From 2a505d023f95457f63a3975e386b95e8658928f4 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 22 Aug 2002 22:48:54 +0000 Subject: added a 'net rpc samdump' command for dumping the whole sam via samsync operations (as a BDC) (This used to be commit e4cb106d2e3e6a41529369545a7a6ce5fe6d8986) --- source3/utils/net_rpc_samsync.c | 162 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 162 insertions(+) create mode 100644 source3/utils/net_rpc_samsync.c (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c new file mode 100644 index 0000000000..44c3fdb26a --- /dev/null +++ b/source3/utils/net_rpc_samsync.c @@ -0,0 +1,162 @@ +/* + Unix SMB/CIFS implementation. + dump the remote SAM using rpc samsync operations + + Copyright (C) Andrew Tridgell 2002 + Copyright (C) Tim Potter 2001,2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" +#include "../utils/net.h" + +static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) +{ + int i; + d_printf("Group mem %u: ", rid); + for (i=0;inum_members;i++) { + d_printf("%u ", g->rids[i]); + } + d_printf("\n"); +} + +static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) +{ + d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); + d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid); +} + +static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) +{ + int i; + d_printf("Alias rid %u: ", rid); + for (i=0;inum_sids;i++) { + d_printf("%s ", sid_string_static(&a->sids[i].sid)); + } + d_printf("\n"); +} + +static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) +{ + fstring hex_nt_passwd, hex_lm_passwd; + uchar lm_passwd[16], nt_passwd[16]; + + /* Decode hashes from password hash */ + sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); + sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); + + /* Encode as strings */ + smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + + printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), + a->user_rid, hex_lm_passwd, hex_nt_passwd, + smbpasswd_encode_acb_info(a->acb_info)); +} + +static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +{ + switch (hdr_delta->type) { + case SAM_DELTA_ACCOUNT_INFO: + display_account_info(hdr_delta->target_rid, &delta->account_info); + break; + case SAM_DELTA_GROUP_MEM: + display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info); + break; + case SAM_DELTA_ALIAS_INFO: + display_alias_info(hdr_delta->target_rid, &delta->alias_info); + break; + case SAM_DELTA_ALIAS_MEM: + display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); + break; + default: + d_printf("Unknown delta record type %d\n", hdr_delta->type); + break; + } +} + +/* dump sam database via samsync rpc calls */ +int rpc_samdump(int argc, const char **argv) +{ + TALLOC_CTX *mem_ctx = NULL; + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + uint32 num_deltas; + NTSTATUS result; + int i; + unsigned last_rid=0; + DOM_CRED ret_creds; + struct cli_state *cli = NULL; + uchar trust_password[16]; + + /* Connect to remote machine */ + if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { + return 1; + } + + if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { + DEBUG(0,("Error connecting to NETLOGON pipe\n")); + goto fail; + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) { + d_printf("Could not retrieve domain trust secret"); + goto fail; + } + + result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password); + if (!NT_STATUS_IS_OK(result)) { + d_printf("Failed to setup BDC creds\n"); + goto fail; + } + + if (!(mem_ctx = talloc_init())) { + DEBUG(0,("talloc_init failed\n")); + goto fail; + } + + /* on first call the returnAuthenticator is empty */ + memset(&ret_creds, 0, sizeof(ret_creds)); + + /* Do sam synchronisation on the SAM database*/ + do { + result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, SAM_DATABASE_DOMAIN, last_rid+1, + &num_deltas, &hdr_deltas, &deltas); + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds); + last_rid = 0; + for (i = 0; i < num_deltas; i++) { + display_sam_entry(&hdr_deltas[i], &deltas[i]); + last_rid = hdr_deltas[i].target_rid; + if (last_rid == 0) { + break; + } + } + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + cli_nt_session_close(cli); + talloc_destroy(mem_ctx); + + return 0; + +fail: + if (cli) { + cli_nt_session_close(cli); + } + if (mem_ctx) { + talloc_destroy(mem_ctx); + } + return -1; +} -- cgit From d5a4242d8880aca23210d7c2c019eda5b3e52eb3 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 29 Aug 2002 08:00:15 +0000 Subject: show builtin groups in samdump (This used to be commit c1e00f5f160985323f5a9ade42f2ebb2a798b17c) --- source3/utils/net_rpc_samsync.c | 73 ++++++++++++++++++++++------------------- 1 file changed, 40 insertions(+), 33 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 44c3fdb26a..f9afb76875 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -43,7 +43,7 @@ static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) { int i; d_printf("Alias rid %u: ", rid); - for (i=0;inum_sids;i++) { + for (i=0;inum_members;i++) { d_printf("%s ", sid_string_static(&a->sids[i].sid)); } d_printf("\n"); @@ -88,19 +88,49 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) } } -/* dump sam database via samsync rpc calls */ -int rpc_samdump(int argc, const char **argv) + +static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) { - TALLOC_CTX *mem_ctx = NULL; + unsigned last_rid = 0; + NTSTATUS result; + int i; + TALLOC_CTX *mem_ctx; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; + + if (!(mem_ctx = talloc_init())) { + return; + } + + d_printf("Dumping database %u\n", db_type); + + do { + result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1, + &num_deltas, &hdr_deltas, &deltas); + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); + last_rid = 0; + for (i = 0; i < num_deltas; i++) { + display_sam_entry(&hdr_deltas[i], &deltas[i]); + last_rid = hdr_deltas[i].target_rid; + if (last_rid == 0) { + break; + } + } + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + talloc_destroy(mem_ctx); +} + +/* dump sam database via samsync rpc calls */ +int rpc_samdump(int argc, const char **argv) +{ NTSTATUS result; - int i; - unsigned last_rid=0; - DOM_CRED ret_creds; struct cli_state *cli = NULL; uchar trust_password[16]; + DOM_CRED ret_creds; + + ZERO_STRUCT(ret_creds); /* Connect to remote machine */ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { @@ -123,31 +153,11 @@ int rpc_samdump(int argc, const char **argv) goto fail; } - if (!(mem_ctx = talloc_init())) { - DEBUG(0,("talloc_init failed\n")); - goto fail; - } - - /* on first call the returnAuthenticator is empty */ - memset(&ret_creds, 0, sizeof(ret_creds)); - - /* Do sam synchronisation on the SAM database*/ - do { - result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, SAM_DATABASE_DOMAIN, last_rid+1, - &num_deltas, &hdr_deltas, &deltas); - clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), &ret_creds); - last_rid = 0; - for (i = 0; i < num_deltas; i++) { - display_sam_entry(&hdr_deltas[i], &deltas[i]); - last_rid = hdr_deltas[i].target_rid; - if (last_rid == 0) { - break; - } - } - } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); + dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); + dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); cli_nt_session_close(cli); - talloc_destroy(mem_ctx); return 0; @@ -155,8 +165,5 @@ fail: if (cli) { cli_nt_session_close(cli); } - if (mem_ctx) { - talloc_destroy(mem_ctx); - } return -1; } -- cgit From 957d9ab384696738fedf4bab9bd49978d3af75e7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 29 Aug 2002 10:36:05 +0000 Subject: There's more work to be done on samsync. Intermediate commit, now I get all the groups at least. Volker (This used to be commit 23a4f6991e93797afad0043689737a1b20c67f60) --- source3/utils/net_rpc_samsync.c | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index f9afb76875..a41eae40d1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -67,6 +67,17 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) smbpasswd_encode_acb_info(a->acb_info)); } +static void display_domain_info(SAM_DOMAIN_INFO *a) +{ + d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); +} + +static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) +{ + d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name)); + d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid); +} + static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) { switch (hdr_delta->type) { @@ -82,6 +93,12 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) case SAM_DELTA_ALIAS_MEM: display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); break; + case SAM_DELTA_DOMAIN_INFO: + display_domain_info(&delta->domain_info); + break; + case SAM_DELTA_GROUP_INFO: + display_group_info(hdr_delta->target_rid, &delta->group_info); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; @@ -91,7 +108,7 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) { - unsigned last_rid = 0; + unsigned last_rid = -1; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -113,9 +130,6 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret for (i = 0; i < num_deltas; i++) { display_sam_entry(&hdr_deltas[i], &deltas[i]); last_rid = hdr_deltas[i].target_rid; - if (last_rid == 0) { - break; - } } } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -155,7 +169,9 @@ int rpc_samdump(int argc, const char **argv) dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); - dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); + + /* Currently we crash on PRIVS somewhere in unmarshalling */ + /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ cli_nt_session_close(cli); -- cgit From cfb5e91178eb8befdb00780a819f9c5cd3eee8e4 Mon Sep 17 00:00:00 2001 From: Jean-François Micouleau Date: Fri, 30 Aug 2002 10:46:59 +0000 Subject: added cli_net_auth_3 client code. changed cli_nt_setup_creds() to call cli_net_auth_2 or cli_net_auth_3 based on a switch. pass also the negociation flags all the way. all the places calling cli_nt_setup_creds() are still using cli_net_aut2(), it's just for future use and for rpcclient. in the future we will be able to call auth_2 or auth_3 as we want. J.F. (This used to be commit 4d38caca40f98d0584fefb9d66424a3db5b5789e) --- source3/utils/net_rpc_samsync.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index a41eae40d1..4ddb931adb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -143,6 +143,8 @@ int rpc_samdump(int argc, const char **argv) struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; + uint32 neg_flags = 0x000001ff; + ZERO_STRUCT(ret_creds); @@ -161,7 +163,7 @@ int rpc_samdump(int argc, const char **argv) goto fail; } - result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password); + result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password, &neg_flags, 2); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to setup BDC creds\n"); goto fail; -- cgit From e59d5b50fe882cb1b65ca2f665b0c93c6273c436 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 18 Sep 2002 06:34:10 +0000 Subject: First code for 'net rpc vampire'. We should probably find a more positive name for this. It creates users and global groups. More to come. Volker (This used to be commit 0c1fadd9e024ef886542d362a7f119968552852d) --- source3/utils/net_rpc_samsync.c | 278 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 278 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4ddb931adb..6d8b7c672f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -185,3 +185,281 @@ fail: } return -1; } + +/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ + +static NTSTATUS +sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) +{ + DOM_SID sid; + fstring s; + + /* Username, fullname, home dir, dir drive, logon script, acct + desc, workstations, profile. */ + + unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1); + pdb_set_nt_username(account, s); + + /* Unix username is the same - for sainity */ + pdb_set_username(account, s); + + unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1); + pdb_set_fullname(account, s); + + unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1); + pdb_set_homedir(account, s, True); + + unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1); + pdb_set_dir_drive(account, s, True); + + unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1); + pdb_set_logon_script(account, s, True); + + unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1); + pdb_set_acct_desc(account, s); + + unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1); + pdb_set_workstations(account, s); + + unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1); + pdb_set_profile_path(account, s, True); + + /* User and group sid */ + + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, delta->user_rid); + pdb_set_user_sid(account, &sid); + + sid_copy(&sid, get_global_sam_sid()); + sid_append_rid(&sid, delta->group_rid); + pdb_set_group_sid(account, &sid); + + /* Logon and password information */ + + pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True); + pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), + True); + + pdb_set_logon_divs(account, delta->logon_divs); + + /* TODO: logon hours */ + /* TODO: bad password count */ + /* TODO: logon count */ + + pdb_set_pass_last_set_time( + account, nt_time_to_unix(&delta->pwd_last_set_time)); + + /* TODO: account expiry time */ + + pdb_set_acct_ctrl(account, delta->acb_info); + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +{ + NTSTATUS nt_ret; + fstring account; + pstring add_script; + SAM_ACCOUNT *sam_account=NULL; + + fstrcpy(account, unistr2_static(&delta->uni_acct_name)); + d_printf("Creating account: %s\n", account); + + if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account))) + return nt_ret; + + if (!pdb_getsampwnam(sam_account, account)) { + struct passwd *pw; + + /* Create appropriate user */ + if (delta->acb_info & ACB_NORMAL) { + pstrcpy(add_script, lp_adduser_script()); + } else if ( (delta->acb_info & ACB_WSTRUST) || + (delta->acb_info & ACB_SVRTRUST) ) { + pstrcpy(add_script, lp_addmachine_script()); + } else { + DEBUG(1, ("Unknown user type: %s\n", + smbpasswd_encode_acb_info(delta->acb_info))); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_SUCH_USER; + } + if (*add_script) { + int add_ret; + all_string_sub(add_script, "%u", account, + sizeof(account)); + add_ret = smbrun(add_script,NULL); + DEBUG(1,("fetch_account: Running the command `%s' " + "gave %d\n", add_script, add_ret)); + } + pw = getpwnam_alloc(account); + if (pw) { + nt_ret = pdb_init_sam_pw(&sam_account, pw); + + if (!NT_STATUS_IS_OK(nt_ret)) { + passwd_free(&pw); + pdb_free_sam(&sam_account); + return nt_ret; + } + passwd_free(&pw); + } else { + DEBUG(3, ("Could not create account %s\n", account)); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_SUCH_USER; + } + } + + sam_account_from_delta(sam_account, delta); + pdb_add_sam_account(sam_account); + pdb_free_sam(&sam_account); + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) +{ + fstring name; + fstring comment; + struct group *grp; + DOM_SID group_sid; + fstring sid_string; + GROUP_MAP map; + int flag = TDB_INSERT; + + unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); + unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); + + if ((grp = getgrnam(name)) == NULL) + smb_create_group(name); + + if ((grp = getgrnam(name)) == NULL) + return NT_STATUS_ACCESS_DENIED; + + /* add the group to the mapping table */ + sid_copy(&group_sid, get_global_sam_sid()); + sid_append_rid(&group_sid, rid); + sid_to_string(sid_string, &group_sid); + + /* Add the group mapping */ + if (get_group_map_from_sid(group_sid, &map, False)) { + /* Don't TDB_INSERT, mapping exists */ + flag = 0; + } + + map.gid = grp->gr_gid; + map.sid = group_sid; + map.sid_name_use = SID_NAME_DOM_GRP; + fstrcpy(map.nt_name, name); + fstrcpy(map.comment, comment); + + map.priv_set.count = 0; + map.priv_set.set = NULL; + + add_mapping_entry(&map, flag); + + return NT_STATUS_OK; +} + +static void +fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +{ + switch(hdr_delta->type) { + case SAM_DELTA_ACCOUNT_INFO: + fetch_account_info(hdr_delta->target_rid, + &delta->account_info); + break; + case SAM_DELTA_GROUP_INFO: + fetch_group_info(hdr_delta->target_rid, + &delta->group_info); + break; + default: + d_printf("Unknown delta record type %d\n", hdr_delta->type); + break; + } +} + +static void +fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) +{ + unsigned last_rid = -1; + NTSTATUS result; + int i; + TALLOC_CTX *mem_ctx; + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + uint32 num_deltas; + + if (!(mem_ctx = talloc_init())) { + return; + } + + d_printf("Fetching database %u\n", db_type); + + do { + result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, + db_type, last_rid+1, + &num_deltas, + &hdr_deltas, &deltas); + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), + ret_creds); + last_rid = 0; + for (i = 0; i < num_deltas; i++) { + fetch_sam_entry(&hdr_deltas[i], &deltas[i]); + last_rid = hdr_deltas[i].target_rid; + } + } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + + talloc_destroy(mem_ctx); +} + +/* dump sam database via samsync rpc calls */ +int rpc_vampire(int argc, const char **argv) +{ + NTSTATUS result; + struct cli_state *cli = NULL; + uchar trust_password[16]; + DOM_CRED ret_creds; + uint32 neg_flags = 0x000001ff; + + ZERO_STRUCT(ret_creds); + + /* Connect to remote machine */ + if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | + NET_FLAGS_PDC))) { + return 1; + } + + if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { + DEBUG(0,("Error connecting to NETLOGON pipe\n")); + goto fail; + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), + trust_password, NULL)) { + d_printf("Could not retrieve domain trust secret"); + goto fail; + } + + result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password, + &neg_flags, 2); + if (!NT_STATUS_IS_OK(result)) { + d_printf("Failed to setup BDC creds\n"); + goto fail; + } + + fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); + fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); + + /* Currently we crash on PRIVS somewhere in unmarshalling */ + /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ + + cli_nt_session_close(cli); + + return 0; + +fail: + if (cli) { + cli_nt_session_close(cli); + } + return -1; +} -- cgit From d06d2c876e3f295715e818fa6869d968e32b3dc4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 22 Sep 2002 10:30:00 +0000 Subject: Change parsing of policy and privs delta to what Ethereal says. Volker (This used to be commit 8c41b5cd1b8b0c2639def9552bd20b8aca39785c) --- source3/utils/net_rpc_samsync.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6d8b7c672f..9d54a771fc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -171,9 +171,7 @@ int rpc_samdump(int argc, const char **argv) dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); - - /* Currently we crash on PRIVS somewhere in unmarshalling */ - /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ + dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); cli_nt_session_close(cli); -- cgit From 06ce201a29bb90a428a59a3d85752ccf2dca1bdd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 23 Sep 2002 16:21:01 +0000 Subject: Ok, getting a bit more ambitious. Stop me, if this is wrong. ;-) When creating a group you have to take care of the fact that the underlying unix might not like the group name. This change gets around that problem by giving the add group script the chance to invent a group name. It then must only return the newly created numerical gid. Volker (This used to be commit b959419ed38e66a12b63cad3e5fbfa849f952acc) --- source3/utils/net_rpc_samsync.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9d54a771fc..95a813dcfd 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -323,14 +323,15 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) fstring sid_string; GROUP_MAP map; int flag = TDB_INSERT; + gid_t gid; unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); if ((grp = getgrnam(name)) == NULL) - smb_create_group(name); + smb_create_group(name, &gid); - if ((grp = getgrnam(name)) == NULL) + if ((grp = getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; /* add the group to the mapping table */ -- cgit From 28947d6cd12040de37e3dfb29eeb1163cc429f32 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 24 Sep 2002 06:50:11 +0000 Subject: This is a first working version of net rpc vampire. First do a net rpc getsid, then join as a BDC, and then watch net rpc vampire suck out the good stuff out of a PDC :-). It's not perfect, but it does quite a bit for me. Watch out for more. Volker (This used to be commit f0d7ac9feb5844c93789344285b1d66f480209ba) --- source3/utils/net_rpc_samsync.c | 276 ++++++++++++++++++++++++++++++++++++++-- 1 file changed, 264 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 95a813dcfd..202d5b5c88 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -23,6 +23,8 @@ #include "includes.h" #include "../utils/net.h" +extern DOM_SID global_sid_Builtin; + static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) { int i; @@ -191,6 +193,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { DOM_SID sid; fstring s; + uchar lm_passwd[16], nt_passwd[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ @@ -235,9 +238,8 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* Logon and password information */ pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True); - pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), + pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), True); - pdb_set_logon_divs(account, delta->logon_divs); /* TODO: logon hours */ @@ -247,6 +249,14 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_pass_last_set_time( account, nt_time_to_unix(&delta->pwd_last_set_time)); + pdb_set_kickoff_time(account, get_time_t_max(), True); + + /* Decode hashes from password hash */ + sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); + sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); + pdb_set_nt_passwd(account, nt_passwd); + pdb_set_lanman_passwd(account, lm_passwd); + /* TODO: account expiry time */ pdb_set_acct_ctrl(account, delta->acb_info); @@ -260,6 +270,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) fstring account; pstring add_script; SAM_ACCOUNT *sam_account=NULL; + GROUP_MAP map; + struct group *grp; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -270,6 +282,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!pdb_getsampwnam(sam_account, account)) { struct passwd *pw; + pdb_free_sam(&sam_account); + /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { pstrcpy(add_script, lp_adduser_script()); @@ -308,7 +322,29 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } sam_account_from_delta(sam_account, delta); - pdb_add_sam_account(sam_account); + + if (!pdb_add_sam_account(sam_account)) { + DEBUG(1, ("SAM Account for %s already existed, updating\n", + account)); + pdb_update_sam_account(sam_account); + } + + if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account), + &map, False)) { + DEBUG(0, ("Primary group of %s has no mapping!\n", + pdb_get_username(sam_account))); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_SUCH_GROUP; + } + + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d\n", map.gid)); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_SUCH_GROUP; + } + + smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); + pdb_free_sam(&sam_account); return NT_STATUS_OK; } @@ -318,7 +354,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) { fstring name; fstring comment; - struct group *grp; + struct group *grp = NULL; DOM_SID group_sid; fstring sid_string; GROUP_MAP map; @@ -339,10 +375,24 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - /* Add the group mapping */ if (get_group_map_from_sid(group_sid, &map, False)) { - /* Don't TDB_INSERT, mapping exists */ - flag = 0; + grp = getgrgid(map.gid); + flag = 0; /* Don't TDB_INSERT, mapping exists */ + } + + if (grp == NULL) + { + gid_t new_gid; + /* No group found from mapping, find it from its name. */ + if ((grp = getgrnam(name)) == NULL) { + /* No appropriate group found, create one */ + d_printf("Creating unix group: '%s'\n", name); + if (smb_create_group(name, &new_gid) != 0) + return NT_STATUS_ACCESS_DENIED; + } + + if ((grp = getgrgid(new_gid)) == NULL) + return NT_STATUS_ACCESS_DENIED; } map.gid = grp->gr_gid; @@ -359,8 +409,193 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) return NT_STATUS_OK; } +static NTSTATUS +fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) +{ + int i; + TALLOC_CTX *t = NULL; + char **nt_members = NULL; + char **unix_members; + DOM_SID group_sid; + GROUP_MAP map; + struct group *grp; + + if (delta->num_members == 0) { + return NT_STATUS_OK; + } + + sid_copy(&group_sid, get_global_sam_sid()); + sid_append_rid(&group_sid, rid); + + if (!get_domain_group_from_sid(group_sid, &map, False)) { + DEBUG(0, ("Could not find global group %d\n", rid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d\n", map.gid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + d_printf("Group members of %s: ", grp->gr_name); + + if (!(t = talloc_init())) { + DEBUG(0, ("could not talloc_init\n")); + return NT_STATUS_NO_MEMORY; + } + + nt_members = talloc_zero(t, sizeof(char *) * delta->num_members); + + for (i=0; inum_members; i++) { + NTSTATUS nt_status; + SAM_ACCOUNT *member = NULL; + DOM_SID member_sid; + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { + talloc_destroy(t); + return nt_status; + } + + sid_copy(&member_sid, get_global_sam_sid()); + sid_append_rid(&member_sid, delta->rids[i]); + + if (!pdb_getsampwsid(member, &member_sid)) { + DEBUG(1, ("Found bogus group member: %d\n", + delta->rids[i])); + pdb_free_sam(&member); + continue; + } + + if (pdb_get_group_rid(member) == rid) { + d_printf("%s(primary),", pdb_get_username(member)); + pdb_free_sam(&member); + continue; + } + + d_printf("%s,", pdb_get_username(member)); + nt_members[i] = talloc_strdup(t, pdb_get_username(member)); + pdb_free_sam(&member); + } + + d_printf("\n"); + + unix_members = grp->gr_mem; + + while (*unix_members) { + BOOL is_nt_member = False; + for (i=0; inum_members; i++) { + if (nt_members[i] == NULL) { + /* This was a primary group */ + continue; + } + + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_nt_member = True; + break; + } + } + if (!is_nt_member) { + /* We look at a unix group member that is not + an nt group member. So, remove it. NT is + boss here. */ + smb_delete_user_group(grp->gr_name, *unix_members); + } + unix_members += 1; + } + + for (i=0; inum_members; i++) { + BOOL is_unix_member = False; + + if (nt_members[i] == NULL) { + /* This was the primary group */ + continue; + } + + unix_members = grp->gr_mem; + + while (*unix_members) { + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_unix_member = True; + break; + } + unix_members += 1; + } + + if (!is_unix_member) { + /* We look at a nt group member that is not a + unix group member currently. So, add the nt + group member. */ + smb_add_user_group(grp->gr_name, nt_members[i]); + } + } + + talloc_destroy(t); + return NT_STATUS_OK; +} + +static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, + DOM_SID dom_sid) +{ + fstring name; + fstring comment; + struct group *grp = NULL; + DOM_SID alias_sid; + fstring sid_string; + GROUP_MAP map; + int insert_flag = TDB_INSERT; + + unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1); + unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1); + + /* Find out whether the group is already mapped */ + sid_copy(&alias_sid, &dom_sid); + sid_append_rid(&alias_sid, rid); + sid_to_string(sid_string, &alias_sid); + + if (get_group_map_from_sid(alias_sid, &map, False)) { + grp = getgrgid(map.gid); + insert_flag = 0; /* Don't TDB_INSERT, mapping exists */ + } + + if (grp == NULL) { + gid_t new_gid; + /* No group found from mapping, find it from its name. */ + if ((grp = getgrnam(name)) == NULL) { + /* No appropriate group found, create one */ + d_printf("Creating unix group: '%s'\n", name); + if (smb_create_group(name, &new_gid) != 0) + return NT_STATUS_ACCESS_DENIED; + } + + if ((grp = getgrgid(new_gid)) == NULL) + return NT_STATUS_ACCESS_DENIED; + } + + map.gid = grp->gr_gid; + map.sid = alias_sid; + map.sid_name_use = SID_NAME_ALIAS; + + fstrcpy(map.nt_name, name); + fstrcpy(map.comment, comment); + + map.priv_set.count = 0; + map.priv_set.set = NULL; + + add_mapping_entry(&map, insert_flag); + + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) +{ + + return NT_STATUS_OK; +} + static void -fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, + DOM_SID dom_sid) { switch(hdr_delta->type) { case SAM_DELTA_ACCOUNT_INFO: @@ -371,6 +606,18 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) fetch_group_info(hdr_delta->target_rid, &delta->group_info); break; + case SAM_DELTA_GROUP_MEM: + fetch_group_mem_info(hdr_delta->target_rid, + &delta->grp_mem_info); + break; + case SAM_DELTA_ALIAS_INFO: + fetch_alias_info(hdr_delta->target_rid, + &delta->alias_info, dom_sid); + break; + case SAM_DELTA_ALIAS_MEM: + fetch_alias_mem(hdr_delta->target_rid, + &delta->als_mem_info, dom_sid); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; @@ -378,7 +625,8 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) } static void -fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) +fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, + DOM_SID dom_sid) { unsigned last_rid = -1; NTSTATUS result; @@ -403,7 +651,7 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) ret_creds); last_rid = 0; for (i = 0; i < num_deltas; i++) { - fetch_sam_entry(&hdr_deltas[i], &deltas[i]); + fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); last_rid = hdr_deltas[i].target_rid; } } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -419,6 +667,7 @@ int rpc_vampire(int argc, const char **argv) uchar trust_password[16]; DOM_CRED ret_creds; uint32 neg_flags = 0x000001ff; + DOM_SID dom_sid; ZERO_STRUCT(ret_creds); @@ -446,8 +695,11 @@ int rpc_vampire(int argc, const char **argv) goto fail; } - fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); - fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); + dom_sid = *get_global_sam_sid(); + fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); + + sid_copy(&dom_sid, &global_sid_Builtin); + fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, dom_sid); /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ -- cgit From f2d1f19a66ebaf9b88d23c0faa2412536cc74cda Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 1 Oct 2002 18:26:00 +0000 Subject: syncing up with HEAD. Seems to be a lot of differences creeping in (i ignored the new SAMBA stuff, but the rest of this looks like it should have been merged already). (This used to be commit 3de09e5cf1f667e410ee8b9516a956860ce7290f) --- source3/utils/net_rpc_samsync.c | 44 +++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 26 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 202d5b5c88..c040b3cca2 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -4,6 +4,7 @@ Copyright (C) Andrew Tridgell 2002 Copyright (C) Tim Potter 2001,2002 + Modified by Volker Lendecke 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -191,7 +192,6 @@ fail: static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { - DOM_SID sid; fstring s; uchar lm_passwd[16], nt_passwd[16]; @@ -227,13 +227,8 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* User and group sid */ - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, delta->user_rid); - pdb_set_user_sid(account, &sid); - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, delta->group_rid); - pdb_set_group_sid(account, &sid); + pdb_set_user_sid_from_rid(account, delta->user_rid); + pdb_set_group_sid_from_rid(account, delta->group_rid); /* Logon and password information */ @@ -359,17 +354,10 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) fstring sid_string; GROUP_MAP map; int flag = TDB_INSERT; - gid_t gid; unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); - if ((grp = getgrnam(name)) == NULL) - smb_create_group(name, &gid); - - if ((grp = getgrgid(gid)) == NULL) - return NT_STATUS_ACCESS_DENIED; - /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); @@ -382,17 +370,17 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) if (grp == NULL) { - gid_t new_gid; + gid_t gid; + /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); - if (smb_create_group(name, &new_gid) != 0) + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + if ((grp = getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; } - - if ((grp = getgrgid(new_gid)) == NULL) - return NT_STATUS_ACCESS_DENIED; } map.gid = grp->gr_gid; @@ -558,22 +546,26 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, } if (grp == NULL) { - gid_t new_gid; + gid_t gid; + /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); - if (smb_create_group(name, &new_gid) != 0) + if (smb_create_group(name, &gid) != 0) + return NT_STATUS_ACCESS_DENIED; + if ((grp = getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; } - - if ((grp = getgrgid(new_gid)) == NULL) - return NT_STATUS_ACCESS_DENIED; } map.gid = grp->gr_gid; map.sid = alias_sid; - map.sid_name_use = SID_NAME_ALIAS; + + if (sid_equal(&dom_sid, &global_sid_Builtin)) + map.sid_name_use = SID_NAME_WKN_GRP; + else + map.sid_name_use = SID_NAME_ALIAS; fstrcpy(map.nt_name, name); fstrcpy(map.comment, comment); -- cgit From 36ef82a52953384acedbd51f54ded9357fa8ca3e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 4 Oct 2002 04:10:23 +0000 Subject: merge of new client side support the Win2k LSARPC UUID in rpcbind from APP_HEAD (This used to be commit 1cfd2ee433305e91e87804dd55d10e025d30a69e) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c040b3cca2..00e5dee0ce 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -156,7 +156,7 @@ int rpc_samdump(int argc, const char **argv) return 1; } - if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { + if (!cli_nt_session_open(cli, PI_NETLOGON)) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } @@ -669,7 +669,7 @@ int rpc_vampire(int argc, const char **argv) return 1; } - if (!cli_nt_session_open(cli, PIPE_NETLOGON)) { + if (!cli_nt_session_open(cli, PI_NETLOGON)) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } -- cgit From 6d7195d1d79c43f5ccc8dc4a9215c02177d5fa89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 2 Nov 2002 03:47:48 +0000 Subject: Merge passdb from HEAD -> 3.0 The work here includes: - metze' set/changed patch, which avoids making changes to ldap on unmodified attributes. - volker's group mapping in passdb patch - volker's samsync stuff - volkers SAMR changes. - mezte's connection caching patch - my recent changes (fix magic root check, ldap ssl) Andrew Bartlett (This used to be commit 2044d60bbe0043cdbb9aba931115672bde975d2f) --- source3/utils/net_rpc_samsync.c | 82 +++++++++++++++++++++-------------------- 1 file changed, 43 insertions(+), 39 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 00e5dee0ce..10fba52be8 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -111,7 +111,7 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) { - unsigned last_rid = -1; + unsigned sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -126,15 +126,15 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret d_printf("Dumping database %u\n", db_type); do { - result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, last_rid+1, + result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, + sync_context, &num_deltas, &hdr_deltas, &deltas); clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); - last_rid = 0; for (i = 0; i < num_deltas; i++) { display_sam_entry(&hdr_deltas[i], &deltas[i]); - last_rid = hdr_deltas[i].target_rid; } - } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + sync_context += 1; + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } @@ -199,62 +199,62 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) desc, workstations, profile. */ unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1); - pdb_set_nt_username(account, s); + pdb_set_nt_username(account, s, PDB_CHANGED); /* Unix username is the same - for sainity */ - pdb_set_username(account, s); + pdb_set_username(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1); - pdb_set_fullname(account, s); + pdb_set_fullname(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1); - pdb_set_homedir(account, s, True); + pdb_set_homedir(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1); - pdb_set_dir_drive(account, s, True); + pdb_set_dir_drive(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1); - pdb_set_logon_script(account, s, True); + pdb_set_logon_script(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1); - pdb_set_acct_desc(account, s); + pdb_set_acct_desc(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1); - pdb_set_workstations(account, s); + pdb_set_workstations(account, s, PDB_CHANGED); unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1); - pdb_set_profile_path(account, s, True); + pdb_set_profile_path(account, s, PDB_CHANGED); /* User and group sid */ - pdb_set_user_sid_from_rid(account, delta->user_rid); - pdb_set_group_sid_from_rid(account, delta->group_rid); + pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); + pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); /* Logon and password information */ - pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), True); + pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED); pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), - True); - pdb_set_logon_divs(account, delta->logon_divs); + PDB_CHANGED); + pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); /* TODO: logon hours */ /* TODO: bad password count */ /* TODO: logon count */ pdb_set_pass_last_set_time( - account, nt_time_to_unix(&delta->pwd_last_set_time)); + account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED); - pdb_set_kickoff_time(account, get_time_t_max(), True); + pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED); /* Decode hashes from password hash */ sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); - pdb_set_nt_passwd(account, nt_passwd); - pdb_set_lanman_passwd(account, lm_passwd); + pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); + pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info); + pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); return NT_STATUS_OK; } @@ -324,8 +324,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pdb_update_sam_account(sam_account); } - if (!get_group_map_from_sid(*pdb_get_group_sid(sam_account), - &map, False)) { + if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); pdb_free_sam(&sam_account); @@ -353,7 +352,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) DOM_SID group_sid; fstring sid_string; GROUP_MAP map; - int flag = TDB_INSERT; + BOOL insert = True; unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); @@ -363,9 +362,9 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (get_group_map_from_sid(group_sid, &map, False)) { + if (pdb_getgrsid(&map, group_sid, False)) { grp = getgrgid(map.gid); - flag = 0; /* Don't TDB_INSERT, mapping exists */ + insert = False; } if (grp == NULL) @@ -392,7 +391,10 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.priv_set.count = 0; map.priv_set.set = NULL; - add_mapping_entry(&map, flag); + if (insert) + pdb_add_group_mapping_entry(&map); + else + pdb_update_group_mapping_entry(&map); return NT_STATUS_OK; } @@ -530,7 +532,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, DOM_SID alias_sid; fstring sid_string; GROUP_MAP map; - int insert_flag = TDB_INSERT; + BOOL insert = True; unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1); unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1); @@ -540,9 +542,9 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, sid_append_rid(&alias_sid, rid); sid_to_string(sid_string, &alias_sid); - if (get_group_map_from_sid(alias_sid, &map, False)) { + if (pdb_getgrsid(&map, alias_sid, False)) { grp = getgrgid(map.gid); - insert_flag = 0; /* Don't TDB_INSERT, mapping exists */ + insert = False; } if (grp == NULL) { @@ -573,7 +575,10 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, map.priv_set.count = 0; map.priv_set.set = NULL; - add_mapping_entry(&map, insert_flag); + if (insert) + pdb_add_group_mapping_entry(&map); + else + pdb_update_group_mapping_entry(&map); return NT_STATUS_OK; } @@ -620,7 +625,7 @@ static void fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, DOM_SID dom_sid) { - unsigned last_rid = -1; + unsigned sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -636,17 +641,16 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, - db_type, last_rid+1, + db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); - last_rid = 0; for (i = 0; i < num_deltas; i++) { fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); - last_rid = hdr_deltas[i].target_rid; } - } while (last_rid && NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); + sync_context += 1; + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } -- cgit From aecd050d38998f664492363e46b491245aafb8de Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Nov 2002 07:20:33 +0000 Subject: Keeping 3.0 in sync.... Jeremy. (This used to be commit 6d98ac2634d17f7f8fb17c43923ddd2b1e723d86) --- source3/utils/net_rpc_samsync.c | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 10fba52be8..583d50cf4f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -162,7 +162,7 @@ int rpc_samdump(int argc, const char **argv) } if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) { - d_printf("Could not retrieve domain trust secret"); + d_printf("Could not retrieve domain trust secret\n"); goto fail; } @@ -267,6 +267,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) SAM_ACCOUNT *sam_account=NULL; GROUP_MAP map; struct group *grp; + DOM_SID sid; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -319,12 +320,14 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sam_account_from_delta(sam_account, delta); if (!pdb_add_sam_account(sam_account)) { - DEBUG(1, ("SAM Account for %s already existed, updating\n", + DEBUG(1, ("SAM Account for %s already exists, updating\n", account)); pdb_update_sam_account(sam_account); } - if (!pdb_getgrsid(&map, *pdb_get_group_sid(sam_account), False)) { + sid = *pdb_get_group_sid(sam_account); + + if (!pdb_getgrsid(&map, sid, False)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); pdb_free_sam(&sam_account); @@ -332,7 +335,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d\n", map.gid)); + DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", + map.gid, pdb_get_username(sam_account), sid_string_static(&sid))); pdb_free_sam(&sam_account); return NT_STATUS_NO_SUCH_GROUP; } @@ -450,8 +454,8 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_append_rid(&member_sid, delta->rids[i]); if (!pdb_getsampwsid(member, &member_sid)) { - DEBUG(1, ("Found bogus group member: %d\n", - delta->rids[i])); + DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", + delta->rids[i], sid_string_static(&member_sid), grp->gr_name)); pdb_free_sam(&member); continue; } @@ -680,7 +684,7 @@ int rpc_vampire(int argc, const char **argv) if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) { - d_printf("Could not retrieve domain trust secret"); + d_printf("Could not retrieve domain trust secret\n"); goto fail; } -- cgit From f48a8615d67c2ccba3a0b65877402b24493da58e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 10 Nov 2002 03:07:19 +0000 Subject: After the lord mayors parade...... Janitor for tridge :-). Jeremy. (This used to be commit 76cdfbd5107fff0c38f5fc339f1c27b33fec3a91) --- source3/utils/net_rpc_samsync.c | 41 ++++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 11 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 583d50cf4f..34d926ab61 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -56,14 +56,23 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) { fstring hex_nt_passwd, hex_lm_passwd; uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; - /* Decode hashes from password hash */ - sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); + /* Decode hashes from password hash (if they are not NULL) */ - /* Encode as strings */ - smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); - smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); + smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + } else { + smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0); + } + + if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); + smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + } else { + smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0); + } printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), a->user_rid, hex_lm_passwd, hex_nt_passwd, @@ -194,6 +203,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { fstring s; uchar lm_passwd[16], nt_passwd[16]; + static uchar zero_buf[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ @@ -246,11 +256,20 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED); - /* Decode hashes from password hash */ - sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); - sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); - pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); - pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); + /* Decode hashes from password hash + Note that win2000 may send us all zeros for the hashes if it doesn't + think this channel is secure enough - don't set the passwords at all + in that case + */ + if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); + pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); + } + + if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); + pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); + } /* TODO: account expiry time */ -- cgit From ef8bd7c4f7ae8192ea05db070962ecf0ff3615f3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 20 Dec 2002 20:21:31 +0000 Subject: Forward port the change to talloc_init() to make all talloc contexts named. Ensure we can query them. Jeremy. (This used to be commit 09a218a9f6fb0bd922940467bf8500eb4f1bcf84) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 34d926ab61..1bd39e3ebb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -128,7 +128,7 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret SAM_DELTA_CTR *deltas; uint32 num_deltas; - if (!(mem_ctx = talloc_init())) { + if (!(mem_ctx = talloc_init("dump_database"))) { return; } @@ -452,7 +452,7 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) d_printf("Group members of %s: ", grp->gr_name); - if (!(t = talloc_init())) { + if (!(t = talloc_init("fetch_group_mem_info"))) { DEBUG(0, ("could not talloc_init\n")); return NT_STATUS_NO_MEMORY; } @@ -656,7 +656,7 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, SAM_DELTA_CTR *deltas; uint32 num_deltas; - if (!(mem_ctx = talloc_init())) { + if (!(mem_ctx = talloc_init("fetch_database"))) { return; } -- cgit From aed54afc2cfc468d29b65b2b503d975070515528 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 29 Jan 2003 18:47:57 +0000 Subject: playing janitor for abartlet. :-( " Make the vampire code use just pdb calls - allowing better operation on systems that are not configured with an add user script, and have an _nua backend for storage. We really need to get the PDB backends out of the IDMAP game... Andrew Bartlett " (This used to be commit e959a8eb67e78bb90ae017687dca8f8b3b147b09) --- source3/utils/net_rpc_samsync.c | 37 +++++++++++++++---------------------- 1 file changed, 15 insertions(+), 22 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 1bd39e3ebb..ac3b78fc7a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -287,6 +287,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) GROUP_MAP map; struct group *grp; DOM_SID sid; + BOOL try_add = False; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -295,10 +296,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return nt_ret; if (!pdb_getsampwnam(sam_account, account)) { - struct passwd *pw; - - pdb_free_sam(&sam_account); - /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { pstrcpy(add_script, lp_adduser_script()); @@ -319,29 +316,25 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) DEBUG(1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); } - pw = getpwnam_alloc(account); - if (pw) { - nt_ret = pdb_init_sam_pw(&sam_account, pw); - - if (!NT_STATUS_IS_OK(nt_ret)) { - passwd_free(&pw); - pdb_free_sam(&sam_account); - return nt_ret; - } - passwd_free(&pw); - } else { - DEBUG(3, ("Could not create account %s\n", account)); - pdb_free_sam(&sam_account); - return NT_STATUS_NO_SUCH_USER; + + if (!pdb_getsampwnam(sam_account, account)) { + try_add = True; + /* still not there, hope the backend likes NUAs */ } } sam_account_from_delta(sam_account, delta); - if (!pdb_add_sam_account(sam_account)) { - DEBUG(1, ("SAM Account for %s already exists, updating\n", - account)); - pdb_update_sam_account(sam_account); + if (try_add) { + if (!pdb_add_sam_account(sam_account)) { + DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", + account)); + } + } else { + if (!pdb_update_sam_account(sam_account)) { + DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", + account)); + } } sid = *pdb_get_group_sid(sam_account); -- cgit From 3d8c50c87482d75d18b21bee954911951f471e2a Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 22 Mar 2003 09:03:46 +0000 Subject: Thanks to volker, merge passdb changes from HEAD: - pdb_guest (including change defaults) - 'default' passdb actions (instead of 'not implemented' stubs in each module) - net_rpc_samsync no longer assumes pdb_unix Andrew Bartlett (This used to be commit 4bec53c8c81019f0f06a93c4df0800bbf7281dd6) --- source3/utils/net_rpc_samsync.