_session_key = data_blob_talloc(mem_ctx, 0, 16); MD5Init(&md5ctx); MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); - MD5Update(&md5ctx, cli->user_session_key.data, cli->user_session_key.length); + MD5Update(&md5ctx, cli->user_session_key.data, + cli->user_session_key.length); MD5Final(digested_session_key.data, &md5ctx); SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); @@ -237,8 +239,8 @@ static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, NULL, 0, "IPC$", "IPC", r->in.admin_account, - NULL, //r->in.domain_name, - r->in.password, + NULL, + r->in.admin_password, 0, Undefined, NULL); if (!NT_STATUS_IS_OK(status)) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 46ab27e8b0..85c756f77b 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -1,7 +1,7 @@ /* * Unix SMB/CIFS implementation. * libnet Join Support - * Copyright (C) Guenther Deschner 2007 + * Copyright (C) Guenther Deschner 2007-2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -26,7 +26,8 @@ struct libnet_JoinCtx { const char *domain_name; const char *account_ou; const char *admin_account; - const char *password; + const char *admin_password; + const char *machine_password; uint32_t join_flags; const char *os_version; const char *os_string; @@ -50,7 +51,7 @@ struct libnet_UnjoinCtx { const char *server_name; const char *domain_name; const char *admin_account; - const char *password; + const char *admin_password; uint32_t unjoin_flags; bool modify_config; struct dom_sid *domain_sid; -- cgit From 6f84ea9cd78e72b324ab6fad654b9aa109364d82 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 17:09:21 +0100 Subject: Separate out storing and removing secrets in libnet_join/unjoin. Guenther (This used to be commit b59ca2d9c3375c0d0b9f585e48d718689586bb92) --- source3/libnet/libnet_join.c | 76 ++++++++++++++++++++++++++------------------ 1 file changed, 45 insertions(+), 31 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 26b4320267..bd52ab7064 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -22,8 +22,27 @@ #include "libnet/libnet_join.h" #include "libnet/libnet_proto.h" -static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + if (!secrets_store_domain_sid(r->out.netbios_domain_name, + r->out.domain_sid)) + { + return false; + } + + if (!secrets_store_machine_password(r->in.machine_password, + r->out.netbios_domain_name, + SEC_CHAN_WKSTA)) + { + return false; + } + + return true; +} + +static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; @@ -196,21 +215,6 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); cli_rpc_pipe_close(pipe_hnd); - if (!secrets_store_domain_sid(r->out.netbios_domain_name, - r->out.domain_sid)) - { - status = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - if (!secrets_store_machine_password(password, - r->out.netbios_domain_name, - SEC_CHAN_WKSTA)) - { - status = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - status = NT_STATUS_OK; done: if (cli) { @@ -220,8 +224,22 @@ static NTSTATUS do_DomainJoin(TALLOC_CTX *mem_ctx, return status; } -static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, - struct libnet_UnjoinCtx *r) +static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + if (!secrets_delete_machine_password_ex(lp_workgroup())) { + return false; + } + + if (!secrets_delete_domain_sid(lp_workgroup())) { + return false; + } + + return true; +} + +static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) { struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; @@ -310,16 +328,6 @@ static NTSTATUS do_DomainUnjoin(TALLOC_CTX *mem_ctx, rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); - if (!secrets_delete_machine_password_ex(lp_workgroup())) { - status = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - if (!secrets_delete_domain_sid(lp_workgroup())) { - status = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - done: if (pipe_hnd) { rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); @@ -484,13 +492,17 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - status = do_DomainJoin(mem_ctx, r); + status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { return WERR_SETUP_ALREADY_JOINED; } return ntstatus_to_werror(status); } + + if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { + return WERR_SETUP_NOT_JOINED; + } } werr = do_JoinConfig(r); @@ -513,13 +525,15 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - status = do_DomainUnjoin(mem_ctx, r); + status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { return WERR_SETUP_NOT_JOINED; } return ntstatus_to_werror(status); } + + libnet_join_unjoindomain_remove_secrets(mem_ctx, r); } werr = do_UnjoinConfig(r); -- cgit From 28ef4878d937405340cc1984ef674ad0b670ef0c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 17:11:14 +0100 Subject: Rename server_name to dc_name in libnet join structures. Guenther (This used to be commit ff5e15b1ba0d5c39ceef9f9995c107e510162564) --- source3/libnet/libnet_join.c | 6 ++++-- source3/libnet/libnet_join.h | 5 +++-- 2 files changed, 7 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bd52ab7064..95b643ffa6 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -69,7 +69,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); } - status = cli_full_connection(&cli, NULL, r->in.server_name, + status = cli_full_connection(&cli, NULL, + r->in.dc_name, NULL, 0, "IPC$", "IPC", r->in.admin_account, @@ -253,7 +254,8 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, SAM_USERINFO_CTR ctr, *qctr = NULL; SAM_USER_INFO_16 p16; - status = cli_full_connection(&cli, NULL, r->in.server_name, + status = cli_full_connection(&cli, NULL, + r->in.dc_name, NULL, 0, "IPC$", "IPC", r->in.admin_account, diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 85c756f77b..9e7b8a9813 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -22,7 +22,8 @@ struct libnet_JoinCtx { struct { - const char *server_name; + const char *dc_name; + const char *machine_name; const char *domain_name; const char *account_ou; const char *admin_account; @@ -48,7 +49,7 @@ struct libnet_JoinCtx { struct libnet_UnjoinCtx { struct { - const char *server_name; + const char *dc_name; const char *domain_name; const char *admin_account; const char *admin_password; -- cgit From 6345220151c4b09380b0b461f51309c043052916 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 4 Jan 2008 23:11:53 +0100 Subject: Only create machine account in libnetjoin when requested to. Guenther (This used to be commit bc025a3860483e8cdbd0f61579689c9edadd3af0) --- source3/libnet/libnet_join.c | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 95b643ffa6..36d5c0a889 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -138,17 +138,21 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, strlower_m(acct_name); const_acct_name = acct_name; - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, - acct_name, ACB_WSTRUST, - 0xe005000b, &user_pol, &user_rid); - if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { - goto done; + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, + &domain_pol, + acct_name, ACB_WSTRUST, + 0xe005000b, &user_pol, + &user_rid); + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { + goto done; + } } - } - if (NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + if (NT_STATUS_IS_OK(status)) { + rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + } } status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, -- cgit From 077eaafed5ac61d5091b35c9fc7d7c768fd67ad3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 18:46:07 +0100 Subject: Add error_string to libnetjoin and libnetunjoin structures incl. set functions. Guenther (This used to be commit 4f9985bb33aa5973e6b685a45039c8e227487db1) --- source3/libnet/libnet_join.c | 36 ++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 2 ++ 2 files changed, 38 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 36d5c0a889..95088606a2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -22,6 +22,42 @@ #include "libnet/libnet_join.h" #include "libnet/libnet_proto.h" +/**************************************************************** +****************************************************************/ + +static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + const char *format, ...) +{ + va_list args; + char *tmp = NULL; + + va_start(args, format); + tmp = talloc_vasprintf(mem_ctx, format, args); + va_end(args); + + TALLOC_FREE(r->out.error_string); + r->out.error_string = tmp; +} + +/**************************************************************** +****************************************************************/ + +static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r, + const char *format, ...) +{ + va_list args; + char *tmp = NULL; + + va_start(args, format); + tmp = talloc_vasprintf(mem_ctx, format, args); + va_end(args); + + TALLOC_FREE(r->out.error_string); + r->out.error_string = tmp; +} + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 9e7b8a9813..ac1fe6efcb 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -44,6 +44,7 @@ struct libnet_JoinCtx { struct dom_sid *domain_sid; bool modified_config; WERROR result; + char *error_string; } out; }; @@ -61,6 +62,7 @@ struct libnet_UnjoinCtx { struct { bool modified_config; WERROR result; + char *error_string; } out; }; -- cgit From 60555e66dd06f74316e05b59aec8943f5b0a62fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 18:58:04 +0100 Subject: Add ADS_STRUCTs to libnetjoin and -unjoin, with talloc destructors. Guenther (This used to be commit 985d45206990988894e05ea6fb0aacc7396a6db4) --- source3/libnet/libnet_join.c | 137 +++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 3 + 2 files changed, 140 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 95088606a2..7c8b395cd3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,6 +58,103 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, + const char *netbios_domain_name, + const char *dc_name, + const char *user_name, + const char *password, + ADS_STRUCT **ads) +{ + ADS_STATUS status; + ADS_STRUCT *my_ads = NULL; + + my_ads = ads_init(dns_domain_name, + netbios_domain_name, + dc_name); + if (!my_ads) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + if (user_name) { + SAFE_FREE(my_ads->auth.user_name); + my_ads->auth.user_name = SMB_STRDUP(user_name); + } + + if (password) { + SAFE_FREE(my_ads->auth.password); + my_ads->auth.password = SMB_STRDUP(password); + } + + status = ads_connect(my_ads); + if (!ADS_ERR_OK(status)) { + ads_destroy(&my_ads); + return status; + } + + *ads = my_ads; + return ADS_SUCCESS; +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + status = libnet_connect_ads(r->in.domain_name, + r->in.domain_name, + r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + &r->in.ads); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to connect to AD: %s\n", + ads_errstr(status)); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + ADS_STATUS status; + + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + status = libnet_connect_ads(r->in.domain_name, + r->in.domain_name, + r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + &r->in.ads); + if (!ADS_ERR_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to connect to AD: %s\n", + ads_errstr(status)); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -484,6 +581,33 @@ static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + +static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) +{ + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + return 0; +} + +/**************************************************************** +****************************************************************/ + +static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) +{ + if (r->in.ads) { + ads_destroy(&r->in.ads); + } + + return 0; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { @@ -494,11 +618,19 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, return WERR_NOMEM; } + talloc_set_destructor(ctx, libnet_destroy_JoinCtx); + + ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); + W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + *r = ctx; return WERR_OK; } +/**************************************************************** +****************************************************************/ + WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { @@ -509,6 +641,11 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, return WERR_NOMEM; } + talloc_set_destructor(ctx, libnet_destroy_UnjoinCtx); + + ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); + W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + *r = ctx; return WERR_OK; diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index ac1fe6efcb..b2e59b99c9 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -34,6 +34,7 @@ struct libnet_JoinCtx { const char *os_string; const char *upn; bool modify_config; + struct ads_struct *ads; } in; struct { @@ -51,12 +52,14 @@ struct libnet_JoinCtx { struct libnet_UnjoinCtx { struct { const char *dc_name; + const char *machine_name; const char *domain_name; const char *admin_account; const char *admin_password; uint32_t unjoin_flags; bool modify_config; struct dom_sid *domain_sid; + struct ads_struct *ads; } in; struct { -- cgit From 0bbc04d5164858ed91353600ee068715a272568b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:07:38 +0100 Subject: Rearrange libnet join code and add support for account pre-creation in AD. Guenther (This used to be commit 18ae8580420c37aa4b189eb5ce53cc65a9827d95) --- source3/libnet/libnet_join.c | 112 ++++++++++++++++++++++++++++++++++++++----- 1 file changed, 100 insertions(+), 12 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7c8b395cd3..1d52b81a75 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -155,6 +155,39 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + const char *attrs[] = { "dn", NULL }; + + status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (ads_count_replies(r->in.ads, res) != 1) { + ads_msgfree(r->in.ads, res); + return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT); + } + + status = ads_create_machine_acct(r->in.ads, + r->in.machine_name, + r->in.account_ou); + ads_msgfree(r->in.ads, res); + + if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc == LDAP_ALREADY_EXISTS)) { + status = ADS_SUCCESS; + } + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -174,6 +207,9 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** +****************************************************************/ + static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -362,6 +398,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, return status; } +/**************************************************************** +****************************************************************/ + static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { @@ -376,6 +415,9 @@ static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** +****************************************************************/ + static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { @@ -481,6 +523,9 @@ done: return status; } +/**************************************************************** +****************************************************************/ + static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; @@ -519,6 +564,9 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; @@ -534,6 +582,8 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) { @@ -558,6 +608,9 @@ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) return werr; } +/**************************************************************** +****************************************************************/ + static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) { WERROR werr; @@ -651,11 +704,54 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, return WERR_OK; } +/**************************************************************** +****************************************************************/ + +static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + NTSTATUS status; + ADS_STATUS ads_status; + + if (r->in.account_ou) { + ads_status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + return WERR_GENERAL_FAILURE; + } + ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to precreate account in ou %s: %s\n", + r->in.account_ou, + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; + } + + status = libnet_join_joindomain_rpc(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + return WERR_SETUP_ALREADY_JOINED; + } + return ntstatus_to_werror(status); + } + + if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { + return WERR_SETUP_NOT_JOINED; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Join(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { WERROR werr; - NTSTATUS status; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -670,17 +766,9 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, } if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - - status = libnet_join_joindomain_rpc(mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - return WERR_SETUP_ALREADY_JOINED; - } - return ntstatus_to_werror(status); - } - - if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { - return WERR_SETUP_NOT_JOINED; + werr = libnet_DomainJoin(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; } } -- cgit From 5b5f17a81d76b4675a4a0f09f92dddbc3a221673 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:11:26 +0100 Subject: Honor the WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE flag when unjoining from AD. Guenther (This used to be commit ed164b523e63c3ebf2c822a00a877ef169738a3a) --- source3/libnet/libnet_join.c | 66 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 56 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1d52b81a75..627558d4a9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -188,6 +188,24 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + ADS_STATUS status; + + if (!r->in.ads) { + status = libnet_unjoin_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + return ads_leave_realm(r->in.ads, r->in.machine_name); +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -780,27 +798,55 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, return werr; } +/**************************************************************** +****************************************************************/ + +static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + NTSTATUS status; + + status = libnet_join_unjoindomain_rpc(mem_ctx, r); + if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { + return WERR_SETUP_NOT_JOINED; + } + return ntstatus_to_werror(status); + } + + if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { + ADS_STATUS ads_status; + libnet_unjoin_connect_ads(mem_ctx, r); + ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to remove machine account from AD: %s\n", + ads_errstr(ads_status)); + } + } + + libnet_join_unjoindomain_remove_secrets(mem_ctx, r); + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { WERROR werr; - NTSTATUS status; if (r->in.modify_config && !lp_include_registry_globals()) { return WERR_NOT_SUPPORTED; } if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - - status = libnet_join_unjoindomain_rpc(mem_ctx, r); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { - return WERR_SETUP_NOT_JOINED; - } - return ntstatus_to_werror(status); + werr = libnet_DomainUnjoin(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + return werr; } - - libnet_join_unjoindomain_remove_secrets(mem_ctx, r); } werr = do_UnjoinConfig(r); -- cgit From d66118629cccf01799ecdbcd73a944903908a64c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 19:31:20 +0100 Subject: Add libnet_join_find_machine_acct(). Guenther (This used to be commit f550ed02ff9e0546c63064ab9dac760eac7e1e16) --- source3/libnet/libnet_join.c | 46 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 627558d4a9..bc775a9d40 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -206,6 +206,52 @@ static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + LDAPMessage *res = NULL; + char *dn = NULL; + + if (!r->in.machine_name) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + status = ads_find_machine_acct(r->in.ads, + &res, + r->in.machine_name); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (ads_count_replies(r->in.ads, res) != 1) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + dn = ads_get_dn(r->in.ads, res); + if (!dn) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + TALLOC_FREE(r->out.dn); + r->out.dn = talloc_strdup(mem_ctx, dn); + if (!r->out.dn) { + status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); + goto done; + } + + done: + ads_msgfree(r->in.ads, res); + ads_memfree(r->in.ads, dn); + + return status; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { -- cgit From 60eb92478c58ae3c68b691c62e6bc7cb6518c679 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:16:57 +0100 Subject: Merge remaining post-AD-join functions from net into libnet_join. Guenther (This used to be commit 3e816d7555218192881d79645fca26981a7099c7) --- source3/libnet/libnet_join.c | 184 +++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_join.h | 3 +- 2 files changed, 186 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bc775a9d40..4149116833 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -252,6 +252,190 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + fstring my_fqdn; + const char *spn_array[3] = {NULL, NULL, NULL}; + char *spn = NULL; + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); + if (!spn) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + strupper_m(spn); + spn_array[0] = spn; + + if (name_to_fqdn(my_fqdn, r->in.machine_name) && + !strequal(my_fqdn, r->in.machine_name)) { + + strlower_m(my_fqdn); + spn = talloc_asprintf(mem_ctx, "HOST/%s", my_fqdn); + if (!spn) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + spn_array[1] = spn; + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_strlist(mem_ctx, &mods, "servicePrincipalName", + spn_array); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + + if (!r->in.create_upn) { + return ADS_SUCCESS; + } + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + if (!r->in.upn) { + r->in.upn = talloc_asprintf(mem_ctx, + "host/%s@%s", + r->in.machine_name, + r->out.dns_domain_name); + if (!r->in.upn) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", r->in.upn); + if (!ADS_ERR_OK(status)) { + return ADS_ERROR_LDAP(LDAP_NO_MEMORY); + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + + +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + ADS_MODLIST mods; + char *os_sp = NULL; + + if (!r->in.os_name || !r->in.os_version ) { + return ADS_SUCCESS; + } + + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + + status = libnet_join_find_machine_acct(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + + mods = ads_init_mods(mem_ctx); + if (!mods) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + os_sp = talloc_asprintf(mem_ctx, "Samba %s", SAMBA_VERSION_STRING); + if (!os_sp) { + return ADS_ERROR(LDAP_NO_MEMORY); + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystem", + r->in.os_name); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystemVersion", + r->in.os_version); + if (!ADS_ERR_OK(status)) { + return status; + } + + status = ads_mod_str(mem_ctx, &mods, "operatingSystemServicePack", + os_sp); + if (!ADS_ERR_OK(status)) { + return status; + } + + return ads_gen_mod(r->in.ads, r->out.dn, mods); +} + +/**************************************************************** +****************************************************************/ + +static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + if (!lp_use_kerberos_keytab()) { + return true; + } + + if (!ads_keytab_create_default(r->in.ads)) { + return false; + } + + return true; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index b2e59b99c9..c6a0cd183c 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -31,7 +31,8 @@ struct libnet_JoinCtx { const char *machine_password; uint32_t join_flags; const char *os_version; - const char *os_string; + const char *os_name; + bool create_upn; const char *upn; bool modify_config; struct ads_struct *ads; -- cgit From ec75d53dfc6b678f1270927864dae621e63b11c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:20:03 +0100 Subject: Finally use libnet_join_set_* functions in libnetjoin. Guenther (This used to be commit 1436670854ae635cfa2a69939d3ac31da87c3f66) --- source3/libnet/libnet_join.c | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4149116833..94fa62e47b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -990,6 +990,36 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } + ads_status = libnet_join_set_machine_spn(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine spn: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + ads_status = libnet_join_set_os_attributes(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine os attributes: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + ads_status = libnet_join_set_machine_upn(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine upn: %s\n", + ads_errstr(ads_status)); + return WERR_GENERAL_FAILURE; + } + + if (!libnet_join_create_keytab(mem_ctx, r)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to create kerberos keytab\n"); + return WERR_GENERAL_FAILURE; + } + return WERR_OK; } -- cgit From d5dec339043875e98cbceadf3cbd0d1b39c9b463 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:41:55 +0100 Subject: There is no LDAP in some corners of this world. Fix the build... Guenther (This used to be commit 83ed37023c2be4c6b4d99d8117ac8438a413112c) --- source3/libnet/libnet_join.c | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 94fa62e47b..5c64778da3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,6 +58,8 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } +#ifdef WITH_LDAP + /**************************************************************** ****************************************************************/ @@ -416,6 +418,8 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ads_gen_mod(r->in.ads, r->out.dn, mods); } +#endif + /**************************************************************** ****************************************************************/ @@ -426,10 +430,11 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } +#ifdef WITH_ADS if (!ads_keytab_create_default(r->in.ads)) { return false; } - +#endif return true; } @@ -959,6 +964,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; +#ifdef WITH_LDAP ADS_STATUS ads_status; if (r->in.account_ou) { @@ -977,7 +983,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; } - +#endif status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -990,6 +996,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } +#ifdef WITH_LDAP ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1013,7 +1020,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } - +#endif if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, "failed to create kerberos keytab\n"); @@ -1074,6 +1081,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } +#ifdef WITH_LDAP if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; libnet_unjoin_connect_ads(mem_ctx, r); @@ -1084,7 +1092,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); } } - +#endif libnet_join_unjoindomain_remove_secrets(mem_ctx, r); return WERR_OK; -- cgit From c8abd25d94fba0df62136c33837ddfcdaa459a66 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Jan 2008 20:56:34 +0100 Subject: Trying to make the buildfarm w/o krb5 happy. Guenther (This used to be commit 079f2eba81886707ea4b18f103e097dbac994b2f) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 5c64778da3..f4c0dfa2c2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -430,7 +430,7 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } -#ifdef WITH_ADS +#ifdef WITH_KRB5 if (!ads_keytab_create_default(r->in.ads)) { return false; } -- cgit From c6576503c9298f1123ac4902e2b72453745d3566 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 11:46:11 +0100 Subject: When unjoining fails (e.g. missing creds) make sure we still correct config. Guenther (This used to be commit 7f51583f681b1acc9bfbab6ee0e2d1c13d2c4ca4) --- source3/libnet/libnet_join.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f4c0dfa2c2..05ab184cec 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1075,6 +1075,9 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to unjoin domain: %s\n", + nt_errstr(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { return WERR_SETUP_NOT_JOINED; } @@ -1113,6 +1116,7 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_DomainUnjoin(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { + do_UnjoinConfig(r); return werr; } } -- cgit From 697208406cd5b669d76265f753097faa761df9c8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 14:03:12 +0100 Subject: Fix define check s/WITH_LDAP/HAVE_LDAP/ in libnet_join. Guenther (This used to be commit 045a69c59c3b0732bb12a8b0efc8c9675e811719) --- source3/libnet/libnet_join.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 05ab184cec..454c1f29fb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,7 +58,7 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP /**************************************************************** ****************************************************************/ @@ -964,7 +964,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; -#ifdef WITH_LDAP +#ifdef HAVE_LDAP ADS_STATUS ads_status; if (r->in.account_ou) { @@ -996,7 +996,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1084,7 +1084,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } -#ifdef WITH_LDAP +#ifdef HAVE_LDAP if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; libnet_unjoin_connect_ads(mem_ctx, r); -- cgit From 22068a0c167b27cf1d74a32ac516df25dce0f70a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 9 Jan 2008 01:17:13 +0100 Subject: Change registry_create_admin_token() to return NTSTATUS. Michael (This used to be commit 9cd30fb25c42e79946b5140994d0bf2ef4c62f90) --- source3/libnet/libnet_conf.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index c8e55a70b2..d0ef6eb0e6 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -87,7 +87,7 @@ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, struct registry_key **key) { WERROR werr = WERR_OK; - NT_USER_TOKEN *token; + NT_USER_TOKEN *token = NULL; TALLOC_CTX *tmp_ctx = NULL; if (path == NULL) { @@ -109,11 +109,9 @@ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, goto done; } - token = registry_create_admin_token(tmp_ctx); - if (token == NULL) { + werr = ntstatus_to_werror(registry_create_admin_token(tmp_ctx, &token)); + if (W_ERROR_IS_OK(werr)) { DEBUG(1, ("Error creating admin token\n")); - /* what is the appropriate error code here? */ - werr = WERR_CAN_NOT_COMPLETE; goto done; } -- cgit From ba922343dbfbdcc9a43e540051853c7877b21de1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 8 Jan 2008 18:59:57 +0100 Subject: Add libnet_join_derive_salting_principal(). Guenther (This used to be commit 95129a28cfa57d8e5bd767b92f065abd1d32a569) --- source3/libnet/libnet_join.c | 55 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 454c1f29fb..d139fa04a1 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -438,6 +438,57 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } +#ifdef HAVE_LDAP + +/**************************************************************** +****************************************************************/ + +static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + uint32_t domain_func; + ADS_STATUS status; + const char *salt = NULL; + char *std_salt = NULL; + + status = ads_domain_func_level(r->in.ads, &domain_func); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "Failed to determine domain functional level!\n"); + return false; + } + + std_salt = kerberos_standard_des_salt(); + if (!std_salt) { + libnet_join_set_error_string(mem_ctx, r, + "failed to obtain standard DES salt\n"); + return false; + } + + salt = talloc_strdup(mem_ctx, std_salt); + if (!salt) { + return false; + } + + SAFE_FREE(std_salt); + + if (domain_func == DS_DOMAIN_FUNCTION_2000) { + char *upn; + + upn = ads_get_upn(r->in.ads, mem_ctx, + r->in.machine_name); + if (upn) { + salt = talloc_strdup(mem_ctx, upn); + if (!salt) { + return false; + } + } + } + + return kerberos_secrets_store_des_salt(salt); +} +#endif + /**************************************************************** ****************************************************************/ @@ -1020,6 +1071,10 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } + + if (!libnet_join_derive_salting_principal(mem_ctx, r)) { + return WERR_GENERAL_FAILURE; + } #endif if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, -- cgit From fbd9a15996ba4beb48c12a5632ca812e862e984c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 9 Jan 2008 12:47:13 +0100 Subject: Another attempt to fix builds w/o ldap and/or krb5. Guenther (This used to be commit e73e3da772bd024f1d74fc41b832f181ba5c43bd) --- source3/libnet/libnet_join.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d139fa04a1..1bb2a82959 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -418,7 +418,7 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ads_gen_mod(r->in.ads, r->out.dn, mods); } -#endif +#endif /* HAVE_LDAP */ /**************************************************************** ****************************************************************/ @@ -429,16 +429,15 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, if (!lp_use_kerberos_keytab()) { return true; } - -#ifdef WITH_KRB5 +#ifdef HAVE_KRB5 if (!ads_keytab_create_default(r->in.ads)) { return false; } -#endif +#endif /* HAVE_KRB5 */ return true; } -#ifdef HAVE_LDAP +#ifdef HAVE_KRB5 /**************************************************************** ****************************************************************/ @@ -487,7 +486,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, return kerberos_secrets_store_des_salt(salt); } -#endif + +#endif /* HAVE_KRB5 */ /**************************************************************** ****************************************************************/ @@ -1034,7 +1034,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; } -#endif +#endif /* HAVE_LDAP */ status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -1075,7 +1075,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (!libnet_join_derive_salting_principal(mem_ctx, r)) { return WERR_GENERAL_FAILURE; } -#endif +#endif /* HAVE_LDAP */ if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, "failed to create kerberos keytab\n"); @@ -1150,7 +1150,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); } } -#endif +#endif /* HAVE_LDAP */ libnet_join_unjoindomain_remove_secrets(mem_ctx, r); return WERR_OK; -- cgit From 1c4466cedcab04b9188569238a1e795629f3a007 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 9 Jan 2008 23:15:56 +0100 Subject: Try to fix the build on hosts that HAVE_LDAP but don't HAVE_KRB5. Michael (This used to be commit 829de79051cd1d1cc67c4c40fdc8e08c44450a09) --- source3/libnet/libnet_join.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1bb2a82959..8e6d91b38b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1072,9 +1072,12 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_GENERAL_FAILURE; } +#ifdef HAVE_KRB5 if (!libnet_join_derive_salting_principal(mem_ctx, r)) { return WERR_GENERAL_FAILURE; } +#endif /* HAVE_KRB5 */ + #endif /* HAVE_LDAP */ if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, -- cgit From 28b852a893a439482991d84373fb083fb81fd4ea Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 14:40:06 +0100 Subject: Add domain_is_ad bool to libnetjoin ctx. Guenther (This used to be commit 16ca8d2746a5c2fc7a583d1cf2ebb4d3aa003842) --- source3/libnet/libnet_join.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index c6a0cd183c..95b965717e 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -47,6 +47,7 @@ struct libnet_JoinCtx { bool modified_config; WERROR result; char *error_string; + bool domain_is_ad; } out; }; -- cgit From 136b02de5e7ed05d144083ac1f0b9f7cbeee488c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 14:41:34 +0100 Subject: Use domain_is_ad bool. Guenther (This used to be commit 9707a5eb008788460937104575b7afd733a9f741) --- source3/libnet/libnet_join.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 8e6d91b38b..3bc1464f18 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -575,6 +575,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NULL, &r->out.domain_sid); + if (NT_STATUS_IS_OK(status)) { + r->out.domain_is_ad = true; + } + if (!NT_STATUS_IS_OK(status)) { status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol, 5, @@ -833,7 +837,6 @@ done: static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; - bool is_ad = false; if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { @@ -845,10 +848,6 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) return werr; } - if (r->out.dns_domain_name) { - is_ad = true; - } - werr = libnet_conf_set_global_parameter("security", "domain"); W_ERROR_NOT_OK_RETURN(werr); @@ -856,7 +855,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) r->out.netbios_domain_name); W_ERROR_NOT_OK_RETURN(werr); - if (is_ad) { + if (r->out.domain_is_ad) { werr = libnet_conf_set_global_parameter("security", "ads"); W_ERROR_NOT_OK_RETURN(werr); -- cgit From 2c591e05c983bc30ebfb729226454c4c380eaf70 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 14:42:48 +0100 Subject: Remove some more references to global_myname() in libnet_join. Guenther (This used to be commit ed4960baccf687b77c2b0f4ee64cbce2005f3abb) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3bc1464f18..4fec5ac294 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -611,7 +611,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); + acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); const_acct_name = acct_name; @@ -773,7 +773,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - acct_name = talloc_asprintf(mem_ctx, "%s$", global_myname()); + acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); const_acct_name = acct_name; -- cgit From 2bcba87572a290d8d0281604b80355af9abf66e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 14:43:56 +0100 Subject: Ignore result of libnet_conf_delete_parameter here, as realm may be not there. Guenther (This used to be commit 2e2d058b7e90a158612af4b0a489578431f748e5) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4fec5ac294..2c60f99d79 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -880,7 +880,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) W_ERROR_NOT_OK_RETURN(werr); } - werr = libnet_conf_delete_parameter(GLOBAL_NAME, "realm"); + libnet_conf_delete_parameter(GLOBAL_NAME, "realm"); return werr; } -- cgit From 55b642c31213d0fb8a22d14759a948f2e2d8aa45 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 14:50:10 +0100 Subject: Set error string when ads_leave_realm() has failed in libnetjoin. Guenther (This used to be commit 01690f85bc7d052d4c57181d74aef27d1776169c) --- source3/libnet/libnet_join.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2c60f99d79..46ebadbaee 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -202,7 +202,15 @@ static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, } } - return ads_leave_realm(r->in.ads, r->in.machine_name); + status = ads_leave_realm(r->in.ads, r->in.machine_name); + if (!ADS_ERR_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to leave realm: %s\n", + ads_errstr(status)); + return status; + } + + return ADS_SUCCESS; } /**************************************************************** -- cgit From 026b2a8d0a95112dc75e5b909b57580d7d032951 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 15:03:31 +0100 Subject: Remove '\n' from error strings in libnet_join context. Guenther (This used to be commit 9cc0d874f6c064e8752d36e72fcc85bf4c85e656) --- source3/libnet/libnet_join.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 46ebadbaee..1df85ebb61 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -120,7 +120,7 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, &r->in.ads); if (!ADS_ERR_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to connect to AD: %s\n", + "failed to connect to AD: %s", ads_errstr(status)); } @@ -147,7 +147,7 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, &r->in.ads); if (!ADS_ERR_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to connect to AD: %s\n", + "failed to connect to AD: %s", ads_errstr(status)); } @@ -205,7 +205,7 @@ static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, status = ads_leave_realm(r->in.ads, r->in.machine_name); if (!ADS_ERR_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to leave realm: %s\n", + "failed to leave realm: %s", ads_errstr(status)); return status; } @@ -461,14 +461,14 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, status = ads_domain_func_level(r->in.ads, &domain_func); if (!ADS_ERR_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "Failed to determine domain functional level!\n"); + "Failed to determine domain functional level!"); return false; } std_salt = kerberos_standard_des_salt(); if (!std_salt) { libnet_join_set_error_string(mem_ctx, r, - "failed to obtain standard DES salt\n"); + "failed to obtain standard DES salt"); return false; } @@ -1033,7 +1033,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to precreate account in ou %s: %s\n", + "failed to precreate account in ou %s: %s", r->in.account_ou, ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; @@ -1058,7 +1058,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to set machine spn: %s\n", + "failed to set machine spn: %s", ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } @@ -1066,7 +1066,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_status = libnet_join_set_os_attributes(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to set machine os attributes: %s\n", + "failed to set machine os attributes: %s", ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } @@ -1074,7 +1074,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, ads_status = libnet_join_set_machine_upn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to set machine upn: %s\n", + "failed to set machine upn: %s", ads_errstr(ads_status)); return WERR_GENERAL_FAILURE; } @@ -1088,7 +1088,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, #endif /* HAVE_LDAP */ if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, - "failed to create kerberos keytab\n"); + "failed to create kerberos keytab"); return WERR_GENERAL_FAILURE; } @@ -1141,7 +1141,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to unjoin domain: %s\n", + "failed to unjoin domain: %s", nt_errstr(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { return WERR_SETUP_NOT_JOINED; @@ -1156,7 +1156,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, ads_status = libnet_unjoin_remove_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to remove machine account from AD: %s\n", + "failed to remove machine account from AD: %s", ads_errstr(ads_status)); } } -- cgit From 618f9a60cc60bceb40eed31fbd845db18ccbaee4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 11 Jan 2008 18:55:20 +0100 Subject: Fix panic in "net conf": Fix logic in error condition. Michael (This used to be commit 83aed537c16f632599484f60c5ccebc3ab713801) --- source3/libnet/libnet_conf.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index d0ef6eb0e6..dcb80d96ea 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -110,7 +110,7 @@ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, } werr = ntstatus_to_werror(registry_create_admin_token(tmp_ctx, &token)); - if (W_ERROR_IS_OK(werr)) { + if (!W_ERROR_IS_OK(werr)) { DEBUG(1, ("Error creating admin token\n")); goto done; } @@ -420,6 +420,48 @@ done: * **********************************************************************/ +/** + * Open the configuration. + * + * Upon success, this creates and returns the conf context + * that should be passed around in subsequent calls to the other + * libnet_conf functions. + */ +WERROR libnet_conf_open(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx **conf_ctx) +{ + WERROR werr = WERR_OK; + struct libnet_conf_ctx *ctx; + + if (conf_ctx == NULL) { + return WERR_INVALID_PARAM; + } + + ctx = talloc_zero(mem_ctx, struct libnet_conf_ctx); + if (ctx == NULL) { + return WERR_NOMEM; + } + + talloc_set_destructor(ctx, libnet_conf_destrox_ctx); + + ctx->token = registry_create_admin_token(tmp_ctx); + if (ctx->token == NULL) { + DEBUG(1, ("Error creating admin token\n")); + /* what is the appropriate error code here? */ + werr = WERR_CAN_NOT_COMPLETE; + goto done; + } + + +} + +/** + * Close the configuration. + */ +WERROR libnet_conf_close(struct libnet_conf_ctx *ctx) +{ + regdb_close(); +} + /** * Drop the whole configuration (restarting empty). */ -- cgit From 9cd74303478ac15b4357fb7f76d9576fe9a060a1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 11 Jan 2008 19:02:26 +0100 Subject: Remove code accidentially submittet with last commit 83aed537c16f63. This is ist still in preparation and will follow soon. Soory! Michael (This used to be commit 75acdb54a454ffda9d422fcafb573c8f5581d2e8) --- source3/libnet/libnet_conf.c | 42 ------------------------------------------ 1 file changed, 42 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index dcb80d96ea..0bdf4805d7 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -420,48 +420,6 @@ done: * **********************************************************************/ -/** - * Open the configuration. - * - * Upon success, this creates and returns the conf context - * that should be passed around in subsequent calls to the other - * libnet_conf functions. - */ -WERROR libnet_conf_open(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx **conf_ctx) -{ - WERROR werr = WERR_OK; - struct libnet_conf_ctx *ctx; - - if (conf_ctx == NULL) { - return WERR_INVALID_PARAM; - } - - ctx = talloc_zero(mem_ctx, struct libnet_conf_ctx); - if (ctx == NULL) { - return WERR_NOMEM; - } - - talloc_set_destructor(ctx, libnet_conf_destrox_ctx); - - ctx->token = registry_create_admin_token(tmp_ctx); - if (ctx->token == NULL) { - DEBUG(1, ("Error creating admin token\n")); - /* what is the appropriate error code here? */ - werr = WERR_CAN_NOT_COMPLETE; - goto done; - } - - -} - -/** - * Close the configuration. - */ -WERROR libnet_conf_close(struct libnet_conf_ctx *ctx) -{ - regdb_close(); -} - /** * Drop the whole configuration (restarting empty). */ -- cgit From fbd6d14fc8b0e459d9f105989c449ef9f3f98c79 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 18:49:20 +0100 Subject: Use domain_is_ad one more time in libnetjoin. Guenther (This used to be commit 82bd6322b691506ddea2b274973e614fa8c6ee5e) --- source3/libnet/libnet_join.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1df85ebb61..ea92059fb4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -678,14 +678,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); acb_info |= ACB_PWNOEXP; -#if 0 - if ( dom_type == ND_TYPE_AD ) { + if (r->out.domain_is_ad) { #if !defined(ENCTYPE_ARCFOUR_HMAC) acb_info |= ACB_USE_DES_KEY_ONLY; #endif ;; } -#endif + ZERO_STRUCT(ctr); ZERO_STRUCT(p25); -- cgit From 9d164c409442c54a17791865b77f6b5b3d136d80 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 11 Jan 2008 18:51:15 +0100 Subject: Add debug bool flag for libnetjoin ctx. Guenther (This used to be commit 93084487952f4ef23209401d689b3be3af6c9e6e) --- source3/libnet/libnet_join.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h index 95b965717e..c47e8d934c 100644 --- a/source3/libnet/libnet_join.h +++ b/source3/libnet/libnet_join.h @@ -36,6 +36,7 @@ struct libnet_JoinCtx { const char *upn; bool modify_config; struct ads_struct *ads; + bool debug; } in; struct { -- cgit From 8921b2222a9e2db9e185486b247fb5fca448971d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 01:28:20 +0100 Subject: Auto-add missing shares in libnet_conf_set_parameter(). Michael, please have a look. Guenther (This used to be commit 9f4506e5e2828e0f23bc37586770995c3424b208) --- source3/libnet/libnet_conf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 0bdf4805d7..47b4800d80 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -719,8 +719,10 @@ WERROR libnet_conf_set_parameter(const char *service, TALLOC_CTX *mem_ctx = talloc_stackframe(); if (!libnet_conf_share_exists(service)) { - werr = WERR_NO_SUCH_SERVICE; - goto done; + werr = libnet_conf_create_share(service); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } } werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_WRITE, -- cgit From a05edb57e753c567c6310d435439c29658cdd089 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:10:17 +0100 Subject: Use WITH_ADS define in libnet_join, hopefully not breaking the build. Guenther (This used to be commit 48f638a45525c01db9855e3ef809f08ce65da8d8) --- source3/libnet/libnet_join.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index ea92059fb4..689d8def35 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -58,7 +58,7 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, r->out.error_string = tmp; } -#ifdef HAVE_LDAP +#ifdef WITH_ADS /**************************************************************** ****************************************************************/ @@ -426,8 +426,6 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ads_gen_mod(r->in.ads, r->out.dn, mods); } -#endif /* HAVE_LDAP */ - /**************************************************************** ****************************************************************/ @@ -437,16 +435,14 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, if (!lp_use_kerberos_keytab()) { return true; } -#ifdef HAVE_KRB5 + if (!ads_keytab_create_default(r->in.ads)) { return false; } -#endif /* HAVE_KRB5 */ + return true; } -#ifdef HAVE_KRB5 - /**************************************************************** ****************************************************************/ @@ -495,7 +491,7 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, return kerberos_secrets_store_des_salt(salt); } -#endif /* HAVE_KRB5 */ +#endif /* WITH_ADS */ /**************************************************************** ****************************************************************/ @@ -1021,7 +1017,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; -#ifdef HAVE_LDAP +#ifdef WITH_ADS ADS_STATUS ads_status; if (r->in.account_ou) { @@ -1040,7 +1036,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; } -#endif /* HAVE_LDAP */ +#endif /* WITH_ADS */ status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -1053,7 +1049,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_SETUP_NOT_JOINED; } -#ifdef HAVE_LDAP +#ifdef WITH_ADS ads_status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1078,13 +1074,11 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_GENERAL_FAILURE; } -#ifdef HAVE_KRB5 if (!libnet_join_derive_salting_principal(mem_ctx, r)) { return WERR_GENERAL_FAILURE; } -#endif /* HAVE_KRB5 */ +#endif /* WITH_ADS */ -#endif /* HAVE_LDAP */ if (!libnet_join_create_keytab(mem_ctx, r)) { libnet_join_set_error_string(mem_ctx, r, "failed to create kerberos keytab"); @@ -1148,7 +1142,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } -#ifdef HAVE_LDAP +#ifdef WITH_ADS if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; libnet_unjoin_connect_ads(mem_ctx, r); @@ -1159,7 +1153,8 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, ads_errstr(ads_status)); } } -#endif /* HAVE_LDAP */ +#endif /* WITH_ADS */ + libnet_join_unjoindomain_remove_secrets(mem_ctx, r); return WERR_OK; -- cgit From e69c82eb44bce37e882677b47bdb092b99670bd6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:15:42 +0100 Subject: Merge all ads related calls in libnet_join_post_processing_ads(). Guenther (This used to be commit b76250f1cf7238613658901b961d68a0da592712) --- source3/libnet/libnet_join.c | 81 +++++++++++++++++++++++++++----------------- 1 file changed, 49 insertions(+), 32 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 689d8def35..b2522e9b58 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -491,6 +491,50 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, return kerberos_secrets_store_des_salt(salt); } +/**************************************************************** +****************************************************************/ + +static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + ADS_STATUS status; + + status = libnet_join_set_machine_spn(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine spn: %s", + ads_errstr(status)); + return status; + } + + status = libnet_join_set_os_attributes(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine os attributes: %s", + ads_errstr(status)); + return status; + } + + status = libnet_join_set_machine_upn(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to set machine upn: %s", + ads_errstr(status)); + return status; + } + + if (!libnet_join_derive_salting_principal(mem_ctx, r)) { + return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); + } + + if (!libnet_join_create_keytab(mem_ctx, r)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to create kerberos keytab"); + return ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); + } + + return ADS_SUCCESS; +} #endif /* WITH_ADS */ /**************************************************************** @@ -1050,41 +1094,14 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, } #ifdef WITH_ADS - ads_status = libnet_join_set_machine_spn(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { - libnet_join_set_error_string(mem_ctx, r, - "failed to set machine spn: %s", - ads_errstr(ads_status)); - return WERR_GENERAL_FAILURE; - } - - ads_status = libnet_join_set_os_attributes(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { - libnet_join_set_error_string(mem_ctx, r, - "failed to set machine os attributes: %s", - ads_errstr(ads_status)); - return WERR_GENERAL_FAILURE; - } - - ads_status = libnet_join_set_machine_upn(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { - libnet_join_set_error_string(mem_ctx, r, - "failed to set machine upn: %s", - ads_errstr(ads_status)); - return WERR_GENERAL_FAILURE; - } - - if (!libnet_join_derive_salting_principal(mem_ctx, r)) { - return WERR_GENERAL_FAILURE; + if (r->out.domain_is_ad) { + ads_status = libnet_join_post_processing_ads(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + return WERR_GENERAL_FAILURE; + } } #endif /* WITH_ADS */ - if (!libnet_join_create_keytab(mem_ctx, r)) { - libnet_join_set_error_string(mem_ctx, r, - "failed to create kerberos keytab"); - return WERR_GENERAL_FAILURE; - } - return WERR_OK; } -- cgit From bc629c6faf5a575a39a31ffe6ced13165563ca29 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:17:10 +0100 Subject: For libnet_join error string functions, make sure not to overwrite last status string. Guenther (This used to be commit a9b76c9e2d93c8aa482dbee54f29d7e1503abe4f) --- source3/libnet/libnet_join.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b2522e9b58..fbbbb51bbc 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -30,14 +30,14 @@ static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx, const char *format, ...) { va_list args; - char *tmp = NULL; + + if (r->out.error_string) { + return; + } va_start(args, format); - tmp = talloc_vasprintf(mem_ctx, format, args); + r->out.error_string = talloc_vasprintf(mem_ctx, format, args); va_end(args); - - TALLOC_FREE(r->out.error_string); - r->out.error_string = tmp; } /**************************************************************** @@ -48,14 +48,14 @@ static void libnet_unjoin_set_error_string(TALLOC_CTX *mem_ctx, const char *format, ...) { va_list args; - char *tmp = NULL; + + if (r->out.error_string) { + return; + } va_start(args, format); - tmp = talloc_vasprintf(mem_ctx, format, args); + r->out.error_string = talloc_vasprintf(mem_ctx, format, args); va_end(args); - - TALLOC_FREE(r->out.error_string); - r->out.error_string = tmp; } #ifdef WITH_ADS -- cgit From 21ccb47044175128557766f36154e5eecd805318 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:19:21 +0100 Subject: Add appropriate error code when pre-creating accounts in ous isnt supported by DC. Guenther (This used to be commit 4a7acf4a2374138b20a5cdebdcc721668bbd865b) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index fbbbb51bbc..4c2e1301ab 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1067,7 +1067,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (r->in.account_ou) { ads_status = libnet_join_connect_ads(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { - return WERR_GENERAL_FAILURE; + return WERR_DEFAULT_JOIN_REQUIRED; } ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { @@ -1075,7 +1075,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, "failed to precreate account in ou %s: %s", r->in.account_ou, ads_errstr(ads_status)); - return WERR_GENERAL_FAILURE; + return WERR_DEFAULT_JOIN_REQUIRED; } r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; -- cgit From d4e5cadc1a9917190819bdebd0c14e8f3767503c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:20:33 +0100 Subject: Fix some error strings in libnet_join. Guenther (This used to be commit 8af80976a3a8dd9d02a6763e48b2c1d8003ae4dd) --- source3/libnet/libnet_join.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4c2e1301ab..a46b827257 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -457,7 +457,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, status = ads_domain_func_level(r->in.ads, &domain_func); if (!ADS_ERR_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "Failed to determine domain functional level!"); + "failed to determine domain functional level: %s", + ads_errstr(status)); return false; } @@ -1081,8 +1082,12 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, r->in.join_flags &= ~WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE; } #endif /* WITH_ADS */ + status = libnet_join_joindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to join domain over rpc: %s", + nt_errstr(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { return WERR_SETUP_ALREADY_JOINED; } -- cgit From afb163efb76da39aa24f2c71be44ac50419dd27d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:22:44 +0100 Subject: Call dsgetdcname when we have no specific dc defined for joining. Guenther (This used to be commit 40e8caa2d81168be3e48ececf5746d8f659a96d6) --- source3/libnet/libnet_join.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a46b827257..6ec89de15c 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1064,12 +1064,39 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, NTSTATUS status; #ifdef WITH_ADS ADS_STATUS ads_status; +#endif /* WITH_ADS */ + if (!r->in.dc_name) { + struct DS_DOMAIN_CONTROLLER_INFO *info; + status = dsgetdcname(mem_ctx, + NULL, + r->in.domain_name, + NULL, + NULL, + DS_DIRECTORY_SERVICE_REQUIRED | + DS_WRITABLE_REQUIRED | + DS_RETURN_DNS_NAME, + &info); + if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to find DC: %s", + nt_errstr(status)); + return WERR_DOMAIN_CONTROLLER_NOT_FOUND; + } + + r->in.dc_name = talloc_strdup(mem_ctx, + info->domain_controller_name); + W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); + } + +#ifdef WITH_ADS if (r->in.account_ou) { + ads_status = libnet_join_connect_ads(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { return WERR_DEFAULT_JOIN_REQUIRED; } + ads_status = libnet_join_precreate_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { libnet_join_set_error_string(mem_ctx, r, -- cgit From 45db92cc72eb2472425c17e72ff9254d35d8047c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Jan 2008 02:24:55 +0100 Subject: Fix some indents. Guenther (This used to be commit 57368f883fb217b4196858bb2255c0eea59a8917) --- source3/libnet/libnet_join.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6ec89de15c..9b62286ecb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -671,7 +671,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, 0xe005000b, &user_pol, &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { - if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { + if (!(r->in.join_flags & + WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { goto done; } } @@ -908,7 +909,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) W_ERROR_NOT_OK_RETURN(werr); werr = libnet_conf_set_global_parameter("realm", - r->out.dns_domain_name); + r->out.dns_domain_name); W_ERROR_NOT_OK_RETURN(werr); } -- cgit From 1ee6d3e1ee56554d83437a8c79cb169a26732154 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 01:40:05 +0100 Subject: Introduce a libnet_conf context created by libnet_conf_open(). The libnet_conf_ctx stores the information necessary to interoperate with the configuration. It is created by calling libnet_conf_open() and destroyed by calling libnet_conf_close(). The context is passed to all the libnet_conf functions. It currently stores the token to access the registry. Later, it could store more data, e.g. the server to connect to, credentials, and so on. For support of other backends than registry or support of remote configuration, only the open function will have to be changed. In net_conf, the calls to the actual net_conf functions is wrapped into a function that calls libnet_conf_open()/_close(). Thus an individual variant of net_conf_runfunction2() and functable2 is used to cope with functions being called by the wrapper with the additional libnet_conf_ctx argument. Michael (This used to be commit c2a9346faa26e79af5948197a1b322e545f0ed09) --- source3/libnet/libnet.h | 1 + source3/libnet/libnet_conf.c | 211 ++++++++++++++++++++++++++++--------------- source3/libnet/libnet_conf.h | 27 ++++++ source3/libnet/libnet_join.c | 58 ++++++++---- 4 files changed, 205 insertions(+), 92 deletions(-) create mode 100644 source3/libnet/libnet_conf.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index fa24c3b40a..d6238ca982 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -21,6 +21,7 @@ #define __LIBNET_H__ #include "libnet/libnet_join.h" +#include "libnet/libnet_conf.h" #include "libnet/libnet_proto.h" #endif diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 47b4800d80..8e44e4f525 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -21,11 +21,6 @@ #include "includes.h" #include "libnet/libnet.h" -/* - * yuck - static variable to keep track of the registry initialization. - */ -static bool registry_initialized = false; - /********************************************************************** * * Helper functions (mostly registry related) @@ -59,20 +54,21 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, return WERR_OK; } -static WERROR libnet_conf_reg_initialize(void) +static WERROR libnet_conf_reg_initialize(struct libnet_conf_ctx *ctx) { WERROR werr = WERR_OK; - if (registry_initialized) { - goto done; - } - if (!registry_init_regdb()) { werr = WERR_REG_IO_FAILURE; goto done; } - registry_initialized = true; + werr = ntstatus_to_werror(registry_create_admin_token(ctx, + &(ctx->token))); + if (!W_ERROR_IS_OK(werr)) { + DEBUG(1, ("Error creating admin token\n")); + goto done; + } done: return werr; @@ -82,40 +78,33 @@ done: * Open a registry key specified by "path" */ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, const char *path, uint32 desired_access, struct registry_key **key) { WERROR werr = WERR_OK; - NT_USER_TOKEN *token = NULL; - TALLOC_CTX *tmp_ctx = NULL; - if (path == NULL) { - DEBUG(1, ("Error: NULL path string given\n")); + if (ctx == NULL) { + DEBUG(1, ("Error: configuration is not open!\n")); werr = WERR_INVALID_PARAM; goto done; } - tmp_ctx = talloc_new(mem_ctx); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - werr = libnet_conf_reg_initialize(); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(1, ("Error initializing registry: %s\n", - dos_errstr(werr))); + if (ctx->token == NULL) { + DEBUG(1, ("Error: token missing from libnet_conf_ctx. " + "was libnet_conf_open() called?\n")); + werr = WERR_INVALID_PARAM; goto done; } - werr = ntstatus_to_werror(registry_create_admin_token(tmp_ctx, &token)); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(1, ("Error creating admin token\n")); + if (path == NULL) { + DEBUG(1, ("Error: NULL path string given\n")); + werr = WERR_INVALID_PARAM; goto done; } - werr = reg_open_path(mem_ctx, path, desired_access, token, key); + werr = reg_open_path(mem_ctx, path, desired_access, ctx->token, key); if (!W_ERROR_IS_OK(werr)) { DEBUG(1, ("Error opening registry path '%s': %s\n", @@ -123,14 +112,14 @@ static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, } done: - TALLOC_FREE(tmp_ctx); return werr; } /** * Open a subkey of KEY_SMBCONF (i.e a service) */ -static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *ctx, +static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, const char *servicename, uint32 desired_access, struct registry_key **key) @@ -144,9 +133,10 @@ static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *ctx, goto done; } - path = talloc_asprintf(ctx, "%s\\%s", KEY_SMBCONF, servicename); + path = talloc_asprintf(mem_ctx, "%s\\%s", KEY_SMBCONF, servicename); - werr = libnet_conf_reg_open_path(ctx, path, desired_access, key); + werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, desired_access, + key); done: TALLOC_FREE(path); @@ -156,11 +146,13 @@ done: /** * open the base key KEY_SMBCONF */ -static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *ctx, +static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, uint32 desired_access, struct registry_key **key) { - return libnet_conf_reg_open_path(ctx, KEY_SMBCONF, desired_access, key); + return libnet_conf_reg_open_path(mem_ctx, ctx, KEY_SMBCONF, + desired_access, key); } /** @@ -186,7 +178,8 @@ static bool libnet_conf_value_exists(struct registry_key *key, /** * create a subkey of KEY_SMBCONF */ -static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *ctx, +static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, const char * subkeyname, struct registry_key **newkey) { @@ -198,18 +191,18 @@ static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *ctx, /* create a new talloc ctx for creation. it will hold * the intermediate parent key (SMBCONF) for creation * and will be destroyed when leaving this function... */ - if (!(create_ctx = talloc_new(ctx))) { + if (!(create_ctx = talloc_new(mem_ctx))) { werr = WERR_NOMEM; goto done; } - werr = libnet_conf_reg_open_base_key(create_ctx, REG_KEY_WRITE, + werr = libnet_conf_reg_open_base_key(create_ctx, ctx, REG_KEY_WRITE, &create_parent); if (!W_ERROR_IS_OK(werr)) { goto done; } - werr = reg_createkey(ctx, create_parent, subkeyname, + werr = reg_createkey(mem_ctx, create_parent, subkeyname, REG_KEY_WRITE, newkey, &action); if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { DEBUG(10, ("Key '%s' already exists.\n", subkeyname)); @@ -414,16 +407,72 @@ done: return werr; } +static int libnet_conf_destroy_ctx(struct libnet_conf_ctx *ctx) +{ + return regdb_close(); +} + /********************************************************************** * * The actual net conf api functions, that are exported. * **********************************************************************/ +/** + * Open the configuration. + * + * This should be the first function in a sequence of calls to libnet_conf + * functions: + * + * Upon success, this creates and returns the conf context + * that should be passed around in subsequent calls to the other + * libnet_conf functions. + * + * After the work with the configuration is completed, libnet_conf_close() + * should be called. + */ +WERROR libnet_conf_open(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx **conf_ctx) +{ + WERROR werr = WERR_OK; + struct libnet_conf_ctx *ctx; + + if (conf_ctx == NULL) { + return WERR_INVALID_PARAM; + } + + ctx = TALLOC_ZERO_P(mem_ctx, struct libnet_conf_ctx); + if (ctx == NULL) { + return WERR_NOMEM; + } + + werr = libnet_conf_reg_initialize(ctx); + if (!W_ERROR_IS_OK(werr)) { + goto fail; + } + + talloc_set_destructor(ctx, libnet_conf_destroy_ctx); + + *conf_ctx = ctx; + return werr; + +fail: + TALLOC_FREE(ctx); + return werr; +} + +/** + * Close the configuration. + */ +void libnet_conf_close(struct libnet_conf_ctx *ctx) +{ + /* this also closes the registry (by destructor): */ + TALLOC_FREE(ctx); +} + /** * Drop the whole configuration (restarting empty). */ -WERROR libnet_conf_drop(void) +WERROR libnet_conf_drop(struct libnet_conf_ctx *ctx) { char *path, *p; WERROR werr = WERR_OK; @@ -439,7 +488,7 @@ WERROR libnet_conf_drop(void) } p = strrchr(path, '\\'); *p = '\0'; - werr = libnet_conf_reg_open_path(mem_ctx, path, REG_KEY_WRITE, + werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, REG_KEY_WRITE, &parent_key); if (!W_ERROR_IS_OK(werr)) { @@ -469,7 +518,8 @@ done: * param_names : list of lists of parameter names for each share * param_values : list of lists of parameter values for each share */ -WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, +WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, uint32_t *num_shares, char ***share_names, uint32_t **num_params, char ****param_names, char ****param_values) { @@ -496,7 +546,7 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, goto done; } - werr = libnet_conf_get_share_names(tmp_ctx, &tmp_num_shares, + werr = libnet_conf_get_share_names(tmp_ctx, ctx, &tmp_num_shares, &tmp_share_names); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -514,7 +564,8 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, uint32_t *num_shares, } for (count = 0; count < tmp_num_shares; count++) { - werr = libnet_conf_get_share(mem_ctx, tmp_share_names[count], + werr = libnet_conf_get_share(mem_ctx, ctx, + tmp_share_names[count], &tmp_num_params[count], &tmp_param_names[count], &tmp_param_values[count]); @@ -543,11 +594,12 @@ done: return werr; } - /** * get the list of share names defined in the configuration. */ -WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, +WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, + uint32_t *num_shares, char ***share_names) { uint32_t count; @@ -570,7 +622,7 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, } /* make sure "global" is always listed first */ - if (libnet_conf_share_exists(GLOBAL_NAME)) { + if (libnet_conf_share_exists(ctx, GLOBAL_NAME)) { werr = libnet_conf_add_string_to_array(tmp_ctx, &tmp_share_names, 0, GLOBAL_NAME); @@ -580,8 +632,8 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, uint32_t *num_shares, added_count++; } - werr = libnet_conf_reg_open_base_key(tmp_ctx, SEC_RIGHTS_ENUM_SUBKEYS, - &key); + werr = libnet_conf_reg_open_base_key(tmp_ctx, ctx, + SEC_RIGHTS_ENUM_SUBKEYS, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -624,14 +676,15 @@ done: /** * check if a share/service of a given name exists */ -bool libnet_conf_share_exists(const char *servicename) +bool libnet_conf_share_exists(struct libnet_conf_ctx *ctx, + const char *servicename) { bool ret = false; WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - werr = libnet_conf_reg_open_service_key(mem_ctx, servicename, + werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, servicename, REG_KEY_READ, &key); if (W_ERROR_IS_OK(werr)) { ret = true; @@ -644,18 +697,20 @@ bool libnet_conf_share_exists(const char *servicename) /** * Add a service if it does not already exist. */ -WERROR libnet_conf_create_share(const char *servicename) +WERROR libnet_conf_create_share(struct libnet_conf_ctx *ctx, + const char *servicename) { WERROR werr; TALLOC_CTX *mem_ctx = talloc_stackframe(); struct registry_key *key = NULL; - if (libnet_conf_share_exists(servicename)) { + if (libnet_conf_share_exists(ctx, servicename)) { werr = WERR_ALREADY_EXISTS; goto done; } - werr = libnet_conf_reg_create_service_key(mem_ctx, servicename, &key); + werr = libnet_conf_reg_create_service_key(mem_ctx, ctx, servicename, + &key); done: TALLOC_FREE(mem_ctx); @@ -665,14 +720,14 @@ done: /** * get a definition of a share (service) from configuration. */ -WERROR libnet_conf_get_share(TALLOC_CTX *mem_ctx, const char *servicename, - uint32_t *num_params, char ***param_names, - char ***param_values) +WERROR libnet_conf_get_share(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx *ctx, + const char *servicename, uint32_t *num_params, + char ***param_names, char ***param_values) { WERROR werr = WERR_OK; struct registry_key *key = NULL; - werr = libnet_conf_reg_open_service_key(mem_ctx, servicename, + werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, servicename, REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -689,13 +744,14 @@ done: /** * delete a service from configuration */ -WERROR libnet_conf_delete_share(const char *servicename) +WERROR libnet_conf_delete_share(struct libnet_conf_ctx *ctx, + const char *servicename) { WERROR werr = WERR_OK; struct registry_key *key = NULL; - TALLOC_CTX *ctx = talloc_stackframe(); + TALLOC_CTX *mem_ctx = talloc_stackframe(); - werr = libnet_conf_reg_open_base_key(ctx, REG_KEY_WRITE, &key); + werr = libnet_conf_reg_open_base_key(mem_ctx, ctx, REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -703,14 +759,15 @@ WERROR libnet_conf_delete_share(const char *servicename) werr = reg_deletekey_recursive(key, key, servicename); done: - TALLOC_FREE(ctx); + TALLOC_FREE(mem_ctx); return werr; } /** * set a configuration parameter to the value provided. */ -WERROR libnet_conf_set_parameter(const char *service, +WERROR libnet_conf_set_parameter(struct libnet_conf_ctx *ctx, + const char *service, const char *param, const char *valstr) { @@ -718,15 +775,15 @@ WERROR libnet_conf_set_parameter(const char *service, struct registry_key *key = NULL; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_conf_share_exists(service)) { - werr = libnet_conf_create_share(service); + if (!libnet_conf_share_exists(ctx, service)) { + werr = libnet_conf_create_share(ctx, service); if (!W_ERROR_IS_OK(werr)) { goto done; } } - werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_WRITE, - &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, + REG_KEY_WRITE, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -742,6 +799,7 @@ done: * get the value of a configuration parameter as a string */ WERROR libnet_conf_get_parameter(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, const char *service, const char *param, char **valstr) @@ -755,13 +813,13 @@ WERROR libnet_conf_get_parameter(TALLOC_CTX *mem_ctx, goto done; } - if (!libnet_conf_share_exists(service)) { + if (!libnet_conf_share_exists(ctx, service)) { werr = WERR_NO_SUCH_SERVICE; goto done; } - werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_READ, - &key); + werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, + REG_KEY_READ, &key); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -791,17 +849,19 @@ done: /** * delete a parameter from configuration */ -WERROR libnet_conf_delete_parameter(const char *service, const char *param) +WERROR libnet_conf_delete_parameter(struct libnet_conf_ctx *ctx, + const char *service, const char *param) { struct registry_key *key = NULL; WERROR werr = WERR_OK; TALLOC_CTX *mem_ctx = talloc_stackframe(); - if (!libnet_conf_share_exists(service)) { + if (!libnet_conf_share_exists(ctx, service)) { return WERR_NO_SUCH_SERVICE; } - werr = libnet_conf_reg_open_service_key(mem_ctx, service, REG_KEY_ALL, + werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, + REG_KEY_ALL, &key); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -826,8 +886,9 @@ done: * **********************************************************************/ -WERROR libnet_conf_set_global_parameter(const char *param, const char *val) +WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, + const char *param, const char *val) { - return libnet_conf_set_parameter(GLOBAL_NAME, param, val); + return libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); } diff --git a/source3/libnet/libnet_conf.h b/source3/libnet/libnet_conf.h new file mode 100644 index 0000000000..b518c0e3b0 --- /dev/null +++ b/source3/libnet/libnet_conf.h @@ -0,0 +1,27 @@ +/* + * Unix SMB/CIFS implementation. + * libnet smbconf registry support + * Copyright (C) Michael Adam 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef __LIBNET_CONF_H__ +#define __LIBNET_CONF_H__ + +struct libnet_conf_ctx { + NT_USER_TOKEN *token; +}; + +#endif diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 9b62286ecb..66b5461dc2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -19,8 +19,7 @@ */ #include "includes.h" -#include "libnet/libnet_join.h" -#include "libnet/libnet_proto.h" +#include "libnet/libnet.h" /**************************************************************** ****************************************************************/ @@ -886,33 +885,48 @@ done: static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; + struct libnet_conf_ctx *ctx; + + werr = libnet_conf_open(r, &ctx); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { - werr = libnet_conf_set_global_parameter("security", "user"); - W_ERROR_NOT_OK_RETURN(werr); + werr = libnet_conf_set_global_parameter(ctx, "security", "user"); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } - werr = libnet_conf_set_global_parameter("workgroup", + werr = libnet_conf_set_global_parameter(ctx, "workgroup", r->in.domain_name); - return werr; + goto done; } - werr = libnet_conf_set_global_parameter("security", "domain"); - W_ERROR_NOT_OK_RETURN(werr); + werr = libnet_conf_set_global_parameter(ctx, "security", "domain"); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } - werr = libnet_conf_set_global_parameter("workgroup", + werr = libnet_conf_set_global_parameter(ctx, "workgroup", r->out.netbios_domain_name); - W_ERROR_NOT_OK_RETURN(werr); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } if (r->out.domain_is_ad) { - werr = libnet_conf_set_global_parameter("security", "ads"); - W_ERROR_NOT_OK_RETURN(werr); + werr = libnet_conf_set_global_parameter(ctx, "security", "ads"); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } - werr = libnet_conf_set_global_parameter("realm", + werr = libnet_conf_set_global_parameter(ctx, "realm", r->out.dns_domain_name); - W_ERROR_NOT_OK_RETURN(werr); } +done: + libnet_conf_close(ctx); return werr; } @@ -922,15 +936,25 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; + struct libnet_conf_ctx *ctx; + + werr = libnet_conf_open(r, &ctx); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = libnet_conf_set_global_parameter("security", "user"); - W_ERROR_NOT_OK_RETURN(werr); + werr = libnet_conf_set_global_parameter(ctx, "security", "user"); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } } - libnet_conf_delete_parameter(GLOBAL_NAME, "realm"); + libnet_conf_delete_parameter(ctx, GLOBAL_NAME, "realm"); +done: + libnet_conf_close(ctx); return werr; } -- cgit From 89fb79ada6cf8cdc94ae181cdcfa9a2c0a4ffaeb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 22:49:42 +0100 Subject: Remove auto-generation of missing share from libnet_conf_set_parameter(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Günther, I wanted to have this as atomic as possible. I will add this behaviour to libnet_conf_set_global_parameter() next with the justification that [global] should exist transparently. Michael (This used to be commit e2b34e9c028d712c7c8b22aade2c11d347ae176d) --- source3/libnet/libnet_conf.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 8e44e4f525..11dc1639ad 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -776,10 +776,8 @@ WERROR libnet_conf_set_parameter(struct libnet_conf_ctx *ctx, TALLOC_CTX *mem_ctx = talloc_stackframe(); if (!libnet_conf_share_exists(ctx, service)) { - werr = libnet_conf_create_share(ctx, service); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + werr = WERR_NO_SUCH_SERVICE; + goto done; } werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, -- cgit From 8fc2db5070aadee5719fd1651e86d92378927cbf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 22:56:11 +0100 Subject: Add auto-adding of [global] to libnet_conf_set_global_parameter(). Michael (This used to be commit ad2497cfac90b2e91be6995931629453fd6ed5fa) --- source3/libnet/libnet_conf.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 11dc1639ad..3934f2c476 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -887,6 +887,17 @@ done: WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, const char *param, const char *val) { - return libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); + WERROR werr; + + if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { + werr = libnet_conf_create_share(ctx, GLOBAL_NAME); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + } + werr = libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); + +done: + return werr; } -- cgit From ecc53ab37147affbc0ee6fdae5a980dabe73b4f4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 22:56:56 +0100 Subject: Add a comment header to libnet_conf_set_global_parameter(). Michael (This used to be commit c050b148d00c79571ef0e85c6e7c86d551ca6efd) --- source3/libnet/libnet_conf.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 3934f2c476..005a35fd0c 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -884,6 +884,12 @@ done: * **********************************************************************/ +/** + * Set a global parameter + * (i.e. a parameter in the [global] service). + * + * This also creates [global] when it does not exist. + */ WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, const char *param, const char *val) { -- cgit From d042a6409225f17b9d8665477fffb08c311512d9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 23:00:16 +0100 Subject: Move libnet_conf_set_global_parameter() inside libnet_conf.c Also remove the "convenience function" section comment. The set_global_parameter function now has a right to exist in the api. Michael (This used to be commit fd99c1804ae04b7c2a2b0a605e83ba88fa362edb) --- source3/libnet/libnet_conf.c | 53 +++++++++++++++++++------------------------- 1 file changed, 23 insertions(+), 30 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 005a35fd0c..858c4a06b4 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -793,6 +793,29 @@ done: return werr; } +/** + * Set a global parameter + * (i.e. a parameter in the [global] service). + * + * This also creates [global] when it does not exist. + */ +WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, + const char *param, const char *val) +{ + WERROR werr; + + if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { + werr = libnet_conf_create_share(ctx, GLOBAL_NAME); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + } + werr = libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); + +done: + return werr; +} + /** * get the value of a configuration parameter as a string */ @@ -877,33 +900,3 @@ done: return werr; } - -/********************************************************************** - * - * Convenience functions that are also exported. - * - **********************************************************************/ - -/** - * Set a global parameter - * (i.e. a parameter in the [global] service). - * - * This also creates [global] when it does not exist. - */ -WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, - const char *param, const char *val) -{ - WERROR werr; - - if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { - werr = libnet_conf_create_share(ctx, GLOBAL_NAME); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - werr = libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); - -done: - return werr; -} - -- cgit From c4899fec9f3957c52d3a856000631d59a3346ac0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 23:12:27 +0100 Subject: Add a function libnet_conf_get_global_parameter() to libnet_conf.c It creates the [global] section if it does not yet exist. Michael (This used to be commit 627a29b690c30f1096a4746186089cd9a1c92407) --- source3/libnet/libnet_conf.c | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 858c4a06b4..37e05b9fe9 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -867,6 +867,31 @@ done: return werr; } +/** + * Get the value of a global parameter. + * + * Create [global] if it does not exist. + */ +WERROR libnet_conf_get_global_parameter(TALLOC_CTX *mem_ctx, + struct libnet_conf_ctx *ctx, + const char *param, + char **valstr) +{ + WERROR werr; + + if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { + werr = libnet_conf_create_share(ctx, GLOBAL_NAME); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + } + werr = libnet_conf_get_parameter(mem_ctx, ctx, GLOBAL_NAME, param, + valstr); + +done: + return werr; +} + /** * delete a parameter from configuration */ -- cgit From 864fc10a278869b1474e407c963f9f40464d55c0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 23:16:01 +0100 Subject: Add a function libnet_conf_delete_global_parameter() to libnet_conf.c Create the [global] section if it does not yet exist. Michael (This used to be commit 90fa2981c949e21f66a44d634ebe9d661819f0a3) --- source3/libnet/libnet_conf.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 37e05b9fe9..d20e10b141 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -925,3 +925,24 @@ done: return werr; } +/** + * Delete a global parameter. + * + * Create [global] if it does not exist. + */ +WERROR libnet_conf_delete_global_parameter(struct libnet_conf_ctx *ctx, + const char *param) +{ + WERROR werr; + + if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { + werr = libnet_conf_create_share(ctx, GLOBAL_NAME); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + } + werr = libnet_conf_delete_parameter(ctx, GLOBAL_NAME, param); + +done: + return werr; +} -- cgit From 3910dd2e1b069a58ef68c6848495afc0df8fa2ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 13 Jan 2008 23:20:51 +0100 Subject: Make use of the new libnet_conf_delete_global_parameter() function. Michael (This used to be commit aed01fd28c8e896e993239cbe9b2681132ddf980) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 66b5461dc2..eaf851ccec 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -951,7 +951,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) } } - libnet_conf_delete_parameter(ctx, GLOBAL_NAME, "realm"); + libnet_conf_delete_global_parameter(ctx, "realm"); done: libnet_conf_close(ctx); -- cgit From 0e8240f5a59d917723cfc6043f4f39172869857f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 10:51:40 +0100 Subject: Re-arrange pre- and postprocessing code in libnetjoin. Guenther (This used to be commit 99e3e4b0dd0b0755189c1c740f2975bc75a0e28d) --- source3/libnet/libnet_join.c | 103 +++++++++++++++++++++++++++++++++++-------- 1 file changed, 84 insertions(+), 19 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index eaf851ccec..19b3e58e00 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1013,6 +1013,58 @@ static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) /**************************************************************** ****************************************************************/ +static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + + if (!r->in.domain_name) { + return WERR_INVALID_PARAM; + } + + if (r->in.modify_config && !lp_include_registry_globals()) { + return WERR_NOT_SUPPORTED; + } + + if (IS_DC) { + return WERR_SETUP_DOMAIN_CONTROLLER; + } + + if (!secrets_init()) { + libnet_join_set_error_string(mem_ctx, r, + "Unable to open secrets database"); + return WERR_CAN_NOT_COMPLETE; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + +static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + WERROR werr; + + if (!W_ERROR_IS_OK(r->out.result)) { + return r->out.result; + } + + werr = do_JoinConfig(r); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { + saf_store(r->in.domain_name, r->in.dc_name); + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) { if (r->in.ads) { @@ -1170,30 +1222,23 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, { WERROR werr; - if (!r->in.domain_name) { - return WERR_INVALID_PARAM; - } - - if (r->in.modify_config && !lp_include_registry_globals()) { - return WERR_NOT_SUPPORTED; - } - - if (IS_DC) { - return WERR_SETUP_DOMAIN_CONTROLLER; + werr = libnet_join_pre_processing(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; } if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_DomainJoin(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { - return werr; + goto done; } } - werr = do_JoinConfig(r); + werr = libnet_join_post_processing(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { - return werr; + goto done; } - + done: return werr; } @@ -1237,27 +1282,47 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + if (r->in.modify_config && !lp_include_registry_globals()) { + return WERR_NOT_SUPPORTED; + } + + if (!secrets_init()) { + libnet_unjoin_set_error_string(mem_ctx, r, + "Unable to open secrets database"); + return WERR_CAN_NOT_COMPLETE; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { WERROR werr; - if (r->in.modify_config && !lp_include_registry_globals()) { - return WERR_NOT_SUPPORTED; + werr = libnet_unjoin_pre_processing(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; } if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_DomainUnjoin(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { - do_UnjoinConfig(r); - return werr; + goto done; } } werr = do_UnjoinConfig(r); if (!W_ERROR_IS_OK(werr)) { - return werr; + goto done; } + done: return werr; } -- cgit From f41cd6c8e46c6a280e61f77b0803133458274977 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 10:58:27 +0100 Subject: Use dsgetdcname() to find a dc when unjoining in libnetjoin. Guenther (This used to be commit 1a5b72daa36073cc0604211248d869bf0d7546c6) --- source3/libnet/libnet_join.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 19b3e58e00..6c50d9c09b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1250,6 +1250,29 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, { NTSTATUS status; + if (!r->in.dc_name) { + struct DS_DOMAIN_CONTROLLER_INFO *info; + status = dsgetdcname(mem_ctx, + NULL, + r->in.domain_name, + NULL, + NULL, + DS_DIRECTORY_SERVICE_REQUIRED | + DS_WRITABLE_REQUIRED | + DS_RETURN_DNS_NAME, + &info); + if (!NT_STATUS_IS_OK(status)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "failed to find DC: %s", + nt_errstr(status)); + return WERR_DOMAIN_CONTROLLER_NOT_FOUND; + } + + r->in.dc_name = talloc_strdup(mem_ctx, + info->domain_controller_name); + W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); + } + status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, -- cgit From b32d613ed064fc662c795c6e7dcebe7c64bddf00 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 11:00:37 +0100 Subject: No need to re-establish AD connection all the time. Guenther (This used to be commit f21871c6d60e02ed53f060abbbfb2ef656cdc311) --- source3/libnet/libnet_join.c | 8 -------- 1 file changed, 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6c50d9c09b..c60f4c9803 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -107,10 +107,6 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, { ADS_STATUS status; - if (r->in.ads) { - ads_destroy(&r->in.ads); - } - status = libnet_connect_ads(r->in.domain_name, r->in.domain_name, r->in.dc_name, @@ -134,10 +130,6 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, { ADS_STATUS status; - if (r->in.ads) { - ads_destroy(&r->in.ads); - } - status = libnet_connect_ads(r->in.domain_name, r->in.domain_name, r->in.dc_name, -- cgit From b239612fcf199cfeba5c93535f70d3cdd880a5bf Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 15:28:39 +0100 Subject: Use autogenerated libnet_join header. Guenther (This used to be commit d94bd3a03b574b3fdddd62add25b0c04673500a3) --- source3/libnet/libnet.h | 2 +- source3/libnet/libnet_join.h | 75 -------------------------------------------- 2 files changed, 1 insertion(+), 76 deletions(-) delete mode 100644 source3/libnet/libnet_join.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index d6238ca982..97e720f617 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -20,7 +20,7 @@ #ifndef __LIBNET_H__ #define __LIBNET_H__ -#include "libnet/libnet_join.h" +#include "librpc/gen_ndr/libnet_join.h" #include "libnet/libnet_conf.h" #include "libnet/libnet_proto.h" diff --git a/source3/libnet/libnet_join.h b/source3/libnet/libnet_join.h deleted file mode 100644 index c47e8d934c..0000000000 --- a/source3/libnet/libnet_join.h +++ /dev/null @@ -1,75 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * libnet Join Support - * Copyright (C) Guenther Deschner 2007-2008 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef __LIBNET_JOIN_H__ -#define __LIBNET_JOIN_H__ - -struct libnet_JoinCtx { - struct { - const char *dc_name; - const char *machine_name; - const char *domain_name; - const char *account_ou; - const char *admin_account; - const char *admin_password; - const char *machine_password; - uint32_t join_flags; - const char *os_version; - const char *os_name; - bool create_upn; - const char *upn; - bool modify_config; - struct ads_struct *ads; - bool debug; - } in; - - struct { - char *account_name; - char *netbios_domain_name; - char *dns_domain_name; - char *dn; - struct dom_sid *domain_sid; - bool modified_config; - WERROR result; - char *error_string; - bool domain_is_ad; - } out; -}; - -struct libnet_UnjoinCtx { - struct { - const char *dc_name; - const char *machine_name; - const char *domain_name; - const char *admin_account; - const char *admin_password; - uint32_t unjoin_flags; - bool modify_config; - struct dom_sid *domain_sid; - struct ads_struct *ads; - } in; - - struct { - bool modified_config; - WERROR result; - char *error_string; - } out; -}; - -#endif -- cgit From 40222cc8e211c9d82a75d57b802ced11172937e5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 15:48:48 +0100 Subject: Remove unrequired TALLOC_FREE. Guenther (This used to be commit 15d0e574386e39a4d2fa61cd268b48dfa5c84dcb) --- source3/libnet/libnet_join.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c60f4c9803..ce3a5969a4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -236,7 +236,6 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, goto done; } - TALLOC_FREE(r->out.dn); r->out.dn = talloc_strdup(mem_ctx, dn); if (!r->out.dn) { status = ADS_ERROR_LDAP(LDAP_NO_MEMORY); -- cgit From fe165e4a9f9d203d66aef15075a7ca89098a720c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 15 Jan 2008 17:00:14 +0100 Subject: Use autogenerated debugging functions in libnetjoin when requested. Guenther (This used to be commit 08c1720509dffa2886ed057e2d14907699122f3c) --- source3/libnet/libnet_join.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index ce3a5969a4..a189a38ea3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1213,6 +1213,10 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, { WERROR werr; + if (r->in.debug) { + NDR_PRINT_IN_DEBUG(libnet_JoinCtx, r); + } + werr = libnet_join_pre_processing(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1230,6 +1234,9 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, goto done; } done: + if (r->in.debug) { + NDR_PRINT_OUT_DEBUG(libnet_JoinCtx, r); + } return werr; } @@ -1320,6 +1327,10 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, { WERROR werr; + if (r->in.debug) { + NDR_PRINT_IN_DEBUG(libnet_UnjoinCtx, r); + } + werr = libnet_unjoin_pre_processing(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { goto done; @@ -1338,5 +1349,9 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, } done: + if (r->in.debug) { + NDR_PRINT_OUT_DEBUG(libnet_UnjoinCtx, r); + } + return werr; } -- cgit From 1bb220174fdefb36106124736eccd9c0a55d07d7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 16 Jan 2008 10:37:48 +0100 Subject: Avoid use of NDR_PRINT_X_DEBUG (that debugs with level 0) in libnetjoin. Guenther (This used to be commit 357a393b106fe88629bf5f6c634d16c0fc47cee9) --- source3/libnet/libnet_join.c | 41 +++++++++++++++++++++++++++++++++++++---- 1 file changed, 37 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a189a38ea3..49868192e8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -24,6 +24,35 @@ /**************************************************************** ****************************************************************/ +#define LIBNET_JOIN_DUMP_CTX(ctx, r, f) \ + do { \ + char *str = NULL; \ + str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_JoinCtx, f, r); \ + DEBUG(1,("libnet_Join:\n%s", str)); \ + talloc_free(str); \ + } while (0) + +#define LIBNET_JOIN_IN_DUMP_CTX(ctx, r) \ + LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES) +#define LIBNET_JOIN_OUT_DUMP_CTX(ctx, r) \ + LIBNET_JOIN_DUMP_CTX(ctx, r, NDR_OUT) + +#define LIBNET_UNJOIN_DUMP_CTX(ctx, r, f) \ + do { \ + char *str = NULL; \ + str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_UnjoinCtx, f, r); \ + DEBUG(1,("libnet_Unjoin:\n%s", str)); \ + talloc_free(str); \ + } while (0) + +#define LIBNET_UNJOIN_IN_DUMP_CTX(ctx, r) \ + LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_IN | NDR_SET_VALUES) +#define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \ + LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT) + +/**************************************************************** +****************************************************************/ + static void libnet_join_set_error_string(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r, const char *format, ...) @@ -1214,7 +1243,7 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, WERROR werr; if (r->in.debug) { - NDR_PRINT_IN_DEBUG(libnet_JoinCtx, r); + LIBNET_JOIN_IN_DUMP_CTX(mem_ctx, r); } werr = libnet_join_pre_processing(mem_ctx, r); @@ -1234,8 +1263,10 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, goto done; } done: + r->out.result = werr; + if (r->in.debug) { - NDR_PRINT_OUT_DEBUG(libnet_JoinCtx, r); + LIBNET_JOIN_OUT_DUMP_CTX(mem_ctx, r); } return werr; } @@ -1328,7 +1359,7 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, WERROR werr; if (r->in.debug) { - NDR_PRINT_IN_DEBUG(libnet_UnjoinCtx, r); + LIBNET_UNJOIN_IN_DUMP_CTX(mem_ctx, r); } werr = libnet_unjoin_pre_processing(mem_ctx, r); @@ -1349,8 +1380,10 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, } done: + r->out.result = werr; + if (r->in.debug) { - NDR_PRINT_OUT_DEBUG(libnet_UnjoinCtx, r); + LIBNET_UNJOIN_OUT_DUMP_CTX(mem_ctx, r); } return werr; -- cgit From 1311918d177723616a01ac5fa2c61d2f93b431a2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 16 Jan 2008 10:48:11 +0100 Subject: Nicen some error strings in libnetjoin. Guenther (This used to be commit 05cf1413cc92e15bbe7ba0477df282ad31e40412) --- source3/libnet/libnet_join.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 49868192e8..f699b09b78 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1176,8 +1176,9 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, &info); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to find DC: %s", - nt_errstr(status)); + "failed to find DC for domain %s", + r->in.domain_name, + get_friendly_nt_error_msg(status)); return WERR_DOMAIN_CONTROLLER_NOT_FOUND; } @@ -1211,7 +1212,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, "failed to join domain over rpc: %s", - nt_errstr(status)); + get_friendly_nt_error_msg(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { return WERR_SETUP_ALREADY_JOINED; } @@ -1292,8 +1293,9 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, &info); if (!NT_STATUS_IS_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to find DC: %s", - nt_errstr(status)); + "failed to find DC for domain %s", + r->in.domain_name, + get_friendly_nt_error_msg(status)); return WERR_DOMAIN_CONTROLLER_NOT_FOUND; } @@ -1305,8 +1307,8 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, status = libnet_join_unjoindomain_rpc(mem_ctx, r); if (!NT_STATUS_IS_OK(status)) { libnet_unjoin_set_error_string(mem_ctx, r, - "failed to unjoin domain: %s", - nt_errstr(status)); + "failed to disable machine account via rpc: %s", + get_friendly_nt_error_msg(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) { return WERR_SETUP_NOT_JOINED; } @@ -1350,6 +1352,7 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, return WERR_OK; } + /**************************************************************** ****************************************************************/ -- cgit From 168e122682debee53041250292da214f88f534fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 16 Jan 2008 10:56:40 +0100 Subject: Autofetch domain_sid while unjoining in libnetjoin. Guenther (This used to be commit 622109895c56ed7cc02dac006f02cac89424b569) --- source3/libnet/libnet_join.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f699b09b78..af7f9a6a21 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1280,6 +1280,17 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, { NTSTATUS status; + if (!r->in.domain_sid) { + struct dom_sid sid; + if (!secrets_fetch_domain_sid(lp_workgroup(), &sid)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "Unable to fetch domain sid: are we joined?"); + return WERR_SETUP_NOT_JOINED; + } + r->in.domain_sid = sid_dup_talloc(mem_ctx, &sid); + W_ERROR_HAVE_NO_MEMORY(r->in.domain_sid); + } + if (!r->in.dc_name) { struct DS_DOMAIN_CONTROLLER_INFO *info; status = dsgetdcname(mem_ctx, -- cgit From 7bfceba4bc49f5f5c8d2836dfd76e1ec15459631 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jan 2008 17:05:38 +0100 Subject: Use lp_config_backend_is_registry() instead of lp_include_registry_globals(). Michael (This used to be commit c5a7d421c512a6221b0300549d7b5de0368d252e) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index af7f9a6a21..a9978ba4b8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1041,7 +1041,7 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } - if (r->in.modify_config && !lp_include_registry_globals()) { + if (r->in.modify_config && !lp_config_backend_is_registry()) { return WERR_NOT_SUPPORTED; } @@ -1350,7 +1350,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { - if (r->in.modify_config && !lp_include_registry_globals()) { + if (r->in.modify_config && !lp_config_backend_is_registry()) { return WERR_NOT_SUPPORTED; } -- cgit From 188bfbc19230c5451059375cb648d06362ac9395 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 21 Jan 2008 15:24:23 +0100 Subject: Add a check for talloc failure. - Pointed out by Volker. Michael (This used to be commit bdc49b07cc6de36c9319254a131858c9a7f9dd53) --- source3/libnet/libnet_conf.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index d20e10b141..152148300e 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -48,6 +48,10 @@ static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, } new_array[count] = talloc_strdup(new_array, string); + if (new_array[count] == NULL) { + TALLOC_FREE(new_array); + return WERR_NOMEM; + } *array = new_array; -- cgit From 7f2e253efbf5ce9a7195efcd5fee778b219faebb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 21 Jan 2008 15:28:04 +0100 Subject: Use talloc_stackframe() for temporary contexts throughout libnet_conf.c Michael (This used to be commit 4d734106b70b9b6029b537fe11f8b3c1aebd42cf) --- source3/libnet/libnet_conf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 152148300e..ec05fa7c16 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -195,7 +195,7 @@ static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *mem_ctx, /* create a new talloc ctx for creation. it will hold * the intermediate parent key (SMBCONF) for creation * and will be destroyed when leaving this function... */ - if (!(create_ctx = talloc_new(mem_ctx))) { + if (!(create_ctx = talloc_stackframe())) { werr = WERR_NOMEM; goto done; } @@ -361,7 +361,7 @@ static WERROR libnet_conf_reg_get_values(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; @@ -544,7 +544,7 @@ WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; @@ -619,7 +619,7 @@ WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, goto done; } - tmp_ctx = talloc_new(mem_ctx); + tmp_ctx = talloc_stackframe(); if (tmp_ctx == NULL) { werr = WERR_NOMEM; goto done; -- cgit From c5c38d622754c5b06716cbae41a27af711d22bcf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 21 Jan 2008 15:31:57 +0100 Subject: Fix formatting of multi_sz registry values. Don't print only the last component. Michael (This used to be commit 654e96208ec847e32797cbd2442ef9e73c014567) --- source3/libnet/libnet_conf.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index ec05fa7c16..fc797bbeb9 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -320,8 +320,12 @@ static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx, case REG_MULTI_SZ: { uint32 j; for (j = 0; j < value->v.multi_sz.num_strings; j++) { - result = talloc_asprintf(mem_ctx, "\"%s\" ", + result = talloc_asprintf(mem_ctx, "%s \"%s\" ", + result, value->v.multi_sz.strings[j]); + if (result == NULL) { + break; + } } break; } -- cgit From feb77c978bede01156ae1eb17c73842c7a27cda5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 21 Jan 2008 15:35:09 +0100 Subject: Add another check for talloc failure to libnet_conf Michael (This used to be commit 196e4ce8c5dd5aab518aaa7d170eb1fb5d66bcd1) --- source3/libnet/libnet_conf.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index fc797bbeb9..4d998acad8 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -138,6 +138,10 @@ static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *mem_ctx, } path = talloc_asprintf(mem_ctx, "%s\\%s", KEY_SMBCONF, servicename); + if (path == NULL) { + werr = WERR_NOMEM; + goto done; + } werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, desired_access, key); -- cgit From a0186fb78d05aa997b114eee6afabaf138540ab8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 23 Jan 2008 13:54:02 -0800 Subject: Forward ported version of Matt Geddes patch for adding acct_flags to rpccli_samr_create_dom_user(). Jerry please test. Jeremy. (This used to be commit 7d94f97947b7edfcf3ec52f0125e4593d6d54c05) --- source3/libnet/libnet_join.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a9978ba4b8..538cca7994 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -684,10 +684,15 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, const_acct_name = acct_name; if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { + uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | + SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | + SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | + SAMR_USER_GETATTR | SAMR_USER_SETATTR; + status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, acct_name, ACB_WSTRUST, - 0xe005000b, &user_pol, + acct_flags, &user_pol, &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & -- cgit From 92183450f1eedd2892ed8612ccaf97c65098c636 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 25 Jan 2008 01:00:51 +0100 Subject: Trying to avoid defining new SAMR acct creation flags when we already have them with different names. Matt, Jeremy, please check. Guenther (This used to be commit d4a9e46edf7336f673c001c559af96eb0ecf9f6f) --- source3/libnet/libnet_join.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 538cca7994..f83e0fbb60 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -684,10 +684,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, const_acct_name = acct_name; if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { - uint32 acct_flags = SAMR_GENERIC_READ | SAMR_GENERIC_WRITE | - SAMR_GENERIC_EXECUTE | SAMR_STANDARD_WRITEDAC | - SAMR_STANDARD_DELETE | SAMR_USER_SETPASS | - SAMR_USER_GETATTR | SAMR_USER_SETATTR; + uint32_t acct_flags = + SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | + SEC_STD_WRITE_DAC | SEC_STD_DELETE | + SAMR_USER_ACCESS_SET_PASSWORD | + SAMR_USER_ACCESS_GET_ATTRIBUTES | + SAMR_USER_ACCESS_SET_ATTRIBUTES; status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, &domain_pol, -- cgit From 5ab43ae0d8e66a1fd4c877089df52282367be7dd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 26 Jan 2008 01:39:33 +0100 Subject: Eliminate remote tree of dsgetdcname (which will happen in libnetapi then). Guenther (This used to be commit fd490d236b1fb73a75c457b75128c9b98719418f) --- source3/libnet/libnet_join.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f83e0fbb60..3c6cea31bb 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1173,7 +1173,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct DS_DOMAIN_CONTROLLER_INFO *info; status = dsgetdcname(mem_ctx, - NULL, r->in.domain_name, NULL, NULL, @@ -1301,7 +1300,6 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct DS_DOMAIN_CONTROLLER_INFO *info; status = dsgetdcname(mem_ctx, - NULL, r->in.domain_name, NULL, NULL, -- cgit From 5334b364c21599fe055b32bbbd1e8cf7488b1fa7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jan 2008 12:39:20 +0100 Subject: Remove rpccli_samr_close and use pidl generated function instead. Guenther (This used to be commit 64f0889401855ab76953bfae5db4fe4df19ad8a5) --- source3/libnet/libnet_join.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3c6cea31bb..c34afc7cae 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -704,7 +704,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } if (NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } } @@ -769,7 +769,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); cli_rpc_pipe_close(pipe_hnd); status = NT_STATUS_OK; @@ -877,7 +877,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, &user_pol, 16, &qctr); if (!NT_STATUS_IS_OK(status)) { - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); goto done; } @@ -890,12 +890,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, &cli->user_session_key, &ctr); - rpccli_samr_close(pipe_hnd, mem_ctx, &user_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); done: if (pipe_hnd) { - rpccli_samr_close(pipe_hnd, mem_ctx, &domain_pol); - rpccli_samr_close(pipe_hnd, mem_ctx, &sam_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); + rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); cli_rpc_pipe_close(pipe_hnd); } -- cgit From 42960f817a9fd439557d1be2f3ca3603a35489ce Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 1 Feb 2008 11:12:05 +0100 Subject: Use rpccli_samr_OpenDomain() all over the place. Guenther (This used to be commit e4e9d72724d547e1405b2ed4cec509d50ec88c8d) --- source3/libnet/libnet_join.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c34afc7cae..cea5ea6d46 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -671,10 +671,11 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - r->out.domain_sid, - &domain_pol); + status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + r->out.domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -840,10 +841,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_open_domain(pipe_hnd, mem_ctx, &sam_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - r->in.domain_sid, - &domain_pol); + status = rpccli_samr_OpenDomain(pipe_hnd, mem_ctx, + &sam_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + r->in.domain_sid, + &domain_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } -- cgit From 37b56c0113263a741c62100cd4b13388cb2a83fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 1 Feb 2008 11:57:53 +0100 Subject: Use rpccli_samr_OpenUser() all over the place. Guenther (This used to be commit da90eb7653554d242da83ed98adae35ced3a2938) --- source3/libnet/libnet_join.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index cea5ea6d46..bbbf11adc1 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -724,9 +724,11 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, user_rid = user_rids[0]; - status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, user_rid, - &user_pol); + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -869,9 +871,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, user_rid = user_rids[0]; - status = rpccli_samr_open_user(pipe_hnd, mem_ctx, &domain_pol, - SEC_RIGHTS_MAXIMUM_ALLOWED, - user_rid, &user_pol); + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, + &domain_pol, + SEC_RIGHTS_MAXIMUM_ALLOWED, + user_rid, + &user_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } -- cgit From ddbe4ea6b79b511927d4d130cb345b873b12cc0e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 1 Feb 2008 14:21:54 +0100 Subject: Use rpccli_samr_CreateUser2() all over the place. Guenther (This used to be commit 701af69118c9634c7dc0d5c10152ce776787694d) --- source3/libnet/libnet_join.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bbbf11adc1..737474d807 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -50,6 +50,11 @@ #define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT) +static void init_lsa_String(struct lsa_String *name, const char *s) +{ + name->string = s; +} + /**************************************************************** ****************************************************************/ @@ -591,6 +596,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; const char *const_acct_name; + struct lsa_String lsa_acct_name; uint32 user_rid; uint32 num_rids, *name_types, *user_rids; uint32 flags = 0x3e8; @@ -684,6 +690,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, strlower_m(acct_name); const_acct_name = acct_name; + init_lsa_String(&lsa_acct_name, acct_name); + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { uint32_t acct_flags = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | @@ -691,12 +699,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_USER_ACCESS_SET_PASSWORD | SAMR_USER_ACCESS_GET_ATTRIBUTES | SAMR_USER_ACCESS_SET_ATTRIBUTES; - - status = rpccli_samr_create_dom_user(pipe_hnd, mem_ctx, - &domain_pol, - acct_name, ACB_WSTRUST, - acct_flags, &user_pol, - &user_rid); + uint32_t access_granted = 0; + + status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, + &domain_pol, + &lsa_acct_name, + ACB_WSTRUST, + acct_flags, + &user_pol, + &access_granted, + &user_rid); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { -- cgit From 270ba9c238400f49d32c57a9a1bbde6ad63bb555 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 4 Feb 2008 19:43:07 +0100 Subject: Use rpccli_samr_Connect2() all over the place. Guenther (This used to be commit bdf8d562621e1a09bf83e2009dec24966e7fdf22) --- source3/libnet/libnet_join.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 737474d807..f855a57f32 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -671,8 +671,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_connect(pipe_hnd, mem_ctx, - SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->cli->desthost, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &sam_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -849,8 +851,10 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_connect(pipe_hnd, mem_ctx, - SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); + status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, + pipe_hnd->cli->desthost, + SEC_RIGHTS_MAXIMUM_ALLOWED, + &sam_pol); if (!NT_STATUS_IS_OK(status)) { goto done; } -- cgit From 3783e6af8a8cd4b3cc1d43507704f17e6bb1a9a5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 01:57:55 +0100 Subject: Use rpccli_lsa_QueryInfoPolicy2 in libnet join. Guenther (This used to be commit ddc2fc16bf18fe3ab8a0fc0021826253d5f4ed32) --- source3/libnet/libnet_join.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f855a57f32..2f8d3e3085 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -610,6 +610,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, uchar md5buffer[16]; DATA_BLOB digested_session_key; uchar md4_trust_password[16]; + union lsa_PolicyInformation *info = NULL; if (!r->in.machine_password) { r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); @@ -641,16 +642,15 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_lsa_query_info_policy2(pipe_hnd, mem_ctx, &lsa_pol, - 12, - &r->out.netbios_domain_name, - &r->out.dns_domain_name, - NULL, - NULL, - &r->out.domain_sid); - + status = rpccli_lsa_QueryInfoPolicy2(pipe_hnd, mem_ctx, + &lsa_pol, + LSA_POLICY_INFO_DNS, + &info); if (NT_STATUS_IS_OK(status)) { r->out.domain_is_ad = true; + r->out.netbios_domain_name = info->dns.name.string; + r->out.dns_domain_name = info->dns.dns_domain.string; + r->out.domain_sid = info->dns.sid; } if (!NT_STATUS_IS_OK(status)) { -- cgit From adeb94a9a6444facf330337142997210940c9137 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 10:21:25 +0100 Subject: Use rpccli_lsa_QueryInfoPolicy() in libnet_join. Guenther (This used to be commit 28ef55cbf1662dfe6b64a837ade830f5c864b4b9) --- source3/libnet/libnet_join.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2f8d3e3085..07d4960ffd 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -654,13 +654,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } if (!NT_STATUS_IS_OK(status)) { - status = rpccli_lsa_query_info_policy(pipe_hnd, mem_ctx, &lsa_pol, - 5, - &r->out.netbios_domain_name, - &r->out.domain_sid); + status = rpccli_lsa_QueryInfoPolicy(pipe_hnd, mem_ctx, + &lsa_pol, + LSA_POLICY_INFO_ACCOUNT_DOMAIN, + &info); if (!NT_STATUS_IS_OK(status)) { goto done; } + + r->out.netbios_domain_name = info->account_domain.name.string; + r->out.domain_sid = info->account_domain.sid; } rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); -- cgit From 210a4ab76f9b576b6834106146fcd86ba73acd22 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 8 Feb 2008 14:48:55 +0100 Subject: Use rpccli_samr_LookupNames() in libnetjoin. Guenther (This used to be commit e62bfd2deea81f188cd4b5274218c3df64782aa7) --- source3/libnet/libnet_join.c | 44 ++++++++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 20 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 07d4960ffd..6d9cc1fbc4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -595,11 +595,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; - const char *const_acct_name; struct lsa_String lsa_acct_name; uint32 user_rid; - uint32 num_rids, *name_types, *user_rids; - uint32 flags = 0x3e8; uint32 acb_info = ACB_WSTRUST; uint32 fields_present; uchar pwbuf[532]; @@ -611,6 +608,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, DATA_BLOB digested_session_key; uchar md4_trust_password[16]; union lsa_PolicyInformation *info = NULL; + struct samr_Ids user_rids; + struct samr_Ids name_types; if (!r->in.machine_password) { r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); @@ -693,7 +692,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); - const_acct_name = acct_name; init_lsa_String(&lsa_acct_name, acct_name); @@ -726,20 +724,22 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } } - status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, - &domain_pol, flags, 1, - &const_acct_name, - &num_rids, &user_rids, &name_types); + status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &user_rids, + &name_types); if (!NT_STATUS_IS_OK(status)) { goto done; } - if (name_types[0] != SID_NAME_USER) { + if (name_types.ids[0] != SID_NAME_USER) { status = NT_STATUS_INVALID_WORKSTATION; goto done; } - user_rid = user_rids[0]; + user_rid = user_rids.ids[0]; status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, &domain_pol, @@ -829,12 +829,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, POLICY_HND sam_pol, domain_pol, user_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; - uint32 flags = 0x3e8; - const char *const_acct_name; uint32 user_rid; - uint32 num_rids, *name_types, *user_rids; SAM_USERINFO_CTR ctr, *qctr = NULL; SAM_USER_INFO_16 p16; + struct lsa_String lsa_acct_name; + struct samr_Ids user_rids; + struct samr_Ids name_types; status = cli_full_connection(&cli, NULL, r->in.dc_name, @@ -873,22 +873,26 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); - const_acct_name = acct_name; - status = rpccli_samr_lookup_names(pipe_hnd, mem_ctx, - &domain_pol, flags, 1, - &const_acct_name, - &num_rids, &user_rids, &name_types); + init_lsa_String(&lsa_acct_name, acct_name); + + status = rpccli_samr_LookupNames(pipe_hnd, mem_ctx, + &domain_pol, + 1, + &lsa_acct_name, + &user_rids, + &name_types); + if (!NT_STATUS_IS_OK(status)) { goto done; } - if (name_types[0] != SID_NAME_USER) { + if (name_types.ids[0] != SID_NAME_USER) { status = NT_STATUS_INVALID_WORKSTATION; goto done; } - user_rid = user_rids[0]; + user_rid = user_rids.ids[0]; status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, &domain_pol, -- cgit From 90631dd2c27db6480ddfaec5746c84579ec684be Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Feb 2008 00:07:41 +0100 Subject: Removing unused ACCT_-flags. Guenther (This used to be commit d1e5a5a7f9dfb5756398e99cf09a4712d2b42682) --- source3/libnet/libnet_join.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6d9cc1fbc4..e6fcc76d6c 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -776,7 +776,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ZERO_STRUCT(ctr); ZERO_STRUCT(p25); - fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | ACCT_FLAGS; + fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | + SAMR_FIELD_ACCT_FLAGS; init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf); ctr.switch_value = infolevel; -- cgit From b1c6104fa4c7a4e7e5cbbcdfef7c75baebde762d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Feb 2008 18:21:52 +0100 Subject: Use every (This used to be commit d9cec295bf55b3a7e16f548cc4bf64ce474b41e9) --- source3/libnet/libnet_join.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index e6fcc76d6c..996b9e64f9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -831,11 +831,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; uint32 user_rid; - SAM_USERINFO_CTR ctr, *qctr = NULL; + SAM_USERINFO_CTR ctr; SAM_USER_INFO_16 p16; struct lsa_String lsa_acct_name; struct samr_Ids user_rids; struct samr_Ids name_types; + union samr_UserInfo *info = NULL; status = cli_full_connection(&cli, NULL, r->in.dc_name, @@ -904,8 +905,10 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_samr_query_userinfo(pipe_hnd, mem_ctx, - &user_pol, 16, &qctr); + status = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, + &user_pol, + 16, + &info); if (!NT_STATUS_IS_OK(status)) { rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); goto done; @@ -915,7 +918,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, ctr.switch_value = 16; ctr.info.id16 = &p16; - p16.acb_info = qctr->info.id16->acb_info | ACB_DISABLED; + p16.acb_info = info->info16.acct_flags | ACB_DISABLED; status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, &cli->user_session_key, &ctr); -- cgit From bc742a06a2e7ce494446ab3a752fd45d08c25659 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Feb 2008 00:51:51 +0100 Subject: Remove all callers of rpccli_samr_setuserinfo2 and replace with rpccli_samr_SetUserInfo (see the opcode mixup in rpc_samr.h). Guenther (This used to be commit bdc49185036060ebb9c727767dce52e4b01bd8b4) --- source3/libnet/libnet_join.c | 40 ++++++++++++++++------------------------ 1 file changed, 16 insertions(+), 24 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 996b9e64f9..4b8826ac97 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -598,11 +598,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32 user_rid; uint32 acb_info = ACB_WSTRUST; - uint32 fields_present; uchar pwbuf[532]; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_25 p25; - const int infolevel = 25; struct MD5Context md5ctx; uchar md5buffer[16]; DATA_BLOB digested_session_key; @@ -610,6 +606,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, union lsa_PolicyInformation *info = NULL; struct samr_Ids user_rids; struct samr_Ids name_types; + union samr_UserInfo user_info; if (!r->in.machine_password) { r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); @@ -773,19 +770,18 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ;; } - ZERO_STRUCT(ctr); - ZERO_STRUCT(p25); + ZERO_STRUCT(user_info.info25); - fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | - SAMR_FIELD_ACCT_FLAGS; - init_sam_user_info25P(&p25, fields_present, acb_info, (char *)pwbuf); + user_info.info25.info.fields_present = ACCT_NT_PWD_SET | + ACCT_LM_PWD_SET | + SAMR_FIELD_ACCT_FLAGS; + user_info.info25.info.acct_flags = acb_info; + memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf)); - ctr.switch_value = infolevel; - ctr.info.id25 = &p25; - - status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, - infolevel, &cli->user_session_key, - &ctr); + status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + &user_pol, + 25, + &user_info); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -831,8 +827,6 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; uint32 user_rid; - SAM_USERINFO_CTR ctr; - SAM_USER_INFO_16 p16; struct lsa_String lsa_acct_name; struct samr_Ids user_rids; struct samr_Ids name_types; @@ -914,14 +908,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - ZERO_STRUCT(ctr); - ctr.switch_value = 16; - ctr.info.id16 = &p16; - - p16.acb_info = info->info16.acct_flags | ACB_DISABLED; + info->info16.acct_flags |= ACB_DISABLED; - status = rpccli_samr_set_userinfo2(pipe_hnd, mem_ctx, &user_pol, 16, - &cli->user_session_key, &ctr); + status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, + &user_pol, + 16, + info); rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); -- cgit From e2b3aad8174daede0248ce96df624e575867cfd8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Feb 2008 22:05:39 +0100 Subject: Collect all init_lsa_string varients in one place. Guenther (This used to be commit f4581e9f4482566fba9436d5ae058b8d840fa394) --- source3/libnet/libnet_join.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4b8826ac97..0543ca8474 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -50,11 +50,6 @@ #define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT) -static void init_lsa_String(struct lsa_String *name, const char *s) -{ - name->string = s; -} - /**************************************************************** ****************************************************************/ -- cgit From 9af84dd382aad55fcdfa803238d8edd57636f2aa Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 15 Feb 2008 13:57:31 +0100 Subject: Rename registry_init_regdb() to registry_init_smbconf(). That's what it actually is. Michael (This used to be commit 9d3c27f55726dbdce41fcf71c8bc1a7829340268) --- source3/libnet/libnet_conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index 4d998acad8..c3872b68de 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -62,7 +62,7 @@ static WERROR libnet_conf_reg_initialize(struct libnet_conf_ctx *ctx) { WERROR werr = WERR_OK; - if (!registry_init_regdb()) { + if (!registry_init_smbconf()) { werr = WERR_REG_IO_FAILURE; goto done; } -- cgit From 3e3df1bfe2ebce8b5c26cb5fb7d4c2f5c422fd97 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 18 Feb 2008 18:21:14 +0100 Subject: Add a function libnet_conf_get_seqnum() to the libnet_conf API. This is to provide a change sequence number to users, so that they can use it to detect change in the config and trigger a reload. Michael (This used to be commit a0b12f4d815fa92c8826954e6d73546c8a751583) --- source3/libnet/libnet_conf.