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ac3b78fc7a..7d5c8681ad 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -317,10 +317,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) "gave %d\n", add_script, add_ret)); } - if (!pdb_getsampwnam(sam_account, account)) { - try_add = True; - /* still not there, hope the backend likes NUAs */ - } + try_add = True; } sam_account_from_delta(sam_account, delta); -- cgit From 0e55d8d6e5d49f61cd6c27c0697bde3a76d7eee5 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 23 Mar 2003 02:22:41 +0000 Subject: Merge of patch by waider to our samsync code. (Decode all database names, and set only changes, not all info from the samsync record). Andrew Bartlett (This used to be commit c7b8405bdebb9241ec335ccbbef630d90e61a419) --- source3/utils/net_rpc_samsync.c | 190 ++++++++++++++++++++++++++++++++-------- 1 file changed, 155 insertions(+), 35 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 7d5c8681ad..dc2ae2caa1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -111,6 +111,37 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) case SAM_DELTA_GROUP_INFO: display_group_info(hdr_delta->target_rid, &delta->group_info); break; + /* The following types are recognised but not handled */ + case SAM_DELTA_RENAME_GROUP: + d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + break; + case SAM_DELTA_RENAME_USER: + d_printf("SAM_DELTA_RENAME_USER not handled\n"); + break; + case SAM_DELTA_RENAME_ALIAS: + d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + break; + case SAM_DELTA_POLICY_INFO: + d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + break; + case SAM_DELTA_TRUST_DOMS: + d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + break; + case SAM_DELTA_PRIVS_INFO: + d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + break; + case SAM_DELTA_SECRET_INFO: + d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + break; + case SAM_DELTA_DELETE_GROUP: + d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + break; + case SAM_DELTA_DELETE_USER: + d_printf("SAM_DELTA_DELETE_USER not handled\n"); + break; + case SAM_DELTA_MODIFIED_COUNT: + d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; @@ -132,7 +163,20 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret return; } - d_printf("Dumping database %u\n", db_type); + switch( db_type ) { + case SAM_DATABASE_DOMAIN: + d_printf("Dumping DOMAIN database\n"); + break; + case SAM_DATABASE_BUILTIN: + d_printf("Dumping BUILTIN database\n"); + break; + case SAM_DATABASE_PRIVS: + d_printf("Dumping PRIVS databases\n"); + break; + default: + d_printf("Dumping unknown database type %u\n", db_type ); + break; + } do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, @@ -197,70 +241,143 @@ fail: } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ +#define STRING_CHANGED (old_string && !new_string) ||\ + (!old_string && new_string) ||\ + (old_string && new_string && (strcmp(old_string, new_string) != 0)) static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { - fstring s; + const char *old_string, *new_string; + time_t unix_time, stored_time; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - unistr2_to_ascii(s, &delta->uni_acct_name, sizeof(s) - 1); - pdb_set_nt_username(account, s, PDB_CHANGED); + if (delta->hdr_acct_name.buffer) { + old_string = pdb_get_nt_username(account); + new_string = unistr2_static(&delta->uni_acct_name); + + if (STRING_CHANGED) { + pdb_set_nt_username(account, new_string, PDB_CHANGED); + + } + + /* Unix username is the same - for sanity */ + old_string = pdb_get_username( account ); + if (STRING_CHANGED) { + pdb_set_username(account, new_string, PDB_CHANGED); + } + } + + if (delta->hdr_full_name.buffer) { + old_string = pdb_get_fullname(account); + new_string = unistr2_static(&delta->uni_full_name); + + if (STRING_CHANGED) + pdb_set_fullname(account, new_string, PDB_CHANGED); + } - /* Unix username is the same - for sainity */ - pdb_set_username(account, s, PDB_CHANGED); + if (delta->hdr_home_dir.buffer) { + old_string = pdb_get_homedir(account); + new_string = unistr2_static(&delta->uni_home_dir); + + if (STRING_CHANGED) + pdb_set_homedir(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_full_name, sizeof(s) - 1); - pdb_set_fullname(account, s, PDB_CHANGED); + if (delta->hdr_dir_drive.buffer) { + old_string = pdb_get_dir_drive(account); + new_string = unistr2_static(&delta->uni_dir_drive); - unistr2_to_ascii(s, &delta->uni_home_dir, sizeof(s) - 1); - pdb_set_homedir(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_dir_drive(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_dir_drive, sizeof(s) - 1); - pdb_set_dir_drive(account, s, PDB_CHANGED); + if (delta->hdr_logon_script.buffer) { + old_string = pdb_get_logon_script(account); + new_string = unistr2_static(&delta->uni_logon_script); - unistr2_to_ascii(s, &delta->uni_logon_script, sizeof(s) - 1); - pdb_set_logon_script(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_logon_script(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_acct_desc, sizeof(s) - 1); - pdb_set_acct_desc(account, s, PDB_CHANGED); + if (delta->hdr_acct_desc.buffer) { + old_string = pdb_get_acct_desc(account); + new_string = unistr2_static(&delta->uni_acct_desc); - unistr2_to_ascii(s, &delta->uni_workstations, sizeof(s) - 1); - pdb_set_workstations(account, s, PDB_CHANGED); + if (STRING_CHANGED) + pdb_set_acct_desc(account, new_string, PDB_CHANGED); + } - unistr2_to_ascii(s, &delta->uni_profile, sizeof(s) - 1); - pdb_set_profile_path(account, s, PDB_CHANGED); + if (delta->hdr_workstations.buffer) { + old_string = pdb_get_workstations(account); + new_string = unistr2_static(&delta->uni_workstations); - /* User and group sid */ + if (STRING_CHANGED) + pdb_set_workstations(account, new_string, PDB_CHANGED); + } - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + if (delta->hdr_profile.buffer) { + old_string = pdb_get_profile_path(account); + new_string = unistr2_static(&delta->uni_profile); + + if (STRING_CHANGED) + pdb_set_profile_path(account, new_string, PDB_CHANGED); + } + + /* User and group sid */ + if (pdb_get_user_rid(account) != delta->user_rid) + pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != delta->group_rid) + pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); /* Logon and password information */ + if (!nt_time_is_zero(&delta->logon_time)) { + unix_time = nt_time_to_unix(&delta->logon_time); + stored_time = pdb_get_logon_time(account); + if (stored_time != unix_time) + pdb_set_logon_time(account, unix_time, PDB_CHANGED); + } - pdb_set_logon_time(account, nt_time_to_unix(&delta->logon_time), PDB_CHANGED); - pdb_set_logoff_time(account, nt_time_to_unix(&delta->logoff_time), - PDB_CHANGED); - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + if (!nt_time_is_zero(&delta->logoff_time)) { + unix_time = nt_time_to_unix(&delta->logoff_time); + stored_time = pdb_get_logoff_time(account); + if (stored_time != unix_time) + pdb_set_logoff_time(account, unix_time,PDB_CHANGED); + } + + if (pdb_get_logon_divs(account) != delta->logon_divs) + pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); /* TODO: logon hours */ /* TODO: bad password count */ /* TODO: logon count */ - pdb_set_pass_last_set_time( - account, nt_time_to_unix(&delta->pwd_last_set_time), PDB_CHANGED); + if (!nt_time_is_zero(&delta->pwd_last_set_time)) { + unix_time = nt_time_to_unix(&delta->pwd_last_set_time); + stored_time = pdb_get_pass_last_set_time(account); + if (stored_time != unix_time) + pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); + } - pdb_set_kickoff_time(account, get_time_t_max(), PDB_CHANGED); +#if 0 + /* No kickoff time in the delta? */ + if (!nt_time_is_zero(&delta->kickoff_time)) { + unix_time = nt_time_to_unix(&delta->kickoff_time); + stored_time = pdb_get_kickoff_time(account); + if (stored_time != unix_time) + pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); + } +#endif /* Decode hashes from password hash Note that win2000 may send us all zeros for the hashes if it doesn't think this channel is secure enough - don't set the passwords at all in that case - */ + */ if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); @@ -273,7 +390,9 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + if (pdb_get_acct_ctrl(account) != delta->acb_info) + pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + return NT_STATUS_OK; } @@ -300,7 +419,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (delta->acb_info & ACB_NORMAL) { pstrcpy(add_script, lp_adduser_script()); } else if ( (delta->acb_info & ACB_WSTRUST) || - (delta->acb_info & ACB_SVRTRUST) ) { + (delta->acb_info & ACB_SVRTRUST) || + (delta->acb_info & ACB_DOMTRUST) ) { pstrcpy(add_script, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", @@ -386,7 +506,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - /* No appropriate group found, create one */ + /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; @@ -565,7 +685,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - /* No appropriate group found, create one */ + /* No appropriate group found, create one */ d_printf("Creating unix group: '%s'\n", name); if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; -- cgit From 456a4be3f3a75514c2b8bac3a266bb5f57bf5859 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Mar 2003 16:46:04 +0000 Subject: This sets the domain for the user in vampire. Otherwise we end up with an empty domain field, which a workstation does not really like in sam_logon.. Volker (This used to be commit 5a3f89d3c12c5e4ab89fbe220ca34387c1660511) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index dc2ae2caa1..acf085af82 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -393,6 +393,8 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) if (pdb_get_acct_ctrl(account) != delta->acb_info) pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); + return NT_STATUS_OK; } -- cgit From 32e12d4984fa866af83fa35576f4f57a521c5fa8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Mar 2003 10:47:26 +0000 Subject: Waider's cosmetic change to print out the database type when downloading stuff. Volker (This used to be commit 702d368a9af98d59775ebc3ed89774507397b7e3) --- source3/utils/net_rpc_samsync.c | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index acf085af82..9367404b35 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -750,6 +750,9 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, fetch_alias_mem(hdr_delta->target_rid, &delta->als_mem_info, dom_sid); break; + case SAM_DELTA_DOMAIN_INFO: + d_printf("SAMBA_DELTA_DOMAIN_INFO not handled\n"); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; @@ -772,7 +775,20 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, return; } - d_printf("Fetching database %u\n", db_type); + switch( db_type ) { + case SAM_DATABASE_DOMAIN: + d_printf("Fetching DOMAIN database\n"); + break; + case SAM_DATABASE_BUILTIN: + d_printf("Fetching BUILTIN database\n"); + break; + case SAM_DATABASE_PRIVS: + d_printf("Fetching PRIVS databases\n"); + break; + default: + d_printf("Fetching unknown database type %u\n", db_type ); + break; + } do { result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, -- cgit From 7238bf5f40e16360439e028fa7607a5a28e02965 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 Apr 2003 15:54:17 +0000 Subject: This is the netlogon schannel client code. Try a rpcclient -S pdc -U% -c "samlogon user password" and it should work with the schannel. Needs testing against platforms different from NT4SP6. Volker (This used to be commit eaef0d8aeff1aa5a067679be3f17e08d7434e1e8) --- source3/utils/net_rpc_samsync.c | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9367404b35..f811d76f68 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -209,19 +209,17 @@ int rpc_samdump(int argc, const char **argv) return 1; } - if (!cli_nt_session_open(cli, PI_NETLOGON)) { - DEBUG(0,("Error connecting to NETLOGON pipe\n")); - goto fail; - } + fstrcpy(cli->domain, lp_workgroup()); - if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL)) { - d_printf("Could not retrieve domain trust secret\n"); + if (!secrets_fetch_trust_account_password(lp_workgroup(), + trust_password, + NULL)) { + DEBUG(0,("Could not fetch trust account password\n")); goto fail; } - - result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password, &neg_flags, 2); - if (!NT_STATUS_IS_OK(result)) { - d_printf("Failed to setup BDC creds\n"); + + if (!cli_nt_open_netlogon(cli, trust_password, SEC_CHAN_BDC)) { + DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } -- cgit From b0f49fcd538e28d27fa69a778cf04f4d78755481 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 14 Apr 2003 04:00:37 +0000 Subject: Merge of Jelmer's usage updates for net. (This used to be commit 6a5b88c95b3fd17431cda79e9aa2a593fef85100) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index f811d76f68..0b78cd54ce 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -362,7 +362,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) } #if 0 - /* No kickoff time in the delta? */ +/* No kickoff time in the delta? */ if (!nt_time_is_zero(&delta->kickoff_time)) { unix_time = nt_time_to_unix(&delta->kickoff_time); stored_time = pdb_get_kickoff_time(account); -- cgit From e9a4e1bb2e7da382a58c57797bcfef79ed455905 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 14 Apr 2003 05:28:09 +0000 Subject: Merge: remove unused variables. (This used to be commit dfa9412da567d2477ee5b1e6ecdc96b8dea3c21d) --- source3/utils/net_rpc_samsync.c | 3 --- 1 file changed, 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 0b78cd54ce..b886119eef 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -195,12 +195,9 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret /* dump sam database via samsync rpc calls */ int rpc_samdump(int argc, const char **argv) { - NTSTATUS result; struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; - uint32 neg_flags = 0x000001ff; - ZERO_STRUCT(ret_creds); -- cgit From f071020f5e49837154581c97c5af5f84d0e2de89 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Mon, 21 Apr 2003 14:09:03 +0000 Subject: Merge from HEAD - save the type of channel used to contact the DC. This allows us to join as a BDC, without appearing on the network as one until we have the database replicated, and the admin changes the configuration. This also change the SID retreval order from secrets.tdb, so we no longer require a 'net rpc getsid' - the sid fetch during the domain join is sufficient. Also minor fixes to 'net'. Andrew Bartlett (This used to be commit 876e00fd112e4aaf7519eec27f382eb99ec7562a) --- source3/utils/net_rpc_samsync.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index b886119eef..909ed298cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -198,6 +198,7 @@ int rpc_samdump(int argc, const char **argv) struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; + uint32 sec_channel; ZERO_STRUCT(ret_creds); @@ -210,12 +211,12 @@ int rpc_samdump(int argc, const char **argv) if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, - NULL)) { + NULL, &sec_channel)) { DEBUG(0,("Could not fetch trust account password\n")); goto fail; } - if (!cli_nt_open_netlogon(cli, trust_password, SEC_CHAN_BDC)) { + if (!cli_nt_open_netlogon(cli, trust_password, sec_channel)) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } @@ -810,6 +811,7 @@ int rpc_vampire(int argc, const char **argv) DOM_CRED ret_creds; uint32 neg_flags = 0x000001ff; DOM_SID dom_sid; + uint32 sec_channel; ZERO_STRUCT(ret_creds); @@ -825,12 +827,13 @@ int rpc_vampire(int argc, const char **argv) } if (!secrets_fetch_trust_account_password(lp_workgroup(), - trust_password, NULL)) { + trust_password, NULL, + &sec_channel)) { d_printf("Could not retrieve domain trust secret\n"); goto fail; } - result = cli_nt_setup_creds(cli, SEC_CHAN_BDC, trust_password, + result = cli_nt_setup_creds(cli, sec_channel, trust_password, &neg_flags, 2); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to setup BDC creds\n"); -- cgit From c6d550b99bb7e15bb437f478933b35a46496455c Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 29 Apr 2003 14:42:49 +0000 Subject: adding ifdef'd code to add alias membership for vampire (This used to be commit 2557b94519fbb3110948a3c6a3f412622757d2b0) --- source3/utils/net_rpc_samsync.c | 138 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 909ed298cb..42bb480844 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -717,7 +717,145 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) { +#if 0 /* + * commented out right now after talking to Volker. Can't + * do much with the membership but seemed a shame to waste + * somewhat working code. Needs testing because the membership + * that shows up surprises me. Also can't do much with groups + * in groups (e.g. Domain Admins being a member of Adminsitrators). + * --jerry + */ + int i; + TALLOC_CTX *t = NULL; + char **nt_members = NULL; + char **unix_members; + DOM_SID group_sid; + GROUP_MAP map; + struct group *grp; + enum SID_NAME_USE sid_type; + + if (delta->num_members == 0) { + return NT_STATUS_OK; + } + + sid_copy(&group_sid, &dom_sid); + sid_append_rid(&group_sid, rid); + + if (sid_equal(&dom_sid, &global_sid_Builtin)) { + sid_type = SID_NAME_WKN_GRP; + if (!get_builtin_group_from_sid(group_sid, &map, False)) { + DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid))); + return NT_STATUS_NO_SUCH_GROUP; + } + } else { + sid_type = SID_NAME_ALIAS; + if (!get_local_group_from_sid(group_sid, &map, False)) { + DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid))); + return NT_STATUS_NO_SUCH_GROUP; + } + } + + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d\n", map.gid)); + return NT_STATUS_NO_SUCH_GROUP; + } + + d_printf("Group members of %s: ", grp->gr_name); + + if (!(t = talloc_init("fetch_group_mem_info"))) { + DEBUG(0, ("could not talloc_init\n")); + return NT_STATUS_NO_MEMORY; + } + + nt_members = talloc_zero(t, sizeof(char *) * delta->num_members); + + for (i=0; inum_members; i++) { + NTSTATUS nt_status; + SAM_ACCOUNT *member = NULL; + DOM_SID member_sid; + + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { + talloc_destroy(t); + return nt_status; + } + + sid_copy(&member_sid, &delta->sids[i].sid); + + if (!pdb_getsampwsid(member, &member_sid)) { + DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n", + sid_string_static(&member_sid), grp->gr_name)); + pdb_free_sam(&member); + continue; + } + + if (pdb_get_group_rid(member) == rid) { + d_printf("%s(primary),", pdb_get_username(member)); + pdb_free_sam(&member); + continue; + } + + d_printf("%s,", pdb_get_username(member)); + nt_members[i] = talloc_strdup(t, pdb_get_username(member)); + pdb_free_sam(&member); + } + + d_printf("\n"); + + unix_members = grp->gr_mem; + + while (*unix_members) { + BOOL is_nt_member = False; + for (i=0; inum_members; i++) { + if (nt_members[i] == NULL) { + /* This was a primary group */ + continue; + } + + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_nt_member = True; + break; + } + } + if (!is_nt_member) { + /* We look at a unix group member that is not + an nt group member. So, remove it. NT is + boss here. */ + smb_delete_user_group(grp->gr_name, *unix_members); + } + unix_members += 1; + } + + for (i=0; inum_members; i++) { + BOOL is_unix_member = False; + + if (nt_members[i] == NULL) { + /* This was the primary group */ + continue; + } + + unix_members = grp->gr_mem; + + while (*unix_members) { + if (strcmp(*unix_members, nt_members[i]) == 0) { + is_unix_member = True; + break; + } + unix_members += 1; + } + + if (!is_unix_member) { + /* We look at a nt group member that is not a + unix group member currently. So, add the nt + group member. */ + smb_add_user_group(grp->gr_name, nt_members[i]); + } + } + + talloc_destroy(t); + +#endif /* end of fetch_alias_mem() */ + return NT_STATUS_OK; } -- cgit From d1da999e0a84939e372ebe590861376e2c0075b3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 8 May 2003 08:02:52 +0000 Subject: This puts real netlogon connection caching to winbind. This becomes important once we start doing schannel, as there would be a lot more roundtrips for the second PIPE open and bind. With this patch logging in to a member server is a matter of two (three if you count the ack...) packets between us and the DC. Volker (This used to be commit 5b3cb7725a974629d0bd8b707bc2940c36b8745e) --- source3/utils/net_rpc_samsync.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 42bb480844..fd00fa6bc3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -209,6 +209,11 @@ int rpc_samdump(int argc, const char **argv) fstrcpy(cli->domain, lp_workgroup()); + if (!cli_nt_session_open(cli, PI_NETLOGON)) { + DEBUG(0,("Could not open connection to NETLOGON pipe\n")); + goto fail; + } + if (!secrets_fetch_trust_account_password(lp_workgroup(), trust_password, NULL, &sec_channel)) { @@ -216,7 +221,8 @@ int rpc_samdump(int argc, const char **argv) goto fail; } - if (!cli_nt_open_netlogon(cli, trust_password, sec_channel)) { + if (!NT_STATUS_IS_OK(cli_nt_establish_netlogon(cli, sec_channel, + trust_password))) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } -- cgit From 1a38fcb22a98420aa185fb9a807c6b162eda708b Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 12 May 2003 07:18:36 +0000 Subject: Re-enable secure channel for net rpc vampire. Jump out of sam entry processing loop if the return value from cli_netlogon_sam_sync() isn't OK or STATUS_MORE_ENTRIES. (This used to be commit 47d8ee3679292ece5d86df11bc56c9b4d71f3d11) --- source3/utils/net_rpc_samsync.c | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fd00fa6bc3..ae6f52ebc4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -935,11 +935,17 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); - clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), - ret_creds); - for (i = 0; i < num_deltas; i++) { - fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); - } + + if (NT_STATUS_IS_OK(result) || + NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { + + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), + ret_creds); + + for (i = 0; i < num_deltas; i++) { + fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); + } + } sync_context += 1; } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); @@ -953,7 +959,6 @@ int rpc_vampire(int argc, const char **argv) struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; - uint32 neg_flags = 0x000001ff; DOM_SID dom_sid; uint32 sec_channel; @@ -977,8 +982,8 @@ int rpc_vampire(int argc, const char **argv) goto fail; } - result = cli_nt_setup_creds(cli, sec_channel, trust_password, - &neg_flags, 2); + result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); + if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to setup BDC creds\n"); goto fail; -- cgit From b85664047c188126e3ba06862198c1acd4f218ac Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 14 Jun 2003 00:49:02 +0000 Subject: This patch modifies 'net rpc vampire' to add new and existing users to both the idmap and the SAM. The basic idea is this: Lookup the user with GetPwnam(), and if they exist then use that uid. This is what people expect. If the user does not exist, try and run the right script. This is also what people expect from previous Samba 3.0 behaviour, where the Get_Pwnam() was at runtime. If the idmap entry for this SID isn't valid, or isn't the right value, modify the idmap to account for this mapping. Also, the same logic is applied to the primary gid - if it has changed, update the user's primary unix group. This patch allows users to be added without a mapping - this is fine for machine accounts, for example. I've given it a quick test against my Win2k DC, and I *think* it's sane. Andrew Bartlett (This used to be commit d2a70bfff182352da50cd6c23ddfa80fe1b353c7) --- source3/utils/net_rpc_samsync.c | 59 +++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 20 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ae6f52ebc4..e911fbce55 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -410,7 +410,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) GROUP_MAP map; struct group *grp; DOM_SID sid; - BOOL try_add = False; + struct passwd *passwd; + unid_t id; + int u_type; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -418,7 +420,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account))) return nt_ret; - if (!pdb_getsampwnam(sam_account, account)) { + if (!(passwd = Get_Pwnam(account))) { /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { pstrcpy(add_script, lp_adduser_script()); @@ -429,8 +431,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { DEBUG(1, ("Unknown user type: %s\n", smbpasswd_encode_acb_info(delta->acb_info))); - pdb_free_sam(&sam_account); - return NT_STATUS_NO_SUCH_USER; } if (*add_script) { int add_ret; @@ -439,22 +439,22 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } - try_add = True; + /* try and find the possible unix account again */ + passwd = Get_Pwnam(account); + } } sam_account_from_delta(sam_account, delta); - - if (try_add) { - if (!pdb_add_sam_account(sam_account)) { - DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", - account)); - } - } else { + if (!pdb_add_sam_account(sam_account)) { + DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", + account)); if (!pdb_update_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); + pdb_free_sam(&sam_account); + return NT_STATUS_OK; +/* return NT_STATUS_ACCESS_DENIED; */ } } @@ -466,18 +466,37 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pdb_free_sam(&sam_account); return NT_STATUS_NO_SUCH_GROUP; } - - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", - map.gid, pdb_get_username(sam_account), sid_string_static(&sid))); + + if (!passwd) { + /* if no unix user, changing the mapping won't help */ pdb_free_sam(&sam_account); - return NT_STATUS_NO_SUCH_GROUP; + return NT_STATUS_OK; + } + + if (map.gid != passwd->pw_gid) { + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", + map.gid, pdb_get_username(sam_account), sid_string_static(&sid))); + pdb_free_sam(&sam_account); + return NT_STATUS_NO_SUCH_GROUP; + } + + smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); + } + + nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account)); + if (!NT_STATUS_IS_OK(nt_ret)) { + pdb_free_sam(&sam_account); + return nt_ret; } - smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); + if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) { + id.uid = passwd->pw_uid; + nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID); + } pdb_free_sam(&sam_account); - return NT_STATUS_OK; + return nt_ret; } static NTSTATUS -- cgit From 6a2b43db9c5581158491dc539751780823322a78 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Mon, 16 Jun 2003 05:39:26 +0000 Subject: Make net rpc vampire return an error if the sam sync RPC returns an error. E.g if we are pointing at a win2k native mode domain we are returned an NT_STATUS_NOT_SUPPORTED error. (This used to be commit 6053c30f26cdf60f2bbfa6fb58ced6f7bcbd2e83) --- source3/utils/net_rpc_samsync.c | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e911fbce55..72231fd527 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -918,7 +918,7 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, } } -static void +static NTSTATUS fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, DOM_SID dom_sid) { @@ -930,9 +930,8 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, SAM_DELTA_CTR *deltas; uint32 num_deltas; - if (!(mem_ctx = talloc_init("fetch_database"))) { - return; - } + if (!(mem_ctx = talloc_init("fetch_database"))) + return NT_STATUS_NO_MEMORY; switch( db_type ) { case SAM_DATABASE_DOMAIN: @@ -964,11 +963,15 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, for (i = 0; i < num_deltas; i++) { fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); } - } + } else + return result; + sync_context += 1; } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); + + return result; } /* dump sam database via samsync rpc calls */ @@ -1009,10 +1012,27 @@ int rpc_vampire(int argc, const char **argv) } dom_sid = *get_global_sam_sid(); - fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); + result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); + + if (!NT_STATUS_IS_OK(result)) { + d_printf("Failed to fetch domain database: %s\n", + nt_errstr(result)); + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) + d_printf("Perhaps %s is a Windows 2000 native mode " + "domain?\n", lp_workgroup()); + goto fail; + } sid_copy(&dom_sid, &global_sid_Builtin); - fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, dom_sid); + + result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, + dom_sid); + + if (!NT_STATUS_IS_OK(result)) { + d_printf("Failed to fetch builtin database: %s\n", + nt_errstr(result)); + goto fail; + } /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ @@ -1022,8 +1042,8 @@ int rpc_vampire(int argc, const char **argv) return 0; fail: - if (cli) { + if (cli) cli_nt_session_close(cli); - } + return -1; } -- cgit From 75a5c0b307a79536316b651273d3f6983323f5ce Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 18 Jun 2003 15:24:10 +0000 Subject: Ok, this patch removes the privilege stuff we had in, unused, for some time. The code was nice, but put in the wrong place (group mapping) and not supported by most of the code, thus useless. We will put back most of the code when our infrastructure will be changed so that privileges actually really make sense to be set. This is a first patch of a set to enhance all our mapping code cleaness and stability towards a sane next beta for 3.0 code base Simo. (This used to be commit e341e7c49f8c17a9ee30ca3fab3aa0397c1f0c7e) --- source3/utils/net_rpc_samsync.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 72231fd527..ada2d274ba 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -460,7 +460,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, sid, False)) { + if (!pdb_getgrsid(&map, sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); pdb_free_sam(&sam_account); @@ -518,7 +518,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (pdb_getgrsid(&map, group_sid, False)) { + if (pdb_getgrsid(&map, group_sid)) { grp = getgrgid(map.gid); insert = False; } @@ -544,9 +544,6 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) fstrcpy(map.nt_name, name); fstrcpy(map.comment, comment); - map.priv_set.count = 0; - map.priv_set.set = NULL; - if (insert) pdb_add_group_mapping_entry(&map); else @@ -573,7 +570,7 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - if (!get_domain_group_from_sid(group_sid, &map, False)) { + if (!get_domain_group_from_sid(group_sid, &map)) { DEBUG(0, ("Could not find global group %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } @@ -698,7 +695,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, sid_append_rid(&alias_sid, rid); sid_to_string(sid_string, &alias_sid); - if (pdb_getgrsid(&map, alias_sid, False)) { + if (pdb_getgrsid(&map, alias_sid)) { grp = getgrgid(map.gid); insert = False; } @@ -728,9 +725,6 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, fstrcpy(map.nt_name, name); fstrcpy(map.comment, comment); - map.priv_set.count = 0; - map.priv_set.set = NULL; - if (insert) pdb_add_group_mapping_entry(&map); else -- cgit From a3ddfa5069c9df07626135aa5fd2ec411c41943f Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jul 2003 09:46:12 +0000 Subject: Fixes to our LDAP/vampire codepaths: - Try better to add the appropriate mapping between UID and SIDs, based on Get_Pwnam() - Look for previous users (lookup by SID) and correctly modify the existing entry in that case - Map the root user to the Admin SID as a 'well known user' - Save the LDAPMessage result on the SAM_ACCOUNT for use in the next 'update' call on that user. This means that VL's very nice work on atomic LDAP updates now really gets used properly! - This also means that we know the right DN to update, without the extra round-trips to the server. Andrew Bartlett (This used to be commit c7118cb31dac24db3b762fe68ce655b17ea102e0) --- source3/utils/net_rpc_samsync.c | 81 ++++++++++++++++++++++------------------- 1 file changed, 44 insertions(+), 37 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ada2d274ba..881ea96db6 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -409,10 +409,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) SAM_ACCOUNT *sam_account=NULL; GROUP_MAP map; struct group *grp; - DOM_SID sid; + DOM_SID user_sid; + DOM_SID group_sid; struct passwd *passwd; unid_t id; - int u_type; + int u_type = ID_USERID | ID_QUERY_ONLY; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -444,55 +445,56 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) passwd = Get_Pwnam(account); } } + + sid_copy(&user_sid, get_global_sam_sid()); + sid_append_rid(&user_sid, delta->user_rid); - sam_account_from_delta(sam_account, delta); - if (!pdb_add_sam_account(sam_account)) { - DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", - account)); + if (!pdb_getsampwsid(sam_account, &user_sid)) { + sam_account_from_delta(sam_account, delta); + if (!pdb_add_sam_account(sam_account)) { + DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", + account)); + return NT_STATUS_ACCESS_DENIED; + } + } else { + sam_account_from_delta(sam_account, delta); if (!pdb_update_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); pdb_free_sam(&sam_account); - return NT_STATUS_OK; -/* return NT_STATUS_ACCESS_DENIED; */ + return NT_STATUS_ACCESS_DENIED; } } - sid = *pdb_get_group_sid(sam_account); + group_sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, sid)) { + if (!pdb_getgrsid(&map, group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); - pdb_free_sam(&sam_account); - return NT_STATUS_NO_SUCH_GROUP; - } - + } else { + if (map.gid != passwd->pw_gid) { + if (!(grp = getgrgid(map.gid))) { + DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", + map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); + } else { + smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); + } + } + } + if (!passwd) { + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); /* if no unix user, changing the mapping won't help */ - pdb_free_sam(&sam_account); - return NT_STATUS_OK; - } - - if (map.gid != passwd->pw_gid) { - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", - map.gid, pdb_get_username(sam_account), sid_string_static(&sid))); - pdb_free_sam(&sam_account); - return NT_STATUS_NO_SUCH_GROUP; + } else { + nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account)); + if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) { + + } else { + /* set mapping */ + + id.uid = passwd->pw_uid; + nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID); } - - smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); - } - - nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account)); - if (!NT_STATUS_IS_OK(nt_ret)) { - pdb_free_sam(&sam_account); - return nt_ret; - } - - if ((u_type != ID_USERID) || (id.uid != passwd->pw_uid)) { - id.uid = passwd->pw_uid; - nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID); } pdb_free_sam(&sam_account); @@ -980,6 +982,11 @@ int rpc_vampire(int argc, const char **argv) ZERO_STRUCT(ret_creds); + if (!idmap_init(lp_idmap_backend())) { + d_printf("Could not init idmap\n"); + return -1; + } + /* Connect to remote machine */ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { -- cgit From 85921dbd6fa417aa451ab9b6e88ecb7900333549 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 5 Jul 2003 10:39:41 +0000 Subject: Add some debug statments to our vampire code - try to make it easier to track down failures. Add a 'auto-add on modify' feature to guestsam Fix some segfault bugs on no-op idmap modifications, and on new idmappings that do not have a DN to tack onto. Make the 'private data' a bit more robust. Andrew Bartlett (This used to be commit 6c48309cda9538da5a32f3d88a7bb9c413ae9e8e) --- source3/utils/net_rpc_samsync.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 881ea96db6..2831645550 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -414,6 +414,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) struct passwd *passwd; unid_t id; int u_type = ID_USERID | ID_QUERY_ONLY; + fstring sid_string; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); @@ -449,8 +450,11 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, delta->user_rid); + DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { sam_account_from_delta(sam_account, delta); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); if (!pdb_add_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); @@ -458,6 +462,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } } else { sam_account_from_delta(sam_account, delta); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); if (!pdb_update_sam_account(sam_account)) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); -- cgit From 16ff7b26f6b9d288cbd1d39e075b637e24da13a6 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 9 Jul 2003 16:44:47 +0000 Subject: Large set of changes to add UNIX account/group management to winbindd. See README.idmap-and-winbind-changes for details. (This used to be commit 1111bc7b0c7165e1cdf8d90eb49f4c368d2eded6) --- source3/utils/net_rpc_samsync.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2831645550..4b31c061f3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -441,10 +441,17 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - - /* try and find the possible unix account again */ - passwd = Get_Pwnam(account); } + else { + DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); + if ( !winbind_create_user( account ) ) + DEBUG(4,("fetch_account_info: winbind_create_user() failed\n")); + } + + /* try and find the possible unix account again */ + if ( !(passwd = Get_Pwnam(account)) ) + return NT_STATUS_NO_SUCH_USER; + } sid_copy(&user_sid, get_global_sam_sid()); @@ -912,7 +919,7 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, &delta->als_mem_info, dom_sid); break; case SAM_DELTA_DOMAIN_INFO: - d_printf("SAMBA_DELTA_DOMAIN_INFO not handled\n"); + d_printf("SAM_DELTA_DOMAIN_INFO not handled\n"); break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); -- cgit From 03d5867d529f126da368ebda70bf2d997aa602e0 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 11 Jul 2003 05:33:40 +0000 Subject: moving more code around. * move rid allocation into IDMAP. See comments in _api_samr_create_user() * add winbind delete user/group functions I'm checking this in to sync up with everyone. But I'm going to split the add a separate winbindd_allocate_rid() function for systems that have an 'add user script' but need idmap to give them a RID. Life would be so much simplier without 'enable rid algorithm'. The current RID allocation is horrible due to this one fact. Tested idmap_tdb but not idmap_ldap yet. Will do that tomorrow. Nothing has changed in the way a samba domain is represented, stored, or search in the directory so things should be ok with previous installations. going to bed now. (This used to be commit 0463045cc7ff177fab44b25faffad5bf7140244d) --- source3/utils/net_rpc_samsync.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4b31c061f3..31535f7945 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -444,7 +444,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); - if ( !winbind_create_user( account ) ) + + /* don't need a RID allocated since the user already has a SID */ + if ( !winbind_create_user( account, NULL ) ) DEBUG(4,("fetch_account_info: winbind_create_user() failed\n")); } -- cgit From a84270ce115e7fa0674c163de708333816184dca Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 16 Jul 2003 02:20:53 +0000 Subject: fixes for 'net rpc vampire'. I can now take a blank Samba host and migrate an NT4 domain and still logon from domain members (tested logon scripts, system policies, profiles, & home directories) (passdb backend = tdbsam) removed call to idmap_init_wellknown_sids() from winbindd.c since the local domain should be handled by the guest passdb backend (and you don't really always want the Administrator account to be root) ...and we didn't pay attention to this anyways now. (This used to be commit 837d7c54d3ca780160aa0d6a2f0a109bb691948e) --- source3/utils/net_rpc_samsync.c | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 31535f7945..e5e9a68b2e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -412,8 +412,6 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) DOM_SID user_sid; DOM_SID group_sid; struct passwd *passwd; - unid_t id; - int u_type = ID_USERID | ID_QUERY_ONLY; fstring sid_string; fstrcpy(account, unistr2_static(&delta->uni_acct_name)); @@ -497,19 +495,9 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } } - if (!passwd) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); - /* if no unix user, changing the mapping won't help */ - } else { - nt_ret = idmap_get_id_from_sid(&id, &u_type, pdb_get_user_sid(sam_account)); - if (NT_STATUS_IS_OK(nt_ret) && (u_type == ID_USERID) && (id.uid == passwd->pw_uid)) { - - } else { - /* set mapping */ - - id.uid = passwd->pw_uid; - nt_ret = idmap_set_mapping(pdb_get_user_sid(sam_account), id, ID_USERID); - } + if ( !passwd ) { + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + pdb_get_username(sam_account))); } pdb_free_sam(&sam_account); @@ -536,21 +524,25 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_to_string(sid_string, &group_sid); if (pdb_getgrsid(&map, group_sid)) { - grp = getgrgid(map.gid); + if ( map.gid != -1 ) + grp = getgrgid(map.gid); insert = False; } - if (grp == NULL) - { + if (grp == NULL) { gid_t gid; /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { + /* No appropriate group found, create one */ + d_printf("Creating unix group: '%s'\n", name); + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - if ((grp = getgrgid(gid)) == NULL) + + if ((grp = getgrnam(name)) == NULL) return NT_STATUS_ACCESS_DENIED; } } @@ -997,11 +989,6 @@ int rpc_vampire(int argc, const char **argv) ZERO_STRUCT(ret_creds); - if (!idmap_init(lp_idmap_backend())) { - d_printf("Could not init idmap\n"); - return -1; - } - /* Connect to remote machine */ if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { @@ -1027,7 +1014,7 @@ int rpc_vampire(int argc, const char **argv) goto fail; } - dom_sid = *get_global_sam_sid(); + sid_copy( &dom_sid, get_global_sam_sid() ); result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); if (!NT_STATUS_IS_OK(result)) { -- cgit From 80c1f1d865b13a63c7a60876b63458119566e044 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 22 Jul 2003 04:31:20 +0000 Subject: Fixup a bunch of printf-style functions and debugs to use unsigned long when displaying pid_t, uid_t and gid_t values. This removes a whole lot of warnings on some of the 64-bit build farm machines as well as help us out when 64-bit uid/gid/pid values come along. (This used to be commit f93528ba007c8800a850678f35f499fb7360fb9a) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e5e9a68b2e..dbaec007c0 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -487,8 +487,8 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d for user %s (group SID=%s)\n", - map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); } @@ -585,7 +585,7 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d\n", map.gid)); + DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); return NT_STATUS_NO_SUCH_GROUP; } -- cgit From 9fc34cafa28b2fd97daaabdc38cfc4f47c5188ba Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sun, 27 Jul 2003 00:20:45 +0000 Subject: Ensure all code paths set add_script. Jeremy. (This used to be commit 0021c83ff645a1923b5a3d3c484d44b20d7813f0) --- source3/utils/net_rpc_samsync.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index dbaec007c0..9eadbbbade 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -400,8 +400,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS -fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { NTSTATUS nt_ret; fstring account; @@ -429,6 +428,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) (delta->acb_info & ACB_DOMTRUST) ) { pstrcpy(add_script, lp_addmachine_script()); } else { + *add_script = '\0'; DEBUG(1, ("Unknown user type: %s\n", smbpasswd_encode_acb_info(delta->acb_info))); } @@ -439,8 +439,7 @@ fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } - else { + } else { DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); /* don't need a RID allocated since the user already has a SID */ -- cgit From 4461109416e8dc42903e6990306d059b8837dd8e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Aug 2003 01:04:57 +0000 Subject: Cosmetic fix from waider@waider.ie. Jeremy. (This used to be commit cb326c2dbff1fad87d5c72df4a004d5a42d17472) --- source3/utils/net_rpc_samsync.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9eadbbbade..18e476f377 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -914,6 +914,37 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, case SAM_DELTA_DOMAIN_INFO: d_printf("SAM_DELTA_DOMAIN_INFO not handled\n"); break; + /* The following types are recognised but not handled */ + case SAM_DELTA_RENAME_GROUP: + d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + break; + case SAM_DELTA_RENAME_USER: + d_printf("SAM_DELTA_RENAME_USER not handled\n"); + break; + case SAM_DELTA_RENAME_ALIAS: + d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + break; + case SAM_DELTA_POLICY_INFO: + d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + break; + case SAM_DELTA_TRUST_DOMS: + d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + break; + case SAM_DELTA_PRIVS_INFO: + d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + break; + case SAM_DELTA_SECRET_INFO: + d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + break; + case SAM_DELTA_DELETE_GROUP: + d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + break; + case SAM_DELTA_DELETE_USER: + d_printf("SAM_DELTA_DELETE_USER not handled\n"); + break; + case SAM_DELTA_MODIFIED_COUNT: + d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + break; default: d_printf("Unknown delta record type %d\n", hdr_delta->type); break; -- cgit From 110abf10d208769bf6bcfc0604874cb1bed0406a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Aug 2003 02:59:52 +0000 Subject: Turns out I had my packet sequences wrong for oplock break code. I was storing the mid of the oplock break - I should have been storing the mid from the open. There are thus 2 types of deferred packet sequence returns - ones that increment the sequence number (returns from oplock causing opens) and ones that don't (change notify returns etc). Running with signing forced on does lead to some interesting tests :-). Jeremy. (This used to be commit 85907f02cec566502d9e4adabbd414020a26064d) --- source3/utils/net_rpc_samsync.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 18e476f377..ed69f8a326 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -550,7 +550,11 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.sid = group_sid; map.sid_name_use = SID_NAME_DOM_GRP; fstrcpy(map.nt_name, name); - fstrcpy(map.comment, comment); + if (delta->hdr_grp_desc.buffer) { + fstrcpy(map.comment, comment); + } else { + fstrcpy(map.comment, ""); + } if (insert) pdb_add_group_mapping_entry(&map); @@ -911,10 +915,10 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, fetch_alias_mem(hdr_delta->target_rid, &delta->als_mem_info, dom_sid); break; + /* The following types are recognised but not handled */ case SAM_DELTA_DOMAIN_INFO: d_printf("SAM_DELTA_DOMAIN_INFO not handled\n"); break; - /* The following types are recognised but not handled */ case SAM_DELTA_RENAME_GROUP: d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); break; -- cgit From 51297321ba50e47d30179cf17713e1d205a33d22 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 10 Sep 2003 06:49:13 +0000 Subject: Use opt_target_workgroup instead of lp_workgroup() in vampire code so we can override the value in smb.conf with the -w option. Migrating accounts from another domain can now be done like: # bin/net join bdc -w nt4dom -Uadministrator%password # bin/net rpc vampire -w nt4dom -U administrator%password (This used to be commit d7bd3c1efbd02a7ca01ad9a4b242ea4cc4a63c1f) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ed69f8a326..4d8fa5e7e2 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1034,7 +1034,7 @@ int rpc_vampire(int argc, const char **argv) goto fail; } - if (!secrets_fetch_trust_account_password(lp_workgroup(), + if (!secrets_fetch_trust_account_password(opt_target_workgroup, trust_password, NULL, &sec_channel)) { d_printf("Could not retrieve domain trust secret\n"); @@ -1056,7 +1056,7 @@ int rpc_vampire(int argc, const char **argv) nt_errstr(result)); if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) d_printf("Perhaps %s is a Windows 2000 native mode " - "domain?\n", lp_workgroup()); + "domain?\n", opt_target_workgroup); goto fail; } -- cgit From 4059dfcca2bda4d04c3277eea5bc67039a3fc6db Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Wed, 10 Sep 2003 06:58:41 +0000 Subject: Fix error return path memory leaks in vampire code for creating users. Display an error if we can't create a posix account for the user (e.g no add user/machine script was specified; bug #323). (This used to be commit 0c35ba2cd65ff64c5db2b20d5528a0d486cba51e) --- source3/utils/net_rpc_samsync.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4d8fa5e7e2..64f2d3f68f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -428,9 +428,10 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) (delta->acb_info & ACB_DOMTRUST) ) { pstrcpy(add_script, lp_addmachine_script()); } else { - *add_script = '\0'; DEBUG(1, ("Unknown user type: %s\n", smbpasswd_encode_acb_info(delta->acb_info))); + nt_ret = NT_STATUS_UNSUCCESSFUL; + goto done; } if (*add_script) { int add_ret; @@ -448,8 +449,11 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } /* try and find the possible unix account again */ - if ( !(passwd = Get_Pwnam(account)) ) - return NT_STATUS_NO_SUCH_USER; + if ( !(passwd = Get_Pwnam(account)) ) { + d_printf("Could not create posix account info for '%s'\n", account); + nt_ret = NT_STATUS_NO_SUCH_USER; + goto done; + } } @@ -499,6 +503,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pdb_get_username(sam_account))); } + done: pdb_free_sam(&sam_account); return nt_ret; } -- cgit From bde2b4a8ec725229584125a054c2c169bc9bd1aa Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Tue, 14 Oct 2003 03:50:27 +0000 Subject: Break out of samsync loop on error. (This used to be commit f8994483484cab47f0d6a6934979f69402dba894) --- source3/utils/net_rpc_samsync.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 64f2d3f68f..d1c8300a49 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -182,6 +182,9 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); + if (NT_STATUS_IS_ERR(result)) + break; + clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); for (i = 0; i < num_deltas; i++) { display_sam_entry(&hdr_deltas[i], &deltas[i]); -- cgit From b4593e92ff75f006982d7f49337a0a94f44d4218 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 2 Jan 2004 05:32:07 +0000 Subject: JHT came up with a nasty (broken) torture case in preparing examples for his book. This prompted me to look at the code that reads the unix group list. This code did a lot of name -> uid -> name -> sid translations, which caused problems. Instead, we now do just name->sid I also cleaned up some interfaces, and client tools. Andrew Bartlett (This used to be commit f9e59f8bc06fae7e5c8cb0980947f78942dc25c0) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d1c8300a49..e97a362acc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -783,13 +783,13 @@ fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) if (sid_equal(&dom_sid, &global_sid_Builtin)) { sid_type = SID_NAME_WKN_GRP; - if (!get_builtin_group_from_sid(group_sid, &map, False)) { + if (!get_builtin_group_from_sid(&group_sid, &map, False)) { DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid))); return NT_STATUS_NO_SUCH_GROUP; } } else { sid_type = SID_NAME_ALIAS; - if (!get_local_group_from_sid(group_sid, &map, False)) { + if (!get_local_group_from_sid(&group_sid, &map, False)) { DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid))); return NT_STATUS_NO_SUCH_GROUP; } -- cgit From d198c5587774808823aa09e997ff492826738c51 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Feb 2004 08:38:42 +0000 Subject: Make more functions static, and remove duplication in the use of functions in lib/smbpasswd.c that were exact duplicates of functions in passdb/passdb.c (These should perhaps be pulled back out to smbpasswd.c, but that can occour later). Andrew Bartlett (This used to be commit fcdc5efb1e245c8fa95cd031f67ec56093b9056e) --- source3/utils/net_rpc_samsync.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e97a362acc..cb395de828 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -62,21 +62,21 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - smbpasswd_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); } else { - smbpasswd_sethexpwd(hex_lm_passwd, NULL, 0); + pdb_sethexpwd(hex_lm_passwd, NULL, 0); } if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); - smbpasswd_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); } else { - smbpasswd_sethexpwd(hex_nt_passwd, NULL, 0); + pdb_sethexpwd(hex_nt_passwd, NULL, 0); } printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), a->user_rid, hex_lm_passwd, hex_nt_passwd, - smbpasswd_encode_acb_info(a->acb_info)); + pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } static void display_domain_info(SAM_DOMAIN_INFO *a) @@ -432,7 +432,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) pstrcpy(add_script, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", - smbpasswd_encode_acb_info(delta->acb_info))); + pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } -- cgit From 784c631a3a3fcaef22873b5ab2389cd15b13d0a1 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sun, 8 Feb 2004 10:59:09 +0000 Subject: Make it possible to 'net rpc samdump' of any domain you are currently joined to, despite any smb.conf settings. Work to allow the same for 'net rpc vampire', but instead give a clear error message on what is incorrect. Andrew Bartlett (This used to be commit 6b629344c5a4061d6052fa91f8429b337bab95fb) --- source3/utils/net_rpc_samsync.c | 90 +++++++++++++++++------------------------ 1 file changed, 38 insertions(+), 52 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index cb395de828..882f3a02bc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -196,36 +196,29 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret } /* dump sam database via samsync rpc calls */ -int rpc_samdump(int argc, const char **argv) +NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) { - struct cli_state *cli = NULL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; DOM_CRED ret_creds; uint32 sec_channel; ZERO_STRUCT(ret_creds); - /* Connect to remote machine */ - if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | NET_FLAGS_PDC))) { - return 1; - } - - fstrcpy(cli->domain, lp_workgroup()); - - if (!cli_nt_session_open(cli, PI_NETLOGON)) { - DEBUG(0,("Could not open connection to NETLOGON pipe\n")); - goto fail; - } + fstrcpy(cli->domain, domain_name); - if (!secrets_fetch_trust_account_password(lp_workgroup(), + if (!secrets_fetch_trust_account_password(domain_name, trust_password, NULL, &sec_channel)) { DEBUG(0,("Could not fetch trust account password\n")); goto fail; } - if (!NT_STATUS_IS_OK(cli_nt_establish_netlogon(cli, sec_channel, - trust_password))) { + if (!NT_STATUS_IS_OK(nt_status = cli_nt_establish_netlogon(cli, sec_channel, + trust_password))) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } @@ -234,15 +227,11 @@ int rpc_samdump(int argc, const char **argv) dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); - cli_nt_session_close(cli); - - return 0; + nt_status = NT_STATUS_OK; fail: - if (cli) { - cli_nt_session_close(cli); - } - return -1; + cli_nt_session_close(cli); + return nt_status; } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ @@ -457,7 +446,6 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) nt_ret = NT_STATUS_NO_SUCH_USER; goto done; } - } sid_copy(&user_sid, get_global_sam_sid()); @@ -1020,75 +1008,73 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, } /* dump sam database via samsync rpc calls */ -int rpc_vampire(int argc, const char **argv) +NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, TALLOC_CTX *mem_ctx, + int argc, const char **argv) { NTSTATUS result; - struct cli_state *cli = NULL; uchar trust_password[16]; DOM_CRED ret_creds; - DOM_SID dom_sid; + fstring my_dom_sid_str; + fstring rem_dom_sid_str; uint32 sec_channel; ZERO_STRUCT(ret_creds); - /* Connect to remote machine */ - if (!(cli = net_make_ipc_connection(NET_FLAGS_ANONYMOUS | - NET_FLAGS_PDC))) { - return 1; + if (!sid_equal(domain_sid, get_global_sam_sid())) { + d_printf("Cannot import users from %s at this time, " + "as the current domain:\n\t%s: %s\nconflicts " + "with the remote domain\n\t%s: %s\n" + "Perhaps you need to set: \n\n\tsecurity=user\n\tworkgroup=%s\n\n in your smb.conf?\n", + domain_name, + get_global_sam_name(), sid_to_string(my_dom_sid_str, + get_global_sam_sid()), + domain_name, sid_to_string(rem_dom_sid_str, domain_sid), + domain_name); + return NT_STATUS_UNSUCCESSFUL; } - if (!cli_nt_session_open(cli, PI_NETLOGON)) { - DEBUG(0,("Error connecting to NETLOGON pipe\n")); - goto fail; - } + fstrcpy(cli->domain, domain_name); - if (!secrets_fetch_trust_account_password(opt_target_workgroup, + if (!secrets_fetch_trust_account_password(domain_name, trust_password, NULL, &sec_channel)) { + result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; d_printf("Could not retrieve domain trust secret\n"); goto fail; } - result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); + result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to setup BDC creds\n"); goto fail; } - sid_copy( &dom_sid, get_global_sam_sid() ); - result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, dom_sid); + result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, *domain_sid); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch domain database: %s\n", nt_errstr(result)); if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) d_printf("Perhaps %s is a Windows 2000 native mode " - "domain?\n", opt_target_workgroup); + "domain?\n", domain_name); goto fail; } - sid_copy(&dom_sid, &global_sid_Builtin); - result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, - dom_sid); + global_sid_Builtin); if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch builtin database: %s\n", nt_errstr(result)); goto fail; - } + } /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ - cli_nt_session_close(cli); - - return 0; - fail: - if (cli) - cli_nt_session_close(cli); - - return -1; + return result; } -- cgit From b4cf9e95059071df49b34ff8574e48cb96f42da1 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Thu, 7 Oct 2004 04:01:18 +0000 Subject: r2835: Since we always have -I. and -I$(srcdir) in CFLAGS, we can get rid of '..' from all #include preprocessor commands. This fixes bugzilla #1880 where OpenVMS gets confused about the '.' characters. (This used to be commit 7f161702fa4916979602cc0295919b541912acd6) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 882f3a02bc..2e7c053ac3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -22,7 +22,7 @@ */ #include "includes.h" -#include "../utils/net.h" +#include "utils/net.h" extern DOM_SID global_sid_Builtin; -- cgit From acf9d61421faa6c0055d57fdee7db300dc5431aa Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Dec 2004 18:25:53 +0000 Subject: r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2e7c053ac3..b31087927a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -595,7 +595,7 @@ fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - nt_members = talloc_zero(t, sizeof(char *) * delta->num_members); + nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members); for (i=0; inum_members; i++) { NTSTATUS nt_status; -- cgit From b0beeb8123412810f67de8cf7c640a513feb188d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Dec 2004 09:45:03 +0000 Subject: r4127: vampire munged_dial. Guenther (This used to be commit eb64eb9d572e12b28a67779746b8ddc191497c09) --- source3/utils/net_rpc_samsync.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index b31087927a..e5778dfc7c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -322,6 +322,14 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_profile_path(account, new_string, PDB_CHANGED); } + if (delta->hdr_parameters.buffer) { + old_string = pdb_get_munged_dial(account); + new_string = unistr2_static(&delta->uni_parameters); + + if (STRING_CHANGED) + pdb_set_munged_dial(account, new_string, PDB_CHANGED); + } + /* User and group sid */ if (pdb_get_user_rid(account) != delta->user_rid) pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); -- cgit From f3074443dc46e4e83803f7e931994bdbbecea82a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 10 Dec 2004 10:42:47 +0000 Subject: r4130: add bad_password_count and logon_count to vampire (inspired by a patch from Lars Mueller ), just for completeness. Note that though we have logon_count implemented in all pdb-backends but never (for good reason!) update the counter. Guenther (This used to be commit a03aa0956813998dbbc3c68f6bc5214fd720cdb2) --- source3/utils/net_rpc_samsync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e5778dfc7c..d7af528ff1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -355,8 +355,11 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); /* TODO: logon hours */ - /* TODO: bad password count */ - /* TODO: logon count */ + if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) + pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); + + if (pdb_get_logon_count(account) != delta->logon_count) + pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED); if (!nt_time_is_zero(&delta->pwd_last_set_time)) { unix_time = nt_time_to_unix(&delta->pwd_last_set_time); -- cgit From 111f62c00c31ac98d50c0a01e31cb1d44082be29 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 20 Dec 2004 12:52:33 +0000 Subject: r4287: Vampire SAM_DELTA_DOMAIN_INFO. Based on samba4-idl. The decoding of account-lockout-string is somewhat experimental though. Guenther (This used to be commit 721bf50d7446b8ce18bc1d45e17d4214d5a43d26) --- source3/utils/net_rpc_samsync.c | 114 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d7af528ff1..3c98ec9e71 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -36,6 +36,45 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) d_printf("\n"); } + +static const char *display_time(NTTIME *nttime) +{ + static fstring string; + + float high; + float low; + int sec; + int days, hours, mins, secs; + int offset = 1; + + if (nttime->high==0 && nttime->low==0) + return "Now"; + + if (nttime->high==0x80000000 && nttime->low==0) + return "Never"; + + high = 65536; + high = high/10000; + high = high*65536; + high = high/1000; + high = high * (~nttime->high); + + low = ~nttime->low; + low = low/(1000*1000*10); + + sec=high+low; + sec+=offset; + + days=sec/(60*60*24); + hours=(sec - (days*60*60*24)) / (60*60); + mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60; + secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60); + + fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs); + return (string); +} + + static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) { d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); @@ -81,7 +120,25 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) static void display_domain_info(SAM_DOMAIN_INFO *a) { + time_t u_logout; + + u_logout = nt_time_to_unix_abs((NTTIME *)&a->force_logoff); + d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); + + d_printf("Minimal Password Length: %d\n", a->min_pwd_len); + d_printf("Password History Length: %d\n", a->pwd_history_len); + + d_printf("Force Logoff: %d\n", (int)u_logout); + + d_printf("Max Password Age: %s\n", display_time((NTTIME *)&a->max_pwd_age)); + d_printf("Min Password Age: %s\n", display_time((NTTIME *)&a->min_pwd_age)); + + d_printf("Lockout Time: %s\n", display_time((NTTIME *)&a->account_lockout.lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time((NTTIME *)&a->account_lockout.reset_count)); + + d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); + d_printf("User must logon to change password: %d\n", a->logon_chgpass); } static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) @@ -897,6 +954,58 @@ fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) return NT_STATUS_OK; } +static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) +{ + time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + pstring domname; + + u_max_age = nt_time_to_unix_abs((NTTIME *)&delta->max_pwd_age); + u_min_age = nt_time_to_unix_abs((NTTIME *)&delta->min_pwd_age); + u_logout = nt_time_to_unix_abs((NTTIME *)&delta->force_logoff); + u_lockoutreset = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.reset_count); + u_lockouttime = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.lockout_duration); + + unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname) - 1); + + /* we don't handle BUILTIN account policies */ + if (!strequal(domname, get_global_sam_name())) { + printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname); + return NT_STATUS_OK; + } + + + if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + return nt_status; + + if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + return nt_status; + + if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + return nt_status; + + if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + return nt_status; + + if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + return nt_status; + + if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + return nt_status; + + if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + return nt_status; + + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60)) + return nt_status; + + if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + return nt_status; + + return NT_STATUS_OK; +} + + static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, DOM_SID dom_sid) @@ -922,10 +1031,11 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, fetch_alias_mem(hdr_delta->target_rid, &delta->als_mem_info, dom_sid); break; - /* The following types are recognised but not handled */ case SAM_DELTA_DOMAIN_INFO: - d_printf("SAM_DELTA_DOMAIN_INFO not handled\n"); + fetch_domain_info(hdr_delta->target_rid, + &delta->domain_info); break; + /* The following types are recognised but not handled */ case SAM_DELTA_RENAME_GROUP: d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); break; -- cgit From b46913fb95d59f3ec8e7e71da758cd16cda05f2c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 20 Dec 2004 21:14:28 +0000 Subject: r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com). Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3c98ec9e71..e8a110d083 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -863,7 +863,7 @@ fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) return NT_STATUS_NO_MEMORY; } - nt_members = talloc_zero(t, sizeof(char *) * delta->num_members); + nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members); for (i=0; inum_members; i++) { NTSTATUS nt_status; -- cgit From b314cf95ce3cf809fd03af2b562e9a6dc156f746 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 24 Dec 2004 00:08:15 +0000 Subject: r4351: Vampire Logon-Hours. Update Logon-Hours only when they have changed. Guenther (This used to be commit 0930ad662770278cbe9fd4e3deaa523957b96697) --- source3/utils/net_rpc_samsync.c | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e8a110d083..688944cf0b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -408,10 +408,29 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); } + /* Logon Divs */ if (pdb_get_logon_divs(account) != delta->logon_divs) pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); - /* TODO: logon hours */ + /* Max Logon Hours */ + if (delta->unknown1 != pdb_get_unknown_6(account)) { + pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); + } + + /* Logon Hours Len */ + if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED); + } + + /* Logon Hours */ + if (delta->buf_logon_hrs.buffer) { + pstring old, new; + pdb_sethexhours(old, pdb_get_hours(account)); + pdb_sethexhours(new, (const char *)delta->buf_logon_hrs.buffer); + if (!strequal(old, new)) + pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + } + if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); -- cgit From a3e4686b50d61d275513bfd20b740cdc9bb34bc6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 24 Dec 2004 00:38:22 +0000 Subject: r4352: Base64-encode munged-dial with correct length in 'net rpc vampire'. Guenther (This used to be commit 98f3e3353df988e819bc41d145b13c76e1b86b55) --- source3/utils/net_rpc_samsync.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 688944cf0b..30d24ea8ac 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -380,8 +380,11 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) } if (delta->hdr_parameters.buffer) { + DATA_BLOB mung; old_string = pdb_get_munged_dial(account); - new_string = unistr2_static(&delta->uni_parameters); + mung.length = delta->uni_parameters.uni_str_len * 2; + mung.data = (uint8 *) delta->uni_parameters.buffer; + new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); if (STRING_CHANGED) pdb_set_munged_dial(account, new_string, PDB_CHANGED); -- cgit From 3c1f5a024d3a8e4b85057122556dd5930af09be3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 24 Dec 2004 00:56:30 +0000 Subject: r4353: Finally get length of munged_dial correct. Guenther (This used to be commit b209f97f246cd65719f1000c7de368babec26d47) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 30d24ea8ac..fccdc5f5ba 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -382,7 +382,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) if (delta->hdr_parameters.buffer) { DATA_BLOB mung; old_string = pdb_get_munged_dial(account); - mung.length = delta->uni_parameters.uni_str_len * 2; + mung.length = delta->hdr_parameters.uni_str_len; mung.data = (uint8 *) delta->uni_parameters.buffer; new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); -- cgit From 846b8d4cfdee815cd22d7e00b7f120668f9758a9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 5 Jan 2005 16:02:56 +0000 Subject: r4538: Fix bugzilla 2198, accounts which have password last set to 0 are getting no passwords after vampire. Set password last set field to now. (This used to be commit 60c3a638e4e63d009728c2ce7a6264c3c120a9e5) --- source3/utils/net_rpc_samsync.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fccdc5f5ba..3ef2388bbc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -445,6 +445,9 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) stored_time = pdb_get_pass_last_set_time(account); if (stored_time != unix_time) pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); + } else { + /* no last set time, make it now */ + pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); } #if 0 -- cgit From 2b21e9004f3898c32776fa4c2e0d813177c39153 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Jan 2005 21:42:05 +0000 Subject: r4877: When vampiring account policy AP_LOCK_ACCOUNT_DURATION honour "Lockout Duration: Forever". Guenther (This used to be commit aecacf4d9cc5e2aa69b358292b9d591ade696500) --- source3/utils/net_rpc_samsync.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3ef2388bbc..320341ec05 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1021,7 +1021,10 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime/60)) + if (u_lockouttime != -1) + u_lockouttime /= 60; + + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) -- cgit From b4afdc08d5336e4a337e453443d7af1d8655a31a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 22 Jan 2005 03:37:09 +0000 Subject: r4925: Migrate Account Policies to passdb (esp. replicating ldapsam). Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5) --- source3/utils/net_rpc_samsync.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 320341ec05..2db8ff054b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1000,34 +1000,34 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) return nt_status; - if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) return nt_status; - if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; - if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; if (u_lockouttime != -1) u_lockouttime /= 60; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) + if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) return nt_status; return NT_STATUS_OK; -- cgit From 5f54cc9bd3fa76e62926de0670f832f7b0e3739d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 7 Feb 2005 18:20:06 +0000 Subject: r5264: Log with loglevel 0 when account-administration scripts fail. Guenther (This used to be commit 3d391ef149639750db376b05528a27422f8a3321) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2db8ff054b..cc81719b6a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -523,7 +523,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) all_string_sub(add_script, "%u", account, sizeof(account)); add_ret = smbrun(add_script,NULL); - DEBUG(1,("fetch_account: Running the command `%s' " + DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); } else { DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); -- cgit From 6c84ecb55657ae28eb739a72164f6d7251dc627f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 12 Feb 2005 00:51:31 +0000 Subject: r5349: After talking with Jerry, reverted the addition of account policies to passdb in 3_0 (they are still in trunk). Guenther (This used to be commit fdf9bdbbac1d8d4f3b3e1fc7e49c1e659b9301b1) --- source3/utils/net_rpc_samsync.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index cc81719b6a..49aef2a23c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1000,34 +1000,34 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) return nt_status; - if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) return nt_status; - if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; - if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; if (u_lockouttime != -1) u_lockouttime /= 60; - if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) + if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) return nt_status; return NT_STATUS_OK; -- cgit From 5d88feaaad77bbb8a172c911624ccb07d6050da4 Mon Sep 17 00:00:00 2001 From: Tim Potter Date: Sun, 20 Mar 2005 09:23:37 +0000 Subject: r5909: Remove some unecessary casts. Patch from Jason Mader for bugzill #2468. (This used to be commit ede9fd08cf0ce04528f73c74e2345ba46d26f1e2) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 49aef2a23c..3ddfc5c9d9 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -429,7 +429,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) if (delta->buf_logon_hrs.buffer) { pstring old, new; pdb_sethexhours(old, pdb_get_hours(account)); - pdb_sethexhours(new, (const char *)delta->buf_logon_hrs.buffer); + pdb_sethexhours(new, delta->buf_logon_hrs.buffer); if (!strequal(old, new)) pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED); } -- cgit From 83e11ba86c2401ece3c845fd10c22b84e6be7811 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 9 Apr 2005 11:46:40 +0000 Subject: r6263: Get rid of generate_wellknown_sids, they are const static and initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9) --- source3/utils/net_rpc_samsync.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3ddfc5c9d9..fa38004fe6 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -24,8 +24,6 @@ #include "includes.h" #include "utils/net.h" -extern DOM_SID global_sid_Builtin; - static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) { int i; -- cgit From 450e8d5749504f8392c0cfe8b79218f03b88076a Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 31 May 2005 02:23:47 +0000 Subject: r7130: remove 'winbind enable local accounts' code from the 3.0 tree (This used to be commit 318c3db4cb1c85be40b2f812f781bcf5f1da5c19) --- source3/utils/net_rpc_samsync.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fa38004fe6..84872897fc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -523,13 +523,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } else { - DEBUG(8,("fetch_account_info: no add user/machine script. Asking winbindd\n")); - - /* don't need a RID allocated since the user already has a SID */ - if ( !winbind_create_user( account, NULL ) ) - DEBUG(4,("fetch_account_info: winbind_create_user() failed\n")); - } + } /* try and find the possible unix account again */ if ( !(passwd = Get_Pwnam(account)) ) { -- cgit From 19ca97a70f6b7b41d251eaa76e4d3c980c6eedff Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 24 Jun 2005 20:25:18 +0000 Subject: r7882: Looks like a large patch - but what it actually does is make Samba safe for using our headers and linking with C++ modules. Stops us from using C++ reserved keywords in our code. Jeremy (This used to be commit 9506b8e145982b1160a2f0aee5c9b7a54980940a) --- source3/utils/net_rpc_samsync.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 84872897fc..ef12038d5e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -425,10 +425,10 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* Logon Hours */ if (delta->buf_logon_hrs.buffer) { - pstring old, new; - pdb_sethexhours(old, pdb_get_hours(account)); - pdb_sethexhours(new, delta->buf_logon_hrs.buffer); - if (!strequal(old, new)) + pstring oldstr, newstr; + pdb_sethexhours(oldstr, pdb_get_hours(account)); + pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); + if (!strequal(oldstr, newstr)) pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED); } -- cgit From e0ffbfc5587ed296d5a9e8f5ed30b6e8b2cd6fcf Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 6 Jul 2005 21:02:43 +0000 Subject: r8189: commit vampire ldif patch, mostly from Don Watson (dwatson@us.ibm.com). Yes, that's my copyright...that's just how we have to do things at big blue. Adds subcommand to vampire to allow data to be put into an ldif file instead of actually writing to the passdb. See "net rpc help vampire" for usage info. This should be added to docs as well. (This used to be commit cb5634a305256a70daa2fcbd85d9a5459b4aeaa3) --- source3/utils/net_rpc_samsync.c | 1005 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 1002 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ef12038d5e..dd3364dfcb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -4,6 +4,7 @@ Copyright (C) Andrew Tridgell 2002 Copyright (C) Tim Potter 2001,2002 + Copyright (C) Jim McDonough 2005 Modified by Volker Lendecke 2002 This program is free software; you can redistribute it and/or modify @@ -24,6 +25,12 @@ #include "includes.h" #include "utils/net.h" +/* uid's and gid's for writing deltas to ldif */ +static uint32 ldif_gid = 999; +static uint32 ldif_uid = 999; +/* Kkeep track of ldap initialization */ +static int init_ldap = 1; + static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) { int i; @@ -1148,6 +1155,985 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, return result; } +static NTSTATUS +populate_ldap_for_ldif(fstring sid, const char *suffix, const char + *builtin_sid, FILE *add_fd) +{ + char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; + char *user_attr=NULL, *group_attr=NULL; + char *suffix_attr; + int len; + + /* Get the suffix attribute */ + suffix_attr = sstring_sub(suffix, '=', ','); + if (suffix_attr == NULL) { + len = strlen(suffix); + suffix_attr = (char*)SMB_MALLOC(len+1); + memcpy(suffix_attr, suffix, len); + suffix_attr[len] = '\0'; + } + + /* Write the base */ + fprintf(add_fd, "# %s\n", suffix); + fprintf(add_fd, "dn: %s\n", suffix); + fprintf(add_fd, "objectClass: dcObject\n"); + fprintf(add_fd, "objectClass: organization\n"); + fprintf(add_fd, "o: %s\n", suffix_attr); + fprintf(add_fd, "dc: %s\n", suffix_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + + user_suffix = lp_ldap_user_suffix(); + /* If it exists and is distinct from other containers, + Write the Users entity */ + if (user_suffix && *user_suffix && + strcmp(user_suffix, suffix)) { + user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); + fprintf(add_fd, "# %s\n", user_suffix); + fprintf(add_fd, "dn: %s\n", user_suffix); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", user_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + + group_suffix = lp_ldap_group_suffix(); + /* If it exists and is distinct from other containers, + Write the Groups entity */ + if (group_suffix && *group_suffix && + strcmp(group_suffix, suffix)) { + group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + fprintf(add_fd, "# %s\n", group_suffix); + fprintf(add_fd, "dn: %s\n", group_suffix); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", group_attr); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* If it exists and is distinct from other containers, + Write the Computers entity */ + machine_suffix = lp_ldap_machine_suffix(); + if (machine_suffix && *machine_suffix && + strcmp(machine_suffix, user_suffix) && + strcmp(machine_suffix, suffix)) { + fprintf(add_fd, "# %s\n", lp_ldap_machine_suffix()); + fprintf(add_fd, "dn: %s\n", lp_ldap_machine_suffix()); + fprintf(add_fd, "objectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", + sstring_sub(lp_ldap_machine_suffix(), '=', ',')); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* If it exists and is distinct from other containers, + Write the IdMap entity */ + idmap_suffix = lp_ldap_idmap_suffix(); + if (idmap_suffix && *idmap_suffix && + strcmp(idmap_suffix, user_suffix) && + strcmp(idmap_suffix, suffix)) { + fprintf(add_fd, "# %s\n", idmap_suffix); + fprintf(add_fd, "dn: %s\n", idmap_suffix); + fprintf(add_fd, "ObjectClass: organizationalUnit\n"); + fprintf(add_fd, "ou: %s\n", + sstring_sub(lp_ldap_idmap_suffix(), '=', ',')); + fprintf(add_fd, "\n"); + fflush(add_fd); + } + + /* Write the root entity */ + fprintf(add_fd, "# root, %s, %s\n", user_attr, suffix); + fprintf(add_fd, "dn: uid=root,ou=%s,%s\n", user_attr, suffix); + fprintf(add_fd, "cn: root\n"); + fprintf(add_fd, "sn: root\n"); + fprintf(add_fd, "objectClass: inetOrgPerson\n"); + fprintf(add_fd, "objectClass: sambaSAMAccount\n"); + fprintf(add_fd, "objectClass: posixAccount\n"); + fprintf(add_fd, "objectClass: shadowAccount\n"); + fprintf(add_fd, "gidNumber: 0\n"); + fprintf(add_fd, "uid: root\n"); + fprintf(add_fd, "uidNumber: 0\n"); + fprintf(add_fd, "homeDirectory: /home/root\n"); + fprintf(add_fd, "sambaPwdLastSet: 0\n"); + fprintf(add_fd, "sambaLogonTime: 0\n"); + fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); + fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); + fprintf(add_fd, "sambaPwdCanChange: 0\n"); + fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); + fprintf(add_fd, "sambaHomePath: \\\\PDC-SRV\root\n"); + fprintf(add_fd, "sambaHomeDrive: H:\n"); + fprintf(add_fd, "sambaProfilePath: \\\\PDC-SRV\\profiles\\root\n"); + fprintf(add_fd, "sambaprimaryGroupSID: %s-512\n", sid); + fprintf(add_fd, "sambaLMPassword: XXX\n"); + fprintf(add_fd, "sambaNTPassword: XXX\n"); + fprintf(add_fd, "sambaAcctFlags: [U\n"); + fprintf(add_fd, "sambaSID: %s-500\n", sid); + fprintf(add_fd, "loginShell: /bin/false\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the domain entity */ + fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); + fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), + suffix); + fprintf(add_fd, "objectClass: sambaDomain\n"); + fprintf(add_fd, "objectClass: sambaUnixIdPool\n"); + fprintf(add_fd, "sambaDomainName: %s\n", lp_workgroup()); + fprintf(add_fd, "sambaSID: %s\n", sid); + fprintf(add_fd, "uidNumber: %d\n", ++ldif_uid); + fprintf(add_fd, "gidNumber: %d\n", ++ldif_gid); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write user nobody entity */ + fprintf(add_fd, "# nobody, %s, %s\n", user_attr, suffix); + fprintf(add_fd, "dn: uid=nobody,ou=%s,%s\n", user_attr, suffix); + fprintf(add_fd, "cn: nobody\n"); + fprintf(add_fd, "sn: nobody\n"); + fprintf(add_fd, "objectClass: inetOrgPerson\n"); + fprintf(add_fd, "objectClass: sambaSAMAccount\n"); + fprintf(add_fd, "objectClass: posixAccount\n"); + fprintf(add_fd, "objectClass: shadowAccount\n"); + fprintf(add_fd, "gidNumber: 514\n"); + fprintf(add_fd, "uid: nobody\n"); + fprintf(add_fd, "uidNumber: 999\n"); + fprintf(add_fd, "homeDirectory: /dev/null\n"); + fprintf(add_fd, "sambaPwdLastSet: 0\n"); + fprintf(add_fd, "sambaLogonTime: 0\n"); + fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); + fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); + fprintf(add_fd, "sambaPwdCanChange: 0\n"); + fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); + fprintf(add_fd, "sambaHomePath: \\\\PDC-SMD3\\homes\\nobody\n"); + fprintf(add_fd, "sambaHomeDrive: H:\n"); + fprintf(add_fd, "sambaProfilePath: \\\\PDC-SMB3\\profiles\\nobody\n"); + fprintf(add_fd, "sambaprimaryGroupSID: %s-514\n", sid); + fprintf(add_fd, "sambaLMPassword: NOPASSWORDXXXXXXXXXXXXXXXXXXXXX\n"); + fprintf(add_fd, "sambaNTPassword: NOPASSWORDXXXXXXXXXXXXXXXXXXXXX\n"); + fprintf(add_fd, "sambaAcctFlags: [NU\n"); + fprintf(add_fd, "sambaSID: %s-2998\n", sid); + fprintf(add_fd, "loginShell: /bin/false\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Admins entity */ + fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Admins\n"); + fprintf(add_fd, "memberUid: Administrator\n"); + fprintf(add_fd, "description: Netbios Domain Administrators\n"); + fprintf(add_fd, "gidNumber: 512\n"); + fprintf(add_fd, "sambaSID: %s-512\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Admins\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Users entity */ + fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Users\n"); + fprintf(add_fd, "description: Netbios Domain Users\n"); + fprintf(add_fd, "gidNumber: 513\n"); + fprintf(add_fd, "sambaSID: %s-513\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Users\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Guests entity */ + fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: Domain Guests\n"); + fprintf(add_fd, "description: Netbios Domain Guests\n"); + fprintf(add_fd, "gidNumber: 514\n"); + fprintf(add_fd, "sambaSID: %s-514\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Guests\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Domain Computers entity */ + fprintf(add_fd, "# Domain Computers, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Domain Computers,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 515\n"); + fprintf(add_fd, "cn: Domain Computers\n"); + fprintf(add_fd, "description: Netbios Domain Computers accounts\n"); + fprintf(add_fd, "sambaSID: %s-515\n", sid); + fprintf(add_fd, "sambaGroupType: 2\n"); + fprintf(add_fd, "displayName: Domain Computers\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Admininistrators Groups entity */ + fprintf(add_fd, "# Administrators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Administrators,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 544\n"); + fprintf(add_fd, "cn: Administrators\n"); + fprintf(add_fd, "description: Netbios Domain Members can fully administer the computer/sambaDomainName\n"); + fprintf(add_fd, "sambaSID: %s-544\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Administrators\n"); + fprintf(add_fd, "\n"); + + /* Write the Print Operator entity */ + fprintf(add_fd, "# Print Operators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Print Operators,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 550\n"); + fprintf(add_fd, "cn: Print Operators\n"); + fprintf(add_fd, "description: Netbios Domain Print Operators\n"); + fprintf(add_fd, "sambaSID: %s-550\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Print Operators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Backup Operators entity */ + fprintf(add_fd, "# Backup Operators, %s, %s\n", group_attr, + suffix); + fprintf(add_fd, "dn: cn=Backup Operators,ou=%s,%s\n", + group_attr, suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 551\n"); + fprintf(add_fd, "cn: Backup Operators\n"); + fprintf(add_fd, "description: Netbios Domain Members can bypass file security to back up files\n"); + fprintf(add_fd, "sambaSID: %s-551\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Backup Operators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Write the Replicators entity */ + fprintf(add_fd, "# Replicators, %s, %s\n", group_attr, suffix); + fprintf(add_fd, "dn: cn=Replicators,ou=%s,%s\n", group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "gidNumber: 552\n"); + fprintf(add_fd, "cn: Replicators\n"); + fprintf(add_fd, "description: Netbios Domain Supports file replication in a sambaDomainName\n"); + fprintf(add_fd, "sambaSID: %s-552\n", builtin_sid); + fprintf(add_fd, "sambaGroupType: 5\n"); + fprintf(add_fd, "displayName: Replicators\n"); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Deallocate memory, and return */ + if (suffix_attr != NULL) SAFE_FREE(suffix_attr); + return NT_STATUS_OK; +} + +static NTSTATUS +map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, + const char *suffix, const char *builtin_sid) +{ + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Map the groups created by populate_ldap_for_ldif */ + groupmap[0].rid = 512; + groupmap[0].gidNumber = 512; + pstr_sprintf(groupmap[0].sambaSID, "%s-512", sid); + pstr_sprintf(groupmap[0].group_dn, "cn=Domain Admins,ou=%s,%s", + group_attr, suffix); + accountmap[0].rid = 512; + pstr_sprintf(accountmap[0].cn, "%s", "Domain Admins"); + + groupmap[1].rid = 513; + groupmap[1].gidNumber = 513; + pstr_sprintf(groupmap[1].sambaSID, "%s-513", sid); + pstr_sprintf(groupmap[1].group_dn, "cn=Domain Users,ou=%s,%s", + group_attr, suffix); + accountmap[1].rid = 513; + pstr_sprintf(accountmap[1].cn, "%s", "Domain Users"); + + groupmap[2].rid = 514; + groupmap[2].gidNumber = 514; + pstr_sprintf(groupmap[2].sambaSID, "%s-514", sid); + pstr_sprintf(groupmap[2].group_dn, "cn=Domain Guests,ou=%s,%s", + group_attr, suffix); + accountmap[2].rid = 514; + pstr_sprintf(accountmap[2].cn, "%s", "Domain Guests"); + + groupmap[3].rid = 515; + groupmap[3].gidNumber = 515; + pstr_sprintf(groupmap[3].sambaSID, "%s-515", sid); + pstr_sprintf(groupmap[3].group_dn, "cn=Domain Computers,ou=%s,%s", + group_attr, suffix); + accountmap[3].rid = 515; + pstr_sprintf(accountmap[3].cn, "%s", "Domain Computers"); + + groupmap[4].rid = 544; + groupmap[4].gidNumber = 544; + pstr_sprintf(groupmap[4].sambaSID, "%s-544", builtin_sid); + pstr_sprintf(groupmap[4].group_dn, "cn=Administrators,ou=%s,%s", + group_attr, suffix); + accountmap[4].rid = 515; + pstr_sprintf(accountmap[4].cn, "%s", "Administrators"); + + groupmap[5].rid = 550; + groupmap[5].gidNumber = 550; + pstr_sprintf(groupmap[5].sambaSID, "%s-550", builtin_sid); + pstr_sprintf(groupmap[5].group_dn, "cn=Print Operators,ou=%s,%s", + group_attr, suffix); + accountmap[5].rid = 550; + pstr_sprintf(accountmap[5].cn, "%s", "Print Operators"); + + groupmap[6].rid = 551; + groupmap[6].gidNumber = 551; + pstr_sprintf(groupmap[6].sambaSID, "%s-551", builtin_sid); + pstr_sprintf(groupmap[6].group_dn, "cn=Backup Operators,ou=%s,%s", + group_attr, suffix); + accountmap[6].rid = 551; + pstr_sprintf(accountmap[6].cn, "%s", "Backup Operators"); + + groupmap[7].rid = 552; + groupmap[7].gidNumber = 552; + pstr_sprintf(groupmap[7].sambaSID, "%s-552", builtin_sid); + pstr_sprintf(groupmap[7].group_dn, "cn=Replicators,ou=%s,%s", + group_attr, suffix); + accountmap[7].rid = 551; + pstr_sprintf(accountmap[7].cn, "%s", "Replicators"); + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, + FILE *add_fd, fstring sid, char *suffix) +{ + fstring groupname; + uint32 grouptype = 0, g_rid = 0; + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Get the group name */ + unistr2_to_ascii(groupname, + &(delta->group_info.uni_grp_name), + sizeof(groupname)-1); + + /* Set up the group type (always 2 for group info) */ + grouptype = 2; + + /* These groups are entered by populate_ldap_for_ldif */ + if (strcmp(groupname, "Domain Admins") == 0 || + strcmp(groupname, "Domain Users") == 0 || + strcmp(groupname, "Domain Guests") == 0 || + strcmp(groupname, "Domain Computers") == 0 || + strcmp(groupname, "Administrators") == 0 || + strcmp(groupname, "Print Operators") == 0 || + strcmp(groupname, "Backup Operators") == 0 || + strcmp(groupname, "Replicators") == 0) { + return NT_STATUS_OK; + } else { + /* Increment the gid for the new group */ + ldif_gid++; + } + + /* Map the group rid, gid, and dn */ + g_rid = delta->group_info.gid.g_rid; + groupmap->rid = g_rid; + groupmap->gidNumber = ldif_gid; + pstr_sprintf(groupmap->sambaSID, "%s-%d", sid, g_rid); + pstr_sprintf(groupmap->group_dn, + "cn=%s,ou=%s,%s", groupname, group_attr, suffix); + + /* Write the data to the temporary add ldif file */ + fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr, + suffix); + fprintf(add_fd, "dn: cn=%s,ou=%s,%s\n", groupname, group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: %s\n", groupname); + fprintf(add_fd, "gidNumber: %d\n", ldif_gid); + fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); + fprintf(add_fd, "sambaGroupType: %d\n", grouptype); + fprintf(add_fd, "displayName: %s\n", groupname); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Return */ + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, FILE *add_fd, + fstring sid, char *suffix, int alloced) +{ + fstring username, homedir, logonscript, homedrive, homepath; + fstring hex_nt_passwd, hex_lm_passwd; + fstring description, fullname, sambaSID; + uchar lm_passwd[16], nt_passwd[16]; + char *flags; + const char *blank = "", *shell = "/bin/bash"; + const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; + static uchar zero_buf[16]; + uint32 rid = 0, group_rid = 0, gidNumber = 0; + time_t unix_time; + int i; + + /* Get the username */ + unistr2_to_ascii(username, + &(delta->account_info.uni_acct_name), + sizeof(username)-1); + + /* Get the rid */ + rid = delta->account_info.user_rid; + + /* Map the rid and username for group member info later */ + accountmap->rid = rid; + pstr_sprintf(accountmap->cn, "%s", username); + + /* Get the home directory */ + unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), + sizeof(homedir)-1); + if (strcmp(homedir, blank) == 0) { + pstr_sprintf(homedir, "/home/%s", username); + } else { + strncpy(homepath, homedir, sizeof(homepath)); + } + + /* Get the logon script */ + unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), + sizeof(logonscript)-1); + + /* Get the home drive */ + unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), + sizeof(homedrive)-1); + + /* Get the description */ + unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), + sizeof(description)-1); + if (strcmp(description, blank) == 0) { + pstr_sprintf(description, "System User"); + } + + /* Get the display name */ + unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), + sizeof(fullname)-1); + + /* Get lm and nt password data */ + if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(delta->account_info.user_rid, + delta->account_info.pass.buf_lm_pwd, + lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, + delta->account_info.acb_info); + } else { + pdb_sethexpwd(hex_lm_passwd, NULL, 0); + } + if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) { + sam_pwd_hash(delta->account_info.user_rid, + delta->account_info.pass.buf_nt_pwd, + nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, + delta->account_info.acb_info); + } else { + pdb_sethexpwd(hex_nt_passwd, NULL, 0); + } + unix_time = nt_time_to_unix(&(delta->account_info.pwd_last_set_time)); + + /* The nobody user is entered by populate_ldap_for_ldif */ + if (strcmp(username, "nobody") == 0) { + return NT_STATUS_OK; + } else { + /* Increment the uid for the new user */ + ldif_uid++; + } + + /* Set up group id and sambaSID for the user */ + group_rid = delta->account_info.group_rid; + for (i=0; iaccount_info.acb_info, + NEW_PW_FORMAT_SPACE_PADDED_LEN); + + /* Add the user to the temporary add ldif file */ + fprintf(add_fd, "# %s, %s, %s\n", username, + sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); + fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, + sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); + fprintf(add_fd, "ObjectClass: top\n"); + fprintf(add_fd, "objectClass: inetOrgPerson\n"); + fprintf(add_fd, "objectClass: posixAccount\n"); + fprintf(add_fd, "objectClass: shadowAccount\n"); + fprintf(add_fd, "objectClass: sambaSamAccount\n"); + fprintf(add_fd, "cn: %s\n", username); + fprintf(add_fd, "sn: %s\n", username); + fprintf(add_fd, "uid: %s\n", username); + fprintf(add_fd, "uidNumber: %d\n", ldif_uid); + fprintf(add_fd, "gidNumber: %d\n", gidNumber); + fprintf(add_fd, "homeDirectory: %s\n", homedir); + if (strcmp(homepath, blank) != 0) + fprintf(add_fd, "SambaHomePath: %s\n", homepath); + if (strcmp(homedrive, blank) != 0) + fprintf(add_fd, "SambaHomeDrive: %s\n", homedrive); + if (strcmp(logonscript, blank) != 0) + fprintf(add_fd, "SambaLogonScript: %s\n", logonscript); + fprintf(add_fd, "loginShell: %s\n", shell); + fprintf(add_fd, "gecos: System User\n"); + fprintf(add_fd, "description: %s\n", description); + fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); + fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); + if(strcmp(fullname, blank) != 0) + fprintf(add_fd, "displayName: %s\n", fullname); + if (strcmp(nopasswd, hex_lm_passwd) != 0) + fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); + if (strcmp(nopasswd, hex_nt_passwd) != 0) + fprintf(add_fd, "sambaNTPassword: %s\n", hex_nt_passwd); + fprintf(add_fd, "sambaPwdLastSet: %d\n", unix_time); + fprintf(add_fd, "sambaAcctFlags: %s\n", flags); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Return */ + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, + FILE *add_fd, fstring sid, char *suffix, + unsigned db_type) +{ + fstring aliasname, description; + uint32 grouptype = 0, g_rid = 0; + char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); + + /* Get the alias name */ + unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name), + sizeof(aliasname)-1); + + /* Get the alias description */ + unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc), + sizeof(description)-1); + + /* Set up the group type */ + switch (db_type) { + case SAM_DATABASE_DOMAIN: + grouptype = 4; + break; + case SAM_DATABASE_BUILTIN: + grouptype = 5; + break; + default: + grouptype = 4; + break; + } + + /* + These groups are entered by populate_ldap_for_ldif + Note that populate creates a group called Relicators, + but NT returns a group called Replicator + */ + if (strcmp(aliasname, "Domain Admins") == 0 || + strcmp(aliasname, "Domain Users") == 0 || + strcmp(aliasname, "Domain Guests") == 0 || + strcmp(aliasname, "Domain Computers") == 0 || + strcmp(aliasname, "Administrators") == 0 || + strcmp(aliasname, "Print Operators") == 0 || + strcmp(aliasname, "Backup Operators") == 0 || + strcmp(aliasname, "Replicator") == 0) { + return NT_STATUS_OK; + } else { + /* Increment the gid for the new group */ + ldif_gid++; + } + + /* Map the group rid and gid */ + g_rid = delta->group_info.gid.g_rid; + groupmap->gidNumber = ldif_gid; + pstr_sprintf(groupmap->sambaSID, "%s-%d", sid, g_rid); + + /* Write the data to the temporary add ldif file */ + fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, + suffix); + fprintf(add_fd, "dn: cn=%s,ou=%s,%s\n", aliasname, group_attr, + suffix); + fprintf(add_fd, "objectClass: posixGroup\n"); + fprintf(add_fd, "objectClass: sambaGroupMapping\n"); + fprintf(add_fd, "cn: %s\n", aliasname); + fprintf(add_fd, "gidNumber: %d\n", ldif_gid); + fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); + fprintf(add_fd, "sambaGroupType: %d\n", grouptype); + fprintf(add_fd, "displayName: %s\n", aliasname); + fprintf(add_fd, "description: %s\n", description); + fprintf(add_fd, "\n"); + fflush(add_fd); + + /* Return */ + return NT_STATUS_OK; +} + +static NTSTATUS +fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, + GROUPMAP *groupmap, ACCOUNTMAP *accountmap, + FILE *mod_fd, int alloced) +{ + fstring group_dn; + uint32 group_rid = 0, rid = 0; + int i, j, k; + + /* Get the dn for the group */ + if (delta->grp_mem_info.num_members > 0) { + group_rid = hdr_delta->target_rid; + for (j=0; jgrp_mem_info.num_members; i++) { + rid = delta->grp_mem_info.rids[i]; + for (k=0; ksess_key, &(cli->clnt_cred), + ret_creds); + + /* Re-allocate memory for groupmap and accountmap arrays */ + groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, + num_deltas+num_alloced); + accountmap = SMB_REALLOC_ARRAY(accountmap, ACCOUNTMAP, + num_deltas+num_alloced); + if (groupmap == NULL || accountmap == NULL) { + DEBUG(1,("GROUPMAP malloc failed\n")); + return NT_STATUS_NO_MEMORY; + } + + /* Initialize the new records */ + memset(&groupmap[num_alloced], 0, + sizeof(GROUPMAP)*num_deltas); + memset(&accountmap[num_alloced], 0, + sizeof(ACCOUNTMAP)*num_deltas); + + /* Remember how many we alloced this time */ + num_alloced += num_deltas; + + /* Loop through the deltas */ + for (k=0; k> %s", add_ldif, ldif_file); + system(sys_cmd); + if (db_type == SAM_DATABASE_DOMAIN) { + fprintf(ldif_fd, + "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); + fprintf(ldif_fd, + "# ====================================\n\n"); + fflush(ldif_fd); + } else if (db_type == SAM_DATABASE_BUILTIN) { + fprintf(ldif_fd, + "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n"); + fprintf(ldif_fd, + "# =====================================\n\n"); + fflush(ldif_fd); + } + pstr_sprintf(sys_cmd, "cat %s >> %s", mod_ldif, ldif_file); + system(sys_cmd); + + /* Delete the temporary ldif files */ + pstr_sprintf(sys_cmd, "rm -f %s %s", add_ldif, mod_ldif); + system(sys_cmd); + + /* Close the ldif file */ + fclose(ldif_fd); + + /* Deallocate memory for the mapping arrays */ + SAFE_FREE(groupmap); + SAFE_FREE(accountmap); + + /* Return */ + talloc_destroy(mem_ctx); + return NT_STATUS_OK; +} + +/** + * Basic usage function for 'net rpc vampire' + * @param argc Standard main() style argc + * @param argc Standard main() style argv. Initial components are already + * stripped + **/ + +int rpc_vampire_usage(int argc, const char **argv) +{ + d_printf("net rpc vampire [ldif [] [options]\n"\ + "\t to pull accounts from a remote PDC where we are a BDC\n"\ + "\t\t no args puts accounts in local passdb from smb.conf\n"\ + "\t\t ldif - put accounts in ldif format (file defaults to /tmp/tmp.ldif\n"); + + net_common_flags_usage(argc, argv); + return -1; +} + + /* dump sam database via samsync rpc calls */ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, const char *domain_name, @@ -1193,7 +2179,13 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, goto fail; } - result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, *domain_sid); + if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { + result = fetch_database_to_ldif(cli, SAM_DATABASE_DOMAIN, + &ret_creds, *domain_sid, argv[1]); + } else { + result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, + *domain_sid); + } if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch domain database: %s\n", @@ -1204,8 +2196,14 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, goto fail; } - result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, - global_sid_Builtin); + if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { + result = fetch_database_to_ldif(cli, SAM_DATABASE_BUILTIN, + &ret_creds, global_sid_Builtin, + argv[1]); + } else { + result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, + global_sid_Builtin); + } if (!NT_STATUS_IS_OK(result)) { d_printf("Failed to fetch builtin database: %s\n", @@ -1219,3 +2217,4 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, fail: return result; } + -- cgit From 36f0225e5f5aa4987e0d759fdd62a7a6b95b31b3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 12 Jul 2005 23:02:31 +0000 Subject: r8396: fix some compile warnings. Guenther (This used to be commit af1aa09cde91078496a29f3a73c69a65ca2c3f6a) --- source3/utils/net_rpc_samsync.c | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index dd3364dfcb..0c8698a8c2 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -436,7 +436,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) pdb_sethexhours(oldstr, pdb_get_hours(account)); pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); if (!strequal(oldstr, newstr)) - pdb_set_hours(account, (const char *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + pdb_set_hours(account, (const uint8 *)delta->buf_logon_hrs.buffer, PDB_CHANGED); } if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) @@ -1716,7 +1716,7 @@ fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); if (strcmp(nopasswd, hex_nt_passwd) != 0) fprintf(add_fd, "sambaNTPassword: %s\n", hex_nt_passwd); - fprintf(add_fd, "sambaPwdLastSet: %d\n", unix_time); + fprintf(add_fd, "sambaPwdLastSet: %d\n", (int)unix_time); fprintf(add_fd, "sambaAcctFlags: %s\n", flags); fprintf(add_fd, "\n"); fflush(add_fd); @@ -1871,11 +1871,18 @@ fetch_database_to_ldif(struct cli_state *cli, unsigned db_type, /* Array element is the account rid */ ACCOUNTMAP *accountmap = NULL; + if (!