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c index c3872b68de..688097bc5e 100644 --- a/source3/libnet/libnet_conf.c +++ b/source3/libnet/libnet_conf.c @@ -481,6 +481,19 @@ void libnet_conf_close(struct libnet_conf_ctx *ctx) TALLOC_FREE(ctx); } +/** + * Get the change sequence number of the given service/parameter. + * + * NOTE: Currently, for registry configuration, this is independent + * of the service and parameter, it returns the registry-sequence + * number. + */ +uint64_t libnet_conf_get_seqnum(struct libnet_conf_ctx *ctx, + const char *service, const char *param) +{ + return (uint64_t)regdb_get_seqnum(); +} + /** * Drop the whole configuration (restarting empty). */ -- cgit From 97c2dfc52f0f02c2bc605304885128622cf7f750 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:00:50 +0100 Subject: Use W_ERROR_NOT_OK_GOTO_DONE macro in libnetjoin. Guenther (This used to be commit fec230b28f456469bce051a2b26249d2026a48ea) --- source3/libnet/libnet_join.c | 34 +++++++++++++++------------------- 1 file changed, 15 insertions(+), 19 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 0543ca8474..510b9e2e2f 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -50,6 +50,12 @@ #define LIBNET_UNJOIN_OUT_DUMP_CTX(ctx, r) \ LIBNET_UNJOIN_DUMP_CTX(ctx, r, NDR_OUT) +#define W_ERROR_NOT_OK_GOTO_DONE(x) do { \ + if (!W_ERROR_IS_OK(x)) {\ + goto done;\ + }\ +} while (0) + /**************************************************************** ****************************************************************/ @@ -942,9 +948,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { werr = libnet_conf_set_global_parameter(ctx, "security", "user"); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + W_ERROR_NOT_OK_GOTO_DONE(werr); werr = libnet_conf_set_global_parameter(ctx, "workgroup", r->in.domain_name); @@ -952,27 +956,22 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) } werr = libnet_conf_set_global_parameter(ctx, "security", "domain"); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + W_ERROR_NOT_OK_GOTO_DONE(werr); werr = libnet_conf_set_global_parameter(ctx, "workgroup", r->out.netbios_domain_name); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + W_ERROR_NOT_OK_GOTO_DONE(werr); if (r->out.domain_is_ad) { werr = libnet_conf_set_global_parameter(ctx, "security", "ads"); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + W_ERROR_NOT_OK_GOTO_DONE(werr); werr = libnet_conf_set_global_parameter(ctx, "realm", r->out.dns_domain_name); + W_ERROR_NOT_OK_GOTO_DONE(werr); } -done: + done: libnet_conf_close(ctx); return werr; } @@ -993,14 +992,11 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_conf_set_global_parameter(ctx, "security", "user"); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } + W_ERROR_NOT_OK_GOTO_DONE(werr); + libnet_conf_delete_global_parameter(ctx, "realm"); } - libnet_conf_delete_global_parameter(ctx, "realm"); - -done: + done: libnet_conf_close(ctx); return werr; } -- cgit From 39ba91fd8391df61881dc07a04dde7a630f95d39 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:02:01 +0100 Subject: Merge all connect ads calls into libnet_join_post_processing_ads(). Guenther (This used to be commit be96baeffc60d05d8e297034e5253c8b75512ab2) --- source3/libnet/libnet_join.c | 28 +++++++--------------------- 1 file changed, 7 insertions(+), 21 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 510b9e2e2f..2d00fb094f 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -296,13 +296,6 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, const char *spn_array[3] = {NULL, NULL, NULL}; char *spn = NULL; - if (!r->in.ads) { - status = libnet_join_connect_ads(mem_ctx, r); - if (!ADS_ERR_OK(status)) { - return status; - } - } - status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; @@ -358,13 +351,6 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx, return ADS_SUCCESS; } - if (!r->in.ads) { - status = libnet_join_connect_ads(mem_ctx, r); - if (!ADS_ERR_OK(status)) { - return status; - } - } - status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; @@ -408,13 +394,6 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ADS_SUCCESS; } - if (!r->in.ads) { - status = libnet_join_connect_ads(mem_ctx, r); - if (!ADS_ERR_OK(status)) { - return status; - } - } - status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; @@ -525,6 +504,13 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx, { ADS_STATUS status; + if (!r->in.ads) { + status = libnet_join_connect_ads(mem_ctx, r); + if (!ADS_ERR_OK(status)) { + return status; + } + } + status = libnet_join_set_machine_spn(mem_ctx, r); if (!ADS_ERR_OK(status)) { libnet_join_set_error_string(mem_ctx, r, -- cgit From 1d807c3c29eaffb512279d3180f088cfcfe980f8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:17:29 +0100 Subject: Add preliminary libnet_join_post_verify call to libnetjoin. Guenther (This used to be commit f0e319a18d86303aeb73c08841024c27c1b135cd) --- source3/libnet/libnet_join.c | 131 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 131 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2d00fb094f..30b38372f1 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -788,6 +788,132 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +NTSTATUS libnet_join_ok(const char *netbios_domain_name, + const char *machine_name, + const char *dc_name) +{ + uint32_t neg_flags = NETLOGON_NEG_AUTH2_FLAGS | + NETLOGON_NEG_SCHANNEL; + /* FIXME: NETLOGON_NEG_SELECT_AUTH2_FLAGS */ + struct cli_state *cli = NULL; + struct rpc_pipe_client *pipe_hnd = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; + NTSTATUS status; + char *machine_password = NULL; + char *machine_account = NULL; + + if (!dc_name) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (!secrets_init()) { + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + machine_password = secrets_fetch_machine_password(netbios_domain_name, + NULL, NULL); + if (!machine_password) { + return NT_STATUS_NO_TRUST_LSA_SECRET; + } + + asprintf(&machine_account, "%s$", machine_name); + if (!machine_account) { + SAFE_FREE(machine_password); + return NT_STATUS_NO_MEMORY; + } + + status = cli_full_connection(&cli, NULL, + dc_name, + NULL, 0, + "IPC$", "IPC", + machine_account, + NULL, + machine_password, + 0, + Undefined, NULL); + free(machine_account); + free(machine_password); + + if (!NT_STATUS_IS_OK(status)) { + status = cli_full_connection(&cli, NULL, + dc_name, + NULL, 0, + "IPC$", "IPC", + "", + NULL, + "", + 0, + Undefined, NULL); + } + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_pipe = get_schannel_session_key(cli, + netbios_domain_name, + &neg_flags, &status); + if (!netlogon_pipe) { + if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_NETWORK_RESPONSE)) { + cli_shutdown(cli); + return NT_STATUS_OK; + } + + DEBUG(0,("libnet_join_ok: failed to get schannel session " + "key from server %s for domain %s. Error was %s\n", + cli->desthost, netbios_domain_name, nt_errstr(status))); + cli_shutdown(cli); + return status; + } + + if (!lp_client_schannel()) { + cli_shutdown(cli); + return NT_STATUS_OK; + } + + pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, + PIPE_AUTH_LEVEL_PRIVACY, + netbios_domain_name, + netlogon_pipe->dc, + &status); + + cli_shutdown(cli); + + if (!pipe_hnd) { + DEBUG(0,("libnet_join_ok: failed to open schannel session " + "on netlogon pipe to server %s for domain %s. " + "Error was %s\n", + cli->desthost, netbios_domain_name, nt_errstr(status))); + return status; + } + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static WERROR libnet_join_post_verify(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + NTSTATUS status; + + status = libnet_join_ok(r->out.netbios_domain_name, + r->in.machine_name, + r->in.dc_name); + if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to verify domain membership after joining: %s", + get_friendly_nt_error_msg(status)); + return WERR_SETUP_NOT_JOINED; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + static bool libnet_join_unjoindomain_remove_secrets(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { @@ -1265,6 +1391,11 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, if (!W_ERROR_IS_OK(werr)) { goto done; } + + werr = libnet_join_post_verify(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } } werr = libnet_join_post_processing(mem_ctx, r); -- cgit From 09886976f6895dc9e906e62c54408076cd509304 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:19:57 +0100 Subject: Fill in machine account manipulation flags while unjoining in libnetunjoin. Guenther (This used to be commit 23ae67158e6506199318025e3dd5fd5c0b099548) --- source3/libnet/libnet_join.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 30b38372f1..40372611c2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1464,6 +1464,8 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } + r->out.disabled_machine_account = true; + #ifdef WITH_ADS if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE) { ADS_STATUS ads_status; @@ -1473,6 +1475,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, libnet_unjoin_set_error_string(mem_ctx, r, "failed to remove machine account from AD: %s", ads_errstr(ads_status)); + } else { + r->out.deleted_machine_account = true; + /* dirty hack */ + r->out.dns_domain_name = talloc_strdup(mem_ctx, + r->in.ads->server.realm); + W_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name); } } #endif /* WITH_ADS */ -- cgit From 4ba6c04d0a1f229cd75de9e3ea6be07653b34b51 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:23:36 +0100 Subject: Delete affinity cache entries while unjoining with libnetunjoin. Guenther (This used to be commit 0315b8e53dca9a836d6bc2282fb1192f40545601) --- source3/libnet/libnet_join.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 40372611c2..c690cfc0dc 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1142,7 +1142,7 @@ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) /**************************************************************** ****************************************************************/ -static WERROR do_UnjoinConfig(struct libnet_UnjoinCtx *r) +static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r) { WERROR werr; @@ -1509,6 +1509,17 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, return WERR_OK; } +/**************************************************************** +****************************************************************/ + +static WERROR libnet_unjoin_post_processing(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r) +{ + saf_delete(r->out.netbios_domain_name); + saf_delete(r->out.dns_domain_name); + + return libnet_unjoin_config(r); +} /**************************************************************** ****************************************************************/ @@ -1530,11 +1541,12 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_DomainUnjoin(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { + libnet_unjoin_config(r); goto done; } } - werr = do_UnjoinConfig(r); + werr = libnet_unjoin_post_processing(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From 46bdaa5d375f8c8f80045212eb7bdb7bbd3f266d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:26:47 +0100 Subject: Check for mandatory domain name in libnetjoin/unjoin. Guenther (This used to be commit 95bdf2f23c195cad1b317995e362f153695e793a) --- source3/libnet/libnet_join.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index c690cfc0dc..31eec80561 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1171,8 +1171,9 @@ static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r) static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { - if (!r->in.domain_name) { + libnet_join_set_error_string(mem_ctx, r, + "No domain name defined"); return WERR_INVALID_PARAM; } @@ -1496,6 +1497,12 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx *r) { + if (!r->in.domain_name) { + libnet_unjoin_set_error_string(mem_ctx, r, + "No domain name defined"); + return WERR_INVALID_PARAM; + } + if (r->in.modify_config && !lp_config_backend_is_registry()) { return WERR_NOT_SUPPORTED; } -- cgit From 7347e1ff4797fea2ab3c463f18dfcd81cdac5a75 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 11:29:56 +0100 Subject: Store domain_is_ad info as early as possible in libnetjoin. Guenther (This used to be commit c4ba68aa94888eace393b91a669e22b27ffaba3e) --- source3/libnet/libnet_join.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 31eec80561..d2242ffb2c 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -152,9 +152,24 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, libnet_join_set_error_string(mem_ctx, r, "failed to connect to AD: %s", ads_errstr(status)); + return status; } - return status; + if (!r->out.netbios_domain_name) { + r->out.netbios_domain_name = talloc_strdup(mem_ctx, + r->in.ads->server.workgroup); + ADS_ERROR_HAVE_NO_MEMORY(r->out.netbios_domain_name); + } + + if (!r->out.dns_domain_name) { + r->out.dns_domain_name = talloc_strdup(mem_ctx, + r->in.ads->config.realm); + ADS_ERROR_HAVE_NO_MEMORY(r->out.dns_domain_name); + } + + r->out.domain_is_ad = true; + + return ADS_SUCCESS; } /**************************************************************** -- cgit From 0d8985f2da43d35d8f940af112ad74a199778dd8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 12:30:18 +0100 Subject: Let dsgetdcname() return a struct netr_DsRGetDCNameInfo. Guenther (This used to be commit b1a4b21f8c35dc23e5c986ebe44d3806055eb39b) --- source3/libnet/libnet_join.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d2242ffb2c..623ca39f71 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1315,7 +1315,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, #endif /* WITH_ADS */ if (!r->in.dc_name) { - struct DS_DOMAIN_CONTROLLER_INFO *info; + struct netr_DsRGetDCNameInfo *info; status = dsgetdcname(mem_ctx, r->in.domain_name, NULL, @@ -1333,7 +1333,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, } r->in.dc_name = talloc_strdup(mem_ctx, - info->domain_controller_name); + info->dc_unc); W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); } @@ -1447,7 +1447,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, } if (!r->in.dc_name) { - struct DS_DOMAIN_CONTROLLER_INFO *info; + struct netr_DsRGetDCNameInfo *info; status = dsgetdcname(mem_ctx, r->in.domain_name, NULL, @@ -1465,7 +1465,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, } r->in.dc_name = talloc_strdup(mem_ctx, - info->domain_controller_name); + info->dc_unc); W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); } -- cgit From 15f6e27bd5a9065c8b781fa21f5989ce2c355776 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 17:02:14 +0100 Subject: Add some more error handling in libnetjoin. Guenther (This used to be commit 892b2bc0cf1692c5707d322d0eb711b8245a3a96) --- source3/libnet/libnet_join.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 623ca39f71..97fad95a68 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1193,6 +1193,9 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, } if (r->in.modify_config && !lp_config_backend_is_registry()) { + libnet_join_set_error_string(mem_ctx, r, + "Configuration manipulation requested but not " + "supported by backend"); return WERR_NOT_SUPPORTED; } @@ -1519,9 +1522,16 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, } if (r->in.modify_config && !lp_config_backend_is_registry()) { + libnet_unjoin_set_error_string(mem_ctx, r, + "Configuration manipulation requested but not " + "supported by backend"); return WERR_NOT_SUPPORTED; } + if (IS_DC) { + return WERR_SETUP_DOMAIN_CONTROLLER; + } + if (!secrets_init()) { libnet_unjoin_set_error_string(mem_ctx, r, "Unable to open secrets database"); -- cgit From 2306574570332855670f1c53f3c9376b5114b91a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 28 Feb 2008 19:44:34 +0100 Subject: libnetjoin: Merge in comments, debugs and missing code from original join code. Guenther (This used to be commit 09e6010159cb9c2a5d86861889b8c2a07bd39a8d) --- source3/libnet/libnet_join.c | 120 +++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 117 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 97fad95a68..38d98221b4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -196,6 +196,7 @@ static ADS_STATUS libnet_unjoin_connect_ads(TALLOC_CTX *mem_ctx, } /**************************************************************** + join a domain using ADS (LDAP mods) ****************************************************************/ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, @@ -204,6 +205,7 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, ADS_STATUS status; LDAPMessage *res = NULL; const char *attrs[] = { "dn", NULL }; + bool moved = false; status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs); if (!ADS_ERR_OK(status)) { @@ -215,16 +217,41 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, return ADS_ERROR_LDAP(LDAP_NO_SUCH_OBJECT); } + ads_msgfree(r->in.ads, res); + + /* Attempt to create the machine account and bail if this fails. + Assume that the admin wants exactly what they requested */ + status = ads_create_machine_acct(r->in.ads, r->in.machine_name, r->in.account_ou); - ads_msgfree(r->in.ads, res); - if ((status.error_type == ENUM_ADS_ERROR_LDAP) && - (status.err.rc == LDAP_ALREADY_EXISTS)) { + if (ADS_ERR_OK(status)) { + DEBUG(1,("machine account creation created\n")); + return status; + } else if ((status.error_type == ENUM_ADS_ERROR_LDAP) && + (status.err.rc == LDAP_ALREADY_EXISTS)) { status = ADS_SUCCESS; } + if (!ADS_ERR_OK(status)) { + DEBUG(1,("machine account creation failed\n")); + return status; + } + + status = ads_move_machine_acct(r->in.ads, + r->in.machine_name, + r->in.account_ou, + &moved); + if (!ADS_ERR_OK(status)) { + DEBUG(1,("failure to locate/move pre-existing " + "machine account\n")); + return status; + } + + DEBUG(1,("The machine account %s the specified OU.\n", + moved ? "was moved into" : "already exists in")); + return status; } @@ -300,6 +327,7 @@ static ADS_STATUS libnet_join_find_machine_acct(TALLOC_CTX *mem_ctx, } /**************************************************************** + Set a machines dNSHostName and servicePrincipalName attributes ****************************************************************/ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, @@ -311,11 +339,15 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, const char *spn_array[3] = {NULL, NULL, NULL}; char *spn = NULL; + /* Find our DN */ + status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; } + /* Windows only creates HOST/shortname & HOST/fqdn. */ + spn = talloc_asprintf(mem_ctx, "HOST/%s", r->in.machine_name); if (!spn) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); @@ -339,6 +371,8 @@ static ADS_STATUS libnet_join_set_machine_spn(TALLOC_CTX *mem_ctx, return ADS_ERROR_LDAP(LDAP_NO_MEMORY); } + /* fields of primary importance */ + status = ads_mod_str(mem_ctx, &mods, "dNSHostName", my_fqdn); if (!ADS_ERR_OK(status)) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); @@ -366,6 +400,8 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx, return ADS_SUCCESS; } + /* Find our DN */ + status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; @@ -381,11 +417,15 @@ static ADS_STATUS libnet_join_set_machine_upn(TALLOC_CTX *mem_ctx, } } + /* now do the mods */ + mods = ads_init_mods(mem_ctx); if (!mods) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); } + /* fields of primary importance */ + status = ads_mod_str(mem_ctx, &mods, "userPrincipalName", r->in.upn); if (!ADS_ERR_OK(status)) { return ADS_ERROR_LDAP(LDAP_NO_MEMORY); @@ -409,11 +449,15 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ADS_SUCCESS; } + /* Find our DN */ + status = libnet_join_find_machine_acct(mem_ctx, r); if (!ADS_ERR_OK(status)) { return status; } + /* now do the mods */ + mods = ads_init_mods(mem_ctx); if (!mods) { return ADS_ERROR(LDAP_NO_MEMORY); @@ -424,6 +468,8 @@ static ADS_STATUS libnet_join_set_os_attributes(TALLOC_CTX *mem_ctx, return ADS_ERROR(LDAP_NO_MEMORY); } + /* fields of primary importance */ + status = ads_mod_str(mem_ctx, &mods, "operatingSystem", r->in.os_name); if (!ADS_ERR_OK(status)) { @@ -481,6 +527,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, return false; } + /* go ahead and setup the default salt */ + std_salt = kerberos_standard_des_salt(); if (!std_salt) { libnet_join_set_error_string(mem_ctx, r, @@ -495,6 +543,8 @@ static bool libnet_join_derive_salting_principal(TALLOC_CTX *mem_ctx, SAFE_FREE(std_salt); + /* if it's a Windows functional domain, we have to look for the UPN */ + if (domain_func == DS_DOMAIN_FUNCTION_2000) { char *upn; @@ -565,6 +615,7 @@ static ADS_STATUS libnet_join_post_processing_ads(TALLOC_CTX *mem_ctx, #endif /* WITH_ADS */ /**************************************************************** + Store the machine password and domain SID ****************************************************************/ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, @@ -573,6 +624,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, if (!secrets_store_domain_sid(r->out.netbios_domain_name, r->out.domain_sid)) { + DEBUG(1,("Failed to save domain sid\n")); return false; } @@ -580,6 +632,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, r->out.netbios_domain_name, SEC_CHAN_WKSTA)) { + DEBUG(1,("Failed to save machine password\n")); return false; } @@ -587,6 +640,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, } /**************************************************************** + Do the domain join ****************************************************************/ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, @@ -631,6 +685,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status); if (!pipe_hnd) { + DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", + nt_errstr(status))); goto done; } @@ -667,8 +723,12 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); cli_rpc_pipe_close(pipe_hnd); + /* Open the domain */ + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); if (!pipe_hnd) { + DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", + nt_errstr(status))); goto done; } @@ -689,6 +749,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* Create domain user */ + acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); @@ -703,6 +765,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_USER_ACCESS_SET_ATTRIBUTES; uint32_t access_granted = 0; + /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + + DEBUG(10,("Creating account with flags: %d\n", acct_flags)); + status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, &domain_pol, &lsa_acct_name, @@ -711,6 +777,25 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, &user_pol, &access_granted, &user_rid); + if (!NT_STATUS_IS_OK(status) && + !NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { + + DEBUG(10,("Creation of workstation account failed: %s\n", + nt_errstr(status))); + + /* If NT_STATUS_ACCESS_DENIED then we have a valid + username/password combo but the user does not have + administrator access. */ + + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + libnet_join_set_error_string(mem_ctx, r, + "User specified does not have " + "administrator privileges"); + } + + return status; + } + if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED)) { @@ -718,6 +803,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } } + /* We *must* do this.... don't ask... */ + if (NT_STATUS_IS_OK(status)) { rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } @@ -734,12 +821,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } if (name_types.ids[0] != SID_NAME_USER) { + DEBUG(0,("%s is not a user account (type=%d)\n", + acct_name, name_types.ids[0])); status = NT_STATUS_INVALID_WORKSTATION; goto done; } user_rid = user_rids.ids[0]; + /* Open handle on user */ + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, &domain_pol, SEC_RIGHTS_MAXIMUM_ALLOWED, @@ -749,6 +840,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* Create a random machine account password and generate the hash */ + E_md4hash(r->in.machine_password, md4_trust_password); encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); @@ -764,6 +857,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); + /* Fill in the additional account flags now */ + acb_info |= ACB_PWNOEXP; if (r->out.domain_is_ad) { #if !defined(ENCTYPE_ARCFOUR_HMAC) @@ -772,6 +867,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ;; } + /* Set password and account flags on machine account */ + ZERO_STRUCT(user_info.info25); user_info.info25.info.fields_present = ACCT_NT_PWD_SET | @@ -785,6 +882,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, 25, &user_info); if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "Failed to set password for machine account (%s)\n", + nt_errstr(status)); goto done; } @@ -973,8 +1073,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* Open the domain */ + pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); if (!pipe_hnd) { + DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", + nt_errstr(status))); goto done; } @@ -995,6 +1099,8 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* Create domain user */ + acct_name = talloc_asprintf(mem_ctx, "%s$", r->in.machine_name); strlower_m(acct_name); @@ -1012,12 +1118,16 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, } if (name_types.ids[0] != SID_NAME_USER) { + DEBUG(0, ("%s is not a user account (type=%d)\n", acct_name, + name_types.ids[0])); status = NT_STATUS_INVALID_WORKSTATION; goto done; } user_rid = user_rids.ids[0]; + /* Open handle on user */ + status = rpccli_samr_OpenUser(pipe_hnd, mem_ctx, &domain_pol, SEC_RIGHTS_MAXIMUM_ALLOWED, @@ -1027,6 +1137,8 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* Get user info */ + status = rpccli_samr_QueryUserInfo(pipe_hnd, mem_ctx, &user_pol, 16, @@ -1036,6 +1148,8 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } + /* now disable and setuser info */ + info->info16.acct_flags |= ACB_DISABLED; status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, -- cgit From 29222fa551591a6a845cf6619a664a8e3877fa3c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 29 Feb 2008 01:25:45 +0100 Subject: libnetjoin: Trying to avoid confusion between acct_flags, acb_info and access_desired. Guenther (This used to be commit 63894e5c93ef0663fc58bcc191777cd1aca7e21c) --- source3/libnet/libnet_join.c | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 38d98221b4..b8572f68b5 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -652,8 +652,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; struct lsa_String lsa_acct_name; - uint32 user_rid; - uint32 acb_info = ACB_WSTRUST; + uint32_t user_rid; + uint32_t acct_flags = ACB_WSTRUST; uchar pwbuf[532]; struct MD5Context md5ctx; uchar md5buffer[16]; @@ -690,7 +690,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, True, + status = rpccli_lsa_open_policy(pipe_hnd, mem_ctx, true, SEC_RIGHTS_MAXIMUM_ALLOWED, &lsa_pol); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -757,7 +757,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, init_lsa_String(&lsa_acct_name, acct_name); if (r->in.join_flags & WKSSVC_JOIN_FLAGS_ACCOUNT_CREATE) { - uint32_t acct_flags = + uint32_t access_desired = SEC_GENERIC_READ | SEC_GENERIC_WRITE | SEC_GENERIC_EXECUTE | SEC_STD_WRITE_DAC | SEC_STD_DELETE | SAMR_USER_ACCESS_SET_PASSWORD | @@ -765,15 +765,16 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_USER_ACCESS_SET_ATTRIBUTES; uint32_t access_granted = 0; - /* Don't try to set any acb_info flags other than ACB_WSTRUST */ + /* Don't try to set any acct_flags flags other than ACB_WSTRUST */ - DEBUG(10,("Creating account with flags: %d\n", acct_flags)); + DEBUG(10,("Creating account with desired access mask: %d\n", + access_desired)); status = rpccli_samr_CreateUser2(pipe_hnd, mem_ctx, &domain_pol, &lsa_acct_name, ACB_WSTRUST, - acct_flags, + access_desired, &user_pol, &access_granted, &user_rid); @@ -845,7 +846,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, E_md4hash(r->in.machine_password, md4_trust_password); encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); - generate_random_buffer((uint8*)md5buffer, sizeof(md5buffer)); + generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer)); digested_session_key = data_blob_talloc(mem_ctx, 0, 16); MD5Init(&md5ctx); @@ -859,10 +860,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Fill in the additional account flags now */ - acb_info |= ACB_PWNOEXP; + acct_flags |= ACB_PWNOEXP; if (r->out.domain_is_ad) { #if !defined(ENCTYPE_ARCFOUR_HMAC) - acb_info |= ACB_USE_DES_KEY_ONLY; + acct_flags |= ACB_USE_DES_KEY_ONLY; #endif ;; } @@ -874,7 +875,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, user_info.info25.info.fields_present = ACCT_NT_PWD_SET | ACCT_LM_PWD_SET | SAMR_FIELD_ACCT_FLAGS; - user_info.info25.info.acct_flags = acb_info; + + user_info.info25.info.acct_flags = acct_flags; memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf)); status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, @@ -1054,7 +1056,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, POLICY_HND sam_pol, domain_pol, user_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; char *acct_name; - uint32 user_rid; + uint32_t user_rid; struct lsa_String lsa_acct_name; struct samr_Ids user_rids; struct samr_Ids name_types; -- cgit From 53d55794dfbce06fcb40e5bdd81ca8a6dc1c4655 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 29 Feb 2008 01:27:52 +0100 Subject: libnetjoin: add fallback to level 24 samr setinfo so that libnet can join NT4. Guenther (This used to be commit bc2d3d51449831146a9faf6e809e7a91d174659c) --- source3/libnet/libnet_join.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b8572f68b5..1a8486f5b5 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -883,6 +883,25 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, &user_pol, 25, &user_info); + + if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { + + uchar pwbuf2[516]; + + encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE); + + /* retry with level 24 */ + init_samr_user_info24(&user_info.info24, pwbuf2, 24); + + SamOEMhashBlob(user_info.info24.password.data, 516, + &cli->user_session_key); + + status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 24, + &user_info); + } + if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, "Failed to set password for machine account (%s)\n", -- cgit From 422af9a516dd36fa291a28fd5753a05c139aaecb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 1 Mar 2008 16:13:25 +0100 Subject: Make sure we are still able to join Windows 2008. Guenther (This used to be commit aa9c0f587718f4d647e87b9662acbedba042b9cb) --- source3/libnet/libnet_join.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1a8486f5b5..866d1c06e1 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -928,9 +928,8 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, const char *dc_name) { - uint32_t neg_flags = NETLOGON_NEG_AUTH2_FLAGS | + uint32_t neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS | NETLOGON_NEG_SCHANNEL; - /* FIXME: NETLOGON_NEG_SELECT_AUTH2_FLAGS */ struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; -- cgit From 5a4182012de914116798455793fd1963c2e65d28 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Mar 2008 11:07:13 +0100 Subject: Use TALLOC_FREE in libnetjoin debugging dump code. Guenther (This used to be commit b753087ff79c1d35a409eddc1f61e115e887c1e1) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 866d1c06e1..4f9e4c1c86 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -29,7 +29,7 @@ char *str = NULL; \ str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_JoinCtx, f, r); \ DEBUG(1,("libnet_Join:\n%s", str)); \ - talloc_free(str); \ + TALLOC_FREE(str); \ } while (0) #define LIBNET_JOIN_IN_DUMP_CTX(ctx, r) \ @@ -42,7 +42,7 @@ char *str = NULL; \ str = NDR_PRINT_FUNCTION_STRING(ctx, libnet_UnjoinCtx, f, r); \ DEBUG(1,("libnet_Unjoin:\n%s", str)); \ - talloc_free(str); \ + TALLOC_FREE(str); \ } while (0) #define LIBNET_UNJOIN_IN_DUMP_CTX(ctx, r) \ -- cgit From d06274b541ac4c4f021ff2fa90690431d2bb87c9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Mar 2008 19:04:54 +0100 Subject: Add secure_channel_type to libnetjoin. Guenther (This used to be commit f88910c1e5186737da4eda5a7a396c3238fc6775) --- source3/libnet/libnet_join.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4f9e4c1c86..9bed346b5e 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -630,7 +630,7 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, if (!secrets_store_machine_password(r->in.machine_password, r->out.netbios_domain_name, - SEC_CHAN_WKSTA)) + r->in.secure_channel_type)) { DEBUG(1,("Failed to save machine password\n")); return false; @@ -1412,6 +1412,8 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + ctx->in.secure_channel_type = SEC_CHAN_WKSTA; + *r = ctx; return WERR_OK; -- cgit From 670418c1165f0a149bfdd4bcdc5bde575df43ef2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Mar 2008 17:29:44 +0100 Subject: Move libnet_conf to a library lib/smbconf/ of its own, fixing the api. The libnet_conf code to access the registry based configuration has become more of a library used in several places in samba (e.g. loadparm) than an abstraction of "net conf". So I move it to a location lib/smbconf/. In the same breath, the api is fixed (not generated by make proto anymore). Michael (This used to be commit 5315ef41f403b96715dd68b512e9e74662e2910a) --- source3/libnet/libnet.h | 1 - source3/libnet/libnet_conf.c | 973 ------------------------------------------- source3/libnet/libnet_conf.h | 27 -- 3 files changed, 1001 deletions(-) delete mode 100644 source3/libnet/libnet_conf.c delete mode 100644 source3/libnet/libnet_conf.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index 97e720f617..6768b948d6 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -21,7 +21,6 @@ #define __LIBNET_H__ #include "librpc/gen_ndr/libnet_join.h" -#include "libnet/libnet_conf.h" #include "libnet/libnet_proto.h" #endif diff --git a/source3/libnet/libnet_conf.c b/source3/libnet/libnet_conf.c deleted file mode 100644 index 688097bc5e..0000000000 --- a/source3/libnet/libnet_conf.c +++ /dev/null @@ -1,973 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * libnet smbconf registry Support - * Copyright (C) Michael Adam 2007-2008 - * Copyright (C) Guenther Deschner 2007 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#include "includes.h" -#include "libnet/libnet.h" - -/********************************************************************** - * - * Helper functions (mostly registry related) - * TODO: These should be eventually static. - - **********************************************************************/ - -/** - * add a string to a talloced array of strings. - */ -static WERROR libnet_conf_add_string_to_array(TALLOC_CTX *mem_ctx, - char ***array, - uint32_t count, - const char *string) -{ - char **new_array = NULL; - - if ((array == NULL) || (string == NULL)) { - return WERR_INVALID_PARAM; - } - - new_array = TALLOC_REALLOC_ARRAY(mem_ctx, *array, char *, count + 1); - if (new_array == NULL) { - return WERR_NOMEM; - } - - new_array[count] = talloc_strdup(new_array, string); - if (new_array[count] == NULL) { - TALLOC_FREE(new_array); - return WERR_NOMEM; - } - - *array = new_array; - - return WERR_OK; -} - -static WERROR libnet_conf_reg_initialize(struct libnet_conf_ctx *ctx) -{ - WERROR werr = WERR_OK; - - if (!registry_init_smbconf()) { - werr = WERR_REG_IO_FAILURE; - goto done; - } - - werr = ntstatus_to_werror(registry_create_admin_token(ctx, - &(ctx->token))); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(1, ("Error creating admin token\n")); - goto done; - } - -done: - return werr; -} - -/** - * Open a registry key specified by "path" - */ -static WERROR libnet_conf_reg_open_path(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - const char *path, - uint32 desired_access, - struct registry_key **key) -{ - WERROR werr = WERR_OK; - - if (ctx == NULL) { - DEBUG(1, ("Error: configuration is not open!\n")); - werr = WERR_INVALID_PARAM; - goto done; - } - - if (ctx->token == NULL) { - DEBUG(1, ("Error: token missing from libnet_conf_ctx. " - "was libnet_conf_open() called?\n")); - werr = WERR_INVALID_PARAM; - goto done; - } - - if (path == NULL) { - DEBUG(1, ("Error: NULL path string given\n")); - werr = WERR_INVALID_PARAM; - goto done; - } - - werr = reg_open_path(mem_ctx, path, desired_access, ctx->token, key); - - if (!W_ERROR_IS_OK(werr)) { - DEBUG(1, ("Error opening registry path '%s': %s\n", - path, dos_errstr(werr))); - } - -done: - return werr; -} - -/** - * Open a subkey of KEY_SMBCONF (i.e a service) - */ -static WERROR libnet_conf_reg_open_service_key(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - const char *servicename, - uint32 desired_access, - struct registry_key **key) -{ - WERROR werr = WERR_OK; - char *path = NULL; - - if (servicename == NULL) { - DEBUG(3, ("Error: NULL servicename given.\n")); - werr = WERR_INVALID_PARAM; - goto done; - } - - path = talloc_asprintf(mem_ctx, "%s\\%s", KEY_SMBCONF, servicename); - if (path == NULL) { - werr = WERR_NOMEM; - goto done; - } - - werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, desired_access, - key); - -done: - TALLOC_FREE(path); - return werr; -} - -/** - * open the base key KEY_SMBCONF - */ -static WERROR libnet_conf_reg_open_base_key(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - uint32 desired_access, - struct registry_key **key) -{ - return libnet_conf_reg_open_path(mem_ctx, ctx, KEY_SMBCONF, - desired_access, key); -} - -/** - * check if a value exists in a given registry key - */ -static bool libnet_conf_value_exists(struct registry_key *key, - const char *param) -{ - bool ret = false; - WERROR werr = WERR_OK; - TALLOC_CTX *ctx = talloc_stackframe(); - struct registry_value *value = NULL; - - werr = reg_queryvalue(ctx, key, param, &value); - if (W_ERROR_IS_OK(werr)) { - ret = true; - } - - TALLOC_FREE(ctx); - return ret; -} - -/** - * create a subkey of KEY_SMBCONF - */ -static WERROR libnet_conf_reg_create_service_key(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - const char * subkeyname, - struct registry_key **newkey) -{ - WERROR werr = WERR_OK; - struct registry_key *create_parent = NULL; - TALLOC_CTX *create_ctx; - enum winreg_CreateAction action = REG_ACTION_NONE; - - /* create a new talloc ctx for creation. it will hold - * the intermediate parent key (SMBCONF) for creation - * and will be destroyed when leaving this function... */ - if (!(create_ctx = talloc_stackframe())) { - werr = WERR_NOMEM; - goto done; - } - - werr = libnet_conf_reg_open_base_key(create_ctx, ctx, REG_KEY_WRITE, - &create_parent); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_createkey(mem_ctx, create_parent, subkeyname, - REG_KEY_WRITE, newkey, &action); - if (W_ERROR_IS_OK(werr) && (action != REG_CREATED_NEW_KEY)) { - DEBUG(10, ("Key '%s' already exists.\n", subkeyname)); - werr = WERR_ALREADY_EXISTS; - } - if (!W_ERROR_IS_OK(werr)) { - DEBUG(5, ("Error creating key %s: %s\n", - subkeyname, dos_errstr(werr))); - } - -done: - TALLOC_FREE(create_ctx); - return werr; -} - -/** - * add a value to a key. - */ -static WERROR libnet_conf_reg_set_value(struct registry_key *key, - const char *valname, - const char *valstr) -{ - struct registry_value val; - WERROR werr = WERR_OK; - char *subkeyname; - const char *canon_valname; - const char *canon_valstr; - - if (!lp_canonicalize_parameter_with_value(valname, valstr, - &canon_valname, - &canon_valstr)) - { - if (canon_valname == NULL) { - DEBUG(5, ("invalid parameter '%s' given\n", - valname)); - } else { - DEBUG(5, ("invalid value '%s' given for " - "parameter '%s'\n", valstr, valname)); - } - werr = WERR_INVALID_PARAM; - goto done; - } - - ZERO_STRUCT(val); - - val.type = REG_SZ; - val.v.sz.str = CONST_DISCARD(char *, canon_valstr); - val.v.sz.len = strlen(canon_valstr) + 1; - - if (registry_smbconf_valname_forbidden(canon_valname)) { - DEBUG(5, ("Parameter '%s' not allowed in registry.\n", - canon_valname)); - werr = WERR_INVALID_PARAM; - goto done; - } - - subkeyname = strrchr_m(key->key->name, '\\'); - if ((subkeyname == NULL) || (*(subkeyname +1) == '\0')) { - DEBUG(5, ("Invalid registry key '%s' given as " - "smbconf section.\n", key->key->name)); - werr = WERR_INVALID_PARAM; - goto done; - } - subkeyname++; - if (!strequal(subkeyname, GLOBAL_NAME) && - lp_parameter_is_global(valname)) - { - DEBUG(5, ("Global paramter '%s' not allowed in " - "service definition ('%s').\n", canon_valname, - subkeyname)); - werr = WERR_INVALID_PARAM; - goto done; - } - - werr = reg_setvalue(key, canon_valname, &val); - if (!W_ERROR_IS_OK(werr)) { - DEBUG(5, ("Error adding value '%s' to " - "key '%s': %s\n", - canon_valname, key->key->name, dos_errstr(werr))); - } - -done: - return werr; -} - -/** - * format a registry_value into a string. - * - * This is intended to be used for smbconf registry values, - * which are ar stored as REG_SZ values, so the incomplete - * handling should be ok. - */ -static char *libnet_conf_format_registry_value(TALLOC_CTX *mem_ctx, - struct registry_value *value) -{ - char *result = NULL; - - /* alternatively, create a new talloc context? */ - if (mem_ctx == NULL) { - return result; - } - - switch (value->type) { - case REG_DWORD: - result = talloc_asprintf(mem_ctx, "%d", value->v.dword); - break; - case REG_SZ: - case REG_EXPAND_SZ: - result = talloc_asprintf(mem_ctx, "%s", value->v.sz.str); - break; - case REG_MULTI_SZ: { - uint32 j; - for (j = 0; j < value->v.multi_sz.num_strings; j++) { - result = talloc_asprintf(mem_ctx, "%s \"%s\" ", - result, - value->v.multi_sz.strings[j]); - if (result == NULL) { - break; - } - } - break; - } - case REG_BINARY: - result = talloc_asprintf(mem_ctx, "binary (%d bytes)", - (int)value->v.binary.length); - break; - default: - result = talloc_asprintf(mem_ctx, ""); - break; - } - return result; -} - -/** - * Get the values of a key as a list of value names - * and a list of value strings (ordered) - */ -static WERROR libnet_conf_reg_get_values(TALLOC_CTX *mem_ctx, - struct registry_key *key, - uint32_t *num_values, - char ***value_names, - char ***value_strings) -{ - TALLOC_CTX *tmp_ctx = NULL; - WERROR werr = WERR_OK; - uint32_t count; - struct registry_value *valvalue = NULL; - char *valname = NULL; - char **tmp_valnames = NULL; - char **tmp_valstrings = NULL; - - if ((num_values == NULL) || (value_names == NULL) || - (value_strings == NULL)) - { - werr = WERR_INVALID_PARAM; - goto done; - } - - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - for (count = 0; - W_ERROR_IS_OK(werr = reg_enumvalue(tmp_ctx, key, count, &valname, - &valvalue)); - count++) - { - char *valstring; - - werr = libnet_conf_add_string_to_array(tmp_ctx, - &tmp_valnames, - count, valname); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - valstring = libnet_conf_format_registry_value(tmp_ctx, - valvalue); - werr = libnet_conf_add_string_to_array(tmp_ctx, - &tmp_valstrings, - count, - valstring); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - goto done; - } - - werr = WERR_OK; - - *num_values = count; - if (count > 0) { - *value_names = talloc_move(mem_ctx, &tmp_valnames); - *value_strings = talloc_move(mem_ctx, &tmp_valstrings); - } else { - *value_names = NULL; - *value_strings = NULL; - } - -done: - TALLOC_FREE(tmp_ctx); - return werr; -} - -static int libnet_conf_destroy_ctx(struct libnet_conf_ctx *ctx) -{ - return regdb_close(); -} - -/********************************************************************** - * - * The actual net conf api functions, that are exported. - * - **********************************************************************/ - -/** - * Open the configuration. - * - * This should be the first function in a sequence of calls to libnet_conf - * functions: - * - * Upon success, this creates and returns the conf context - * that should be passed around in subsequent calls to the other - * libnet_conf functions. - * - * After the work with the configuration is completed, libnet_conf_close() - * should be called. - */ -WERROR libnet_conf_open(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx **conf_ctx) -{ - WERROR werr = WERR_OK; - struct libnet_conf_ctx *ctx; - - if (conf_ctx == NULL) { - return WERR_INVALID_PARAM; - } - - ctx = TALLOC_ZERO_P(mem_ctx, struct libnet_conf_ctx); - if (ctx == NULL) { - return WERR_NOMEM; - } - - werr = libnet_conf_reg_initialize(ctx); - if (!W_ERROR_IS_OK(werr)) { - goto fail; - } - - talloc_set_destructor(ctx, libnet_conf_destroy_ctx); - - *conf_ctx = ctx; - return werr; - -fail: - TALLOC_FREE(ctx); - return werr; -} - -/** - * Close the configuration. - */ -void libnet_conf_close(struct libnet_conf_ctx *ctx) -{ - /* this also closes the registry (by destructor): */ - TALLOC_FREE(ctx); -} - -/** - * Get the change sequence number of the given service/parameter. - * - * NOTE: Currently, for registry configuration, this is independent - * of the service and parameter, it returns the registry-sequence - * number. - */ -uint64_t libnet_conf_get_seqnum(struct libnet_conf_ctx *ctx, - const char *service, const char *param) -{ - return (uint64_t)regdb_get_seqnum(); -} - -/** - * Drop the whole configuration (restarting empty). - */ -WERROR libnet_conf_drop(struct libnet_conf_ctx *ctx) -{ - char *path, *p; - WERROR werr = WERR_OK; - struct registry_key *parent_key = NULL; - struct registry_key *new_key = NULL; - TALLOC_CTX* mem_ctx = talloc_stackframe(); - enum winreg_CreateAction action; - - path = talloc_strdup(mem_ctx, KEY_SMBCONF); - if (path == NULL) { - werr = WERR_NOMEM; - goto done; - } - p = strrchr(path, '\\'); - *p = '\0'; - werr = libnet_conf_reg_open_path(mem_ctx, ctx, path, REG_KEY_WRITE, - &parent_key); - - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_deletekey_recursive(mem_ctx, parent_key, p+1); - - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_createkey(mem_ctx, parent_key, p+1, REG_KEY_WRITE, - &new_key, &action); - -done: - TALLOC_FREE(mem_ctx); - return werr; -} - -/** - * Get the whole configuration as lists of strings with counts: - * - * num_shares : number of shares - * share_names : list of length num_shares of share names - * num_params : list of length num_shares of parameter counts for each share - * param_names : list of lists of parameter names for each share - * param_values : list of lists of parameter values for each share - */ -WERROR libnet_conf_get_config(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, uint32_t *num_shares, - char ***share_names, uint32_t **num_params, - char ****param_names, char ****param_values) -{ - WERROR werr = WERR_OK; - TALLOC_CTX *tmp_ctx = NULL; - uint32_t tmp_num_shares; - char **tmp_share_names; - uint32_t *tmp_num_params; - char ***tmp_param_names; - char ***tmp_param_values; - uint32_t count; - - if ((num_shares == NULL) || (share_names == NULL) || - (num_params == NULL) || (param_names == NULL) || - (param_values == NULL)) - { - werr = WERR_INVALID_PARAM; - goto done; - } - - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - werr = libnet_conf_get_share_names(tmp_ctx, ctx, &tmp_num_shares, - &tmp_share_names); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - tmp_num_params = TALLOC_ARRAY(tmp_ctx, uint32_t, tmp_num_shares); - tmp_param_names = TALLOC_ARRAY(tmp_ctx, char **, tmp_num_shares); - tmp_param_values = TALLOC_ARRAY(tmp_ctx, char **, tmp_num_shares); - - if ((tmp_num_params == NULL) || (tmp_param_names == NULL) || - (tmp_param_values == NULL)) - { - werr = WERR_NOMEM; - goto done; - } - - for (count = 0; count < tmp_num_shares; count++) { - werr = libnet_conf_get_share(mem_ctx, ctx, - tmp_share_names[count], - &tmp_num_params[count], - &tmp_param_names[count], - &tmp_param_values[count]); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - - werr = WERR_OK; - - *num_shares = tmp_num_shares; - if (tmp_num_shares > 0) { - *share_names = talloc_move(mem_ctx, &tmp_share_names); - *num_params = talloc_move(mem_ctx, &tmp_num_params); - *param_names = talloc_move(mem_ctx, &tmp_param_names); - *param_values = talloc_move(mem_ctx, &tmp_param_values); - } else { - *share_names = NULL; - *num_params = NULL; - *param_names = NULL; - *param_values = NULL; - } - -done: - TALLOC_FREE(tmp_ctx); - return werr; -} - -/** - * get the list of share names defined in the configuration. - */ -WERROR libnet_conf_get_share_names(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - uint32_t *num_shares, - char ***share_names) -{ - uint32_t count; - uint32_t added_count = 0; - TALLOC_CTX *tmp_ctx = NULL; - WERROR werr = WERR_OK; - struct registry_key *key = NULL; - char *subkey_name = NULL; - char **tmp_share_names = NULL; - - if ((num_shares == NULL) || (share_names == NULL)) { - werr = WERR_INVALID_PARAM; - goto done; - } - - tmp_ctx = talloc_stackframe(); - if (tmp_ctx == NULL) { - werr = WERR_NOMEM; - goto done; - } - - /* make sure "global" is always listed first */ - if (libnet_conf_share_exists(ctx, GLOBAL_NAME)) { - werr = libnet_conf_add_string_to_array(tmp_ctx, - &tmp_share_names, - 0, GLOBAL_NAME); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - added_count++; - } - - werr = libnet_conf_reg_open_base_key(tmp_ctx, ctx, - SEC_RIGHTS_ENUM_SUBKEYS, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - for (count = 0; - W_ERROR_IS_OK(werr = reg_enumkey(tmp_ctx, key, count, - &subkey_name, NULL)); - count++) - { - if (strequal(subkey_name, GLOBAL_NAME)) { - continue; - } - - werr = libnet_conf_add_string_to_array(tmp_ctx, - &tmp_share_names, - added_count, - subkey_name); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - added_count++; - } - if (!W_ERROR_EQUAL(WERR_NO_MORE_ITEMS, werr)) { - goto done; - } - werr = WERR_OK; - - *num_shares = added_count; - if (added_count > 0) { - *share_names = talloc_move(mem_ctx, &tmp_share_names); - } else { - *share_names = NULL; - } - -done: - TALLOC_FREE(tmp_ctx); - return werr; -} - -/** - * check if a share/service of a given name exists - */ -bool libnet_conf_share_exists(struct libnet_conf_ctx *ctx, - const char *servicename) -{ - bool ret = false; - WERROR werr = WERR_OK; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - struct registry_key *key = NULL; - - werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, servicename, - REG_KEY_READ, &key); - if (W_ERROR_IS_OK(werr)) { - ret = true; - } - - TALLOC_FREE(mem_ctx); - return ret; -} - -/** - * Add a service if it does not already exist. - */ -WERROR libnet_conf_create_share(struct libnet_conf_ctx *ctx, - const char *servicename) -{ - WERROR werr; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - struct registry_key *key = NULL; - - if (libnet_conf_share_exists(ctx, servicename)) { - werr = WERR_ALREADY_EXISTS; - goto done; - } - - werr = libnet_conf_reg_create_service_key(mem_ctx, ctx, servicename, - &key); - -done: - TALLOC_FREE(mem_ctx); - return werr; -} - -/** - * get a definition of a share (service) from configuration. - */ -WERROR libnet_conf_get_share(TALLOC_CTX *mem_ctx, struct libnet_conf_ctx *ctx, - const char *servicename, uint32_t *num_params, - char ***param_names, char ***param_values) -{ - WERROR werr = WERR_OK; - struct registry_key *key = NULL; - - werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, servicename, - REG_KEY_READ, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = libnet_conf_reg_get_values(mem_ctx, key, num_params, - param_names, param_values); - -done: - TALLOC_FREE(key); - return werr; -} - -/** - * delete a service from configuration - */ -WERROR libnet_conf_delete_share(struct libnet_conf_ctx *ctx, - const char *servicename) -{ - WERROR werr = WERR_OK; - struct registry_key *key = NULL; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - - werr = libnet_conf_reg_open_base_key(mem_ctx, ctx, REG_KEY_WRITE, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = reg_deletekey_recursive(key, key, servicename); - -done: - TALLOC_FREE(mem_ctx); - return werr; -} - -/** - * set a configuration parameter to the value provided. - */ -WERROR libnet_conf_set_parameter(struct libnet_conf_ctx *ctx, - const char *service, - const char *param, - const char *valstr) -{ - WERROR werr; - struct registry_key *key = NULL; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - - if (!libnet_conf_share_exists(ctx, service)) { - werr = WERR_NO_SUCH_SERVICE; - goto done; - } - - werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, - REG_KEY_WRITE, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - werr = libnet_conf_reg_set_value(key, param, valstr); - -done: - TALLOC_FREE(mem_ctx); - return werr; -} - -/** - * Set a global parameter - * (i.e. a parameter in the [global] service). - * - * This also creates [global] when it does not exist. - */ -WERROR libnet_conf_set_global_parameter(struct libnet_conf_ctx *ctx, - const char *param, const char *val) -{ - WERROR werr; - - if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { - werr = libnet_conf_create_share(ctx, GLOBAL_NAME); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - werr = libnet_conf_set_parameter(ctx, GLOBAL_NAME, param, val); - -done: - return werr; -} - -/** - * get the value of a configuration parameter as a string - */ -WERROR libnet_conf_get_parameter(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - const char *service, - const char *param, - char **valstr) -{ - WERROR werr = WERR_OK; - struct registry_key *key = NULL; - struct registry_value *value = NULL; - - if (valstr == NULL) { - werr = WERR_INVALID_PARAM; - goto done; - } - - if (!libnet_conf_share_exists(ctx, service)) { - werr = WERR_NO_SUCH_SERVICE; - goto done; - } - - werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, - REG_KEY_READ, &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - if (!libnet_conf_value_exists(key, param)) { - werr = WERR_INVALID_PARAM; - goto done; - } - - werr = reg_queryvalue(mem_ctx, key, param, &value); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - *valstr = libnet_conf_format_registry_value(mem_ctx, value); - - if (*valstr == NULL) { - werr = WERR_NOMEM; - } - -done: - TALLOC_FREE(key); - TALLOC_FREE(value); - return werr; -} - -/** - * Get the value of a global parameter. - * - * Create [global] if it does not exist. - */ -WERROR libnet_conf_get_global_parameter(TALLOC_CTX *mem_ctx, - struct libnet_conf_ctx *ctx, - const char *param, - char **valstr) -{ - WERROR werr; - - if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { - werr = libnet_conf_create_share(ctx, GLOBAL_NAME); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - werr = libnet_conf_get_parameter(mem_ctx, ctx, GLOBAL_NAME, param, - valstr); - -done: - return werr; -} - -/** - * delete a parameter from configuration - */ -WERROR libnet_conf_delete_parameter(struct libnet_conf_ctx *ctx, - const char *service, const char *param) -{ - struct registry_key *key = NULL; - WERROR werr = WERR_OK; - TALLOC_CTX *mem_ctx = talloc_stackframe(); - - if (!libnet_conf_share_exists(ctx, service)) { - return WERR_NO_SUCH_SERVICE; - } - - werr = libnet_conf_reg_open_service_key(mem_ctx, ctx, service, - REG_KEY_ALL, - &key); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - - if (!libnet_conf_value_exists(key, param)) { - werr = WERR_INVALID_PARAM; - goto done; - } - - werr = reg_deletevalue(key, param); - -done: - TALLOC_FREE(mem_ctx); - return werr; -} - -/** - * Delete a global parameter. - * - * Create [global] if it does not exist. - */ -WERROR libnet_conf_delete_global_parameter(struct libnet_conf_ctx *ctx, - const char *param) -{ - WERROR werr; - - if (!libnet_conf_share_exists(ctx, GLOBAL_NAME)) { - werr = libnet_conf_create_share(ctx, GLOBAL_NAME); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - } - werr = libnet_conf_delete_parameter(ctx, GLOBAL_NAME, param); - -done: - return werr; -} diff --git a/source3/libnet/libnet_conf.h b/source3/libnet/libnet_conf.h deleted file mode 100644 index b518c0e3b0..0000000000 --- a/source3/libnet/libnet_conf.h +++ /dev/null @@ -1,27 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * libnet smbconf registry support - * Copyright (C) Michael Adam 2008 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, see . - */ - -#ifndef __LIBNET_CONF_H__ -#define __LIBNET_CONF_H__ - -struct libnet_conf_ctx { - NT_USER_TOKEN *token; -}; - -#endif -- cgit From 6274929b1e1ddf89f4c5e93414121eaf06b6ab14 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Mar 2008 18:01:33 +0100 Subject: libsmbconf: rename all occurrences of libnet_conf_ to smbconf_ . Michael (This used to be commit 097af0309d7c3e9342058ba5266667293b23c80d) --- source3/libnet/libnet_join.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 9bed346b5e..2e634a16f1 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1199,41 +1199,41 @@ done: static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) { WERROR werr; - struct libnet_conf_ctx *ctx; + struct smbconf_ctx *ctx; - werr = libnet_conf_open(r, &ctx); + werr = smbconf_open(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { - werr = libnet_conf_set_global_parameter(ctx, "security", "user"); + werr = smbconf_set_global_parameter(ctx, "security", "user"); W_ERROR_NOT_OK_GOTO_DONE(werr); - werr = libnet_conf_set_global_parameter(ctx, "workgroup", - r->in.domain_name); + werr = smbconf_set_global_parameter(ctx, "workgroup", + r->in.domain_name); goto done; } - werr = libnet_conf_set_global_parameter(ctx, "security", "domain"); + werr = smbconf_set_global_parameter(ctx, "security", "domain"); W_ERROR_NOT_OK_GOTO_DONE(werr); - werr = libnet_conf_set_global_parameter(ctx, "workgroup", - r->out.netbios_domain_name); + werr = smbconf_set_global_parameter(ctx, "workgroup", + r->out.netbios_domain_name); W_ERROR_NOT_OK_GOTO_DONE(werr); if (r->out.domain_is_ad) { - werr = libnet_conf_set_global_parameter(ctx, "security", "ads"); + werr = smbconf_set_global_parameter(ctx, "security", "ads"); W_ERROR_NOT_OK_GOTO_DONE(werr); - werr = libnet_conf_set_global_parameter(ctx, "realm", - r->out.dns_domain_name); + werr = smbconf_set_global_parameter(ctx, "realm", + r->out.dns_domain_name); W_ERROR_NOT_OK_GOTO_DONE(werr); } done: - libnet_conf_close(ctx); + smbconf_close(ctx); return werr; } @@ -1243,22 +1243,22 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) { WERROR werr = WERR_OK; - struct libnet_conf_ctx *ctx; + struct smbconf_ctx *ctx; - werr = libnet_conf_open(r, &ctx); + werr = smbconf_open(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } if (r->in.unjoin_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - werr = libnet_conf_set_global_parameter(ctx, "security", "user"); + werr = smbconf_set_global_parameter(ctx, "security", "user"); W_ERROR_NOT_OK_GOTO_DONE(werr); - libnet_conf_delete_global_parameter(ctx, "realm"); + smbconf_delete_global_parameter(ctx, "realm"); } done: - libnet_conf_close(ctx); + smbconf_close(ctx); return werr; } -- cgit From adf5bf554cd6bfdc5c6e7b1ed54f7f9329b15c50 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Mar 2008 23:41:39 +0100 Subject: libsmbconf: rename smbconf_open() to smbconf_init(). That's more appropriate. Michael (This used to be commit d7bd9bb8aa2003ec0a9860df26857f67255febe2) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2e634a16f1..7e3e9cc93a 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1201,7 +1201,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) WERROR werr; struct smbconf_ctx *ctx; - werr = smbconf_open(r, &ctx); + werr = smbconf_init(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -1245,7 +1245,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) WERROR werr = WERR_OK; struct smbconf_ctx *ctx; - werr = smbconf_open(r, &ctx); + werr = smbconf_init(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From 23b1d721b8262f69cb7e28348c8e5cdf3483d4ea Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Mar 2008 01:04:57 +0100 Subject: libsmbconf: rename smbconf_close() to smbconf_shutdown(). Michael (This used to be commit 797b26ad3fad27e085827efb61f6b4d8b37e93f0) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7e3e9cc93a..12081c3a10 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1233,7 +1233,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) } done: - smbconf_close(ctx); + smbconf_shutdown(ctx); return werr; } @@ -1258,7 +1258,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) } done: - smbconf_close(ctx); + smbconf_shutdown(ctx); return werr; } -- cgit From fececde1815bf0469bb56e07cf23f54011c9b4ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Mar 2008 02:20:16 +0100 Subject: libsmbconf: add backend specific init function. Hide generic init function taking smbconf_ops argument from public api. Michael (This used to be commit b3f6920ccb9a27fde26e889a7f1f3afaf56b784f) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 12081c3a10..d3fba167d9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1201,7 +1201,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) WERROR werr; struct smbconf_ctx *ctx; - werr = smbconf_init(r, &ctx); + werr = smbconf_init_reg(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -1245,7 +1245,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) WERROR werr = WERR_OK; struct smbconf_ctx *ctx; - werr = smbconf_init(r, &ctx); + werr = smbconf_init_reg(r, &ctx); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From c69c5c132ade57d1eb860ae8f73b0e48de0e5c6f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 21 Mar 2008 10:40:40 +0100 Subject: Fix Coverity ID 547 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Günther, please check. If r->in.ads==NULL, we can't call ads_leave_realm at all. Thanks, Volker (This used to be commit 120d8c889fa9ad61c74f1f936e83537513454648) --- source3/libnet/libnet_join.