(mem_ctx = talloc_init("fetch_database"))) { + return NT_STATUS_NO_MEMORY; + } + /* Ensure we have an output file */ if (user_file) - ldif_file = user_file; + ldif_file = talloc_strdup(mem_ctx, user_file); else - ldif_file = "/tmp/tmp.ldif"; + ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); + + if (ldif_file == NULL) + return NT_STATUS_NO_MEMORY; /* Open the add and mod ldif files */ add_fd = fopen(add_ldif, "a"); @@ -1892,10 +1899,6 @@ fetch_database_to_ldif(struct cli_state *cli, unsigned db_type, return NT_STATUS_UNSUCCESSFUL; } - if (!(mem_ctx = talloc_init("fetch_database"))) { - return NT_STATUS_NO_MEMORY; - } - /* Get the sid */ sid_to_string(sid, &dom_sid); -- cgit From 375ad586a49526098722a1fd79400a67ea1004a1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 26 Jul 2005 20:11:37 +0000 Subject: r8786: Fix amazing and long-standing bug where user-accounts are just crippled accounts (accounts without AcctCtrl set) after a vampire-process. New Accounts tend to hace no acb_info at all which means "0" (ACB_NORMAL). Unless 0 becomes not 0 we don't do anything and set *no* acctrl for normal users at all (!). Those crippled users now don't show up in usrmgr since 3.0.20somethings ldap-routines now finally test if the attribute is there. Guenther (This used to be commit c270ae79b5ef6d27a2a9e5a2d4f6bb20f7107b16) --- source3/utils/net_rpc_samsync.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 0c8698a8c2..403250675a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -482,8 +482,7 @@ sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) /* TODO: account expiry time */ - if (pdb_get_acct_ctrl(account) != delta->acb_info) - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); -- cgit From 54abd2aa66069e6baf7769c496f46d9dba18db39 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 30 Sep 2005 17:13:37 +0000 Subject: r10656: BIG merge from trunk. Features not copied over * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3) --- source3/utils/net_rpc_samsync.c | 183 ++++++++++++++++------------------------ 1 file changed, 72 insertions(+), 111 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 403250675a..f4a0ab90e8 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -6,6 +6,7 @@ Copyright (C) Tim Potter 2001,2002 Copyright (C) Jim McDonough 2005 Modified by Volker Lendecke 2002 + Copyright (C) Jeremy Allison 2005. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -41,7 +42,6 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) d_printf("\n"); } - static const char *display_time(NTTIME *nttime) { static fstring string; @@ -210,10 +210,9 @@ static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) } } - -static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds) +static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) { - unsigned sync_context = 0; + uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -241,13 +240,12 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret } do { - result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, db_type, + result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); if (NT_STATUS_IS_ERR(result)) break; - clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), ret_creds); for (i = 0; i < num_deltas; i++) { display_sam_entry(&hdr_deltas[i], &deltas[i]); } @@ -259,41 +257,47 @@ static void dump_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret /* dump sam database via samsync rpc calls */ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, TALLOC_CTX *mem_ctx, - int argc, const char **argv) + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) { +#if 0 + /* net_rpc.c now always tries to create an schannel pipe.. */ + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - DOM_CRED ret_creds; - uint32 sec_channel; - - ZERO_STRUCT(ret_creds); - - fstrcpy(cli->domain, domain_name); + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, trust_password, - NULL, &sec_channel)) { + NULL, &sec_channel_type)) { DEBUG(0,("Could not fetch trust account password\n")); goto fail; } - if (!NT_STATUS_IS_OK(nt_status = cli_nt_establish_netlogon(cli, sec_channel, - trust_password))) { + nt_status = rpccli_netlogon_setup_creds(pipe_hnd, + cli->desthost, + domain_name, + global_myname(), + trust_password, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("Error connecting to NETLOGON pipe\n")); goto fail; } +#endif - dump_database(cli, SAM_DATABASE_DOMAIN, &ret_creds); - dump_database(cli, SAM_DATABASE_BUILTIN, &ret_creds); - dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); - - nt_status = NT_STATUS_OK; + dump_database(pipe_hnd, SAM_DATABASE_DOMAIN); + dump_database(pipe_hnd, SAM_DATABASE_BUILTIN); + dump_database(pipe_hnd, SAM_DATABASE_PRIVS); -fail: - cli_nt_session_close(cli); - return nt_status; + return NT_STATUS_OK; } /* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ @@ -301,8 +305,7 @@ fail: (!old_string && new_string) ||\ (old_string && new_string && (strcmp(old_string, new_string) != 0)) -static NTSTATUS -sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) +static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) { const char *old_string, *new_string; time_t unix_time, stored_time; @@ -529,7 +532,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); - } + } /* try and find the possible unix account again */ if ( !(passwd = Get_Pwnam(account)) ) { @@ -590,8 +593,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return nt_ret; } -static NTSTATUS -fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) +static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) { fstring name; fstring comment; @@ -651,8 +653,7 @@ fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS -fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) +static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) { int i; TALLOC_CTX *t = NULL; @@ -832,8 +833,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, return NT_STATUS_OK; } -static NTSTATUS -fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) +static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) { #if 0 /* * commented out right now after talking to Volker. Can't @@ -998,42 +998,41 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!account_policy_set(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) return nt_status; - if (!account_policy_set(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) + if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) return nt_status; - if (!account_policy_set(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) return nt_status; - if (!account_policy_set(AP_TIME_TO_LOGOUT, (uint32)u_logout)) + if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - if (!account_policy_set(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; - if (!account_policy_set(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) + if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; if (u_lockouttime != -1) u_lockouttime /= 60; - if (!account_policy_set(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) + if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!account_policy_set(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) return nt_status; return NT_STATUS_OK; } -static void -fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, +static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, DOM_SID dom_sid) { switch(hdr_delta->type) { @@ -1098,11 +1097,9 @@ fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, } } -static NTSTATUS -fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, - DOM_SID dom_sid) +static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid) { - unsigned sync_context = 0; + uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; @@ -1129,17 +1126,13 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, } do { - result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, + result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); if (NT_STATUS_IS_OK(result) || NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - - clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), - ret_creds); - for (i = 0; i < num_deltas; i++) { fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); } @@ -1154,8 +1147,7 @@ fetch_database(struct cli_state *cli, unsigned db_type, DOM_CRED *ret_creds, return result; } -static NTSTATUS -populate_ldap_for_ldif(fstring sid, const char *suffix, const char +static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char *builtin_sid, FILE *add_fd) { char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; @@ -1448,8 +1440,7 @@ populate_ldap_for_ldif(fstring sid, const char *suffix, const char return NT_STATUS_OK; } -static NTSTATUS -map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, +static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, const char *suffix, const char *builtin_sid) { char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1521,8 +1512,7 @@ map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, return NT_STATUS_OK; } -static NTSTATUS -fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix) { fstring groupname; @@ -1579,8 +1569,7 @@ fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, return NT_STATUS_OK; } -static NTSTATUS -fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, fstring sid, char *suffix, int alloced) { @@ -1724,8 +1713,7 @@ fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, return NT_STATUS_OK; } -static NTSTATUS -fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix, unsigned db_type) { @@ -1798,8 +1786,7 @@ fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, return NT_STATUS_OK; } -static NTSTATUS -fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, +static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *mod_fd, int alloced) { @@ -1841,16 +1828,16 @@ fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, return NT_STATUS_OK; } -static NTSTATUS -fetch_database_to_ldif(struct cli_state *cli, unsigned db_type, - DOM_CRED *ret_creds, DOM_SID dom_sid, - const char *user_file) +static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, + uint32 db_type, + DOM_SID dom_sid, + const char *user_file) { char *suffix; const char *builtin_sid = "S-1-5-32"; char *ldif_file; fstring sid, domainname; - unsigned sync_context = 0; + uint32 sync_context = 0; NTSTATUS result; int k; TALLOC_CTX *mem_ctx; @@ -1956,7 +1943,7 @@ fetch_database_to_ldif(struct cli_state *cli, unsigned db_type, } do { - result = cli_netlogon_sam_sync(cli, mem_ctx, ret_creds, + result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); @@ -1965,9 +1952,6 @@ fetch_database_to_ldif(struct cli_state *cli, unsigned db_type, return NT_STATUS_OK; } - clnt_deal_with_creds(cli->sess_key, &(cli->clnt_cred), - ret_creds); - /* Re-allocate memory for groupmap and accountmap arrays */ groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, num_deltas+num_alloced); @@ -2138,18 +2122,16 @@ int rpc_vampire_usage(int argc, const char **argv) /* dump sam database via samsync rpc calls */ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, TALLOC_CTX *mem_ctx, - int argc, const char **argv) + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) { NTSTATUS result; - uchar trust_password[16]; - DOM_CRED ret_creds; fstring my_dom_sid_str; fstring rem_dom_sid_str; - uint32 sec_channel; - - ZERO_STRUCT(ret_creds); if (!sid_equal(domain_sid, get_global_sam_sid())) { d_printf("Cannot import users from %s at this time, " @@ -2164,29 +2146,11 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, return NT_STATUS_UNSUCCESSFUL; } - fstrcpy(cli->domain, domain_name); - - if (!secrets_fetch_trust_account_password(domain_name, - trust_password, NULL, - &sec_channel)) { - result = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; - d_printf("Could not retrieve domain trust secret\n"); - goto fail; - } - - result = cli_nt_establish_netlogon(cli, sec_channel, trust_password); - - if (!NT_STATUS_IS_OK(result)) { - d_printf("Failed to setup BDC creds\n"); - goto fail; - } - if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(cli, SAM_DATABASE_DOMAIN, - &ret_creds, *domain_sid, argv[1]); + result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, + *domain_sid, argv[1]); } else { - result = fetch_database(cli, SAM_DATABASE_DOMAIN, &ret_creds, - *domain_sid); + result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, *domain_sid); } if (!NT_STATUS_IS_OK(result)) { @@ -2199,12 +2163,10 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, } if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(cli, SAM_DATABASE_BUILTIN, - &ret_creds, global_sid_Builtin, - argv[1]); + result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, + global_sid_Builtin, argv[1]); } else { - result = fetch_database(cli, SAM_DATABASE_BUILTIN, &ret_creds, - global_sid_Builtin); + result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, global_sid_Builtin); } if (!NT_STATUS_IS_OK(result)) { @@ -2219,4 +2181,3 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, fail: return result; } - -- cgit From c42be9fd38556a1cc2e16c8d763a592beb863806 Mon Sep 17 00:00:00 2001 From: Lars Müller Date: Tue, 17 Jan 2006 21:22:00 +0000 Subject: r12986: Use d_fprintf(stderr, ...) for any error message in net. All 'usage' messages are still printed to stdout. Fix some compiler warnings for system() calls where we didn't used the return code. Add appropriate error messages and return with the error code we got from system() or NT_STATUS_UNSUCCESSFUL. (This used to be commit f650e3bdafc4c6bcd7eb4bcf8b6b885b979919eb) --- source3/utils/net_rpc_samsync.c | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index f4a0ab90e8..09e62d9def 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -536,7 +536,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) /* try and find the possible unix account again */ if ( !(passwd = Get_Pwnam(account)) ) { - d_printf("Could not create posix account info for '%s'\n", account); + d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); nt_ret = NT_STATUS_NO_SUCH_USER; goto done; } @@ -1847,7 +1847,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; FILE *add_fd, *mod_fd, *ldif_fd; char sys_cmd[1024]; - int num_alloced = 0, g_index = 0, a_index = 0; + int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -2068,7 +2068,12 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, fflush(ldif_fd); } pstr_sprintf(sys_cmd, "cat %s >> %s", add_ldif, ldif_file); - system(sys_cmd); + sys_cmd_result = system(sys_cmd); + if (sys_cmd_result) { + d_fprintf(stderr, "%s failed. Error was (%s)\n", + sys_cmd, strerror(errno)); + return NT_STATUS_UNSUCCESSFUL; + } if (db_type == SAM_DATABASE_DOMAIN) { fprintf(ldif_fd, "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); @@ -2083,11 +2088,21 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, fflush(ldif_fd); } pstr_sprintf(sys_cmd, "cat %s >> %s", mod_ldif, ldif_file); - system(sys_cmd); + sys_cmd_result = system(sys_cmd); + if (sys_cmd_result) { + d_fprintf(stderr, "%s failed. Error was (%s)\n", + sys_cmd, strerror(errno)); + return NT_STATUS_UNSUCCESSFUL; + } /* Delete the temporary ldif files */ pstr_sprintf(sys_cmd, "rm -f %s %s", add_ldif, mod_ldif); - system(sys_cmd); + sys_cmd_result = system(sys_cmd); + if (sys_cmd_result) { + d_fprintf(stderr, "%s failed. Error was (%s)\n", + sys_cmd, strerror(errno)); + return NT_STATUS_UNSUCCESSFUL; + } /* Close the ldif file */ fclose(ldif_fd); @@ -2154,11 +2169,11 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, } if (!NT_STATUS_IS_OK(result)) { - d_printf("Failed to fetch domain database: %s\n", + d_fprintf(stderr, "Failed to fetch domain database: %s\n", nt_errstr(result)); if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) - d_printf("Perhaps %s is a Windows 2000 native mode " - "domain?\n", domain_name); + d_fprintf(stderr, "Perhaps %s is a Windows 2000 native " + "mode domain?\n", domain_name); goto fail; } @@ -2170,7 +2185,7 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, } if (!NT_STATUS_IS_OK(result)) { - d_printf("Failed to fetch builtin database: %s\n", + d_fprintf(stderr, "Failed to fetch builtin database: %s\n", nt_errstr(result)); goto fail; } -- cgit From 0af1500fc0bafe61019f1b2ab1d9e1d369221240 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 3 Feb 2006 22:19:41 +0000 Subject: r13316: Let the carnage begin.... Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f) --- source3/utils/net_rpc_samsync.c | 141 +--------------------------------------- 1 file changed, 1 insertion(+), 140 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 09e62d9def..45fdfbfad3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -559,7 +559,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sam_account_from_delta(sam_account, delta); DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); - if (!pdb_update_sam_account(sam_account)) { + if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); pdb_free_sam(&sam_account); @@ -835,145 +835,6 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) { -#if 0 /* - * commented out right now after talking to Volker. Can't - * do much with the membership but seemed a shame to waste - * somewhat working code. Needs testing because the membership - * that shows up surprises me. Also can't do much with groups - * in groups (e.g. Domain Admins being a member of Adminsitrators). - * --jerry - */ - - int i; - TALLOC_CTX *t = NULL; - char **nt_members = NULL; - char **unix_members; - DOM_SID group_sid; - GROUP_MAP map; - struct group *grp; - enum SID_NAME_USE sid_type; - - if (delta->num_members == 0) { - return NT_STATUS_OK; - } - - sid_copy(&group_sid, &dom_sid); - sid_append_rid(&group_sid, rid); - - if (sid_equal(&dom_sid, &global_sid_Builtin)) { - sid_type = SID_NAME_WKN_GRP; - if (!get_builtin_group_from_sid(&group_sid, &map, False)) { - DEBUG(0, ("Could not find builtin group %s\n", sid_string_static(&group_sid))); - return NT_STATUS_NO_SUCH_GROUP; - } - } else { - sid_type = SID_NAME_ALIAS; - if (!get_local_group_from_sid(&group_sid, &map, False)) { - DEBUG(0, ("Could not find local group %s\n", sid_string_static(&group_sid))); - return NT_STATUS_NO_SUCH_GROUP; - } - } - - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %d\n", map.gid)); - return NT_STATUS_NO_SUCH_GROUP; - } - - d_printf("Group members of %s: ", grp->gr_name); - - if (!(t = talloc_init("fetch_group_mem_info"))) { - DEBUG(0, ("could not talloc_init\n")); - return NT_STATUS_NO_MEMORY; - } - - nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members); - - for (i=0; inum_members; i++) { - NTSTATUS nt_status; - SAM_ACCOUNT *member = NULL; - DOM_SID member_sid; - - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { - talloc_destroy(t); - return nt_status; - } - - sid_copy(&member_sid, &delta->sids[i].sid); - - if (!pdb_getsampwsid(member, &member_sid)) { - DEBUG(1, ("Found bogus group member: (member_sid=%s group=%s)\n", - sid_string_static(&member_sid), grp->gr_name)); - pdb_free_sam(&member); - continue; - } - - if (pdb_get_group_rid(member) == rid) { - d_printf("%s(primary),", pdb_get_username(member)); - pdb_free_sam(&member); - continue; - } - - d_printf("%s,", pdb_get_username(member)); - nt_members[i] = talloc_strdup(t, pdb_get_username(member)); - pdb_free_sam(&member); - } - - d_printf("\n"); - - unix_members = grp->gr_mem; - - while (*unix_members) { - BOOL is_nt_member = False; - for (i=0; inum_members; i++) { - if (nt_members[i] == NULL) { - /* This was a primary group */ - continue; - } - - if (strcmp(*unix_members, nt_members[i]) == 0) { - is_nt_member = True; - break; - } - } - if (!is_nt_member) { - /* We look at a unix group member that is not - an nt group member. So, remove it. NT is - boss here. */ - smb_delete_user_group(grp->gr_name, *unix_members); - } - unix_members += 1; - } - - for (i=0; inum_members; i++) { - BOOL is_unix_member = False; - - if (nt_members[i] == NULL) { - /* This was the primary group */ - continue; - } - - unix_members = grp->gr_mem; - - while (*unix_members) { - if (strcmp(*unix_members, nt_members[i]) == 0) { - is_unix_member = True; - break; - } - unix_members += 1; - } - - if (!is_unix_member) { - /* We look at a nt group member that is not a - unix group member currently. So, add the nt - group member. */ - smb_add_user_group(grp->gr_name, nt_members[i]); - } - } - - talloc_destroy(t); - -#endif /* end of fetch_alias_mem() */ - return NT_STATUS_OK; } -- cgit From 301d51e13a1aa4e633e2da161b0dd260a8a499cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 13 Feb 2006 17:08:25 +0000 Subject: r13494: Merge the stuff I've done in head the last days. Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 45fdfbfad3..f8cd0e090d 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -550,7 +550,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sam_account_from_delta(sam_account, delta); DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); - if (!pdb_add_sam_account(sam_account)) { + if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); return NT_STATUS_ACCESS_DENIED; -- cgit From 2203bed32c84c63737f402accf73452efb76b483 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Mon, 20 Feb 2006 20:09:36 +0000 Subject: r13576: This is the beginnings of moving the SAM_ACCOUNT data structure to make full use of the new talloc() interface. Discussed with Volker and Jeremy. * remove the internal mem_ctx and simply use the talloc() structure as the context. * replace the internal free_fn() with a talloc_destructor() function * remove the unnecessary private nested structure * rename SAM_ACCOUNT to 'struct samu' to indicate the current an upcoming changes. Groups will most likely be replaced with a 'struct samg' in the future. Note that there are now passbd API changes. And for the most part, the wrapper functions remain the same. While this code has been tested on tdb and ldap based Samba PDC's as well as Samba member servers, there are probably still some bugs. The code also needs more testing under valgrind to ensure it's not leaking memory. But it's a start...... (This used to be commit 19b7593972480540283c5bf02c02e5ecd8d2c3f0) --- source3/utils/net_rpc_samsync.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index f8cd0e090d..d3b9a9a8a8 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -300,12 +300,12 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, return NT_STATUS_OK; } -/* Convert a SAM_ACCOUNT_DELTA to a SAM_ACCOUNT. */ +/* Convert a struct samu_DELTA to a struct samu. */ #define STRING_CHANGED (old_string && !new_string) ||\ (!old_string && new_string) ||\ (old_string && new_string && (strcmp(old_string, new_string) != 0)) -static NTSTATUS sam_account_from_delta(SAM_ACCOUNT *account, SAM_ACCOUNT_INFO *delta) +static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta) { const char *old_string, *new_string; time_t unix_time, stored_time; @@ -497,7 +497,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) NTSTATUS nt_ret; fstring account; pstring add_script; - SAM_ACCOUNT *sam_account=NULL; + struct samu *sam_account=NULL; GROUP_MAP map; struct group *grp; DOM_SID user_sid; @@ -562,7 +562,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); - pdb_free_sam(&sam_account); + TALLOC_FREE(sam_account); return NT_STATUS_ACCESS_DENIED; } } @@ -589,7 +589,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } done: - pdb_free_sam(&sam_account); + TALLOC_FREE(sam_account); return nt_ret; } @@ -691,7 +691,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) for (i=0; inum_members; i++) { NTSTATUS nt_status; - SAM_ACCOUNT *member = NULL; + struct samu *member = NULL; DOM_SID member_sid; if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { @@ -705,19 +705,19 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) if (!pdb_getsampwsid(member, &member_sid)) { DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", delta->rids[i], sid_string_static(&member_sid), grp->gr_name)); - pdb_free_sam(&member); + TALLOC_FREE(member); continue; } if (pdb_get_group_rid(member) == rid) { d_printf("%s(primary),", pdb_get_username(member)); - pdb_free_sam(&member); + TALLOC_FREE(member); continue; } d_printf("%s,", pdb_get_username(member)); nt_members[i] = talloc_strdup(t, pdb_get_username(member)); - pdb_free_sam(&member); + TALLOC_FREE(member); } d_printf("\n"); -- cgit From cd559192633d78a9f06e239c6a448955f6ea0842 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Tue, 21 Feb 2006 14:34:11 +0000 Subject: r13590: * replace all pdb_init_sam[_talloc]() calls with samu_new() * replace all pdb_{init,fill}_sam_pw() calls with samu_set_unix() (This used to be commit 6f1afa4acc93a07d0ee9940822d7715acaae634f) --- source3/utils/net_rpc_samsync.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d3b9a9a8a8..05ff28ad65 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -508,8 +508,9 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) fstrcpy(account, unistr2_static(&delta->uni_acct_name)); d_printf("Creating account: %s\n", account); - if (!NT_STATUS_IS_OK(nt_ret = pdb_init_sam(&sam_account))) - return nt_ret; + if ( !(sam_account = samu_new( NULL )) ) { + return NT_STATUS_NO_MEMORY; + } if (!(passwd = Get_Pwnam(account))) { /* Create appropriate user */ @@ -690,13 +691,12 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members); for (i=0; inum_members; i++) { - NTSTATUS nt_status; struct samu *member = NULL; DOM_SID member_sid; - if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam_talloc(t, &member))) { + if ( !(member = samu_new(t)) ) { talloc_destroy(t); - return nt_status; + return NT_STATUS_NO_MEMORY; } sid_copy(&member_sid, get_global_sam_sid()); -- cgit From 894358a8f3e338b339b6c37233edef794b312087 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Mar 2006 06:31:04 +0000 Subject: r13915: Fixed a very interesting class of realloc() bugs found by Coverity. realloc can return NULL in one of two cases - (1) the realloc failed, (2) realloc succeeded but the new size requested was zero, in which case this is identical to a free() call. The error paths dealing with these two cases should be different, but mostly weren't. Secondly the standard idiom for dealing with realloc when you know the new size is non-zero is the following : tmp = realloc(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } However, there were *many* *many* places in Samba where we were using the old (broken) idiom of : p = realloc(p, size) if (!p) { return error; } which will leak the memory pointed to by p on realloc fail. This commit (hopefully) fixes all these cases by moving to a standard idiom of : p = SMB_REALLOC(p, size) if (!p) { return error; } Where if the realloc returns null due to the realloc failing or size == 0 we *guarentee* that the storage pointed to by p has been freed. This allows me to remove a lot of code that was dealing with the standard (more verbose) method that required a tmp pointer. This is almost always what you want. When a realloc fails you never usually want the old memory, you want to free it and get into your error processing asap. For the 11 remaining cases where we really do need to keep the old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR, which can be used as follows : tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size); if (!tmp) { SAFE_FREE(p); return error; } else { p = tmp; } SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the pointer p, even on size == 0 or realloc fail. All this is done by a hidden extra argument to Realloc(), BOOL free_old_on_error which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR macros (and their array counterparts). It remains to be seen what this will do to our Coverity bug count :-). Jeremy. (This used to be commit 1d710d06a214f3f1740e80e0bffd6aab44aac2b0) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 05ff28ad65..d5fc4b5c58 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1820,6 +1820,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); + SAFE_FREE(groupmap); + SAFE_FREE(accountmap); return NT_STATUS_NO_MEMORY; } -- cgit From 9bc20e14db7795d24718a443aa3f0a11cf3fc2ad Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Tue, 7 Mar 2006 16:29:25 +0000 Subject: r13957: Based on patch from Richard Renard : Fix machine accounts (should not have valid shells) and users with no home directory (were getting previous user's directory). (This used to be commit f629f8a7b972f09fe959c68843b9cd5a03abfc76) --- source3/utils/net_rpc_samsync.c | 33 ++++++++++++++++++--------------- 1 file changed, 18 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d5fc4b5c58..fa196af5ed 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -494,7 +494,7 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { - NTSTATUS nt_ret; + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; pstring add_script; struct samu *sam_account=NULL; @@ -1434,12 +1434,11 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group ACCOUNTMAP *accountmap, FILE *add_fd, fstring sid, char *suffix, int alloced) { - fstring username, homedir, logonscript, homedrive, homepath; + fstring username, logonscript, homedrive, homepath = "", homedir = ""; fstring hex_nt_passwd, hex_lm_passwd; fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; char *flags; - const char *blank = "", *shell = "/bin/bash"; const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1459,12 +1458,14 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group pstr_sprintf(accountmap->cn, "%s", username); /* Get the home directory */ - unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), - sizeof(homedir)-1); - if (strcmp(homedir, blank) == 0) { - pstr_sprintf(homedir, "/home/%s", username); - } else { - strncpy(homepath, homedir, sizeof(homepath)); + if (delta->account_info.acb_info & ACB_NORMAL) { + unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), + sizeof(homedir)-1); + if (!*homedir) { + pstr_sprintf(homedir, "/home/%s", username); + } else { + pstr_sprintf(homedir, "dev/null"); + } } /* Get the logon script */ @@ -1478,7 +1479,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), sizeof(description)-1); - if (strcmp(description, blank) == 0) { + if (!*description) { pstr_sprintf(description, "System User"); } @@ -1548,18 +1549,20 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group fprintf(add_fd, "uidNumber: %d\n", ldif_uid); fprintf(add_fd, "gidNumber: %d\n", gidNumber); fprintf(add_fd, "homeDirectory: %s\n", homedir); - if (strcmp(homepath, blank) != 0) + if (*homepath) fprintf(add_fd, "SambaHomePath: %s\n", homepath); - if (strcmp(homedrive, blank) != 0) + if (*homedrive) fprintf(add_fd, "SambaHomeDrive: %s\n", homedrive); - if (strcmp(logonscript, blank) != 0) + if (*logonscript) fprintf(add_fd, "SambaLogonScript: %s\n", logonscript); - fprintf(add_fd, "loginShell: %s\n", shell); + fprintf(add_fd, "loginShell: %s\n", + ((delta->account_info.acb_info & ACB_NORMAL) ? + "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); fprintf(add_fd, "description: %s\n", description); fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); - if(strcmp(fullname, blank) != 0) + if(*fullname) fprintf(add_fd, "displayName: %s\n", fullname); if (strcmp(nopasswd, hex_lm_passwd) != 0) fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); -- cgit From 247bacf19ba28905adde63538b7855f07e57ce50 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Tue, 7 Mar 2006 17:49:26 +0000 Subject: r13968: fix typo, caught by Guenther (This used to be commit 217d3fbe7923115ae610a39e586ceb93df7683f5) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fa196af5ed..7ec6af0a44 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1464,7 +1464,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "dev/null"); + pstr_sprintf(homedir, "/dev/null"); } } -- cgit From 3cc8b8125a50721b5aeab43c8a30e3cba8d8ceef Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Mar 2006 08:41:36 +0000 Subject: r14035: Fix Coverity bug # 124 (This used to be commit 9fe21fd0326e67a4b1006d2b4a24e39e2d57d796) --- source3/utils/net_rpc_samsync.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 7ec6af0a44..c6cbc76858 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -396,6 +396,7 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d if (STRING_CHANGED) pdb_set_munged_dial(account, new_string, PDB_CHANGED); + SAFE_FREE(new_string); } /* User and group sid */ -- cgit From 753dcde401f165711e902d5bccd88bc4f6868537 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 8 Mar 2006 08:51:19 +0000 Subject: r14036: Ok, the last one generated a const warning. Also fix Coverity # 119. net rpc vampire is ugly.... Volker (This used to be commit c1ea48949d2692c839f6ced68165cabd76b580ea) --- source3/utils/net_rpc_samsync.c | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c6cbc76858..4d8af2a9ce 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -305,6 +305,10 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, (!old_string && new_string) ||\ (old_string && new_string && (strcmp(old_string, new_string) != 0)) +#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\ + (!(s1) && (s2)) ||\ + ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) + static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta) { const char *old_string, *new_string; @@ -389,14 +393,15 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d if (delta->hdr_parameters.buffer) { DATA_BLOB mung; + char *newstr; old_string = pdb_get_munged_dial(account); mung.length = delta->hdr_parameters.uni_str_len; mung.data = (uint8 *) delta->uni_parameters.buffer; - new_string = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); - if (STRING_CHANGED) - pdb_set_munged_dial(account, new_string, PDB_CHANGED); - SAFE_FREE(new_string); + if (STRING_CHANGED_NC(old_string, newstr)) + pdb_set_munged_dial(account, newstr, PDB_CHANGED); + SAFE_FREE(newstr); } /* User and group sid */ @@ -1086,11 +1091,13 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch if (idmap_suffix && *idmap_suffix && strcmp(idmap_suffix, user_suffix) && strcmp(idmap_suffix, suffix)) { + char *s; fprintf(add_fd, "# %s\n", idmap_suffix); fprintf(add_fd, "dn: %s\n", idmap_suffix); fprintf(add_fd, "ObjectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", - sstring_sub(lp_ldap_idmap_suffix(), '=', ',')); + s = sstring_sub(lp_ldap_idmap_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", s); + SAFE_FREE(s); fprintf(add_fd, "\n"); fflush(add_fd); } -- cgit From 924be0421772c1a161a8cf300e88748dab25c709 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Wed, 8 Mar 2006 21:29:49 +0000 Subject: r14053: Implement Simo's suggestion: don't use /dev/null for a 'bad' path for users/workstations (This used to be commit 2690f015be1f7eb9802f652810e73ff5f5688304) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4d8af2a9ce..3c53b5ebfa 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1158,7 +1158,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "gidNumber: 514\n"); fprintf(add_fd, "uid: nobody\n"); fprintf(add_fd, "uidNumber: 999\n"); - fprintf(add_fd, "homeDirectory: /dev/null\n"); + fprintf(add_fd, "homeDirectory: /nobodyshomedir\n"); fprintf(add_fd, "sambaPwdLastSet: 0\n"); fprintf(add_fd, "sambaLogonTime: 0\n"); fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); @@ -1472,7 +1472,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { - pstr_sprintf(homedir, "/dev/null"); + pstr_sprintf(homedir, "/nobodyshomedir"); } } -- cgit From 7a2bc34d4d42c0164f476fa9bb0d06ad07db7da5 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 09:41:08 +0000 Subject: r14135: Fix for Coverity #123: resource leak. Also rework much of the code to make it cleaner. There's still more to do on this... (This used to be commit f75dad0325aec93cc604ddfbef40d29979d07275) --- source3/utils/net_rpc_samsync.c | 71 +++++++++++++++++++++++++---------------- 1 file changed, 44 insertions(+), 27 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3c53b5ebfa..e31525b2ea 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1710,14 +1710,14 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, char *ldif_file; fstring sid, domainname; uint32 sync_context = 0; - NTSTATUS result; + NTSTATUS ret = NT_STATUS_OK, result; int k; TALLOC_CTX *mem_ctx; SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; - FILE *add_fd, *mod_fd, *ldif_fd; + FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; char sys_cmd[1024]; int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; @@ -1739,22 +1739,29 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, else ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); - if (ldif_file == NULL) - return NT_STATUS_NO_MEMORY; + if (ldif_file == NULL) { + ret = NT_STATUS_NO_MEMORY; + goto done; + } /* Open the add and mod ldif files */ - add_fd = fopen(add_ldif, "a"); - mod_fd = fopen(mod_ldif, "a"); - if (add_fd == NULL || mod_fd == NULL) { + if (!(add_fd = fopen(add_ldif, "a"))) { DEBUG(1, ("Could not open %s\n", add_ldif)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + if (!(mod_fd = fopen(mod_ldif, "a"))) { + DEBUG(1, ("Could not open %s\n", mod_ldif)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } /* Open the user's ldif file */ ldif_fd = fopen(ldif_file, "a"); if (ldif_fd == NULL) { DEBUG(1, ("Could not open %s\n", ldif_file)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } /* Get the sid */ @@ -1779,7 +1786,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, accountmap = SMB_MALLOC_ARRAY(ACCOUNTMAP, 8); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); - return NT_STATUS_NO_MEMORY; + ret = NT_STATUS_NO_MEMORY; + goto done; } /* Initialize the arrays */ @@ -1821,7 +1829,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, &deltas); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - return NT_STATUS_OK; + ret = NT_STATUS_OK; + goto done; /* is this correct? jmcd */ } /* Re-allocate memory for groupmap and accountmap arrays */ @@ -1831,9 +1840,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); - SAFE_FREE(groupmap); - SAFE_FREE(accountmap); - return NT_STATUS_NO_MEMORY; + ret = NT_STATUS_NO_MEMORY; + goto done; } /* Initialize the new records */ @@ -1925,7 +1933,9 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Close the ldif files */ fclose(add_fd); + add_fd = NULL; fclose(mod_fd); + mod_fd = NULL; /* Write ldif data to the user's file */ if (db_type == SAM_DATABASE_DOMAIN) { @@ -1946,7 +1956,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, if (sys_cmd_result) { d_fprintf(stderr, "%s failed. Error was (%s)\n", sys_cmd, strerror(errno)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } if (db_type == SAM_DATABASE_DOMAIN) { fprintf(ldif_fd, @@ -1966,20 +1977,26 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, if (sys_cmd_result) { d_fprintf(stderr, "%s failed. Error was (%s)\n", sys_cmd, strerror(errno)); - return NT_STATUS_UNSUCCESSFUL; + ret = NT_STATUS_UNSUCCESSFUL; + goto done; } /* Delete the temporary ldif files */ - pstr_sprintf(sys_cmd, "rm -f %s %s", add_ldif, mod_ldif); - sys_cmd_result = system(sys_cmd); - if (sys_cmd_result) { - d_fprintf(stderr, "%s failed. Error was (%s)\n", - sys_cmd, strerror(errno)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Close the ldif file */ - fclose(ldif_fd); + if (unlink(add_ldif)) + d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", + add_ldif, strerror(errno)); + if (unlink(mod_ldif)) + d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", + mod_ldif, strerror(errno)); + + done: + /* Close the ldif files */ + if (add_fd) + fclose(add_fd); + if (mod_fd) + fclose(mod_fd); + if (ldif_fd) + fclose(ldif_fd); /* Deallocate memory for the mapping arrays */ SAFE_FREE(groupmap); @@ -1987,7 +2004,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Return */ talloc_destroy(mem_ctx); - return NT_STATUS_OK; + return ret; } /** -- cgit From a2d489c187792cb18685830a8c80dd5bfed6163e Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 13:33:02 +0000 Subject: r14147: Fix coverity #119. alloc'ed memory returned not saved, so not freed. Need to go back and correct the assumption that an "ldap xxx suffix" parm must have an OU. (This used to be commit 2d7ba11ffbe17af12257a91638be95d09c0c34c5) --- source3/utils/net_rpc_samsync.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e31525b2ea..5ee0b70278 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1076,11 +1076,15 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch if (machine_suffix && *machine_suffix && strcmp(machine_suffix, user_suffix) && strcmp(machine_suffix, suffix)) { - fprintf(add_fd, "# %s\n", lp_ldap_machine_suffix()); - fprintf(add_fd, "dn: %s\n", lp_ldap_machine_suffix()); + char *machine_ou = NULL; + fprintf(add_fd, "# %s\n", machine_suffix); + fprintf(add_fd, "dn: %s\n", machine_suffix); fprintf(add_fd, "objectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", - sstring_sub(lp_ldap_machine_suffix(), '=', ',')); + /* this isn't totally correct as it assumes that + there _must_ be an ou. just fixing memleak now. jmcd */ + machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ','); + fprintf(add_fd, "ou: %s\n", machine_ou); + SAFE_FREE(machine_ou); fprintf(add_fd, "\n"); fflush(add_fd); } -- cgit From b5f12bc0f8717f5c91070a6615b9597d675a3a6c Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 14:09:34 +0000 Subject: r14150: Fix coverity #118: not freeing alloc'ed storage returned from sstring_sub(). (This used to be commit 6ff849f35ae3394d6557f79c73b0fe54fbb86d0f) --- source3/utils/net_rpc_samsync.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 5ee0b70278..2c2ffbe6f0 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1309,7 +1309,9 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); /* Deallocate memory, and return */ - if (suffix_attr != NULL) SAFE_FREE(suffix_attr); + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); return NT_STATUS_OK; } -- cgit From c53c08ef866fd61fe3fa79bfaf3e9dc6b5aab4ae Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 14:14:23 +0000 Subject: r14152: Fix coverity #117: free storage alloc'ed by sstring_sub (This used to be commit cf36f5949f8ac5ea020fcaa796ad92852df25ae7) --- source3/utils/net_rpc_samsync.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2c2ffbe6f0..b056d170d6 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1384,6 +1384,7 @@ static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, group_attr, suffix); accountmap[7].rid = 551; pstr_sprintf(accountmap[7].cn, "%s", "Replicators"); + SAFE_FREE(group_attr); return NT_STATUS_OK; } -- cgit From 49dec1cac6defdfb0ab9a15ab274a4a233b44e45 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 14:17:44 +0000 Subject: r14153: Fix coverity #116: free storage alloc'ed by sstring_sub() (This used to be commit dbc0ff5544f2d15b1d1bc41319c76274b79d92b4) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index b056d170d6..a171782c48 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1412,6 +1412,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma strcmp(groupname, "Print Operators") == 0 || strcmp(groupname, "Backup Operators") == 0 || strcmp(groupname, "Replicators") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1441,6 +1442,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; } -- cgit From c0d4100517bc50d7f81c3e5816a08c1a8284efa4 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 14:20:09 +0000 Subject: r14155: Fix coverity #115: free storage alloc'ed by sstring_sub() (This used to be commit a197b8c5cb02c8a5fac3882e7b76bcd7abb0279c) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index a171782c48..691e28af8e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1636,6 +1636,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma strcmp(aliasname, "Print Operators") == 0 || strcmp(aliasname, "Backup Operators") == 0 || strcmp(aliasname, "Replicator") == 0) { + SAFE_FREE(group_attr); return NT_STATUS_OK; } else { /* Increment the gid for the new group */ @@ -1663,6 +1664,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma fprintf(add_fd, "\n"); fflush(add_fd); + SAFE_FREE(group_attr); /* Return */ return NT_STATUS_OK; } -- cgit From a5eda886778fe22b15f973236b3b133e78308148 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 10 Mar 2006 14:28:51 +0000 Subject: r14156: Fix coverity #114: free storage alloc'ed by sstring_sub() (This used to be commit 655fb66b289bdd19c4432eea00fac935184f25c9) --- source3/utils/net_rpc_samsync.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 691e28af8e..9b001e02f3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1455,7 +1455,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group fstring hex_nt_passwd, hex_lm_passwd; fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; - char *flags; + char *flags, *user_rdn; const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1551,10 +1551,11 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ - fprintf(add_fd, "# %s, %s, %s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); - fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, - sstring_sub(lp_ldap_user_suffix(), '=', ','), suffix); + /* this isn't quite right...we can't assume there's just OU=. jmcd */ + user_rdn = sstring_sub(lp_ldap_user_suffix(), '=', ','); + fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); + fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, user_rdn, suffix); + SAFE_FREE(user_rdn); fprintf(add_fd, "ObjectClass: top\n"); fprintf(add_fd, "objectClass: inetOrgPerson\n"); fprintf(add_fd, "objectClass: posixAccount\n"); -- cgit From a0e36ddb688d88e60a50c90c170cdb861e6a7013 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 23 Mar 2006 16:39:37 +0000 Subject: r14681: Get rid of hardcoded /tmp/add.ldif and /tmp/mod.ldif files. Is there a different directory the temp files should be in, or is /tmp ok? Still have to get rid of the output file hardcoding, but that is to come, because I need to cleanup stdout. (This used to be commit 0d4bd93a5ca4025bbdeb507f4a2d6217cfb39c79) --- source3/utils/net_rpc_samsync.c | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9b001e02f3..ae8d2cdc08 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1719,7 +1719,9 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, { char *suffix; const char *builtin_sid = "S-1-5-32"; - char *ldif_file; + char *ldif_file, *add_ldif, *mod_ldif; + const char *add_template = "/tmp/add.ldif.XXXXXX"; + const char *mod_template = "/tmp/mod.ldif.XXXXXX"; fstring sid, domainname; uint32 sync_context = 0; NTSTATUS ret = NT_STATUS_OK, result; @@ -1728,7 +1730,6 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; - const char *add_ldif = "/tmp/add.ldif", *mod_ldif = "/tmp/mod.ldif"; FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; char sys_cmd[1024]; int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; @@ -1751,18 +1752,20 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, else ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); - if (ldif_file == NULL) { + add_ldif = talloc_strdup(mem_ctx, add_template); + mod_ldif = talloc_strdup(mem_ctx, mod_template); + if (!ldif_file || !add_ldif || !mod_ldif) { ret = NT_STATUS_NO_MEMORY; goto done; } /* Open the add and mod ldif files */ - if (!(add_fd = fopen(add_ldif, "a"))) { + if (!(add_fd = fdopen(smb_mkstemp(add_ldif),"w"))) { DEBUG(1, ("Could not open %s\n", add_ldif)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!(mod_fd = fopen(mod_ldif, "a"))) { + if (!(mod_fd = fdopen(smb_mkstemp(mod_ldif),"w"))) { DEBUG(1, ("Could not open %s\n", mod_ldif)); ret = NT_STATUS_UNSUCCESSFUL; goto done; @@ -1993,20 +1996,22 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, goto done; } - /* Delete the temporary ldif files */ - if (unlink(add_ldif)) - d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", - add_ldif, strerror(errno)); - if (unlink(mod_ldif)) - d_fprintf(stderr, "unlink(%s) failed, error was (%s)\n", - mod_ldif, strerror(errno)); - done: - /* Close the ldif files */ + /* Close and delete the ldif files */ if (add_fd) fclose(add_fd); + if (strcmp(add_ldif, add_template) && (unlink(add_ldif))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + add_ldif, strerror(errno))); + } + if (mod_fd) fclose(mod_fd); + if (strcmp(mod_ldif, mod_template) && (unlink(mod_ldif))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + mod_ldif, strerror(errno))); + } + if (ldif_fd) fclose(ldif_fd); -- cgit From 05ef1d6b5de77f027cc123f44d22bcc9567eeea9 Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Thu, 23 Mar 2006 18:35:15 +0000 Subject: r14683: Get rid of hardcoded output file. With no arg, print to stdout, otherwise append to output file specified. (This used to be commit b4ec93f5a26442d30ba2b8c91d03f3190975efd0) --- source3/utils/net_rpc_samsync.c | 134 ++++++++++++++++++---------------------- 1 file changed, 59 insertions(+), 75 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ae8d2cdc08..1faa487e45 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1719,7 +1719,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, { char *suffix; const char *builtin_sid = "S-1-5-32"; - char *ldif_file, *add_ldif, *mod_ldif; + char *add_name = NULL, *mod_name = NULL; const char *add_template = "/tmp/add.ldif.XXXXXX"; const char *mod_template = "/tmp/mod.ldif.XXXXXX"; fstring sid, domainname; @@ -1730,9 +1730,8 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, SAM_DELTA_HDR *hdr_deltas; SAM_DELTA_CTR *deltas; uint32 num_deltas; - FILE *add_fd = NULL, *mod_fd = NULL, *ldif_fd = NULL; - char sys_cmd[1024]; - int num_alloced = 0, g_index = 0, a_index = 0, sys_cmd_result; + FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL; + int num_alloced = 0, g_index = 0, a_index = 0; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -1748,37 +1747,36 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Ensure we have an output file */ if (user_file) - ldif_file = talloc_strdup(mem_ctx, user_file); + ldif_file = fopen(user_file, "a"); else - ldif_file = talloc_strdup(mem_ctx, "/tmp/tmp.ldif"); - - add_ldif = talloc_strdup(mem_ctx, add_template); - mod_ldif = talloc_strdup(mem_ctx, mod_template); - if (!ldif_file || !add_ldif || !mod_ldif) { + ldif_file = stdout; + + if (!ldif_file) { + fprintf(stderr, "Could not open %s\n", user_file); + DEBUG(1, ("Could not open %s\n", user_file)); + ret = NT_STATUS_UNSUCCESSFUL; + goto done; + } + + add_name = talloc_strdup(mem_ctx, add_template); + mod_name = talloc_strdup(mem_ctx, mod_template); + if (!add_name || !mod_name) { ret = NT_STATUS_NO_MEMORY; goto done; } /* Open the add and mod ldif files */ - if (!(add_fd = fdopen(smb_mkstemp(add_ldif),"w"))) { - DEBUG(1, ("Could not open %s\n", add_ldif)); + if (!(add_file = fdopen(smb_mkstemp(add_name),"w"))) { + DEBUG(1, ("Could not open %s\n", add_name)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if (!(mod_fd = fdopen(smb_mkstemp(mod_ldif),"w"))) { - DEBUG(1, ("Could not open %s\n", mod_ldif)); + if (!(mod_file = fdopen(smb_mkstemp(mod_name),"w"))) { + DEBUG(1, ("Could not open %s\n", mod_name)); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - /* Open the user's ldif file */ - ldif_fd = fopen(ldif_file, "a"); - if (ldif_fd == NULL) { - DEBUG(1, ("Could not open %s\n", ldif_file)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - /* Get the sid */ sid_to_string(sid, &dom_sid); @@ -1813,7 +1811,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, num_alloced = 8; /* Initial database population */ - populate_ldap_for_ldif(sid, suffix, builtin_sid, add_fd); + populate_ldap_for_ldif(sid, suffix, builtin_sid, add_file); map_populate_groups(groupmap, accountmap, sid, suffix, builtin_sid); @@ -1824,16 +1822,18 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Announce what we are doing */ switch( db_type ) { case SAM_DATABASE_DOMAIN: - d_printf("Fetching DOMAIN database\n"); + d_fprintf(stderr, "Fetching DOMAIN database\n"); break; case SAM_DATABASE_BUILTIN: - d_printf("Fetching BUILTIN database\n"); + d_fprintf(stderr, "Fetching BUILTIN database\n"); break; case SAM_DATABASE_PRIVS: - d_printf("Fetching PRIVS databases\n"); + d_fprintf(stderr, "Fetching PRIVS databases\n"); break; default: - d_printf("Fetching unknown database type %u\n", db_type ); + d_fprintf(stderr, + "Fetching unknown database type %u\n", + db_type ); break; } @@ -1881,14 +1881,14 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, case SAM_DELTA_GROUP_INFO: fetch_group_info_to_ldif( &deltas[k], &groupmap[g_index], - add_fd, sid, suffix); + add_file, sid, suffix); g_index++; break; case SAM_DELTA_ACCOUNT_INFO: fetch_account_info_to_ldif( &deltas[k], groupmap, - &accountmap[a_index], add_fd, + &accountmap[a_index], add_file, sid, suffix, num_alloced); a_index++; break; @@ -1896,7 +1896,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, case SAM_DELTA_ALIAS_INFO: fetch_alias_info_to_ldif( &deltas[k], &groupmap[g_index], - add_fd, sid, suffix, db_type); + add_file, sid, suffix, db_type); g_index++; break; @@ -1904,7 +1904,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, fetch_groupmem_info_to_ldif( &deltas[k], &hdr_deltas[k], groupmap, accountmap, - mod_fd, num_alloced); + mod_file, num_alloced); break; case SAM_DELTA_ALIAS_MEM: @@ -1946,74 +1946,58 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - /* Close the ldif files */ - fclose(add_fd); - add_fd = NULL; - fclose(mod_fd); - mod_fd = NULL; - /* Write ldif data to the user's file */ if (db_type == SAM_DATABASE_DOMAIN) { - fprintf(ldif_fd, + fprintf(ldif_file, "# SAM_DATABASE_DOMAIN: ADD ENTITIES\n"); - fprintf(ldif_fd, + fprintf(ldif_file, "# =================================\n\n"); - fflush(ldif_fd); + fflush(ldif_file); } else if (db_type == SAM_DATABASE_BUILTIN) { - fprintf(ldif_fd, + fprintf(ldif_file, "# SAM_DATABASE_BUILTIN: ADD ENTITIES\n"); - fprintf(ldif_fd, + fprintf(ldif_file, "# ==================================\n\n"); - fflush(ldif_fd); - } - pstr_sprintf(sys_cmd, "cat %s >> %s", add_ldif, ldif_file); - sys_cmd_result = system(sys_cmd); - if (sys_cmd_result) { - d_fprintf(stderr, "%s failed. Error was (%s)\n", - sys_cmd, strerror(errno)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; + fflush(ldif_file); } + fseek(add_file, 0, SEEK_SET); + transfer_file(fileno(add_file), fileno(ldif_file), (size_t) -1); + if (db_type == SAM_DATABASE_DOMAIN) { - fprintf(ldif_fd, + fprintf(ldif_file, "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); - fprintf(ldif_fd, + fprintf(ldif_file, "# ====================================\n\n"); - fflush(ldif_fd); + fflush(ldif_file); } else if (db_type == SAM_DATABASE_BUILTIN) { - fprintf(ldif_fd, + fprintf(ldif_file, "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n"); - fprintf(ldif_fd, + fprintf(ldif_file, "# =====================================\n\n"); - fflush(ldif_fd); - } - pstr_sprintf(sys_cmd, "cat %s >> %s", mod_ldif, ldif_file); - sys_cmd_result = system(sys_cmd); - if (sys_cmd_result) { - d_fprintf(stderr, "%s failed. Error was (%s)\n", - sys_cmd, strerror(errno)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; + fflush(ldif_file); } + fseek(mod_file, 0, SEEK_SET); + transfer_file(fileno(mod_file), fileno(ldif_file), (size_t) -1); + done: /* Close and delete the ldif files */ - if (add_fd) - fclose(add_fd); - if (strcmp(add_ldif, add_template) && (unlink(add_ldif))) { + if (add_file) + fclose(add_file); + if (strcmp(add_name, add_template) && (unlink(add_name))) { DEBUG(1,("unlink(%s) failed, error was (%s)\n", - add_ldif, strerror(errno))); + add_name, strerror(errno))); } - if (mod_fd) - fclose(mod_fd); - if (strcmp(mod_ldif, mod_template) && (unlink(mod_ldif))) { + if (mod_file) + fclose(mod_file); + if (strcmp(mod_name, mod_template) && (unlink(mod_name))) { DEBUG(1,("unlink(%s) failed, error was (%s)\n", - mod_ldif, strerror(errno))); + mod_name, strerror(errno))); } - if (ldif_fd) - fclose(ldif_fd); + if (ldif_file && (ldif_file != stdout)) + fclose(ldif_file); /* Deallocate memory for the mapping arrays */ SAFE_FREE(groupmap); -- cgit From 4f655c952bc18625b76f07e81518016cba7eee77 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 27 Mar 2006 02:51:25 +0000 Subject: r14743: Fix coverity bug #227. Possible deref of null pointer in error code path. Jeremy. (This used to be commit 9117713c5ee220331106d291425703aec4d7dd2c) --- source3/utils/net_rpc_samsync.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 1faa487e45..b1807bb79b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1982,22 +1982,27 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, done: /* Close and delete the ldif files */ - if (add_file) + if (add_file) { fclose(add_file); - if (strcmp(add_name, add_template) && (unlink(add_name))) { + } + + if ((add_name != NULL) && strcmp(add_name, add_template) && (unlink(add_name))) { DEBUG(1,("unlink(%s) failed, error was (%s)\n", add_name, strerror(errno))); } - if (mod_file) + if (mod_file) { fclose(mod_file); - if (strcmp(mod_name, mod_template) && (unlink(mod_name))) { + } + + if ((mod_name != NULL) && strcmp(mod_name, mod_template) && (unlink(mod_name))) { DEBUG(1,("unlink(%s) failed, error was (%s)\n", mod_name, strerror(errno))); } - if (ldif_file && (ldif_file != stdout)) + if (ldif_file && (ldif_file != stdout)) { fclose(ldif_file); + } /* Deallocate memory for the mapping arrays */ SAFE_FREE(groupmap); -- cgit From f390936c5b77c74717c364f0685f5be914daad1b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 May 2006 17:10:20 +0000 Subject: r15566: Fix Coverity bug # 284. The lp_ldap_xx_suffix function only return NULL if talloc fails. Volker (This used to be commit 0ece5b32f97f162be0af2ea3354a597c56ed4373) --- source3/utils/net_rpc_samsync.c | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index b1807bb79b..d13d5b1cb3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1042,10 +1042,12 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); user_suffix = lp_ldap_user_suffix(); + if (user_suffix == NULL) { + return NT_STATUS_NO_MEMORY; + } /* If it exists and is distinct from other containers, Write the Users entity */ - if (user_suffix && *user_suffix && - strcmp(user_suffix, suffix)) { + if (*user_suffix && strcmp(user_suffix, suffix)) { user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); fprintf(add_fd, "# %s\n", user_suffix); fprintf(add_fd, "dn: %s\n", user_suffix); @@ -1057,10 +1059,12 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch group_suffix = lp_ldap_group_suffix(); + if (group_suffix == NULL) { + return NT_STATUS_NO_MEMORY; + } /* If it exists and is distinct from other containers, Write the Groups entity */ - if (group_suffix && *group_suffix && - strcmp(group_suffix, suffix)) { + if (*group_suffix && strcmp(group_suffix, suffix)) { group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); fprintf(add_fd, "# %s\n", group_suffix); fprintf(add_fd, "dn: %s\n", group_suffix); @@ -1073,8 +1077,10 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch /* If it exists and is distinct from other containers, Write the Computers entity */ machine_suffix = lp_ldap_machine_suffix(); - if (machine_suffix && *machine_suffix && - strcmp(machine_suffix, user_suffix) && + if (machine_suffix == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (*machine_suffix && strcmp(machine_suffix, user_suffix) && strcmp(machine_suffix, suffix)) { char *machine_ou = NULL; fprintf(add_fd, "# %s\n", machine_suffix); @@ -1092,7 +1098,10 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch /* If it exists and is distinct from other containers, Write the IdMap entity */ idmap_suffix = lp_ldap_idmap_suffix(); - if (idmap_suffix && *idmap_suffix && + if (idmap_suffix == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (*idmap_suffix && strcmp(idmap_suffix, user_suffix) && strcmp(idmap_suffix, suffix)) { char *s; -- cgit From bb4856b14afcaf488d5bc960e881e8734feb532f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 15 May 2006 03:51:45 +0000 Subject: r15608: Fix a couple of Coverity errors (This used to be commit 696e210bf6688e8b2f408559768173b4bdbda979) --- source3/utils/net_rpc_samsync.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d13d5b1cb3..ef9a0627b5 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1043,6 +1043,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch user_suffix = lp_ldap_user_suffix(); if (user_suffix == NULL) { + SAFE_FREE(suffix_attr); return NT_STATUS_NO_MEMORY; } /* If it exists and is distinct from other containers, @@ -1060,6 +1061,8 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch group_suffix = lp_ldap_group_suffix(); if (group_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); return NT_STATUS_NO_MEMORY; } /* If it exists and is distinct from other containers, @@ -1078,6 +1081,9 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch Write the Computers entity */ machine_suffix = lp_ldap_machine_suffix(); if (machine_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); return NT_STATUS_NO_MEMORY; } if (*machine_suffix && strcmp(machine_suffix, user_suffix) && @@ -1099,6 +1105,9 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch Write the IdMap entity */ idmap_suffix = lp_ldap_idmap_suffix(); if (idmap_suffix == NULL) { + SAFE_FREE(suffix_attr); + SAFE_FREE(user_attr); + SAFE_FREE(group_attr); return NT_STATUS_NO_MEMORY; } if (*idmap_suffix && -- cgit From e7fc37cf0f4bd2c0f25865fb07d1bff27b239130 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 19 Jun 2006 19:07:39 +0000 Subject: r16360: Fix Klocwork ID 136 520 521 522 523 542 574 575 576 607 in net_rpc.c: 715 716 732 734 735 736 737 738 739 749 in net_rpc_audit.c: 754 755 756 in net_rpc_join.c: 757 in net_rpc_registry: 766 767 in net_rpc_samsync.c: 771 773 in net_sam.c: 797 798 Volker (This used to be commit 3df0bf7d6050fd7c9ace72487d4f74d92e30a584) --- source3/utils/net_rpc_samsync.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ef9a0627b5..85b086a02f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -574,6 +574,10 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } } + if (pdb_get_group_sid(sam_account) == NULL) { + return NT_STATUS_UNSUCCESSFUL; + } + group_sid = *pdb_get_group_sid(sam_account); if (!pdb_getgrsid(&map, group_sid)) { @@ -694,7 +698,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members); + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + DEBUG(0, ("talloc failed\n")); + talloc_free(t); + return NT_STATUS_NO_MEMORY; + } for (i=0; inum_members; i++) { struct samu *member = NULL; -- cgit From adc252c27511b8aee09a8b4ef6e7a50894514837 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 20 Jun 2006 20:43:05 +0000 Subject: r16429: Fix final 4 Klocwork bugs we're going to fix before release - #785, #786, #787, #788. Jeremy. (This used to be commit 9017547cccadeecb80f3db58a43838dc656fce2f) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 85b086a02f..4f99c3035c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1025,7 +1025,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char *builtin_sid, FILE *add_fd) { - char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; + const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; char *user_attr=NULL, *group_attr=NULL; char *suffix_attr; int len; -- cgit From fbdcf2663b56007a438ac4f0d8d82436b1bfe688 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Jul 2006 18:01:26 +0000 Subject: r16945: Sync trunk -> 3.0 for 3.0.24 code. Still need to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8) --- source3/utils/net_rpc_samsync.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4f99c3035c..861040533c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -42,7 +42,7 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) d_printf("\n"); } -static const char *display_time(NTTIME *nttime) +static const char *display_time(const UINT64_S *nttime) { static fstring string; @@ -123,11 +123,19 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } +static time_t uint64s_nt_time_to_unix_abs(const UINT64_S *src) +{ + NTTIME nttime; + nttime.high = src->high; + nttime.low = src->low; + return nt_time_to_unix_abs(&nttime); +} + static void display_domain_info(SAM_DOMAIN_INFO *a) { time_t u_logout; - u_logout = nt_time_to_unix_abs((NTTIME *)&a->force_logoff); + u_logout = uint64s_nt_time_to_unix_abs(&a->force_logoff); d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); @@ -136,11 +144,11 @@ static void display_domain_info(SAM_DOMAIN_INFO *a) d_printf("Force Logoff: %d\n", (int)u_logout); - d_printf("Max Password Age: %s\n", display_time((NTTIME *)&a->max_pwd_age)); - d_printf("Min Password Age: %s\n", display_time((NTTIME *)&a->min_pwd_age)); + d_printf("Max Password Age: %s\n", display_time(&a->max_pwd_age)); + d_printf("Min Password Age: %s\n", display_time(&a->min_pwd_age)); - d_printf("Lockout Time: %s\n", display_time((NTTIME *)&a->account_lockout.lockout_duration)); - d_printf("Lockout Reset Time: %s\n", display_time((NTTIME *)&a->account_lockout.reset_count)); + d_printf("Lockout Time: %s\n", display_time(&a->account_lockout.lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time(&a->account_lockout.reset_count)); d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); d_printf("User must logon to change password: %d\n", a->logon_chgpass); @@ -858,11 +866,11 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; pstring domname; - u_max_age = nt_time_to_unix_abs((NTTIME *)&delta->max_pwd_age); - u_min_age = nt_time_to_unix_abs((NTTIME *)&delta->min_pwd_age); - u_logout = nt_time_to_unix_abs((NTTIME *)&delta->force_logoff); - u_lockoutreset = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.reset_count); - u_lockouttime = nt_time_to_unix_abs((NTTIME *)&delta->account_lockout.lockout_duration); + u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age); + u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age); + u_logout = uint64s_nt_time_to_unix_abs(&delta->force_logoff); + u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); + u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname) - 1); -- cgit From 3fa73aa04dee3ff615fc3b67ce3be68a50b7ee96 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Jul 2006 15:45:19 +0000 Subject: r17312: Do some reformatting on net rpc samsync ldif. Not doing this checkin easily, as this puts me into svn blame in places I'm not sure I want my name to show up.... Volker (This used to be commit d00e73c49b5227db61d41a017eb9b71d9e7e2620) --- source3/utils/net_rpc_samsync.c | 287 +++++++++++++++++++++------------------- 1 file changed, 152 insertions(+), 135 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 861040533c..c31c221064 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1481,9 +1481,12 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma return NT_STATUS_OK; } -static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, - ACCOUNTMAP *accountmap, FILE *add_fd, - fstring sid, char *suffix, int alloced) +static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + FILE *add_fd, + fstring sid, char *suffix, + int alloced) { fstring username, logonscript, homedrive, homepath = "", homedir = ""; fstring hex_nt_passwd, hex_lm_passwd; @@ -1521,11 +1524,11 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group /* Get the logon script */ unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), - sizeof(logonscript)-1); + sizeof(logonscript)-1); /* Get the home drive */ unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), - sizeof(homedrive)-1); + sizeof(homedrive)-1); /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), @@ -1551,7 +1554,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) { sam_pwd_hash(delta->account_info.user_rid, delta->account_info.pass.buf_nt_pwd, - nt_passwd, 0); + nt_passwd, 0); pdb_sethexpwd(hex_nt_passwd, nt_passwd, delta->account_info.acb_info); } else { @@ -1629,9 +1632,11 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *group return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, - FILE *add_fd, fstring sid, char *suffix, - unsigned db_type) +static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, + GROUPMAP *groupmap, + FILE *add_fd, fstring sid, + char *suffix, + unsigned db_type) { fstring aliasname, description; uint32 grouptype = 0, g_rid = 0; @@ -1647,21 +1652,21 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma /* Set up the group type */ switch (db_type) { - case SAM_DATABASE_DOMAIN: - grouptype = 4; - break; - case SAM_DATABASE_BUILTIN: - grouptype = 5; - break; - default: - grouptype = 4; - break; + case SAM_DATABASE_DOMAIN: + grouptype = 4; + break; + case SAM_DATABASE_BUILTIN: + grouptype = 5; + break; + default: + grouptype = 4; + break; } /* - These groups are entered by populate_ldap_for_ldif - Note that populate creates a group called Relicators, - but NT returns a group called Replicator + These groups are entered by populate_ldap_for_ldif + Note that populate creates a group called Relicators, + but NT returns a group called Replicator */ if (strcmp(aliasname, "Domain Admins") == 0 || strcmp(aliasname, "Domain Users") == 0 || @@ -1704,9 +1709,11 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma return NT_STATUS_OK; } -static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, - GROUPMAP *groupmap, ACCOUNTMAP *accountmap, - FILE *mod_fd, int alloced) +static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, + SAM_DELTA_HDR *hdr_delta, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + FILE *mod_fd, int alloced) { fstring group_dn; uint32 group_rid = 0, rid = 0; @@ -1733,7 +1740,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR if (accountmap[k].rid == rid) break; } if (k == alloced){ - DEBUG(1, ("Could not find rid %d in accountmap array\n", rid)); + DEBUG(1, ("Could not find rid %d in " + "accountmap array\n", rid)); return NT_STATUS_UNSUCCESSFUL; } fprintf(mod_fd, "memberUid: %s\n", accountmap[k].cn); @@ -1747,9 +1755,9 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR } static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, - uint32 db_type, - DOM_SID dom_sid, - const char *user_file) + uint32 db_type, + DOM_SID dom_sid, + const char *user_file) { char *suffix; const char *builtin_sid = "S-1-5-32"; @@ -1847,7 +1855,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Initial database population */ populate_ldap_for_ldif(sid, suffix, builtin_sid, add_file); map_populate_groups(groupmap, accountmap, sid, suffix, - builtin_sid); + builtin_sid); /* Don't do this again */ init_ldap = 0; @@ -1855,27 +1863,27 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Announce what we are doing */ switch( db_type ) { - case SAM_DATABASE_DOMAIN: - d_fprintf(stderr, "Fetching DOMAIN database\n"); - break; - case SAM_DATABASE_BUILTIN: - d_fprintf(stderr, "Fetching BUILTIN database\n"); - break; - case SAM_DATABASE_PRIVS: - d_fprintf(stderr, "Fetching PRIVS databases\n"); - break; - default: - d_fprintf(stderr, - "Fetching unknown database type %u\n", - db_type ); - break; + case SAM_DATABASE_DOMAIN: + d_fprintf(stderr, "Fetching DOMAIN database\n"); + break; + case SAM_DATABASE_BUILTIN: + d_fprintf(stderr, "Fetching BUILTIN database\n"); + break; + case SAM_DATABASE_PRIVS: + d_fprintf(stderr, "Fetching PRIVS databases\n"); + break; + default: + d_fprintf(stderr, + "Fetching unknown database type %u\n", + db_type ); + break; } do { result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, &hdr_deltas, - &deltas); + db_type, sync_context, + &num_deltas, &hdr_deltas, + &deltas); if (!NT_STATUS_IS_OK(result) && !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { ret = NT_STATUS_OK; @@ -1884,9 +1892,9 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Re-allocate memory for groupmap and accountmap arrays */ groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, - num_deltas+num_alloced); + num_deltas+num_alloced); accountmap = SMB_REALLOC_ARRAY(accountmap, ACCOUNTMAP, - num_deltas+num_alloced); + num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); ret = NT_STATUS_NO_MEMORY; @@ -1905,72 +1913,73 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Loop through the deltas */ for (k=0; k] [options]\n"\ - "\t to pull accounts from a remote PDC where we are a BDC\n"\ - "\t\t no args puts accounts in local passdb from smb.conf\n"\ - "\t\t ldif - put accounts in ldif format (file defaults to /tmp/tmp.ldif\n"); + d_printf("net rpc vampire [ldif [] [options]\n" + "\t to pull accounts from a remote PDC where we are a BDC\n" + "\t\t no args puts accounts in local passdb from smb.conf\n" + "\t\t ldif - put accounts in ldif format (file defaults to " + "/tmp/tmp.ldif\n"); net_common_flags_usage(argc, argv); return -1; @@ -2083,47 +2095,52 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, d_printf("Cannot import users from %s at this time, " "as the current domain:\n\t%s: %s\nconflicts " "with the remote domain\n\t%s: %s\n" - "Perhaps you need to set: \n\n\tsecurity=user\n\tworkgroup=%s\n\n in your smb.conf?\n", + "Perhaps you need to set: \n\n\tsecurity=user\n\t" + "workgroup=%s\n\n in your smb.conf?\n", domain_name, - get_global_sam_name(), sid_to_string(my_dom_sid_str, - get_global_sam_sid()), - domain_name, sid_to_string(rem_dom_sid_str, domain_sid), + get_global_sam_name(), + sid_to_string(my_dom_sid_str, + get_global_sam_sid()), + domain_name, sid_to_string(rem_dom_sid_str, + domain_sid), domain_name); return NT_STATUS_UNSUCCESSFUL; } if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, - *domain_sid, argv[1]); + *domain_sid, argv[1]); } else { - result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, *domain_sid); + result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, + *domain_sid); } if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch domain database: %s\n", - nt_errstr(result)); + nt_errstr(result)); if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) - d_fprintf(stderr, "Perhaps %s is a Windows 2000 native " - "mode domain?\n", domain_name); + d_fprintf(stderr, "Perhaps %s is a Windows 2000 " + "native mode domain?\n", domain_name); goto fail; } if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, - global_sid_Builtin, argv[1]); + result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, + global_sid_Builtin, argv[1]); } else { - result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, global_sid_Builtin); + result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, + global_sid_Builtin); } if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch builtin database: %s\n", - nt_errstr(result)); + nt_errstr(result)); goto fail; } /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ -fail: + fail: return result; } -- cgit From 4e9df2fba37e4b1422bfda9781c7c486cfec7ed1 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 29 Jul 2006 17:33:48 +0000 Subject: r17313: Non-Ascii attribute values need to be encoded as base64, with an attribute name attr:: instead of attr: German domains tend to have umlauts in group names. More to come tomorrow. Volker (This used to be commit 94cdd5d64cfaa5228209eebbb76244da0bf4b518) --- source3/utils/net_rpc_samsync.c | 75 ++++++++++++++++++++++++++++++++--------- 1 file changed, 60 insertions(+), 15 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c31c221064..fd5d69e19c 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1159,7 +1159,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); fprintf(add_fd, "sambaPwdCanChange: 0\n"); fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); - fprintf(add_fd, "sambaHomePath: \\\\PDC-SRV\root\n"); + fprintf(add_fd, "sambaHomePath: \\\\PDC-SRV\\root\n"); fprintf(add_fd, "sambaHomeDrive: H:\n"); fprintf(add_fd, "sambaProfilePath: \\\\PDC-SRV\\profiles\\root\n"); fprintf(add_fd, "sambaprimaryGroupSID: %s-512\n", sid); @@ -1422,6 +1422,50 @@ static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, return NT_STATUS_OK; } +/* + * This is a crap routine, but I think it's the quickest way to solve the + * UTF8->base64 problem. + */ + +static int fprintf_attr(FILE *add_fd, const char *attr_name, + const char *fmt, ...) +{ + va_list ap; + char *value, *p, *base64; + DATA_BLOB base64_blob; + int res; + + va_start(ap, fmt); + value = talloc_vasprintf(NULL, fmt, ap); + va_end(ap); + + SMB_ASSERT(value != NULL); + + for (p=value; *p; p++) { + if (*p & 0x80) { + break; + } + } + + if (*p == 0) { + /* Found no high bit set */ + res = fprintf(add_fd, "%s: %s\n", attr_name, value); + TALLOC_FREE(value); + return res; + } + + base64_blob.data = (unsigned char *)value; + base64_blob.length = strlen(value); + + base64 = base64_encode_data_blob(base64_blob); + SMB_ASSERT(base64 != NULL); + + res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); + TALLOC_FREE(value); + SAFE_FREE(base64); + return res; +} + static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix) { @@ -1464,15 +1508,15 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma /* Write the data to the temporary add ldif file */ fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr, suffix); - fprintf(add_fd, "dn: cn=%s,ou=%s,%s\n", groupname, group_attr, - suffix); + fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", groupname, group_attr, + suffix); fprintf(add_fd, "objectClass: posixGroup\n"); fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "cn: %s\n", groupname); + fprintf_attr(add_fd, "cn", "%s", groupname); fprintf(add_fd, "gidNumber: %d\n", ldif_gid); fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); fprintf(add_fd, "sambaGroupType: %d\n", grouptype); - fprintf(add_fd, "displayName: %s\n", groupname); + fprintf_attr(add_fd, "displayName", "%s", groupname); fprintf(add_fd, "\n"); fflush(add_fd); @@ -1591,34 +1635,35 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* this isn't quite right...we can't assume there's just OU=. jmcd */ user_rdn = sstring_sub(lp_ldap_user_suffix(), '=', ','); fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); - fprintf(add_fd, "dn: uid=%s,ou=%s,%s\n", username, user_rdn, suffix); + fprintf_attr(add_fd, "dn", "uid=%s,ou=%s,%s", username, user_rdn, + suffix); SAFE_FREE(user_rdn); fprintf(add_fd, "ObjectClass: top\n"); fprintf(add_fd, "objectClass: inetOrgPerson\n"); fprintf(add_fd, "objectClass: posixAccount\n"); fprintf(add_fd, "objectClass: shadowAccount\n"); fprintf(add_fd, "objectClass: sambaSamAccount\n"); - fprintf(add_fd, "cn: %s\n", username); - fprintf(add_fd, "sn: %s\n", username); - fprintf(add_fd, "uid: %s\n", username); + fprintf_attr(add_fd, "cn", "%s", username); + fprintf_attr(add_fd, "sn", "%s", username); + fprintf_attr(add_fd, "uid" "%s", username); fprintf(add_fd, "uidNumber: %d\n", ldif_uid); fprintf(add_fd, "gidNumber: %d\n", gidNumber); - fprintf(add_fd, "homeDirectory: %s\n", homedir); + fprintf_attr(add_fd, "homeDirectory", "%s\n", homedir); if (*homepath) - fprintf(add_fd, "SambaHomePath: %s\n", homepath); + fprintf_attr(add_fd, "sambaHomePath", "%s", homepath); if (*homedrive) - fprintf(add_fd, "SambaHomeDrive: %s\n", homedrive); + fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); if (*logonscript) - fprintf(add_fd, "SambaLogonScript: %s\n", logonscript); + fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); fprintf(add_fd, "loginShell: %s\n", ((delta->account_info.acb_info & ACB_NORMAL) ? "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); - fprintf(add_fd, "description: %s\n", description); + fprintf_attr(add_fd, "description", "%s", description); fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); if(*fullname) - fprintf(add_fd, "displayName: %s\n", fullname); + fprintf_attr(add_fd, "displayName", "%s", fullname); if (strcmp(nopasswd, hex_lm_passwd) != 0) fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); if (strcmp(nopasswd, hex_nt_passwd) != 0) -- cgit From 175ac9f7dbf3dfa00a4da0447849241cc7c8d50c Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 31 Jul 2006 06:01:54 +0000 Subject: r17335: Some more fixes to net rpc vampire ldif. Still not good though :-( Volker (This used to be commit e947f4bd91fcfa0dd27d12e8188ada381da541ff) --- source3/utils/net_rpc_samsync.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fd5d69e19c..af38abf255 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1537,6 +1537,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, fstring description, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; char *flags, *user_rdn; + const char *ou; const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; static uchar zero_buf[16]; uint32 rid = 0, group_rid = 0, gidNumber = 0; @@ -1564,7 +1565,11 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } else { pstr_sprintf(homedir, "/nobodyshomedir"); } - } + ou = lp_ldap_user_suffix(); + } else { + ou = lp_ldap_machine_suffix(); + pstr_sprintf(homedir, "/machinehomedir"); + } /* Get the logon script */ unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), @@ -1633,7 +1638,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Add the user to the temporary add ldif file */ /* this isn't quite right...we can't assume there's just OU=. jmcd */ - user_rdn = sstring_sub(lp_ldap_user_suffix(), '=', ','); + user_rdn = sstring_sub(ou, '=', ','); fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); fprintf_attr(add_fd, "dn", "uid=%s,ou=%s,%s", username, user_rdn, suffix); @@ -1645,10 +1650,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, fprintf(add_fd, "objectClass: sambaSamAccount\n"); fprintf_attr(add_fd, "cn", "%s", username); fprintf_attr(add_fd, "sn", "%s", username); - fprintf_attr(add_fd, "uid" "%s", username); + fprintf_attr(add_fd, "uid", "%s", username); fprintf(add_fd, "uidNumber: %d\n", ldif_uid); fprintf(add_fd, "gidNumber: %d\n", gidNumber); - fprintf_attr(add_fd, "homeDirectory", "%s\n", homedir); + fprintf_attr(add_fd, "homeDirectory", "%s", homedir); if (*homepath) fprintf_attr(add_fd, "sambaHomePath", "%s", homepath); if (*homedrive) @@ -1736,16 +1741,17 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* Write the data to the temporary add ldif file */ fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, suffix); - fprintf(add_fd, "dn: cn=%s,ou=%s,%s\n", aliasname, group_attr, - suffix); + fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", aliasname, group_attr, + suffix); fprintf(add_fd, "objectClass: posixGroup\n"); fprintf(add_fd, "objectClass: sambaGroupMapping\n"); fprintf(add_fd, "cn: %s\n", aliasname); fprintf(add_fd, "gidNumber: %d\n", ldif_gid); fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); fprintf(add_fd, "sambaGroupType: %d\n", grouptype); - fprintf(add_fd, "displayName: %s\n", aliasname); - fprintf(add_fd, "description: %s\n", description); + fprintf_attr(add_fd, "displayName", "%s", aliasname); + if (description[0]) + fprintf_attr(add_fd, "description", "%s", description); fprintf(add_fd, "\n"); fflush(add_fd); -- cgit From 7c2b79ea484089eb9e4544ebb13efff2d644c9a7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 1 Aug 2006 09:06:18 +0000 Subject: r17356: Also transfer the sambaHomePath attribute. Volker (This used to be commit 49ad0d4d0eea85ef133e1a5c055305e06de109de) --- source3/utils/net_rpc_samsync.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index af38abf255..298a7c7c43 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1579,6 +1579,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), sizeof(homedrive)-1); + /* Get the home path */ + unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir), + sizeof(homepath)-1); + /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), sizeof(description)-1); -- cgit From 280e3895b609f7b4fd880dabdc446529938a16f6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 2 Aug 2006 08:53:22 +0000 Subject: r17374: Get rid of a silly "System User" default for "description", also fetch the sambaProfilePath. Volker (This used to be commit 61e7ed593b944fa14330729e585d1f790af93a7b) --- source3/utils/net_rpc_samsync.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 298a7c7c43..4f7209cdb5 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1534,7 +1534,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, { fstring username, logonscript, homedrive, homepath = "", homedir = ""; fstring hex_nt_passwd, hex_lm_passwd; - fstring description, fullname, sambaSID; + fstring description, profilepath, fullname, sambaSID; uchar lm_passwd[16], nt_passwd[16]; char *flags, *user_rdn; const char *ou; @@ -1586,14 +1586,15 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), sizeof(description)-1); - if (!*description) { - pstr_sprintf(description, "System User"); - } /* Get the display name */ unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), sizeof(fullname)-1); + /* Get the profile path */ + unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile), + sizeof(profilepath)-1); + /* Get lm and nt password data */ if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { sam_pwd_hash(delta->account_info.user_rid, @@ -1668,11 +1669,14 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, ((delta->account_info.acb_info & ACB_NORMAL) ? "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); - fprintf_attr(add_fd, "description", "%s", description); + if (*description) + fprintf_attr(add_fd, "description", "%s", description); fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); if(*fullname) fprintf_attr(add_fd, "displayName", "%s", fullname); + if(*profilepath) + fprintf_attr(add_fd, "sambaProfilePath", "%s", profilepath); if (strcmp(nopasswd, hex_lm_passwd) != 0) fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); if (strcmp(nopasswd, hex_nt_passwd) != 0) -- cgit From 8e1fec05cbab33fae372794f3dff1cb5fccac809 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 2 Aug 2006 09:32:18 +0000 Subject: r17375: If a field containts only whitespace, we need to do base64 as well. Volker (This used to be commit 795d06f427061536c6e3a3eb5b5d60a27f5ec70d) --- source3/utils/net_rpc_samsync.c | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4f7209cdb5..bbe09a3b35 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1433,6 +1433,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, va_list ap; char *value, *p, *base64; DATA_BLOB base64_blob; + BOOL do_base64 = False; int res; va_start(ap, fmt); @@ -1443,12 +1444,29 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, for (p=value; *p; p++) { if (*p & 0x80) { + do_base64 = True; break; } } - if (*p == 0) { - /* Found no high bit set */ + if (!do_base64) { + BOOL only_whitespace = True; + for (p=value; *p; p++) { + /* + * I know that this not multibyte safe, but we break + * on the first non-whitespace character anyway. + */ + if (!isspace(*p)) { + only_whitespace = False; + break; + } + } + if (only_whitespace) { + do_base64 = True; + } + } + + if (!do_base64) { res = fprintf(add_fd, "%s: %s\n", attr_name, value); TALLOC_FREE(value); return res; -- cgit From ff7c0a7c357ab8a0ff9de6d18988933e0b398780 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 08:26:40 +0000 Subject: r17451: Change pdb_getgrsid not to take a DOM_SID but a const DOM_SID * as an argument. Volker (This used to be commit 873a5a1211d185fd50e7167d88cbc869f70dfd3f) --- source3/utils/net_rpc_samsync.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bbe09a3b35..fe3c919d9a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -588,7 +588,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) group_sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, group_sid)) { + if (!pdb_getgrsid(&map, &group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { @@ -630,7 +630,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (pdb_getgrsid(&map, group_sid)) { + if (pdb_getgrsid(&map, &group_sid)) { if ( map.gid != -1 ) grp = getgrgid(map.gid); insert = False; @@ -689,7 +689,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - if (!get_domain_group_from_sid(group_sid, &map)) { + if (!get_domain_group_from_sid(&group_sid, &map)) { DEBUG(0, ("Could not find global group %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } @@ -805,7 +805,6 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, fstring comment; struct group *grp = NULL; DOM_SID alias_sid; - fstring sid_string; GROUP_MAP map; BOOL insert = True; @@ -815,9 +814,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); sid_append_rid(&alias_sid, rid); - sid_to_string(sid_string, &alias_sid); - if (pdb_getgrsid(&map, alias_sid)) { + if (pdb_getgrsid(&map, &alias_sid)) { grp = getgrgid(map.gid); insert = False; } -- cgit From e1e62d89999629d41cc2b66b12eb37ce190d5db0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 8 Aug 2006 19:29:34 +0000 Subject: r17463: A bit of cleanup work: Remove some unused code: pdb_find_alias is not used anymore, and nobody I think has ever used the pdb_nop operations for group mapping. smbpasswd and tdb use the default ones and ldap has its own. Make the functions pdb_getgr* return NTSTATUS instead of BOOL. Nobody right now really makes use of it, but it feels wrong to throw away information so early. Volker (This used to be commit f9856f6490fe44fdba97ea86062237d8c74d4bdc) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index fe3c919d9a..09c6f4c775 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -588,7 +588,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) group_sid = *pdb_get_group_sid(sam_account); - if (!pdb_getgrsid(&map, &group_sid)) { + if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { @@ -630,7 +630,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (pdb_getgrsid(&map, &group_sid)) { + if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { if ( map.gid != -1 ) grp = getgrgid(map.gid); insert = False; @@ -815,7 +815,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, sid_copy(&alias_sid, &dom_sid); sid_append_rid(&alias_sid, rid); - if (pdb_getgrsid(&map, &alias_sid)) { + if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &alias_sid))) { grp = getgrgid(map.gid); insert = False; } -- cgit From 76362d0d33892df39c0a370f1f64c8581daaf166 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 9 Aug 2006 15:25:26 +0000 Subject: r17468: To minimize the diff later on, pre-commit some changes independently: Change internal mapping.c functions to return NTSTATUS instead of BOOL. Volker (This used to be commit 4ebfc30a28a6f48613098176c5acdfdafbd2941a) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 09c6f4c775..7cf3bb6e1d 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -689,7 +689,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - if (!get_domain_group_from_sid(&group_sid, &map)) { + if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map))) { DEBUG(0, ("Could not find global group %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } -- cgit From 03e3cd1d5a005ad5fd2bc97f9863abf675efd09f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 15 Aug 2006 14:07:15 +0000 Subject: r17554: Cleanup (This used to be commit 761cbd52f0cff6b864c506ec03c94039b6101ef9) --- source3/utils/net_rpc_samsync.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 7cf3bb6e1d..bbe09a3b35 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -588,7 +588,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) group_sid = *pdb_get_group_sid(sam_account); - if (!NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { + if (!pdb_getgrsid(&map, group_sid)) { DEBUG(0, ("Primary group of %s has no mapping!\n", pdb_get_username(sam_account))); } else { @@ -630,7 +630,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) sid_append_rid(&group_sid, rid); sid_to_string(sid_string, &group_sid); - if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &group_sid))) { + if (pdb_getgrsid(&map, group_sid)) { if ( map.gid != -1 ) grp = getgrgid(map.gid); insert = False; @@ -689,7 +689,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - if (!NT_STATUS_IS_OK(get_domain_group_from_sid(&group_sid, &map))) { + if (!get_domain_group_from_sid(group_sid, &map)) { DEBUG(0, ("Could not find global group %d\n", rid)); return NT_STATUS_NO_SUCH_GROUP; } @@ -805,6 +805,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, fstring comment; struct group *grp = NULL; DOM_SID alias_sid; + fstring sid_string; GROUP_MAP map; BOOL insert = True; @@ -814,8 +815,9 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); sid_append_rid(&alias_sid, rid); + sid_to_string(sid_string, &alias_sid); - if (NT_STATUS_IS_OK(pdb_getgrsid(&map, &alias_sid))) { + if (pdb_getgrsid(&map, alias_sid)) { grp = getgrgid(map.gid); insert = False; } -- cgit From 995205fc60f87e1a02aa1c6f309db55ae18e908a Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 6 Sep 2006 18:32:20 +0000 Subject: r18188: merge 3.0-libndr branch (This used to be commit 1115745caed3093c25d6be01ffee21819fb0a675) --- source3/utils/net_rpc_samsync.c | 59 +++++++---------------------------------- 1 file changed, 10 insertions(+), 49 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bbe09a3b35..0b54a6c97f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -42,44 +42,6 @@ static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) d_printf("\n"); } -static const char *display_time(const UINT64_S *nttime) -{ - static fstring string; - - float high; - float low; - int sec; - int days, hours, mins, secs; - int offset = 1; - - if (nttime->high==0 && nttime->low==0) - return "Now"; - - if (nttime->high==0x80000000 && nttime->low==0) - return "Never"; - - high = 65536; - high = high/10000; - high = high*65536; - high = high/1000; - high = high * (~nttime->high); - - low = ~nttime->low; - low = low/(1000*1000*10); - - sec=high+low; - sec+=offset; - - days=sec/(60*60*24); - hours=(sec - (days*60*60*24)) / (60*60); - mins=(sec - (days*60*60*24) - (hours*60*60) ) / 60; - secs=sec - (days*60*60*24) - (hours*60*60) - (mins*60); - - fstr_sprintf(string, "%u days, %u hours, %u minutes, %u seconds", days, hours, mins, secs); - return (string); -} - - static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) { d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); @@ -123,11 +85,10 @@ static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } -static time_t uint64s_nt_time_to_unix_abs(const UINT64_S *src) +static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) { NTTIME nttime; - nttime.high = src->high; - nttime.low = src->low; + nttime = *src; return nt_time_to_unix_abs(&nttime); } @@ -144,11 +105,11 @@ static void display_domain_info(SAM_DOMAIN_INFO *a) d_printf("Force Logoff: %d\n", (int)u_logout); - d_printf("Max Password Age: %s\n", display_time(&a->max_pwd_age)); - d_printf("Min Password Age: %s\n", display_time(&a->min_pwd_age)); + d_printf("Max Password Age: %s\n", display_time(a->max_pwd_age)); + d_printf("Min Password Age: %s\n", display_time(a->min_pwd_age)); - d_printf("Lockout Time: %s\n", display_time(&a->account_lockout.lockout_duration)); - d_printf("Lockout Reset Time: %s\n", display_time(&a->account_lockout.reset_count)); + d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count)); d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); d_printf("User must logon to change password: %d\n", a->logon_chgpass); @@ -420,14 +381,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d /* Logon and password information */ if (!nt_time_is_zero(&delta->logon_time)) { - unix_time = nt_time_to_unix(&delta->logon_time); + unix_time = nt_time_to_unix(delta->logon_time); stored_time = pdb_get_logon_time(account); if (stored_time != unix_time) pdb_set_logon_time(account, unix_time, PDB_CHANGED); } if (!nt_time_is_zero(&delta->logoff_time)) { - unix_time = nt_time_to_unix(&delta->logoff_time); + unix_time = nt_time_to_unix(delta->logoff_time); stored_time = pdb_get_logoff_time(account); if (stored_time != unix_time) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); @@ -463,7 +424,7 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED); if (!nt_time_is_zero(&delta->pwd_last_set_time)) { - unix_time = nt_time_to_unix(&delta->pwd_last_set_time); + unix_time = nt_time_to_unix(delta->pwd_last_set_time); stored_time = pdb_get_pass_last_set_time(account); if (stored_time != unix_time) pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); @@ -1632,7 +1593,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - unix_time = nt_time_to_unix(&(delta->account_info.pwd_last_set_time)); + unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time); /* The nobody user is entered by populate_ldap_for_ldif */ if (strcmp(username, "nobody") == 0) { -- cgit From a3e1f7e44d2d6a5ef801badc189b3dcf19dc72d9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 20 Sep 2006 00:15:50 +0000 Subject: r18703: Fix the annoying effect that happens when nscd is running: We usually do not get the results from user/group script modifications immediately. A lot of users do add nscd restart/refresh commands into their scripts to workaround that while we could flush the nscd caches directly using libnscd. Guenther (This used to be commit 7db6ce295afbedfada7b207ad56566d2195a0d21) --- source3/utils/net_rpc_samsync.