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d3fba167d9..52376ac821 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -264,10 +264,7 @@ static ADS_STATUS libnet_unjoin_remove_machine_acct(TALLOC_CTX *mem_ctx, ADS_STATUS status; if (!r->in.ads) { - status = libnet_unjoin_connect_ads(mem_ctx, r); - if (!ADS_ERR_OK(status)) { - return status; - } + return libnet_unjoin_connect_ads(mem_ctx, r); } status = ads_leave_realm(r->in.ads, r->in.machine_name); -- cgit From 6f7cfeddd61f728e2452a7b89f5ee2ff36ca394f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Mar 2008 17:55:31 +0100 Subject: libsmbconf: add a "path" variable to the conf context. This is passed to the module init routines. In case of the registry, this is the path of the basekey in registry, that is to be used, defaulting to KEY_SMBCONF (HKLM\software\samba\smbconf), when NULL is given. This is the only case currently used. In order to support other keys, registry initialization for smbconf has to be changed to support different keys. Michael (This used to be commit 96434d9dc7a66773e313cc128af57493dee245a1) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 52376ac821..6d5449ff57 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1198,7 +1198,7 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) WERROR werr; struct smbconf_ctx *ctx; - werr = smbconf_init_reg(r, &ctx); + werr = smbconf_init_reg(r, &ctx, NULL); if (!W_ERROR_IS_OK(werr)) { goto done; } @@ -1242,7 +1242,7 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) WERROR werr = WERR_OK; struct smbconf_ctx *ctx; - werr = smbconf_init_reg(r, &ctx); + werr = smbconf_init_reg(r, &ctx, NULL); if (!W_ERROR_IS_OK(werr)) { goto done; } -- cgit From 14b6e9d46bd6b7939acdf66f8c8bc043579d39a6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 14:13:27 +0100 Subject: Add Support for DOMAIN\DCNAME syntax in libnetjoin. This format is used by Windows to enforce joining to a specific DC. Guenther (This used to be commit cc654892c0d76dea001cd8f7bd6f50cf9e89e9c9) --- source3/libnet/libnet_join.c | 58 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6d5449ff57..f55d558c01 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1314,6 +1314,48 @@ static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r) /**************************************************************** ****************************************************************/ +static bool libnet_parse_domain_dc(TALLOC_CTX *mem_ctx, + const char *domain_str, + const char **domain_p, + const char **dc_p) +{ + char *domain = NULL; + char *dc = NULL; + const char *p = NULL; + + if (!domain_str || !domain_p || !dc_p) { + return false; + } + + p = strchr_m(domain_str, '\\'); + + if (p != NULL) { + domain = talloc_strndup(mem_ctx, domain_str, + PTR_DIFF(p, domain_str)); + dc = talloc_strdup(mem_ctx, p+1); + if (!dc) { + return false; + } + } else { + domain = talloc_strdup(mem_ctx, domain_str); + dc = NULL; + } + if (!domain) { + return false; + } + + *domain_p = domain; + + if (!*dc_p && dc) { + *dc_p = dc; + } + + return true; +} + +/**************************************************************** +****************************************************************/ + static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -1323,6 +1365,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } + if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name, + &r->in.domain_name, + &r->in.dc_name)) { + libnet_join_set_error_string(mem_ctx, r, + "Failed to parse domain name"); + return WERR_INVALID_PARAM; + } + if (r->in.modify_config && !lp_config_backend_is_registry()) { libnet_join_set_error_string(mem_ctx, r, "Configuration manipulation requested but not " @@ -1654,6 +1704,14 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } + if (!libnet_parse_domain_dc(mem_ctx, r->in.domain_name, + &r->in.domain_name, + &r->in.dc_name)) { + libnet_unjoin_set_error_string(mem_ctx, r, + "Failed to parse domain name"); + return WERR_INVALID_PARAM; + } + if (r->in.modify_config && !lp_config_backend_is_registry()) { libnet_unjoin_set_error_string(mem_ctx, r, "Configuration manipulation requested but not " -- cgit From 8b29c8f63454604b7d04cfcb171b30eb8e31636c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 16:39:02 +0100 Subject: Support "net ads join" format while joining to a specific ou. libnetjoin now supports Computers/Servers/Unix as well as ou=Computers,ou=Servers,ou=Unix,dc=ber,dc=realm,dc=com. Guenther (This used to be commit c0be84c96d8133c6b77d1f0efe41f5f2373febb3) --- source3/libnet/libnet_join.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index f55d558c01..90e1b5941e 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -207,6 +207,11 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, const char *attrs[] = { "dn", NULL }; bool moved = false; + status = ads_check_ou_dn(mem_ctx, r->in.ads, r->in.account_ou); + if (!ADS_ERR_OK(status)) { + return status; + } + status = ads_search_dn(r->in.ads, &res, r->in.account_ou, attrs); if (!ADS_ERR_OK(status)) { return status; -- cgit From 99d35904552b01ef9f2adc40e16887da9eb4de69 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 2 Apr 2008 02:29:48 +0200 Subject: Fix NETLOGON credential chain with Windows 2008 all over the place. In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0) --- source3/libnet/libnet_join.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 90e1b5941e..16db032c50 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -930,8 +930,7 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, const char *machine_name, const char *dc_name) { - uint32_t neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS | - NETLOGON_NEG_SCHANNEL; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; struct rpc_pipe_client *netlogon_pipe = NULL; -- cgit From e33b13e826b9628fd03f2bd6a3c97a7ac90b4259 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 12:20:33 +0200 Subject: libnetjoin: Fix joining when no KRB5CCNAME is around. Guenther (This used to be commit 512e6ca0a9be9fe35994ec1010110573a5b551d1) --- source3/libnet/libnet_join.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 16db032c50..51278b5a0a 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1426,10 +1426,17 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) { + const char *krb5_cc_env = NULL; + if (r->in.ads) { ads_destroy(&r->in.ads); } + krb5_cc_env = getenv(KRB5_ENV_CCNAME); + if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { + unsetenv(KRB5_ENV_CCNAME); + } + return 0; } @@ -1452,6 +1459,7 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx **r) { struct libnet_JoinCtx *ctx; + const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_JoinCtx); if (!ctx) { @@ -1463,6 +1471,13 @@ WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + krb5_cc_env = getenv(KRB5_ENV_CCNAME); + if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { + krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); + W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); + setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); + } + ctx->in.secure_channel_type = SEC_CHAN_WKSTA; *r = ctx; -- cgit From a4e0f60c4ed3bb818166c9e6341b25a40f1f9ab8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 14:42:19 +0200 Subject: libnetjoin: Remove machine account if we failed to set password. Guenther (This used to be commit db5e0ed186429667a7f6fc67e4b19a7ca75f357e) --- source3/libnet/libnet_join.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 51278b5a0a..aff61d8807 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -905,6 +905,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } if (!NT_STATUS_IS_OK(status)) { + + rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); + libnet_join_set_error_string(mem_ctx, r, "Failed to set password for machine account (%s)\n", nt_errstr(status)); -- cgit From cbd07aa047e3895f74da984a646fb5fac4980a4a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 16:15:18 +0200 Subject: libnetjoin: Fix unjoining when no KRB5CCNAME is around. Guenther (This used to be commit 7fd237c545e0a7e0029195dbbb6691571abdfe84) --- source3/libnet/libnet_join.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index aff61d8807..dda945e529 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1449,10 +1449,18 @@ static int libnet_destroy_JoinCtx(struct libnet_JoinCtx *r) static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) { + const char *krb5_cc_env = NULL; + if (r->in.ads) { ads_destroy(&r->in.ads); } + krb5_cc_env = getenv(KRB5_ENV_CCNAME); + if (krb5_cc_env && StrCaseCmp(krb5_cc_env, "MEMORY:libnetjoin")) { + unsetenv(KRB5_ENV_CCNAME); + } + + return 0; } @@ -1496,6 +1504,7 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, struct libnet_UnjoinCtx **r) { struct libnet_UnjoinCtx *ctx; + const char *krb5_cc_env = NULL; ctx = talloc_zero(mem_ctx, struct libnet_UnjoinCtx); if (!ctx) { @@ -1507,6 +1516,13 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, ctx->in.machine_name = talloc_strdup(mem_ctx, global_myname()); W_ERROR_HAVE_NO_MEMORY(ctx->in.machine_name); + krb5_cc_env = getenv(KRB5_ENV_CCNAME); + if (!krb5_cc_env || (strlen(krb5_cc_env) == 0)) { + krb5_cc_env = talloc_strdup(mem_ctx, "MEMORY:libnetjoin"); + W_ERROR_HAVE_NO_MEMORY(krb5_cc_env); + setenv(KRB5_ENV_CCNAME, krb5_cc_env, 1); + } + *r = ctx; return WERR_OK; -- cgit From c8d96d57f8a8775315dbf5c06c94b5dc0a2123fc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 22:56:12 +0200 Subject: libnetjoin: separate out libnet_join_lookup_dc_rpc. Guenther (This used to be commit 8d3d1c094a28f75b01315ee05b7939ffba374f20) --- source3/libnet/libnet_join.c | 123 ++++++++++++++++++++++++++++++------------- 1 file changed, 86 insertions(+), 37 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index dda945e529..182945bdfc 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -642,36 +642,19 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, } /**************************************************************** - Do the domain join + Lookup domain dc's info ****************************************************************/ -static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct cli_state **cli) { - struct cli_state *cli = NULL; struct rpc_pipe_client *pipe_hnd = NULL; - POLICY_HND sam_pol, domain_pol, user_pol, lsa_pol; + POLICY_HND lsa_pol; NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - char *acct_name; - struct lsa_String lsa_acct_name; - uint32_t user_rid; - uint32_t acct_flags = ACB_WSTRUST; - uchar pwbuf[532]; - struct MD5Context md5ctx; - uchar md5buffer[16]; - DATA_BLOB digested_session_key; - uchar md4_trust_password[16]; union lsa_PolicyInformation *info = NULL; - struct samr_Ids user_rids; - struct samr_Ids name_types; - union samr_UserInfo user_info; - if (!r->in.machine_password) { - r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); - NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); - } - - status = cli_full_connection(&cli, NULL, + status = cli_full_connection(cli, NULL, r->in.dc_name, NULL, 0, "IPC$", "IPC", @@ -685,7 +668,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_LSARPC, &status); + pipe_hnd = cli_rpc_pipe_open_noauth(*cli, PI_LSARPC, &status); if (!pipe_hnd) { DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", nt_errstr(status))); @@ -725,6 +708,43 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); cli_rpc_pipe_close(pipe_hnd); + done: + return status; +} + +/**************************************************************** + Do the domain join +****************************************************************/ + +static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r, + struct cli_state *cli) +{ + struct rpc_pipe_client *pipe_hnd = NULL; + POLICY_HND sam_pol, domain_pol, user_pol; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + char *acct_name; + struct lsa_String lsa_acct_name; + uint32_t user_rid; + uint32_t acct_flags = ACB_WSTRUST; + uchar pwbuf[532]; + struct MD5Context md5ctx; + uchar md5buffer[16]; + DATA_BLOB digested_session_key; + uchar md4_trust_password[16]; + struct samr_Ids user_rids; + struct samr_Ids name_types; + union samr_UserInfo user_info; + + ZERO_STRUCT(sam_pol); + ZERO_STRUCT(domain_pol); + ZERO_STRUCT(user_pol); + + if (!r->in.machine_password) { + r->in.machine_password = talloc_strdup(mem_ctx, generate_random_str(DEFAULT_TRUST_ACCOUNT_PASSWORD_LENGTH)); + NT_STATUS_HAVE_NO_MEMORY(r->in.machine_password); + } + /* Open the domain */ pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); @@ -796,7 +816,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, "administrator privileges"); } - return status; + goto done; } if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { @@ -915,14 +935,23 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); - cli_rpc_pipe_close(pipe_hnd); - status = NT_STATUS_OK; + done: - if (cli) { - cli_shutdown(cli); + if (!pipe_hnd) { + return status; + } + + if (is_valid_policy_hnd(&sam_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); + } + if (is_valid_policy_hnd(&domain_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); + } + if (is_valid_policy_hnd(&user_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } + cli_rpc_pipe_close(pipe_hnd); return status; } @@ -1535,6 +1564,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { NTSTATUS status; + WERROR werr; + struct cli_state *cli = NULL; #ifdef WITH_ADS ADS_STATUS ads_status; #endif /* WITH_ADS */ @@ -1583,31 +1614,49 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, } #endif /* WITH_ADS */ - status = libnet_join_joindomain_rpc(mem_ctx, r); + status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, - "failed to join domain over rpc: %s", - get_friendly_nt_error_msg(status)); + "failed to lookup DC info for domain '%s' over rpc: %s", + r->in.domain_name, get_friendly_nt_error_msg(status)); + return ntstatus_to_werror(status); + } + + status = libnet_join_joindomain_rpc(mem_ctx, r, cli); + if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to join domain '%s' over rpc: %s", + r->in.domain_name, get_friendly_nt_error_msg(status)); if (NT_STATUS_EQUAL(status, NT_STATUS_USER_EXISTS)) { return WERR_SETUP_ALREADY_JOINED; } - return ntstatus_to_werror(status); + werr = ntstatus_to_werror(status); + goto done; } if (!libnet_join_joindomain_store_secrets(mem_ctx, r)) { - return WERR_SETUP_NOT_JOINED; + werr = WERR_SETUP_NOT_JOINED; + goto done; } #ifdef WITH_ADS if (r->out.domain_is_ad) { ads_status = libnet_join_post_processing_ads(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { - return WERR_GENERAL_FAILURE; + werr = WERR_GENERAL_FAILURE; + goto done; } } #endif /* WITH_ADS */ - return WERR_OK; + werr = WERR_OK; + + done: + if (cli) { + cli_shutdown(cli); + } + + return werr; } /**************************************************************** -- cgit From a31281a751d2ad2528ad99348a5c9c9ae10b99a4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 22:57:37 +0200 Subject: libnetjoin: delete the workgroup name when requested while unjoining. Guenther (This used to be commit 1782e89f3341eca5ee1fa39881ee8efb3fac9a5b) --- source3/libnet/libnet_join.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 182945bdfc..90cb64c5d6 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1288,6 +1288,10 @@ static WERROR do_unjoin_modify_vals_config(struct libnet_UnjoinCtx *r) werr = smbconf_set_global_parameter(ctx, "security", "user"); W_ERROR_NOT_OK_GOTO_DONE(werr); + + werr = smbconf_delete_global_parameter(ctx, "workgroup"); + W_ERROR_NOT_OK_GOTO_DONE(werr); + smbconf_delete_global_parameter(ctx, "realm"); } -- cgit From ae1e1085a1c6e2a3f1a2821cd22a6caed63d3b05 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 14 Apr 2008 23:07:55 +0200 Subject: libnetjoin/net: Fix lp_config_backend_is_registry() handling. Thanks obnox, now we can net ads join and net ads leave with zero configuration changes if "config backend = registry". Guenther (This used to be commit 9003881773de787a51ceadcdc2cb1e95f6979763) --- source3/libnet/libnet_join.c | 70 +++++++++++++++++++++++++++++++++++--------- 1 file changed, 56 insertions(+), 14 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 90cb64c5d6..16a7ea4566 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1414,13 +1414,6 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } - if (r->in.modify_config && !lp_config_backend_is_registry()) { - libnet_join_set_error_string(mem_ctx, r, - "Configuration manipulation requested but not " - "supported by backend"); - return WERR_NOT_SUPPORTED; - } - if (IS_DC) { return WERR_SETUP_DOMAIN_CONTROLLER; } @@ -1564,6 +1557,57 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + /* check if configuration is already set correctly */ + + switch (r->out.domain_is_ad) { + case false: + if ((strequal(lp_workgroup(), + r->out.netbios_domain_name)) && + (lp_security() == SEC_DOMAIN)) { + /* nothing to be done */ + return WERR_OK; + } + break; + case true: + if ((strequal(lp_workgroup(), + r->out.netbios_domain_name)) && + (strequal(lp_realm(), + r->out.dns_domain_name)) && + ((lp_security() == SEC_ADS) || + (lp_security() == SEC_DOMAIN))) { + /* nothing to be done */ + return WERR_OK; + } + break; + } + + /* check if we are supposed to manipulate configuration */ + + if (!r->in.modify_config) { + libnet_join_set_error_string(mem_ctx, r, + "Invalid configuration and configuration modification " + "was not requested"); + return WERR_CAN_NOT_COMPLETE; + } + + /* check if we are able to manipulate configuration */ + + if (!lp_config_backend_is_registry()) { + libnet_join_set_error_string(mem_ctx, r, + "Configuration manipulation requested but not " + "supported by backend"); + return WERR_NOT_SUPPORTED; + } + + return WERR_OK; +} + +/**************************************************************** +****************************************************************/ + static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -1626,6 +1670,11 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return ntstatus_to_werror(status); } + werr = libnet_join_check_config(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + status = libnet_join_joindomain_rpc(mem_ctx, r, cli); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, @@ -1804,13 +1853,6 @@ static WERROR libnet_unjoin_pre_processing(TALLOC_CTX *mem_ctx, return WERR_INVALID_PARAM; } - if (r->in.modify_config && !lp_config_backend_is_registry()) { - libnet_unjoin_set_error_string(mem_ctx, r, - "Configuration manipulation requested but not " - "supported by backend"); - return WERR_NOT_SUPPORTED; - } - if (IS_DC) { return WERR_SETUP_DOMAIN_CONTROLLER; } -- cgit From 2a2188591b5ed922d09dc723adcf10f8b8f5e5a0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Apr 2008 21:56:43 +0200 Subject: Add "desthost" to rpc_pipe_client This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 16a7ea4566..207a3acfa8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -755,7 +755,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, } status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); if (!NT_STATUS_IS_OK(status)) { @@ -1137,7 +1137,7 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, } status = rpccli_samr_Connect2(pipe_hnd, mem_ctx, - pipe_hnd->cli->desthost, + pipe_hnd->desthost, SEC_RIGHTS_MAXIMUM_ALLOWED, &sam_pol); if (!NT_STATUS_IS_OK(status)) { -- cgit From e73e8297f5484b6c7f525917679414c09a145cf0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Apr 2008 13:51:46 +0200 Subject: Replace cli_rpc_pipe_close by a talloc destructor on rpc_pipe_struct (This used to be commit 99fc3283c4ecc791f5a242bd1983b4352ce3e6cf) --- source3/libnet/libnet_join.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 207a3acfa8..d22fbc21b9 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -706,7 +706,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, } rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); done: return status; @@ -951,7 +951,7 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, if (is_valid_policy_hnd(&user_pol)) { rpccli_samr_Close(pipe_hnd, mem_ctx, &user_pol); } - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); return status; } @@ -1217,7 +1217,7 @@ done: if (pipe_hnd) { rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); - cli_rpc_pipe_close(pipe_hnd); + TALLOC_FREE(pipe_hnd); } if (cli) { -- cgit From c27e661ad11dcf08f91f48758c8d66a3fcb88bfd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 22 Apr 2008 01:54:49 +0200 Subject: libnetjoin: identify type of domain early. This finally enables joining AD using workgroup or realm name. Guenther (This used to be commit 0cf16e6b47f5978bdcb84ac8a29ef13ff2b5cca8) --- source3/libnet/libnet_join.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d22fbc21b9..7e348e25a5 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -142,8 +142,8 @@ static ADS_STATUS libnet_join_connect_ads(TALLOC_CTX *mem_ctx, { ADS_STATUS status; - status = libnet_connect_ads(r->in.domain_name, - r->in.domain_name, + status = libnet_connect_ads(r->out.dns_domain_name, + r->out.netbios_domain_name, r->in.dc_name, r->in.admin_account, r->in.admin_password, @@ -1641,8 +1641,21 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); } + status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli); + if (!NT_STATUS_IS_OK(status)) { + libnet_join_set_error_string(mem_ctx, r, + "failed to lookup DC info for domain '%s' over rpc: %s", + r->in.domain_name, get_friendly_nt_error_msg(status)); + return ntstatus_to_werror(status); + } + + werr = libnet_join_check_config(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + #ifdef WITH_ADS - if (r->in.account_ou) { + if (r->out.domain_is_ad && r->in.account_ou) { ads_status = libnet_join_connect_ads(mem_ctx, r); if (!ADS_ERR_OK(ads_status)) { @@ -1662,19 +1675,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, } #endif /* WITH_ADS */ - status = libnet_join_lookup_dc_rpc(mem_ctx, r, &cli); - if (!NT_STATUS_IS_OK(status)) { - libnet_join_set_error_string(mem_ctx, r, - "failed to lookup DC info for domain '%s' over rpc: %s", - r->in.domain_name, get_friendly_nt_error_msg(status)); - return ntstatus_to_werror(status); - } - - werr = libnet_join_check_config(mem_ctx, r); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } - status = libnet_join_joindomain_rpc(mem_ctx, r, cli); if (!NT_STATUS_IS_OK(status)) { libnet_join_set_error_string(mem_ctx, r, -- cgit From f11acf358225ecf10a8af2a12e304019adc6ee4f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 8 May 2008 14:23:20 +0200 Subject: Use strip_hostname after dsgetdcname/getdcname calls. Guenther (This used to be commit 82cbb3269b2e764c9c2a2fbcbe9c29feae07fb62) --- source3/libnet/libnet_join.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 7e348e25a5..8e503382f4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1620,6 +1620,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct netr_DsRGetDCNameInfo *info; + const char *dc; status = dsgetdcname(mem_ctx, r->in.domain_name, NULL, @@ -1636,8 +1637,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, return WERR_DOMAIN_CONTROLLER_NOT_FOUND; } - r->in.dc_name = talloc_strdup(mem_ctx, - info->dc_unc); + dc = strip_hostname(info->dc_unc); + r->in.dc_name = talloc_strdup(mem_ctx, dc); W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); } @@ -1775,6 +1776,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, if (!r->in.dc_name) { struct netr_DsRGetDCNameInfo *info; + const char *dc; status = dsgetdcname(mem_ctx, r->in.domain_name, NULL, @@ -1791,8 +1793,8 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, return WERR_DOMAIN_CONTROLLER_NOT_FOUND; } - r->in.dc_name = talloc_strdup(mem_ctx, - info->dc_unc); + dc = strip_hostname(info->dc_unc); + r->in.dc_name = talloc_strdup(mem_ctx, dc); W_ERROR_HAVE_NO_MEMORY(r->in.dc_name); } -- cgit From 67c644aa591c051cfe1e3f3536186ecf0b4449f2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 8 May 2008 18:32:22 +0200 Subject: dsgetdcname: use existing messaging_context if possible. Guenther (This used to be commit 7889516a384c155a9045aad4409c041fddd0d98d) --- source3/libnet/libnet_join.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 8e503382f4..36700b26c0 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1622,6 +1622,7 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, struct netr_DsRGetDCNameInfo *info; const char *dc; status = dsgetdcname(mem_ctx, + r->in.msg_ctx, r->in.domain_name, NULL, NULL, @@ -1778,6 +1779,7 @@ static WERROR libnet_DomainUnjoin(TALLOC_CTX *mem_ctx, struct netr_DsRGetDCNameInfo *info; const char *dc; status = dsgetdcname(mem_ctx, + r->in.msg_ctx, r->in.domain_name, NULL, NULL, -- cgit From 847d385f7bac1c02727d7655f4e277813d4fe42c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 14 May 2008 23:50:25 +0200 Subject: Fix Bug #5465 (joining with createcomputer=ou1/ou2/ou3). Guenther (This used to be commit f3251ba03a69c2fd0335861177159a32b2bc9477) --- source3/libnet/libnet_join.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 36700b26c0..4cfdd50473 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -207,7 +207,7 @@ static ADS_STATUS libnet_join_precreate_machine_acct(TALLOC_CTX *mem_ctx, const char *attrs[] = { "dn", NULL }; bool moved = false; - status = ads_check_ou_dn(mem_ctx, r->in.ads, r->in.account_ou); + status = ads_check_ou_dn(mem_ctx, r->in.ads, &r->in.account_ou); if (!ADS_ERR_OK(status)) { return status; } @@ -1486,7 +1486,6 @@ static int libnet_destroy_UnjoinCtx(struct libnet_UnjoinCtx *r) unsetenv(KRB5_ENV_CCNAME); } - return 0; } -- cgit From 6b2af349cfb7b434fd0e8b1ae6f15b49688d326d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 16 May 2008 12:16:04 +0200 Subject: libnetjoin: for informational reasons, report forest_name. Guenther (This used to be commit 452a9ea4af19d3aebc35929edaf4e5adf8c1fd11) --- source3/libnet/libnet_join.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4cfdd50473..6426dc3079 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -689,6 +689,7 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, r->out.domain_is_ad = true; r->out.netbios_domain_name = info->dns.name.string; r->out.dns_domain_name = info->dns.dns_domain.string; + r->out.forest_name = info->dns.dns_forest.string; r->out.domain_sid = info->dns.sid; } -- cgit From 04da4453ab1340c0b5bcad98c1f3710a291e9c90 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 18 May 2008 23:35:42 +0200 Subject: libnet: freeze libnet_proto.h from "make proto" Michael (This used to be commit b455cd1a619a1f1922e2e7bc07f1af246e3201e6) --- source3/libnet/libnet_proto.h | 46 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 source3/libnet/libnet_proto.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h new file mode 100644 index 0000000000..662ab7d0a9 --- /dev/null +++ b/source3/libnet/libnet_proto.h @@ -0,0 +1,46 @@ +/* + * Unix SMB/CIFS implementation. + * collected prototypes header + * + * frozen from "make proto" in May 2008 + * + * Copyright (C) Michael Adam 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifndef _LIBNET_PROTO_H_ +#define _LIBNET_PROTO_H_ + + +/* The following definitions come from libnet/libnet_join.c */ + +NTSTATUS libnet_join_ok(const char *netbios_domain_name, + const char *machine_name, + const char *dc_name); +WERROR libnet_init_JoinCtx(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx **r); +WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx **r); +WERROR libnet_Join(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r); +WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, + struct libnet_UnjoinCtx *r); + +/* The following definitions come from librpc/gen_ndr/ndr_libnet_join.c */ + +_PUBLIC_ void ndr_print_libnet_JoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_JoinCtx *r); +_PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_UnjoinCtx *r); + +#endif /* _LIBNET_PROTO_H_ */ -- cgit From aa8bfd39ebf33fe569527b744b9008219d0829a1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 4 Jun 2008 01:32:15 +0200 Subject: libnetjoin: delete possible "realm" leftover parameter. Guenther (This used to be commit d7ba98cc3f2d037ec01e079220a66da508b104b0) --- source3/libnet/libnet_join.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6426dc3079..d0ecd225ad 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1248,6 +1248,8 @@ static WERROR do_join_modify_vals_config(struct libnet_JoinCtx *r) werr = smbconf_set_global_parameter(ctx, "workgroup", r->in.domain_name); + + smbconf_delete_global_parameter(ctx, "realm"); goto done; } -- cgit From dddc5725dbb1acb6a2c0379e072fce8e42801548 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 4 Jun 2008 02:43:41 +0200 Subject: libnetjoin: only close existing policy handles while unjoining. Guenther (This used to be commit 6dbed6e7b7300962e11fdce1a713e6f3ea2cb619) --- source3/libnet/libnet_join.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d0ecd225ad..1ab75d7882 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1115,6 +1115,10 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, struct samr_Ids name_types; union samr_UserInfo *info = NULL; + ZERO_STRUCT(sam_pol); + ZERO_STRUCT(domain_pol); + ZERO_STRUCT(user_pol); + status = cli_full_connection(&cli, NULL, r->in.dc_name, NULL, 0, @@ -1216,8 +1220,12 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, done: if (pipe_hnd) { - rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); - rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); + if (is_valid_policy_hnd(&domain_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &domain_pol); + } + if (is_valid_policy_hnd(&sam_pol)) { + rpccli_samr_Close(pipe_hnd, mem_ctx, &sam_pol); + } TALLOC_FREE(pipe_hnd); } -- cgit From bb58d33b6d8c21d8fad457f6d1777baad65d181c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 4 Jun 2008 18:05:15 +0200 Subject: libnetjoin: correctly copy returned lsa policy sid. Guenther (This used to be commit f9e5450c9492b0f35bd90040739007963e765ab1) --- source3/libnet/libnet_join.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 1ab75d7882..3b2bce9fcf 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -690,7 +690,8 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, r->out.netbios_domain_name = info->dns.name.string; r->out.dns_domain_name = info->dns.dns_domain.string; r->out.forest_name = info->dns.dns_forest.string; - r->out.domain_sid = info->dns.sid; + r->out.domain_sid = sid_dup_talloc(mem_ctx, info->dns.sid); + NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid); } if (!NT_STATUS_IS_OK(status)) { @@ -703,7 +704,8 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, } r->out.netbios_domain_name = info->account_domain.name.string; - r->out.domain_sid = info->account_domain.sid; + r->out.domain_sid = sid_dup_talloc(mem_ctx, info->account_domain.sid); + NT_STATUS_HAVE_NO_MEMORY(r->out.domain_sid); } rpccli_lsa_Close(pipe_hnd, mem_ctx, &lsa_pol); -- cgit From 387706a49dfdca539d0b1579703e6f96451ba040 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 5 Jun 2008 18:58:27 +0200 Subject: libnetjoin: First store configuration and then verify the join. Jerry, this fixes the issues while joining with "config backend = registry". Guenther (This used to be commit b3d47f099286778252c6df6bf2c1fee0c4e26560) --- source3/libnet/libnet_join.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3b2bce9fcf..16dcc61afe 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1333,6 +1333,8 @@ static WERROR do_JoinConfig(struct libnet_JoinCtx *r) return werr; } + lp_load(get_dyn_CONFIGFILE(),true,false,false,true); + r->out.modified_config = true; r->out.result = werr; @@ -1359,6 +1361,8 @@ static WERROR libnet_unjoin_config(struct libnet_UnjoinCtx *r) return werr; } + lp_load(get_dyn_CONFIGFILE(),true,false,false,true); + r->out.modified_config = true; r->out.result = werr; @@ -1748,17 +1752,20 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, if (!W_ERROR_IS_OK(werr)) { goto done; } + } + werr = libnet_join_post_processing(mem_ctx, r); + if (!W_ERROR_IS_OK(werr)) { + goto done; + } + + if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_join_post_verify(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { goto done; } } - werr = libnet_join_post_processing(mem_ctx, r); - if (!W_ERROR_IS_OK(werr)) { - goto done; - } done: r->out.result = werr; -- cgit From e3e1172979522da0b80dab2d683ca48381b1cfa8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 5 Jun 2008 19:00:05 +0200 Subject: libnetjoin: add libnet_join_rollback(). This is required now if the join verify failed and we already modified the local configuration. Guenther (This used to be commit 2870fe50af5163e30330f5a3ef21d0b7eea85ee5) --- source3/libnet/libnet_join.c | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 16dcc61afe..3678ff9498 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1733,6 +1733,35 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) +{ + WERROR werr; + struct libnet_UnjoinCtx *u = NULL; + + werr = libnet_init_UnjoinCtx(mem_ctx, &u); + if (!W_ERROR_IS_OK(werr)) { + return werr; + } + + u->in.debug = r->in.debug; + u->in.dc_name = r->in.dc_name; + u->in.domain_name = r->in.domain_name; + u->in.admin_account = r->in.admin_account; + u->in.admin_password = r->in.admin_password; + u->in.modify_config = r->in.modify_config; + u->in.unjoin_flags = WKSSVC_JOIN_FLAGS_JOIN_TYPE | + WKSSVC_JOIN_FLAGS_ACCOUNT_DELETE; + + werr = libnet_Unjoin(mem_ctx, u); + TALLOC_FREE(u); + + return werr; +} + +/**************************************************************** +****************************************************************/ + WERROR libnet_Join(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -1762,7 +1791,7 @@ WERROR libnet_Join(TALLOC_CTX *mem_ctx, if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { werr = libnet_join_post_verify(mem_ctx, r); if (!W_ERROR_IS_OK(werr)) { - goto done; + libnet_join_rollback(mem_ctx, r); } } -- cgit From 61b68fc43cda3fbee8b0c4fa8fbc9bd56fb98924 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 11:57:09 +0200 Subject: samsync: add samsync_fix_delta_array() This code is vastly based on samba4 code. Guenther (cherry picked from commit 5b68be96996a710988b1fd1c176cd5dff0f2c6af) (This used to be commit 2c53d87de4ecc5ac9c43bc7488a03bceecf35140) --- source3/libnet/libnet_samsync.c | 188 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 188 insertions(+) create mode 100644 source3/libnet/libnet_samsync.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c new file mode 100644 index 0000000000..e45a84568c --- /dev/null +++ b/source3/libnet/libnet_samsync.c @@ -0,0 +1,188 @@ +/* + Unix SMB/CIFS implementation. + + Extract the user/system database from a remote SamSync server + + Copyright (C) Andrew Bartlett 2004-2005 + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include "includes.h" + +/** + * Decrypt and extract the user's passwords. + * + * The writes decrypted (no longer 'RID encrypted' or arcfour encrypted) + * passwords back into the structure + */ + +static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + bool rid_crypt, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *delta) +{ + + uint32_t rid = delta->delta_id_union.rid; + struct netr_DELTA_USER *user = delta->delta_union.user; + struct samr_Password lm_hash; + struct samr_Password nt_hash; + const char *username = user->account_name.string; + + if (rid_crypt) { + if (user->lm_password_present) { + sam_pwd_hash(rid, user->lmpassword.hash, lm_hash.hash, 0); + user->lmpassword = lm_hash; + } + + if (user->nt_password_present) { + sam_pwd_hash(rid, user->ntpassword.hash, nt_hash.hash, 0); + user->ntpassword = nt_hash; + } + } + + if (user->user_private_info.SensitiveData) { + DATA_BLOB data; + struct netr_USER_KEYS keys; + enum ndr_err_code ndr_err; + data.data = user->user_private_info.SensitiveData; + data.length = user->user_private_info.DataLength; + SamOEMhashBlob(data.data, data.length, session_key); + user->user_private_info.SensitiveData = data.data; + user->user_private_info.DataLength = data.length; + + ndr_err = ndr_pull_struct_blob(&data, mem_ctx, &keys, + (ndr_pull_flags_fn_t)ndr_pull_netr_USER_KEYS); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + dump_data(10, data.data, data.length); + return ndr_map_error2ntstatus(ndr_err); + } + + if (keys.keys.keys2.lmpassword.length == 16) { + if (rid_crypt) { + sam_pwd_hash(rid, + keys.keys.keys2.lmpassword.pwd.hash, + lm_hash.hash, 0); + user->lmpassword = lm_hash; + } else { + user->lmpassword = keys.keys.keys2.lmpassword.pwd; + } + user->lm_password_present = true; + } + if (keys.keys.keys2.ntpassword.length == 16) { + if (rid_crypt) { + sam_pwd_hash(rid, + keys.keys.keys2.ntpassword.pwd.hash, + nt_hash.hash, 0); + user->ntpassword = nt_hash; + } else { + user->ntpassword = keys.keys.keys2.ntpassword.pwd; + } + user->nt_password_present = true; + } + /* TODO: rid decrypt history fields */ + } + return NT_STATUS_OK; +} + +/** + * Decrypt and extract the secrets + * + * The writes decrypted secrets back into the structure + */ +static NTSTATUS fix_secret(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *delta) +{ + struct netr_DELTA_SECRET *secret = delta->delta_union.secret; + + SamOEMhashBlob(secret->current_cipher.cipher_data, + secret->current_cipher.maxlen, + session_key); + + SamOEMhashBlob(secret->old_cipher.cipher_data, + secret->old_cipher.maxlen, + session_key); + + return NT_STATUS_OK; +} + +/** + * Fix up the delta, dealing with encryption issues so that the final + * callback need only do the printing or application logic + */ + +static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + bool rid_crypt, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *delta) +{ + NTSTATUS status = NT_STATUS_OK; + + switch (delta->delta_type) { + case NETR_DELTA_USER: + + status = fix_user(mem_ctx, + session_key, + rid_crypt, + database_id, + delta); + break; + case NETR_DELTA_SECRET: + + status = fix_secret(mem_ctx, + session_key, + database_id, + delta); + break; + default: + break; + } + + return status; +} + +/** + * Fix up the delta, dealing with encryption issues so that the final + * callback need only do the printing or application logic + */ + +NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + bool rid_crypt, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r) +{ + NTSTATUS status; + int i; + + for (i = 0; i < r->num_deltas; i++) { + + status = samsync_fix_delta(mem_ctx, + session_key, + rid_crypt, + database_id, + &r->delta_enum[i]); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return NT_STATUS_OK; +} -- cgit From 813ca8d705f81f640d5e858750cc7c05e2ab6125 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 12:30:36 +0200 Subject: samsync: add prototype for samsync_fix_delta_array(). Guenther (This used to be commit 6c1904f8be1b4e08b09b64052c1aba24e7a4fb3d) --- source3/libnet/libnet_proto.h | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 662ab7d0a9..52382e91a5 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -43,4 +43,12 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, _PUBLIC_ void ndr_print_libnet_JoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_JoinCtx *r); _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_UnjoinCtx *r); +/* The following definitions come from libnet/libnet_samsync.c */ + +NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + bool rid_crypt, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r); + #endif /* _LIBNET_PROTO_H_ */ -- cgit From ccdcbc2efe86cde991a1cafdb2b098db41b163fd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 12:09:08 +0200 Subject: net_vampire: move some samsync functions to libnet. Guenther (This used to be commit b3b6af0a3e25fab0a14c9c802dbabd3d03448ebe) --- source3/libnet/libnet.h | 1 + source3/libnet/libnet_proto.h | 9 ++- source3/libnet/libnet_samsync.c | 164 ++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_samsync.h | 68 +++++++++++++++++ 4 files changed, 241 insertions(+), 1 deletion(-) create mode 100644 source3/libnet/libnet_samsync.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index 6768b948d6..2b5e60bf14 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -20,6 +20,7 @@ #ifndef __LIBNET_H__ #define __LIBNET_H__ +#include "libnet/libnet_samsync.h" #include "librpc/gen_ndr/libnet_join.h" #include "libnet/libnet_proto.h" diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 52382e91a5..eeb4a72644 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -50,5 +50,12 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, bool rid_crypt, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r); - +NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + enum net_samsync_mode mode, + struct samsync_context **ctx_p); +NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + samsync_fn_t callback_fn, + struct samsync_context *ctx); #endif /* _LIBNET_PROTO_H_ */ diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index e45a84568c..d6331fd08c 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -22,6 +22,7 @@ #include "includes.h" +#include "libnet/libnet_samsync.h" /** * Decrypt and extract the user's passwords. @@ -186,3 +187,166 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +/** + * samsync_init_context + */ + +NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + enum net_samsync_mode mode, + struct samsync_context **ctx_p) +{ + struct samsync_context *ctx; + + *ctx_p = NULL; + + ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->mode = mode; + + if (domain_sid) { + ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); + + ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str); + } + + *ctx_p = ctx; + + return NT_STATUS_OK; +} + +/** + * samsync_debug_str + */ + +static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, + enum net_samsync_mode mode, + enum netr_SamDatabaseID database_id) +{ + const char *action = NULL; + const char *str = NULL; + + switch (mode) { + case NET_SAMSYNC_MODE_DUMP: + action = "Dumping (to stdout)"; + break; + case NET_SAMSYNC_MODE_FETCH_PASSDB: + action = "Fetching (to passdb)"; + break; + case NET_SAMSYNC_MODE_FETCH_LDIF: + action = "Fetching (to ldif)"; + break; + default: + action = "Unknown"; + break; + } + + switch (database_id) { + case SAM_DATABASE_DOMAIN: + str = talloc_asprintf(mem_ctx, "%s DOMAIN database", + action); + break; + case SAM_DATABASE_BUILTIN: + str = talloc_asprintf(mem_ctx, "%s BUILTIN database", + action); + break; + case SAM_DATABASE_PRIVS: + str = talloc_asprintf(mem_ctx, "%s PRIVS database", + action); + break; + default: + str = talloc_asprintf(mem_ctx, "%s unknown database type %u", + action, database_id); + break; + } + + return str; +} + +/** + * samsync_process_database + */ + +NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + samsync_fn_t callback_fn, + struct samsync_context *ctx) +{ + NTSTATUS result; + TALLOC_CTX *mem_ctx; + const char *logon_server = pipe_hnd->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + uint16_t restart_state = 0; + uint32_t sync_context = 0; + const char *debug_str; + DATA_BLOB session_key; + + ZERO_STRUCT(return_authenticator); + + if (!(mem_ctx = talloc_init("samsync_process_database"))) { + return NT_STATUS_NO_MEMORY; + } + + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); + if (debug_str) { + d_fprintf(stderr, "%s\n", debug_str); + } + + do { + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { + return result; + } + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (NT_STATUS_IS_ERR(result)) { + break; + } + + session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); + + samsync_fix_delta_array(mem_ctx, + &session_key, + true, + database_id, + delta_enum_array); + + /* Process results */ + callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); + + TALLOC_FREE(delta_enum_array); + + /* Increment sync_context */ + sync_context += 1; + + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + talloc_destroy(mem_ctx); + + return result; +} diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h new file mode 100644 index 0000000000..5898a15ebd --- /dev/null +++ b/source3/libnet/libnet_samsync.h @@ -0,0 +1,68 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Support + * Copyright (C) Guenther Deschner 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + + +enum net_samsync_mode { + NET_SAMSYNC_MODE_FETCH_PASSDB = 0, + NET_SAMSYNC_MODE_FETCH_LDIF = 1, + NET_SAMSYNC_MODE_DUMP = 2 +}; + +/* Structure for mapping accounts to groups */ +/* Array element is the group rid */ +typedef struct _groupmap { + uint32_t rid; + uint32_t gidNumber; + const char *sambaSID; + const char *group_dn; +} GROUPMAP; + +typedef struct _accountmap { + uint32_t rid; + const char *cn; +} ACCOUNTMAP; + +struct samsync_ldif_context { + GROUPMAP *groupmap; + ACCOUNTMAP *accountmap; + bool initialized; + const char *add_template; + const char *mod_template; + char *add_name; + char *mod_name; + FILE *add_file; + FILE *mod_file; + FILE *ldif_file; + const char *suffix; + int num_alloced; +}; + +struct samsync_context { + enum net_samsync_mode mode; + const struct dom_sid *domain_sid; + const char *domain_sid_str; + const char *ldif_filename; + struct samsync_ldif_context *ldif; +}; + +typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, + enum netr_SamDatabaseID, + struct netr_DELTA_ENUM_ARRAY *, + NTSTATUS, + struct samsync_context *); -- cgit From 51fec7863b589dacfccaa0263c877d52a6d60a12 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 12:37:57 +0200 Subject: net_vampire: move ldif code out of net_rpc_samsync.c Guenther (This used to be commit 1d5758ec3a5160e5649242c42f6e4a7b39eb6199) --- source3/libnet/libnet_samsync.h | 37 +- source3/libnet/libnet_samsync_ldif.c | 1209 ++++++++++++++++++++++++++++++++++ 2 files changed, 1216 insertions(+), 30 deletions(-) create mode 100644 source3/libnet/libnet_samsync_ldif.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 5898a15ebd..125312888e 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -24,41 +24,12 @@ enum net_samsync_mode { NET_SAMSYNC_MODE_DUMP = 2 }; -/* Structure for mapping accounts to groups */ -/* Array element is the group rid */ -typedef struct _groupmap { - uint32_t rid; - uint32_t gidNumber; - const char *sambaSID; - const char *group_dn; -} GROUPMAP; - -typedef struct _accountmap { - uint32_t rid; - const char *cn; -} ACCOUNTMAP; - -struct samsync_ldif_context { - GROUPMAP *groupmap; - ACCOUNTMAP *accountmap; - bool initialized; - const char *add_template; - const char *mod_template; - char *add_name; - char *mod_name; - FILE *add_file; - FILE *mod_file; - FILE *ldif_file; - const char *suffix; - int num_alloced; -}; - struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; const char *domain_sid_str; const char *ldif_filename; - struct samsync_ldif_context *ldif; + void *private_data; }; typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, @@ -66,3 +37,9 @@ typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, struct netr_DELTA_ENUM_ARRAY *, NTSTATUS, struct samsync_context *); + +NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS result, + struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c new file mode 100644 index 0000000000..448c7c153e --- /dev/null +++ b/source3/libnet/libnet_samsync_ldif.c @@ -0,0 +1,1209 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Tim Potter 2001,2002 + Copyright (C) Jim McDonough 2005 + Modified by Volker Lendecke 2002 + Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "utils/net.h" + +/* uid's and gid's for writing deltas to ldif */ +static uint32 ldif_gid = 999; +static uint32 ldif_uid = 999; + +/* Structure for mapping accounts to groups */ +/* Array element is the group rid */ +typedef struct _groupmap { + uint32_t rid; + uint32_t gidNumber; + const char *sambaSID; + const char *group_dn; +} GROUPMAP; + +typedef struct _accountmap { + uint32_t rid; + const char *cn; +} ACCOUNTMAP; + +struct samsync_ldif_context { + GROUPMAP *groupmap; + ACCOUNTMAP *accountmap; + bool initialized; + const char *add_template; + const char *mod_template; + char *add_name; + char *mod_name; + FILE *add_file; + FILE *mod_file; + FILE *ldif_file; + const char *suffix; + int num_alloced; +}; + +/**************************************************************** +****************************************************************/ + +static NTSTATUS populate_ldap_for_ldif(const char *sid, + const char *suffix, + const char *builtin_sid, + FILE *add_fd) +{ + const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; + char *user_attr=NULL, *group_attr=NULL; + char *suffix_attr; + int len; + + /* Get the suffix attribute */ + suffix_attr = sstring_sub(suffix, '=', ','); + if (suffix_attr == NULL) { + len = strlen(suffix); + suffix_attr = (char*)SMB_MALLOC(len+1); + memcpy(suffix_attr, suffix, len); + suffix_attr[len] = '\0'; + } + + /* Write the base */ + fprintf(add_fd, "# %s\n", suffix); + fprintf(add_fd, "dn: %s\n", suffix); + fprintf(add_fd, "objectClass: dcObject\n"); + fprintf(add_fd, "objectClass: organization\n"); + fprintf(add_fd, "o: %s\n", suffix_attr); + fprintf(add_fd, "dc: %s\n", suffix_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + + user_suffix = lp_ldap_user_suffix(); + if (user_suffix == NULL) { + SAFE_FREE(suffix_attr); + return NT_STATUS_NO_MEMORY; + } + /* If it exists and is distinct from other containers, + Write the Users entity */ + if (*user_suffix && strcmp(user_suffix, suffix)) { + user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); + fprintf(add_fd, "# %s\n", user_suffix); + fprintf(add_fd, "dn: %s\n", user_suffix); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", user_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + + group_suffix = lp_ldap_group_suffix(); + if (group_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + return NT_STATUS_NO_MEMORY; + } + /* If it exists and is distinct from other containers, + Write the Groups entity */ + if (*group_suffix && strcmp(group_suffix, suffix)) { + group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + fprintf(add_fd, "# %s\n", group_suffix); + fprintf(add_fd, "dn: %s\n", group_suffix); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", group_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* If it exists and is distinct from other containers, + Write the Computers entity */ + machine_suffix = lp_ldap_machine_suffix(); + if (machine_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); + return NT_STATUS_NO_MEMORY; + } + if (*machine_suffix && strcmp(machine_suffix, user_suffix) && + strcmp(machine_suffix, suffix)) { + char *machine_ou = NULL; + fprintf(add_fd, "# %s\n", machine_suffix); + fprintf(add_fd, "dn: %s\n", machine_suffix); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + /* this isn't totally correct as it assumes that + there _must_ be an ou. just fixing memleak now. jmcd */ + machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", machine_ou); + SAFE_FREE(machine_ou); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* If it exists and is distinct from other containers, + Write the IdMap entity */ + idmap_suffix = lp_ldap_idmap_suffix(); + if (idmap_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); + return NT_STATUS_NO_MEMORY; + } + if (*idmap_suffix && + strcmp(idmap_suffix, user_suffix) && + strcmp(idmap_suffix, suffix)) { + char *s; + fprintf(add_fd, "# %s\n", idmap_suffix); + fprintf(add_fd, "dn: %s\n", idmap_suffix); + fprintf(add_fd, "ObjectClass: organizationalUnit\n"); + s = sstring_sub(lp_ldap_idmap_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", s); + SAFE_FREE(s); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* Write the domain entity */ + fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); + fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), + suffix); + fprintf(add_fd, "objectClass: sambaDomain\n"); + fprintf(add_fd, "objectClass: sambaUnixIdPool\n"); + fprintf(add_fd, "sambaDomainName: %s\n", lp_workgroup()); + fprintf(add_fd, "sambaSID: %s\n", sid); + fprintf(add_fd, "uidNumber: %d\n", ++ldif_uid); + fprintf(add_fd, "gidNumber: %d\n", ++ldif_gid); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Admins entity */ + fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Admins\n"); + fprintf(add_fd, "memberUid: Administrator\n"); + fprintf(add_fd, "description: Netbios Domain Administrators\n"); + fprintf(add_fd, "gidNumber: 512\n"); + fprintf(add_fd, "sambaSID: %s-512\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Admins\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Users entity */ + fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Users\n"); + fprintf(add_fd, "description: Netbios Domain Users\n"); + fprintf(add_fd, "gidNumber: 513\n"); + fprintf(add_fd, "sambaSID: %s-513\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Users\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Guests entity */ + fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Guests\n"); + fprintf(add_fd, "description: Netbios Domain Guests\n"); + fprintf(add_fd, "gidNumber: 514\n"); + fprintf(add_fd, "sambaSID: %s-514\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Guests\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Computers entity */ + fprintf(add_fd, "# Domain Computers, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Computers,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 515\n"); + fprintf(add_fd, "cn: Domain Computers\n"); + fprintf(add_fd, "description: Netbios Domain Computers accounts\n"); + fprintf(add_fd, "sambaSID: %s-515\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Computers\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Admininistrators Groups entity */ + fprintf(add_fd, "# Administrators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Administrators,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 544\n"); + fprintf(add_fd, "cn: Administrators\n"); + fprintf(add_fd, "description: Netbios Domain Members can fully administer the computer/sambaDomainName\n"); + fprintf(add_fd, "sambaSID: %s-544\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Administrators\n"); + fprintf(add_fd, "\n"); + + /* Write the Print Operator entity */ + fprintf(add_fd, "# Print Operators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Print Operators,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 550\n"); + fprintf(add_fd, "cn: Print Operators\n"); + fprintf(add_fd, "description: Netbios Domain Print Operators\n"); + fprintf(add_fd, "sambaSID: %s-550\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Print Operators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Backup Operators entity */ + fprintf(add_fd, "# Backup Operators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Backup Operators,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 551\n"); + fprintf(add_fd, "cn: Backup Operators\n"); + fprintf(add_fd, "description: Netbios Domain Members can bypass file security to back up files\n"); + fprintf(add_fd, "sambaSID: %s-551\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Backup Operators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Replicators entity */ + fprintf(add_fd, "# Replicators, %s, %s\n", group_attr, suffix); + fprintf(add_fd, "dn: cn=Replicators,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 552\n"); + fprintf(add_fd, "cn: Replicators\n"); + fprintf(add_fd, "description: Netbios Domain Supports file replication in a sambaDomainName\n"); + fprintf(add_fd, "sambaSID: %s-552\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Replicators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Deallocate memory, and return */ + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS map_populate_groups(TALLOC_CTX *mem_ctx, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + const char *sid, + const char *suffix, + const char *builtin_sid) +{ + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Map the groups created by populate_ldap_for_ldif */ + groupmap[0].rid = 512; + groupmap[0].gidNumber = 512; + groupmap[0].sambaSID = talloc_asprintf(mem_ctx, "%s-512", sid); + groupmap[0].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Admins,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[0].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[0].group_dn); + + accountmap[0].rid = 512; + accountmap[0].cn = talloc_strdup(mem_ctx, "Domain Admins"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[0].cn); + + groupmap[1].rid = 513; + groupmap[1].gidNumber = 513; + groupmap[1].sambaSID = talloc_asprintf(mem_ctx, "%s-513", sid); + groupmap[1].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Users,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[1].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[1].group_dn); + + accountmap[1].rid = 513; + accountmap[1].cn = talloc_strdup(mem_ctx, "Domain Users"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[1].cn); + + groupmap[2].rid = 514; + groupmap[2].gidNumber = 514; + groupmap[2].sambaSID = talloc_asprintf(mem_ctx, "%s-514", sid); + groupmap[2].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Guests,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[2].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[2].group_dn); + + accountmap[2].rid = 514; + accountmap[2].cn = talloc_strdup(mem_ctx, "Domain Guests"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[2].cn); + + groupmap[3].rid = 515; + groupmap[3].gidNumber = 515; + groupmap[3].sambaSID = talloc_asprintf(mem_ctx, "%s-515", sid); + groupmap[3].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Computers,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[3].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[3].group_dn); + + accountmap[3].rid = 515; + accountmap[3].cn = talloc_strdup(mem_ctx, "Domain Computers"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[3].cn); + + groupmap[4].rid = 544; + groupmap[4].gidNumber = 544; + groupmap[4].sambaSID = talloc_asprintf(mem_ctx, "%s-544", builtin_sid); + groupmap[4].group_dn = talloc_asprintf(mem_ctx, + "cn=Administrators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[4].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[4].group_dn); + + accountmap[4].rid = 515; + accountmap[4].cn = talloc_strdup(mem_ctx, "Administrators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[4].cn); + + groupmap[5].rid = 550; + groupmap[5].gidNumber = 550; + groupmap[5].sambaSID = talloc_asprintf(mem_ctx, "%s-550", builtin_sid); + groupmap[5].group_dn = talloc_asprintf(mem_ctx, + "cn=Print Operators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[5].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[5].group_dn); + + accountmap[5].rid = 550; + accountmap[5].cn = talloc_strdup(mem_ctx, "Print Operators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[5].cn); + + groupmap[6].rid = 551; + groupmap[6].gidNumber = 551; + groupmap[6].sambaSID = talloc_asprintf(mem_ctx, "%s-551", builtin_sid); + groupmap[6].group_dn = talloc_asprintf(mem_ctx, + "cn=Backup Operators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[6].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[6].group_dn); + + accountmap[6].rid = 551; + accountmap[6].cn = talloc_strdup(mem_ctx, "Backup Operators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[6].cn); + + groupmap[7].rid = 552; + groupmap[7].gidNumber = 552; + groupmap[7].sambaSID = talloc_asprintf(mem_ctx, "%s-552", builtin_sid); + groupmap[7].group_dn = talloc_asprintf(mem_ctx, + "cn=Replicators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[7].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[7].group_dn); + + accountmap[7].rid = 551; + accountmap[7].cn = talloc_strdup(mem_ctx, "Replicators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[7].cn); + + SAFE_FREE(group_attr); + + return NT_STATUS_OK; +} + +/* + * This is a crap routine, but I think it's the quickest way to solve the + * UTF8->base64 problem. + */ + +static int fprintf_attr(FILE *add_fd, const char *attr_name, + const char *fmt, ...) +{ + va_list ap; + char *value, *p, *base64; + DATA_BLOB base64_blob; + bool do_base64 = false; + int res; + + va_start(ap, fmt); + value = talloc_vasprintf(NULL, fmt, ap); + va_end(ap); + + SMB_ASSERT(value != NULL); + + for (p=value; *p; p++) { + if (*p & 0x80) { + do_base64 = true; + break; + } + } + + if (!do_base64) { + bool only_whitespace = true; + for (p=value; *p; p++) { + /* + * I know that this not multibyte safe, but we break + * on the first non-whitespace character anyway. + */ + if (!isspace(*p)) { + only_whitespace = false; + break; + } + } + if (only_whitespace) { + do_base64 = true; + } + } + + if (!do_base64) { + res = fprintf(add_fd, "%s: %s\n", attr_name, value); + TALLOC_FREE(value); + return res; + } + + base64_blob.data = (unsigned char *)value; + base64_blob.length = strlen(value); + + base64 = base64_encode_data_blob(value, base64_blob); + SMB_ASSERT(base64 != NULL); + + res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); + TALLOC_FREE(value); + return res; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_GROUP *r, + GROUPMAP *groupmap, + FILE *add_fd, + const char *sid, + const char *suffix) +{ + const char *groupname = r->group_name.string; + uint32 grouptype = 0, g_rid = 0; + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Set up the group type (always 2 for group info) */ + grouptype = 2; + + /* These groups are entered by populate_ldap_for_ldif */ + if (strcmp(groupname, "Domain Admins") == 0 || + strcmp(groupname, "Domain Users") == 0 || + strcmp(groupname, "Domain Guests") == 0 || + strcmp(groupname, "Domain Computers") == 0 || + strcmp(groupname, "Administrators") == 0 || + strcmp(groupname, "Print Operators") == 0 || + strcmp(groupname, "Backup Operators") == 0 || + strcmp(groupname, "Replicators") == 0) { + SAFE_FREE(group_attr); + return NT_STATUS_OK; + } else { + /* Increment the gid for the new group */ + ldif_gid++; + } + + /* Map the group rid, gid, and dn */ + g_rid = r->rid; + groupmap->rid = g_rid; + groupmap->gidNumber = ldif_gid; + groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); + groupmap->group_dn = talloc_asprintf(mem_ctx, + "cn=%s,ou=%s,%s", groupname, group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap->group_dn); + + /* Write the data to the temporary add ldif file */ + fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr, + suffix); + fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", groupname, group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf_attr(add_fd, "cn", "%s", groupname); + fprintf(add_fd, "gidNumber: %d\n", ldif_gid); + fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); + fprintf(add_fd, "sambaGroupType: %d\n", grouptype); + fprintf_attr(add_fd, "displayName", "%s", groupname); + fprintf(add_fd, "\n"); + fflush(add_fd); + + SAFE_FREE(group_attr); + /* Return */ + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_USER *r, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + FILE *add_fd, + const char *sid, + const char *suffix, + int alloced) +{ + fstring username, logonscript, homedrive, homepath = "", homedir = ""; + fstring hex_nt_passwd, hex_lm_passwd; + fstring description, profilepath, fullname, sambaSID; + uchar lm_passwd[16], nt_passwd[16]; + char *flags, *user_rdn; + const char *ou; + const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; + static uchar zero_buf[16]; + uint32 rid = 0, group_rid = 0, gidNumber = 0; + time_t unix_time; + int i; + + /* Get the username */ + fstrcpy(username, r->account_name.string); + + /* Get the rid */ + rid = r->rid; + + /* Map the rid and username for group member info later */ + accountmap->rid = rid; + accountmap->cn = talloc_strdup(mem_ctx, username); + NT_STATUS_HAVE_NO_MEMORY(accountmap->cn); + + /* Get the home directory */ + if (r->acct_flags & ACB_NORMAL) { + fstrcpy(homedir, r->home_directory.string); + if (!