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 0b54a6c97f..1337c11eca 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -508,6 +508,9 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); + if (add_ret == 0) { + smb_nscd_flush_user_cache(); + } } /* try and find the possible unix account again */ -- cgit From 2395cd57f8920bdde3a0c71eeb945d10c621bbbe Mon Sep 17 00:00:00 2001 From: Jim McDonough Date: Fri, 6 Oct 2006 20:09:10 +0000 Subject: r19158: Remove root and nobody users from ldif, from Björn Jacke (This used to be commit 17880d6cadbb0b1b428430c26bb4b4545eb834ff) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- source3/utils/net_rpc_samsync.c | 64 +---------------------------------------- 1 file changed, 1 insertion(+), 63 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 1337c11eca..10b9495332 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -29,7 +29,7 @@ /* uid's and gid's for writing deltas to ldif */ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; -/* Kkeep track of ldap initialization */ +/* Keep track of ldap initialization */ static int init_ldap = 1; static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) @@ -1104,37 +1104,6 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* Write the root entity */ - fprintf(add_fd, "# root, %s, %s\n", user_attr, suffix); - fprintf(add_fd, "dn: uid=root,ou=%s,%s\n", user_attr, suffix); - fprintf(add_fd, "cn: root\n"); - fprintf(add_fd, "sn: root\n"); - fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: sambaSAMAccount\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); - fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "gidNumber: 0\n"); - fprintf(add_fd, "uid: root\n"); - fprintf(add_fd, "uidNumber: 0\n"); - fprintf(add_fd, "homeDirectory: /home/root\n"); - fprintf(add_fd, "sambaPwdLastSet: 0\n"); - fprintf(add_fd, "sambaLogonTime: 0\n"); - fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); - fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); - fprintf(add_fd, "sambaPwdCanChange: 0\n"); - fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); - fprintf(add_fd, "sambaHomePath: \\\\PDC-SRV\\root\n"); - fprintf(add_fd, "sambaHomeDrive: H:\n"); - fprintf(add_fd, "sambaProfilePath: \\\\PDC-SRV\\profiles\\root\n"); - fprintf(add_fd, "sambaprimaryGroupSID: %s-512\n", sid); - fprintf(add_fd, "sambaLMPassword: XXX\n"); - fprintf(add_fd, "sambaNTPassword: XXX\n"); - fprintf(add_fd, "sambaAcctFlags: [U\n"); - fprintf(add_fd, "sambaSID: %s-500\n", sid); - fprintf(add_fd, "loginShell: /bin/false\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - /* Write the domain entity */ fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), @@ -1148,37 +1117,6 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write user nobody entity */ - fprintf(add_fd, "# nobody, %s, %s\n", user_attr, suffix); - fprintf(add_fd, "dn: uid=nobody,ou=%s,%s\n", user_attr, suffix); - fprintf(add_fd, "cn: nobody\n"); - fprintf(add_fd, "sn: nobody\n"); - fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: sambaSAMAccount\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); - fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "gidNumber: 514\n"); - fprintf(add_fd, "uid: nobody\n"); - fprintf(add_fd, "uidNumber: 999\n"); - fprintf(add_fd, "homeDirectory: /nobodyshomedir\n"); - fprintf(add_fd, "sambaPwdLastSet: 0\n"); - fprintf(add_fd, "sambaLogonTime: 0\n"); - fprintf(add_fd, "sambaLogoffTime: 2147483647\n"); - fprintf(add_fd, "sambaKickoffTime: 2147483647\n"); - fprintf(add_fd, "sambaPwdCanChange: 0\n"); - fprintf(add_fd, "sambaPwdMustChange: 2147483647\n"); - fprintf(add_fd, "sambaHomePath: \\\\PDC-SMD3\\homes\\nobody\n"); - fprintf(add_fd, "sambaHomeDrive: H:\n"); - fprintf(add_fd, "sambaProfilePath: \\\\PDC-SMB3\\profiles\\nobody\n"); - fprintf(add_fd, "sambaprimaryGroupSID: %s-514\n", sid); - fprintf(add_fd, "sambaLMPassword: NOPASSWORDXXXXXXXXXXXXXXXXXXXXX\n"); - fprintf(add_fd, "sambaNTPassword: NOPASSWORDXXXXXXXXXXXXXXXXXXXXX\n"); - fprintf(add_fd, "sambaAcctFlags: [NU\n"); - fprintf(add_fd, "sambaSID: %s-2998\n", sid); - fprintf(add_fd, "loginShell: /bin/false\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - /* Write the Domain Admins entity */ fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, suffix); -- cgit From dd813b6b29715742cca336421de40897425adeea Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 29 Nov 2006 06:26:12 +0000 Subject: r19944: Fix from Don Watson -- thanks (This used to be commit c27e48594abecc4e67f3be457a4b942ae7ff4db5) --- source3/utils/net_rpc_samsync.c | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 10b9495332..904e49bbb3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1536,13 +1536,8 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time); - /* The nobody user is entered by populate_ldap_for_ldif */ - if (strcmp(username, "nobody") == 0) { - return NT_STATUS_OK; - } else { - /* Increment the uid for the new user */ - ldif_uid++; - } + /* Increment the uid for the new user */ + ldif_uid++; /* Set up group id and sambaSID for the user */ group_rid = delta->account_info.group_rid; -- cgit From d5e4b3bea8bd6e15539f71eebf5936859123de75 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 2 Dec 2006 09:17:18 +0000 Subject: r20001: Fix bug 4273, thanks to Pascal Terjan (This used to be commit a2f5c929183fb74ad21664c747d04e88a4103505) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 904e49bbb3..3e19a12ac5 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -212,7 +212,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, sync_context, &num_deltas, &hdr_deltas, &deltas); - if (NT_STATUS_IS_ERR(result)) + if (!NT_STATUS_IS_OK(result)) break; for (i = 0; i < num_deltas; i++) { -- cgit From 56a5d05b8b285250bdc0e9cc3c8f3c3d8af80382 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 30 Apr 2007 02:51:26 +0000 Subject: r22590: Make TALLOC_ARRAY consistent across all uses. That should be it.... Jeremy. (This used to be commit 603233a98bbf65467c8b4f04719d771c70b3b4c9) --- source3/utils/net_rpc_samsync.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3e19a12ac5..d8ddff20bc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -670,10 +670,14 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { - DEBUG(0, ("talloc failed\n")); - talloc_free(t); - return NT_STATUS_NO_MEMORY; + if (delta->num_members) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + DEBUG(0, ("talloc failed\n")); + talloc_free(t); + return NT_STATUS_NO_MEMORY; + } + } else { + nt_members = NULL; } for (i=0; inum_members; i++) { -- cgit From d824b98f80ba186030cbb70b3a1e5daf80469ecd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 9 Jul 2007 19:25:36 +0000 Subject: r23779: Change from v2 or later to v3 or later. Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d8ddff20bc..bce1fd8f94 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -10,7 +10,7 @@ This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or + the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, -- cgit From 5e54558c6dea67b56bbfaba5698f3a434d3dffb6 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Tue, 10 Jul 2007 00:52:41 +0000 Subject: r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text (This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07) --- source3/utils/net_rpc_samsync.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bce1fd8f94..0be9381c3a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -19,8 +19,7 @@ GNU General Public License for more details. You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + along with this program. If not, see . */ #include "includes.h" -- cgit From c97fe37ea3d92a631e8da17c21dafae1db15e97b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Sep 2007 14:37:35 +0000 Subject: r25294: Tidy up callers of unistr2_to_ascii() to pass sizeof(target_area) to the maxeln parameter instead of sizeof(target_area) - 1 (or even sizeof(fstring) - 1 in some places. I hope these were really all there were. Michael (This used to be commit 9a28be220df622322857dfe102fa35e108f932dc) --- source3/utils/net_rpc_samsync.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 0be9381c3a..72b7f63cc4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -585,8 +585,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) GROUP_MAP map; BOOL insert = True; - unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)-1); - unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)-1); + unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)); + unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)); /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); @@ -776,8 +776,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, GROUP_MAP map; BOOL insert = True; - unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)-1); - unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)-1); + unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)); + unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)); /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); @@ -839,7 +839,7 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); - unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname) - 1); + unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname)); /* we don't handle BUILTIN account policies */ if (!strequal(domname, get_global_sam_name())) { @@ -1399,7 +1399,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma /* Get the group name */ unistr2_to_ascii(groupname, &(delta->group_info.uni_grp_name), - sizeof(groupname)-1); + sizeof(groupname)); /* Set up the group type (always 2 for group info) */ grouptype = 2; @@ -1470,7 +1470,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Get the username */ unistr2_to_ascii(username, &(delta->account_info.uni_acct_name), - sizeof(username)-1); + sizeof(username)); /* Get the rid */ rid = delta->account_info.user_rid; @@ -1482,7 +1482,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Get the home directory */ if (delta->account_info.acb_info & ACB_NORMAL) { unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), - sizeof(homedir)-1); + sizeof(homedir)); if (!*homedir) { pstr_sprintf(homedir, "/home/%s", username); } else { @@ -1496,27 +1496,27 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Get the logon script */ unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), - sizeof(logonscript)-1); + sizeof(logonscript)); /* Get the home drive */ unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), - sizeof(homedrive)-1); + sizeof(homedrive)); /* Get the home path */ unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir), - sizeof(homepath)-1); + sizeof(homepath)); /* Get the description */ unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), - sizeof(description)-1); + sizeof(description)); /* Get the display name */ unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), - sizeof(fullname)-1); + sizeof(fullname)); /* Get the profile path */ unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile), - sizeof(profilepath)-1); + sizeof(profilepath)); /* Get lm and nt password data */ if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { @@ -1620,11 +1620,11 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* Get the alias name */ unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name), - sizeof(aliasname)-1); + sizeof(aliasname)); /* Get the alias description */ unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc), - sizeof(description)-1); + sizeof(description)); /* Set up the group type */ switch (db_type) { @@ -1895,7 +1895,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, unistr2_to_ascii( domainname, &deltas[k].domain_info.uni_dom_name, - sizeof(domainname)-1); + sizeof(domainname)); break; case SAM_DELTA_GROUP_INFO: -- cgit From 3529156971e17c7ec13f6a6243f7b613e4666cdd Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 28 Sep 2007 03:54:42 +0000 Subject: r25400: Windows 2008 (Longhorn) Interop fixes for AD specific auth2 flags, and client fixes. Patch from Todd Stetcher . (This used to be commit 8304ccba7346597425307e260e88647e49081f68) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 72b7f63cc4..3959015dbb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, -- cgit From 5221ebb299081da6a806362212c6a8ceb9cc70a8 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 28 Sep 2007 18:15:34 +0000 Subject: r25407: Revert Longhorn join patch as it is not correct for the 3.2 tree. The translate_name() used by cli_session_setup_spnego() cann rely Winbindd since it is needed by the join process (and hence before Winbind can be run). (This used to be commit 00a93ed336c5f36643e6e33bd277608eaf05677c) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3959015dbb..72b7f63cc4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, -- cgit From 30191d1a5704ad2b158386b511558972d539ce47 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 18 Oct 2007 17:40:25 -0700 Subject: RIP BOOL. Convert BOOL -> bool. I found a few interesting bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f) --- source3/utils/net_rpc_samsync.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 72b7f63cc4..2b5eac6999 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -583,7 +583,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) DOM_SID group_sid; fstring sid_string; GROUP_MAP map; - BOOL insert = True; + bool insert = True; unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)); unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)); @@ -714,7 +714,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) unix_members = grp->gr_mem; while (*unix_members) { - BOOL is_nt_member = False; + bool is_nt_member = False; for (i=0; inum_members; i++) { if (nt_members[i] == NULL) { /* This was a primary group */ @@ -736,7 +736,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } for (i=0; inum_members; i++) { - BOOL is_unix_member = False; + bool is_unix_member = False; if (nt_members[i] == NULL) { /* This was the primary group */ @@ -774,7 +774,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, DOM_SID alias_sid; fstring sid_string; GROUP_MAP map; - BOOL insert = True; + bool insert = True; unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)); unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)); @@ -1338,7 +1338,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, va_list ap; char *value, *p, *base64; DATA_BLOB base64_blob; - BOOL do_base64 = False; + bool do_base64 = False; int res; va_start(ap, fmt); @@ -1355,7 +1355,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, } if (!do_base64) { - BOOL only_whitespace = True; + bool only_whitespace = True; for (p=value; *p; p++) { /* * I know that this not multibyte safe, but we break -- cgit From 62b97b01561e332d3b566c4f70cc2601e2d7fcac Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 28 Oct 2007 19:15:08 +0100 Subject: Make base64_encode_data_blob return a talloced string (This used to be commit 5f205ab48d8ac3b7af573ea0be1ce095ab835448) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2b5eac6999..3d88a974bf 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -369,7 +369,7 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d if (STRING_CHANGED_NC(old_string, newstr)) pdb_set_munged_dial(account, newstr, PDB_CHANGED); - SAFE_FREE(newstr); + TALLOC_FREE(newstr); } /* User and group sid */ @@ -1385,7 +1385,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); TALLOC_FREE(value); - SAFE_FREE(base64); + TALLOC_FREE(base64); return res; } -- cgit From bb9b75460507af70a321decabcadf5bd2e4c7c9d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 4 Dec 2007 14:02:25 -0800 Subject: Back to pstring removal. Jeremy. (This used to be commit 95842ae4e113e304f652120b250a70a95c66e3bc) --- source3/utils/net_rpc_samsync.c | 39 +++++++++++++++++++++++++++------------ 1 file changed, 27 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3d88a974bf..e5f212af56 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -409,7 +409,7 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d /* Logon Hours */ if (delta->buf_logon_hrs.buffer) { - pstring oldstr, newstr; + char oldstr[44], newstr[44]; pdb_sethexhours(oldstr, pdb_get_hours(account)); pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); if (!strequal(oldstr, newstr)) @@ -470,7 +470,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) { NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; - pstring add_script; + char *add_script = NULL; struct samu *sam_account=NULL; GROUP_MAP map; struct group *grp; @@ -489,21 +489,33 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!(passwd = Get_Pwnam(account))) { /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { - pstrcpy(add_script, lp_adduser_script()); + add_script = talloc_strdup(sam_account, + lp_adduser_script()); } else if ( (delta->acb_info & ACB_WSTRUST) || (delta->acb_info & ACB_SVRTRUST) || (delta->acb_info & ACB_DOMTRUST) ) { - pstrcpy(add_script, lp_addmachine_script()); + add_script = talloc_strdup(sam_account, + lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } + if (!add_script) { + nt_ret = NT_STATUS_NO_MEMORY; + goto done; + } if (*add_script) { int add_ret; - all_string_sub(add_script, "%u", account, - sizeof(account)); + add_script = talloc_all_string_sub(sam_account, + add_script, + "%u", + account); + if (!add_script) { + nt_ret = NT_STATUS_NO_MEMORY; + goto done; + } add_ret = smbrun(add_script,NULL); DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " "gave %d\n", add_script, add_ret)); @@ -511,7 +523,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) smb_nscd_flush_user_cache(); } } - + /* try and find the possible unix account again */ if ( !(passwd = Get_Pwnam(account)) ) { d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); @@ -519,7 +531,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) goto done; } } - + sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, delta->user_rid); @@ -563,7 +575,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); } } - } + } if ( !passwd ) { DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", @@ -831,7 +843,7 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) { time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - pstring domname; + char *domname; u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age); u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age); @@ -839,9 +851,12 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); - unistr2_to_ascii(domname, &delta->uni_dom_name, sizeof(domname)); + domname = unistr2_to_ascii_talloc(talloc_tos(), &delta->uni_dom_name); + if (!domname) { + return NT_STATUS_NO_MEMORY; + } - /* we don't handle BUILTIN account policies */ + /* we don't handle BUILTIN account policies */ if (!strequal(domname, get_global_sam_name())) { printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname); return NT_STATUS_OK; -- cgit From e883c7040b707128b2838938d4576a2cc5cfb400 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 4 Dec 2007 14:31:57 -0800 Subject: Remove pstr_sprintf. Replace with snprintf. Jeremy. (This used to be commit bc9aa722231288c58554c2a48cd659c60bdcba63) --- source3/utils/net_rpc_samsync.c | 118 ++++++++++++++++++++++++---------------- 1 file changed, 72 insertions(+), 46 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e5f212af56..31d989ad37 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1277,67 +1277,91 @@ static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, /* Map the groups created by populate_ldap_for_ldif */ groupmap[0].rid = 512; groupmap[0].gidNumber = 512; - pstr_sprintf(groupmap[0].sambaSID, "%s-512", sid); - pstr_sprintf(groupmap[0].group_dn, "cn=Domain Admins,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[0].sambaSID, sizeof(groupmap[0].sambaSID), + "%s-512", sid); + snprintf(groupmap[0].group_dn, sizeof(groupmap[0].group_dn), + "cn=Domain Admins,ou=%s,%s", + group_attr, suffix); accountmap[0].rid = 512; - pstr_sprintf(accountmap[0].cn, "%s", "Domain Admins"); + snprintf(accountmap[0].cn, sizeof(accountmap[0].cn), + "%s", "Domain Admins"); groupmap[1].rid = 513; groupmap[1].gidNumber = 513; - pstr_sprintf(groupmap[1].sambaSID, "%s-513", sid); - pstr_sprintf(groupmap[1].group_dn, "cn=Domain Users,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[1].sambaSID, sizeof(groupmap[1].sambaSID), + "%s-513", sid); + snprintf(groupmap[1].group_dn, sizeof(groupmap[1].group_dn), + "cn=Domain Users,ou=%s,%s", + group_attr, suffix); accountmap[1].rid = 513; - pstr_sprintf(accountmap[1].cn, "%s", "Domain Users"); + snprintf(accountmap[1].cn, sizeof(accountmap[1].cn), + "%s", "Domain Users"); groupmap[2].rid = 514; groupmap[2].gidNumber = 514; - pstr_sprintf(groupmap[2].sambaSID, "%s-514", sid); - pstr_sprintf(groupmap[2].group_dn, "cn=Domain Guests,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[2].sambaSID, sizeof(groupmap[2].sambaSID), + "%s-514", sid); + snprintf(groupmap[2].group_dn, sizeof(groupmap[2].group_dn), + "cn=Domain Guests,ou=%s,%s", + group_attr, suffix); accountmap[2].rid = 514; - pstr_sprintf(accountmap[2].cn, "%s", "Domain Guests"); + snprintf(accountmap[2].cn, sizeof(accountmap[2].cn), + "%s", "Domain Guests"); groupmap[3].rid = 515; groupmap[3].gidNumber = 515; - pstr_sprintf(groupmap[3].sambaSID, "%s-515", sid); - pstr_sprintf(groupmap[3].group_dn, "cn=Domain Computers,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[3].sambaSID, sizeof(groupmap[3].sambaSID), + "%s-515", sid); + snprintf(groupmap[3].group_dn, sizeof(groupmap[3].group_dn), + "cn=Domain Computers,ou=%s,%s", + group_attr, suffix); accountmap[3].rid = 515; - pstr_sprintf(accountmap[3].cn, "%s", "Domain Computers"); + snprintf(accountmap[3].cn, sizeof(accountmap[3].cn), + "%s", "Domain Computers"); groupmap[4].rid = 544; groupmap[4].gidNumber = 544; - pstr_sprintf(groupmap[4].sambaSID, "%s-544", builtin_sid); - pstr_sprintf(groupmap[4].group_dn, "cn=Administrators,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[4].sambaSID, sizeof(groupmap[4].sambaSID), + "%s-544", builtin_sid); + snprintf(groupmap[4].group_dn, sizeof(groupmap[4].group_dn), + "cn=Administrators,ou=%s,%s", + group_attr, suffix); accountmap[4].rid = 515; - pstr_sprintf(accountmap[4].cn, "%s", "Administrators"); + snprintf(accountmap[4].cn, sizeof(accountmap[4].cn), + "%s", "Administrators"); groupmap[5].rid = 550; groupmap[5].gidNumber = 550; - pstr_sprintf(groupmap[5].sambaSID, "%s-550", builtin_sid); - pstr_sprintf(groupmap[5].group_dn, "cn=Print Operators,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[5].sambaSID, sizeof(groupmap[5].sambaSID), + "%s-550", builtin_sid); + snprintf(groupmap[5].group_dn, sizeof(groupmap[5].group_dn), + "cn=Print Operators,ou=%s,%s", + group_attr, suffix); accountmap[5].rid = 550; - pstr_sprintf(accountmap[5].cn, "%s", "Print Operators"); + snprintf(accountmap[5].cn, sizeof(accountmap[5].cn), + "%s", "Print Operators"); groupmap[6].rid = 551; groupmap[6].gidNumber = 551; - pstr_sprintf(groupmap[6].sambaSID, "%s-551", builtin_sid); - pstr_sprintf(groupmap[6].group_dn, "cn=Backup Operators,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[6].sambaSID, sizeof(groupmap[6].sambaSID), + "%s-551", builtin_sid); + snprintf(groupmap[6].group_dn, sizeof(groupmap[6].group_dn), + "cn=Backup Operators,ou=%s,%s", + group_attr, suffix); accountmap[6].rid = 551; - pstr_sprintf(accountmap[6].cn, "%s", "Backup Operators"); + snprintf(accountmap[6].cn, sizeof(accountmap[6].cn), + "%s", "Backup Operators"); groupmap[7].rid = 552; groupmap[7].gidNumber = 552; - pstr_sprintf(groupmap[7].sambaSID, "%s-552", builtin_sid); - pstr_sprintf(groupmap[7].group_dn, "cn=Replicators,ou=%s,%s", - group_attr, suffix); + snprintf(groupmap[7].sambaSID, sizeof(groupmap[7].sambaSID), + "%s-552", builtin_sid); + snprintf(groupmap[7].group_dn, sizeof(groupmap[7].group_dn), + "cn=Replicators,ou=%s,%s", + group_attr, suffix); accountmap[7].rid = 551; - pstr_sprintf(accountmap[7].cn, "%s", "Replicators"); + snprintf(accountmap[7].cn, sizeof(accountmap[7].cn), + "%s", "Replicators"); SAFE_FREE(group_attr); return NT_STATUS_OK; } @@ -1412,8 +1436,8 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the group name */ - unistr2_to_ascii(groupname, - &(delta->group_info.uni_grp_name), + unistr2_to_ascii(groupname, + &delta->group_info.uni_grp_name, sizeof(groupname)); /* Set up the group type (always 2 for group info) */ @@ -1439,8 +1463,9 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma g_rid = delta->group_info.gid.g_rid; groupmap->rid = g_rid; groupmap->gidNumber = ldif_gid; - pstr_sprintf(groupmap->sambaSID, "%s-%d", sid, g_rid); - pstr_sprintf(groupmap->group_dn, + snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), + "%s-%d", sid, g_rid); + snprintf(groupmap->group_dn, sizeof(groupmap->group_dn), "cn=%s,ou=%s,%s", groupname, group_attr, suffix); /* Write the data to the temporary add ldif file */ @@ -1483,7 +1508,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, int i; /* Get the username */ - unistr2_to_ascii(username, + unistr2_to_ascii(username, &(delta->account_info.uni_acct_name), sizeof(username)); @@ -1492,21 +1517,21 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, /* Map the rid and username for group member info later */ accountmap->rid = rid; - pstr_sprintf(accountmap->cn, "%s", username); + snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username); /* Get the home directory */ if (delta->account_info.acb_info & ACB_NORMAL) { unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), sizeof(homedir)); if (!*homedir) { - pstr_sprintf(homedir, "/home/%s", username); + snprintf(homedir, sizeof(homedir), "/home/%s", username); } else { - pstr_sprintf(homedir, "/nobodyshomedir"); + snprintf(homedir, sizeof(homedir), "/nobodyshomedir"); } ou = lp_ldap_user_suffix(); } else { ou = lp_ldap_machine_suffix(); - pstr_sprintf(homedir, "/machinehomedir"); + snprintf(homedir, sizeof(homedir), "/machinehomedir"); } /* Get the logon script */ @@ -1568,7 +1593,7 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_UNSUCCESSFUL; } gidNumber = groupmap[i].gidNumber; - pstr_sprintf(sambaSID, groupmap[i].sambaSID); + snprintf(sambaSID, sizeof(sambaSID), groupmap[i].sambaSID); /* Set up sambaAcctFlags */ flags = pdb_encode_acct_ctrl(delta->account_info.acb_info, @@ -1677,7 +1702,8 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* Map the group rid and gid */ g_rid = delta->group_info.gid.g_rid; groupmap->gidNumber = ldif_gid; - pstr_sprintf(groupmap->sambaSID, "%s-%d", sid, g_rid); + snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), + "%s-%d", sid, g_rid); /* Write the data to the temporary add ldif file */ fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, @@ -1704,7 +1730,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, SAM_DELTA_HDR *hdr_delta, GROUPMAP *groupmap, - ACCOUNTMAP *accountmap, + ACCOUNTMAP *accountmap, FILE *mod_fd, int alloced) { fstring group_dn; @@ -1718,11 +1744,11 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, if (groupmap[j].rid == group_rid) break; } if (j == alloced){ - DEBUG(1, ("Could not find rid %d in groupmap array\n", + DEBUG(1, ("Could not find rid %d in groupmap array\n", group_rid)); return NT_STATUS_UNSUCCESSFUL; } - pstr_sprintf(group_dn, "%s", groupmap[j].group_dn); + snprintf(group_dn, sizeof(group_dn), "%s", groupmap[j].group_dn); fprintf(mod_fd, "dn: %s\n", group_dn); /* Get the cn for each member */ -- cgit From 7b01537679d4d4f1408634fe63c64c144f9d9519 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 21:53:26 +0100 Subject: Replace sid_string_static with sid_string_tos In utils/ I was a bit lazy... (This used to be commit 60e830b0f4571bd5d9039f2edd199534f2a4c341) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 31d989ad37..d546c83357 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -52,7 +52,7 @@ static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) int i; d_printf("Alias rid %u: ", rid); for (i=0;inum_members;i++) { - d_printf("%s ", sid_string_static(&a->sids[i].sid)); + d_printf("%s ", sid_string_tos(&a->sids[i].sid)); } d_printf("\n"); } @@ -570,7 +570,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", - (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_static(&group_sid))); + (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); } @@ -705,7 +705,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) if (!pdb_getsampwsid(member, &member_sid)) { DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", - delta->rids[i], sid_string_static(&member_sid), grp->gr_name)); + delta->rids[i], sid_string_tos(&member_sid), grp->gr_name)); TALLOC_FREE(member); continue; } -- cgit From 2e07c2ade89f4ff281c61f74cb88e09990cf5f46 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Dec 2007 22:47:30 +0100 Subject: s/sid_to_string/sid_to_fstring/ least surprise for callers (This used to be commit eb523ba77697346a365589101aac379febecd546) --- source3/utils/net_rpc_samsync.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d546c83357..ca3279ee3a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -535,11 +535,13 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, delta->user_rid); - DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_string(sid_string, &user_sid), account)); + DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", + sid_to_fstring(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { sam_account_from_delta(sam_account, delta); DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", - sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); + sid_to_fstring(sid_string, &user_sid), + pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); @@ -548,7 +550,8 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { sam_account_from_delta(sam_account, delta); DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", - sid_to_string(sid_string, &user_sid), pdb_get_username(sam_account))); + sid_to_fstring(sid_string, &user_sid), + pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); @@ -603,7 +606,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); sid_append_rid(&group_sid, rid); - sid_to_string(sid_string, &group_sid); + sid_to_fstring(sid_string, &group_sid); if (pdb_getgrsid(&map, group_sid)) { if ( map.gid != -1 ) @@ -794,7 +797,7 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); sid_append_rid(&alias_sid, rid); - sid_to_string(sid_string, &alias_sid); + sid_to_fstring(sid_string, &alias_sid); if (pdb_getgrsid(&map, alias_sid)) { grp = getgrgid(map.gid); @@ -1838,7 +1841,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } /* Get the sid */ - sid_to_string(sid, &dom_sid); + sid_to_fstring(sid, &dom_sid); /* Get the ldap suffix */ suffix = lp_ldap_suffix(); @@ -2117,10 +2120,10 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, "workgroup=%s\n\n in your smb.conf?\n", domain_name, get_global_sam_name(), - sid_to_string(my_dom_sid_str, - get_global_sam_sid()), - domain_name, sid_to_string(rem_dom_sid_str, - domain_sid), + sid_to_fstring(my_dom_sid_str, + get_global_sam_sid()), + domain_name, sid_to_fstring(rem_dom_sid_str, + domain_sid), domain_name); return NT_STATUS_UNSUCCESSFUL; } -- cgit From e518e19bc0000019f131354f55e9f5b55f6a2c5e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 19 Dec 2007 15:02:59 +0100 Subject: Remove Get_Pwnam and its associated static variable All callers are replaced by Get_Pwnam_alloc (This used to be commit 735f59315497113aebadcf9ad387e3dbfffa284a) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index ca3279ee3a..779006884d 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -486,7 +486,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return NT_STATUS_NO_MEMORY; } - if (!(passwd = Get_Pwnam(account))) { + if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { /* Create appropriate user */ if (delta->acb_info & ACB_NORMAL) { add_script = talloc_strdup(sam_account, @@ -525,7 +525,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } /* try and find the possible unix account again */ - if ( !(passwd = Get_Pwnam(account)) ) { + if ( !(passwd = Get_Pwnam_alloc(sam_account, account)) ) { d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); nt_ret = NT_STATUS_NO_SUCH_USER; goto done; -- cgit From 805caafd44cbc5fff49711b1a15fb64cc99f3ad3 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sat, 19 Jan 2008 02:12:35 +0100 Subject: util_str: Don't return memory from talloc_tos(), use mem_ctx instead. (This used to be commit ab0ee6e9a6a9eee317228f0c2bde254ad9a59b85) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 779006884d..d0fcfe3aeb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -365,7 +365,8 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d old_string = pdb_get_munged_dial(account); mung.length = delta->hdr_parameters.uni_str_len; mung.data = (uint8 *) delta->uni_parameters.buffer; - newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(mung); + newstr = (mung.length == 0) ? NULL : + base64_encode_data_blob(talloc_tos(), mung); if (STRING_CHANGED_NC(old_string, newstr)) pdb_set_munged_dial(account, newstr, PDB_CHANGED); @@ -1422,12 +1423,11 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, base64_blob.data = (unsigned char *)value; base64_blob.length = strlen(value); - base64 = base64_encode_data_blob(base64_blob); + base64 = base64_encode_data_blob(value, base64_blob); SMB_ASSERT(base64 != NULL); res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); TALLOC_FREE(value); - TALLOC_FREE(base64); return res; } -- cgit From 691c4b1a4175e3d4a073c396a2a7d8d315cd42bd Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Thu, 17 Jan 2008 10:11:11 +0100 Subject: Windows 2008 (Longhorn) auth2 flag fixes. Interop fixes for AD specific flags. Original patch from Todd Stetcher. (This used to be commit 5aadfcdaacd6f136eab9e107a88b8544e6d2105f) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d0fcfe3aeb..e1f0cd3751 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -237,7 +237,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_AUTH2_FLAGS; + uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, -- cgit From b7f483e6bda197d62a1432629b62bd9f834df42b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 15 Feb 2008 14:13:11 +0100 Subject: Convert "net rpc vampire/samdump" to pidl generated functions. Guenther (This used to be commit f53393677d2c4b5ca117eed3ed660fafc4c650da) --- source3/utils/net_rpc_samsync.c | 944 +++++++++++++++++++++++----------------- 1 file changed, 556 insertions(+), 388 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e1f0cd3751..569bbea857 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. dump the remote SAM using rpc samsync operations @@ -12,12 +12,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -31,57 +31,62 @@ static uint32 ldif_uid = 999; /* Keep track of ldap initialization */ static int init_ldap = 1; -static void display_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *g) +static void display_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; d_printf("Group mem %u: ", rid); - for (i=0;inum_members;i++) { - d_printf("%u ", g->rids[i]); + for (i=0; i< r->num_rids; i++) { + d_printf("%u ", r->rids[i]); } d_printf("\n"); } -static void display_alias_info(uint32 rid, SAM_ALIAS_INFO *a) +static void display_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r) { - d_printf("Alias '%s' ", unistr2_static(&a->uni_als_name)); - d_printf("desc='%s' rid=%u\n", unistr2_static(&a->uni_als_desc), a->als_rid); + d_printf("Alias '%s' ", r->alias_name.string); + d_printf("desc='%s' rid=%u\n", r->description.string, r->rid); } -static void display_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *a) +static void display_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r) { int i; d_printf("Alias rid %u: ", rid); - for (i=0;inum_members;i++) { - d_printf("%s ", sid_string_tos(&a->sids[i].sid)); + for (i=0; i< r->sids.num_sids; i++) { + d_printf("%s ", sid_string_tos(r->sids.sids[i].sid)); } d_printf("\n"); } -static void display_account_info(uint32 rid, SAM_ACCOUNT_INFO *a) +static void display_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { fstring hex_nt_passwd, hex_lm_passwd; uchar lm_passwd[16], nt_passwd[16]; static uchar zero_buf[16]; /* Decode hashes from password hash (if they are not NULL) */ - - if (memcmp(a->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_lm_pwd, lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, a->acb_info); + + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(a->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(a->user_rid, a->pass.buf_nt_pwd, nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, a->acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - - printf("%s:%d:%s:%s:%s:LCT-0\n", unistr2_static(&a->uni_acct_name), - a->user_rid, hex_lm_passwd, hex_nt_passwd, - pdb_encode_acct_ctrl(a->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN)); + + printf("%s:%d:%s:%s:%s:LCT-0\n", + r->account_name.string, + r->rid, hex_lm_passwd, hex_nt_passwd, + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) @@ -91,102 +96,201 @@ static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) return nt_time_to_unix_abs(&nttime); } -static void display_domain_info(SAM_DOMAIN_INFO *a) +static void display_domain_info(struct netr_DELTA_DOMAIN *r) { time_t u_logout; - u_logout = uint64s_nt_time_to_unix_abs(&a->force_logoff); + u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); - d_printf("Domain name: %s\n", unistr2_static(&a->uni_dom_name)); + d_printf("Domain name: %s\n", r->domain_name.string); - d_printf("Minimal Password Length: %d\n", a->min_pwd_len); - d_printf("Password History Length: %d\n", a->pwd_history_len); + d_printf("Minimal Password Length: %d\n", r->min_password_length); + d_printf("Password History Length: %d\n", r->password_history_length); d_printf("Force Logoff: %d\n", (int)u_logout); - d_printf("Max Password Age: %s\n", display_time(a->max_pwd_age)); - d_printf("Min Password Age: %s\n", display_time(a->min_pwd_age)); + d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); + d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); +#if 0 + /* FIXME - gd */ d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration)); d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count)); - d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); - d_printf("User must logon to change password: %d\n", a->logon_chgpass); +#endif + d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); } -static void display_group_info(uint32 rid, SAM_GROUP_INFO *a) +static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) { - d_printf("Group '%s' ", unistr2_static(&a->uni_grp_name)); - d_printf("desc='%s', rid=%u\n", unistr2_static(&a->uni_grp_desc), rid); + d_printf("Group '%s' ", r->group_name.string); + d_printf("desc='%s', rid=%u\n", r->description.string, rid); } -static void display_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta) +static void display_sam_entry(struct netr_DELTA_ENUM *r) { - switch (hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - display_account_info(hdr_delta->target_rid, &delta->account_info); + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + display_domain_info(u.domain); + break; + case NETR_DELTA_GROUP: + display_group_info(id.rid, u.group); + break; +#if 0 + case NETR_DELTA_DELETE_GROUP: + printf("Delete Group: %d\n", + u.delete_account.unknown); + break; + case NETR_DELTA_RENAME_GROUP: + printf("Rename Group: %s -> %s\n", + u.rename_group->OldName.string, + u.rename_group->NewName.string); + break; +#endif + case NETR_DELTA_USER: + display_account_info(id.rid, u.user); + break; +#if 0 + case NETR_DELTA_DELETE_USER: + printf("Delete User: %d\n", + id.rid); + break; + case NETR_DELTA_RENAME_USER: + printf("Rename user: %s -> %s\n", + u.rename_user->OldName.string, + u.rename_user->NewName.string); + break; +#endif + case NETR_DELTA_GROUP_MEMBER: + display_group_mem_info(id.rid, u.group_member); + break; + case NETR_DELTA_ALIAS: + display_alias_info(id.rid, u.alias); + break; +#if 0 + case NETR_DELTA_DELETE_ALIAS: + printf("Delete Alias: %d\n", + id.rid); + break; + case NETR_DELTA_RENAME_ALIAS: + printf("Rename alias: %s -> %s\n", + u.rename_alias->OldName.string, + u.rename_alias->NewName.string); + break; +#endif + case NETR_DELTA_ALIAS_MEMBER: + display_alias_mem(id.rid, u.alias_member); + break; +#if 0 + case NETR_DELTA_POLICY: + printf("Policy\n"); + break; + case NETR_DELTA_TRUSTED_DOMAIN: + printf("Trusted Domain: %s\n", + u.trusted_domain->domain_name.string); + break; + case NETR_DELTA_DELETE_TRUST: + printf("Delete Trust: %d\n", + u.delete_trust.unknown); + break; + case NETR_DELTA_ACCOUNT: + printf("Account\n"); + break; + case NETR_DELTA_DELETE_ACCOUNT: + printf("Delete Account: %d\n", + u.delete_account.unknown); break; - case SAM_DELTA_GROUP_MEM: - display_group_mem_info(hdr_delta->target_rid, &delta->grp_mem_info); + case NETR_DELTA_SECRET: + printf("Secret\n"); break; - case SAM_DELTA_ALIAS_INFO: - display_alias_info(hdr_delta->target_rid, &delta->alias_info); + case NETR_DELTA_DELETE_SECRET: + printf("Delete Secret: %d\n", + u.delete_secret.unknown); + break; + case NETR_DELTA_DELETE_GROUP2: + printf("Delete Group2: %s\n", + u.delete_group->account_name); + break; + case NETR_DELTA_DELETE_USER2: + printf("Delete User2: %s\n", + u.delete_user->account_name); + break; + case NETR_DELTA_MODIFY_COUNT: + printf("sam sequence update: 0x%016llx\n", + (unsigned long long) *u.modified_count); + break; +#endif + /* The following types are recognised but not handled */ + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); break; - case SAM_DELTA_ALIAS_MEM: - display_alias_mem(hdr_delta->target_rid, &delta->als_mem_info); + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); break; - case SAM_DELTA_DOMAIN_INFO: - display_domain_info(&delta->domain_info); + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); break; - case SAM_DELTA_GROUP_INFO: - display_group_info(hdr_delta->target_rid, &delta->group_info); + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); break; - /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + printf("unknown delta type 0x%02x\n", + r->delta_type); break; } } static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("dump_database"))) { return; @@ -208,29 +312,52 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, db_type, - sync_context, - &num_deltas, &hdr_deltas, &deltas); - if (!NT_STATUS_IS_OK(result)) + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return; + } + + if (NT_STATUS_IS_ERR(result)) { break; + } - for (i = 0; i < num_deltas; i++) { - display_sam_entry(&hdr_deltas[i], &deltas[i]); + /* Display results */ + for (i = 0; i < delta_enum_array->num_deltas; i++) { + display_sam_entry(&delta_enum_array->delta_enum[i]); } - sync_context += 1; + + TALLOC_FREE(delta_enum_array); + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); } /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { #if 0 /* net_rpc.c now always tries to create an schannel pipe.. */ @@ -277,7 +404,8 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, (!(s1) && (s2)) ||\ ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) -static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *delta) +static NTSTATUS sam_account_from_delta(struct samu *account, + struct netr_DELTA_USER *r) { const char *old_string, *new_string; time_t unix_time, stored_time; @@ -287,15 +415,14 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d /* Username, fullname, home dir, dir drive, logon script, acct desc, workstations, profile. */ - if (delta->hdr_acct_name.buffer) { + if (r->account_name.string) { old_string = pdb_get_nt_username(account); - new_string = unistr2_static(&delta->uni_acct_name); + new_string = r->account_name.string; if (STRING_CHANGED) { pdb_set_nt_username(account, new_string, PDB_CHANGED); - } - + /* Unix username is the same - for sanity */ old_string = pdb_get_username( account ); if (STRING_CHANGED) { @@ -303,68 +430,68 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } } - if (delta->hdr_full_name.buffer) { + if (r->full_name.string) { old_string = pdb_get_fullname(account); - new_string = unistr2_static(&delta->uni_full_name); + new_string = r->full_name.string; if (STRING_CHANGED) pdb_set_fullname(account, new_string, PDB_CHANGED); } - if (delta->hdr_home_dir.buffer) { + if (r->home_directory.string) { old_string = pdb_get_homedir(account); - new_string = unistr2_static(&delta->uni_home_dir); + new_string = r->home_directory.string; if (STRING_CHANGED) pdb_set_homedir(account, new_string, PDB_CHANGED); } - if (delta->hdr_dir_drive.buffer) { + if (r->home_drive.string) { old_string = pdb_get_dir_drive(account); - new_string = unistr2_static(&delta->uni_dir_drive); + new_string = r->home_drive.string; if (STRING_CHANGED) pdb_set_dir_drive(account, new_string, PDB_CHANGED); } - if (delta->hdr_logon_script.buffer) { + if (r->logon_script.string) { old_string = pdb_get_logon_script(account); - new_string = unistr2_static(&delta->uni_logon_script); + new_string = r->logon_script.string; if (STRING_CHANGED) pdb_set_logon_script(account, new_string, PDB_CHANGED); } - if (delta->hdr_acct_desc.buffer) { + if (r->description.string) { old_string = pdb_get_acct_desc(account); - new_string = unistr2_static(&delta->uni_acct_desc); + new_string = r->description.string; if (STRING_CHANGED) pdb_set_acct_desc(account, new_string, PDB_CHANGED); } - if (delta->hdr_workstations.buffer) { + if (r->workstations.string) { old_string = pdb_get_workstations(account); - new_string = unistr2_static(&delta->uni_workstations); + new_string = r->workstations.string; if (STRING_CHANGED) pdb_set_workstations(account, new_string, PDB_CHANGED); } - if (delta->hdr_profile.buffer) { + if (r->profile_path.string) { old_string = pdb_get_profile_path(account); - new_string = unistr2_static(&delta->uni_profile); + new_string = r->profile_path.string; if (STRING_CHANGED) pdb_set_profile_path(account, new_string, PDB_CHANGED); } - if (delta->hdr_parameters.buffer) { + if (r->parameters.string) { DATA_BLOB mung; char *newstr; old_string = pdb_get_munged_dial(account); - mung.length = delta->hdr_parameters.uni_str_len; - mung.data = (uint8 *) delta->uni_parameters.buffer; + mung.length = r->parameters.length; + mung.data = (uint8 *) r->parameters.string; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); @@ -374,57 +501,59 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d } /* User and group sid */ - if (pdb_get_user_rid(account) != delta->user_rid) - pdb_set_user_sid_from_rid(account, delta->user_rid, PDB_CHANGED); - if (pdb_get_group_rid(account) != delta->group_rid) - pdb_set_group_sid_from_rid(account, delta->group_rid, PDB_CHANGED); + if (pdb_get_user_rid(account) != r->rid) + pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED); + if (pdb_get_group_rid(account) != r->primary_gid) + pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED); /* Logon and password information */ - if (!nt_time_is_zero(&delta->logon_time)) { - unix_time = nt_time_to_unix(delta->logon_time); + if (!nt_time_is_zero(&r->last_logon)) { + unix_time = nt_time_to_unix(r->last_logon); stored_time = pdb_get_logon_time(account); if (stored_time != unix_time) pdb_set_logon_time(account, unix_time, PDB_CHANGED); } - if (!nt_time_is_zero(&delta->logoff_time)) { - unix_time = nt_time_to_unix(delta->logoff_time); + if (!nt_time_is_zero(&r->last_logoff)) { + unix_time = nt_time_to_unix(r->last_logoff); stored_time = pdb_get_logoff_time(account); if (stored_time != unix_time) pdb_set_logoff_time(account, unix_time,PDB_CHANGED); } /* Logon Divs */ - if (pdb_get_logon_divs(account) != delta->logon_divs) - pdb_set_logon_divs(account, delta->logon_divs, PDB_CHANGED); + if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week) + pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED); +#if 0 + /* no idea what to do with this one - gd */ /* Max Logon Hours */ if (delta->unknown1 != pdb_get_unknown_6(account)) { pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); } - +#endif /* Logon Hours Len */ - if (delta->buf_logon_hrs.buf_len != pdb_get_hours_len(account)) { - pdb_set_hours_len(account, delta->buf_logon_hrs.buf_len, PDB_CHANGED); + if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) { + pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED); } /* Logon Hours */ - if (delta->buf_logon_hrs.buffer) { + if (r->logon_hours.bits) { char oldstr[44], newstr[44]; pdb_sethexhours(oldstr, pdb_get_hours(account)); - pdb_sethexhours(newstr, delta->buf_logon_hrs.buffer); + pdb_sethexhours(newstr, r->logon_hours.bits); if (!strequal(oldstr, newstr)) - pdb_set_hours(account, (const uint8 *)delta->buf_logon_hrs.buffer, PDB_CHANGED); + pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED); } - if (pdb_get_bad_password_count(account) != delta->bad_pwd_count) - pdb_set_bad_password_count(account, delta->bad_pwd_count, PDB_CHANGED); + if (pdb_get_bad_password_count(account) != r->bad_password_count) + pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED); - if (pdb_get_logon_count(account) != delta->logon_count) - pdb_set_logon_count(account, delta->logon_count, PDB_CHANGED); + if (pdb_get_logon_count(account) != r->logon_count) + pdb_set_logon_count(account, r->logon_count, PDB_CHANGED); - if (!nt_time_is_zero(&delta->pwd_last_set_time)) { - unix_time = nt_time_to_unix(delta->pwd_last_set_time); + if (!nt_time_is_zero(&r->last_password_change)) { + unix_time = nt_time_to_unix(r->last_password_change); stored_time = pdb_get_pass_last_set_time(account); if (stored_time != unix_time) pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); @@ -433,42 +562,41 @@ static NTSTATUS sam_account_from_delta(struct samu *account, SAM_ACCOUNT_INFO *d pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); } -#if 0 -/* No kickoff time in the delta? */ - if (!nt_time_is_zero(&delta->kickoff_time)) { - unix_time = nt_time_to_unix(&delta->kickoff_time); + if (!nt_time_is_zero(&r->acct_expiry)) { + unix_time = nt_time_to_unix(r->acct_expiry); stored_time = pdb_get_kickoff_time(account); if (stored_time != unix_time) pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); } -#endif - /* Decode hashes from password hash - Note that win2000 may send us all zeros for the hashes if it doesn't + /* Decode hashes from password hash + Note that win2000 may send us all zeros for the hashes if it doesn't think this channel is secure enough - don't set the passwords at all in that case */ - if (memcmp(delta->pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_lm_pwd, lm_passwd, 0); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); } - if (memcmp(delta->pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->user_rid, delta->pass.buf_nt_pwd, nt_passwd, 0); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); } /* TODO: account expiry time */ - pdb_set_acct_ctrl(account, delta->acb_info, PDB_CHANGED); + pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED); pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); return NT_STATUS_OK; } -static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) +static NTSTATUS fetch_account_info(uint32_t rid, + struct netr_DELTA_USER *r) { + NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; fstring account; char *add_script = NULL; @@ -480,7 +608,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) struct passwd *passwd; fstring sid_string; - fstrcpy(account, unistr2_static(&delta->uni_acct_name)); + fstrcpy(account, r->account_name.string); d_printf("Creating account: %s\n", account); if ( !