*homedir) { + snprintf(homedir, sizeof(homedir), "/home/%s", username); + } else { + snprintf(homedir, sizeof(homedir), "/nobodyshomedir"); + } + ou = lp_ldap_user_suffix(); + } else { + ou = lp_ldap_machine_suffix(); + snprintf(homedir, sizeof(homedir), "/machinehomedir"); + } + + /* Get the logon script */ + fstrcpy(logonscript, r->logon_script.string); + + /* Get the home drive */ + fstrcpy(homedrive, r->home_drive.string); + + /* Get the home path */ + fstrcpy(homepath, r->home_directory.string); + + /* Get the description */ + fstrcpy(description, r->description.string); + + /* Get the display name */ + fstrcpy(fullname, r->full_name.string); + + /* Get the profile path */ + fstrcpy(profilepath, r->profile_path.string); + + /* Get lm and nt password data */ + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); + } else { + pdb_sethexpwd(hex_lm_passwd, NULL, 0); + } + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); + } else { + pdb_sethexpwd(hex_nt_passwd, NULL, 0); + } + unix_time = nt_time_to_unix(r->last_password_change); + + /* Increment the uid for the new user */ + ldif_uid++; + + /* Set up group id and sambaSID for the user */ + group_rid = r->primary_gid; + for (i=0; iacct_flags, + NEW_PW_FORMAT_SPACE_PADDED_LEN); + + /* Add the user to the temporary add ldif file */ + /* this isn't quite right...we can't assume there's just OU=. jmcd */ + user_rdn = sstring_sub(ou, '=', ','); + fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); + fprintf_attr(add_fd, "dn", "uid=%s,ou=%s,%s", username, user_rdn, + suffix); + SAFE_FREE(user_rdn); + fprintf(add_fd, "ObjectClass: top\n"); + fprintf(add_fd, "objectClass: inetOrgPerson\n"); + fprintf(add_fd, "objectClass: posixAccount\n"); + fprintf(add_fd, "objectClass: shadowAccount\n"); + fprintf(add_fd, "objectClass: sambaSamAccount\n"); + fprintf_attr(add_fd, "cn", "%s", username); + fprintf_attr(add_fd, "sn", "%s", username); + fprintf_attr(add_fd, "uid", "%s", username); + fprintf(add_fd, "uidNumber: %d\n", ldif_uid); + fprintf(add_fd, "gidNumber: %d\n", gidNumber); + fprintf_attr(add_fd, "homeDirectory", "%s", homedir); + if (*homepath) + fprintf_attr(add_fd, "sambaHomePath", "%s", homepath); + if (*homedrive) + fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); + if (*logonscript) + fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); + fprintf(add_fd, "loginShell: %s\n", + ((r->acct_flags & ACB_NORMAL) ? + "/bin/bash" : "/bin/false")); + fprintf(add_fd, "gecos: System User\n"); + if (*description) + fprintf_attr(add_fd, "description", "%s", description); + fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); + fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); + if(*fullname) + fprintf_attr(add_fd, "displayName", "%s", fullname); + if(*profilepath) + fprintf_attr(add_fd, "sambaProfilePath", "%s", profilepath); + if (strcmp(nopasswd, hex_lm_passwd) != 0) + fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); + if (strcmp(nopasswd, hex_nt_passwd) != 0) + fprintf(add_fd, "sambaNTPassword: %s\n", hex_nt_passwd); + fprintf(add_fd, "sambaPwdLastSet: %d\n", (int)unix_time); + fprintf(add_fd, "sambaAcctFlags: %s\n", flags); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Return */ + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_ALIAS *r, + GROUPMAP *groupmap, + FILE *add_fd, + const char *sid, + const char *suffix, + enum netr_SamDatabaseID database_id) +{ + fstring aliasname, description; + uint32 grouptype = 0, g_rid = 0; + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Get the alias name */ + fstrcpy(aliasname, r->alias_name.string); + + /* Get the alias description */ + fstrcpy(description, r->description.string); + + /* Set up the group type */ + switch (database_id) { + case SAM_DATABASE_DOMAIN: + grouptype = 4; + break; + case SAM_DATABASE_BUILTIN: + grouptype = 5; + break; + default: + grouptype = 4; + break; + } + + /* + These groups are entered by populate_ldap_for_ldif + Note that populate creates a group called Relicators, + but NT returns a group called Replicator + */ + if (strcmp(aliasname, "Domain Admins") == 0 || + strcmp(aliasname, "Domain Users") == 0 || + strcmp(aliasname, "Domain Guests") == 0 || + strcmp(aliasname, "Domain Computers") == 0 || + strcmp(aliasname, "Administrators") == 0 || + strcmp(aliasname, "Print Operators") == 0 || + strcmp(aliasname, "Backup Operators") == 0 || + strcmp(aliasname, "Replicator") == 0) { + SAFE_FREE(group_attr); + return NT_STATUS_OK; + } else { + /* Increment the gid for the new group */ + ldif_gid++; + } + + /* Map the group rid and gid */ + g_rid = r->rid; + groupmap->gidNumber = ldif_gid; + groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); + NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); + + /* Write the data to the temporary add ldif file */ + fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, + suffix); + fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", aliasname, group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: %s\n", aliasname); + fprintf(add_fd, "gidNumber: %d\n", ldif_gid); + fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); + fprintf(add_fd, "sambaGroupType: %d\n", grouptype); + fprintf_attr(add_fd, "displayName", "%s", aliasname); + if (description[0]) + fprintf_attr(add_fd, "description", "%s", description); + fprintf(add_fd, "\n"); + fflush(add_fd); + + SAFE_FREE(group_attr); + /* Return */ + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, + uint32_t id_rid, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + FILE *mod_fd, int alloced) +{ + fstring group_dn; + uint32 group_rid = 0, rid = 0; + int i, j, k; + + /* Get the dn for the group */ + if (r->num_rids > 0) { + group_rid = id_rid; + for (j=0; jnum_rids; i++) { + rid = r->rids[i]; + for (k=0; kinitialized) { + return NT_STATUS_OK; + } + + r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context); + NT_STATUS_HAVE_NO_MEMORY(r); + + /* Get the ldap suffix */ + r->suffix = lp_ldap_suffix(); + + /* Ensure we have an output file */ + if (ldif_filename) { + r->ldif_file = fopen(ldif_filename, "a"); + } else { + r->ldif_file = stdout; + } + + if (!r->ldif_file) { + fprintf(stderr, "Could not open %s\n", ldif_filename); + DEBUG(1, ("Could not open %s\n", ldif_filename)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + r->add_template = talloc_strdup(mem_ctx, add_template); + r->mod_template = talloc_strdup(mem_ctx, mod_template); + if (!r->add_template || !r->mod_template) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + r->add_name = talloc_strdup(mem_ctx, add_template); + r->mod_name = talloc_strdup(mem_ctx, mod_template); + if (!r->add_name || !r->mod_name) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + /* Open the add and mod ldif files */ + if (!(r->add_file = fdopen(smb_mkstemp(r->add_name),"w"))) { + DEBUG(1, ("Could not open %s\n", r->add_name)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + if (!(r->mod_file = fdopen(smb_mkstemp(r->mod_name),"w"))) { + DEBUG(1, ("Could not open %s\n", r->mod_name)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + /* Allocate initial memory for groupmap and accountmap arrays */ + r->groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8); + r->accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8); + if (r->groupmap == NULL || r->accountmap == NULL) { + DEBUG(1,("GROUPMAP talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto done; + } + + /* Remember how many we malloced */ + r->num_alloced = 8; + + /* Initial database population */ + if (database_id == SAM_DATABASE_DOMAIN) { + + status = populate_ldap_for_ldif(domain_sid_str, + r->suffix, + builtin_sid, + r->add_file); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = map_populate_groups(mem_ctx, + r->groupmap, + r->accountmap, + domain_sid_str, + r->suffix, + builtin_sid); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + + r->initialized = true; + + *ctx = r; + + return NT_STATUS_OK; + done: + TALLOC_FREE(r); + return status; +} + +/**************************************************************** +****************************************************************/ + +static void ldif_free_context(struct samsync_ldif_context *r) +{ + if (!r) { + return; + } + + /* Close and delete the ldif files */ + if (r->add_file) { + fclose(r->add_file); + } + + if ((r->add_name != NULL) && + strcmp(r->add_name, r->add_template) && (unlink(r->add_name))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + r->add_name, strerror(errno))); + } + + if (r->mod_file) { + fclose(r->mod_file); + } + + if ((r->mod_name != NULL) && + strcmp(r->mod_name, r->mod_template) && (unlink(r->mod_name))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + r->mod_name, strerror(errno))); + } + + if (r->ldif_file && (r->ldif_file != stdout)) { + fclose(r->ldif_file); + } + + TALLOC_FREE(r); +} + +/**************************************************************** +****************************************************************/ + +static void ldif_write_output(enum netr_SamDatabaseID database_id, + struct samsync_ldif_context *l) +{ + /* Write ldif data to the user's file */ + if (database_id == SAM_DATABASE_DOMAIN) { + fprintf(l->ldif_file, + "# SAM_DATABASE_DOMAIN: ADD ENTITIES\n"); + fprintf(l->ldif_file, + "# =================================\n\n"); + fflush(l->ldif_file); + } else if (database_id == SAM_DATABASE_BUILTIN) { + fprintf(l->ldif_file, + "# SAM_DATABASE_BUILTIN: ADD ENTITIES\n"); + fprintf(l->ldif_file, + "# ==================================\n\n"); + fflush(l->ldif_file); + } + fseek(l->add_file, 0, SEEK_SET); + transfer_file(fileno(l->add_file), fileno(l->ldif_file), (size_t) -1); + + if (database_id == SAM_DATABASE_DOMAIN) { + fprintf(l->ldif_file, + "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); + fprintf(l->ldif_file, + "# ====================================\n\n"); + fflush(l->ldif_file); + } else if (database_id == SAM_DATABASE_BUILTIN) { + fprintf(l->ldif_file, + "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n"); + fprintf(l->ldif_file, + "# =====================================\n\n"); + fflush(l->ldif_file); + } + fseek(l->mod_file, 0, SEEK_SET); + transfer_file(fileno(l->mod_file), fileno(l->ldif_file), (size_t) -1); +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + struct samsync_context *ctx, + uint32_t *a_index, + uint32_t *g_index) +{ + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + struct samsync_ldif_context *l = + talloc_get_type_abort(ctx->private_data, struct samsync_ldif_context); + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + break; + + case NETR_DELTA_GROUP: + fetch_group_info_to_ldif(mem_ctx, + u.group, + &l->groupmap[*g_index], + l->add_file, + ctx->domain_sid_str, + l->suffix); + (*g_index)++; + break; + + case NETR_DELTA_USER: + fetch_account_info_to_ldif(mem_ctx, + u.user, + l->groupmap, + &l->accountmap[*a_index], + l->add_file, + ctx->domain_sid_str, + l->suffix, + l->num_alloced); + (*a_index)++; + break; + + case NETR_DELTA_ALIAS: + fetch_alias_info_to_ldif(mem_ctx, + u.alias, + &l->groupmap[*g_index], + l->add_file, + ctx->domain_sid_str, + l->suffix, + database_id); + (*g_index)++; + break; + + case NETR_DELTA_GROUP_MEMBER: + fetch_groupmem_info_to_ldif(u.group_member, + id.rid, + l->groupmap, + l->accountmap, + l->mod_file, + l->num_alloced); + break; + + case NETR_DELTA_ALIAS_MEMBER: + case NETR_DELTA_POLICY: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_SECRET: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_MODIFY_COUNT: + default: + break; + } /* end of switch */ + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, + struct samsync_ldif_context *l, + uint32_t num_entries) +{ + /* Re-allocate memory for groupmap and accountmap arrays */ + l->groupmap = TALLOC_REALLOC_ARRAY(mem_ctx, + l->groupmap, + GROUPMAP, + num_entries + l->num_alloced); + + l->accountmap = TALLOC_REALLOC_ARRAY(mem_ctx, + l->accountmap, + ACCOUNTMAP, + num_entries + l->num_alloced); + + if (l->groupmap == NULL || l->accountmap == NULL) { + DEBUG(1,("GROUPMAP talloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Initialize the new records */ + memset(&(l->groupmap[l->num_alloced]), 0, + sizeof(GROUPMAP) * num_entries); + memset(&(l->accountmap[l->num_alloced]), 0, + sizeof(ACCOUNTMAP) * num_entries); + + /* Remember how many we alloced this time */ + l->num_alloced += num_entries; + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS result, + struct samsync_context *ctx) +{ + NTSTATUS status; + int i; + uint32_t g_index = 0, a_index = 0; + struct samsync_ldif_context *ldif_ctx = + (struct samsync_ldif_context *)ctx->private_data; + + status = ldif_init_context(mem_ctx, + database_id, + ctx->ldif_filename, + ctx->domain_sid_str, + &ldif_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + ctx->private_data = ldif_ctx; + + status = ldif_realloc_maps(mem_ctx, ldif_ctx, r->num_deltas); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + + for (i = 0; i < r->num_deltas; i++) { + status = fetch_sam_entry_ldif(mem_ctx, database_id, + &r->delta_enum[i], ctx, + &g_index, &a_index); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } + } + + /* This was the last query */ + if (NT_STATUS_IS_OK(result)) { + ldif_write_output(database_id, ldif_ctx); + ldif_free_context(ldif_ctx); + ctx->private_data = NULL; + } + + return NT_STATUS_OK; + + failed: + ldif_free_context(ldif_ctx); + ctx->private_data = NULL; + + return status; +} -- cgit From 16eb846fa5c9ef0b15eade917e0fe6a9bb3d8624 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 13:49:05 +0200 Subject: net_vampire: use generic output filename and use correct argv element. Guenther (This used to be commit e0843e631e379645296a5fe34dfc83bc265ebef3) --- source3/libnet/libnet_samsync.h | 2 +- source3/libnet/libnet_samsync_ldif.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 125312888e..38ef9c56a5 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -28,7 +28,7 @@ struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; const char *domain_sid_str; - const char *ldif_filename; + const char *output_filename; void *private_data; }; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 448c7c153e..86de2ab253 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1169,7 +1169,7 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, status = ldif_init_context(mem_ctx, database_id, - ctx->ldif_filename, + ctx->output_filename, ctx->domain_sid_str, &ldif_ctx); if (!NT_STATUS_IS_OK(status)) { -- cgit From 0d0043697d203f89f80e8bf61cff775fc435f8f9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 10:36:53 +0200 Subject: net_vampire: fix build warning. Guenther (This used to be commit eb4232fec05cd87ea85a781b84a3fbe85f469703) --- source3/libnet/libnet_samsync.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index d6331fd08c..ce95dcad5c 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -42,7 +42,6 @@ static NTSTATUS fix_user(TALLOC_CTX *mem_ctx, struct netr_DELTA_USER *user = delta->delta_union.user; struct samr_Password lm_hash; struct samr_Password nt_hash; - const char *username = user->account_name.string; if (rid_crypt) { if (user->lm_password_present) { -- cgit From 45bce6e50597c32265321ae608c5564ccab10382 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 10:38:07 +0200 Subject: net_vampire: fix samsync_process_database(). Turns out the password hashes are not rid encrypted in the samsync reply. Guenther (This used to be commit 7d8d60bcbae79f3cdd55b27217145ffbd19f161d) --- source3/libnet/libnet_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index ce95dcad5c..3c6a87a495 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -331,7 +331,7 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, samsync_fix_delta_array(mem_ctx, &session_key, - true, + false, database_id, delta_enum_array); -- cgit From 49b269f50fc2fc2817bdee97e9670b8579113060 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 18:02:03 +0200 Subject: net_vampire: add domain_name to samsync_context. Guenther (This used to be commit 7e7f07ec59d23e909809ed32adc8fc399826310d) --- source3/libnet/libnet_proto.h | 1 + source3/libnet/libnet_samsync.c | 4 ++++ source3/libnet/libnet_samsync.h | 1 + 3 files changed, 6 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index eeb4a72644..b30b94a54b 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -52,6 +52,7 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, struct netr_DELTA_ENUM_ARRAY *r); NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, + const char *domain_name, enum net_samsync_mode mode, struct samsync_context **ctx_p); NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 3c6a87a495..b5632aed69 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -193,6 +193,7 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, + const char *domain_name, enum net_samsync_mode mode, struct samsync_context **ctx_p) { @@ -205,6 +206,9 @@ NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, ctx->mode = mode; + ctx->domain_name = talloc_strdup(mem_ctx, domain_name); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_name); + if (domain_sid) { ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 38ef9c56a5..1e3995614f 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -28,6 +28,7 @@ struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; const char *domain_sid_str; + const char *domain_name; const char *output_filename; void *private_data; }; -- cgit From fefcb70f870cae351d29a937df674db8c4ee9abe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 19:49:58 +0200 Subject: net_vampire: add error and result_message to samsync_context. Guenther (This used to be commit e0b117200441f842fbc11cc817ab2cde4d63a22e) --- source3/libnet/libnet_samsync.c | 66 ++++++++++++++++++++++++------------ source3/libnet/libnet_samsync.h | 4 +++ source3/libnet/libnet_samsync_ldif.c | 7 +++- 3 files changed, 54 insertions(+), 23 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index b5632aed69..c86c5c12e1 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -222,6 +222,25 @@ NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/** + * samsync_database_str + */ + +static const char *samsync_database_str(enum netr_SamDatabaseID database_id) +{ + + switch (database_id) { + case SAM_DATABASE_DOMAIN: + return "DOMAIN"; + case SAM_DATABASE_BUILTIN: + return "BUILTIN"; + case SAM_DATABASE_PRIVS: + return "PRIVS"; + default: + return "unknown"; + } +} + /** * samsync_debug_str */ @@ -231,7 +250,6 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id) { const char *action = NULL; - const char *str = NULL; switch (mode) { case NET_SAMSYNC_MODE_DUMP: @@ -248,26 +266,8 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, break; } - switch (database_id) { - case SAM_DATABASE_DOMAIN: - str = talloc_asprintf(mem_ctx, "%s DOMAIN database", - action); - break; - case SAM_DATABASE_BUILTIN: - str = talloc_asprintf(mem_ctx, "%s BUILTIN database", - action); - break; - case SAM_DATABASE_PRIVS: - str = talloc_asprintf(mem_ctx, "%s PRIVS database", - action); - break; - default: - str = talloc_asprintf(mem_ctx, "%s unknown database type %u", - action, database_id); - break; - } - - return str; + return talloc_asprintf(mem_ctx, "%s %s database", + action, samsync_database_str(database_id)); } /** @@ -303,6 +303,7 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + NTSTATUS callback_status; netlogon_creds_client_step(pipe_hnd->dc, &credential); @@ -340,7 +341,11 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, delta_enum_array); /* Process results */ - callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); + callback_status = callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); + if (!NT_STATUS_IS_OK(callback_status)) { + result = callback_status; + goto out; + } TALLOC_FREE(delta_enum_array); @@ -349,6 +354,23 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + out: + if (NT_STATUS_IS_ERR(result) && !ctx->error_message) { + + ctx->error_message = talloc_asprintf(ctx, + "Failed to fetch %s database: %s", + samsync_database_str(database_id), + nt_errstr(result)); + + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { + + ctx->error_message = + talloc_asprintf_append(ctx->error_message, + "\nPerhaps %s is a Windows native mode domain?", + ctx->domain_name); + } + } + talloc_destroy(mem_ctx); return result; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 1e3995614f..bd64c24d93 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -30,6 +30,10 @@ struct samsync_context { const char *domain_sid_str; const char *domain_name; const char *output_filename; + + char *result_message; + char *error_message; + void *private_data; }; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 86de2ab253..60acb7db40 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1186,7 +1186,7 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, for (i = 0; i < r->num_deltas; i++) { status = fetch_sam_entry_ldif(mem_ctx, database_id, &r->delta_enum[i], ctx, - &g_index, &a_index); + &a_index, &g_index); if (!NT_STATUS_IS_OK(status)) { goto failed; } @@ -1195,6 +1195,11 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, /* This was the last query */ if (NT_STATUS_IS_OK(result)) { ldif_write_output(database_id, ldif_ctx); + if (ldif_ctx->ldif_file != stdout) { + ctx->result_message = talloc_asprintf(mem_ctx, + "Vampired %d accounts and %d groups to %s", + a_index, g_index, ctx->output_filename); + } ldif_free_context(ldif_ctx); ctx->private_data = NULL; } -- cgit From ddf6e73b1fcbc4faae938815e7c7840d04d84150 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:22:06 +0200 Subject: net_vampire: move pull_netr_AcctLockStr() to libnet. Guenther (This used to be commit 8ec64a96e43d2e55e81f725fe693178ecdc65e88) --- source3/libnet/libnet_proto.h | 3 +++ source3/libnet/libnet_samsync.c | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index b30b94a54b..6f150d1579 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -59,4 +59,7 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, enum netr_SamDatabaseID database_id, samsync_fn_t callback_fn, struct samsync_context *ctx); +NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, + struct lsa_BinaryString *r, + struct netr_AcctLockStr **str_p); #endif /* _LIBNET_PROTO_H_ */ diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index c86c5c12e1..fab77e8398 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -375,3 +375,41 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, return result; } + +/** + * pull_netr_AcctLockStr + */ + +NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, + struct lsa_BinaryString *r, + struct netr_AcctLockStr **str_p) +{ + struct netr_AcctLockStr *str; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + + if (!mem_ctx || !r || !str_p) { + return NT_STATUS_INVALID_PARAMETER; + } + + *str_p = NULL; + + str = TALLOC_ZERO_P(mem_ctx, struct netr_AcctLockStr); + if (!str) { + return NT_STATUS_NO_MEMORY; + } + + blob = data_blob_const(r->array, r->length); + + ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str, + (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + *str_p = str; + + return NT_STATUS_OK; +} + -- cgit From 6f4571bf69b9e3da6ee1ffe211829186f9d40c54 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:42:27 +0200 Subject: net_vampire: fix included header. Guenther (This used to be commit 1dbe6ea8607549649f69e1b63cc427efe67e0778) --- source3/libnet/libnet_samsync_ldif.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 60acb7db40..64eb9a58da 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -24,7 +24,7 @@ */ #include "includes.h" -#include "utils/net.h" +#include "libnet/libnet_samsync.h" /* uid's and gid's for writing deltas to ldif */ static uint32 ldif_gid = 999; -- cgit From de33b264d18620ed7f91e759bcf80c9d64a99c17 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:44:30 +0200 Subject: net_vampire: move out passdb routines to one file. Guenther (This used to be commit 74d431270d9b4cc1524f79fa2ad743420afef417) --- source3/libnet/libnet_samsync.h | 5 + source3/libnet/libnet_samsync_passdb.c | 789 +++++++++++++++++++++++++++++++++ 2 files changed, 794 insertions(+) create mode 100644 source3/libnet/libnet_samsync_passdb.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index bd64c24d93..cb584cd5be 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -48,3 +48,8 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, struct netr_DELTA_ENUM_ARRAY *r, NTSTATUS result, struct samsync_context *ctx); +NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c new file mode 100644 index 0000000000..a049d1b9c3 --- /dev/null +++ b/source3/libnet/libnet_samsync_passdb.c @@ -0,0 +1,789 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Tim Potter 2001,2002 + Copyright (C) Jim McDonough 2005 + Modified by Volker Lendecke 2002 + Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" + +/* Convert a struct samu_DELTA to a struct samu. */ +#define STRING_CHANGED (old_string && !new_string) ||\ + (!old_string && new_string) ||\ + (old_string && new_string && (strcmp(old_string, new_string) != 0)) + +#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\ + (!(s1) && (s2)) ||\ + ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) + +static NTSTATUS sam_account_from_delta(struct samu *account, + struct netr_DELTA_USER *r) +{ + const char *old_string, *new_string; + time_t unix_time, stored_time; + uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; + + /* Username, fullname, home dir, dir drive, logon script, acct + desc, workstations, profile. */ + + if (r->account_name.string) { + old_string = pdb_get_nt_username(account); + new_string = r->account_name.string; + + if (STRING_CHANGED) { + pdb_set_nt_username(account, new_string, PDB_CHANGED); + } + + /* Unix username is the same - for sanity */ + old_string = pdb_get_username( account ); + if (STRING_CHANGED) { + pdb_set_username(account, new_string, PDB_CHANGED); + } + } + + if (r->full_name.string) { + old_string = pdb_get_fullname(account); + new_string = r->full_name.string; + + if (STRING_CHANGED) + pdb_set_fullname(account, new_string, PDB_CHANGED); + } + + if (r->home_directory.string) { + old_string = pdb_get_homedir(account); + new_string = r->home_directory.string; + + if (STRING_CHANGED) + pdb_set_homedir(account, new_string, PDB_CHANGED); + } + + if (r->home_drive.string) { + old_string = pdb_get_dir_drive(account); + new_string = r->home_drive.string; + + if (STRING_CHANGED) + pdb_set_dir_drive(account, new_string, PDB_CHANGED); + } + + if (r->logon_script.string) { + old_string = pdb_get_logon_script(account); + new_string = r->logon_script.string; + + if (STRING_CHANGED) + pdb_set_logon_script(account, new_string, PDB_CHANGED); + } + + if (r->description.string) { + old_string = pdb_get_acct_desc(account); + new_string = r->description.string; + + if (STRING_CHANGED) + pdb_set_acct_desc(account, new_string, PDB_CHANGED); + } + + if (r->workstations.string) { + old_string = pdb_get_workstations(account); + new_string = r->workstations.string; + + if (STRING_CHANGED) + pdb_set_workstations(account, new_string, PDB_CHANGED); + } + + if (r->profile_path.string) { + old_string = pdb_get_profile_path(account); + new_string = r->profile_path.string; + + if (STRING_CHANGED) + pdb_set_profile_path(account, new_string, PDB_CHANGED); + } + + if (r->parameters.string) { + DATA_BLOB mung; + char *newstr; + old_string = pdb_get_munged_dial(account); + mung.length = r->parameters.length; + mung.data = (uint8 *) r->parameters.string; + newstr = (mung.length == 0) ? NULL : + base64_encode_data_blob(talloc_tos(), mung); + + if (STRING_CHANGED_NC(old_string, newstr)) + pdb_set_munged_dial(account, newstr, PDB_CHANGED); + TALLOC_FREE(newstr); + } + + /* User and group sid */ + if (pdb_get_user_rid(account) != r->rid) + pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != r->primary_gid) + pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED); + + /* Logon and password information */ + if (!nt_time_is_zero(&r->last_logon)) { + unix_time = nt_time_to_unix(r->last_logon); + stored_time = pdb_get_logon_time(account); + if (stored_time != unix_time) + pdb_set_logon_time(account, unix_time, PDB_CHANGED); + } + + if (!nt_time_is_zero(&r->last_logoff)) { + unix_time = nt_time_to_unix(r->last_logoff); + stored_time = pdb_get_logoff_time(account); + if (stored_time != unix_time) + pdb_set_logoff_time(account, unix_time,PDB_CHANGED); + } + + /* Logon Divs */ + if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week) + pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED); + +#if 0 + /* no idea what to do with this one - gd */ + /* Max Logon Hours */ + if (delta->unknown1 != pdb_get_unknown_6(account)) { + pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); + } +#endif + /* Logon Hours Len */ + if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED); + } + + /* Logon Hours */ + if (r->logon_hours.bits) { + char oldstr[44], newstr[44]; + pdb_sethexhours(oldstr, pdb_get_hours(account)); + pdb_sethexhours(newstr, r->logon_hours.bits); + if (!strequal(oldstr, newstr)) + pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED); + } + + if (pdb_get_bad_password_count(account) != r->bad_password_count) + pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED); + + if (pdb_get_logon_count(account) != r->logon_count) + pdb_set_logon_count(account, r->logon_count, PDB_CHANGED); + + if (!nt_time_is_zero(&r->last_password_change)) { + unix_time = nt_time_to_unix(r->last_password_change); + stored_time = pdb_get_pass_last_set_time(account); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); + } else { + /* no last set time, make it now */ + pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); + } + + if (!nt_time_is_zero(&r->acct_expiry)) { + unix_time = nt_time_to_unix(r->acct_expiry); + stored_time = pdb_get_kickoff_time(account); + if (stored_time != unix_time) + pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); + } + + /* Decode hashes from password hash + Note that win2000 may send us all zeros for the hashes if it doesn't + think this channel is secure enough - don't set the passwords at all + in that case + */ + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); + pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); + } + + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); + pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); + } + + /* TODO: account expiry time */ + + pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED); + + pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); + + return NT_STATUS_OK; +} + +static NTSTATUS fetch_account_info(uint32_t rid, + struct netr_DELTA_USER *r) +{ + + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; + fstring account; + char *add_script = NULL; + struct samu *sam_account=NULL; + GROUP_MAP map; + struct group *grp; + DOM_SID user_sid; + DOM_SID group_sid; + struct passwd *passwd; + fstring sid_string; + + fstrcpy(account, r->account_name.string); + d_printf("Creating account: %s\n", account); + + if ( !(sam_account = samu_new( NULL )) ) { + return NT_STATUS_NO_MEMORY; + } + + if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { + /* Create appropriate user */ + if (r->acct_flags & ACB_NORMAL) { + add_script = talloc_strdup(sam_account, + lp_adduser_script()); + } else if ( (r->acct_flags & ACB_WSTRUST) || + (r->acct_flags & ACB_SVRTRUST) || + (r->acct_flags & ACB_DOMTRUST) ) { + add_script = talloc_strdup(sam_account, + lp_addmachine_script()); + } else { + DEBUG(1, ("Unknown user type: %s\n", + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN))); + nt_ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + if (!add_script) { + nt_ret = NT_STATUS_NO_MEMORY; + goto done; + } + if (*add_script) { + int add_ret; + add_script = talloc_all_string_sub(sam_account, + add_script, + "%u", + account); + if (!add_script) { + nt_ret = NT_STATUS_NO_MEMORY; + goto done; + } + add_ret = smbrun(add_script,NULL); + DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " + "gave %d\n", add_script, add_ret)); + if (add_ret == 0) { + smb_nscd_flush_user_cache(); + } + } + + /* try and find the possible unix account again */ + if ( !(passwd = Get_Pwnam_alloc(sam_account, account)) ) { + d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); + nt_ret = NT_STATUS_NO_SUCH_USER; + goto done; + } + } + + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, r->rid); + + DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", + sid_to_fstring(sid_string, &user_sid), account)); + if (!pdb_getsampwsid(sam_account, &user_sid)) { + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sid_to_fstring(sid_string, &user_sid), + pdb_get_username(sam_account))); + if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { + DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", + account)); + return NT_STATUS_ACCESS_DENIED; + } + } else { + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sid_to_fstring(sid_string, &user_sid), + pdb_get_username(sam_account))); + if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { + DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", + account)); + TALLOC_FREE(sam_account); + return NT_STATUS_ACCESS_DENIED; + } + } + + if (pdb_get_group_sid(sam_account) == NULL) { + return NT_STATUS_UNSUCCESSFUL; + } + + group_sid = *pdb_get_group_sid(sam_account); + + if (!pdb_getgrsid(&map, group_sid)) { + DEBUG(0, ("Primary group of %s has no mapping!\n", + pdb_get_username(sam_account))); + } else { + if (map.gid != passwd->pw_gid) { + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); + } else { + smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); + } + } + } + + if ( !passwd ) { + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + pdb_get_username(sam_account))); + } + + done: + TALLOC_FREE(sam_account); + return nt_ret; +} + +static NTSTATUS fetch_group_info(uint32_t rid, + struct netr_DELTA_GROUP *r) +{ + fstring name; + fstring comment; + struct group *grp = NULL; + DOM_SID group_sid; + fstring sid_string; + GROUP_MAP map; + bool insert = true; + + fstrcpy(name, r->group_name.string); + fstrcpy(comment, r->description.string); + + /* add the group to the mapping table */ + sid_copy(&group_sid, get_global_sam_sid()); + sid_append_rid(&group_sid, rid); + sid_to_fstring(sid_string, &group_sid); + + if (pdb_getgrsid(&map, group_sid)) { + if ( map.gid != -1 ) + grp = getgrgid(map.gid); + insert = false; + } + + if (grp == NULL) { + gid_t gid; + + /* No group found from mapping, find it from its name. */ + if ((grp = getgrnam(name)) == NULL) { + + /* No appropriate group found, create one */ + + d_printf("Creating unix group: '%s'\n", name); + + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + + if ((grp = getgrnam(name)) == NULL) + return NT_STATUS_ACCESS_DENIED; + } + } + + map.gid = grp->gr_gid; + map.sid = group_sid; + map.sid_name_use = SID_NAME_DOM_GRP; + fstrcpy(map.nt_name, name); + if (r->description.string) { + fstrcpy(map.comment, comment); + } else { + fstrcpy(map.comment, ""); + } + + if (insert) + pdb_add_group_mapping_entry(&map); + else + pdb_update_group_mapping_entry(&map); + + return NT_STATUS_OK; +} + +static NTSTATUS fetch_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) +{ + int i; + TALLOC_CTX *t = NULL; + char **nt_members = NULL; + char **unix_members; + DOM_SID group_sid; + GROUP_MAP map; + struct group *grp; + + if (r->num_rids == 0) { + return NT_STATUS_OK; + } + + sid_copy(&group_sid, get_global_sam_sid()); + sid_append_rid(&group_sid, rid); + + if (!get_domain_group_from_sid(group_sid, &map)) { + DEBUG(0, ("Could not find global group %d\n", rid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + d_printf("Group members of %s: ", grp->gr_name); + + if (!(t = talloc_init("fetch_group_mem_info"))) { + DEBUG(0, ("could not talloc_init\n")); + return NT_STATUS_NO_MEMORY; + } + + if (r->num_rids) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) { + DEBUG(0, ("talloc failed\n")); + talloc_free(t); + return NT_STATUS_NO_MEMORY; + } + } else { + nt_members = NULL; + } + + for (i=0; i < r->num_rids; i++) { + struct samu *member = NULL; + DOM_SID member_sid; + + if ( !(member = samu_new(t)) ) { + talloc_destroy(t); + return NT_STATUS_NO_MEMORY; + } + + sid_copy(&member_sid, get_global_sam_sid()); + sid_append_rid(&member_sid, r->rids[i]); + + if (!pdb_getsampwsid(member, &member_sid)) { + DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", + r->rids[i], sid_string_tos(&member_sid), grp->gr_name)); + TALLOC_FREE(member); + continue; + } + + if (pdb_get_group_rid(member) == rid) { + d_printf("%s(primary),", pdb_get_username(member)); + TALLOC_FREE(member); + continue; + } + + d_printf("%s,", pdb_get_username(member)); + nt_members[i] = talloc_strdup(t, pdb_get_username(member)); + TALLOC_FREE(member); + } + + d_printf("\n"); + + unix_members = grp->gr_mem; + + while (*unix_members) { + bool is_nt_member = false; + for (i=0; i < r->num_rids; i++) { + if (nt_members[i] == NULL) { + /* This was a primary group */ + continue; + } + + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_nt_member = true; + break; + } + } + if (!is_nt_member) { + /* We look at a unix group member that is not + an nt group member. So, remove it. NT is + boss here. */ + smb_delete_user_group(grp->gr_name, *unix_members); + } + unix_members += 1; + } + + for (i=0; i < r->num_rids; i++) { + bool is_unix_member = false; + + if (nt_members[i] == NULL) { + /* This was the primary group */ + continue; + } + + unix_members = grp->gr_mem; + + while (*unix_members) { + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_unix_member = true; + break; + } + unix_members += 1; + } + + if (!is_unix_member) { + /* We look at a nt group member that is not a + unix group member currently. So, add the nt + group member. */ + smb_add_user_group(grp->gr_name, nt_members[i]); + } + } + + talloc_destroy(t); + return NT_STATUS_OK; +} + +static NTSTATUS fetch_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r, + const DOM_SID *dom_sid) +{ + fstring name; + fstring comment; + struct group *grp = NULL; + DOM_SID alias_sid; + fstring sid_string; + GROUP_MAP map; + bool insert = true; + + fstrcpy(name, r->alias_name.string); + fstrcpy(comment, r->description.string); + + /* Find out whether the group is already mapped */ + sid_copy(&alias_sid, dom_sid); + sid_append_rid(&alias_sid, rid); + sid_to_fstring(sid_string, &alias_sid); + + if (pdb_getgrsid(&map, alias_sid)) { + grp = getgrgid(map.gid); + insert = false; + } + + if (grp == NULL) { + gid_t gid; + + /* No group found from mapping, find it from its name. */ + if ((grp = getgrnam(name)) == NULL) { + /* No appropriate group found, create one */ + d_printf("Creating unix group: '%s'\n", name); + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + if ((grp = getgrgid(gid)) == NULL) + return NT_STATUS_ACCESS_DENIED; + } + } + + map.gid = grp->gr_gid; + map.sid = alias_sid; + + if (sid_equal(dom_sid, &global_sid_Builtin)) + map.sid_name_use = SID_NAME_WKN_GRP; + else + map.sid_name_use = SID_NAME_ALIAS; + + fstrcpy(map.nt_name, name); + fstrcpy(map.comment, comment); + + if (insert) + pdb_add_group_mapping_entry(&map); + else + pdb_update_group_mapping_entry(&map); + + return NT_STATUS_OK; +} + +static NTSTATUS fetch_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r, + const DOM_SID *dom_sid) +{ + return NT_STATUS_OK; +} + +static NTSTATUS fetch_domain_info(uint32_t rid, + struct netr_DELTA_DOMAIN *r) +{ + time_t u_max_age, u_min_age, u_logout; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + const char *domname; + struct netr_AcctLockStr *lockstr = NULL; + NTSTATUS status; + TALLOC_CTX *mem_ctx = talloc_tos(); + + status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, + &lockstr); + if (!NT_STATUS_IS_OK(status)) { + d_printf("failed to pull account lockout string: %s\n", + nt_errstr(status)); + } + + u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); + u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); + u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); + + domname = r->domain_name.string; + if (!domname) { + return NT_STATUS_NO_MEMORY; + } + + /* we don't handle BUILTIN account policies */ + if (!strequal(domname, get_global_sam_name())) { + printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname); + return NT_STATUS_OK; + } + + + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, + r->password_history_length)) + return nt_status; + + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + r->min_password_length)) + return nt_status; + + if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + return nt_status; + + if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + return nt_status; + + if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + return nt_status; + + if (lockstr) { + time_t u_lockoutreset, u_lockouttime; + + u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); + u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); + + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + lockstr->bad_attempt_lockout)) + return nt_status; + + if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60)) + return nt_status; + + if (u_lockouttime != -1) + u_lockouttime /= 60; + + if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime)) + return nt_status; + } + + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + r->logon_to_chgpass)) + return nt_status; + + return NT_STATUS_OK; +} + +static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + struct samsync_context *ctx) +{ + switch(r->delta_type) { + case NETR_DELTA_USER: + fetch_account_info(r->delta_id_union.rid, + r->delta_union.user); + break; + case NETR_DELTA_GROUP: + fetch_group_info(r->delta_id_union.rid, + r->delta_union.group); + break; + case NETR_DELTA_GROUP_MEMBER: + fetch_group_mem_info(r->delta_id_union.rid, + r->delta_union.group_member); + break; + case NETR_DELTA_ALIAS: + fetch_alias_info(r->delta_id_union.rid, + r->delta_union.alias, + ctx->domain_sid); + break; + case NETR_DELTA_ALIAS_MEMBER: + fetch_alias_mem(r->delta_id_union.rid, + r->delta_union.alias_member, + ctx->domain_sid); + break; + case NETR_DELTA_DOMAIN: + fetch_domain_info(r->delta_id_union.rid, + r->delta_union.domain); + break; + /* The following types are recognised but not handled */ + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); + break; + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); + break; + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); + break; + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); + break; + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); + break; + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); + break; + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); + break; + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); + break; + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); + break; + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); + break; + default: + d_printf("Unknown delta record type %d\n", r->delta_type); + break; + } + + return NT_STATUS_OK; +} + +NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx) +{ + int i; + + for (i = 0; i < r->num_deltas; i++) { + fetch_sam_entry(mem_ctx, database_id, &r->delta_enum[i], ctx); + } + + return NT_STATUS_OK; +} -- cgit From bd6fece98af7142790625ddd19769529eba4ada3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:53:01 +0200 Subject: net_vampire: move out display routines to one file. Guenther (This used to be commit 64b48a07e714d7eb97dd49c11d9ca62951d79524) --- source3/libnet/libnet_samsync.h | 5 + source3/libnet/libnet_samsync_display.c | 302 ++++++++++++++++++++++++++++++++ 2 files changed, 307 insertions(+) create mode 100644 source3/libnet/libnet_samsync_display.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index cb584cd5be..24b72f3ab1 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -53,3 +53,8 @@ NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, struct netr_DELTA_ENUM_ARRAY *r, NTSTATUS status, struct samsync_context *ctx); +NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c new file mode 100644 index 0000000000..6e9a6924b4 --- /dev/null +++ b/source3/libnet/libnet_samsync_display.c @@ -0,0 +1,302 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Tim Potter 2001,2002 + Copyright (C) Jim McDonough 2005 + Modified by Volker Lendecke 2002 + Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" + +static void display_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) +{ + int i; + d_printf("Group mem %u: ", rid); + for (i=0; i< r->num_rids; i++) { + d_printf("%u ", r->rids[i]); + } + d_printf("\n"); +} + +static void display_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r) +{ + d_printf("Alias '%s' ", r->alias_name.string); + d_printf("desc='%s' rid=%u\n", r->description.string, r->rid); +} + +static void display_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r) +{ + int i; + d_printf("Alias rid %u: ", rid); + for (i=0; i< r->sids.num_sids; i++) { + d_printf("%s ", sid_string_tos(r->sids.sids[i].sid)); + } + d_printf("\n"); +} + +static void display_account_info(uint32_t rid, + struct netr_DELTA_USER *r) +{ + fstring hex_nt_passwd, hex_lm_passwd; + uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; + + /* Decode hashes from password hash (if they are not NULL) */ + + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); + } else { + pdb_sethexpwd(hex_lm_passwd, NULL, 0); + } + + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); + } else { + pdb_sethexpwd(hex_nt_passwd, NULL, 0); + } + + printf("%s:%d:%s:%s:%s:LCT-0\n", + r->account_name.string, + r->rid, hex_lm_passwd, hex_nt_passwd, + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); +} + +static void display_domain_info(struct netr_DELTA_DOMAIN *r) +{ + time_t u_logout; + struct netr_AcctLockStr *lockstr = NULL; + NTSTATUS status; + TALLOC_CTX *mem_ctx = talloc_tos(); + + status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, + &lockstr); + if (!NT_STATUS_IS_OK(status)) { + d_printf("failed to pull account lockout string: %s\n", + nt_errstr(status)); + } + + u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); + + d_printf("Domain name: %s\n", r->domain_name.string); + + d_printf("Minimal Password Length: %d\n", r->min_password_length); + d_printf("Password History Length: %d\n", r->password_history_length); + + d_printf("Force Logoff: %d\n", (int)u_logout); + + d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); + d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); + + if (lockstr) { + d_printf("Lockout Time: %s\n", display_time((NTTIME)lockstr->lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time((NTTIME)lockstr->reset_count)); + d_printf("Bad Attempt Lockout: %d\n", lockstr->bad_attempt_lockout); + } + + d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); +} + +static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) +{ + d_printf("Group '%s' ", r->group_name.string); + d_printf("desc='%s', rid=%u\n", r->description.string, rid); +} + +static void display_delete_group(uint32_t rid) +{ + d_printf("Delete Group '%d' ", rid); +} + +static void display_rename_group(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename Group '%d' ", rid); + d_printf("Rename Group: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + +static void display_delete_user(uint32_t rid) +{ + d_printf("Delete User '%d' ", rid); +} + +static void display_rename_user(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename User '%d' ", rid); + d_printf("Rename User: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + +static void display_delete_alias(uint32_t rid) +{ + d_printf("Delete Alias '%d' ", rid); +} + +static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename Alias '%d' ", rid); + d_printf("Rename Alias: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + +static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + NTSTATUS status, + struct samsync_context *ctx) +{ + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + display_domain_info(u.domain); + break; + case NETR_DELTA_GROUP: + display_group_info(id.rid, u.group); + break; + case NETR_DELTA_DELETE_GROUP: + display_delete_group(id.rid); + break; + case NETR_DELTA_RENAME_GROUP: + display_rename_group(id.rid, u.rename_group); + break; + case NETR_DELTA_USER: + display_account_info(id.rid, u.user); + break; + case NETR_DELTA_DELETE_USER: + display_delete_user(id.rid); + break; + case NETR_DELTA_RENAME_USER: + display_rename_user(id.rid, u.rename_user); + break; + case NETR_DELTA_GROUP_MEMBER: + display_group_mem_info(id.rid, u.group_member); + break; + case NETR_DELTA_ALIAS: + display_alias_info(id.rid, u.alias); + break; + case NETR_DELTA_DELETE_ALIAS: + display_delete_alias(id.rid); + break; + case NETR_DELTA_RENAME_ALIAS: + display_rename_alias(id.rid, u.rename_alias); + break; + case NETR_DELTA_ALIAS_MEMBER: + display_alias_mem(id.rid, u.alias_member); + break; + case NETR_DELTA_POLICY: + printf("Policy\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + printf("Trusted Domain: %s\n", + u.trusted_domain->domain_name.string); + break; + case NETR_DELTA_DELETE_TRUST: + printf("Delete Trust: %d\n", + u.delete_trust.unknown); + break; + case NETR_DELTA_ACCOUNT: + printf("Account\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + printf("Delete Account: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_SECRET: + printf("Secret\n"); + break; + case NETR_DELTA_DELETE_SECRET: + printf("Delete Secret: %d\n", + u.delete_secret.unknown); + break; + case NETR_DELTA_DELETE_GROUP2: + printf("Delete Group2: %s\n", + u.delete_group->account_name); + break; + case NETR_DELTA_DELETE_USER2: + printf("Delete User2: %s\n", + u.delete_user->account_name); + break; + case NETR_DELTA_MODIFY_COUNT: + printf("sam sequence update: 0x%016llx\n", + (unsigned long long) *u.modified_count); + break; +#if 0 + /* The following types are recognised but not handled */ + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); + break; + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); + break; + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); + break; + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); + break; + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); + break; +#endif + default: + printf("unknown delta type 0x%02x\n", + r->delta_type); + break; + } + + return NT_STATUS_OK; +} + +NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx) +{ + int i; + + for (i = 0; i < r->num_deltas; i++) { + display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], status, ctx); + } + + return NT_STATUS_OK; +} -- cgit From 8725626ec8b2b2a11b2c0bb5e7010f229d552b5e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Jun 2008 17:03:53 +0200 Subject: net_vampire: prepend libnet_ to the public samsync functions. Guenther (This used to be commit f020c947cfb1482176af8827ed9c361d7c21e26f) --- source3/libnet/libnet_proto.h | 23 +++++++++-------------- source3/libnet/libnet_samsync.c | 34 +++++++++++++++++----------------- 2 files changed, 26 insertions(+), 31 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 6f150d1579..ba73a3e8bc 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -45,20 +45,15 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name /* The following definitions come from libnet/libnet_samsync.c */ -NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key, - bool rid_crypt, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r); -NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, - const struct dom_sid *domain_sid, - const char *domain_name, - enum net_samsync_mode mode, - struct samsync_context **ctx_p); -NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, - struct samsync_context *ctx); +NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + const char *domain_name, + enum net_samsync_mode mode, + struct samsync_context **ctx_p); +NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + samsync_fn_t callback_fn, + struct samsync_context *ctx); NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, struct lsa_BinaryString *r, struct netr_AcctLockStr **str_p); diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index fab77e8398..7dd47b6399 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -163,11 +163,11 @@ static NTSTATUS samsync_fix_delta(TALLOC_CTX *mem_ctx, * callback need only do the printing or application logic */ -NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, - DATA_BLOB *session_key, - bool rid_crypt, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r) +static NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + bool rid_crypt, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r) { NTSTATUS status; int i; @@ -188,14 +188,14 @@ NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, } /** - * samsync_init_context + * libnet_samsync_init_context */ -NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, - const struct dom_sid *domain_sid, - const char *domain_name, - enum net_samsync_mode mode, - struct samsync_context **ctx_p) +NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + const char *domain_name, + enum net_samsync_mode mode, + struct samsync_context **ctx_p) { struct samsync_context *ctx; @@ -271,13 +271,13 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, } /** - * samsync_process_database + * libnet_samsync */ -NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, - struct samsync_context *ctx) +NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + samsync_fn_t callback_fn, + struct samsync_context *ctx) { NTSTATUS result; TALLOC_CTX *mem_ctx; @@ -292,7 +292,7 @@ NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, ZERO_STRUCT(return_authenticator); - if (!(mem_ctx = talloc_init("samsync_process_database"))) { + if (!(mem_ctx = talloc_init("libnet_samsync"))) { return NT_STATUS_NO_MEMORY; } -- cgit From 48a680ecf2a00169066c6e6c84ec3fecc3245dbd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Jun 2008 17:29:01 +0200 Subject: net_vampire: more libnet_samsync restructuring. Guenther (This used to be commit 3bcda522f025aff249678a8a086218679fc19c6b) --- source3/libnet/libnet_proto.h | 6 +----- source3/libnet/libnet_samsync.c | 24 ++++++++---------------- source3/libnet/libnet_samsync.h | 16 ++++++++++------ 3 files changed, 19 insertions(+), 27 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index ba73a3e8bc..2440cd3c7f 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -47,12 +47,8 @@ _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, - const char *domain_name, - enum net_samsync_mode mode, struct samsync_context **ctx_p); -NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, +NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, struct samsync_context *ctx); NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, struct lsa_BinaryString *r, diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 7dd47b6399..e170acc560 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -193,8 +193,6 @@ static NTSTATUS samsync_fix_delta_array(TALLOC_CTX *mem_ctx, NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, - const char *domain_name, - enum net_samsync_mode mode, struct samsync_context **ctx_p) { struct samsync_context *ctx; @@ -204,11 +202,6 @@ NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); NT_STATUS_HAVE_NO_MEMORY(ctx); - ctx->mode = mode; - - ctx->domain_name = talloc_strdup(mem_ctx, domain_name); - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_name); - if (domain_sid) { ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); @@ -274,14 +267,12 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, * libnet_samsync */ -NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, +NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, struct samsync_context *ctx) { NTSTATUS result; TALLOC_CTX *mem_ctx; - const char *logon_server = pipe_hnd->desthost; + const char *logon_server = ctx->cli->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; @@ -305,9 +296,9 @@ NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; NTSTATUS callback_status; - netlogon_creds_client_step(pipe_hnd->dc, &credential); + netlogon_creds_client_step(ctx->cli->dc, &credential); - result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, logon_server, computername, &credential, @@ -322,7 +313,7 @@ NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, } /* Check returned credentials. */ - if (!netlogon_creds_client_check(pipe_hnd->dc, + if (!netlogon_creds_client_check(ctx->cli->dc, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); return NT_STATUS_ACCESS_DENIED; @@ -332,7 +323,7 @@ NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, break; } - session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); + session_key = data_blob_const(ctx->cli->dc->sess_key, 16); samsync_fix_delta_array(mem_ctx, &session_key, @@ -341,7 +332,8 @@ NTSTATUS libnet_samsync(struct rpc_pipe_client *pipe_hnd, delta_enum_array); /* Process results */ - callback_status = callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); + callback_status = ctx->delta_fn(mem_ctx, database_id, + delta_enum_array, result, ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; goto out; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 24b72f3ab1..03d4f5366c 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -24,6 +24,14 @@ enum net_samsync_mode { NET_SAMSYNC_MODE_DUMP = 2 }; +struct samsync_context; + +typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, + enum netr_SamDatabaseID, + struct netr_DELTA_ENUM_ARRAY *, + NTSTATUS, + struct samsync_context *); + struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; @@ -34,15 +42,11 @@ struct samsync_context { char *result_message; char *error_message; + struct rpc_pipe_client *cli; + samsync_delta_fn_t delta_fn; void *private_data; }; -typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, - enum netr_SamDatabaseID, - struct netr_DELTA_ENUM_ARRAY *, - NTSTATUS, - struct samsync_context *); - NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, -- cgit From 18c9e752182bc7d0c5e87d1773ca084495b7ff21 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 24 Jun 2008 13:06:38 +0200 Subject: libads: use ads_connect_user_creds in some places. Guenther (This used to be commit ebf31203e7cf22e32b986c536279688b17a65d22) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 3678ff9498..4a2a658497 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -124,7 +124,7 @@ static ADS_STATUS libnet_connect_ads(const char *dns_domain_name, my_ads->auth.password = SMB_STRDUP(password); } - status = ads_connect(my_ads); + status = ads_connect_user_creds(my_ads); if (!ADS_ERR_OK(status)) { ads_destroy(&my_ads); return status; -- cgit From 34e41674468eb699b68c5ffbe34293f91e3b76fa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 24 Jun 2008 12:30:34 +0200 Subject: net_vampire: add username/password to samsync_context. Guenther (This used to be commit e884304206b512a1ffc70b7a4da8db3c6dfd4f11) --- source3/libnet/libnet_samsync.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 03d4f5366c..de0225c6fc 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -39,6 +39,9 @@ struct samsync_context { const char *domain_name; const char *output_filename; + const char *username; + const char *password; + char *result_message; char *error_message; -- cgit From adef1b004bde0d88f7cf2f46b62312e49a1ad2e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 18 Jun 2008 12:52:00 +0200 Subject: net_vampire: add code to vampire a SAM database to a keytab file. Guenther (This used to be commit ee6e422c0e035aa4779fa718bb6f142827cc2de0) --- source3/libnet/libnet_samsync.c | 3 + source3/libnet/libnet_samsync.h | 8 +- source3/libnet/libnet_samsync_keytab.c | 319 +++++++++++++++++++++++++++++++++ 3 files changed, 329 insertions(+), 1 deletion(-) create mode 100644 source3/libnet/libnet_samsync_keytab.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index e170acc560..dcf5f9c39f 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -254,6 +254,9 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, case NET_SAMSYNC_MODE_FETCH_LDIF: action = "Fetching (to ldif)"; break; + case NET_SAMSYNC_MODE_FETCH_KEYTAB: + action = "Fetching (to keytab)"; + break; default: action = "Unknown"; break; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index de0225c6fc..8559043f5a 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -21,7 +21,8 @@ enum net_samsync_mode { NET_SAMSYNC_MODE_FETCH_PASSDB = 0, NET_SAMSYNC_MODE_FETCH_LDIF = 1, - NET_SAMSYNC_MODE_DUMP = 2 + NET_SAMSYNC_MODE_FETCH_KEYTAB = 2, + NET_SAMSYNC_MODE_DUMP = 3 }; struct samsync_context; @@ -65,3 +66,8 @@ NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, struct netr_DELTA_ENUM_ARRAY *r, NTSTATUS status, struct samsync_context *ctx); +NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c new file mode 100644 index 0000000000..2208a71563 --- /dev/null +++ b/source3/libnet/libnet_samsync_keytab.c @@ -0,0 +1,319 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "utils/net.h" + +#if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) + +/**************************************************************** +****************************************************************/ + +struct samsync_keytab_entry { + const char *name; + const char *principal; + DATA_BLOB password; + uint32_t kvno; +}; + +struct samsync_keytab_context { + krb5_context context; + krb5_keytab keytab; + const char *keytab_name; + ADS_STRUCT *ads; + const char *dns_domain_name; + uint8_t zero_buf[16]; + uint32_t count; + struct samsync_keytab_entry *entries; +}; + +/**************************************************************** +****************************************************************/ + +static int keytab_close(struct samsync_keytab_context *ctx) +{ + if (!ctx) { + return 0; + } + + if (ctx->keytab && ctx->context) { + krb5_kt_close(ctx->context, ctx->keytab); + } + + if (ctx->context) { + krb5_free_context(ctx->context); + } + + if (ctx->ads) { + ads_destroy(&ctx->ads); + } + + TALLOC_FREE(ctx); + + return 0; +} + +/**************************************************************** +****************************************************************/ + +static krb5_error_code keytab_init(TALLOC_CTX *mem_ctx, + const char *keytab_name, + struct samsync_keytab_context **ctx) +{ + krb5_error_code ret = 0; + krb5_context context = NULL; + krb5_keytab keytab = NULL; + const char *keytab_string = NULL; + + struct samsync_keytab_context *r; + + r = TALLOC_ZERO_P(mem_ctx, struct samsync_keytab_context); + if (!r) { + return ENOMEM; + } + + talloc_set_destructor(r, keytab_close); + + initialize_krb5_error_table(); + ret = krb5_init_context(&context); + if (ret) { + DEBUG(1,("keytab_init: could not krb5_init_context: %s\n", + error_message(ret))); + return ret; + } + + ret = smb_krb5_open_keytab(context, keytab_name, true, &keytab); + if (ret) { + DEBUG(1,("keytab_init: smb_krb5_open_keytab failed (%s)\n", + error_message(ret))); + krb5_free_context(context); + return ret; + } + + ret = smb_krb5_keytab_name(mem_ctx, context, keytab, &keytab_string); + if (ret) { + krb5_kt_close(context, keytab); + krb5_free_context(context); + return ret; + } + + r->context = context; + r->keytab = keytab; + r->keytab_name = keytab_string; + + *ctx = r; + + return 0; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS keytab_ad_connect(TALLOC_CTX *mem_ctx, + const char *domain_name, + const char *username, + const char *password, + struct samsync_keytab_context *ctx) +{ + NTSTATUS status; + ADS_STATUS ad_status; + ADS_STRUCT *ads; + struct netr_DsRGetDCNameInfo *info = NULL; + const char *dc; + + status = dsgetdcname(mem_ctx, NULL, domain_name, NULL, NULL, 0, &info); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + dc = strip_hostname(info->dc_unc); + + ads = ads_init(NULL, domain_name, dc); + NT_STATUS_HAVE_NO_MEMORY(ads); + + if (getenv(KRB5_ENV_CCNAME) == NULL) { + setenv(KRB5_ENV_CCNAME, "MEMORY:libnet_samsync_keytab", 1); + } + + ads->auth.user_name = SMB_STRDUP(username); + ads->auth.password = SMB_STRDUP(password); + + ad_status = ads_connect_user_creds(ads); + if (!ADS_ERR_OK(ad_status)) { + return NT_STATUS_UNSUCCESSFUL; + } + + ctx->ads = ads; + + ctx->dns_domain_name = talloc_strdup_upper(mem_ctx, ads->config.realm); + NT_STATUS_HAVE_NO_MEMORY(ctx->dns_domain_name); + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static krb5_error_code keytab_add(struct samsync_keytab_context *ctx) +{ + krb5_error_code ret = 0; + krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; + int i; + + for (i=0; icount; i++) { + + struct samsync_keytab_entry *entry = &ctx->entries[i]; + krb5_data password; + krb5_kvno kvno; + + kvno = ads_get_kvno(ctx->ads, entry->name); + + password.data = (char *)entry->password.data; + password.length = entry->password.length; + + ret = smb_krb5_kt_add_entry(ctx->context, + ctx->keytab, + kvno, + entry->principal, + enctypes, + password, + true); + if (ret) { + DEBUG(1,("keytab_add: Failed to add entry to keytab file\n")); + return ret; + } + } + + return ret; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + uint32_t rid, + struct netr_DELTA_USER *r, + NTSTATUS status, + struct samsync_keytab_context *ctx) +{ + uchar nt_passwd[16]; + struct samsync_keytab_entry *entry; + + if (memcmp(r->ntpassword.hash, ctx->zero_buf, 16) == 0) { + return NT_STATUS_OK; + } + + entry = TALLOC_ZERO_P(mem_ctx, struct samsync_keytab_entry); + NT_STATUS_HAVE_NO_MEMORY(entry); + + sam_pwd_hash(rid, r->ntpassword.hash, nt_passwd, 0); + + entry->name = talloc_strdup(mem_ctx, r->account_name.string); + entry->principal = talloc_asprintf(mem_ctx, "%s@%s", + r->account_name.string, + ctx->dns_domain_name); + entry->password = data_blob_talloc(mem_ctx, nt_passwd, 16); + + NT_STATUS_HAVE_NO_MEMORY(entry->name); + NT_STATUS_HAVE_NO_MEMORY(entry->principal); + + ADD_TO_ARRAY(mem_ctx, struct samsync_keytab_entry, *entry, + &ctx->entries, &ctx->count); + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS result, + struct samsync_context *ctx) +{ + NTSTATUS status = NT_STATUS_OK; + krb5_error_code ret = 0; + struct samsync_keytab_context *keytab_ctx = NULL; + int i; + + ret = keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + goto out; + } + + status = keytab_ad_connect(mem_ctx, + ctx->domain_name, + ctx->username, + ctx->password, + keytab_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + for (i = 0; i < r->num_deltas; i++) { + + if (r->delta_enum[i].delta_type != NETR_DELTA_USER) { + continue; + } + + status = fetch_sam_entry_keytab(mem_ctx, database_id, + r->delta_enum[i].delta_id_union.rid, + r->delta_enum[i].delta_union.user, + result, + keytab_ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + } + + ret = keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); + goto out; + } + + ctx->result_message = talloc_asprintf(mem_ctx, + "vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + out: + TALLOC_FREE(keytab_ctx); + + return status; +} + +#else + +NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS result, + struct samsync_context *ctx) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +#endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ -- cgit From 2341f3381d32972eade1286891a8c45ebce756df Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Jun 2008 23:13:21 +0200 Subject: net_vampire: add basic libnet_dssync() infrastructure. Guenther (This used to be commit 9486e532da602da587769d4ff8a1a2825e541a30) --- source3/libnet/libnet.h | 1 + source3/libnet/libnet_dssync.c | 353 +++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_dssync.h | 37 +++++ source3/libnet/libnet_proto.h | 8 + 4 files changed, 399 insertions(+) create mode 100644 source3/libnet/libnet_dssync.c create mode 100644 source3/libnet/libnet_dssync.