(sam_account = samu_new( NULL )) ) { @@ -489,17 +617,17 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { /* Create appropriate user */ - if (delta->acb_info & ACB_NORMAL) { + if (r->acct_flags & ACB_NORMAL) { add_script = talloc_strdup(sam_account, lp_adduser_script()); - } else if ( (delta->acb_info & ACB_WSTRUST) || - (delta->acb_info & ACB_SVRTRUST) || - (delta->acb_info & ACB_DOMTRUST) ) { + } else if ( (r->acct_flags & ACB_WSTRUST) || + (r->acct_flags & ACB_SVRTRUST) || + (r->acct_flags & ACB_DOMTRUST) ) { add_script = talloc_strdup(sam_account, lp_addmachine_script()); } else { DEBUG(1, ("Unknown user type: %s\n", - pdb_encode_acct_ctrl(delta->acb_info, NEW_PW_FORMAT_SPACE_PADDED_LEN))); + pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN))); nt_ret = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -534,30 +662,30 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } sid_copy(&user_sid, get_global_sam_sid()); - sid_append_rid(&user_sid, delta->user_rid); + sid_append_rid(&user_sid, r->rid); DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), account)); if (!pdb_getsampwsid(sam_account, &user_sid)) { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", account)); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } else { - sam_account_from_delta(sam_account, delta); - DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", + sam_account_from_delta(sam_account, r); + DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", sid_to_fstring(sid_string, &user_sid), pdb_get_username(sam_account))); if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", account)); TALLOC_FREE(sam_account); - return NT_STATUS_ACCESS_DENIED; + return NT_STATUS_ACCESS_DENIED; } } @@ -573,7 +701,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } else { if (map.gid != passwd->pw_gid) { if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", + DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); } else { smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); @@ -582,7 +710,7 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) } if ( !passwd ) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", + DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", pdb_get_username(sam_account))); } @@ -591,7 +719,8 @@ static NTSTATUS fetch_account_info(uint32 rid, SAM_ACCOUNT_INFO *delta) return nt_ret; } -static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) +static NTSTATUS fetch_group_info(uint32_t rid, + struct netr_DELTA_GROUP *r) { fstring name; fstring comment; @@ -601,8 +730,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_grp_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_grp_desc, sizeof(comment)); + fstrcpy(name, r->group_name.string); + fstrcpy(comment, r->description.string); /* add the group to the mapping table */ sid_copy(&group_sid, get_global_sam_sid()); @@ -620,14 +749,14 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) /* No group found from mapping, find it from its name. */ if ((grp = getgrnam(name)) == NULL) { - + /* No appropriate group found, create one */ - + d_printf("Creating unix group: '%s'\n", name); - + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; - + if ((grp = getgrnam(name)) == NULL) return NT_STATUS_ACCESS_DENIED; } @@ -637,7 +766,7 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) map.sid = group_sid; map.sid_name_use = SID_NAME_DOM_GRP; fstrcpy(map.nt_name, name); - if (delta->hdr_grp_desc.buffer) { + if (r->description.string) { fstrcpy(map.comment, comment); } else { fstrcpy(map.comment, ""); @@ -651,7 +780,8 @@ static NTSTATUS fetch_group_info(uint32 rid, SAM_GROUP_INFO *delta) return NT_STATUS_OK; } -static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) +static NTSTATUS fetch_group_mem_info(uint32_t rid, + struct netr_DELTA_GROUP_MEMBER *r) { int i; TALLOC_CTX *t = NULL; @@ -661,7 +791,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) GROUP_MAP map; struct group *grp; - if (delta->num_members == 0) { + if (r->num_rids == 0) { return NT_STATUS_OK; } @@ -685,8 +815,8 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) return NT_STATUS_NO_MEMORY; } - if (delta->num_members) { - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, delta->num_members)) == NULL) { + if (r->num_rids) { + if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) { DEBUG(0, ("talloc failed\n")); talloc_free(t); return NT_STATUS_NO_MEMORY; @@ -695,7 +825,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) nt_members = NULL; } - for (i=0; inum_members; i++) { + for (i=0; i < r->num_rids; i++) { struct samu *member = NULL; DOM_SID member_sid; @@ -705,11 +835,11 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) } sid_copy(&member_sid, get_global_sam_sid()); - sid_append_rid(&member_sid, delta->rids[i]); + sid_append_rid(&member_sid, r->rids[i]); if (!pdb_getsampwsid(member, &member_sid)) { DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", - delta->rids[i], sid_string_tos(&member_sid), grp->gr_name)); + r->rids[i], sid_string_tos(&member_sid), grp->gr_name)); TALLOC_FREE(member); continue; } @@ -719,7 +849,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) TALLOC_FREE(member); continue; } - + d_printf("%s,", pdb_get_username(member)); nt_members[i] = talloc_strdup(t, pdb_get_username(member)); TALLOC_FREE(member); @@ -731,7 +861,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) while (*unix_members) { bool is_nt_member = False; - for (i=0; inum_members; i++) { + for (i=0; i < r->num_rids; i++) { if (nt_members[i] == NULL) { /* This was a primary group */ continue; @@ -751,7 +881,7 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) unix_members += 1; } - for (i=0; inum_members; i++) { + for (i=0; i < r->num_rids; i++) { bool is_unix_member = False; if (nt_members[i] == NULL) { @@ -776,12 +906,13 @@ static NTSTATUS fetch_group_mem_info(uint32 rid, SAM_GROUP_MEM_INFO *delta) smb_add_user_group(grp->gr_name, nt_members[i]); } } - + talloc_destroy(t); return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, +static NTSTATUS fetch_alias_info(uint32_t rid, + struct netr_DELTA_ALIAS *r, DOM_SID dom_sid) { fstring name; @@ -792,8 +923,8 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, GROUP_MAP map; bool insert = True; - unistr2_to_ascii(name, &delta->uni_als_name, sizeof(name)); - unistr2_to_ascii(comment, &delta->uni_als_desc, sizeof(comment)); + fstrcpy(name, r->alias_name.string); + fstrcpy(comment, r->description.string); /* Find out whether the group is already mapped */ sid_copy(&alias_sid, &dom_sid); @@ -838,24 +969,29 @@ static NTSTATUS fetch_alias_info(uint32 rid, SAM_ALIAS_INFO *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_mem(uint32 rid, SAM_ALIAS_MEM_INFO *delta, DOM_SID dom_sid) +static NTSTATUS fetch_alias_mem(uint32_t rid, + struct netr_DELTA_ALIAS_MEMBER *r, + DOM_SID dom_sid) { return NT_STATUS_OK; } -static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) +static NTSTATUS fetch_domain_info(uint32_t rid, + struct netr_DELTA_DOMAIN *r) { time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char *domname; + const char *domname; - u_max_age = uint64s_nt_time_to_unix_abs(&delta->max_pwd_age); - u_min_age = uint64s_nt_time_to_unix_abs(&delta->min_pwd_age); - u_logout = uint64s_nt_time_to_unix_abs(&delta->force_logoff); + u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); + u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); + u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); +#if 0 + /* FIXME: gd */ u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); - - domname = unistr2_to_ascii_talloc(talloc_tos(), &delta->uni_dom_name); +#endif + domname = r->domain_name.string; if (!domname) { return NT_STATUS_NO_MEMORY; } @@ -867,10 +1003,12 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) } - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, delta->pwd_history_len)) + if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, + r->password_history_length)) return nt_status; - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, delta->min_pwd_len)) + if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, + r->min_password_length)) return nt_status; if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) @@ -881,9 +1019,11 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; - +#if 0 +/* FIXME: gd */ if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; +#endif if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; @@ -894,87 +1034,109 @@ static NTSTATUS fetch_domain_info(uint32 rid, SAM_DOMAIN_INFO *delta) if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, delta->logon_chgpass)) + if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, + r->logon_to_chgpass)) return nt_status; return NT_STATUS_OK; } - -static void fetch_sam_entry(SAM_DELTA_HDR *hdr_delta, SAM_DELTA_CTR *delta, - DOM_SID dom_sid) +static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid) { - switch(hdr_delta->type) { - case SAM_DELTA_ACCOUNT_INFO: - fetch_account_info(hdr_delta->target_rid, - &delta->account_info); + switch(r->delta_type) { + case NETR_DELTA_USER: + fetch_account_info(r->delta_id_union.rid, + r->delta_union.user); break; - case SAM_DELTA_GROUP_INFO: - fetch_group_info(hdr_delta->target_rid, - &delta->group_info); + case NETR_DELTA_GROUP: + fetch_group_info(r->delta_id_union.rid, + r->delta_union.group); break; - case SAM_DELTA_GROUP_MEM: - fetch_group_mem_info(hdr_delta->target_rid, - &delta->grp_mem_info); + case NETR_DELTA_GROUP_MEMBER: + fetch_group_mem_info(r->delta_id_union.rid, + r->delta_union.group_member); break; - case SAM_DELTA_ALIAS_INFO: - fetch_alias_info(hdr_delta->target_rid, - &delta->alias_info, dom_sid); + case NETR_DELTA_ALIAS: + fetch_alias_info(r->delta_id_union.rid, + r->delta_union.alias, + dom_sid); break; - case SAM_DELTA_ALIAS_MEM: - fetch_alias_mem(hdr_delta->target_rid, - &delta->als_mem_info, dom_sid); + case NETR_DELTA_ALIAS_MEMBER: + fetch_alias_mem(r->delta_id_union.rid, + r->delta_union.alias_member, + dom_sid); break; - case SAM_DELTA_DOMAIN_INFO: - fetch_domain_info(hdr_delta->target_rid, - &delta->domain_info); + case NETR_DELTA_DOMAIN: + fetch_domain_info(r->delta_id_union.rid, + r->delta_union.domain); break; /* The following types are recognised but not handled */ - case SAM_DELTA_RENAME_GROUP: - d_printf("SAM_DELTA_RENAME_GROUP not handled\n"); + case NETR_DELTA_RENAME_GROUP: + d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); + break; + case NETR_DELTA_RENAME_USER: + d_printf("NETR_DELTA_RENAME_USER not handled\n"); + break; + case NETR_DELTA_RENAME_ALIAS: + d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); + break; + case NETR_DELTA_POLICY: + d_printf("NETR_DELTA_POLICY not handled\n"); break; - case SAM_DELTA_RENAME_USER: - d_printf("SAM_DELTA_RENAME_USER not handled\n"); + case NETR_DELTA_TRUSTED_DOMAIN: + d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); break; - case SAM_DELTA_RENAME_ALIAS: - d_printf("SAM_DELTA_RENAME_ALIAS not handled\n"); + case NETR_DELTA_ACCOUNT: + d_printf("NETR_DELTA_ACCOUNT not handled\n"); break; - case SAM_DELTA_POLICY_INFO: - d_printf("SAM_DELTA_POLICY_INFO not handled\n"); + case NETR_DELTA_SECRET: + d_printf("NETR_DELTA_SECRET not handled\n"); break; - case SAM_DELTA_TRUST_DOMS: - d_printf("SAM_DELTA_TRUST_DOMS not handled\n"); + case NETR_DELTA_DELETE_GROUP: + d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); break; - case SAM_DELTA_PRIVS_INFO: - d_printf("SAM_DELTA_PRIVS_INFO not handled\n"); + case NETR_DELTA_DELETE_USER: + d_printf("NETR_DELTA_DELETE_USER not handled\n"); break; - case SAM_DELTA_SECRET_INFO: - d_printf("SAM_DELTA_SECRET_INFO not handled\n"); + case NETR_DELTA_MODIFY_COUNT: + d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case SAM_DELTA_DELETE_GROUP: - d_printf("SAM_DELTA_DELETE_GROUP not handled\n"); + case NETR_DELTA_DELETE_ALIAS: + d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); break; - case SAM_DELTA_DELETE_USER: - d_printf("SAM_DELTA_DELETE_USER not handled\n"); + case NETR_DELTA_DELETE_TRUST: + d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; - case SAM_DELTA_MODIFIED_COUNT: - d_printf("SAM_DELTA_MODIFIED_COUNT not handled\n"); + case NETR_DELTA_DELETE_ACCOUNT: + d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); + break; + case NETR_DELTA_DELETE_SECRET: + d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); + break; + case NETR_DELTA_DELETE_GROUP2: + d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); + break; + case NETR_DELTA_DELETE_USER2: + d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; default: - d_printf("Unknown delta record type %d\n", hdr_delta->type); + d_printf("Unknown delta record type %d\n", r->delta_type); break; } } static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid) { - uint32 sync_context = 0; NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas; - SAM_DELTA_CTR *deltas; - uint32 num_deltas; + const char *logon_server = pipe_hnd->cli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; if (!(mem_ctx = talloc_init("fetch_database"))) return NT_STATUS_NO_MEMORY; @@ -995,20 +1157,36 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, - &hdr_deltas, &deltas); - - if (NT_STATUS_IS_OK(result) || - NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - for (i = 0; i < num_deltas; i++) { - fetch_sam_entry(&hdr_deltas[i], &deltas[i], dom_sid); - } - } else - return result; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + if (NT_STATUS_IS_ERR(result)) { + break; + } + + for (i = 0; i < delta_enum_array->num_deltas; i++) { + fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid); + } - sync_context += 1; } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); @@ -1016,7 +1194,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, return result; } -static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char +static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char *builtin_sid, FILE *add_fd) { const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; @@ -1048,7 +1226,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(suffix_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Users entity */ if (*user_suffix && strcmp(user_suffix, suffix)) { user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); @@ -1067,7 +1245,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch SAFE_FREE(user_attr); return NT_STATUS_NO_MEMORY; } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Groups entity */ if (*group_suffix && strcmp(group_suffix, suffix)) { group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1079,7 +1257,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the Computers entity */ machine_suffix = lp_ldap_machine_suffix(); if (machine_suffix == NULL) { @@ -1103,7 +1281,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fflush(add_fd); } - /* If it exists and is distinct from other containers, + /* If it exists and is distinct from other containers, Write the IdMap entity */ idmap_suffix = lp_ldap_idmap_suffix(); if (idmap_suffix == NULL) { @@ -1139,7 +1317,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Admins entity */ + /* Write the Domain Admins entity */ fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, @@ -1156,7 +1334,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Users entity */ + /* Write the Domain Users entity */ fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, @@ -1172,7 +1350,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch fprintf(add_fd, "\n"); fflush(add_fd); - /* Write the Domain Guests entity */ + /* Write the Domain Guests entity */ fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, suffix); fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, @@ -1273,7 +1451,7 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch return NT_STATUS_OK; } -static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, +static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, const char *suffix, const char *builtin_sid) { char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); @@ -1431,7 +1609,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, return res; } -static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupmap, +static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix) { fstring groupname; @@ -1439,9 +1617,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the group name */ - unistr2_to_ascii(groupname, - &delta->group_info.uni_grp_name, - sizeof(groupname)); + fstrcpy(groupname, r->group_name.string); /* Set up the group type (always 2 for group info) */ grouptype = 2; @@ -1463,7 +1639,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma } /* Map the group rid, gid, and dn */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->rid = g_rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), @@ -1491,7 +1667,7 @@ static NTSTATUS fetch_group_info_to_ldif(SAM_DELTA_CTR *delta, GROUPMAP *groupma return NT_STATUS_OK; } -static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, @@ -1511,21 +1687,18 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, int i; /* Get the username */ - unistr2_to_ascii(username, - &(delta->account_info.uni_acct_name), - sizeof(username)); + fstrcpy(username, r->account_name.string); /* Get the rid */ - rid = delta->account_info.user_rid; + rid = r->rid; /* Map the rid and username for group member info later */ accountmap->rid = rid; snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username); /* Get the home directory */ - if (delta->account_info.acb_info & ACB_NORMAL) { - unistr2_to_ascii(homedir, &(delta->account_info.uni_home_dir), - sizeof(homedir)); + if (r->acct_flags & ACB_NORMAL) { + fstrcpy(homedir, r->home_directory.string); if (!*homedir) { snprintf(homedir, sizeof(homedir), "/home/%s", username); } else { @@ -1538,60 +1711,48 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, } /* Get the logon script */ - unistr2_to_ascii(logonscript, &(delta->account_info.uni_logon_script), - sizeof(logonscript)); + fstrcpy(logonscript, r->logon_script.string); /* Get the home drive */ - unistr2_to_ascii(homedrive, &(delta->account_info.uni_dir_drive), - sizeof(homedrive)); + fstrcpy(homedrive, r->home_drive.string); /* Get the home path */ - unistr2_to_ascii(homepath, &(delta->account_info.uni_home_dir), - sizeof(homepath)); + fstrcpy(homepath, r->home_directory.string); /* Get the description */ - unistr2_to_ascii(description, &(delta->account_info.uni_acct_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Get the display name */ - unistr2_to_ascii(fullname, &(delta->account_info.uni_full_name), - sizeof(fullname)); + fstrcpy(fullname, r->full_name.string); /* Get the profile path */ - unistr2_to_ascii(profilepath, &(delta->account_info.uni_profile), - sizeof(profilepath)); + fstrcpy(profilepath, r->profile_path.string); /* Get lm and nt password data */ - if (memcmp(delta->account_info.pass.buf_lm_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_lm_pwd, - lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, - delta->account_info.acb_info); + if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); + pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_lm_passwd, NULL, 0); } - if (memcmp(delta->account_info.pass.buf_nt_pwd, zero_buf, 16) != 0) { - sam_pwd_hash(delta->account_info.user_rid, - delta->account_info.pass.buf_nt_pwd, - nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, - delta->account_info.acb_info); + if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { + sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); + pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); } else { pdb_sethexpwd(hex_nt_passwd, NULL, 0); } - unix_time = nt_time_to_unix(delta->account_info.pwd_last_set_time); + unix_time = nt_time_to_unix(r->last_password_change); /* Increment the uid for the new user */ ldif_uid++; /* Set up group id and sambaSID for the user */ - group_rid = delta->account_info.group_rid; + group_rid = r->primary_gid; for (i=0; iaccount_info.acb_info, + flags = pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN); /* Add the user to the temporary add ldif file */ @@ -1626,8 +1787,8 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); if (*logonscript) fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); - fprintf(add_fd, "loginShell: %s\n", - ((delta->account_info.acb_info & ACB_NORMAL) ? + fprintf(add_fd, "loginShell: %s\n", + ((r->acct_flags & ACB_NORMAL) ? "/bin/bash" : "/bin/false")); fprintf(add_fd, "gecos: System User\n"); if (*description) @@ -1651,10 +1812,10 @@ static NTSTATUS fetch_account_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, +static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, - char *suffix, + char *suffix, unsigned db_type) { fstring aliasname, description; @@ -1662,12 +1823,10 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Get the alias name */ - unistr2_to_ascii(aliasname, &(delta->alias_info.uni_als_name), - sizeof(aliasname)); + fstrcpy(aliasname, r->alias_name.string); /* Get the alias description */ - unistr2_to_ascii(description, &(delta->alias_info.uni_als_desc), - sizeof(description)); + fstrcpy(description, r->description.string); /* Set up the group type */ switch (db_type) { @@ -1684,7 +1843,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, /* These groups are entered by populate_ldap_for_ldif - Note that populate creates a group called Relicators, + Note that populate creates a group called Relicators, but NT returns a group called Replicator */ if (strcmp(aliasname, "Domain Admins") == 0 || @@ -1703,7 +1862,7 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, } /* Map the group rid and gid */ - g_rid = delta->group_info.gid.g_rid; + g_rid = r->rid; groupmap->gidNumber = ldif_gid; snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), "%s-%d", sid, g_rid); @@ -1730,8 +1889,8 @@ static NTSTATUS fetch_alias_info_to_ldif(SAM_DELTA_CTR *delta, return NT_STATUS_OK; } -static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, - SAM_DELTA_HDR *hdr_delta, +static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, + uint32_t id_rid, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *mod_fd, int alloced) @@ -1741,8 +1900,8 @@ static NTSTATUS fetch_groupmem_info_to_ldif(SAM_DELTA_CTR *delta, int i, j, k; /* Get the dn for the group */ - if (delta->grp_mem_info.num_members > 0) { - group_rid = hdr_delta->target_rid; + if (r->num_rids > 0) { + group_rid = id_rid; for (j=0; jgrp_mem_info.num_members; i++) { - rid = delta->grp_mem_info.rids[i]; + for (i=0; i < r->num_rids; i++) { + rid = r->rids[i]; for (k=0; kcli->desthost; + const char *computername = global_myname(); + struct netr_Authenticator credential; + struct netr_Authenticator return_authenticator; + enum netr_SamDatabaseID database_id = db_type; + uint16_t restart_state = 0; + uint32_t sync_context = 0; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -1802,7 +1965,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Set up array for mapping account rid's to cn's */ /* Array element is the account rid */ - ACCOUNTMAP *accountmap = NULL; + ACCOUNTMAP *accountmap = NULL; if (!(mem_ctx = talloc_init("fetch_database"))) { return NT_STATUS_NO_MEMORY; @@ -1838,7 +2001,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1, ("Could not open %s\n", mod_name)); ret = NT_STATUS_UNSUCCESSFUL; goto done; - } + } /* Get the sid */ sid_to_fstring(sid, &dom_sid); @@ -1894,23 +2057,41 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, d_fprintf(stderr, "Fetching PRIVS databases\n"); break; default: - d_fprintf(stderr, - "Fetching unknown database type %u\n", + d_fprintf(stderr, + "Fetching unknown database type %u\n", db_type ); break; } do { - result = rpccli_netlogon_sam_sync(pipe_hnd, mem_ctx, - db_type, sync_context, - &num_deltas, &hdr_deltas, - &deltas); - if (!NT_STATUS_IS_OK(result) && - !NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)) { - ret = NT_STATUS_OK; - goto done; /* is this correct? jmcd */ + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + + netlogon_creds_client_step(pipe_hnd->dc, &credential); + + result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + + /* Check returned credentials. */ + if (!netlogon_creds_client_check(pipe_hnd->dc, + &return_authenticator.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; } + if (NT_STATUS_IS_ERR(result)) { + break; + } + + num_deltas = delta_enum_array->num_deltas; + /* Re-allocate memory for groupmap and accountmap arrays */ groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, num_deltas+num_alloced); @@ -1923,7 +2104,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } /* Initialize the new records */ - memset(&groupmap[num_alloced], 0, + memset(&groupmap[num_alloced], 0, sizeof(GROUPMAP)*num_deltas); memset(&accountmap[num_alloced], 0, sizeof(ACCOUNTMAP)*num_deltas); @@ -1933,73 +2114,60 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Loop through the deltas */ for (k=0; kdelta_enum[k].delta_union; + union netr_DELTA_ID_UNION id = + delta_enum_array->delta_enum[k].delta_id_union; + + switch(delta_enum_array->delta_enum[k].delta_type) { + case NETR_DELTA_DOMAIN: /* Is this case needed? */ - unistr2_to_ascii( - domainname, - &deltas[k].domain_info.uni_dom_name, - sizeof(domainname)); + fstrcpy(domainname, + u.domain->domain_name.string); break; - case SAM_DELTA_GROUP_INFO: + case NETR_DELTA_GROUP: fetch_group_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.group, + &groupmap[g_index], add_file, sid, suffix); g_index++; break; - case SAM_DELTA_ACCOUNT_INFO: + case NETR_DELTA_USER: fetch_account_info_to_ldif( - &deltas[k], groupmap, + u.user, groupmap, &accountmap[a_index], add_file, sid, suffix, num_alloced); a_index++; break; - case SAM_DELTA_ALIAS_INFO: + case NETR_DELTA_ALIAS: fetch_alias_info_to_ldif( - &deltas[k], &groupmap[g_index], + u.alias, &groupmap[g_index], add_file, sid, suffix, db_type); g_index++; break; - case SAM_DELTA_GROUP_MEM: + case NETR_DELTA_GROUP_MEMBER: fetch_groupmem_info_to_ldif( - &deltas[k], &hdr_deltas[k], - groupmap, accountmap, + u.group_member, id.rid, + groupmap, accountmap, mod_file, num_alloced); break; - case SAM_DELTA_ALIAS_MEM: - break; - case SAM_DELTA_POLICY_INFO: - break; - case SAM_DELTA_PRIVS_INFO: - break; - case SAM_DELTA_TRUST_DOMS: - /* Implemented but broken */ - break; - case SAM_DELTA_SECRET_INFO: - /* Implemented but broken */ - break; - case SAM_DELTA_RENAME_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_RENAME_ALIAS: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_GROUP: - /* Not yet implemented */ - break; - case SAM_DELTA_DELETE_USER: - /* Not yet implemented */ - break; - case SAM_DELTA_MODIFIED_COUNT: - break; + case NETR_DELTA_ALIAS_MEMBER: + case NETR_DELTA_POLICY: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_SECRET: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_MODIFY_COUNT: default: break; } /* end of switch */ @@ -2065,7 +2233,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, DEBUG(1,("unlink(%s) failed, error was (%s)\n", mod_name, strerror(errno))); } - + if (ldif_file && (ldif_file != stdout)) { fclose(ldif_file); } @@ -2079,15 +2247,15 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, return ret; } -/** +/** * Basic usage function for 'net rpc vampire' * @param argc Standard main() style argc * @param argc Standard main() style argv. Initial components are already * stripped **/ -int rpc_vampire_usage(int argc, const char **argv) -{ +int rpc_vampire_usage(int argc, const char **argv) +{ d_printf("net rpc vampire [ldif [] [options]\n" "\t to pull accounts from a remote PDC where we are a BDC\n" "\t\t no args puts accounts in local passdb from smb.conf\n" @@ -2100,13 +2268,13 @@ int rpc_vampire_usage(int argc, const char **argv) /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, - const char *domain_name, +NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, + const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *mem_ctx, int argc, - const char **argv) + const char **argv) { NTSTATUS result; fstring my_dom_sid_str; @@ -2120,7 +2288,7 @@ NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, "workgroup=%s\n\n in your smb.conf?\n", domain_name, get_global_sam_name(), - sid_to_fstring(my_dom_sid_str, + sid_to_fstring(my_dom_sid_str, get_global_sam_sid()), domain_name, sid_to_fstring(rem_dom_sid_str, domain_sid), -- cgit From 29d70de83c8406b9cd8b5ac9b32e49f48208ee90 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 22 Feb 2008 16:19:59 -0800 Subject: Fix "used uninitialized" errors. Jeremy. (This used to be commit 06d15d8a9f94a50337ebf6f651a004bb8b4821f3) --- source3/utils/net_rpc_samsync.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 569bbea857..6287610638 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -979,7 +979,11 @@ static NTSTATUS fetch_alias_mem(uint32_t rid, static NTSTATUS fetch_domain_info(uint32_t rid, struct netr_DELTA_DOMAIN *r) { - time_t u_max_age, u_min_age, u_logout, u_lockoutreset, u_lockouttime; + time_t u_max_age, u_min_age, u_logout; +#if 0 + /* FIXME: gd */ + time_t u_lockoutreset, u_lockouttime; +#endif NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; const char *domname; @@ -1023,7 +1027,6 @@ static NTSTATUS fetch_domain_info(uint32_t rid, /* FIXME: gd */ if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) return nt_status; -#endif if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) return nt_status; @@ -1033,6 +1036,7 @@ static NTSTATUS fetch_domain_info(uint32_t rid, if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) return nt_status; +#endif if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, r->logon_to_chgpass)) -- cgit From 7269a504fdd06fbbe24c2df8e084b41382d71269 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 27 Feb 2008 19:38:48 +0100 Subject: Add my copyright. Guenther (This used to be commit d078a8757182d84dfd3307a2e1b751cf173aaa97) --- source3/utils/net_rpc_samsync.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6287610638..775270a69b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -7,6 +7,7 @@ Copyright (C) Jim McDonough 2005 Modified by Volker Lendecke 2002 Copyright (C) Jeremy Allison 2005. + Copyright (C) Guenther Deschner 2008. This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by -- cgit From 20d77db81fbc4dd3fbd4f1ee2e5041641096f197 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Mar 2008 21:04:31 +0100 Subject: Minor fix for net rpc samdump. Guenther (This used to be commit 2f5e25be276135e9cb4cc0c44ec573d466def66e) --- source3/utils/net_rpc_samsync.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 775270a69b..c1dcf076ba 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -280,7 +280,8 @@ static void display_sam_entry(struct netr_DELTA_ENUM *r) } } -static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) +static void dump_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id) { NTSTATUS result; int i; @@ -289,7 +290,6 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; - enum netr_SamDatabaseID database_id = db_type; uint16_t restart_state = 0; uint32_t sync_context = 0; @@ -297,7 +297,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) return; } - switch( db_type ) { + switch(database_id) { case SAM_DATABASE_DOMAIN: d_printf("Dumping DOMAIN database\n"); break; @@ -308,7 +308,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type) d_printf("Dumping PRIVS databases\n"); break; default: - d_printf("Dumping unknown database type %u\n", db_type ); + d_printf("Dumping unknown database type %u\n", + database_id); break; } -- cgit From 3d62b269c5befcd9dcc3421545971198c2bafe08 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Mar 2008 21:55:42 +0100 Subject: Re-add support for display and vampire of account policies in "net". Guenther (This used to be commit c61499ce02355f5969fa0475ed6e3c278995ecdb) --- source3/utils/net_rpc_samsync.c | 103 ++++++++++++++++++++++++++++++---------- 1 file changed, 78 insertions(+), 25 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c1dcf076ba..819ebedfa4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -97,9 +97,53 @@ static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) return nt_time_to_unix_abs(&nttime); } +static NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, + struct lsa_BinaryString *r, + struct netr_AcctLockStr **str_p) +{ + struct netr_AcctLockStr *str; + enum ndr_err_code ndr_err; + DATA_BLOB blob; + + if (!mem_ctx || !r || !str_p) { + return NT_STATUS_INVALID_PARAMETER; + } + + *str_p = NULL; + + str = TALLOC_ZERO_P(mem_ctx, struct netr_AcctLockStr); + if (!str) { + return NT_STATUS_NO_MEMORY; + } + + blob = data_blob_const(r->string, r->length*2); + + ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str, + (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr); + data_blob_free(&blob); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + return ndr_map_error2ntstatus(ndr_err); + } + + *str_p = str; + + return NT_STATUS_OK; +} + static void display_domain_info(struct netr_DELTA_DOMAIN *r) { time_t u_logout; + struct netr_AcctLockStr *lockstr = NULL; + NTSTATUS status; + TALLOC_CTX *mem_ctx = talloc_tos(); + + status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, + &lockstr); + if (!NT_STATUS_IS_OK(status)) { + d_printf("failed to pull account lockout string: %s\n", + nt_errstr(status)); + } u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); @@ -113,12 +157,12 @@ static void display_domain_info(struct netr_DELTA_DOMAIN *r) d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); -#if 0 - /* FIXME - gd */ - d_printf("Lockout Time: %s\n", display_time(a->account_lockout.lockout_duration)); - d_printf("Lockout Reset Time: %s\n", display_time(a->account_lockout.reset_count)); - d_printf("Bad Attempt Lockout: %d\n", a->account_lockout.bad_attempt_lockout); -#endif + if (lockstr) { + d_printf("Lockout Time: %s\n", display_time((NTTIME)lockstr->lockout_duration)); + d_printf("Lockout Reset Time: %s\n", display_time((NTTIME)lockstr->reset_count)); + d_printf("Bad Attempt Lockout: %d\n", lockstr->bad_attempt_lockout); + } + d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); } @@ -982,21 +1026,29 @@ static NTSTATUS fetch_domain_info(uint32_t rid, struct netr_DELTA_DOMAIN *r) { time_t u_max_age, u_min_age, u_logout; -#if 0 - /* FIXME: gd */ time_t u_lockoutreset, u_lockouttime; -#endif NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; const char *domname; + struct netr_AcctLockStr *lockstr = NULL; + NTSTATUS status; + TALLOC_CTX *mem_ctx = talloc_tos(); + + status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, + &lockstr); + if (!NT_STATUS_IS_OK(status)) { + d_printf("failed to pull account lockout string: %s\n", + nt_errstr(status)); + } u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); -#if 0 - /* FIXME: gd */ - u_lockoutreset = uint64s_nt_time_to_unix_abs(&delta->account_lockout.reset_count); - u_lockouttime = uint64s_nt_time_to_unix_abs(&delta->account_lockout.lockout_duration); -#endif + + if (lockstr) { + u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); + u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); + } + domname = r->domain_name.string; if (!domname) { return NT_STATUS_NO_MEMORY; @@ -1025,20 +1077,21 @@ static NTSTATUS fetch_domain_info(uint32_t rid, if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) return nt_status; -#if 0 -/* FIXME: gd */ - if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, delta->account_lockout.bad_attempt_lockout)) - return nt_status; - if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32)u_lockoutreset/60)) - return nt_status; + if (lockstr) { + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, + lockstr->bad_attempt_lockout)) + return nt_status; - if (u_lockouttime != -1) - u_lockouttime /= 60; + if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60)) + return nt_status; - if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32)u_lockouttime)) - return nt_status; -#endif + if (u_lockouttime != -1) + u_lockouttime /= 60; + + if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime)) + return nt_status; + } if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, r->logon_to_chgpass)) -- cgit From fae5873cada8454f52d4b216888077663a9cd0b2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Mar 2008 09:56:21 +0100 Subject: Fix blob used in pull_netr_AcctLockStr(). Thanks metze. Guenther (This used to be commit 565a30ac3208d89de617b28f4553911484033253) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 819ebedfa4..80bc6eeacb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -116,7 +116,7 @@ static NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, return NT_STATUS_NO_MEMORY; } - blob = data_blob_const(r->string, r->length*2); + blob = data_blob_const(r->array, r->length); ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str, (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr); -- cgit From 9e328fe94281a0ac35d3fd2117f55aaf329e3972 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Mar 2008 00:49:09 +0100 Subject: Zero initial return_authenticator in net rpc samdump. Guenther (This used to be commit 73ead752c5ec7104ea0eed7d963dc36467c81981) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 80bc6eeacb..87d35b3ef6 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -337,6 +337,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, uint16_t restart_state = 0; uint32_t sync_context = 0; + ZERO_STRUCT(return_authenticator); + if (!(mem_ctx = talloc_init("dump_database"))) { return; } -- cgit From 99d35904552b01ef9f2adc40e16887da9eb4de69 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 2 Apr 2008 02:29:48 +0200 Subject: Fix NETLOGON credential chain with Windows 2008 all over the place. In order to avoid receiving NT_STATUS_DOWNGRADE_DETECTED from a w2k8 netr_ServerAuthenticate2 reply, we need to start with the AD netlogon negotiate flags everywhere (not only when running in security=ads). Only for NT4 we need to do a downgrade to the returned negotiate flags. Tested with w2k8, w2ksp4, w2k3r2 and nt4sp6. Guenther (This used to be commit 0970369ca0cb9ae465cff40e5c75739824daf1d0) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 87d35b3ef6..986499731a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -412,7 +412,7 @@ NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; uchar trust_password[16]; - uint32 neg_flags = NETLOGON_NEG_SELECT_AUTH2_FLAGS; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; uint32 sec_channel_type = 0; if (!secrets_fetch_trust_account_password(domain_name, -- cgit From 1c8553783515fa29b3af8499d9a36f92bdcf32cd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 Apr 2008 08:02:46 -0700 Subject: Fix gcc uninitialized variable used warning. Jeremy. (This used to be commit b95f2adeb5e2f7ce71e46e6a6165159483c9a702) --- source3/utils/net_rpc_samsync.c | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 986499731a..06cde2a3fd 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1028,7 +1028,6 @@ static NTSTATUS fetch_domain_info(uint32_t rid, struct netr_DELTA_DOMAIN *r) { time_t u_max_age, u_min_age, u_logout; - time_t u_lockoutreset, u_lockouttime; NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; const char *domname; struct netr_AcctLockStr *lockstr = NULL; @@ -1046,11 +1045,6 @@ static NTSTATUS fetch_domain_info(uint32_t rid, u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); - if (lockstr) { - u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); - u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); - } - domname = r->domain_name.string; if (!domname) { return NT_STATUS_NO_MEMORY; @@ -1081,6 +1075,11 @@ static NTSTATUS fetch_domain_info(uint32_t rid, return nt_status; if (lockstr) { + time_t u_lockoutreset, u_lockouttime; + + u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); + u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); + if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, lockstr->bad_attempt_lockout)) return nt_status; -- cgit From 2a2188591b5ed922d09dc723adcf10f8b8f5e5a0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 19 Apr 2008 21:56:43 +0200 Subject: Add "desthost" to rpc_pipe_client This reduces the dependency on cli_state (This used to be commit 783afab9c891dd7bcb78895b2a639b6f3a0edf5b) --- source3/utils/net_rpc_samsync.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 06cde2a3fd..6ea0a2dcfc 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -330,7 +330,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - const char *logon_server = pipe_hnd->cli->desthost; + const char *logon_server = pipe_hnd->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; @@ -1190,7 +1190,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, NTSTATUS result; int i; TALLOC_CTX *mem_ctx; - const char *logon_server = pipe_hnd->cli->desthost; + const char *logon_server = pipe_hnd->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; @@ -2011,7 +2011,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, uint32 num_deltas; FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL; int num_alloced = 0, g_index = 0, a_index = 0; - const char *logon_server = pipe_hnd->cli->desthost; + const char *logon_server = pipe_hnd->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; -- cgit From f5769109447d8da0f09b102d444a816ad97a00dc Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 9 May 2008 23:22:12 +0200 Subject: net: Remove globals (This used to be commit 1e9319cf88b65a2a8d4f5099a1fe5297e405ed2e) --- source3/utils/net_rpc_samsync.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6ea0a2dcfc..bb09cc483b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -399,7 +399,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, } /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_samdump_internals(const DOM_SID *domain_sid, +NTSTATUS rpc_samdump_internals(struct net_context *c, + const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, @@ -2309,12 +2310,14 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /** * Basic usage function for 'net rpc vampire' + * + * @param c A net_context structure * @param argc Standard main() style argc * @param argc Standard main() style argv. Initial components are already * stripped **/ -int rpc_vampire_usage(int argc, const char **argv) +int rpc_vampire_usage(struct net_context *c, int argc, const char **argv) { d_printf("net rpc vampire [ldif [] [options]\n" "\t to pull accounts from a remote PDC where we are a BDC\n" @@ -2322,13 +2325,14 @@ int rpc_vampire_usage(int argc, const char **argv) "\t\t ldif - put accounts in ldif format (file defaults to " "/tmp/tmp.ldif\n"); - net_common_flags_usage(argc, argv); + net_common_flags_usage(c, argc, argv); return -1; } /* dump sam database via samsync rpc calls */ -NTSTATUS rpc_vampire_internals(const DOM_SID *domain_sid, +NTSTATUS rpc_vampire_internals(struct net_context *c, + const DOM_SID *domain_sid, const char *domain_name, struct cli_state *cli, struct rpc_pipe_client *pipe_hnd, -- cgit From 16938883e6fcae7601eb6343177aa2d56dd2136e Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 12 May 2008 11:53:23 +0200 Subject: net: Use true/false instead of True/False. (This used to be commit a8b567aac3b0e39cfe67fb97167b10312ca5e73a) --- source3/utils/net_rpc_samsync.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bb09cc483b..bbba2c42e3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -777,7 +777,7 @@ static NTSTATUS fetch_group_info(uint32_t rid, DOM_SID group_sid; fstring sid_string; GROUP_MAP map; - bool insert = True; + bool insert = true; fstrcpy(name, r->group_name.string); fstrcpy(comment, r->description.string); @@ -790,7 +790,7 @@ static NTSTATUS fetch_group_info(uint32_t rid, if (pdb_getgrsid(&map, group_sid)) { if ( map.gid != -1 ) grp = getgrgid(map.gid); - insert = False; + insert = false; } if (grp == NULL) { @@ -909,7 +909,7 @@ static NTSTATUS fetch_group_mem_info(uint32_t rid, unix_members = grp->gr_mem; while (*unix_members) { - bool is_nt_member = False; + bool is_nt_member = false; for (i=0; i < r->num_rids; i++) { if (nt_members[i] == NULL) { /* This was a primary group */ @@ -917,7 +917,7 @@ static NTSTATUS fetch_group_mem_info(uint32_t rid, } if (strcmp(*unix_members, nt_members[i]) == 0) { - is_nt_member = True; + is_nt_member = true; break; } } @@ -931,7 +931,7 @@ static NTSTATUS fetch_group_mem_info(uint32_t rid, } for (i=0; i < r->num_rids; i++) { - bool is_unix_member = False; + bool is_unix_member = false; if (nt_members[i] == NULL) { /* This was the primary group */ @@ -942,7 +942,7 @@ static NTSTATUS fetch_group_mem_info(uint32_t rid, while (*unix_members) { if (strcmp(*unix_members, nt_members[i]) == 0) { - is_unix_member = True; + is_unix_member = true; break; } unix_members += 1; @@ -970,7 +970,7 @@ static NTSTATUS fetch_alias_info(uint32_t rid, DOM_SID alias_sid; fstring sid_string; GROUP_MAP map; - bool insert = True; + bool insert = true; fstrcpy(name, r->alias_name.string); fstrcpy(comment, r->description.string); @@ -982,7 +982,7 @@ static NTSTATUS fetch_alias_info(uint32_t rid, if (pdb_getgrsid(&map, alias_sid)) { grp = getgrgid(map.gid); - insert = False; + insert = false; } if (grp == NULL) { @@ -1620,7 +1620,7 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, va_list ap; char *value, *p, *base64; DATA_BLOB base64_blob; - bool do_base64 = False; + bool do_base64 = false; int res; va_start(ap, fmt); @@ -1631,25 +1631,25 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, for (p=value; *p; p++) { if (*p & 0x80) { - do_base64 = True; + do_base64 = true; break; } } if (!do_base64) { - bool only_whitespace = True; + bool only_whitespace = true; for (p=value; *p; p++) { /* * I know that this not multibyte safe, but we break * on the first non-whitespace character anyway. */ if (!isspace(*p)) { - only_whitespace = False; + only_whitespace = false; break; } } if (only_whitespace) { - do_base64 = True; + do_base64 = true; } } -- cgit From 2816e86b06003365c1f09ebcb9a9871cd6a97d3f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jun 2008 00:56:44 +0200 Subject: net: remove some dead code. Guenther (This used to be commit cdd1ce797aefa07780a73d0793c450e2d96f17bb) --- source3/utils/net_rpc_samsync.c | 29 ----------------------------- 1 file changed, 29 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bbba2c42e3..bd8118ab8e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -408,35 +408,6 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, int argc, const char **argv) { -#if 0 - /* net_rpc.c now always tries to create an schannel pipe.. */ - - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - uchar trust_password[16]; - uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; - uint32 sec_channel_type = 0; - - if (!secrets_fetch_trust_account_password(domain_name, - trust_password, - NULL, &sec_channel_type)) { - DEBUG(0,("Could not fetch trust account password\n")); - goto fail; - } - - nt_status = rpccli_netlogon_setup_creds(pipe_hnd, - cli->desthost, - domain_name, - global_myname(), - trust_password, - sec_channel_type, - &neg_flags); - - if (!NT_STATUS_IS_OK(nt_status)) { - DEBUG(0,("Error connecting to NETLOGON pipe\n")); - goto fail; - } -#endif - dump_database(pipe_hnd, SAM_DATABASE_DOMAIN); dump_database(pipe_hnd, SAM_DATABASE_BUILTIN); dump_database(pipe_hnd, SAM_DATABASE_PRIVS); -- cgit From 6ce0c8517256fec9ac9fc7d3f5f9a0f361020ea3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 12:20:01 +0200 Subject: net: Fix bug #5542 (samsync contains empty passwords). Guenther (cherry picked from commit 1a22e975dd1255f3557c1cd873d877aa35822afc) (This used to be commit ad8392cf7c817ee29a03bc6f515bf1cc18a29eda) --- source3/utils/net_rpc_samsync.c | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bd8118ab8e..44c95f9509 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -336,6 +336,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, struct netr_Authenticator return_authenticator; uint16_t restart_state = 0; uint32_t sync_context = 0; + DATA_BLOB session_key; ZERO_STRUCT(return_authenticator); @@ -386,6 +387,14 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, break; } + session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); + + samsync_fix_delta_array(mem_ctx, + &session_key, + true, + database_id, + delta_enum_array); + /* Display results */ for (i = 0; i < delta_enum_array->num_deltas; i++) { display_sam_entry(&delta_enum_array->delta_enum[i]); @@ -1169,6 +1178,7 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, enum netr_SamDatabaseID database_id = db_type; uint16_t restart_state = 0; uint32_t sync_context = 0; + DATA_BLOB session_key; if (!