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index 2b5e60bf14..ca393c4393 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -21,6 +21,7 @@ #define __LIBNET_H__ #include "libnet/libnet_samsync.h" +#include "libnet/libnet_dssync.h" #include "librpc/gen_ndr/libnet_join.h" #include "libnet/libnet_proto.h" diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c new file mode 100644 index 0000000000..63a5c8bef1 --- /dev/null +++ b/source3/libnet/libnet_dssync.c @@ -0,0 +1,353 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Stefan (metze) Metzmacher 2005 + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + + +#include "includes.h" +#include "libnet/libnet_dssync.h" + +/**************************************************************** +****************************************************************/ + +static int libnet_dssync_free_context(struct dssync_context *ctx) +{ + if (!ctx) { + return 0; + } + + if (is_valid_policy_hnd(&ctx->bind_handle) && ctx->cli) { + rpccli_drsuapi_DsUnbind(ctx->cli, ctx, &ctx->bind_handle, NULL); + } + + return 0; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx, + struct dssync_context **ctx_p) +{ + struct dssync_context *ctx; + + ctx = TALLOC_ZERO_P(mem_ctx, struct dssync_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + talloc_set_destructor(ctx, libnet_dssync_free_context); + + *ctx_p = ctx; + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + WERROR werr; + + struct GUID bind_guid; + struct drsuapi_DsBindInfoCtr bind_info; + struct drsuapi_DsBindInfo28 info28; + + ZERO_STRUCT(info28); + + GUID_from_string(DRSUAPI_DS_BIND_GUID, &bind_guid); + + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_BASE; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ASYNC_REPLICATION; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_REMOVEAPI; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_MOVEREQ_V2; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHG_COMPRESS; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V1; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_RESTORE_USN_OPTIMIZATION; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_KCC_EXECUTE; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRY_V2; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_LINKED_VALUE_REPLICATION; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V2; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_INSTANCE_TYPE_NOT_REQ_ON_MOD; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_CRYPTO_BIND; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_REPL_INFO; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_STRONG_ENCRYPTION; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_DCINFO_V01; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_TRANSITIVE_MEMBERSHIP; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADD_SID_HISTORY; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_POST_BETA3; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GET_MEMBERSHIPS2; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V6; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_NONDOMAIN_NCS; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V5; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V6; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_ADDENTRYREPLY_V3; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7; + info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT; + info28.site_guid = GUID_zero(); + info28.u1 = 508; + info28.repl_epoch = 0; + + bind_info.length = 28; + bind_info.info.info28 = info28; + + status = rpccli_drsuapi_DsBind(ctx->cli, mem_ctx, + &bind_guid, + &bind_info, + &ctx->bind_handle, + &werr); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!W_ERROR_IS_OK(werr)) { + return werror_to_ntstatus(werr); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + WERROR werr; + int32_t level = 1; + union drsuapi_DsNameRequest req; + int32_t level_out; + struct drsuapi_DsNameString names[1]; + union drsuapi_DsNameCtr ctr; + + names[0].str = talloc_asprintf(mem_ctx, "%s\\", ctx->domain_name); + NT_STATUS_HAVE_NO_MEMORY(names[0].str); + + req.req1.codepage = 1252; /* german */ + req.req1.language = 0x00000407; /* german */ + req.req1.count = 1; + req.req1.names = names; + req.req1.format_flags = DRSUAPI_DS_NAME_FLAG_NO_FLAGS; + req.req1.format_offered = DRSUAPI_DS_NAME_FORMAT_UKNOWN; + req.req1.format_desired = DRSUAPI_DS_NAME_FORMAT_FQDN_1779; + + status = rpccli_drsuapi_DsCrackNames(ctx->cli, mem_ctx, + &ctx->bind_handle, + level, + &req, + &level_out, + &ctr, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!W_ERROR_IS_OK(werr)) { + return werror_to_ntstatus(werr); + } + + if (ctr.ctr1->count != 1) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (ctr.ctr1->array[0].status != DRSUAPI_DS_NAME_STATUS_OK) { + return NT_STATUS_UNSUCCESSFUL; + } + + ctx->nc_dn = talloc_strdup(mem_ctx, ctr.ctr1->array[0].result_name); + NT_STATUS_HAVE_NO_MEMORY(ctx->nc_dn); + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS libnet_dssync_init(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + + status = libnet_dssync_bind(mem_ctx, ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (!ctx->nc_dn) { + status = libnet_dssync_lookup_nc(mem_ctx, ctx); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + WERROR werr; + + int32_t level = 8; + int32_t level_out = 0; + union drsuapi_DsGetNCChangesRequest req; + union drsuapi_DsGetNCChangesCtr ctr; + struct drsuapi_DsReplicaObjectIdentifier nc; + struct dom_sid null_sid; + + struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; + struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; + int32_t out_level = 0; + int y; + + ZERO_STRUCT(null_sid); + ZERO_STRUCT(req); + + nc.dn = ctx->nc_dn; + nc.guid = GUID_zero(); + nc.sid = null_sid; + + req.req8.naming_context = &nc; + req.req8.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | + DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP | + DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS | + DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS | + DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED; + req.req8.max_object_count = 402; + req.req8.max_ndr_size = 402116; + + for (y=0; ;y++) { + + if (level == 8) { + DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, + (long long)req.req8.highwatermark.tmp_highest_usn, + (long long)req.req8.highwatermark.highest_usn)); + } + + status = rpccli_drsuapi_DsGetNCChanges(ctx->cli, mem_ctx, + &ctx->bind_handle, + level, + &req, + &level_out, + &ctr, + &werr); + if (!NT_STATUS_IS_OK(status)) { + werr = ntstatus_to_werror(status); + goto out; + } + + if (!W_ERROR_IS_OK(werr)) { + goto out; + } + + if (level_out == 1) { + out_level = 1; + ctr1 = &ctr.ctr1; + } else if (level_out == 2) { + out_level = 1; + ctr1 = ctr.ctr2.ctr.mszip1.ctr1; + } + + status = cli_get_session_key(ctx->cli, &ctx->session_key); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (out_level == 1) { + DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y, + (long long)ctr1->new_highwatermark.tmp_highest_usn, + (long long)ctr1->new_highwatermark.highest_usn)); + + if (ctx->processing_fn) { + status = ctx->processing_fn(mem_ctx, + ctr1->first_object, + ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + } + + if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) { + req.req5.highwatermark = ctr1->new_highwatermark; + continue; + } + } + + if (level_out == 6) { + out_level = 6; + ctr6 = &ctr.ctr6; + } else if (level_out == 7 + && ctr.ctr7.level == 6 + && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) { + out_level = 6; + ctr6 = ctr.ctr7.ctr.mszip6.ctr6; + } + + if (out_level == 6) { + DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y, + (long long)ctr6->new_highwatermark.tmp_highest_usn, + (long long)ctr6->new_highwatermark.highest_usn)); + + if (ctx->processing_fn) { + status = ctx->processing_fn(mem_ctx, + ctr6->first_object, + ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + } + + if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) { + req.req8.highwatermark = ctr6->new_highwatermark; + continue; + } + } + + break; + } + + out: + return status; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + + status = libnet_dssync_init(mem_ctx, ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = libnet_dssync_process(mem_ctx, ctx); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + out: + return status; +} diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h new file mode 100644 index 0000000000..8c26562845 --- /dev/null +++ b/source3/libnet/libnet_dssync.h @@ -0,0 +1,37 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Support + * Copyright (C) Guenther Deschner 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +struct dssync_context; + +typedef NTSTATUS (*dssync_processing_fn_t)(TALLOC_CTX *, + struct drsuapi_DsReplicaObjectListItemEx *, + struct dssync_context *ctx); + +struct dssync_context { + const char *domain_name; + struct rpc_pipe_client *cli; + const char *nc_dn; + struct policy_handle bind_handle; + DATA_BLOB session_key; + + dssync_processing_fn_t processing_fn; + + char *result_message; + char *error_message; +}; diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 2440cd3c7f..720b52bcc7 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -53,4 +53,12 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, struct lsa_BinaryString *r, struct netr_AcctLockStr **str_p); + +/* The following definitions come from libnet/libnet_dssync.c */ + +NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx, + struct dssync_context **ctx_p); +NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx); + #endif /* _LIBNET_PROTO_H_ */ -- cgit From 92bd665aea68ee8d198f72c95af5da487efcfc36 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 25 Jun 2008 00:21:37 +0200 Subject: rpc_client: let cli_get_session_key() return talloced session key. Thanks, Volker, for pointing this out. Guenther (This used to be commit b47899195e0c190445953243fe80da4e92994dd1) --- source3/libnet/libnet_dssync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 63a5c8bef1..b1392acd7e 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -268,7 +268,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ctr1 = ctr.ctr2.ctr.mszip1.ctr1; } - status = cli_get_session_key(ctx->cli, &ctx->session_key); + status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key); if (!NT_STATUS_IS_OK(status)) { return status; } -- cgit From eb6903344c82c04ff01d55f1dcf289608cb95065 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 10:22:40 +0200 Subject: net_vampire: add some error output to libnet_dssync. Guenther (This used to be commit 891d4cca0ca5ccb075940517af25f3760a315219) --- source3/libnet/libnet_dssync.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index b1392acd7e..0866db59bd 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -158,6 +158,9 @@ static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx, &ctr, &werr); if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to lookup DN for domain name: %s", + get_friendly_werror_msg(werr)); return status; } @@ -252,11 +255,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, &ctr, &werr); if (!NT_STATUS_IS_OK(status)) { - werr = ntstatus_to_werror(status); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to get NC Changes: %s", + get_friendly_werror_msg(werr)); goto out; } if (!W_ERROR_IS_OK(werr)) { + status = werror_to_ntstatus(werr); goto out; } @@ -270,6 +276,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key); if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to get Session Key: %s", + nt_errstr(status)); return status; } @@ -283,6 +292,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ctr1->first_object, ctx); if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call processing function: %s", + nt_errstr(status)); goto out; } } @@ -313,6 +325,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ctr6->first_object, ctx); if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call processing function: %s", + nt_errstr(status)); goto out; } } -- cgit From a8b8994c2df9069c0776298592ef14fe476863f1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 15:06:58 +0200 Subject: libnet_dssync: always decrypt attributes before passing them to the processing routine. Guenther (This used to be commit 6eedd167e77969e2ab7d5abe7311de62fc413d17) --- source3/libnet/libnet_dssync.c | 127 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 127 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 0866db59bd..ef6f161f34 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -59,6 +59,125 @@ NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static DATA_BLOB *decrypt_attr_val(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + uint32_t rid, + enum drsuapi_DsAttributeId id, + DATA_BLOB *raw_data) +{ + bool rcrypt = false; + DATA_BLOB out_data; + + ZERO_STRUCT(out_data); + + switch (id) { + case DRSUAPI_ATTRIBUTE_dBCSPwd: + case DRSUAPI_ATTRIBUTE_unicodePwd: + case DRSUAPI_ATTRIBUTE_ntPwdHistory: + case DRSUAPI_ATTRIBUTE_lmPwdHistory: + rcrypt = true; + break; + case DRSUAPI_ATTRIBUTE_supplementalCredentials: + case DRSUAPI_ATTRIBUTE_priorValue: + case DRSUAPI_ATTRIBUTE_currentValue: + case DRSUAPI_ATTRIBUTE_trustAuthOutgoing: + case DRSUAPI_ATTRIBUTE_trustAuthIncoming: + case DRSUAPI_ATTRIBUTE_initialAuthOutgoing: + case DRSUAPI_ATTRIBUTE_initialAuthIncoming: + break; + default: + return raw_data; + } + + out_data = decrypt_drsuapi_blob(mem_ctx, session_key, rcrypt, + rid, raw_data); + + if (out_data.length) { + return (DATA_BLOB *)talloc_memdup(mem_ctx, &out_data, sizeof(DATA_BLOB)); + } + + return raw_data; +} + +/**************************************************************** +****************************************************************/ + +static void parse_obj_identifier(struct drsuapi_DsReplicaObjectIdentifier *id, + uint32_t *rid) +{ + if (!id || !rid) { + return; + } + + *rid = 0; + + if (id->sid.num_auths > 0) { + *rid = id->sid.sub_auths[id->sid.num_auths - 1]; + } +} + +/**************************************************************** +****************************************************************/ + +static void parse_obj_attribute(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + uint32_t rid, + struct drsuapi_DsReplicaAttribute *attr) +{ + int i = 0; + + for (i=0; ivalue_ctr.num_values; i++) { + + DATA_BLOB *plain_data = NULL; + + plain_data = decrypt_attr_val(mem_ctx, + session_key, + rid, + attr->attid, + attr->value_ctr.values[i].blob); + + attr->value_ctr.values[i].blob = plain_data; + } +} + +/**************************************************************** +****************************************************************/ + +static void libnet_dssync_decrypt_attributes(TALLOC_CTX *mem_ctx, + DATA_BLOB *session_key, + struct drsuapi_DsReplicaObjectListItemEx *cur) +{ + for (; cur; cur = cur->next_object) { + + uint32_t i; + uint32_t rid = 0; + + parse_obj_identifier(cur->object.identifier, &rid); + + for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { + + struct drsuapi_DsReplicaAttribute *attr; + + attr = &cur->object.attribute_ctr.attributes[i]; + + if (attr->value_ctr.num_values < 1) { + continue; + } + + if (!attr->value_ctr.values[0].blob) { + continue; + } + + parse_obj_attribute(mem_ctx, + session_key, + rid, + attr); + } + } +} +/**************************************************************** +****************************************************************/ + static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx, struct dssync_context *ctx) { @@ -287,6 +406,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, (long long)ctr1->new_highwatermark.tmp_highest_usn, (long long)ctr1->new_highwatermark.highest_usn)); + libnet_dssync_decrypt_attributes(mem_ctx, + &ctx->session_key, + ctr1->first_object); + if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr1->first_object, @@ -320,6 +443,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, (long long)ctr6->new_highwatermark.tmp_highest_usn, (long long)ctr6->new_highwatermark.highest_usn)); + libnet_dssync_decrypt_attributes(mem_ctx, + &ctx->session_key, + ctr6->first_object); + if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr6->first_object, -- cgit From 31f1ad43114cca6684f59fdf93cd8230c5ca21b4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 15:10:00 +0200 Subject: libnet_dssync: pass down drsuapi_DsReplicaOIDMapping_Ctr to callback. Guenther (This used to be commit cbff970facae295650742d12768f23c7f67380a6) --- source3/libnet/libnet_dssync.c | 2 ++ source3/libnet/libnet_dssync.h | 1 + 2 files changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index ef6f161f34..1fb30d796a 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -413,6 +413,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr1->first_object, + &ctr1->mapping_ctr, ctx); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, @@ -450,6 +451,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr6->first_object, + &ctr6->mapping_ctr, ctx); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 8c26562845..2fe7718f07 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -21,6 +21,7 @@ struct dssync_context; typedef NTSTATUS (*dssync_processing_fn_t)(TALLOC_CTX *, struct drsuapi_DsReplicaObjectListItemEx *, + struct drsuapi_DsReplicaOIDMapping_Ctr *, struct dssync_context *ctx); struct dssync_context { -- cgit From 8b52e2bc63904824022bcd9c51e52209a905b914 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 21:48:41 +0200 Subject: net_vampire: separate keytab code from samsync code. Guenther (This used to be commit 69d8442bf3248f97ad23def424901d7fa87bfe48) --- source3/libnet/libnet.h | 1 + source3/libnet/libnet_keytab.c | 143 +++++++++++++++++++++++++++ source3/libnet/libnet_keytab.h | 40 ++++++++ source3/libnet/libnet_proto.h | 9 ++ source3/libnet/libnet_samsync_keytab.c | 172 ++++----------------------------- 5 files changed, 211 insertions(+), 154 deletions(-) create mode 100644 source3/libnet/libnet_keytab.c create mode 100644 source3/libnet/libnet_keytab.h (limited to 'source3/libnet') diff --git a/source3/libnet/libnet.h b/source3/libnet/libnet.h index ca393c4393..570009c6f6 100644 --- a/source3/libnet/libnet.h +++ b/source3/libnet/libnet.h @@ -20,6 +20,7 @@ #ifndef __LIBNET_H__ #define __LIBNET_H__ +#include "libnet/libnet_keytab.h" #include "libnet/libnet_samsync.h" #include "libnet/libnet_dssync.h" #include "librpc/gen_ndr/libnet_join.h" diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c new file mode 100644 index 0000000000..90595e76dd --- /dev/null +++ b/source3/libnet/libnet_keytab.c @@ -0,0 +1,143 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Guenther Deschner 2008. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" + +#ifdef HAVE_KRB5 + +/**************************************************************** +****************************************************************/ + +static int keytab_close(struct libnet_keytab_context *ctx) +{ + if (!ctx) { + return 0; + } + + if (ctx->keytab && ctx->context) { + krb5_kt_close(ctx->context, ctx->keytab); + } + + if (ctx->context) { + krb5_free_context(ctx->context); + } + + if (ctx->ads) { + ads_destroy(&ctx->ads); + } + + TALLOC_FREE(ctx); + + return 0; +} + +/**************************************************************** +****************************************************************/ + +krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, + const char *keytab_name, + struct libnet_keytab_context **ctx) +{ + krb5_error_code ret = 0; + krb5_context context = NULL; + krb5_keytab keytab = NULL; + const char *keytab_string = NULL; + + struct libnet_keytab_context *r; + + r = TALLOC_ZERO_P(mem_ctx, struct libnet_keytab_context); + if (!r) { + return ENOMEM; + } + + talloc_set_destructor(r, keytab_close); + + initialize_krb5_error_table(); + ret = krb5_init_context(&context); + if (ret) { + DEBUG(1,("keytab_init: could not krb5_init_context: %s\n", + error_message(ret))); + return ret; + } + + ret = smb_krb5_open_keytab(context, keytab_name, true, &keytab); + if (ret) { + DEBUG(1,("keytab_init: smb_krb5_open_keytab failed (%s)\n", + error_message(ret))); + krb5_free_context(context); + return ret; + } + + ret = smb_krb5_keytab_name(mem_ctx, context, keytab, &keytab_string); + if (ret) { + krb5_kt_close(context, keytab); + krb5_free_context(context); + return ret; + } + + r->context = context; + r->keytab = keytab; + r->keytab_name = keytab_string; + + *ctx = r; + + return 0; +} + +/**************************************************************** +****************************************************************/ + +krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) +{ +#if defined(ENCTYPE_ARCFOUR_HMAC) + krb5_error_code ret = 0; + krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; + int i; + + for (i=0; icount; i++) { + + struct libnet_keytab_entry *entry = &ctx->entries[i]; + krb5_data password; + + password.data = (char *)entry->password.data; + password.length = entry->password.length; + + ret = smb_krb5_kt_add_entry(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + enctypes, + password, + true); + if (ret) { + DEBUG(1,("libnet_keytab_add: " + "Failed to add entry to keytab file\n")); + return ret; + } + } + + return ret; +#else + return -1; +#endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ +} + +#endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h new file mode 100644 index 0000000000..30f2f8d1a8 --- /dev/null +++ b/source3/libnet/libnet_keytab.h @@ -0,0 +1,40 @@ +/* + * Unix SMB/CIFS implementation. + * libnet Support + * Copyright (C) Guenther Deschner 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +#ifdef HAVE_KRB5 + +struct libnet_keytab_entry { + const char *name; + const char *principal; + DATA_BLOB password; + uint32_t kvno; +}; + +struct libnet_keytab_context { + krb5_context context; + krb5_keytab keytab; + const char *keytab_name; + ADS_STRUCT *ads; + const char *dns_domain_name; + uint8_t zero_buf[16]; + uint32_t count; + struct libnet_keytab_entry *entries; +}; + +#endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 720b52bcc7..ddd730b1a8 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -43,6 +43,15 @@ WERROR libnet_Unjoin(TALLOC_CTX *mem_ctx, _PUBLIC_ void ndr_print_libnet_JoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_JoinCtx *r); _PUBLIC_ void ndr_print_libnet_UnjoinCtx(struct ndr_print *ndr, const char *name, int flags, const struct libnet_UnjoinCtx *r); +/* The following definitions come from libnet/libnet_keytab.c */ + +#ifdef HAVE_KRB5 +krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, + const char *keytab_name, + struct libnet_keytab_context **ctx); +krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx); +#endif + /* The following definitions come from libnet/libnet_samsync.c */ NTSTATUS libnet_samsync_init_context(TALLOC_CTX *mem_ctx, diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 2208a71563..49d7ac27e2 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -19,118 +19,18 @@ */ #include "includes.h" -#include "utils/net.h" +#include "libnet/libnet.h" #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) /**************************************************************** ****************************************************************/ -struct samsync_keytab_entry { - const char *name; - const char *principal; - DATA_BLOB password; - uint32_t kvno; -}; - -struct samsync_keytab_context { - krb5_context context; - krb5_keytab keytab; - const char *keytab_name; - ADS_STRUCT *ads; - const char *dns_domain_name; - uint8_t zero_buf[16]; - uint32_t count; - struct samsync_keytab_entry *entries; -}; - -/**************************************************************** -****************************************************************/ - -static int keytab_close(struct samsync_keytab_context *ctx) -{ - if (!ctx) { - return 0; - } - - if (ctx->keytab && ctx->context) { - krb5_kt_close(ctx->context, ctx->keytab); - } - - if (ctx->context) { - krb5_free_context(ctx->context); - } - - if (ctx->ads) { - ads_destroy(&ctx->ads); - } - - TALLOC_FREE(ctx); - - return 0; -} - -/**************************************************************** -****************************************************************/ - -static krb5_error_code keytab_init(TALLOC_CTX *mem_ctx, - const char *keytab_name, - struct samsync_keytab_context **ctx) -{ - krb5_error_code ret = 0; - krb5_context context = NULL; - krb5_keytab keytab = NULL; - const char *keytab_string = NULL; - - struct samsync_keytab_context *r; - - r = TALLOC_ZERO_P(mem_ctx, struct samsync_keytab_context); - if (!r) { - return ENOMEM; - } - - talloc_set_destructor(r, keytab_close); - - initialize_krb5_error_table(); - ret = krb5_init_context(&context); - if (ret) { - DEBUG(1,("keytab_init: could not krb5_init_context: %s\n", - error_message(ret))); - return ret; - } - - ret = smb_krb5_open_keytab(context, keytab_name, true, &keytab); - if (ret) { - DEBUG(1,("keytab_init: smb_krb5_open_keytab failed (%s)\n", - error_message(ret))); - krb5_free_context(context); - return ret; - } - - ret = smb_krb5_keytab_name(mem_ctx, context, keytab, &keytab_string); - if (ret) { - krb5_kt_close(context, keytab); - krb5_free_context(context); - return ret; - } - - r->context = context; - r->keytab = keytab; - r->keytab_name = keytab_string; - - *ctx = r; - - return 0; -} - -/**************************************************************** -****************************************************************/ - static NTSTATUS keytab_ad_connect(TALLOC_CTX *mem_ctx, const char *domain_name, const char *username, const char *password, - struct samsync_keytab_context *ctx) + struct libnet_keytab_context *ctx) { NTSTATUS status; ADS_STATUS ad_status; @@ -171,71 +71,35 @@ static NTSTATUS keytab_ad_connect(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static krb5_error_code keytab_add(struct samsync_keytab_context *ctx) -{ - krb5_error_code ret = 0; - krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; - int i; - - for (i=0; icount; i++) { - - struct samsync_keytab_entry *entry = &ctx->entries[i]; - krb5_data password; - krb5_kvno kvno; - - kvno = ads_get_kvno(ctx->ads, entry->name); - - password.data = (char *)entry->password.data; - password.length = entry->password.length; - - ret = smb_krb5_kt_add_entry(ctx->context, - ctx->keytab, - kvno, - entry->principal, - enctypes, - password, - true); - if (ret) { - DEBUG(1,("keytab_add: Failed to add entry to keytab file\n")); - return ret; - } - } - - return ret; -} - -/**************************************************************** -****************************************************************/ - static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, uint32_t rid, struct netr_DELTA_USER *r, NTSTATUS status, - struct samsync_keytab_context *ctx) + struct libnet_keytab_context *ctx) { uchar nt_passwd[16]; - struct samsync_keytab_entry *entry; + struct libnet_keytab_entry entry; if (memcmp(r->ntpassword.hash, ctx->zero_buf, 16) == 0) { return NT_STATUS_OK; } - entry = TALLOC_ZERO_P(mem_ctx, struct samsync_keytab_entry); - NT_STATUS_HAVE_NO_MEMORY(entry); - sam_pwd_hash(rid, r->ntpassword.hash, nt_passwd, 0); - entry->name = talloc_strdup(mem_ctx, r->account_name.string); - entry->principal = talloc_asprintf(mem_ctx, "%s@%s", - r->account_name.string, - ctx->dns_domain_name); - entry->password = data_blob_talloc(mem_ctx, nt_passwd, 16); + entry.name = talloc_strdup(mem_ctx, r->account_name.string); + entry.principal = talloc_asprintf(mem_ctx, "%s@%s", + r->account_name.string, + ctx->dns_domain_name); + entry.password = data_blob_talloc(mem_ctx, nt_passwd, 16); + entry.kvno = ads_get_kvno(ctx->ads, entry.name); + + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - NT_STATUS_HAVE_NO_MEMORY(entry->name); - NT_STATUS_HAVE_NO_MEMORY(entry->principal); - ADD_TO_ARRAY(mem_ctx, struct samsync_keytab_entry, *entry, + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, &ctx->entries, &ctx->count); return NT_STATUS_OK; @@ -252,10 +116,10 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; - struct samsync_keytab_context *keytab_ctx = NULL; + struct libnet_keytab_context *keytab_ctx = NULL; int i; - ret = keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); + ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); if (ret) { status = krb5_to_nt_status(ret); goto out; @@ -286,7 +150,7 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, } } - ret = keytab_add(keytab_ctx); + ret = libnet_keytab_add(keytab_ctx); if (ret) { status = krb5_to_nt_status(ret); ctx->error_message = talloc_asprintf(mem_ctx, -- cgit From 92df9ae39329a2c442c55d20ba9015fe23b071e3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Jun 2008 00:46:38 +0200 Subject: net_vampire: use bool for last_query information in samsync. Guenther (This used to be commit fa1976e23a33bd3fab17c3f6ab5573ee1fdf9e31) --- source3/libnet/libnet_samsync.c | 3 ++- source3/libnet/libnet_samsync.h | 10 +++++----- source3/libnet/libnet_samsync_display.c | 7 ++++--- source3/libnet/libnet_samsync_keytab.c | 19 ++++++++++++------- source3/libnet/libnet_samsync_ldif.c | 4 ++-- source3/libnet/libnet_samsync_passdb.c | 2 +- 6 files changed, 26 insertions(+), 19 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index dcf5f9c39f..4f2a8f9222 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -336,7 +336,8 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->delta_fn(mem_ctx, database_id, - delta_enum_array, result, ctx); + delta_enum_array, + NT_STATUS_IS_OK(result), ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; goto out; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 8559043f5a..1f10d2c1c0 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -30,7 +30,7 @@ struct samsync_context; typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, enum netr_SamDatabaseID, struct netr_DELTA_ENUM_ARRAY *, - NTSTATUS, + bool, struct samsync_context *); struct samsync_context { @@ -54,20 +54,20 @@ struct samsync_context { NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS result, + bool last_query, struct samsync_context *ctx); NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx); NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx); NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 6e9a6924b4..6f7ae4e7aa 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -164,7 +164,7 @@ static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx) { union netr_DELTA_UNION u = r->delta_union; @@ -289,13 +289,14 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx) { int i; for (i = 0; i < r->num_deltas; i++) { - display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], status, ctx); + display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], + last_query, ctx); } return NT_STATUS_OK; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 49d7ac27e2..d10bfd5e9d 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -75,7 +75,7 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, uint32_t rid, struct netr_DELTA_USER *r, - NTSTATUS status, + bool last_query, struct libnet_keytab_context *ctx) { uchar nt_passwd[16]; @@ -111,7 +111,7 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS result, + bool last_query, struct samsync_context *ctx) { NTSTATUS status = NT_STATUS_OK; @@ -143,7 +143,7 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, status = fetch_sam_entry_keytab(mem_ctx, database_id, r->delta_enum[i].delta_id_union.rid, r->delta_enum[i].delta_union.user, - result, + last_query, keytab_ctx); if (!NT_STATUS_IS_OK(status)) { goto out; @@ -159,10 +159,15 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, goto out; } - ctx->result_message = talloc_asprintf(mem_ctx, - "vampired %d accounts to keytab %s", - keytab_ctx->count, - keytab_ctx->keytab_name); + if (last_query) { + ctx->result_message = talloc_asprintf(mem_ctx, + "Vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + TALLOC_FREE(keytab_ctx); + } + + return NT_STATUS_OK; out: TALLOC_FREE(keytab_ctx); diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 64eb9a58da..c89fedc2a3 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1158,7 +1158,7 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS result, + bool last_query, struct samsync_context *ctx) { NTSTATUS status; @@ -1193,7 +1193,7 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, } /* This was the last query */ - if (NT_STATUS_IS_OK(result)) { + if (last_query) { ldif_write_output(database_id, ldif_ctx); if (ldif_ctx->ldif_file != stdout) { ctx->result_message = talloc_asprintf(mem_ctx, diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index a049d1b9c3..7d07bcb791 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -776,7 +776,7 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, + bool last_query, struct samsync_context *ctx) { int i; -- cgit From e58b2db024293b0d76441e19e0afd4734b550aa8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 26 Jun 2008 23:24:25 +0200 Subject: libnet_dssync: add output filename and dns_domain_name to dssync struct. Guenther (This used to be commit c16e1820f86f105853aa855eda322ba6cbff3a84) --- source3/libnet/libnet_dssync.c | 6 ++++++ source3/libnet/libnet_dssync.h | 2 ++ 2 files changed, 8 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 1fb30d796a..b596da816a 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -298,6 +298,12 @@ static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx, ctx->nc_dn = talloc_strdup(mem_ctx, ctr.ctr1->array[0].result_name); NT_STATUS_HAVE_NO_MEMORY(ctx->nc_dn); + if (!ctx->dns_domain_name) { + ctx->dns_domain_name = talloc_strdup_upper(mem_ctx, + ctr.ctr1->array[0].dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(ctx->dns_domain_name); + } + return NT_STATUS_OK; } diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 2fe7718f07..0705996976 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -26,10 +26,12 @@ typedef NTSTATUS (*dssync_processing_fn_t)(TALLOC_CTX *, struct dssync_context { const char *domain_name; + const char *dns_domain_name; struct rpc_pipe_client *cli; const char *nc_dn; struct policy_handle bind_handle; DATA_BLOB session_key; + const char *output_filename; dssync_processing_fn_t processing_fn; -- cgit From 46dd2d77ecad82bcc296a0023f344a40b8a9992f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Jun 2008 01:41:26 +0200 Subject: libnet_dssync: add last_query flag to processing routine. Guenther (This used to be commit 22bdee7fe0cdcd95e0bade70cacb095e0b348abf) --- source3/libnet/libnet_dssync.c | 20 ++++++++++++++++---- source3/libnet/libnet_dssync.h | 1 + 2 files changed, 17 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index b596da816a..87d5e8aade 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -366,6 +366,8 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, for (y=0; ;y++) { + bool last_query = true; + if (level == 8) { DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, (long long)req.req8.highwatermark.tmp_highest_usn, @@ -416,10 +418,16 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, &ctx->session_key, ctr1->first_object); + if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) { + req.req5.highwatermark = ctr1->new_highwatermark; + last_query = false; + } + if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr1->first_object, &ctr1->mapping_ctr, + last_query, ctx); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, @@ -429,8 +437,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } } - if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) { - req.req5.highwatermark = ctr1->new_highwatermark; + if (!last_query) { continue; } } @@ -454,10 +461,16 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, &ctx->session_key, ctr6->first_object); + if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) { + req.req8.highwatermark = ctr6->new_highwatermark; + last_query = false; + } + if (ctx->processing_fn) { status = ctx->processing_fn(mem_ctx, ctr6->first_object, &ctr6->mapping_ctr, + last_query, ctx); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, @@ -467,8 +480,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } } - if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) { - req.req8.highwatermark = ctr6->new_highwatermark; + if (!last_query) { continue; } } diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 0705996976..6a56566c19 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -22,6 +22,7 @@ struct dssync_context; typedef NTSTATUS (*dssync_processing_fn_t)(TALLOC_CTX *, struct drsuapi_DsReplicaObjectListItemEx *, struct drsuapi_DsReplicaOIDMapping_Ctr *, + bool, struct dssync_context *ctx); struct dssync_context { -- cgit From 799252f635a4cf1790a24f9ba8765dba9fb7df86 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 26 Jun 2008 19:46:18 -0700 Subject: Fix the non-LDAP, non-krb5 build, fix gcc -O3 warnings. Jeremy. (This used to be commit 9e2ab30d3cf6950fc79152b2169e7aeae8d6a366) --- source3/libnet/libnet_samsync_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index d10bfd5e9d..bfb3a58ce2 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -179,7 +179,7 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS result, + bool last_query, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; -- cgit From 52635c6f58edaa0e948851fd3f06b95d05ab10a4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 30 Jun 2008 10:29:15 +0200 Subject: kerberos: rename smb_krb5_kt_add_entry to smb_krb5_kt_add_entry_ext. Guenther (This used to be commit 48600a0019d70d22574cf08e8fe19d44cc332a0f) --- source3/libnet/libnet_keytab.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 90595e76dd..faa491471e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -120,13 +120,13 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) password.data = (char *)entry->password.data; password.length = entry->password.length; - ret = smb_krb5_kt_add_entry(ctx->context, - ctx->keytab, - entry->kvno, - entry->principal, - enctypes, - password, - true); + ret = smb_krb5_kt_add_entry_ext(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + enctypes, + password, + true); if (ret) { DEBUG(1,("libnet_keytab_add: " "Failed to add entry to keytab file\n")); -- cgit From 16e44ee1126a5126346689785d240ac37a32fad7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 30 Jun 2008 10:32:15 +0200 Subject: kerberos: allow to keep entries with old kvno's while creating keytab. Guenther (This used to be commit 6194244bd9fcc1fb736f3d91433f107270cac1c9) --- source3/libnet/libnet_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index faa491471e..02c2b6f761 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -126,6 +126,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) entry->principal, enctypes, password, + true, true); if (ret) { DEBUG(1,("libnet_keytab_add: " -- cgit From fc836440a5c4ad1a3a5f0de0e64b4cd83e28e3c9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Jun 2008 15:54:01 +0200 Subject: net_vampire: keep keytab context and flush keytab only after the last query. Guenther (This used to be commit 48efe7dbce1cde6689f94fafe2d7756f673bc050) --- source3/libnet/libnet_samsync_keytab.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index bfb3a58ce2..f284f08ad9 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -116,13 +116,16 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; - struct libnet_keytab_context *keytab_ctx = NULL; + static struct libnet_keytab_context *keytab_ctx = NULL; int i; - ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - goto out; + if (!keytab_ctx) { + ret = libnet_keytab_init(mem_ctx, ctx->output_filename, + &keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + goto out; + } } status = keytab_ad_connect(mem_ctx, @@ -150,20 +153,22 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, } } - ret = libnet_keytab_add(keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to add entries to keytab %s: %s", - keytab_ctx->keytab_name, error_message(ret)); - goto out; - } - if (last_query) { + + ret = libnet_keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); + goto out; + } + ctx->result_message = talloc_asprintf(mem_ctx, "Vampired %d accounts to keytab %s", keytab_ctx->count, keytab_ctx->keytab_name); + TALLOC_FREE(keytab_ctx); } -- cgit From 9b0e3bb0c36abd9396f07de988e5c402d8503681 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Jun 2008 15:36:19 +0200 Subject: net_vampire: add code to vampire to a Kerberos keytab file using DRSUAPI. Guenther (This used to be commit 0ef420c3a478a8adce7483f14b45e9995bfa5e5d) --- source3/libnet/libnet_dssync.h | 6 + source3/libnet/libnet_dssync_keytab.c | 240 ++++++++++++++++++++++++++++++++++ 2 files changed, 246 insertions(+) create mode 100644 source3/libnet/libnet_dssync_keytab.c (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 6a56566c19..c98e650fcc 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -39,3 +39,9 @@ struct dssync_context { char *result_message; char *error_message; }; + +NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, + bool last_query, + struct dssync_context *ctx); diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c new file mode 100644 index 0000000000..132a58d353 --- /dev/null +++ b/source3/libnet/libnet_dssync_keytab.c @@ -0,0 +1,240 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Guenther Deschner 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "includes.h" +#include "libnet/libnet.h" + +#if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) + +/**************************************************************** +****************************************************************/ + +static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, + struct libnet_keytab_context *ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur) +{ + NTSTATUS status = NT_STATUS_OK; + uchar nt_passwd[16]; + struct libnet_keytab_entry entry; + DATA_BLOB *blob; + int i = 0; + struct drsuapi_DsReplicaAttribute *attr; + bool got_pwd = false; + + char *upn = NULL; + char *name = NULL; + uint32_t kvno = 0; + uint32_t uacc = 0; + uint32_t sam_type = 0; + + uint32_t pwd_history_len = 0; + uint8_t *pwd_history = NULL; + + ZERO_STRUCT(nt_passwd); + + for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { + + attr = &cur->object.attribute_ctr.attributes[i]; + + if (attr->value_ctr.num_values != 1) { + continue; + } + + if (!attr->value_ctr.values[0].blob) { + continue; + } + + blob = attr->value_ctr.values[0].blob; + + switch (attr->attid) { + case DRSUAPI_ATTRIBUTE_unicodePwd: + + if (blob->length != 16) { + break; + } + + memcpy(&nt_passwd, blob->data, 16); + got_pwd = true; + + /* pick the kvno from the meta_data version, + * thanks, metze, for explaining this */ + + if (!cur->meta_data_ctr) { + break; + } + if (cur->meta_data_ctr->count != + cur->object.attribute_ctr.num_attributes) { + break; + } + kvno = cur->meta_data_ctr->meta_data[i].version; + break; + case DRSUAPI_ATTRIBUTE_ntPwdHistory: + pwd_history_len = blob->length / 16; + pwd_history = blob->data; + break; + case DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber: + kvno = IVAL(blob->data, 0); + break; + case DRSUAPI_ATTRIBUTE_userPrincipalName: + pull_string_talloc(mem_ctx, NULL, 0, &upn, + blob->data, blob->length, + STR_UNICODE); + break; + case DRSUAPI_ATTRIBUTE_sAMAccountName: + pull_string_talloc(mem_ctx, NULL, 0, &name, + blob->data, blob->length, + STR_UNICODE); + break; + case DRSUAPI_ATTRIBUTE_sAMAccountType: + sam_type = IVAL(blob->data, 0); + break; + case DRSUAPI_ATTRIBUTE_userAccountControl: + uacc = IVAL(blob->data, 0); + break; + default: + break; + } + } + + if (!got_pwd || !name) { + return NT_STATUS_OK; + } + + DEBUG(1,("#%02d: %s:%d, ", ctx->count, name, kvno)); + DEBUGADD(1,("sAMAccountType: 0x%08x, userAccountControl: 0x%08x ", + sam_type, uacc)); + if (upn) { + DEBUGADD(1,("upn: %s", upn)); + } + DEBUGADD(1,("\n")); + + entry.kvno = kvno; + entry.name = talloc_strdup(mem_ctx, name); + entry.principal = talloc_asprintf(mem_ctx, "%s@%s", + name, ctx->dns_domain_name); + entry.password = data_blob_talloc(mem_ctx, nt_passwd, 16); + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, + &ctx->entries, &ctx->count); + + if ((kvno < 0) && (kvno < pwd_history_len)) { + return status; + } + + /* add password history */ + + /* skip first entry */ + if (got_pwd) { + kvno--; + i = 1; + } else { + i = 0; + } + + for (; idns_domain_name); + entry.password = data_blob_talloc(mem_ctx, &pwd_history[i*16], 16); + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, + &ctx->entries, &ctx->count); + } + + return status; +} + +/**************************************************************** +****************************************************************/ + +NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, + bool last_query, + struct dssync_context *ctx) +{ + NTSTATUS status = NT_STATUS_OK; + krb5_error_code ret = 0; + static struct libnet_keytab_context *keytab_ctx = NULL; + + if (!keytab_ctx) { + ret = libnet_keytab_init(mem_ctx, + ctx->output_filename, + &keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + goto out; + } + + keytab_ctx->dns_domain_name = ctx->dns_domain_name; + } + + for (; cur; cur = cur->next_object) { + status = parse_object(mem_ctx, keytab_ctx, cur); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + } + + if (last_query) { + + ret = libnet_keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); + goto out; + } + + ctx->result_message = talloc_asprintf(mem_ctx, + "Vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + + TALLOC_FREE(keytab_ctx); + } + + return NT_STATUS_OK; + out: + TALLOC_FREE(keytab_ctx); + + return status; +} + +#else + +NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, + bool last_query, + struct dssync_context *ctx) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +#endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ -- cgit From 2c703ec720ba6890b609342774260043ff5a331f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 3 Jul 2008 12:01:36 +0200 Subject: libnetjoin: fix Bug #5570. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Thanks to Atte Peltomäki. Guenther (This used to be commit 144d374ad9dd981430a82369ceaa2783e6dae90a) --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 4a2a658497..6b6491b5b8 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -503,7 +503,7 @@ static bool libnet_join_create_keytab(TALLOC_CTX *mem_ctx, return true; } - if (!ads_keytab_create_default(r->in.ads)) { + if (ads_keytab_create_default(r->in.ads) != 0) { return false; } -- cgit From ddc0d9deb32082a5d8d591800d638d0e96fa6ff3 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 16 Jul 2008 15:30:03 +0200 Subject: libnet_dssync: use ctr[1|6]->more_data metze (This used to be commit 6b7ddb6d664f5f3b62161cdb3abf12633b263a64) --- source3/libnet/libnet_dssync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 87d5e8aade..a251e418f9 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -418,7 +418,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, &ctx->session_key, ctr1->first_object); - if (ctr1->new_highwatermark.tmp_highest_usn > ctr1->new_highwatermark.highest_usn) { + if (ctr1->more_data) { req.req5.highwatermark = ctr1->new_highwatermark; last_query = false; } @@ -461,7 +461,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, &ctx->session_key, ctr6->first_object); - if (ctr6->new_highwatermark.tmp_highest_usn > ctr6->new_highwatermark.highest_usn) { + if (ctr6->more_data) { req.req8.highwatermark = ctr6->new_highwatermark; last_query = false; } -- cgit From 0bb7c0a5d92336e0fd1450e6e1b7ad8983ee36f4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 01:03:57 +0200 Subject: dssync: fix missing prototype warning by including the proper header. Michael (This used to be commit 7d7b63e89bb2a067783362a24d81e44e0d67e2ec) --- source3/libnet/libnet_dssync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index a251e418f9..9abff69ae1 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -20,7 +20,7 @@ #include "includes.h" -#include "libnet/libnet_dssync.h" +#include "libnet/libnet.h" /**************************************************************** ****************************************************************/ -- cgit From 490b60b5006ac09703aac2890acad76e00cbea46 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Fri, 18 Jul 2008 13:15:05 +0200 Subject: Use LDAP macros instead of attribute names. Karolin (This used to be commit 7dae8b04f126d0ac86a452dcf373a690ee687ead) --- source3/libnet/libnet_samsync_ldif.c | 48 ++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 24 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index c89fedc2a3..adcf92832d 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -178,8 +178,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), suffix); - fprintf(add_fd, "objectClass: sambaDomain\n"); - fprintf(add_fd, "objectClass: sambaUnixIdPool\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_DOMINFO); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_IDPOOL); fprintf(add_fd, "sambaDomainName: %s\n", lp_workgroup()); fprintf(add_fd, "sambaSID: %s\n", sid); fprintf(add_fd, "uidNumber: %d\n", ++ldif_uid); @@ -192,8 +192,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "cn: Domain Admins\n"); fprintf(add_fd, "memberUid: Administrator\n"); fprintf(add_fd, "description: Netbios Domain Administrators\n"); @@ -209,8 +209,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "cn: Domain Users\n"); fprintf(add_fd, "description: Netbios Domain Users\n"); fprintf(add_fd, "gidNumber: 513\n"); @@ -225,8 +225,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "cn: Domain Guests\n"); fprintf(add_fd, "description: Netbios Domain Guests\n"); fprintf(add_fd, "gidNumber: 514\n"); @@ -241,8 +241,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Domain Computers,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "gidNumber: 515\n"); fprintf(add_fd, "cn: Domain Computers\n"); fprintf(add_fd, "description: Netbios Domain Computers accounts\n"); @@ -257,8 +257,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Administrators,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "gidNumber: 544\n"); fprintf(add_fd, "cn: Administrators\n"); fprintf(add_fd, "description: Netbios Domain Members can fully administer the computer/sambaDomainName\n"); @@ -272,8 +272,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Print Operators,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "gidNumber: 550\n"); fprintf(add_fd, "cn: Print Operators\n"); fprintf(add_fd, "description: Netbios Domain Print Operators\n"); @@ -288,8 +288,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, suffix); fprintf(add_fd, "dn: cn=Backup Operators,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "gidNumber: 551\n"); fprintf(add_fd, "cn: Backup Operators\n"); fprintf(add_fd, "description: Netbios Domain Members can bypass file security to back up files\n"); @@ -303,8 +303,8 @@ static NTSTATUS populate_ldap_for_ldif(const char *sid, fprintf(add_fd, "# Replicators, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Replicators,ou=%s,%s\n", group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "gidNumber: 552\n"); fprintf(add_fd, "cn: Replicators\n"); fprintf(add_fd, "description: Netbios Domain Supports file replication in a sambaDomainName\n"); @@ -544,8 +544,8 @@ static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, suffix); fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", groupname, group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf_attr(add_fd, "cn", "%s", groupname); fprintf(add_fd, "gidNumber: %d\n", ldif_gid); fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); @@ -670,9 +670,9 @@ static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, SAFE_FREE(user_rdn); fprintf(add_fd, "ObjectClass: top\n"); fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXACCOUNT); fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "objectClass: sambaSamAccount\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_SAMBASAMACCOUNT); fprintf_attr(add_fd, "cn", "%s", username); fprintf_attr(add_fd, "sn", "%s", username); fprintf_attr(add_fd, "uid", "%s", username); @@ -775,8 +775,8 @@ static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, suffix); fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", aliasname, group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_POSIXGROUP); + fprintf(add_fd, "objectClass: %s\n", LDAP_OBJ_GROUPMAP); fprintf(add_fd, "cn: %s\n", aliasname); fprintf(add_fd, "gidNumber: %d\n", ldif_gid); fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); -- cgit From 88b0b867cb6bd6eea797b5f40fa9db3812bb2ab9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 18 Jul 2008 16:29:05 +0200 Subject: libnetjoin: make libnet_join_rollback() static. Guenther (This used to be commit f1cc39e3759357344cb7abcb6bfa9d3e3f4969e6) --- source3/libnet/libnet_join.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6b6491b5b8..bb21bc4989 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1733,8 +1733,8 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx, - struct libnet_JoinCtx *r) +static WERROR libnet_join_rollback(TALLOC_CTX *mem_ctx, + struct libnet_JoinCtx *r) { WERROR werr; struct libnet_UnjoinCtx *u = NULL; -- cgit From 1335da2a7cc639310e5d389e8e8dbe67c4e7ca25 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 11:04:31 +0200 Subject: Refactoring: Change calling conventions for cli_rpc_pipe_open_noauth Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 9abc9dc4dc13bd3e42f98eff64eacf24b51f5779) --- source3/libnet/libnet_join.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bb21bc4989..40637afabd 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -668,8 +668,9 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, goto done; } - pipe_hnd = cli_rpc_pipe_open_noauth(*cli, PI_LSARPC, &status); - if (!pipe_hnd) { + status = cli_rpc_pipe_open_noauth(*cli, &ndr_table_lsarpc.syntax_id, + &pipe_hnd); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to LSA pipe. Error was %s\n", nt_errstr(status))); goto done; @@ -750,8 +751,9 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Open the domain */ - pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); - if (!pipe_hnd) { + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + &pipe_hnd); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", nt_errstr(status))); goto done; @@ -1136,8 +1138,9 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, /* Open the domain */ - pipe_hnd = cli_rpc_pipe_open_noauth(cli, PI_SAMR, &status); - if (!pipe_hnd) { + status = cli_rpc_pipe_open_noauth(cli, &ndr_table_samr.syntax_id, + &pipe_hnd); + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("Error connecting to SAM pipe. Error was %s\n", nt_errstr(status))); goto done; -- cgit From b8fc15be950072846d23e3836d4d0289c10156f2 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 16:33:26 +0200 Subject: Refactoring: Make get_schannel_session_key return NTSTATUS (This used to be commit a0793cc853d3bd43df2fc49df193a5fead6b01ab) --- source3/libnet/libnet_join.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 40637afabd..a095cb2dfa 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1024,10 +1024,9 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, return status; } - netlogon_pipe = get_schannel_session_key(cli, - netbios_domain_name, - &neg_flags, &status); - if (!netlogon_pipe) { + status = get_schannel_session_key(cli, netbios_domain_name, + &neg_flags, &netlogon_pipe); + if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_NETWORK_RESPONSE)) { cli_shutdown(cli); return NT_STATUS_OK; -- cgit From ba2cb35ca5b335a8f33e012255b43b9cf9a04ecf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 11:04:31 +0200 Subject: Refactoring: Change calling conventions for cli_rpc_pipe_open_schannel_with_key Pass in ndr_syntax_id instead of pipe_idx, return NTSTATUS (This used to be commit 78e9c937ff2d2e1b70cfed4121e17feb6efafda1) --- source3/libnet/libnet_join.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index a095cb2dfa..814eebafd0 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1044,15 +1044,13 @@ NTSTATUS libnet_join_ok(const char *netbios_domain_name, return NT_STATUS_OK; } - pipe_hnd = cli_rpc_pipe_open_schannel_with_key(cli, PI_NETLOGON, - PIPE_AUTH_LEVEL_PRIVACY, - netbios_domain_name, - netlogon_pipe->dc, - &status); + status = cli_rpc_pipe_open_schannel_with_key( + cli, &ndr_table_netlogon.syntax_id, PIPE_AUTH_LEVEL_PRIVACY, + netbios_domain_name, netlogon_pipe->dc, &pipe_hnd); cli_shutdown(cli); - if (!pipe_hnd) { + if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("libnet_join_ok: failed to open schannel session " "on netlogon pipe to server %s for domain %s. " "Error was %s\n", -- cgit From 2bd58bf3839d9c8b04deb84bd8d5cdc2ad9e9d97 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 Jul 2008 16:18:03 +0200 Subject: Change occurrences of the u1 member of DsBindInfo* to pid after idl change. Michael (This used to be commit 42f3d681cac4a443347d1ed253848d45f8746f89) --- source3/libnet/libnet_dssync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 9abff69ae1..b55e6d1906 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -221,7 +221,7 @@ static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx, info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_GETCHGREPLY_V7; info28.supported_extensions |= DRSUAPI_SUPPORTED_EXTENSION_VERIFY_OBJECT; info28.site_guid = GUID_zero(); - info28.u1 = 508; + info28.pid = 508; info28.repl_epoch = 0; bind_info.length = 28; -- cgit From 3ea5c185ad7b59c069e05f7712bea945d35b47dd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 17:47:40 +0200 Subject: build: fix some no previous prototype warnings. Guenther (This used to be commit 51062534fd58d7a914a6bbac2e52bb44e71363b7) --- source3/libnet/libnet_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 4f2a8f9222..daf27ffb51 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -22,7 +22,7 @@ #include "includes.h" -#include "libnet/libnet_samsync.h" +#include "libnet/libnet.h" /** * Decrypt and extract the user's passwords. -- cgit From 097b27dbcc1339db174c50e69767d171794d3603 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 23 Jul 2008 20:50:21 -0700 Subject: Enabled domain groups to be added to builtin groups at domain join time Previously this was done at token creation time if the Administrators and Users builtins hadn't been created yet. A major drawback to this approach is that if a customer is joined to a domain and decides they want to join a different domain, the domain groups from this new domain will not be added to the builtins. It would be ideal if these groups could be added exclusively at domain join time, but we can't rely solely on that because there are cases where winbindd must be running to allocate new gids for the builtins. In the future if there is a way to allocate gids for builtins without running winbindd, this code can be removed from create_local_nt_token. - Made create_builtin_users and create_builtin_administrators non-static so they can be called from libnet - Added a new function to libnet_join that will make a best effort to add domain administrators and domain users to BUILTIN\Administrators and BUILTIN\Users, respectively. If the builtins don't exist yet, winbindd must be running to allocate new gids, but if the builtins already exist, the domain groups will be added even if winbindd is not running. In the case of a failure the error will be logged, but the join will not be failed. - Plumbed libnet_join_add_dom_rids_to_builtins into the join post processing. (This used to be commit e92faf5996cadac480deb60a4f6232eea90b00f6) --- source3/libnet/libnet_join.c | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 814eebafd0..59dec1a6c3 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1447,6 +1447,37 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static void libnet_join_add_dom_rids_to_builtins(struct dom_sid *domain_sid) +{ + NTSTATUS status; + + /* Try adding dom admins to builtin\admins. Only log failures. */ + status = create_builtin_administrators(domain_sid); + if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { + DEBUG(10,("Unable to auto-add domain administrators to " + "BUILTIN\\Administrators during join because " + "winbindd must be running.")); + } else if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Failed to auto-add domain administrators to " + "BUILTIN\\Administrators during join: %s\n", + nt_errstr(status))); + } + + /* Try adding dom users to builtin\users. Only log failures. */ + status = create_builtin_users(domain_sid); + if (NT_STATUS_EQUAL(status, NT_STATUS_PROTOCOL_UNREACHABLE)) { + DEBUG(10,("Unable to auto-add domain users to BUILTIN\\users " + "during join because winbindd must be running.")); + } else if (!NT_STATUS_IS_OK(status)) { + DEBUG(5, ("Failed to auto-add domain administrators to " + "BUILTIN\\Administrators during join: %s\n", + nt_errstr(status))); + } +} + +/**************************************************************** +****************************************************************/ + static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { @@ -1465,6 +1496,8 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, saf_store(r->in.domain_name, r->in.dc_name); } + libnet_join_add_dom_rids_to_builtins(r->out.domain_sid); + return WERR_OK; } -- cgit From 9294303943c1f28df4afeef729689331d53cc242 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 19:52:56 +0200 Subject: rpc_client: use init_samr_CryptPassword(Ex) in client tools. Guenther (This used to be commit 97f7f9f21f17e8414de15953cf4eaa9959dc6f75) --- source3/libnet/libnet_join.c | 37 +++++++++++++------------------------ 1 file changed, 13 insertions(+), 24 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 59dec1a6c3..2f2c71dfce 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -731,15 +731,14 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32_t user_rid; uint32_t acct_flags = ACB_WSTRUST; - uchar pwbuf[532]; - struct MD5Context md5ctx; - uchar md5buffer[16]; - DATA_BLOB digested_session_key; uchar md4_trust_password[16]; struct samr_Ids user_rids; struct samr_Ids name_types; union samr_UserInfo user_info; + struct samr_CryptPassword crypt_pwd; + struct samr_CryptPasswordEx crypt_pwd_ex; + ZERO_STRUCT(sam_pol); ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); @@ -871,19 +870,10 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, /* Create a random machine account password and generate the hash */ E_md4hash(r->in.machine_password, md4_trust_password); - encode_pw_buffer(pwbuf, r->in.machine_password, STR_UNICODE); - - generate_random_buffer((uint8_t*)md5buffer, sizeof(md5buffer)); - digested_session_key = data_blob_talloc(mem_ctx, 0, 16); - - MD5Init(&md5ctx); - MD5Update(&md5ctx, md5buffer, sizeof(md5buffer)); - MD5Update(&md5ctx, cli->user_session_key.data, - cli->user_session_key.length); - MD5Final(digested_session_key.data, &md5ctx); - SamOEMhashBlob(pwbuf, sizeof(pwbuf), &digested_session_key); - memcpy(&pwbuf[516], md5buffer, sizeof(md5buffer)); + init_samr_CryptPasswordEx(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd_ex); /* Fill in the additional account flags now */ @@ -904,7 +894,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, SAMR_FIELD_ACCT_FLAGS; user_info.info25.info.acct_flags = acct_flags; - memcpy(&user_info.info25.password.data, pwbuf, sizeof(pwbuf)); + memcpy(&user_info.info25.password.data, crypt_pwd_ex.data, + sizeof(crypt_pwd_ex.data)); status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, &user_pol, @@ -913,15 +904,13 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { - uchar pwbuf2[516]; - - encode_pw_buffer(pwbuf2, r->in.machine_password, STR_UNICODE); - /* retry with level 24 */ - init_samr_user_info24(&user_info.info24, pwbuf2, 24); - SamOEMhashBlob(user_info.info24.password.data, 516, - &cli->user_session_key); + init_samr_CryptPassword(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd); + + init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24); status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, -- cgit From 16c2190b149a2232aa49a16a41e570410edd2eaf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jul 2008 17:12:04 +0200 Subject: dssync: replace the processing_fn by startup/process/finish ops. This remove static a variable for the keytab context in the keytab processing function and simplifies the signature. The keytab context is instead in the new private data member of the dssync_context struct. This is in preparation of adding support for keeping track of the up-to-date-ness vector, in order to be able to sync diffs instead of the whole database. Michael (This used to be commit c51c3339f35e3bd921080d2e226e2422fc23e1e6) --- source3/libnet/libnet_dssync.c | 36 +++++++---- source3/libnet/libnet_dssync.h | 23 +++---- source3/libnet/libnet_dssync_keytab.c | 113 ++++++++++++++++++++-------------- 3 files changed, 103 insertions(+), 69 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index b55e6d1906..f33369ee4b 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -355,6 +355,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, nc.guid = GUID_zero(); nc.sid = null_sid; + status = ctx->ops->startup(ctx, mem_ctx); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call startup operation: %s", + nt_errstr(status)); + goto out; + } + req.req8.naming_context = &nc; req.req8.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP | @@ -423,12 +431,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, last_query = false; } - if (ctx->processing_fn) { - status = ctx->processing_fn(mem_ctx, - ctr1->first_object, - &ctr1->mapping_ctr, - last_query, - ctx); + if (ctx->ops->process_objects) { + status = ctx->ops->process_objects(ctx, mem_ctx, + ctr1->first_object, + &ctr1->mapping_ctr); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call processing function: %s", @@ -466,12 +472,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, last_query = false; } - if (ctx->processing_fn) { - status = ctx->processing_fn(mem_ctx, - ctr6->first_object, - &ctr6->mapping_ctr, - last_query, - ctx); + if (ctx->ops->process_objects) { + status = ctx->ops->process_objects(ctx, mem_ctx, + ctr6->first_object, + &ctr6->mapping_ctr); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call processing function: %s", @@ -485,6 +489,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } } + status = ctx->ops->finish(ctx, mem_ctx); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call finishing operation: %s", + nt_errstr(status)); + goto out; + } + break; } diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index c98e650fcc..9b18dae4f5 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -19,11 +19,14 @@ struct dssync_context; -typedef NTSTATUS (*dssync_processing_fn_t)(TALLOC_CTX *, - struct drsuapi_DsReplicaObjectListItemEx *, - struct drsuapi_DsReplicaOIDMapping_Ctr *, - bool, - struct dssync_context *ctx); +struct dssync_ops { + NTSTATUS (*startup)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx); + NTSTATUS (*process_objects)(struct dssync_context *ctx, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *objects, + struct drsuapi_DsReplicaOIDMapping_Ctr *mappings); + NTSTATUS (*finish)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx); +}; struct dssync_context { const char *domain_name; @@ -34,14 +37,12 @@ struct dssync_context { DATA_BLOB session_key; const char *output_filename; - dssync_processing_fn_t processing_fn; + void *private_data; + + const struct dssync_ops *ops; char *result_message; char *error_message; }; -NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, - struct drsuapi_DsReplicaObjectListItemEx *cur, - struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, - bool last_query, - struct dssync_context *ctx); +extern const struct dssync_ops libnet_dssync_keytab_ops; diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 132a58d353..d59efe74fb 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -22,6 +22,48 @@ #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) +static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +{ + krb5_error_code ret = 0; + struct libnet_keytab_context *keytab_ctx; + + ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); + if (ret) { + return krb5_to_nt_status(ret); + } + + keytab_ctx->dns_domain_name = ctx->dns_domain_name; + ctx->private_data = keytab_ctx; + + return NT_STATUS_OK; +} + +static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +{ + NTSTATUS status = NT_STATUS_OK; + krb5_error_code ret = 0; + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; + + ret = libnet_keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); + goto done; + } + + ctx->result_message = talloc_asprintf(mem_ctx, + "Vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + +done: + TALLOC_FREE(keytab_ctx); + return status; +} + /**************************************************************** ****************************************************************/ @@ -171,27 +213,14 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, - struct drsuapi_DsReplicaObjectListItemEx *cur, - struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, - bool last_query, - struct dssync_context *ctx) +static NTSTATUS keytab_process_objects(struct dssync_context *ctx, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr) { NTSTATUS status = NT_STATUS_OK; - krb5_error_code ret = 0; - static struct libnet_keytab_context *keytab_ctx = NULL; - - if (!keytab_ctx) { - ret = libnet_keytab_init(mem_ctx, - ctx->output_filename, - &keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - goto out; - } - - keytab_ctx->dns_domain_name = ctx->dns_domain_name; - } + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; for (; cur; cur = cur->next_object) { status = parse_object(mem_ctx, keytab_ctx, cur); @@ -200,41 +229,33 @@ NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, } } - if (last_query) { - - ret = libnet_keytab_add(keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to add entries to keytab %s: %s", - keytab_ctx->keytab_name, error_message(ret)); - goto out; - } - - ctx->result_message = talloc_asprintf(mem_ctx, - "Vampired %d accounts to keytab %s", - keytab_ctx->count, - keytab_ctx->keytab_name); - - TALLOC_FREE(keytab_ctx); - } - - return NT_STATUS_OK; out: - TALLOC_FREE(keytab_ctx); - return status; } #else -NTSTATUS libnet_dssync_dump_keytab(TALLOC_CTX *mem_ctx, - struct drsuapi_DsReplicaObjectListItemEx *cur, - struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr, - bool last_query, - struct dssync_context *ctx) +static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) { return NT_STATUS_NOT_SUPPORTED; } +static NTSTATUS keytab_process_objects(struct dssync_context *ctx, + TALLOC_CTX *mem_ctx, + struct drsuapi_DsReplicaObjectListItemEx *cur, + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr) +{ + return NT_STATUS_NOT_SUPPORTED; +} #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ + +const struct dssync_ops libnet_dssync_keytab_ops = { + .startup = keytab_startup, + .process_objects = keytab_process_objects, + .finish = keytab_finish, +}; -- cgit From 2473888daa3a732fdb7ae69729ab7e3490ffac64 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jul 2008 23:08:40 +0200 Subject: dssync keytab: refactor adding entry to keytab_context out into new function add_to_keytab_entries() Michael (This used to be commit 79151db6eae234a1f9e5131b7776689a4f03a0ef) --- source3/libnet/libnet_dssync_keytab.c | 38 ++++++++++++++++++++++++++--------- 1 file changed, 28 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index d59efe74fb..c502211b45 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -22,6 +22,29 @@ #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) +static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, + struct libnet_keytab_context *ctx, + uint32_t kvno, + const char *name, + DATA_BLOB blob) +{ + struct libnet_keytab_entry entry; + + entry.kvno = kvno; + entry.name = talloc_strdup(mem_ctx, name); + entry.principal = talloc_asprintf(mem_ctx, "%s@%s", + name, ctx->dns_domain_name); + entry.password = blob; + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, + &ctx->entries, &ctx->count); + + return NT_STATUS_OK; +} + static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) { krb5_error_code ret = 0; @@ -166,17 +189,12 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUGADD(1,("\n")); - entry.kvno = kvno; - entry.name = talloc_strdup(mem_ctx, name); - entry.principal = talloc_asprintf(mem_ctx, "%s@%s", - name, ctx->dns_domain_name); - entry.password = data_blob_talloc(mem_ctx, nt_passwd, 16); - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, + data_blob_talloc(mem_ctx, nt_passwd, 16)); - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); + if (!NT_STATUS_IS_OK(status)) { + return status; + } if ((kvno < 0) && (kvno < pwd_history_len)) { return status; -- cgit From c1b9eb278fcc37cc9d286c830236af4532a5bf76 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jul 2008 23:10:20 +0200 Subject: dssync keytab: add check for success of ADD_TO_ARRAY(). Michael (This used to be commit e6f6e61da46f02bb2676c705974adc26bdfa2623) --- source3/libnet/libnet_dssync_keytab.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index c502211b45..a2ce8ddcaa 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -41,6 +41,7 @@ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, &ctx->entries, &ctx->count); + NT_STATUS_HAVE_NO_MEMORY(ctx->entries); return NT_STATUS_OK; } -- cgit From 764691fdd141c5f362594dfcf54034f37e727fea Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jul 2008 23:12:31 +0200 Subject: dssync keytab: add prefix parameter to add_to_keytab_entries() for flexibility. This will allow to construct principals of the form PREFIX/name@domain Michael (This used to be commit 7dd32b56a65574db95f4a0e136f54bd73862c59f) --- source3/libnet/libnet_dssync_keytab.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index a2ce8ddcaa..eb3a936bcd 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -26,13 +26,16 @@ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, struct libnet_keytab_context *ctx, uint32_t kvno, const char *name, + const char *prefix, DATA_BLOB blob) { struct libnet_keytab_entry entry; entry.kvno = kvno; entry.name = talloc_strdup(mem_ctx, name); - entry.principal = talloc_asprintf(mem_ctx, "%s@%s", + entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s", + prefix ? prefix : "", + prefix ? "/" : "", name, ctx->dns_domain_name); entry.password = blob; NT_STATUS_HAVE_NO_MEMORY(entry.name); @@ -190,7 +193,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUGADD(1,("\n")); - status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, + status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, data_blob_talloc(mem_ctx, nt_passwd, 16)); if (!NT_STATUS_IS_OK(status)) { -- cgit From 7bd3ea0b6f53ff90af4483d5a27bb4986e8e1209 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 24 Jul 2008 00:30:07 +0200 Subject: dssync keytab: use add_to_keytab_entries() for pwd history in parse_object(). Michael (This used to be commit 61f071de92a7011c70f72dc31fef4430ffb1515a) --- source3/libnet/libnet_dssync_keytab.c | 18 +++++------------- 1 file changed, 5 insertions(+), 13 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index eb3a936bcd..b1f0a35d8b 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -100,7 +100,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, { NTSTATUS status = NT_STATUS_OK; uchar nt_passwd[16]; - struct libnet_keytab_entry entry; DATA_BLOB *blob; int i = 0; struct drsuapi_DsReplicaAttribute *attr; @@ -215,18 +214,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } for (; idns_domain_name); - entry.password = data_blob_talloc(mem_ctx, &pwd_history[i*16], 16); - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); + status = add_to_keytab_entries(mem_ctx, ctx, kvno--, name, NULL, + data_blob_talloc(mem_ctx, &pwd_history[i*16], 16)); + if (!NT_STATUS_IS_OK(status)) { + break; + } } return status; -- cgit From 54d6ae09e268e169ee7f0f5ab02a465b030f4ba4 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 00:53:13 +0200 Subject: libnet_keytab: add a libnet_keytab_search() function that searches and fetches an entry from a keytab file by principal and kvno. This code is by metze. Michael (This used to be commit a51a60066b6703fc4e5db3536903abf1cdaca885) --- source3/libnet/libnet_keytab.c | 77 ++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_proto.h | 4 +++ 2 files changed, 81 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 02c2b6f761..cec39273e3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -141,4 +141,81 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) #endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ } +struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, + const char *principal, int kvno, + TALLOC_CTX *mem_ctx) +{ + krb5_error_code ret = 0; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + struct libnet_keytab_entry *entry = NULL; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + return NULL; + } + + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); + if (ret) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + + if (strcmp(principal, princ_s) != 0) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + continue; + } + + entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); + if (!entry) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + break; + } + + entry->name = talloc_strdup(entry, princ_s); + if (!entry->name) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + entry->principal = talloc_strdup(entry, princ_s); + if (!entry->principal) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); + if (!entry->password.data) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + } + + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + break; + } + + krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + return entry; +} + #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index ddd730b1a8..65d37b0ab8 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -50,6 +50,10 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, const char *keytab_name, struct libnet_keytab_context **ctx); krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx); + +struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, + const char *principal, int kvno, + TALLOC_CTX *mem_ctx); #endif /* The following definitions come from libnet/libnet_samsync.c */ -- cgit From 0db26805da4f62c313237e762a81cebbe0f0357c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 00:54:35 +0200 Subject: dssync keytab: add support for keeping track of the up-to-date-ness vector. The startup operation should get the old up-to-date-ness vector from the backend and the finish operation should store the new vector to the backend after replication. This adds the change of the signatures of the operations ot the dssync_ops struct and the implementation for the keytab ops. The up-to-date-ness vector is stored under the principal constructed as UTDV/$naming_context_dn@$dns_domain_name. The vector is still uninterpreted in libnet_dssync_process(). This will be the next step... This code is essentially by Metze. Michael (This used to be commit 01318fb27a1aa9e5fed0d4dd882a123ab568ac37) --- source3/libnet/libnet_dssync.c | 4 +-- source3/libnet/libnet_dssync.h | 6 ++-- source3/libnet/libnet_dssync_keytab.c | 65 ++++++++++++++++++++++++++++++++--- 3 files changed, 67 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index f33369ee4b..9801ec76d0 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -355,7 +355,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, nc.guid = GUID_zero(); nc.sid = null_sid; - status = ctx->ops->startup(ctx, mem_ctx); + status = ctx->ops->startup(ctx, mem_ctx, NULL); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call startup operation: %s", @@ -489,7 +489,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } } - status = ctx->ops->finish(ctx, mem_ctx); + status = ctx->ops->finish(ctx, mem_ctx, NULL); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call finishing operation: %s", diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 9b18dae4f5..16b84ad32c 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -20,12 +20,14 @@ struct dssync_context; struct dssync_ops { - NTSTATUS (*startup)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx); + NTSTATUS (*startup)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob **pold_utdv); NTSTATUS (*process_objects)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaObjectListItemEx *objects, struct drsuapi_DsReplicaOIDMapping_Ctr *mappings); - NTSTATUS (*finish)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx); + NTSTATUS (*finish)(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob *new_utdv); }; struct dssync_context { diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index b1f0a35d8b..37a4a4e88e 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -19,6 +19,7 @@ #include "includes.h" #include "libnet/libnet.h" +#include "librpc/gen_ndr/ndr_drsblobs.h" #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) @@ -49,10 +50,14 @@ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob **pold_utdv) { krb5_error_code ret = 0; struct libnet_keytab_context *keytab_ctx; + struct libnet_keytab_entry *entry; + struct replUpToDateVectorBlob *old_utdv = NULL; + char *principal; ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); if (ret) { @@ -62,16 +67,66 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) keytab_ctx->dns_domain_name = ctx->dns_domain_name; ctx->private_data = keytab_ctx; + principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", + ctx->nc_dn, ctx->dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(principal); + + entry = libnet_keytab_search(keytab_ctx, principal, 0, mem_ctx); + if (entry) { + enum ndr_err_code ndr_err; + old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob); + + ndr_err = ndr_pull_struct_blob(&entry->password, old_utdv, + old_utdv, + (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + NTSTATUS status = ndr_map_error2ntstatus(ndr_err); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to pull UpToDateVector: %s", + nt_errstr(status)); + return status; + } + + NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv); + } + + if (pold_utdv) { + *pold_utdv = old_utdv; + } + return NT_STATUS_OK; } -static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob *new_utdv) { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; struct libnet_keytab_context *keytab_ctx = (struct libnet_keytab_context *)ctx->private_data; + if (new_utdv) { + enum ndr_err_code ndr_err; + DATA_BLOB blob; + + NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); + ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv, + (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to push UpToDateVector: %s", + nt_errstr(status)); + goto done; + } + + status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, + ctx->nc_dn, "UTDV", blob); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + ret = libnet_keytab_add(keytab_ctx); if (ret) { status = krb5_to_nt_status(ret); @@ -249,12 +304,14 @@ static NTSTATUS keytab_process_objects(struct dssync_context *ctx, #else -static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob **pold_utdv) { return NT_STATUS_NOT_SUPPORTED; } -static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx) +static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, + struct replUpToDateVectorBlob *new_utdv) { return NT_STATUS_NOT_SUPPORTED; } -- cgit From 9f6af6fe7c36f12c6871ba654ee470d2ff951803 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 11:54:32 +0200 Subject: dssync keytab: wrap printing of the uptodate vector in DEBUGLEVEL >= 10 checks Michael (This used to be commit 7fabe2567d0bd12fe3ade1d00b94b6c403fe79b5) --- source3/libnet/libnet_dssync_keytab.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 37a4a4e88e..ac94d24447 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -87,7 +87,9 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, return status; } - NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv); + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(replUpToDateVectorBlob, old_utdv); + } } if (pold_utdv) { @@ -109,7 +111,10 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, enum ndr_err_code ndr_err; DATA_BLOB blob; - NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); + } + ndr_err = ndr_push_struct_blob(&blob, mem_ctx, new_utdv, (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From 55b2d50926e0d779193a380a5aa67dc7e57f1d7e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 13:02:31 +0200 Subject: dssync: add a drsuapi_DsBindInfo28 struct to the dssync_context struct to keep track of what the server told us upon DsBind. Michael (This used to be commit bf17d6af6104d20019a43e5486257085b9786793) --- source3/libnet/libnet_dssync.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 16b84ad32c..2456803248 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -38,6 +38,7 @@ struct dssync_context { struct policy_handle bind_handle; DATA_BLOB session_key; const char *output_filename; + struct drsuapi_DsBindInfo28 remote_info28; void *private_data; -- cgit From 0f98b9948389c6662d484646b4a2aeee199e9431 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 13:04:04 +0200 Subject: dssync: record the bind info in the new remote_info28 in libnet_dssync_bind(). This extracts the info24 data in case this is what was returned (instead of info28). E.g. windows 2000 returns info24. Michael (This used to be commit 61b41aa615d5d46305653845584df7b1803f07ec) --- source3/libnet/libnet_dssync.c | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 9801ec76d0..35f420c901 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -241,6 +241,35 @@ static NTSTATUS libnet_dssync_bind(TALLOC_CTX *mem_ctx, return werror_to_ntstatus(werr); } + ZERO_STRUCT(ctx->remote_info28); + switch (bind_info.length) { + case 24: { + struct drsuapi_DsBindInfo24 *info24; + info24 = &bind_info.info.info24; + ctx->remote_info28.site_guid = info24->site_guid; + ctx->remote_info28.supported_extensions = info24->supported_extensions; + ctx->remote_info28.pid = info24->pid; + ctx->remote_info28.repl_epoch = 0; + break; + } + case 28: + ctx->remote_info28 = bind_info.info.info28; + break; + case 48: { + struct drsuapi_DsBindInfo48 *info48; + info48 = &bind_info.info.info48; + ctx->remote_info28.site_guid = info48->site_guid; + ctx->remote_info28.supported_extensions = info48->supported_extensions; + ctx->remote_info28.pid = info48->pid; + ctx->remote_info28.repl_epoch = info48->repl_epoch; + break; + } + default: + DEBUG(1, ("Warning: invalid info length in bind info: %d\n", + bind_info.length)); + break; + } + return status; } -- cgit From 26cceb81188f2fa59f13441ff982725dbf9f0539 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 13:05:43 +0200 Subject: dssync: either use the req5 or the req8 request, depending on the supported_extenstion that have been recorded in the remote_info28 in the dssync_context. Michael (This used to be commit 3a2a69137e69c4bd0faa6af22d17e11dac022049) --- source3/libnet/libnet_dssync.c | 32 ++++++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 8 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 35f420c901..1bec903427 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -376,6 +376,11 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; int32_t out_level = 0; int y; + uint32_t replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | + DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP | + DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS | + DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS | + DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED; ZERO_STRUCT(null_sid); ZERO_STRUCT(req); @@ -392,14 +397,21 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - req.req8.naming_context = &nc; - req.req8.replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | - DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP | - DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS | - DRSUAPI_DS_REPLICA_NEIGHBOUR_RETURN_OBJECT_PARENTS | - DRSUAPI_DS_REPLICA_NEIGHBOUR_NEVER_SYNCED; - req.req8.max_object_count = 402; - req.req8.max_ndr_size = 402116; + if (ctx->remote_info28.supported_extensions + & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) + { + level = 8; + req.req8.naming_context = &nc; + req.req8.replica_flags = replica_flags; + req.req8.max_object_count = 402; + req.req8.max_ndr_size = 402116; + } else { + level = 5; + req.req5.naming_context = &nc; + req.req5.replica_flags = replica_flags; + req.req5.max_object_count = 402; + req.req5.max_ndr_size = 402116; + } for (y=0; ;y++) { @@ -409,6 +421,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, (long long)req.req8.highwatermark.tmp_highest_usn, (long long)req.req8.highwatermark.highest_usn)); + } else if (level == 5) { + DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, + (long long)req.req5.highwatermark.tmp_highest_usn, + (long long)req.req5.highwatermark.highest_usn)); } status = rpccli_drsuapi_DsGetNCChanges(ctx->cli, mem_ctx, -- cgit From 55791799b54e947c6ef825a05a0d141fc1436b9e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 13:32:19 +0200 Subject: dssync: skip analysis of the msDS_KeyVersionNumber attribute: It is a calculated attribute that won't get distributed via replication. Michael (This used to be commit d75b7a2052f1e447f2b3b63fdb054abef4403edf) --- source3/libnet/libnet_dssync_keytab.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index ac94d24447..350aa03320 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -216,9 +216,6 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, pwd_history_len = blob->length / 16; pwd_history = blob->data; break; - case DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber: - kvno = IVAL(blob->data, 0); - break; case DRSUAPI_ATTRIBUTE_userPrincipalName: pull_string_talloc(mem_ctx, NULL, 0, &upn, blob->data, blob->length, -- cgit From 4d946b5932faa89cc1f48b1d13c4c8357e47d83e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 01:05:06 +0200 Subject: dssync: pass uptodateness vector into and out of DsGetNCChanges request. Also store the new uptodateness vector in the backend after completion and retrieve the old vector before sending the DsGetNCChanges request. This effectively accomplishes differential replication. Michael (This used to be commit a2a88808df16d153f45337b740391d419d87e87a) --- source3/libnet/libnet_dssync.c | 44 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 1bec903427..54bdbb7b22 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -374,6 +374,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; + struct replUpToDateVectorBlob *old_utdv = NULL; + struct drsuapi_DsReplicaCursorCtrEx cursors; + struct drsuapi_DsReplicaCursorCtrEx *pcursors = NULL; + struct replUpToDateVectorBlob new_utdv; int32_t out_level = 0; int y; uint32_t replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | @@ -389,7 +393,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, nc.guid = GUID_zero(); nc.sid = null_sid; - status = ctx->ops->startup(ctx, mem_ctx, NULL); + status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call startup operation: %s", @@ -397,6 +401,30 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } + if (old_utdv) { + pcursors = &cursors; + ZERO_STRUCTP(pcursors); + + switch (old_utdv->version) { + case 1: + pcursors->count = old_utdv->ctr.ctr1.count; + pcursors->cursors = old_utdv->ctr.ctr1.cursors; + break; + case 2: + pcursors->count = old_utdv->ctr.ctr2.count; + pcursors->cursors = talloc_array(mem_ctx, + struct drsuapi_DsReplicaCursor, + pcursors->count); + for (y = 0; y < pcursors->count; y++) { + pcursors->cursors[y].source_dsa_invocation_id = + old_utdv->ctr.ctr2.cursors[y].source_dsa_invocation_id; + pcursors->cursors[y].highest_usn = + old_utdv->ctr.ctr2.cursors[y].highest_usn; + } + break; + } + } + if (ctx->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { @@ -405,12 +433,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, req.req8.replica_flags = replica_flags; req.req8.max_object_count = 402; req.req8.max_ndr_size = 402116; + req.req8.uptodateness_vector = pcursors; } else { level = 5; req.req5.naming_context = &nc; req.req5.replica_flags = replica_flags; req.req5.max_object_count = 402; req.req5.max_ndr_size = 402116; + req.req5.uptodateness_vector = pcursors; } for (y=0; ;y++) { @@ -491,6 +521,11 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, if (!last_query) { continue; } + + ZERO_STRUCT(new_utdv); + new_utdv.version = 1; + new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count; + new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors; } if (level_out == 6) { @@ -532,9 +567,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, if (!last_query) { continue; } + + ZERO_STRUCT(new_utdv); + new_utdv.version = 2; + new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count; + new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors; } - status = ctx->ops->finish(ctx, mem_ctx, NULL); + status = ctx->ops->finish(ctx, mem_ctx, &new_utdv); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call finishing operation: %s", -- cgit From d42160f9de385693f12c54bf6c53652e64d113cb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 18 Jul 2008 00:18:40 +0200 Subject: dssync: allow replications of a single obj with net rpc vampire keytab. This is triggered by setting the new "single" flag in the dssync_context and filling the "object_dn" member with the dn of the object to be fetched. This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ extended operation in the DsGetNCCHanges request. This variant does honor an up-to-date-ness vectore passed in, but the answer does not return a new up-to-dateness vector. Call this operation as "net rpc vampire keytab /path/keytab object_dn" . Michael (This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0) --- source3/libnet/libnet_dssync.c | 32 ++++++++++++++++++++++++++------ source3/libnet/libnet_dssync.h | 2 ++ 2 files changed, 28 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 54bdbb7b22..fa2bb2de14 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -378,6 +378,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaCursorCtrEx cursors; struct drsuapi_DsReplicaCursorCtrEx *pcursors = NULL; struct replUpToDateVectorBlob new_utdv; + struct replUpToDateVectorBlob *pnew_utdv = NULL; int32_t out_level = 0; int y; uint32_t replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | @@ -389,10 +390,18 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ZERO_STRUCT(null_sid); ZERO_STRUCT(req); - nc.dn = ctx->nc_dn; + if (ctx->single && ctx->object_dn) { + nc.dn = ctx->object_dn; + } else { + nc.dn = ctx->nc_dn; + } nc.guid = GUID_zero(); nc.sid = null_sid; + if (!ctx->single) { + pnew_utdv = &new_utdv; + } + status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, @@ -434,6 +443,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, req.req8.max_object_count = 402; req.req8.max_ndr_size = 402116; req.req8.uptodateness_vector = pcursors; + if (ctx->single) { + req.req8.extended_op = DRSUAPI_EXOP_REPL_OBJ; + } } else { level = 5; req.req5.naming_context = &nc; @@ -441,6 +453,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, req.req5.max_object_count = 402; req.req5.max_ndr_size = 402116; req.req5.uptodateness_vector = pcursors; + if (ctx->single) { + req.req5.extended_op = DRSUAPI_EXOP_REPL_OBJ; + } } for (y=0; ;y++) { @@ -524,8 +539,10 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ZERO_STRUCT(new_utdv); new_utdv.version = 1; - new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count; - new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors; + if (ctr1->uptodateness_vector) { + new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count; + new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors; + } } if (level_out == 6) { @@ -570,11 +587,13 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ZERO_STRUCT(new_utdv); new_utdv.version = 2; - new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count; - new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors; + if (ctr6->uptodateness_vector) { + new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count; + new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors; + } } - status = ctx->ops->finish(ctx, mem_ctx, &new_utdv); + status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, "Failed to call finishing operation: %s", @@ -610,3 +629,4 @@ NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx, out: return status; } + diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 2456803248..13a68de4c7 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -35,6 +35,8 @@ struct dssync_context { const char *dns_domain_name; struct rpc_pipe_client *cli; const char *nc_dn; + bool single; + const char *object_dn; struct policy_handle bind_handle; DATA_BLOB session_key; const char *output_filename; -- cgit From f97ba38c3f2d85294eea67b12b9d7601e4f00803 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 28 Jul 2008 14:40:54 +0200 Subject: libnet_keytab: add enctype field to libnet_keytab_entry struct. In preparation of supporting more enctyption types in libnet_dssync_keytab. Michael (This used to be commit 2b000a2acde8a09dabb538bdf89d7b885ce361d2) --- source3/libnet/libnet_keytab.h | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h index 30f2f8d1a8..54b0c0017f 100644 --- a/source3/libnet/libnet_keytab.h +++ b/source3/libnet/libnet_keytab.h @@ -24,6 +24,7 @@ struct libnet_keytab_entry { const char *principal; DATA_BLOB password; uint32_t kvno; + krb5_enctype enctype; }; struct libnet_keytab_context { -- cgit From 363fd6e2971358b86b6e35dd71d2e3154a20106a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 28 Jul 2008 14:42:30 +0200 Subject: dssync keytab: add store enctypes in the libnet_keytype_entry structs. Still unused by the libnet_keytab_add() function. This will follow. In preparation of supporting multiple encryption types in libnet_dssync_keytab. Michael (This used to be commit 447b8b1122a35d4bc0ec0f88fb46d18cddcf6eb9) --- source3/libnet/libnet_dssync_keytab.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 350aa03320..cc53c983af 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -28,6 +28,7 @@ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, uint32_t kvno, const char *name, const char *prefix, + const krb5_enctype enctype, DATA_BLOB blob) { struct libnet_keytab_entry entry; @@ -38,6 +39,7 @@ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, prefix ? prefix : "", prefix ? "/" : "", name, ctx->dns_domain_name); + entry.enctype = enctype; entry.password = blob; NT_STATUS_HAVE_NO_MEMORY(entry.name); NT_STATUS_HAVE_NO_MEMORY(entry.principal); @@ -126,7 +128,8 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, } status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, - ctx->nc_dn, "UTDV", blob); + ctx->nc_dn, "UTDV", + ENCTYPE_NULL, blob); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -250,6 +253,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, DEBUGADD(1,("\n")); status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, + ENCTYPE_ARCFOUR_HMAC, data_blob_talloc(mem_ctx, nt_passwd, 16)); if (!NT_STATUS_IS_OK(status)) { @@ -272,6 +276,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, for (; i Date: Tue, 29 Jul 2008 10:16:37 +0200 Subject: libnet keytab: add enctype parameter to libnet_keytab_search(). Not really used yet. Note: callers use ENCTYPE_ARCFOUR_HMAC enctype for UTDV (for now). This is what is currently stored. This is to be changed to ENCTYPE_NULL. Michael (This used to be commit cb91d07413430e0e0a16846d2c44aae8c165400e) --- source3/libnet/libnet_dssync_keytab.c | 6 ++++-- source3/libnet/libnet_keytab.c | 1 + source3/libnet/libnet_proto.h | 1 + 3 files changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index cc53c983af..526bb73647 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -73,7 +73,8 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, ctx->nc_dn, ctx->dns_domain_name); NT_STATUS_HAVE_NO_MEMORY(principal); - entry = libnet_keytab_search(keytab_ctx, principal, 0, mem_ctx); + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_ARCFOUR_HMAC, + mem_ctx); if (entry) { enum ndr_err_code ndr_err; old_utdv = talloc(mem_ctx, struct replUpToDateVectorBlob); @@ -129,7 +130,8 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, ctx->nc_dn, "UTDV", - ENCTYPE_NULL, blob); + ENCTYPE_ARCFOUR_HMAC, + blob); if (!NT_STATUS_IS_OK(status)) { goto done; } diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index cec39273e3..e51cd05572 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -143,6 +143,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, const char *principal, int kvno, + const krb5_enctype enctype, TALLOC_CTX *mem_ctx) { krb5_error_code ret = 0; diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 65d37b0ab8..43046a44c0 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -53,6 +53,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx); struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, const char *principal, int kvno, + const const krb5_enctype enctype, TALLOC_CTX *mem_ctx); #endif -- cgit From 8003c93a278d5f892bd3bca032a00985e7012703 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 10:17:15 +0200 Subject: dssync keytab: add debugging output when skipping an object. Michael (This used to be commit f3c110097f2f6c5dd329f2ca595644c6a368a552) --- source3/libnet/libnet_dssync_keytab.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 526bb73647..e6cf08933d 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -242,7 +242,13 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } - if (!got_pwd || !name) { + if (!name) { + DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); + return NT_STATUS_OK; + } + + if (!got_pwd) { + DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); return NT_STATUS_OK; } -- cgit From 7d7e8907ca8720a5803e367f2fbedd582defbe15 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 12:54:46 +0200 Subject: dssync keytab: fix comma placement in debug output Michael (This used to be commit d21ea83f9392c8fa002d5b924dddca4190e82d09) --- source3/libnet/libnet_dssync_keytab.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index e6cf08933d..6784326baf 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -253,10 +253,10 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUG(1,("#%02d: %s:%d, ", ctx->count, name, kvno)); - DEBUGADD(1,("sAMAccountType: 0x%08x, userAccountControl: 0x%08x ", + DEBUGADD(1,("sAMAccountType: 0x%08x, userAccountControl: 0x%08x", sam_type, uacc)); if (upn) { - DEBUGADD(1,("upn: %s", upn)); + DEBUGADD(1,(", upn: %s", upn)); } DEBUGADD(1,("\n")); -- cgit From 31c67f939f37bb77a55dcbb28d8e2f17555131e1 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 12:55:19 +0200 Subject: dssync keytab: add parsing and logging of servicePrincipalName-s As with the userPrincipalName, this is for debugging purposes only (for now..). Michael (This used to be commit 7a1d526cba4c93bb858a60d04b6486507fc25398) --- source3/libnet/libnet_dssync_keytab.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 6784326baf..0d17fdad3d 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -171,6 +171,8 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, bool got_pwd = false; char *upn = NULL; + char **spn = NULL; + uint32_t num_spns = 0; char *name = NULL; uint32_t kvno = 0; uint32_t uacc = 0; @@ -185,6 +187,19 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, attr = &cur->object.attribute_ctr.attributes[i]; + if (attr->attid == DRSUAPI_ATTRIBUTE_servicePrincipalName) { + uint32_t count; + num_spns = attr->value_ctr.num_values; + spn = TALLOC_ARRAY(mem_ctx, char *, num_spns); + for (count = 0; count < num_spns; count++) { + blob = attr->value_ctr.values[count].blob; + pull_string_talloc(spn, NULL, 0, + &spn[count], + blob->data, blob->length, + STR_UNICODE); + } + } + if (attr->value_ctr.num_values != 1) { continue; } @@ -258,6 +273,13 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (upn) { DEBUGADD(1,(", upn: %s", upn)); } + if (num_spns > 0) { + DEBUGADD(1, (", spns: [")); + for (i = 0; i < num_spns; i++) { + DEBUGADD(1, ("%s%s", spn[i], + (i+1 == num_spns)?"]":", ")); + } + } DEBUGADD(1,("\n")); status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, -- cgit From 0f94a385807d7d018eaa97178d06fca4a5ad98cf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 13:32:17 +0200 Subject: libnet keytab: test for matching enctype in libnet_keytab_search(). Michael (This used to be commit 484b35f319178f360e406a1bc725dca2e9d95ee3) --- source3/libnet/libnet_keytab.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index e51cd05572..cc51c29326 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -167,6 +167,11 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c continue; } + if (kt_entry.key.enctype != enctype) { + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + continue; + } + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); if (ret) { smb_krb5_kt_free_entry(ctx->context, &kt_entry); -- cgit From 3fa9e5fdd45f4554e24f90f316dba55b7a787e0f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 14:39:40 +0200 Subject: libnet_keytab: cleanup libnet_keytab_search(). Michael (This used to be commit 344428d96c9be87eae1d715a8b8fcd6ad02142f8) --- source3/libnet/libnet_keytab.c | 55 +++++++++++++++++++++--------------------- 1 file changed, 27 insertions(+), 28 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index cc51c29326..175d243705 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -142,7 +142,8 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) } struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, - const char *principal, int kvno, + const char *principal, + int kvno, const krb5_enctype enctype, TALLOC_CTX *mem_ctx) { @@ -159,65 +160,63 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c return NULL; } - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) + { char *princ_s = NULL; if (kt_entry.vno != kvno) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } if (kt_entry.key.enctype != enctype) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, &princ_s); + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + &princ_s); if (ret) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - continue; + goto cont; } if (strcmp(principal, princ_s) != 0) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - continue; + goto cont; } entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); if (!entry) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - break; + goto fail; } entry->name = talloc_strdup(entry, princ_s); if (!entry->name) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } entry->principal = talloc_strdup(entry, princ_s); if (!entry->principal) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } - entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); + entry->password = data_blob_talloc(entry, kt_entry.key.contents, + kt_entry.key.length); if (!entry->password.data) { - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - TALLOC_FREE(entry); - break; + goto fail; } smb_krb5_kt_free_entry(ctx->context, &kt_entry); SAFE_FREE(princ_s); break; + +fail: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + TALLOC_FREE(entry); + break; + +cont: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + continue; } krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); -- cgit From 7205dd5d12476c265bb8cec26df78a531d750db6 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 22 Jul 2008 11:39:01 +0200 Subject: libnet keytab: add function libnet_keytab_remove_entries(). This can be used to remove entries of given principal, kvno and enctype. Michael (This used to be commit a6f61c05b270c82f4bfce8a6850f81a09ad29087) --- source3/libnet/libnet_keytab.c | 90 ++++++++++++++++++++++++++++++++++++++++++ source3/libnet/libnet_proto.h | 5 +++ 2 files changed, 95 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 175d243705..a748599c78 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -223,4 +223,94 @@ cont: return entry; } +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(ctx->context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 43046a44c0..26ffbfce8c 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,6 +55,11 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const const krb5_enctype enctype, TALLOC_CTX *mem_ctx); + +krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, + const char *principal, + int kvno, + const krb5_enctype enctype); #endif /* The following definitions come from libnet/libnet_samsync.c */ -- cgit From 86f91a2ba149c05f292aedf764ce83bcb49e5e57 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 14:13:37 +0200 Subject: dssync keytab: remove old UpToDateNess vectors from keytab before storing new one. Michael (This used to be commit 717bd6f6c3ec94e3b8b5845c43717a5fbd41c38f) --- source3/libnet/libnet_dssync_keytab.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 0d17fdad3d..cfcbb6f34c 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -113,6 +113,7 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (new_utdv) { enum ndr_err_code ndr_err; DATA_BLOB blob; + char *principal; if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); @@ -135,6 +136,24 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { goto done; } + + principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", + ctx->nc_dn, ctx->dns_domain_name); + if (!principal) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + ret = libnet_keytab_remove_entries(keytab_ctx, principal, + 0, ENCTYPE_ARCFOUR_HMAC); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to remove old UTDV entries from " + "keytab %s: %s", keytab_ctx->keytab_name, + error_message(ret)); + goto done; + } } ret = libnet_keytab_add(keytab_ctx); -- cgit From d74f57826aaa697745e8abc7537325963f2698b2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 14:15:07 +0200 Subject: dssync keytab: log the DN of the object to be parsed. For debugging purposes. Michael (This used to be commit 6913919e3a36ebff87a882ba589d36bcd0781ee6) --- source3/libnet/libnet_dssync_keytab.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index cfcbb6f34c..4875e8e5fa 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -202,6 +202,8 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, ZERO_STRUCT(nt_passwd); + DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn)); + for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { attr = &cur->object.attribute_ctr.attributes[i]; -- cgit From ca0cbabd36f894f94bdc0d95c670a6710906f9ac Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 15:19:18 +0200 Subject: libnet keytab: add function libnet_keytab_add_entry() This is a stripped down version of smb_krb5_kt_add_entry() that takes one explicit enctype instead of an array. And it does not neither salting of keys nor cleanup of old entries. Michael (This used to be commit c83e54f1eb3021d13fb0a3c3f6b556a338d2a8c3) --- source3/libnet/libnet_keytab.c | 54 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index a748599c78..0b8327c38f 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,60 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +static krb5_error_code libnet_keytab_add_entry(krb5_context context, + krb5_keytab keytab, + krb5_kvno kvno, + const char *princ_s, + krb5_enctype enctype, + krb5_data password) +{ + krb5_keyblock *keyp; + krb5_keytab_entry kt_entry; + krb5_error_code ret; + + ZERO_STRUCT(kt_entry); + + kt_entry.vno = kvno; + + ret = smb_krb5_parse_name(context, princ_s, &kt_entry.principal); + if (ret) { + DEBUG(1, ("smb_krb5_parse_name(%s) failed (%s)\n", + princ_s, error_message(ret))); + return ret; + } + +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (create_kerberos_key_from_string(context, kt_entry.principal, + &password, keyp, enctype, true)) + { + ret = KRB5KRB_ERR_GENERIC; + goto done; + } + + ret = krb5_kt_add_entry(context, keytab, &kt_entry); + if (ret) { + DEBUG(1, ("adding entry to keytab failed (%s)\n", + error_message(ret))); + } + +done: + krb5_free_keyblock_contents(context, keyp); + krb5_free_principal(context, kt_entry.principal); + ZERO_STRUCT(kt_entry); + smb_krb5_kt_free_entry(context, &kt_entry); + + return ret; +} + krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { #if defined(ENCTYPE_ARCFOUR_HMAC) -- cgit From ea8129b5f025050620ec6338cdaf369df69d729c Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 15:21:30 +0200 Subject: libnet keytab: use libnet_keytab_add_entry() in libnet_keytab_add(). This will in particular allow us to store ENCTYPE_NULL. Michael (This used to be commit 85c7e3ae29a6f25ed0b6917ff73baea9c6c905c6) --- source3/libnet/libnet_keytab.c | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 0b8327c38f..6fe718bb81 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -161,9 +161,7 @@ done: krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { -#if defined(ENCTYPE_ARCFOUR_HMAC) krb5_error_code ret = 0; - krb5_enctype enctypes[2] = { ENCTYPE_ARCFOUR_HMAC, 0 }; int i; for (i=0; icount; i++) { @@ -174,14 +172,12 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) password.data = (char *)entry->password.data; password.length = entry->password.length; - ret = smb_krb5_kt_add_entry_ext(ctx->context, - ctx->keytab, - entry->kvno, - entry->principal, - enctypes, - password, - true, - true); + ret = libnet_keytab_add_entry(ctx->context, + ctx->keytab, + entry->kvno, + entry->principal, + entry->enctype, + password); if (ret) { DEBUG(1,("libnet_keytab_add: " "Failed to add entry to keytab file\n")); @@ -190,9 +186,6 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) } return ret; -#else - return -1; -#endif /* defined(ENCTYPE_ARCFOUR_HMAC) */ } struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *ctx, -- cgit From e1fee8ca6deaa58dab80030826ce48725f5099e2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 15:23:12 +0200 Subject: dssync keytab: store the UpToDate vector with ENCTYPE_NULL. Michael (This used to be commit 9fbc3d49035123ec11cc2248f0b14661dd1e9b2d) --- source3/libnet/libnet_dssync_keytab.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 4875e8e5fa..03d5bf2348 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -73,7 +73,7 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, ctx->nc_dn, ctx->dns_domain_name); NT_STATUS_HAVE_NO_MEMORY(principal); - entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_ARCFOUR_HMAC, + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, mem_ctx); if (entry) { enum ndr_err_code ndr_err; @@ -131,7 +131,7 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, ctx->nc_dn, "UTDV", - ENCTYPE_ARCFOUR_HMAC, + ENCTYPE_NULL, blob); if (!NT_STATUS_IS_OK(status)) { goto done; @@ -145,7 +145,7 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, } ret = libnet_keytab_remove_entries(keytab_ctx, principal, - 0, ENCTYPE_ARCFOUR_HMAC); + 0, ENCTYPE_NULL); if (ret) { status = krb5_to_nt_status(ret); ctx->error_message = talloc_asprintf(mem_ctx, -- cgit From a6e5a5d71440ff6b66d49abb92200ef30dda9790 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 17:54:01 +0200 Subject: libnet_keytab: add some debug statements to libnet_keytab_search(). Michael (This used to be commit d3354c3516b56f254583f3dd065302b27d02af2b) --- source3/libnet/libnet_keytab.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 6fe718bb81..bc3163d6f6 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -204,6 +204,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); if (ret) { + DEBUG(10, ("krb5_kt_start_seq_get failed: %s", + error_message(ret))); return NULL; } @@ -231,25 +233,31 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c entry = talloc_zero(mem_ctx, struct libnet_keytab_entry); if (!entry) { + DEBUG(3, ("talloc failed\n")); goto fail; } entry->name = talloc_strdup(entry, princ_s); if (!entry->name) { + DEBUG(3, ("talloc_strdup_failed\n")); goto fail; } entry->principal = talloc_strdup(entry, princ_s); if (!entry->principal) { + DEBUG(3, ("talloc_strdup_failed\n")); goto fail; } entry->password = data_blob_talloc(entry, kt_entry.key.contents, kt_entry.key.length); if (!entry->password.data) { + DEBUG(3, ("data_blob_talloc failed\n")); goto fail; } + DEBUG(10, ("found entry\n")); + smb_krb5_kt_free_entry(ctx->context, &kt_entry); SAFE_FREE(princ_s); break; -- cgit From f6bc42d80c2e9350ca5ccf46887267d6509a2c76 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 18:05:13 +0200 Subject: dssync keytab: move handling of removal of duplicates to libnet_keytab_add_entry(). This makes libnet_keytab_remove_entries static and moves it up. libnet_keytab_add_entry() now removes the duplicates in advance. No special handling neede for the UTDV - this is also needed for other entries... Michael (This used to be commit 3c463745445f6b64017918f442bf1021be219e83) --- source3/libnet/libnet_dssync_keytab.c | 19 ---- source3/libnet/libnet_keytab.c | 189 ++++++++++++++++++---------------- source3/libnet/libnet_proto.h | 5 - 3 files changed, 99 insertions(+), 114 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 03d5bf2348..4bd4a79a00 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -113,7 +113,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (new_utdv) { enum ndr_err_code ndr_err; DATA_BLOB blob; - char *principal; if (DEBUGLEVEL >= 10) { NDR_PRINT_DEBUG(replUpToDateVectorBlob, new_utdv); @@ -136,24 +135,6 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { goto done; } - - principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", - ctx->nc_dn, ctx->dns_domain_name); - if (!principal) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - ret = libnet_keytab_remove_entries(keytab_ctx, principal, - 0, ENCTYPE_NULL); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to remove old UTDV entries from " - "keytab %s: %s", keytab_ctx->keytab_name, - error_message(ret)); - goto done; - } } ret = libnet_keytab_add(keytab_ctx); diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index bc3163d6f6..b427e879c3 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -105,6 +105,97 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ +/** + * Remove all entries that have the given principal, kvno and enctype. + */ +static krb5_error_code libnet_keytab_remove_entries(krb5_context context, + krb5_keytab keytab, + const char *principal, + int kvno, + const krb5_enctype enctype) +{ + krb5_error_code ret; + krb5_kt_cursor cursor; + krb5_keytab_entry kt_entry; + + ZERO_STRUCT(kt_entry); + ZERO_STRUCT(cursor); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + return 0; + } + + while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) + { + char *princ_s = NULL; + + if (kt_entry.vno != kvno) { + goto cont; + } + + if (kt_entry.key.enctype != enctype) { + goto cont; + } + + ret = smb_krb5_unparse_name(context, kt_entry.principal, + &princ_s); + if (ret) { + DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", + error_message(ret))); + goto cont; + } + + if (strcmp(principal, princ_s) != 0) { + goto cont; + } + + /* match found - remove */ + + DEBUG(10, ("found entry for principal %s, kvno %d, " + "enctype %d - trying to remove it\n", + princ_s, kt_entry.vno, kt_entry.key.enctype)); + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + ZERO_STRUCT(cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + + ret = krb5_kt_remove_entry(context, keytab, + &kt_entry); + if (ret) { + DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", + error_message(ret))); + goto cont; + } + DEBUG(10, ("removed entry for principal %s, kvno %d, " + "enctype %d\n", princ_s, kt_entry.vno, + kt_entry.key.enctype)); + + ret = krb5_kt_start_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", + error_message(ret))); + goto cont; + } + +cont: + smb_krb5_kt_free_entry(context, &kt_entry); + SAFE_FREE(princ_s); + } + + ret = krb5_kt_end_seq_get(context, keytab, &cursor); + if (ret) { + DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", + error_message(ret))); + } + + return ret; +} + static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab keytab, krb5_kvno kvno, @@ -116,6 +207,14 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, krb5_keytab_entry kt_entry; krb5_error_code ret; + /* remove duplicates first ... */ + ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, + enctype); + if (ret) { + DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", + error_message(ret))); + } + ZERO_STRUCT(kt_entry); kt_entry.vno = kvno; @@ -278,94 +377,4 @@ cont: return entry; } -/** - * Remove all entries that have the given principal, kvno and enctype. - */ -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype) -{ - krb5_error_code ret; - krb5_kt_cursor cursor; - krb5_keytab_entry kt_entry; - - ZERO_STRUCT(kt_entry); - ZERO_STRUCT(cursor); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - return 0; - } - - while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) - { - char *princ_s = NULL; - - if (kt_entry.vno != kvno) { - goto cont; - } - - if (kt_entry.key.enctype != enctype) { - goto cont; - } - - ret = smb_krb5_unparse_name(ctx->context, kt_entry.principal, - &princ_s); - if (ret) { - DEBUG(5, ("smb_krb5_unparse_name failed (%s)\n", - error_message(ret))); - goto cont; - } - - if (strcmp(principal, princ_s) != 0) { - goto cont; - } - - /* match found - remove */ - - DEBUG(10, ("found entry for principal %s, kvno %d, " - "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - ZERO_STRUCT(cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - - ret = krb5_kt_remove_entry(ctx->context, ctx->keytab, - &kt_entry); - if (ret) { - DEBUG(5, ("krb5_kt_remove_entry failed (%s)\n", - error_message(ret))); - goto cont; - } - DEBUG(10, ("removed entry for principal %s, kvno %d, " - "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); - - ret = krb5_kt_start_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_start_seq_get failed (%s)\n", - error_message(ret))); - goto cont; - } - -cont: - smb_krb5_kt_free_entry(ctx->context, &kt_entry); - SAFE_FREE(princ_s); - } - - ret = krb5_kt_end_seq_get(ctx->context, ctx->keytab, &cursor); - if (ret) { - DEBUG(5, ("krb5_kt_end_seq_get failed (%s)\n", - error_message(ret))); - } - - return ret; -} - #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 26ffbfce8c..43046a44c0 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,11 +55,6 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const const krb5_enctype enctype, TALLOC_CTX *mem_ctx); - -krb5_error_code libnet_keytab_remove_entries(struct libnet_keytab_context *ctx, - const char *principal, - int kvno, - const krb5_enctype enctype); #endif /* The following definitions come from libnet/libnet_samsync.c */ -- cgit From 260bbf13d20fa94923dc8841a06267bf0ea102a7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 18:07:07 +0200 Subject: dssync keytab: store the samaccountname in the keytab for diff replication. When retreiving a diff replication, the sAMAccountName attribute is usually not replicated. So in order to build the principle, we need to store the sAMAccounName in the keytab, referenced by the DN of the object, so that it can be retrieved if necessary. It is stored in the form of SAMACCOUNTNAME/object_dn@dns_domain_name with kvno=0 and ENCTYPE_NONE. Michael (This used to be commit 54e2dc1f4e0e2c7a6dcb171e51a608d831c8946e) --- source3/libnet/libnet_dssync_keytab.c | 60 ++++++++++++++++++++++++++++++++--- 1 file changed, 55 insertions(+), 5 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 4bd4a79a00..db98f63d1b 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -170,6 +170,7 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *attr; bool got_pwd = false; + char *object_dn = NULL; char *upn = NULL; char **spn = NULL; uint32_t num_spns = 0; @@ -183,7 +184,12 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, ZERO_STRUCT(nt_passwd); - DEBUG(3, ("parsing object '%s'\n", cur->object.identifier->dn)); + object_dn = talloc_strdup(mem_ctx, cur->object.identifier->dn); + if (!object_dn) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(3, ("parsing object '%s'\n", object_dn)); for (i=0; i < cur->object.attribute_ctr.num_attributes; i++) { @@ -259,13 +265,57 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } } - if (!name) { - DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); + if (!got_pwd) { + DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); return NT_STATUS_OK; } - if (!got_pwd) { - DEBUG(10, ("no password (unicodePwd) found - skipping.\n")); + if (name) { + status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, + "SAMACCOUNTNAME", + ENCTYPE_NULL, + data_blob_talloc(mem_ctx, name, + strlen(name) + 1)); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + /* look into keytab ... */ + struct libnet_keytab_entry *entry = NULL; + char *principal = NULL; + + DEBUG(10, ("looking for SAMACCOUNTNAME/%s@%s in keytayb...\n", + object_dn, ctx->dns_domain_name)); + + principal = talloc_asprintf(mem_ctx, "%s/%s@%s", + "SAMACCOUNTNAME", + object_dn, + ctx->dns_domain_name); + if (!principal) { + DEBUG(1, ("talloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + entry = libnet_keytab_search(ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry) { + name = (char *)TALLOC_MEMDUP(mem_ctx, + entry->password.data, + entry->password.length); + if (!name) { + DEBUG(1, ("talloc failed!")); + return NT_STATUS_NO_MEMORY; + } else { + DEBUG(10, ("found name %s\n", name)); + } + TALLOC_FREE(entry); + } else { + DEBUG(10, ("entry not found\n")); + } + TALLOC_FREE(principal); + } + + if (!name) { + DEBUG(10, ("no name (sAMAccountName) found - skipping.\n")); return NT_STATUS_OK; } -- cgit From c655e295efce4b3f637f1be2c1d79bf1c16bac7b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 22:52:59 +0200 Subject: vampire keytab: add switch --repl-nodiff to trigger full replication. I.e. replication without keeping track of the up to date vector. Michael (This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac) --- source3/libnet/libnet_dssync.c | 2 +- source3/libnet/libnet_dssync.h | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index fa2bb2de14..cb8fa80ffa 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -410,7 +410,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (old_utdv) { + if (!ctx->repl_nodiff && old_utdv) { pcursors = &cursors; ZERO_STRUCTP(pcursors); diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 13a68de4c7..7869b1620a 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -36,6 +36,7 @@ struct dssync_context { struct rpc_pipe_client *cli; const char *nc_dn; bool single; + bool repl_nodiff; const char *object_dn; struct policy_handle bind_handle; DATA_BLOB session_key; -- cgit From 58e0b8d56859ff179387025424af69f3fc3f61d8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 10:27:00 +0200 Subject: libnet dssync: refactor creation of request out into new function libnet_dssync_build_request(). Michael (This used to be commit d745c1af405058ec23d7d0c139505576a99f9057) --- source3/libnet/libnet_dssync.c | 186 +++++++++++++++++++++++++++-------------- 1 file changed, 122 insertions(+), 64 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index cb8fa80ffa..b93f906de2 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -359,28 +359,21 @@ static NTSTATUS libnet_dssync_init(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, - struct dssync_context *ctx) +static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx, + const char *dn, + struct replUpToDateVectorBlob *utdv, + int32_t level, + union drsuapi_DsGetNCChangesRequest *preq) { NTSTATUS status; - WERROR werr; - - int32_t level = 8; - int32_t level_out = 0; + uint32_t count; union drsuapi_DsGetNCChangesRequest req; - union drsuapi_DsGetNCChangesCtr ctr; - struct drsuapi_DsReplicaObjectIdentifier nc; struct dom_sid null_sid; + enum drsuapi_DsExtendedOperation extended_op; + struct drsuapi_DsReplicaObjectIdentifier *nc = NULL; + struct drsuapi_DsReplicaCursorCtrEx *cursors = NULL; - struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; - struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; - struct replUpToDateVectorBlob *old_utdv = NULL; - struct drsuapi_DsReplicaCursorCtrEx cursors; - struct drsuapi_DsReplicaCursorCtrEx *pcursors = NULL; - struct replUpToDateVectorBlob new_utdv; - struct replUpToDateVectorBlob *pnew_utdv = NULL; - int32_t out_level = 0; - int y; uint32_t replica_flags = DRSUAPI_DS_REPLICA_NEIGHBOUR_WRITEABLE | DRSUAPI_DS_REPLICA_NEIGHBOUR_SYNC_ON_STARTUP | DRSUAPI_DS_REPLICA_NEIGHBOUR_DO_SCHEDULED_SYNCS | @@ -390,18 +383,104 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, ZERO_STRUCT(null_sid); ZERO_STRUCT(req); - if (ctx->single && ctx->object_dn) { - nc.dn = ctx->object_dn; + nc = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier); + if (!nc) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + nc->dn = dn; + nc->guid = GUID_zero(); + nc->sid = null_sid; + + if (!ctx->repl_nodiff && utdv) { + cursors = TALLOC_ZERO_P(mem_ctx, + struct drsuapi_DsReplicaCursorCtrEx); + if (!cursors) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + + switch (utdv->version) { + case 1: + cursors->count = utdv->ctr.ctr1.count; + cursors->cursors = utdv->ctr.ctr1.cursors; + break; + case 2: + cursors->count = utdv->ctr.ctr2.count; + cursors->cursors = talloc_array(cursors, + struct drsuapi_DsReplicaCursor, + cursors->count); + if (!cursors->cursors) { + status = NT_STATUS_NO_MEMORY; + goto fail; + } + for (count = 0; count < cursors->count; count++) { + cursors->cursors[count].source_dsa_invocation_id = + utdv->ctr.ctr2.cursors[count].source_dsa_invocation_id; + cursors->cursors[count].highest_usn = + utdv->ctr.ctr2.cursors[count].highest_usn; + } + break; + } + } + + if (ctx->single) { + extended_op = DRSUAPI_EXOP_REPL_OBJ; } else { - nc.dn = ctx->nc_dn; + extended_op = DRSUAPI_EXOP_NONE; } - nc.guid = GUID_zero(); - nc.sid = null_sid; - if (!ctx->single) { - pnew_utdv = &new_utdv; + if (level == 8) { + req.req8.naming_context = nc; + req.req8.replica_flags = replica_flags; + req.req8.max_object_count = 402; + req.req8.max_ndr_size = 402116; + req.req8.uptodateness_vector = cursors; + req.req8.extended_op = extended_op; + } else if (level == 5) { + req.req5.naming_context = nc; + req.req5.replica_flags = replica_flags; + req.req5.max_object_count = 402; + req.req5.max_ndr_size = 402116; + req.req5.uptodateness_vector = cursors; + req.req5.extended_op = extended_op; + } else { + status = NT_STATUS_INVALID_PARAMETER; + goto fail; } + if (preq) { + *preq = req; + } + + return NT_STATUS_OK; + +fail: + TALLOC_FREE(nc); + TALLOC_FREE(cursors); + return status; +} + +static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + WERROR werr; + + int32_t level; + int32_t level_out = 0; + union drsuapi_DsGetNCChangesRequest req; + union drsuapi_DsGetNCChangesCtr ctr; + + struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; + struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; + struct replUpToDateVectorBlob *old_utdv = NULL; + struct replUpToDateVectorBlob new_utdv; + struct replUpToDateVectorBlob *pnew_utdv = NULL; + int32_t out_level = 0; + int y; + const char *dn; + status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, @@ -410,52 +489,31 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (!ctx->repl_nodiff && old_utdv) { - pcursors = &cursors; - ZERO_STRUCTP(pcursors); - - switch (old_utdv->version) { - case 1: - pcursors->count = old_utdv->ctr.ctr1.count; - pcursors->cursors = old_utdv->ctr.ctr1.cursors; - break; - case 2: - pcursors->count = old_utdv->ctr.ctr2.count; - pcursors->cursors = talloc_array(mem_ctx, - struct drsuapi_DsReplicaCursor, - pcursors->count); - for (y = 0; y < pcursors->count; y++) { - pcursors->cursors[y].source_dsa_invocation_id = - old_utdv->ctr.ctr2.cursors[y].source_dsa_invocation_id; - pcursors->cursors[y].highest_usn = - old_utdv->ctr.ctr2.cursors[y].highest_usn; - } - break; - } - } - if (ctx->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) { level = 8; - req.req8.naming_context = &nc; - req.req8.replica_flags = replica_flags; - req.req8.max_object_count = 402; - req.req8.max_ndr_size = 402116; - req.req8.uptodateness_vector = pcursors; - if (ctx->single) { - req.req8.extended_op = DRSUAPI_EXOP_REPL_OBJ; - } } else { level = 5; - req.req5.naming_context = &nc; - req.req5.replica_flags = replica_flags; - req.req5.max_object_count = 402; - req.req5.max_ndr_size = 402116; - req.req5.uptodateness_vector = pcursors; - if (ctx->single) { - req.req5.extended_op = DRSUAPI_EXOP_REPL_OBJ; - } + } + + if (ctx->single && ctx->object_dn) { + dn = ctx->object_dn; + } else { + dn = ctx->nc_dn; + } + + status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, level, + &req); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to build DsGetNCChanges request: %s", + nt_errstr(status)); + goto out; + } + + if (!ctx->single) { + pnew_utdv = &new_utdv; } for (y=0; ;y++) { -- cgit From 9e1eccc9112eb64cfd64781941811267a02866de Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 12:00:49 +0200 Subject: libnet dssync: simplify logic of libnet_dssync_process() main loop. Untangle parsing of results and processing. Make loop logic more obvious. Call finishing operation after the loop, not inside. Michael (This used to be commit 47c8b3391cb1bb9656f93b55f9ea39c78b74ed36) --- source3/libnet/libnet_dssync.c | 147 ++++++++++++++++++----------------------- 1 file changed, 64 insertions(+), 83 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index b93f906de2..11ebf2ae3b 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -479,6 +479,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob *pnew_utdv = NULL; int32_t out_level = 0; int y; + bool last_query; const char *dn; status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); @@ -512,13 +513,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (!ctx->single) { - pnew_utdv = &new_utdv; - } - - for (y=0; ;y++) { - - bool last_query = true; + for (y=0, last_query = false; !last_query; y++) { + struct drsuapi_DsReplicaObjectListItemEx *first_object; + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr; if (level == 8) { DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, @@ -555,14 +552,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } else if (level_out == 2) { out_level = 1; ctr1 = ctr.ctr2.ctr.mszip1.ctr1; - } - - status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to get Session Key: %s", - nt_errstr(status)); - return status; + } else if (level_out == 6) { + out_level = 6; + ctr6 = &ctr.ctr6; + } else if (level_out == 7 + && ctr.ctr7.level == 6 + && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) { + out_level = 6; + ctr6 = ctr.ctr7.ctr.mszip6.ctr6; } if (out_level == 1) { @@ -570,96 +567,80 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, (long long)ctr1->new_highwatermark.tmp_highest_usn, (long long)ctr1->new_highwatermark.highest_usn)); - libnet_dssync_decrypt_attributes(mem_ctx, - &ctx->session_key, - ctr1->first_object); + first_object = ctr1->first_object; + mapping_ctr = &ctr1->mapping_ctr; if (ctr1->more_data) { req.req5.highwatermark = ctr1->new_highwatermark; - last_query = false; - } - - if (ctx->ops->process_objects) { - status = ctx->ops->process_objects(ctx, mem_ctx, - ctr1->first_object, - &ctr1->mapping_ctr); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to call processing function: %s", - nt_errstr(status)); - goto out; + } else { + last_query = true; + ZERO_STRUCT(new_utdv); + new_utdv.version = 1; + if (ctr1->uptodateness_vector) { + new_utdv.ctr.ctr1.count = + ctr1->uptodateness_vector->count; + new_utdv.ctr.ctr1.cursors = + ctr1->uptodateness_vector->cursors; } } - - if (!last_query) { - continue; - } - - ZERO_STRUCT(new_utdv); - new_utdv.version = 1; - if (ctr1->uptodateness_vector) { - new_utdv.ctr.ctr1.count = ctr1->uptodateness_vector->count; - new_utdv.ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors; - } - } - - if (level_out == 6) { - out_level = 6; - ctr6 = &ctr.ctr6; - } else if (level_out == 7 - && ctr.ctr7.level == 6 - && ctr.ctr7.type == DRSUAPI_COMPRESSION_TYPE_MSZIP) { - out_level = 6; - ctr6 = ctr.ctr7.ctr.mszip6.ctr6; - } - - if (out_level == 6) { + } else if (out_level == 6) { DEBUG(1,("end[%d] tmp_highest_usn: %llu , highest_usn: %llu\n",y, (long long)ctr6->new_highwatermark.tmp_highest_usn, (long long)ctr6->new_highwatermark.highest_usn)); - libnet_dssync_decrypt_attributes(mem_ctx, - &ctx->session_key, - ctr6->first_object); + first_object = ctr6->first_object; + mapping_ctr = &ctr6->mapping_ctr; if (ctr6->more_data) { req.req8.highwatermark = ctr6->new_highwatermark; - last_query = false; - } - - if (ctx->ops->process_objects) { - status = ctx->ops->process_objects(ctx, mem_ctx, - ctr6->first_object, - &ctr6->mapping_ctr); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to call processing function: %s", - nt_errstr(status)); - goto out; + } else { + last_query = true; + ZERO_STRUCT(new_utdv); + new_utdv.version = 2; + if (ctr6->uptodateness_vector) { + new_utdv.ctr.ctr2.count = + ctr6->uptodateness_vector->count; + new_utdv.ctr.ctr2.cursors = + ctr6->uptodateness_vector->cursors; } } - - if (!last_query) { - continue; - } - - ZERO_STRUCT(new_utdv); - new_utdv.version = 2; - if (ctr6->uptodateness_vector) { - new_utdv.ctr.ctr2.count = ctr6->uptodateness_vector->count; - new_utdv.ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors; - } } - status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); + status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key); if (!NT_STATUS_IS_OK(status)) { ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to call finishing operation: %s", + "Failed to get Session Key: %s", nt_errstr(status)); goto out; } - break; + libnet_dssync_decrypt_attributes(mem_ctx, + &ctx->session_key, + first_object); + + if (ctx->ops->process_objects) { + status = ctx->ops->process_objects(ctx, mem_ctx, + first_object, + mapping_ctr); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call processing function: %s", + nt_errstr(status)); + goto out; + } + } + } + + if (!ctx->single) { + pnew_utdv = &new_utdv; + } + + status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call finishing operation: %s", + nt_errstr(status)); + goto out; } out: -- cgit From 0099c4b0c7500ee395802f099fb12db08eee9faf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 12:31:38 +0200 Subject: libnet dssync: fix single object replication by adding one check. Before, this used the old uptodate vector in the request... Michael (This used to be commit 04fb9322d5f52d5cb3d9fe2a95dbfb2481ab7f9d) --- source3/libnet/libnet_dssync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 11ebf2ae3b..068491e6bb 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -392,7 +392,7 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, nc->guid = GUID_zero(); nc->sid = null_sid; - if (!ctx->repl_nodiff && utdv) { + if (!ctx->single && !ctx->repl_nodiff && utdv) { cursors = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaCursorCtrEx); if (!cursors) { -- cgit From 89d817386c8fd1f92f490a844aa198af7fec12cb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 12:32:30 +0200 Subject: libnet dssync: refactor dsgetncchanges loop out into libnet_dssync_getncchanges(). Michael (This used to be commit 93cda1aa0a627e81eff46547b247801aec2880a3) --- source3/libnet/libnet_dssync.c | 139 ++++++++++++++++++++++++----------------- 1 file changed, 80 insertions(+), 59 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 068491e6bb..c829757a3d 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -461,56 +461,29 @@ fail: return status; } -static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, - struct dssync_context *ctx) +static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx, + int32_t level, + union drsuapi_DsGetNCChangesRequest *req, + struct replUpToDateVectorBlob **pnew_utdv) { NTSTATUS status; WERROR werr; - - int32_t level; - int32_t level_out = 0; - union drsuapi_DsGetNCChangesRequest req; union drsuapi_DsGetNCChangesCtr ctr; - struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL; struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL; - struct replUpToDateVectorBlob *old_utdv = NULL; - struct replUpToDateVectorBlob new_utdv; - struct replUpToDateVectorBlob *pnew_utdv = NULL; + struct replUpToDateVectorBlob *new_utdv = NULL; + int32_t level_out = 0; int32_t out_level = 0; int y; bool last_query; - const char *dn; - - status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to call startup operation: %s", - nt_errstr(status)); - goto out; - } - - if (ctx->remote_info28.supported_extensions - & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) - { - level = 8; - } else { - level = 5; - } - - if (ctx->single && ctx->object_dn) { - dn = ctx->object_dn; - } else { - dn = ctx->nc_dn; - } - status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, level, - &req); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to build DsGetNCChanges request: %s", - nt_errstr(status)); - goto out; + if (!ctx->single) { + new_utdv = TALLOC_ZERO_P(mem_ctx, struct replUpToDateVectorBlob); + if (!new_utdv) { + status = NT_STATUS_NO_MEMORY; + goto out; + } } for (y=0, last_query = false; !last_query; y++) { @@ -519,18 +492,18 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, if (level == 8) { DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, - (long long)req.req8.highwatermark.tmp_highest_usn, - (long long)req.req8.highwatermark.highest_usn)); + (long long)req->req8.highwatermark.tmp_highest_usn, + (long long)req->req8.highwatermark.highest_usn)); } else if (level == 5) { DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, - (long long)req.req5.highwatermark.tmp_highest_usn, - (long long)req.req5.highwatermark.highest_usn)); + (long long)req->req5.highwatermark.tmp_highest_usn, + (long long)req->req5.highwatermark.highest_usn)); } status = rpccli_drsuapi_DsGetNCChanges(ctx->cli, mem_ctx, &ctx->bind_handle, level, - &req, + req, &level_out, &ctr, &werr); @@ -571,15 +544,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, mapping_ctr = &ctr1->mapping_ctr; if (ctr1->more_data) { - req.req5.highwatermark = ctr1->new_highwatermark; + req->req5.highwatermark = ctr1->new_highwatermark; } else { last_query = true; - ZERO_STRUCT(new_utdv); - new_utdv.version = 1; - if (ctr1->uptodateness_vector) { - new_utdv.ctr.ctr1.count = + if (ctr1->uptodateness_vector && !ctx->single) { + new_utdv->version = 1; + new_utdv->ctr.ctr1.count = ctr1->uptodateness_vector->count; - new_utdv.ctr.ctr1.cursors = + new_utdv->ctr.ctr1.cursors = ctr1->uptodateness_vector->cursors; } } @@ -592,15 +564,14 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, mapping_ctr = &ctr6->mapping_ctr; if (ctr6->more_data) { - req.req8.highwatermark = ctr6->new_highwatermark; + req->req8.highwatermark = ctr6->new_highwatermark; } else { last_query = true; - ZERO_STRUCT(new_utdv); - new_utdv.version = 2; - if (ctr6->uptodateness_vector) { - new_utdv.ctr.ctr2.count = + if (ctr6->uptodateness_vector && !ctx->single) { + new_utdv->version = 2; + new_utdv->ctr.ctr2.count = ctr6->uptodateness_vector->count; - new_utdv.ctr.ctr2.cursors = + new_utdv->ctr.ctr2.cursors = ctr6->uptodateness_vector->cursors; } } @@ -631,8 +602,58 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, } } - if (!ctx->single) { - pnew_utdv = &new_utdv; + *pnew_utdv = new_utdv; + +out: + return status; +} + +static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, + struct dssync_context *ctx) +{ + NTSTATUS status; + + int32_t level; + union drsuapi_DsGetNCChangesRequest req; + struct replUpToDateVectorBlob *old_utdv = NULL; + struct replUpToDateVectorBlob *pnew_utdv = NULL; + const char *dn; + + status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call startup operation: %s", + nt_errstr(status)); + goto out; + } + + if (ctx->remote_info28.supported_extensions + & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) + { + level = 8; + } else { + level = 5; + } + + if (ctx->single && ctx->object_dn) { + dn = ctx->object_dn; + } else { + dn = ctx->nc_dn; + } + + status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, level, + &req); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } + + status = libnet_dssync_getncchanges(mem_ctx, ctx, level, &req, + &pnew_utdv); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call DsGetNCCHanges: %s", + nt_errstr(status)); + goto out; } status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); -- cgit From ab5a6712b6cc83716ad73d99d3235ecafa8d5717 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 12:35:45 +0200 Subject: libnet dssync: move determination of request level into build_request() ...where it belongs. Michael (This used to be commit 012b33f1c52df086e4f20e7494248d98fbced76a) --- source3/libnet/libnet_dssync.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index c829757a3d..f8e31e87a6 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -363,11 +363,12 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, struct dssync_context *ctx, const char *dn, struct replUpToDateVectorBlob *utdv, - int32_t level, + int32_t *plevel, union drsuapi_DsGetNCChangesRequest *preq) { NTSTATUS status; uint32_t count; + int32_t level; union drsuapi_DsGetNCChangesRequest req; struct dom_sid null_sid; enum drsuapi_DsExtendedOperation extended_op; @@ -383,6 +384,14 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, ZERO_STRUCT(null_sid); ZERO_STRUCT(req); + if (ctx->remote_info28.supported_extensions + & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) + { + level = 8; + } else { + level = 5; + } + nc = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaObjectIdentifier); if (!nc) { status = NT_STATUS_NO_MEMORY; @@ -449,6 +458,10 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, goto fail; } + if (plevel) { + *plevel = level; + } + if (preq) { *preq = req; } @@ -627,21 +640,13 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (ctx->remote_info28.supported_extensions - & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) - { - level = 8; - } else { - level = 5; - } - if (ctx->single && ctx->object_dn) { dn = ctx->object_dn; } else { dn = ctx->nc_dn; } - status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, level, + status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, &level, &req); if (!NT_STATUS_IS_OK(status)) { goto out; -- cgit From f060b744efe6af1ad1a21e9e155b30eab502f81a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 13:02:36 +0200 Subject: libnet dssync: support lists of dns (instead of one dn) for single object replication. Just specify several DNs separated by spaces on the command line of "net rpc vampire keytab" to get the passwords for each of these accouns via single object replication. Michael (This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5) --- source3/libnet/libnet_dssync.c | 40 ++++++++++++++++++++++++---------------- source3/libnet/libnet_dssync.h | 3 ++- 2 files changed, 26 insertions(+), 17 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index f8e31e87a6..f3b2363824 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -630,7 +630,9 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, union drsuapi_DsGetNCChangesRequest req; struct replUpToDateVectorBlob *old_utdv = NULL; struct replUpToDateVectorBlob *pnew_utdv = NULL; - const char *dn; + const char **dns; + uint32_t dn_count; + uint32_t count; status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); if (!NT_STATUS_IS_OK(status)) { @@ -640,25 +642,31 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (ctx->single && ctx->object_dn) { - dn = ctx->object_dn; + if (ctx->single && ctx->object_dns) { + dns = ctx->object_dns; + dn_count = ctx->object_count; } else { - dn = ctx->nc_dn; + dns = &ctx->nc_dn; + dn_count = 1; } - status = libnet_dssync_build_request(mem_ctx, ctx, dn, old_utdv, &level, - &req); - if (!NT_STATUS_IS_OK(status)) { - goto out; - } + for (count=0; count < dn_count; count++) { + status = libnet_dssync_build_request(mem_ctx, ctx, + dns[count], + old_utdv, &level, + &req); + if (!NT_STATUS_IS_OK(status)) { + goto out; + } - status = libnet_dssync_getncchanges(mem_ctx, ctx, level, &req, - &pnew_utdv); - if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to call DsGetNCCHanges: %s", - nt_errstr(status)); - goto out; + status = libnet_dssync_getncchanges(mem_ctx, ctx, level, &req, + &pnew_utdv); + if (!NT_STATUS_IS_OK(status)) { + ctx->error_message = talloc_asprintf(mem_ctx, + "Failed to call DsGetNCCHanges: %s", + nt_errstr(status)); + goto out; + } } status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 7869b1620a..56de46ff34 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -37,7 +37,8 @@ struct dssync_context { const char *nc_dn; bool single; bool repl_nodiff; - const char *object_dn; + uint32_t object_count; + const char **object_dns; struct policy_handle bind_handle; DATA_BLOB session_key; const char *output_filename; -- cgit From 072bd871946134b3c5e57809b4831ed6fe5586b2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 17:44:22 +0200 Subject: libnet dssync: rename repl_nodiff flag to force_full_replication. Michael (This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914) --- source3/libnet/libnet_dssync.c | 2 +- source3/libnet/libnet_dssync.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index f3b2363824..8f13cc8e24 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -401,7 +401,7 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, nc->guid = GUID_zero(); nc->sid = null_sid; - if (!ctx->single && !ctx->repl_nodiff && utdv) { + if (!ctx->single && !ctx->force_full_replication && utdv) { cursors = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaCursorCtrEx); if (!cursors) { diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 56de46ff34..064763d589 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -36,7 +36,7 @@ struct dssync_context { struct rpc_pipe_client *cli; const char *nc_dn; bool single; - bool repl_nodiff; + bool force_full_replication; uint32_t object_count; const char **object_dns; struct policy_handle bind_handle; -- cgit From 9d12511e45a48eae0064c35501402aa0572261d7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 17:53:28 +0200 Subject: libnet dssync: rename flag single to single_object_replication So that it is more obvious what this controls. Michael (This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d) --- source3/libnet/libnet_dssync.c | 18 ++++++++++++------ source3/libnet/libnet_dssync.h | 2 +- 2 files changed, 13 insertions(+), 7 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 8f13cc8e24..f1a98f67d3 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -401,7 +401,9 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, nc->guid = GUID_zero(); nc->sid = null_sid; - if (!ctx->single && !ctx->force_full_replication && utdv) { + if (!ctx->single_object_replication && + !ctx->force_full_replication && utdv) + { cursors = TALLOC_ZERO_P(mem_ctx, struct drsuapi_DsReplicaCursorCtrEx); if (!cursors) { @@ -433,7 +435,7 @@ static NTSTATUS libnet_dssync_build_request(TALLOC_CTX *mem_ctx, } } - if (ctx->single) { + if (ctx->single_object_replication) { extended_op = DRSUAPI_EXOP_REPL_OBJ; } else { extended_op = DRSUAPI_EXOP_NONE; @@ -491,7 +493,7 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, int y; bool last_query; - if (!ctx->single) { + if (!ctx->single_object_replication) { new_utdv = TALLOC_ZERO_P(mem_ctx, struct replUpToDateVectorBlob); if (!new_utdv) { status = NT_STATUS_NO_MEMORY; @@ -560,7 +562,9 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, req->req5.highwatermark = ctr1->new_highwatermark; } else { last_query = true; - if (ctr1->uptodateness_vector && !ctx->single) { + if (ctr1->uptodateness_vector && + !ctx->single_object_replication) + { new_utdv->version = 1; new_utdv->ctr.ctr1.count = ctr1->uptodateness_vector->count; @@ -580,7 +584,9 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, req->req8.highwatermark = ctr6->new_highwatermark; } else { last_query = true; - if (ctr6->uptodateness_vector && !ctx->single) { + if (ctr6->uptodateness_vector && + !ctx->single_object_replication) + { new_utdv->version = 2; new_utdv->ctr.ctr2.count = ctr6->uptodateness_vector->count; @@ -642,7 +648,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, goto out; } - if (ctx->single && ctx->object_dns) { + if (ctx->single_object_replication && ctx->object_dns) { dns = ctx->object_dns; dn_count = ctx->object_count; } else { diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 064763d589..c9804fb953 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -35,7 +35,7 @@ struct dssync_context { const char *dns_domain_name; struct rpc_pipe_client *cli; const char *nc_dn; - bool single; + bool single_object_replication; bool force_full_replication; uint32_t object_count; const char **object_dns; -- cgit From 982759357f8bd9b4c261f342108f106ead2d5a25 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 31 Jul 2008 12:25:06 +0200 Subject: dssync keytab: support storing kerberos keys from supplemental credentials. Michael (This used to be commit 50b1673289f5c147bdb4953f3511a7afe783758c) --- source3/libnet/libnet_dssync_keytab.c | 186 ++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index db98f63d1b..d74ee3dbdb 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -159,6 +159,106 @@ done: /**************************************************************** ****************************************************************/ +static NTSTATUS parse_supplemental_credentials(TALLOC_CTX *mem_ctx, + const DATA_BLOB *blob, + struct package_PrimaryKerberosCtr3 **pkb3, + struct package_PrimaryKerberosCtr4 **pkb4) +{ + NTSTATUS status; + enum ndr_err_code ndr_err; + struct supplementalCredentialsBlob scb; + struct supplementalCredentialsPackage *scpk = NULL; + DATA_BLOB scpk_blob; + struct package_PrimaryKerberosBlob *pkb; + bool newer_keys = false; + uint32_t j; + + ndr_err = ndr_pull_struct_blob_all(blob, mem_ctx, &scb, + (ndr_pull_flags_fn_t)ndr_pull_supplementalCredentialsBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + goto done; + } + if (scb.sub.signature != + SUPPLEMENTAL_CREDENTIALS_SIGNATURE) + { + if (DEBUGLEVEL >= 10) { + NDR_PRINT_DEBUG(supplementalCredentialsBlob, &scb); + } + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + for (j=0; j < scb.sub.num_packages; j++) { + if (strcmp("Primary:Kerberos-Newer-Keys", + scb.sub.packages[j].name) == 0) + { + scpk = &scb.sub.packages[j]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + continue; + } + newer_keys = true; + break; + } else if (strcmp("Primary:Kerberos", + scb.sub.packages[j].name) == 0) + { + /* + * grab this but don't break here: + * there might still be newer-keys ... + */ + scpk = &scb.sub.packages[j]; + if (!scpk->data || !scpk->data[0]) { + scpk = NULL; + } + } + } + + if (!scpk) { + /* no data */ + status = NT_STATUS_OK; + goto done; + } + + scpk_blob = strhex_to_data_blob(mem_ctx, scpk->data); + if (!scpk_blob.data) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + + pkb = TALLOC_ZERO_P(mem_ctx, struct package_PrimaryKerberosBlob); + if (!pkb) { + status = NT_STATUS_NO_MEMORY; + goto done; + } + ndr_err = ndr_pull_struct_blob(&scpk_blob, mem_ctx, pkb, + (ndr_pull_flags_fn_t)ndr_pull_package_PrimaryKerberosBlob); + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + status = ndr_map_error2ntstatus(ndr_err); + goto done; + } + + if (!newer_keys && pkb->version != 3) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + if (newer_keys && pkb->version != 4) { + status = NT_STATUS_INVALID_PARAMETER; + goto done; + } + + if (pkb->version == 4 && pkb4) { + *pkb4 = &pkb->ctr.ctr4; + } else if (pkb->version == 3 && pkb3) { + *pkb3 = &pkb->ctr.ctr3; + } + + status = NT_STATUS_OK; + +done: + return status; +} + static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, struct libnet_keytab_context *ctx, struct drsuapi_DsReplicaObjectListItemEx *cur) @@ -170,6 +270,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, struct drsuapi_DsReplicaAttribute *attr; bool got_pwd = false; + struct package_PrimaryKerberosCtr3 *pkb3 = NULL; + struct package_PrimaryKerberosCtr4 *pkb4 = NULL; + char *object_dn = NULL; char *upn = NULL; char **spn = NULL; @@ -260,6 +363,17 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, case DRSUAPI_ATTRIBUTE_userAccountControl: uacc = IVAL(blob->data, 0); break; + case DRSUAPI_ATTRIBUTE_supplementalCredentials: + status = parse_supplemental_credentials(mem_ctx, + blob, + &pkb3, + &pkb4); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(2, ("parsing of supplemental " + "credentials failed: %s\n", + nt_errstr(status))); + } + break; default: break; } @@ -342,6 +456,78 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, return status; } + /* add kerberos keys (if any) */ + + if (pkb4) { + for (i=0; i < pkb4->num_keys; i++) { + if (!pkb4->keys[i].value) { + continue; + } + status = add_to_keytab_entries(mem_ctx, ctx, kvno, + name, + NULL, + pkb4->keys[i].keytype, + *pkb4->keys[i].value); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + for (i=0; i < pkb4->num_old_keys; i++) { + if (!pkb4->old_keys[i].value) { + continue; + } + status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb4->old_keys[i].keytype, + *pkb4->old_keys[i].value); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + for (i=0; i < pkb4->num_older_keys; i++) { + if (!pkb4->older_keys[i].value) { + continue; + } + status = add_to_keytab_entries(mem_ctx, ctx, kvno - 2, + name, + NULL, + pkb4->older_keys[i].keytype, + *pkb4->older_keys[i].value); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + } + + if (pkb3) { + for (i=0; i < pkb3->num_keys; i++) { + if (!pkb3->keys[i].value) { + continue; + } + status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, + NULL, + pkb3->keys[i].keytype, + *pkb3->keys[i].value); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + for (i=0; i < pkb3->num_old_keys; i++) { + if (!pkb3->old_keys[i].value) { + continue; + } + status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb3->old_keys[i].keytype, + *pkb3->old_keys[i].value); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + } + if ((kvno < 0) && (kvno < pwd_history_len)) { return status; } -- cgit From efd89b46d6a66e4a4d17e7cdc400e9e3890b7970 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 31 Jul 2008 22:53:41 +0200 Subject: dssync keytab: when not in single object replication mode, use object dn list as write filter. I.e. only the passwords and keys of those objects whose dns are provided are written to the keytab file. Others are skippded. Michael (This used to be commit a013f926ae5aadf64e02ef9254306e32aea79e80) --- source3/libnet/libnet_dssync_keytab.c | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index d74ee3dbdb..2558e1d801 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -554,6 +554,24 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, return status; } +static bool dn_is_in_object_list(struct dssync_context *ctx, + const char *dn) +{ + uint32_t count; + + if (ctx->object_count == 0) { + return true; + } + + for (count = 0; count < ctx->object_count; count++) { + if (strequal(ctx->object_dns[count], dn)) { + return true; + } + } + + return false; +} + /**************************************************************** ****************************************************************/ @@ -567,6 +585,16 @@ static NTSTATUS keytab_process_objects(struct dssync_context *ctx, (struct libnet_keytab_context *)ctx->private_data; for (; cur; cur = cur->next_object) { + /* + * When not in single object replication mode, + * the object_dn list is used as a positive write filter. + */ + if (!ctx->single_object_replication && + !dn_is_in_object_list(ctx, cur->object.identifier->dn)) + { + continue; + } + status = parse_object(mem_ctx, keytab_ctx, cur); if (!NT_STATUS_IS_OK(status)) { goto out; -- cgit From 134d8319c92436efa2e581e62d5ad4e8e1ef1d18 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 31 Jul 2008 23:15:35 +0200 Subject: libnet keytab: use proper counter type (uint32_t) in libnet_keytab_add(). Michael (This used to be commit d0bd9195f04ae0f45c2e571d31625b31347f13e9) --- source3/libnet/libnet_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index b427e879c3..230a4a21f8 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -261,7 +261,7 @@ done: krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) { krb5_error_code ret = 0; - int i; + uint32_t i; for (i=0; icount; i++) { -- cgit From 18573c3e1fba45cd5f8ae3f3e2634d2a1efdf3e3 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:03:10 +0200 Subject: libnet keytab: add flag clean_old_entries to libnet_keytab_context. Michael (This used to be commit f40eb8cc20a297c57f6db22e0c2457ce7425d00c) --- source3/libnet/libnet_keytab.c | 1 + source3/libnet/libnet_keytab.h | 1 + 2 files changed, 2 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 230a4a21f8..ffff0f59ab 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -96,6 +96,7 @@ krb5_error_code libnet_keytab_init(TALLOC_CTX *mem_ctx, r->context = context; r->keytab = keytab; r->keytab_name = keytab_string; + r->clean_old_entries = false; *ctx = r; diff --git a/source3/libnet/libnet_keytab.h b/source3/libnet/libnet_keytab.h index 54b0c0017f..4d311a48e0 100644 --- a/source3/libnet/libnet_keytab.h +++ b/source3/libnet/libnet_keytab.h @@ -36,6 +36,7 @@ struct libnet_keytab_context { uint8_t zero_buf[16]; uint32_t count; struct libnet_keytab_entry *entries; + bool clean_old_entries; }; #endif /* HAVE_KRB5 */ -- cgit From 8876d793110262625adefe91efdd835119979e5e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:05:42 +0200 Subject: libnet keytab: add parameter ingnore_kvno to libnet_keytab_remove_entries() to allow for removing all entries with given principal and enctype without repecting the kvno (i.e. cleaning "old" entries...) This is called with ignore_kvno == false from libnet_keytab_add_entry() to keep the original behaviour. Michael (This used to be commit 6047f7b68548b33a2c132fc4333355a2c6abb19a) --- source3/libnet/libnet_keytab.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index ffff0f59ab..87d83fc46e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -113,7 +113,8 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, krb5_keytab keytab, const char *principal, int kvno, - const krb5_enctype enctype) + const krb5_enctype enctype, + bool ignore_kvno) { krb5_error_code ret; krb5_kt_cursor cursor; @@ -131,7 +132,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, { char *princ_s = NULL; - if (kt_entry.vno != kvno) { + if (kt_entry.vno != kvno && !ignore_kvno) { goto cont; } @@ -210,7 +211,7 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, /* remove duplicates first ... */ ret = libnet_keytab_remove_entries(context, keytab, princ_s, kvno, - enctype); + enctype, false); if (ret) { DEBUG(1, ("libnet_keytab_remove_entries failed: %s\n", error_message(ret))); -- cgit From 52fee9c87ac26fe2bcf4b4795b2c380cf7543c0f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:07:40 +0200 Subject: libnet keytab: implement cleaning of old entries in libnet_keytab_add(). Triggered by the flag clean_old_entries from the libnet_keytab_contex (unused yet...). Michael (This used to be commit a5f4e3ad95c26064881918f3866efa7556055a8f) --- source3/libnet/libnet_keytab.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 87d83fc46e..23eedafe2b 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -265,6 +265,28 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) krb5_error_code ret = 0; uint32_t i; + + if (ctx->clean_old_entries) { + DEBUG(0, ("cleaning old entries...\n")); + for (i=0; i < ctx->count; i++) { + struct libnet_keytab_entry *entry = &ctx->entries[i]; + + ret = libnet_keytab_remove_entries(ctx->context, + ctx->keytab, + entry->principal, + 0, + entry->enctype, + true); + if (ret) { + DEBUG(1,("libnet_keytab_add: Failed to remove " + "old entries for %s (enctype %u): %s\n", + entry->principal, entry->enctype, + error_message(ret))); + return ret; + } + } + } + for (i=0; icount; i++) { struct libnet_keytab_entry *entry = &ctx->entries[i]; -- cgit From 10225fbef737217d3e1b88bdfcbf4e62dff3cadd Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:09:28 +0200 Subject: dssync: add clean_old_entries flag to dssync_ctx. Initialize it to false. And pass it down to the libnet_keytab context in libnet_dssync_keytab.c:keytab_startup(). Unused yet. Michael Note: This might not be not 100% clean design to put this into the toplevel dssync context while it is keytab specific. But then, on the other hand, other imaginable backends might want to use this flag, too... (This used to be commit 12e884f227e240860e49f9e41d8c1f45e10ad3be) --- source3/libnet/libnet_dssync.c | 1 + source3/libnet/libnet_dssync.h | 1 + source3/libnet/libnet_dssync_keytab.c | 1 + 3 files changed, 3 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index f1a98f67d3..92000b432b 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -50,6 +50,7 @@ NTSTATUS libnet_dssync_init_context(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(ctx); talloc_set_destructor(ctx, libnet_dssync_free_context); + ctx->clean_old_entries = false; *ctx_p = ctx; diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index c9804fb953..5373fbc8dd 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -37,6 +37,7 @@ struct dssync_context { const char *nc_dn; bool single_object_replication; bool force_full_replication; + bool clean_old_entries; uint32_t object_count; const char **object_dns; struct policy_handle bind_handle; diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 2558e1d801..51156cbdba 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -67,6 +67,7 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, } keytab_ctx->dns_domain_name = ctx->dns_domain_name; + keytab_ctx->clean_old_entries = ctx->clean_old_entries; ctx->private_data = keytab_ctx; principal = talloc_asprintf(mem_ctx, "UTDV/%s@%s", -- cgit From a5d4b540e27bc716efa2f72a6013ab841eeca140 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 14:26:46 +0200 Subject: libnet dssync: add my C after dssync keytab changes. Michael (This used to be commit 9391aec8d4600c685b14d3cd1624f8758f2cc80d) --- source3/libnet/libnet_dssync.c | 1 + source3/libnet/libnet_dssync.h | 1 + source3/libnet/libnet_dssync_keytab.c | 1 + source3/libnet/libnet_keytab.c | 1 + 4 files changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 92000b432b..e03a6023c9 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -3,6 +3,7 @@ Copyright (C) Stefan (metze) Metzmacher 2005 Copyright (C) Guenther Deschner 2008 + Copyright (C) Michael Adam 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/libnet/libnet_dssync.h b/source3/libnet/libnet_dssync.h index 5373fbc8dd..a5a00742c5 100644 --- a/source3/libnet/libnet_dssync.h +++ b/source3/libnet/libnet_dssync.h @@ -2,6 +2,7 @@ * Unix SMB/CIFS implementation. * libnet Support * Copyright (C) Guenther Deschner 2008 + * Copyright (C) Michael Adam 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 51156cbdba..e40e353088 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -2,6 +2,7 @@ Unix SMB/CIFS implementation. Copyright (C) Guenther Deschner 2008 + Copyright (C) Michael Adam 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 23eedafe2b..08951c553e 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -3,6 +3,7 @@ dump the remote SAM using rpc samsync operations Copyright (C) Guenther Deschner 2008. + Copyright (C) Michael Adam 2008 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 4c6e9662b8360692f8ee8c36287ec8aa0b9d831a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 17:09:08 +0200 Subject: dssync keytab: add comment header explaining add_to_keytab_entries(). Michael (This used to be commit 1072bd9f96ff3853e5ff58239123fc8c76a99063) --- source3/libnet/libnet_dssync_keytab.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index e40e353088..71fc7147df 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -24,6 +24,10 @@ #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) +/** + * Internal helper function to add data to the list + * of keytab entries. It builds the prefix from the input. + */ static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, struct libnet_keytab_context *ctx, uint32_t kvno, -- cgit From 84ee630ee973189ca9f2ce2afe4987998aaeccc7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 17:10:59 +0200 Subject: libnet dssync: fix memory allocation for error/result messages. Use the libnet_dssync_context as a talloc context for the result_message and error_message string members. Using the passed in mem_ctx makes the implicit assumption that mem_ctx is at least as long-lived as the libnet_dssync_context, which is wrong. Michael (This used to be commit 635baf6b7d2a1822ceb48aa4bc47569ef19d51cc) --- source3/libnet/libnet_dssync.c | 14 +++++++------- source3/libnet/libnet_dssync_keytab.c | 8 ++++---- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index e03a6023c9..3641505d99 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -308,7 +308,7 @@ static NTSTATUS libnet_dssync_lookup_nc(TALLOC_CTX *mem_ctx, &ctr, &werr); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to lookup DN for domain name: %s", get_friendly_werror_msg(werr)); return status; @@ -525,7 +525,7 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, &ctr, &werr); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to get NC Changes: %s", get_friendly_werror_msg(werr)); goto out; @@ -600,7 +600,7 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, status = cli_get_session_key(mem_ctx, ctx->cli, &ctx->session_key); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to get Session Key: %s", nt_errstr(status)); goto out; @@ -615,7 +615,7 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, first_object, mapping_ctr); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to call processing function: %s", nt_errstr(status)); goto out; @@ -644,7 +644,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, status = ctx->ops->startup(ctx, mem_ctx, &old_utdv); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to call startup operation: %s", nt_errstr(status)); goto out; @@ -670,7 +670,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, status = libnet_dssync_getncchanges(mem_ctx, ctx, level, &req, &pnew_utdv); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to call DsGetNCCHanges: %s", nt_errstr(status)); goto out; @@ -679,7 +679,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, status = ctx->ops->finish(ctx, mem_ctx, pnew_utdv); if (!NT_STATUS_IS_OK(status)) { - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to call finishing operation: %s", nt_errstr(status)); goto out; diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 71fc7147df..6ba2c3aa41 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -90,7 +90,7 @@ static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, (ndr_pull_flags_fn_t)ndr_pull_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { NTSTATUS status = ndr_map_error2ntstatus(ndr_err); - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to pull UpToDateVector: %s", nt_errstr(status)); return status; @@ -128,7 +128,7 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, (ndr_push_flags_fn_t)ndr_push_replUpToDateVectorBlob); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { status = ndr_map_error2ntstatus(ndr_err); - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to push UpToDateVector: %s", nt_errstr(status)); goto done; @@ -146,13 +146,13 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, ret = libnet_keytab_add(keytab_ctx); if (ret) { status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, + ctx->error_message = talloc_asprintf(ctx, "Failed to add entries to keytab %s: %s", keytab_ctx->keytab_name, error_message(ret)); goto done; } - ctx->result_message = talloc_asprintf(mem_ctx, + ctx->result_message = talloc_asprintf(ctx, "Vampired %d accounts to keytab %s", keytab_ctx->count, keytab_ctx->keytab_name); -- cgit From 87c7496761f2f165df5fafcf860c3d3f8285cee8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 17:13:42 +0200 Subject: libnet dssync: start memory allocation cleanup: use tmp ctx in libnet_dssync(). Don't leak temporary data to callers but use a temporary context that is freed at the end. Michael (This used to be commit 2d98ad57f56ddd4318bc721929a3ca9ede189a25) --- source3/libnet/libnet_dssync.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 3641505d99..684a2cc63b 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -696,18 +696,25 @@ NTSTATUS libnet_dssync(TALLOC_CTX *mem_ctx, struct dssync_context *ctx) { NTSTATUS status; + TALLOC_CTX *tmp_ctx; - status = libnet_dssync_init(mem_ctx, ctx); + tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) { + return NT_STATUS_NO_MEMORY; + } + + status = libnet_dssync_init(tmp_ctx, ctx); if (!NT_STATUS_IS_OK(status)) { goto out; } - status = libnet_dssync_process(mem_ctx, ctx); + status = libnet_dssync_process(tmp_ctx, ctx); if (!NT_STATUS_IS_OK(status)) { goto out; } out: + TALLOC_FREE(tmp_ctx); return status; } -- cgit From d8ae40aa3c565d8e0aa5acfe3f9e58434ce74684 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 4 Aug 2008 14:28:02 +0200 Subject: libnet_keytab: fix the build with heimdal metze (This used to be commit ba18af00cc79a4e92372d3c1151061f200bc0655) --- source3/libnet/libnet_keytab.c | 44 ++++++++++++++++++++++++++++++++++++------ 1 file changed, 38 insertions(+), 6 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 08951c553e..836cf6ed23 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -24,6 +24,16 @@ #ifdef HAVE_KRB5 +#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ +#define KRB5_KEY_TYPE(k) ((k)->keytype) +#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) +#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) +#else /* MIT */ +#define KRB5_KEY_TYPE(k) ((k)->enctype) +#define KRB5_KEY_LENGTH(k) ((k)->length) +#define KRB5_KEY_DATA(k) ((k)->contents) +#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ + /**************************************************************** ****************************************************************/ @@ -131,13 +141,24 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, while (krb5_kt_next_entry(context, keytab, &kt_entry, &cursor) == 0) { + krb5_keyblock *keyp; char *princ_s = NULL; if (kt_entry.vno != kvno && !ignore_kvno) { goto cont; } - if (kt_entry.key.enctype != enctype) { +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; } @@ -157,7 +178,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, DEBUG(10, ("found entry for principal %s, kvno %d, " "enctype %d - trying to remove it\n", - princ_s, kt_entry.vno, kt_entry.key.enctype)); + princ_s, kt_entry.vno, KRB5_KEY_TYPE(keyp))); ret = krb5_kt_end_seq_get(context, keytab, &cursor); ZERO_STRUCT(cursor); @@ -176,7 +197,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, } DEBUG(10, ("removed entry for principal %s, kvno %d, " "enctype %d\n", princ_s, kt_entry.vno, - kt_entry.key.enctype)); + KRB5_KEY_TYPE(keyp))); ret = krb5_kt_start_seq_get(context, keytab, &cursor); if (ret) { @@ -335,13 +356,24 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c while (krb5_kt_next_entry(ctx->context, ctx->keytab, &kt_entry, &cursor) == 0) { + krb5_keyblock *keyp; char *princ_s = NULL; if (kt_entry.vno != kvno) { goto cont; } - if (kt_entry.key.enctype != enctype) { +#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) +#error krb5_keytab_entry has no key or keyblock member +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ + keyp = &kt_entry.key; +#endif +#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ + keyp = &kt_entry.keyblock; +#endif + + if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; } @@ -373,8 +405,8 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto fail; } - entry->password = data_blob_talloc(entry, kt_entry.key.contents, - kt_entry.key.length); + entry->password = data_blob_talloc(entry, KRB5_KEY_DATA(keyp), + KRB5_KEY_LENGTH(keyp)); if (!entry->password.data) { DEBUG(3, ("data_blob_talloc failed\n")); goto fail; -- cgit From 3907392459533832ada823e614154951365348ee Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Aug 2008 17:49:19 -0700 Subject: Fix "might be used uninitialized" warnings. Jeremy. (This used to be commit 5abd12eec1c9b6d30af5ec1ba16c0922e78d5bea) --- source3/libnet/libnet_dssync.c | 6 +++--- source3/libnet/libnet_keytab.c | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_dssync.c b/source3/libnet/libnet_dssync.c index 684a2cc63b..bae03effed 100644 --- a/source3/libnet/libnet_dssync.c +++ b/source3/libnet/libnet_dssync.c @@ -504,8 +504,8 @@ static NTSTATUS libnet_dssync_getncchanges(TALLOC_CTX *mem_ctx, } for (y=0, last_query = false; !last_query; y++) { - struct drsuapi_DsReplicaObjectListItemEx *first_object; - struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr; + struct drsuapi_DsReplicaObjectListItemEx *first_object = NULL; + struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr = NULL; if (level == 8) { DEBUG(1,("start[%d] tmp_higest_usn: %llu , highest_usn: %llu\n",y, @@ -634,7 +634,7 @@ static NTSTATUS libnet_dssync_process(TALLOC_CTX *mem_ctx, { NTSTATUS status; - int32_t level; + int32_t level = 0; union drsuapi_DsGetNCChangesRequest req; struct replUpToDateVectorBlob *old_utdv = NULL; struct replUpToDateVectorBlob *pnew_utdv = NULL; diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 836cf6ed23..6447183958 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -314,6 +314,7 @@ krb5_error_code libnet_keytab_add(struct libnet_keytab_context *ctx) struct libnet_keytab_entry *entry = &ctx->entries[i]; krb5_data password; + ZERO_STRUCT(password); password.data = (char *)entry->password.data; password.length = entry->password.length; -- cgit From a0e664ebe701649bf674690a495377d745967081 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 8 Aug 2008 23:03:51 +0200 Subject: libnet samsync ldif: fix the build without LDAP. Michael (This used to be commit 32df05bd1f49f2290ad69f84d5a47207b1469629) --- source3/libnet/libnet_samsync_ldif.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index adcf92832d..cbae22aad3 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -26,6 +26,8 @@ #include "includes.h" #include "libnet/libnet_samsync.h" +#ifdef HAVE_LDAP + /* uid's and gid's for writing deltas to ldif */ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; @@ -1212,3 +1214,16 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, return status; } + +#else /* HAVE_LDAP */ + +NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) +{ + return NT_STATUS_NOT_SUPPORTED; +} + +#endif -- cgit From 5bea31aa3c6a1e66496d6bb596b96977ba01457f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 30 Jul 2008 21:38:21 +0200 Subject: libnetjoin: support kerberized joining/unjoing (fix #5416). Guenther (This used to be commit da6e0f4f375aa533c4c765891c960070478972eb) --- source3/libnet/libnet_join.c | 60 ++++++++++++++++++++++++++++++-------------- 1 file changed, 41 insertions(+), 19 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 2f2c71dfce..b7a15c558b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -641,6 +641,37 @@ static bool libnet_join_joindomain_store_secrets(TALLOC_CTX *mem_ctx, return true; } +/**************************************************************** + Connect dc's IPC$ share +****************************************************************/ + +static NTSTATUS libnet_join_connect_dc_ipc(const char *dc, + const char *user, + const char *pass, + bool use_kerberos, + struct cli_state **cli) +{ + int flags = 0; + + if (use_kerberos) { + flags |= CLI_FULL_CONNECTION_USE_KERBEROS; + } + + if (use_kerberos && pass) { + flags |= CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS; + } + + return cli_full_connection(cli, NULL, + dc, + NULL, 0, + "IPC$", "IPC", + user, + NULL, + pass, + flags, + Undefined, NULL); +} + /**************************************************************** Lookup domain dc's info ****************************************************************/ @@ -654,16 +685,11 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX *mem_ctx, NTSTATUS status = NT_STATUS_UNSUCCESSFUL; union lsa_PolicyInformation *info = NULL; - status = cli_full_connection(cli, NULL, - r->in.dc_name, - NULL, 0, - "IPC$", "IPC", - r->in.admin_account, - NULL, - r->in.admin_password, - 0, - Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + r->in.use_kerberos, + cli); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -1109,15 +1135,11 @@ static NTSTATUS libnet_join_unjoindomain_rpc(TALLOC_CTX *mem_ctx, ZERO_STRUCT(domain_pol); ZERO_STRUCT(user_pol); - status = cli_full_connection(&cli, NULL, - r->in.dc_name, - NULL, 0, - "IPC$", "IPC", - r->in.admin_account, - NULL, - r->in.admin_password, - 0, Undefined, NULL); - + status = libnet_join_connect_dc_ipc(r->in.dc_name, + r->in.admin_account, + r->in.admin_password, + r->in.use_kerberos, + &cli); if (!NT_STATUS_IS_OK(status)) { goto done; } -- cgit From 0380fe9d823d6219441050a9b7298bf039b20742 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 22 Aug 2008 16:08:00 +0200 Subject: kerberos: move the KRB5_KEY* macros to header file. Guenther (This used to be commit c28fa17ffffee3e6fd4897c9c6b4937388a19600) --- source3/libnet/libnet_keytab.c | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index 6447183958..a4555239da 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -24,16 +24,6 @@ #ifdef HAVE_KRB5 -#ifdef HAVE_KRB5_KEYBLOCK_KEYVALUE /* Heimdal */ -#define KRB5_KEY_TYPE(k) ((k)->keytype) -#define KRB5_KEY_LENGTH(k) ((k)->keyvalue.length) -#define KRB5_KEY_DATA(k) ((k)->keyvalue.data) -#else /* MIT */ -#define KRB5_KEY_TYPE(k) ((k)->enctype) -#define KRB5_KEY_LENGTH(k) ((k)->length) -#define KRB5_KEY_DATA(k) ((k)->contents) -#endif /* HAVE_KRB5_KEYBLOCK_KEYVALUE */ - /**************************************************************** ****************************************************************/ -- cgit From bff20e14c38d7139033127182b76aa24e471b581 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 22 Aug 2008 14:58:01 +0200 Subject: kerberos: use KRB5_KT_KEY macro where appropriate. Guenther (This used to be commit a042dffd7121bda3dbc9509f69fcfae06ed4cc22) --- source3/libnet/libnet_keytab.c | 30 +++--------------------------- 1 file changed, 3 insertions(+), 27 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_keytab.c b/source3/libnet/libnet_keytab.c index a4555239da..46c17b219c 100644 --- a/source3/libnet/libnet_keytab.c +++ b/source3/libnet/libnet_keytab.c @@ -138,15 +138,7 @@ static krb5_error_code libnet_keytab_remove_entries(krb5_context context, goto cont; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; @@ -240,15 +232,7 @@ static krb5_error_code libnet_keytab_add_entry(krb5_context context, return ret; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (create_kerberos_key_from_string(context, kt_entry.principal, &password, keyp, enctype, true)) @@ -354,15 +338,7 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c goto cont; } -#if !defined(HAVE_KRB5_KEYTAB_ENTRY_KEY) && !defined(HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK) -#error krb5_keytab_entry has no key or keyblock member -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEY /* MIT */ - keyp = &kt_entry.key; -#endif -#ifdef HAVE_KRB5_KEYTAB_ENTRY_KEYBLOCK /* Heimdal */ - keyp = &kt_entry.keyblock; -#endif + keyp = KRB5_KT_KEY(&kt_entry); if (KRB5_KEY_TYPE(keyp) != enctype) { goto cont; -- cgit From 2d25608a5d5c2e38aba7f45ed96ffb271d25de66 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 29 Aug 2008 17:43:12 +0200 Subject: libnet: fix join by creating keytab after changing the config. Michael (This used to be commit 96d1c780bf9524b929e6026776602a5288aea73d) --- source3/libnet/libnet_join.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b7a15c558b..b34b4872f4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1505,6 +1505,17 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { saf_store(r->in.domain_name, r->in.dc_name); + +#ifdef WITH_ADS + if (r->out.domain_is_ad) { + ADS_STATUS ads_status; + + ads_status = libnet_join_post_processing_ads(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + return WERR_GENERAL_FAILURE; + } + } +#endif /* WITH_ADS */ } libnet_join_add_dom_rids_to_builtins(r->out.domain_sid); @@ -1754,16 +1765,6 @@ static WERROR libnet_DomainJoin(TALLOC_CTX *mem_ctx, goto done; } -#ifdef WITH_ADS - if (r->out.domain_is_ad) { - ads_status = libnet_join_post_processing_ads(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { - werr = WERR_GENERAL_FAILURE; - goto done; - } - } -#endif /* WITH_ADS */ - werr = WERR_OK; done: -- cgit From f9a0b1675e409a63797693f9d189e9728258ce73 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 29 Aug 2008 17:55:28 +0200 Subject: libnet_join: streamline logic of libnet_join_post_processing() Michael (This used to be commit 81cc1af1e699e454fbb1d12636d002f845231006) --- source3/libnet/libnet_join.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) (limited to 'source3/libnet') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index b34b4872f4..a39dee676f 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1503,20 +1503,22 @@ static WERROR libnet_join_post_processing(TALLOC_CTX *mem_ctx, return werr; } - if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE) { - saf_store(r->in.domain_name, r->in.dc_name); + if (!(r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_TYPE)) { + return WERR_OK; + } + + saf_store(r->in.domain_name, r->in.dc_name); #ifdef WITH_ADS - if (r->out.domain_is_ad) { - ADS_STATUS ads_status; + if (r->out.domain_is_ad) { + ADS_STATUS ads_status; - ads_status = libnet_join_post_processing_ads(mem_ctx, r); - if (!ADS_ERR_OK(ads_status)) { - return WERR_GENERAL_FAILURE; - } + ads_status = libnet_join_post_processing_ads(mem_ctx, r); + if (!ADS_ERR_OK(ads_status)) { + return WERR_GENERAL_FAILURE; } -#endif /* WITH_ADS */ } +#endif /* WITH_ADS */ libnet_join_add_dom_rids_to_builtins(r->out.domain_sid); -- cgit