(mem_ctx = talloc_init("fetch_database"))) return NT_STATUS_NO_MEMORY; @@ -1215,6 +1225,14 @@ static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, break; } + session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); + + samsync_fix_delta_array(mem_ctx, + &session_key, + true, + database_id, + delta_enum_array); + for (i = 0; i < delta_enum_array->num_deltas; i++) { fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid); } @@ -1990,6 +2008,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, enum netr_SamDatabaseID database_id = db_type; uint16_t restart_state = 0; uint32_t sync_context = 0; + DATA_BLOB session_key; /* Set up array for mapping accounts to groups */ /* Array element is the group rid */ @@ -2122,6 +2141,14 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, break; } + session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); + + samsync_fix_delta_array(mem_ctx, + &session_key, + true, + database_id, + delta_enum_array); + num_deltas = delta_enum_array->num_deltas; /* Re-allocate memory for groupmap and accountmap arrays */ -- cgit From 26694e6fa09a024371276df5ceb0f58ce947e906 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jun 2008 01:23:43 +0200 Subject: net_vampire: let dump_database() return NTSTATUS. Guenther (This used to be commit b5a0e2d18f8d5c98326fefbda5972c02f898ed82) --- source3/utils/net_rpc_samsync.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 44c95f9509..323f67cc5a 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -324,12 +324,12 @@ static void display_sam_entry(struct netr_DELTA_ENUM *r) } } -static void dump_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id) +static NTSTATUS dump_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id) { - NTSTATUS result; + NTSTATUS result; int i; - TALLOC_CTX *mem_ctx; + TALLOC_CTX *mem_ctx; const char *logon_server = pipe_hnd->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; @@ -341,7 +341,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, ZERO_STRUCT(return_authenticator); if (!(mem_ctx = talloc_init("dump_database"))) { - return; + return NT_STATUS_NO_MEMORY; } switch(database_id) { @@ -380,7 +380,7 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, if (!netlogon_creds_client_check(pipe_hnd->dc, &return_authenticator.cred)) { DEBUG(0,("credentials chain check failed\n")); - return; + return NT_STATUS_ACCESS_DENIED; } if (NT_STATUS_IS_ERR(result)) { @@ -405,6 +405,8 @@ static void dump_database(struct rpc_pipe_client *pipe_hnd, } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); + + return result; } /* dump sam database via samsync rpc calls */ -- cgit From 93880610b49199e9db9a0b51f4e4055e30263da2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jun 2008 01:29:36 +0200 Subject: net_vampire: let fetch_database and fetch_database_to_ldif use sid pointers. Guenther (This used to be commit 0707d32042b23d615b57b2f955775472b766770e) --- source3/utils/net_rpc_samsync.c | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 323f67cc5a..68e87087a0 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -944,7 +944,7 @@ static NTSTATUS fetch_group_mem_info(uint32_t rid, static NTSTATUS fetch_alias_info(uint32_t rid, struct netr_DELTA_ALIAS *r, - DOM_SID dom_sid) + const DOM_SID *dom_sid) { fstring name; fstring comment; @@ -958,7 +958,7 @@ static NTSTATUS fetch_alias_info(uint32_t rid, fstrcpy(comment, r->description.string); /* Find out whether the group is already mapped */ - sid_copy(&alias_sid, &dom_sid); + sid_copy(&alias_sid, dom_sid); sid_append_rid(&alias_sid, rid); sid_to_fstring(sid_string, &alias_sid); @@ -984,7 +984,7 @@ static NTSTATUS fetch_alias_info(uint32_t rid, map.gid = grp->gr_gid; map.sid = alias_sid; - if (sid_equal(&dom_sid, &global_sid_Builtin)) + if (sid_equal(dom_sid, &global_sid_Builtin)) map.sid_name_use = SID_NAME_WKN_GRP; else map.sid_name_use = SID_NAME_ALIAS; @@ -1002,7 +1002,7 @@ static NTSTATUS fetch_alias_info(uint32_t rid, static NTSTATUS fetch_alias_mem(uint32_t rid, struct netr_DELTA_ALIAS_MEMBER *r, - DOM_SID dom_sid) + const DOM_SID *dom_sid) { return NT_STATUS_OK; } @@ -1084,7 +1084,7 @@ static NTSTATUS fetch_domain_info(uint32_t rid, return NT_STATUS_OK; } -static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid) +static void fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_sid) { switch(r->delta_type) { case NETR_DELTA_USER: @@ -1168,7 +1168,7 @@ static void fetch_sam_entry(struct netr_DELTA_ENUM *r, DOM_SID dom_sid) } } -static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, DOM_SID dom_sid) +static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, const DOM_SID *dom_sid) { NTSTATUS result; int i; @@ -1988,7 +1988,7 @@ static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, uint32 db_type, - DOM_SID dom_sid, + const DOM_SID *dom_sid, const char *user_file) { char *suffix; @@ -2057,7 +2057,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, } /* Get the sid */ - sid_to_fstring(sid, &dom_sid); + sid_to_fstring(sid, dom_sid); /* Get the ldap suffix */ suffix = lp_ldap_suffix(); @@ -2362,10 +2362,10 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, - *domain_sid, argv[1]); + domain_sid, argv[1]); } else { result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, - *domain_sid); + domain_sid); } if (!NT_STATUS_IS_OK(result)) { @@ -2379,10 +2379,10 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, - global_sid_Builtin, argv[1]); + &global_sid_Builtin, argv[1]); } else { result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, - global_sid_Builtin); + &global_sid_Builtin); } if (!NT_STATUS_IS_OK(result)) { -- cgit From 4cae70e548aeca7549da398c90bb7c34b12961e1 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jun 2008 01:46:58 +0200 Subject: net_vampire: join dump and process function into one callback. Guenther (This used to be commit e9b79f34d5afe10ee8d9b1e2dd19c8aafa533579) --- source3/utils/net_rpc_samsync.c | 150 +++++++++++++++------------------------- 1 file changed, 54 insertions(+), 96 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 68e87087a0..510baa4f51 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -32,6 +32,11 @@ static uint32 ldif_uid = 999; /* Keep track of ldap initialization */ static int init_ldap = 1; +enum net_samsync_mode { + NET_SAMSYNC_MODE_FETCH_PASSDB = 0, + NET_SAMSYNC_MODE_DUMP = 1 +}; + static void display_group_mem_info(uint32_t rid, struct netr_DELTA_GROUP_MEMBER *r) { @@ -172,7 +177,8 @@ static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) d_printf("desc='%s', rid=%u\n", r->description.string, rid); } -static void display_sam_entry(struct netr_DELTA_ENUM *r) +static NTSTATUS display_sam_entry(struct netr_DELTA_ENUM *r, + const DOM_SID *domain_sid) { union netr_DELTA_UNION u = r->delta_union; union netr_DELTA_ID_UNION id = r->delta_id_union; @@ -322,10 +328,14 @@ static void display_sam_entry(struct netr_DELTA_ENUM *r) r->delta_type); break; } + + return NT_STATUS_OK; } -static NTSTATUS dump_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id) +static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + enum net_samsync_mode mode, + NTSTATUS (*callback_fn)(struct netr_DELTA_ENUM *, const DOM_SID *), const DOM_SID *domain_sid) { NTSTATUS result; int i; @@ -337,26 +347,39 @@ static NTSTATUS dump_database(struct rpc_pipe_client *pipe_hnd, uint16_t restart_state = 0; uint32_t sync_context = 0; DATA_BLOB session_key; + const char *action = NULL; ZERO_STRUCT(return_authenticator); - if (!(mem_ctx = talloc_init("dump_database"))) { + if (!(mem_ctx = talloc_init("process_database"))) { return NT_STATUS_NO_MEMORY; } - switch(database_id) { + switch (mode) { + case NET_SAMSYNC_MODE_DUMP: + action = "Dumping"; + break; + case NET_SAMSYNC_MODE_FETCH_PASSDB: + action = "Fetching"; + break; + default: + action = "Unknown"; + break; + } + + switch (database_id) { case SAM_DATABASE_DOMAIN: - d_printf("Dumping DOMAIN database\n"); + d_printf("%s DOMAIN database\n", action); break; case SAM_DATABASE_BUILTIN: - d_printf("Dumping BUILTIN database\n"); + d_printf("%s BUILTIN database\n", action); break; case SAM_DATABASE_PRIVS: - d_printf("Dumping PRIVS databases\n"); + d_printf("%s PRIVS databases\n", action); break; default: - d_printf("Dumping unknown database type %u\n", - database_id); + d_printf("%s unknown database type %u\n", + action, database_id); break; } @@ -397,7 +420,8 @@ static NTSTATUS dump_database(struct rpc_pipe_client *pipe_hnd, /* Display results */ for (i = 0; i < delta_enum_array->num_deltas; i++) { - display_sam_entry(&delta_enum_array->delta_enum[i]); + callback_fn(&delta_enum_array->delta_enum[i], + domain_sid); } TALLOC_FREE(delta_enum_array); @@ -419,9 +443,17 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, int argc, const char **argv) { - dump_database(pipe_hnd, SAM_DATABASE_DOMAIN); - dump_database(pipe_hnd, SAM_DATABASE_BUILTIN); - dump_database(pipe_hnd, SAM_DATABASE_PRIVS); + process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + NET_SAMSYNC_MODE_DUMP, + display_sam_entry, domain_sid); + + process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + NET_SAMSYNC_MODE_DUMP, + display_sam_entry, domain_sid); + + process_database(pipe_hnd, SAM_DATABASE_PRIVS, + NET_SAMSYNC_MODE_DUMP, + display_sam_entry, domain_sid); return NT_STATUS_OK; } @@ -1084,7 +1116,7 @@ static NTSTATUS fetch_domain_info(uint32_t rid, return NT_STATUS_OK; } -static void fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_sid) +static NTSTATUS fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_sid) { switch(r->delta_type) { case NETR_DELTA_USER: @@ -1166,84 +1198,8 @@ static void fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_sid) d_printf("Unknown delta record type %d\n", r->delta_type); break; } -} - -static NTSTATUS fetch_database(struct rpc_pipe_client *pipe_hnd, uint32 db_type, const DOM_SID *dom_sid) -{ - NTSTATUS result; - int i; - TALLOC_CTX *mem_ctx; - const char *logon_server = pipe_hnd->desthost; - const char *computername = global_myname(); - struct netr_Authenticator credential; - struct netr_Authenticator return_authenticator; - enum netr_SamDatabaseID database_id = db_type; - uint16_t restart_state = 0; - uint32_t sync_context = 0; - DATA_BLOB session_key; - - if (!(mem_ctx = talloc_init("fetch_database"))) - return NT_STATUS_NO_MEMORY; - - switch( db_type ) { - case SAM_DATABASE_DOMAIN: - d_printf("Fetching DOMAIN database\n"); - break; - case SAM_DATABASE_BUILTIN: - d_printf("Fetching BUILTIN database\n"); - break; - case SAM_DATABASE_PRIVS: - d_printf("Fetching PRIVS databases\n"); - break; - default: - d_printf("Fetching unknown database type %u\n", db_type ); - break; - } - - do { - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - - netlogon_creds_client_step(pipe_hnd->dc, &credential); - - result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, - logon_server, - computername, - &credential, - &return_authenticator, - database_id, - restart_state, - &sync_context, - &delta_enum_array, - 0xffff); - - /* Check returned credentials. */ - if (!netlogon_creds_client_check(pipe_hnd->dc, - &return_authenticator.cred)) { - DEBUG(0,("credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_ERR(result)) { - break; - } - - session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); - - samsync_fix_delta_array(mem_ctx, - &session_key, - true, - database_id, - delta_enum_array); - - for (i = 0; i < delta_enum_array->num_deltas; i++) { - fetch_sam_entry(&delta_enum_array->delta_enum[i], dom_sid); - } - - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - - talloc_destroy(mem_ctx); - return result; + return NT_STATUS_OK; } static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char @@ -2364,8 +2320,9 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, domain_sid, argv[1]); } else { - result = fetch_database(pipe_hnd, SAM_DATABASE_DOMAIN, - domain_sid); + result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + NET_SAMSYNC_MODE_FETCH_PASSDB, + fetch_sam_entry, domain_sid); } if (!NT_STATUS_IS_OK(result)) { @@ -2381,8 +2338,9 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, &global_sid_Builtin, argv[1]); } else { - result = fetch_database(pipe_hnd, SAM_DATABASE_BUILTIN, - &global_sid_Builtin); + result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + NET_SAMSYNC_MODE_FETCH_PASSDB, + fetch_sam_entry, &global_sid_Builtin); } if (!NT_STATUS_IS_OK(result)) { -- cgit From 339d868b173ed55554fb596a8fcfdbab99e64ec0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 11 Jun 2008 02:29:58 +0200 Subject: net_vampire: start using talloc for the ldif vampire code. Guenther (This used to be commit ae179e4f3faccbf2c9f19b6f070f5daf87cdfc50) --- source3/utils/net_rpc_samsync.c | 256 ++++++++++++++++++++++------------------ 1 file changed, 138 insertions(+), 118 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 510baa4f51..cdda0232d8 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1459,100 +1459,114 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch return NT_STATUS_OK; } -static NTSTATUS map_populate_groups(GROUPMAP *groupmap, ACCOUNTMAP *accountmap, fstring sid, - const char *suffix, const char *builtin_sid) +static NTSTATUS map_populate_groups(TALLOC_CTX *mem_ctx, + GROUPMAP *groupmap, + ACCOUNTMAP *accountmap, + fstring sid, + const char *suffix, + const char *builtin_sid) { char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); /* Map the groups created by populate_ldap_for_ldif */ - groupmap[0].rid = 512; - groupmap[0].gidNumber = 512; - snprintf(groupmap[0].sambaSID, sizeof(groupmap[0].sambaSID), - "%s-512", sid); - snprintf(groupmap[0].group_dn, sizeof(groupmap[0].group_dn), - "cn=Domain Admins,ou=%s,%s", - group_attr, suffix); - accountmap[0].rid = 512; - snprintf(accountmap[0].cn, sizeof(accountmap[0].cn), - "%s", "Domain Admins"); - - groupmap[1].rid = 513; - groupmap[1].gidNumber = 513; - snprintf(groupmap[1].sambaSID, sizeof(groupmap[1].sambaSID), - "%s-513", sid); - snprintf(groupmap[1].group_dn, sizeof(groupmap[1].group_dn), - "cn=Domain Users,ou=%s,%s", - group_attr, suffix); - accountmap[1].rid = 513; - snprintf(accountmap[1].cn, sizeof(accountmap[1].cn), - "%s", "Domain Users"); - - groupmap[2].rid = 514; - groupmap[2].gidNumber = 514; - snprintf(groupmap[2].sambaSID, sizeof(groupmap[2].sambaSID), - "%s-514", sid); - snprintf(groupmap[2].group_dn, sizeof(groupmap[2].group_dn), - "cn=Domain Guests,ou=%s,%s", - group_attr, suffix); - accountmap[2].rid = 514; - snprintf(accountmap[2].cn, sizeof(accountmap[2].cn), - "%s", "Domain Guests"); - - groupmap[3].rid = 515; - groupmap[3].gidNumber = 515; - snprintf(groupmap[3].sambaSID, sizeof(groupmap[3].sambaSID), - "%s-515", sid); - snprintf(groupmap[3].group_dn, sizeof(groupmap[3].group_dn), - "cn=Domain Computers,ou=%s,%s", - group_attr, suffix); - accountmap[3].rid = 515; - snprintf(accountmap[3].cn, sizeof(accountmap[3].cn), - "%s", "Domain Computers"); - - groupmap[4].rid = 544; - groupmap[4].gidNumber = 544; - snprintf(groupmap[4].sambaSID, sizeof(groupmap[4].sambaSID), - "%s-544", builtin_sid); - snprintf(groupmap[4].group_dn, sizeof(groupmap[4].group_dn), - "cn=Administrators,ou=%s,%s", - group_attr, suffix); - accountmap[4].rid = 515; - snprintf(accountmap[4].cn, sizeof(accountmap[4].cn), - "%s", "Administrators"); - - groupmap[5].rid = 550; - groupmap[5].gidNumber = 550; - snprintf(groupmap[5].sambaSID, sizeof(groupmap[5].sambaSID), - "%s-550", builtin_sid); - snprintf(groupmap[5].group_dn, sizeof(groupmap[5].group_dn), - "cn=Print Operators,ou=%s,%s", - group_attr, suffix); - accountmap[5].rid = 550; - snprintf(accountmap[5].cn, sizeof(accountmap[5].cn), - "%s", "Print Operators"); - - groupmap[6].rid = 551; - groupmap[6].gidNumber = 551; - snprintf(groupmap[6].sambaSID, sizeof(groupmap[6].sambaSID), - "%s-551", builtin_sid); - snprintf(groupmap[6].group_dn, sizeof(groupmap[6].group_dn), - "cn=Backup Operators,ou=%s,%s", - group_attr, suffix); - accountmap[6].rid = 551; - snprintf(accountmap[6].cn, sizeof(accountmap[6].cn), - "%s", "Backup Operators"); - - groupmap[7].rid = 552; - groupmap[7].gidNumber = 552; - snprintf(groupmap[7].sambaSID, sizeof(groupmap[7].sambaSID), - "%s-552", builtin_sid); - snprintf(groupmap[7].group_dn, sizeof(groupmap[7].group_dn), - "cn=Replicators,ou=%s,%s", - group_attr, suffix); - accountmap[7].rid = 551; - snprintf(accountmap[7].cn, sizeof(accountmap[7].cn), - "%s", "Replicators"); + groupmap[0].rid = 512; + groupmap[0].gidNumber = 512; + groupmap[0].sambaSID = talloc_asprintf(mem_ctx, "%s-512", sid); + groupmap[0].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Admins,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[0].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[0].group_dn); + + accountmap[0].rid = 512; + accountmap[0].cn = talloc_strdup(mem_ctx, "Domain Admins"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[0].cn); + + groupmap[1].rid = 513; + groupmap[1].gidNumber = 513; + groupmap[1].sambaSID = talloc_asprintf(mem_ctx, "%s-513", sid); + groupmap[1].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Users,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[1].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[1].group_dn); + + accountmap[1].rid = 513; + accountmap[1].cn = talloc_strdup(mem_ctx, "Domain Users"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[1].cn); + + groupmap[2].rid = 514; + groupmap[2].gidNumber = 514; + groupmap[2].sambaSID = talloc_asprintf(mem_ctx, "%s-514", sid); + groupmap[2].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Guests,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[2].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[2].group_dn); + + accountmap[2].rid = 514; + accountmap[2].cn = talloc_strdup(mem_ctx, "Domain Guests"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[2].cn); + + groupmap[3].rid = 515; + groupmap[3].gidNumber = 515; + groupmap[3].sambaSID = talloc_asprintf(mem_ctx, "%s-515", sid); + groupmap[3].group_dn = talloc_asprintf(mem_ctx, + "cn=Domain Computers,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[3].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[3].group_dn); + + accountmap[3].rid = 515; + accountmap[3].cn = talloc_strdup(mem_ctx, "Domain Computers"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[3].cn); + + groupmap[4].rid = 544; + groupmap[4].gidNumber = 544; + groupmap[4].sambaSID = talloc_asprintf(mem_ctx, "%s-544", builtin_sid); + groupmap[4].group_dn = talloc_asprintf(mem_ctx, + "cn=Administrators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[4].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[4].group_dn); + + accountmap[4].rid = 515; + accountmap[4].cn = talloc_strdup(mem_ctx, "Administrators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[4].cn); + + groupmap[5].rid = 550; + groupmap[5].gidNumber = 550; + groupmap[5].sambaSID = talloc_asprintf(mem_ctx, "%s-550", builtin_sid); + groupmap[5].group_dn = talloc_asprintf(mem_ctx, + "cn=Print Operators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[5].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[5].group_dn); + + accountmap[5].rid = 550; + accountmap[5].cn = talloc_strdup(mem_ctx, "Print Operators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[5].cn); + + groupmap[6].rid = 551; + groupmap[6].gidNumber = 551; + groupmap[6].sambaSID = talloc_asprintf(mem_ctx, "%s-551", builtin_sid); + groupmap[6].group_dn = talloc_asprintf(mem_ctx, + "cn=Backup Operators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[6].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[6].group_dn); + + accountmap[6].rid = 551; + accountmap[6].cn = talloc_strdup(mem_ctx, "Backup Operators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[6].cn); + + groupmap[7].rid = 552; + groupmap[7].gidNumber = 552; + groupmap[7].sambaSID = talloc_asprintf(mem_ctx, "%s-552", builtin_sid); + groupmap[7].group_dn = talloc_asprintf(mem_ctx, + "cn=Replicators,ou=%s,%s", group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap[7].sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap[7].group_dn); + + accountmap[7].rid = 551; + accountmap[7].cn = talloc_strdup(mem_ctx, "Replicators"); + NT_STATUS_HAVE_NO_MEMORY(accountmap[7].cn); + SAFE_FREE(group_attr); + return NT_STATUS_OK; } @@ -1617,8 +1631,12 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, return res; } -static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *groupmap, - FILE *add_fd, fstring sid, char *suffix) +static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_GROUP *r, + GROUPMAP *groupmap, + FILE *add_fd, + fstring sid, + char *suffix) { fstring groupname; uint32 grouptype = 0, g_rid = 0; @@ -1650,10 +1668,11 @@ static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *g g_rid = r->rid; groupmap->rid = g_rid; groupmap->gidNumber = ldif_gid; - snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), - "%s-%d", sid, g_rid); - snprintf(groupmap->group_dn, sizeof(groupmap->group_dn), - "cn=%s,ou=%s,%s", groupname, group_attr, suffix); + groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); + groupmap->group_dn = talloc_asprintf(mem_ctx, + "cn=%s,ou=%s,%s", groupname, group_attr, suffix); + NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); + NT_STATUS_HAVE_NO_MEMORY(groupmap->group_dn); /* Write the data to the temporary add ldif file */ fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr, @@ -1675,7 +1694,8 @@ static NTSTATUS fetch_group_info_to_ldif(struct netr_DELTA_GROUP *r, GROUPMAP *g return NT_STATUS_OK; } -static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, +static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_USER *r, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, @@ -1702,7 +1722,8 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, /* Map the rid and username for group member info later */ accountmap->rid = rid; - snprintf(accountmap->cn, sizeof(accountmap->cn), "%s", username); + accountmap->cn = talloc_strdup(mem_ctx, username); + NT_STATUS_HAVE_NO_MEMORY(accountmap->cn); /* Get the home directory */ if (r->acct_flags & ACB_NORMAL) { @@ -1820,7 +1841,8 @@ static NTSTATUS fetch_account_info_to_ldif(struct netr_DELTA_USER *r, return NT_STATUS_OK; } -static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r, +static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, + struct netr_DELTA_ALIAS *r, GROUPMAP *groupmap, FILE *add_fd, fstring sid, char *suffix, @@ -1872,8 +1894,8 @@ static NTSTATUS fetch_alias_info_to_ldif(struct netr_DELTA_ALIAS *r, /* Map the group rid and gid */ g_rid = r->rid; groupmap->gidNumber = ldif_gid; - snprintf(groupmap->sambaSID, sizeof(groupmap->sambaSID), - "%s-%d", sid, g_rid); + groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); + NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); /* Write the data to the temporary add ldif file */ fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, @@ -2030,25 +2052,27 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, /* Allocate initial memory for groupmap and accountmap arrays */ if (init_ldap == 1) { - groupmap = SMB_MALLOC_ARRAY(GROUPMAP, 8); - accountmap = SMB_MALLOC_ARRAY(ACCOUNTMAP, 8); + groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8); + accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8); if (groupmap == NULL || accountmap == NULL) { DEBUG(1,("GROUPMAP malloc failed\n")); ret = NT_STATUS_NO_MEMORY; goto done; } - /* Initialize the arrays */ - memset(groupmap, 0, sizeof(GROUPMAP)*8); - memset(accountmap, 0, sizeof(ACCOUNTMAP)*8); - /* Remember how many we malloced */ num_alloced = 8; /* Initial database population */ - populate_ldap_for_ldif(sid, suffix, builtin_sid, add_file); - map_populate_groups(groupmap, accountmap, sid, suffix, + ret = populate_ldap_for_ldif(sid, suffix, builtin_sid, add_file); + if (!NT_STATUS_IS_OK(ret)) { + goto done; + } + ret = map_populate_groups(mem_ctx, groupmap, accountmap, sid, suffix, builtin_sid); + if (!NT_STATUS_IS_OK(ret)) { + goto done; + } /* Don't do this again */ init_ldap = 0; @@ -2110,12 +2134,12 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, num_deltas = delta_enum_array->num_deltas; /* Re-allocate memory for groupmap and accountmap arrays */ - groupmap = SMB_REALLOC_ARRAY(groupmap, GROUPMAP, + groupmap = TALLOC_REALLOC_ARRAY(mem_ctx, groupmap, GROUPMAP, num_deltas+num_alloced); - accountmap = SMB_REALLOC_ARRAY(accountmap, ACCOUNTMAP, + accountmap = TALLOC_REALLOC_ARRAY(mem_ctx, accountmap, ACCOUNTMAP, num_deltas+num_alloced); if (groupmap == NULL || accountmap == NULL) { - DEBUG(1,("GROUPMAP malloc failed\n")); + DEBUG(1,("GROUPMAP talloc failed\n")); ret = NT_STATUS_NO_MEMORY; goto done; } @@ -2145,7 +2169,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, break; case NETR_DELTA_GROUP: - fetch_group_info_to_ldif( + fetch_group_info_to_ldif(mem_ctx, u.group, &groupmap[g_index], add_file, sid, suffix); @@ -2153,7 +2177,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, break; case NETR_DELTA_USER: - fetch_account_info_to_ldif( + fetch_account_info_to_ldif(mem_ctx, u.user, groupmap, &accountmap[a_index], add_file, sid, suffix, num_alloced); @@ -2161,7 +2185,7 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, break; case NETR_DELTA_ALIAS: - fetch_alias_info_to_ldif( + fetch_alias_info_to_ldif(mem_ctx, u.alias, &groupmap[g_index], add_file, sid, suffix, db_type); g_index++; @@ -2255,10 +2279,6 @@ static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, fclose(ldif_file); } - /* Deallocate memory for the mapping arrays */ - SAFE_FREE(groupmap); - SAFE_FREE(accountmap); - /* Return */ talloc_destroy(mem_ctx); return ret; -- cgit From 7a1fa41dcafc0f2c2ae1052ba7dced0c06632b72 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 12 Jun 2008 12:35:46 +0200 Subject: net_vampire: restructure internal code more. Guenther (This used to be commit 9557504d70fe57098914da131b39212faf4f0a7d) --- source3/utils/net_rpc_samsync.c | 738 +++++++++++++++++++++++----------------- 1 file changed, 426 insertions(+), 312 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index cdda0232d8..f6483bdba2 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -29,13 +29,6 @@ /* uid's and gid's for writing deltas to ldif */ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; -/* Keep track of ldap initialization */ -static int init_ldap = 1; - -enum net_samsync_mode { - NET_SAMSYNC_MODE_FETCH_PASSDB = 0, - NET_SAMSYNC_MODE_DUMP = 1 -}; static void display_group_mem_info(uint32_t rid, struct netr_DELTA_GROUP_MEMBER *r) @@ -177,8 +170,11 @@ static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) d_printf("desc='%s', rid=%u\n", r->description.string, rid); } -static NTSTATUS display_sam_entry(struct netr_DELTA_ENUM *r, - const DOM_SID *domain_sid) +static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + NTSTATUS status, + struct samsync_context *ctx) { union netr_DELTA_UNION u = r->delta_union; union netr_DELTA_ID_UNION id = r->delta_id_union; @@ -332,13 +328,33 @@ static NTSTATUS display_sam_entry(struct netr_DELTA_ENUM *r, return NT_STATUS_OK; } +static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx) +{ + int i; + + for (i = 0; i < r->num_deltas; i++) { + display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], status, ctx); + } + + return NT_STATUS_OK; +} + +typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, + enum netr_SamDatabaseID, + struct netr_DELTA_ENUM_ARRAY *, + NTSTATUS, + struct samsync_context *); + static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, enum netr_SamDatabaseID database_id, - enum net_samsync_mode mode, - NTSTATUS (*callback_fn)(struct netr_DELTA_ENUM *, const DOM_SID *), const DOM_SID *domain_sid) + samsync_fn_t callback_fn, + struct samsync_context *ctx) { NTSTATUS result; - int i; TALLOC_CTX *mem_ctx; const char *logon_server = pipe_hnd->desthost; const char *computername = global_myname(); @@ -355,12 +371,15 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, return NT_STATUS_NO_MEMORY; } - switch (mode) { + switch (ctx->mode) { case NET_SAMSYNC_MODE_DUMP: - action = "Dumping"; + action = "Dumping (to stdout)"; break; case NET_SAMSYNC_MODE_FETCH_PASSDB: - action = "Fetching"; + action = "Fetching (to passdb)"; + break; + case NET_SAMSYNC_MODE_FETCH_LDIF: + action = "Fetching (to ldif)"; break; default: action = "Unknown"; @@ -369,16 +388,16 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, switch (database_id) { case SAM_DATABASE_DOMAIN: - d_printf("%s DOMAIN database\n", action); + d_fprintf(stderr, "%s DOMAIN database\n", action); break; case SAM_DATABASE_BUILTIN: - d_printf("%s BUILTIN database\n", action); + d_fprintf(stderr, "%s BUILTIN database\n", action); break; case SAM_DATABASE_PRIVS: - d_printf("%s PRIVS databases\n", action); + d_fprintf(stderr, "%s PRIVS databases\n", action); break; default: - d_printf("%s unknown database type %u\n", + d_fprintf(stderr, "%s unknown database type %u\n", action, database_id); break; } @@ -398,6 +417,9 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, &sync_context, &delta_enum_array, 0xffff); + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { + return result; + } /* Check returned credentials. */ if (!netlogon_creds_client_check(pipe_hnd->dc, @@ -418,14 +440,14 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, database_id, delta_enum_array); - /* Display results */ - for (i = 0; i < delta_enum_array->num_deltas; i++) { - callback_fn(&delta_enum_array->delta_enum[i], - domain_sid); - } + /* Process results */ + callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); TALLOC_FREE(delta_enum_array); + /* Increment sync_context */ + sync_context += 1; + } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); talloc_destroy(mem_ctx); @@ -443,17 +465,22 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, int argc, const char **argv) { + struct samsync_context *ctx; + + ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->mode = NET_SAMSYNC_MODE_DUMP; + ctx->domain_sid = domain_sid; + process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - NET_SAMSYNC_MODE_DUMP, - display_sam_entry, domain_sid); + display_sam_entries, ctx); process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - NET_SAMSYNC_MODE_DUMP, - display_sam_entry, domain_sid); + display_sam_entries, ctx); process_database(pipe_hnd, SAM_DATABASE_PRIVS, - NET_SAMSYNC_MODE_DUMP, - display_sam_entry, domain_sid); + display_sam_entries, ctx); return NT_STATUS_OK; } @@ -1116,7 +1143,10 @@ static NTSTATUS fetch_domain_info(uint32_t rid, return NT_STATUS_OK; } -static NTSTATUS fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_sid) +static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + struct samsync_context *ctx) { switch(r->delta_type) { case NETR_DELTA_USER: @@ -1134,12 +1164,12 @@ static NTSTATUS fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_si case NETR_DELTA_ALIAS: fetch_alias_info(r->delta_id_union.rid, r->delta_union.alias, - dom_sid); + ctx->domain_sid); break; case NETR_DELTA_ALIAS_MEMBER: fetch_alias_mem(r->delta_id_union.rid, r->delta_union.alias_member, - dom_sid); + ctx->domain_sid); break; case NETR_DELTA_DOMAIN: fetch_domain_info(r->delta_id_union.rid, @@ -1202,8 +1232,28 @@ static NTSTATUS fetch_sam_entry(struct netr_DELTA_ENUM *r, const DOM_SID *dom_si return NT_STATUS_OK; } -static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const char - *builtin_sid, FILE *add_fd) +static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS status, + struct samsync_context *ctx) +{ + int i; + + for (i = 0; i < r->num_deltas; i++) { + fetch_sam_entry(mem_ctx, database_id, &r->delta_enum[i], ctx); + } + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS populate_ldap_for_ldif(const char *sid, + const char *suffix, + const char *builtin_sid, + FILE *add_fd) { const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; char *user_attr=NULL, *group_attr=NULL; @@ -1459,10 +1509,13 @@ static NTSTATUS populate_ldap_for_ldif(fstring sid, const char *suffix, const ch return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + static NTSTATUS map_populate_groups(TALLOC_CTX *mem_ctx, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, - fstring sid, + const char *sid, const char *suffix, const char *builtin_sid) { @@ -1631,20 +1684,20 @@ static int fprintf_attr(FILE *add_fd, const char *attr_name, return res; } +/**************************************************************** +****************************************************************/ + static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, struct netr_DELTA_GROUP *r, GROUPMAP *groupmap, FILE *add_fd, - fstring sid, - char *suffix) + const char *sid, + const char *suffix) { - fstring groupname; + const char *groupname = r->group_name.string; uint32 grouptype = 0, g_rid = 0; char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); - /* Get the group name */ - fstrcpy(groupname, r->group_name.string); - /* Set up the group type (always 2 for group info) */ grouptype = 2; @@ -1694,12 +1747,16 @@ static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, struct netr_DELTA_USER *r, GROUPMAP *groupmap, ACCOUNTMAP *accountmap, FILE *add_fd, - fstring sid, char *suffix, + const char *sid, + const char *suffix, int alloced) { fstring username, logonscript, homedrive, homepath = "", homedir = ""; @@ -1841,12 +1898,16 @@ static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, struct netr_DELTA_ALIAS *r, GROUPMAP *groupmap, - FILE *add_fd, fstring sid, - char *suffix, - unsigned db_type) + FILE *add_fd, + const char *sid, + const char *suffix, + enum netr_SamDatabaseID database_id) { fstring aliasname, description; uint32 grouptype = 0, g_rid = 0; @@ -1859,7 +1920,7 @@ static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, fstrcpy(description, r->description.string); /* Set up the group type */ - switch (db_type) { + switch (database_id) { case SAM_DATABASE_DOMAIN: grouptype = 4; break; @@ -1919,6 +1980,9 @@ static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, uint32_t id_rid, GROUPMAP *groupmap, @@ -1964,324 +2028,370 @@ static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, return NT_STATUS_OK; } -static NTSTATUS fetch_database_to_ldif(struct rpc_pipe_client *pipe_hnd, - uint32 db_type, - const DOM_SID *dom_sid, - const char *user_file) +/**************************************************************** +****************************************************************/ + +static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id) { - char *suffix; - const char *builtin_sid = "S-1-5-32"; - char *add_name = NULL, *mod_name = NULL; + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + struct samsync_ldif_context *r; const char *add_template = "/tmp/add.ldif.XXXXXX"; const char *mod_template = "/tmp/mod.ldif.XXXXXX"; - fstring sid, domainname; - NTSTATUS ret = NT_STATUS_OK, result; - int k; - TALLOC_CTX *mem_ctx; - uint32 num_deltas; - FILE *add_file = NULL, *mod_file = NULL, *ldif_file = NULL; - int num_alloced = 0, g_index = 0, a_index = 0; - const char *logon_server = pipe_hnd->desthost; - const char *computername = global_myname(); - struct netr_Authenticator credential; - struct netr_Authenticator return_authenticator; - enum netr_SamDatabaseID database_id = db_type; - uint16_t restart_state = 0; - uint32_t sync_context = 0; - DATA_BLOB session_key; + const char *builtin_sid = "S-1-5-32"; - /* Set up array for mapping accounts to groups */ - /* Array element is the group rid */ - GROUPMAP *groupmap = NULL; + if (ctx->ldif && ctx->ldif->initialized) { + return NT_STATUS_OK; + } - /* Set up array for mapping account rid's to cn's */ - /* Array element is the account rid */ - ACCOUNTMAP *accountmap = NULL; + r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context); + NT_STATUS_HAVE_NO_MEMORY(r); - if (!(mem_ctx = talloc_init("fetch_database"))) { - return NT_STATUS_NO_MEMORY; + /* Get other smb.conf data */ + if (!(lp_workgroup()) || !*(lp_workgroup())) { + DEBUG(0,("workgroup missing from smb.conf--exiting\n")); + exit(1); } + /* Get the ldap suffix */ + r->suffix = lp_ldap_suffix(); + if (r->suffix == NULL || strcmp(r->suffix, "") == 0) { + DEBUG(0,("ldap suffix missing from smb.conf--exiting\n")); + exit(1); + } + + /* Get the sid */ + ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str); + /* Ensure we have an output file */ - if (user_file) - ldif_file = fopen(user_file, "a"); - else - ldif_file = stdout; + if (ctx->ldif_filename) { + r->ldif_file = fopen(ctx->ldif_filename, "a"); + } else { + r->ldif_file = stdout; + } - if (!ldif_file) { - fprintf(stderr, "Could not open %s\n", user_file); - DEBUG(1, ("Could not open %s\n", user_file)); - ret = NT_STATUS_UNSUCCESSFUL; + if (!r->ldif_file) { + fprintf(stderr, "Could not open %s\n", ctx->ldif_filename); + DEBUG(1, ("Could not open %s\n", ctx->ldif_filename)); + status = NT_STATUS_UNSUCCESSFUL; goto done; } - add_name = talloc_strdup(mem_ctx, add_template); - mod_name = talloc_strdup(mem_ctx, mod_template); - if (!add_name || !mod_name) { - ret = NT_STATUS_NO_MEMORY; + r->add_template = talloc_strdup(mem_ctx, add_template); + r->mod_template = talloc_strdup(mem_ctx, mod_template); + if (!r->add_template || !r->mod_template) { + status = NT_STATUS_NO_MEMORY; goto done; } - /* Open the add and mod ldif files */ - if (!(add_file = fdopen(smb_mkstemp(add_name),"w"))) { - DEBUG(1, ("Could not open %s\n", add_name)); - ret = NT_STATUS_UNSUCCESSFUL; + r->add_name = talloc_strdup(mem_ctx, add_template); + r->mod_name = talloc_strdup(mem_ctx, mod_template); + if (!r->add_name || !r->mod_name) { + status = NT_STATUS_NO_MEMORY; goto done; } - if (!(mod_file = fdopen(smb_mkstemp(mod_name),"w"))) { - DEBUG(1, ("Could not open %s\n", mod_name)); - ret = NT_STATUS_UNSUCCESSFUL; + + /* Open the add and mod ldif files */ + if (!(r->add_file = fdopen(smb_mkstemp(r->add_name),"w"))) { + DEBUG(1, ("Could not open %s\n", r->add_name)); + status = NT_STATUS_UNSUCCESSFUL; goto done; } - - /* Get the sid */ - sid_to_fstring(sid, dom_sid); - - /* Get the ldap suffix */ - suffix = lp_ldap_suffix(); - if (suffix == NULL || strcmp(suffix, "") == 0) { - DEBUG(0,("ldap suffix missing from smb.conf--exiting\n")); - exit(1); + if (!(r->mod_file = fdopen(smb_mkstemp(r->mod_name),"w"))) { + DEBUG(1, ("Could not open %s\n", r->mod_name)); + status = NT_STATUS_UNSUCCESSFUL; + goto done; } - /* Get other smb.conf data */ - if (!(lp_workgroup()) || !*(lp_workgroup())) { - DEBUG(0,("workgroup missing from smb.conf--exiting\n")); - exit(1); + /* Allocate initial memory for groupmap and accountmap arrays */ + r->groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8); + r->accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8); + if (r->groupmap == NULL || r->accountmap == NULL) { + DEBUG(1,("GROUPMAP talloc failed\n")); + status = NT_STATUS_NO_MEMORY; + goto done; } - /* Allocate initial memory for groupmap and accountmap arrays */ - if (init_ldap == 1) { - groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8); - accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8); - if (groupmap == NULL || accountmap == NULL) { - DEBUG(1,("GROUPMAP malloc failed\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } + /* Remember how many we malloced */ + r->num_alloced = 8; - /* Remember how many we malloced */ - num_alloced = 8; + /* Initial database population */ + if (database_id == SAM_DATABASE_DOMAIN) { - /* Initial database population */ - ret = populate_ldap_for_ldif(sid, suffix, builtin_sid, add_file); - if (!NT_STATUS_IS_OK(ret)) { + status = populate_ldap_for_ldif(ctx->domain_sid_str, + r->suffix, + builtin_sid, + r->add_file); + if (!NT_STATUS_IS_OK(status)) { goto done; } - ret = map_populate_groups(mem_ctx, groupmap, accountmap, sid, suffix, - builtin_sid); - if (!NT_STATUS_IS_OK(ret)) { + + status = map_populate_groups(mem_ctx, + r->groupmap, + r->accountmap, + ctx->domain_sid_str, + r->suffix, + builtin_sid); + if (!NT_STATUS_IS_OK(status)) { goto done; } - - /* Don't do this again */ - init_ldap = 0; } - /* Announce what we are doing */ - switch( db_type ) { - case SAM_DATABASE_DOMAIN: - d_fprintf(stderr, "Fetching DOMAIN database\n"); - break; - case SAM_DATABASE_BUILTIN: - d_fprintf(stderr, "Fetching BUILTIN database\n"); - break; - case SAM_DATABASE_PRIVS: - d_fprintf(stderr, "Fetching PRIVS databases\n"); - break; - default: - d_fprintf(stderr, - "Fetching unknown database type %u\n", - db_type ); - break; - } + r->initialized = true; - do { - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - - netlogon_creds_client_step(pipe_hnd->dc, &credential); + ctx->ldif = r; - result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, - logon_server, - computername, - &credential, - &return_authenticator, - database_id, - restart_state, - &sync_context, - &delta_enum_array, - 0xffff); - - /* Check returned credentials. */ - if (!netlogon_creds_client_check(pipe_hnd->dc, - &return_authenticator.cred)) { - DEBUG(0,("credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_ERR(result)) { - break; - } - - session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); - - samsync_fix_delta_array(mem_ctx, - &session_key, - true, - database_id, - delta_enum_array); - - num_deltas = delta_enum_array->num_deltas; - - /* Re-allocate memory for groupmap and accountmap arrays */ - groupmap = TALLOC_REALLOC_ARRAY(mem_ctx, groupmap, GROUPMAP, - num_deltas+num_alloced); - accountmap = TALLOC_REALLOC_ARRAY(mem_ctx, accountmap, ACCOUNTMAP, - num_deltas+num_alloced); - if (groupmap == NULL || accountmap == NULL) { - DEBUG(1,("GROUPMAP talloc failed\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - /* Initialize the new records */ - memset(&groupmap[num_alloced], 0, - sizeof(GROUPMAP)*num_deltas); - memset(&accountmap[num_alloced], 0, - sizeof(ACCOUNTMAP)*num_deltas); - - /* Remember how many we alloced this time */ - num_alloced += num_deltas; + return NT_STATUS_OK; + done: + TALLOC_FREE(r); + return status; +} - /* Loop through the deltas */ - for (k=0; kdelta_enum[k].delta_union; - union netr_DELTA_ID_UNION id = - delta_enum_array->delta_enum[k].delta_id_union; +static void ldif_free_context(struct samsync_ldif_context *r) +{ + if (!r) { + return; + } - switch(delta_enum_array->delta_enum[k].delta_type) { - case NETR_DELTA_DOMAIN: - /* Is this case needed? */ - fstrcpy(domainname, - u.domain->domain_name.string); - break; + /* Close and delete the ldif files */ + if (r->add_file) { + fclose(r->add_file); + } - case NETR_DELTA_GROUP: - fetch_group_info_to_ldif(mem_ctx, - u.group, - &groupmap[g_index], - add_file, sid, suffix); - g_index++; - break; + if ((r->add_name != NULL) && + strcmp(r->add_name, r->add_template) && (unlink(r->add_name))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + r->add_name, strerror(errno))); + } - case NETR_DELTA_USER: - fetch_account_info_to_ldif(mem_ctx, - u.user, groupmap, - &accountmap[a_index], add_file, - sid, suffix, num_alloced); - a_index++; - break; + if (r->mod_file) { + fclose(r->mod_file); + } - case NETR_DELTA_ALIAS: - fetch_alias_info_to_ldif(mem_ctx, - u.alias, &groupmap[g_index], - add_file, sid, suffix, db_type); - g_index++; - break; + if ((r->mod_name != NULL) && + strcmp(r->mod_name, r->mod_template) && (unlink(r->mod_name))) { + DEBUG(1,("unlink(%s) failed, error was (%s)\n", + r->mod_name, strerror(errno))); + } - case NETR_DELTA_GROUP_MEMBER: - fetch_groupmem_info_to_ldif( - u.group_member, id.rid, - groupmap, accountmap, - mod_file, num_alloced); - break; + if (r->ldif_file && (r->ldif_file != stdout)) { + fclose(r->ldif_file); + } - case NETR_DELTA_ALIAS_MEMBER: - case NETR_DELTA_POLICY: - case NETR_DELTA_ACCOUNT: - case NETR_DELTA_TRUSTED_DOMAIN: - case NETR_DELTA_SECRET: - case NETR_DELTA_RENAME_GROUP: - case NETR_DELTA_RENAME_USER: - case NETR_DELTA_RENAME_ALIAS: - case NETR_DELTA_DELETE_GROUP: - case NETR_DELTA_DELETE_USER: - case NETR_DELTA_MODIFY_COUNT: - default: - break; - } /* end of switch */ - } /* end of for loop */ + TALLOC_FREE(r); +} - /* Increment sync_context */ - sync_context += 1; +/**************************************************************** +****************************************************************/ - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); +static void ldif_write_output(enum netr_SamDatabaseID database_id, + struct samsync_context *ctx) +{ + struct samsync_ldif_context *l = ctx->ldif; /* Write ldif data to the user's file */ - if (db_type == SAM_DATABASE_DOMAIN) { - fprintf(ldif_file, + if (database_id == SAM_DATABASE_DOMAIN) { + fprintf(l->ldif_file, "# SAM_DATABASE_DOMAIN: ADD ENTITIES\n"); - fprintf(ldif_file, + fprintf(l->ldif_file, "# =================================\n\n"); - fflush(ldif_file); - } else if (db_type == SAM_DATABASE_BUILTIN) { - fprintf(ldif_file, + fflush(l->ldif_file); + } else if (database_id == SAM_DATABASE_BUILTIN) { + fprintf(l->ldif_file, "# SAM_DATABASE_BUILTIN: ADD ENTITIES\n"); - fprintf(ldif_file, + fprintf(l->ldif_file, "# ==================================\n\n"); - fflush(ldif_file); + fflush(l->ldif_file); } - fseek(add_file, 0, SEEK_SET); - transfer_file(fileno(add_file), fileno(ldif_file), (size_t) -1); + fseek(l->add_file, 0, SEEK_SET); + transfer_file(fileno(l->add_file), fileno(l->ldif_file), (size_t) -1); - if (db_type == SAM_DATABASE_DOMAIN) { - fprintf(ldif_file, + if (database_id == SAM_DATABASE_DOMAIN) { + fprintf(l->ldif_file, "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); - fprintf(ldif_file, + fprintf(l->ldif_file, "# ====================================\n\n"); - fflush(ldif_file); - } else if (db_type == SAM_DATABASE_BUILTIN) { - fprintf(ldif_file, + fflush(l->ldif_file); + } else if (database_id == SAM_DATABASE_BUILTIN) { + fprintf(l->ldif_file, "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n"); - fprintf(ldif_file, + fprintf(l->ldif_file, "# =====================================\n\n"); - fflush(ldif_file); + fflush(l->ldif_file); } - fseek(mod_file, 0, SEEK_SET); - transfer_file(fileno(mod_file), fileno(ldif_file), (size_t) -1); + fseek(l->mod_file, 0, SEEK_SET); + transfer_file(fileno(l->mod_file), fileno(l->ldif_file), (size_t) -1); +} +/**************************************************************** +****************************************************************/ - done: - /* Close and delete the ldif files */ - if (add_file) { - fclose(add_file); +static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM *r, + struct samsync_context *ctx, + uint32_t *a_index, + uint32_t *g_index) +{ + union netr_DELTA_UNION u = r->delta_union; + union netr_DELTA_ID_UNION id = r->delta_id_union; + struct samsync_ldif_context *l = ctx->ldif; + + switch (r->delta_type) { + case NETR_DELTA_DOMAIN: + break; + + case NETR_DELTA_GROUP: + fetch_group_info_to_ldif(mem_ctx, + u.group, + &l->groupmap[*g_index], + l->add_file, + ctx->domain_sid_str, + l->suffix); + (*g_index)++; + break; + + case NETR_DELTA_USER: + fetch_account_info_to_ldif(mem_ctx, + u.user, + l->groupmap, + &l->accountmap[*a_index], + l->add_file, + ctx->domain_sid_str, + l->suffix, + l->num_alloced); + (*a_index)++; + break; + + case NETR_DELTA_ALIAS: + fetch_alias_info_to_ldif(mem_ctx, + u.alias, + &l->groupmap[*g_index], + l->add_file, + ctx->domain_sid_str, + l->suffix, + database_id); + (*g_index)++; + break; + + case NETR_DELTA_GROUP_MEMBER: + fetch_groupmem_info_to_ldif(u.group_member, + id.rid, + l->groupmap, + l->accountmap, + l->mod_file, + l->num_alloced); + break; + + case NETR_DELTA_ALIAS_MEMBER: + case NETR_DELTA_POLICY: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_SECRET: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_MODIFY_COUNT: + default: + break; + } /* end of switch */ + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + uint32_t num_entries) +{ + struct samsync_ldif_context *l = ctx->ldif; + + if (!l) { + return NT_STATUS_INVALID_PARAMETER; } - if ((add_name != NULL) && - strcmp(add_name, add_template) && (unlink(add_name))) { - DEBUG(1,("unlink(%s) failed, error was (%s)\n", - add_name, strerror(errno))); + /* Re-allocate memory for groupmap and accountmap arrays */ + l->groupmap = TALLOC_REALLOC_ARRAY(mem_ctx, + l->groupmap, + GROUPMAP, + num_entries + l->num_alloced); + + l->accountmap = TALLOC_REALLOC_ARRAY(mem_ctx, + l->accountmap, + ACCOUNTMAP, + num_entries + l->num_alloced); + + if (l->groupmap == NULL || l->accountmap == NULL) { + DEBUG(1,("GROUPMAP talloc failed\n")); + return NT_STATUS_NO_MEMORY; } - if (mod_file) { - fclose(mod_file); + /* Initialize the new records */ + memset(&(l->groupmap[l->num_alloced]), 0, + sizeof(GROUPMAP) * num_entries); + memset(&(l->accountmap[l->num_alloced]), 0, + sizeof(ACCOUNTMAP) * num_entries); + + /* Remember how many we alloced this time */ + l->num_alloced += num_entries; + + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + NTSTATUS result, + struct samsync_context *ctx) +{ + NTSTATUS status; + int i; + uint32_t g_index = 0, a_index = 0; + + status = ldif_init_context(mem_ctx, ctx, database_id); + if (!NT_STATUS_IS_OK(status)) { + goto failed; } - if ((mod_name != NULL) && - strcmp(mod_name, mod_template) && (unlink(mod_name))) { - DEBUG(1,("unlink(%s) failed, error was (%s)\n", - mod_name, strerror(errno))); + status = ldif_realloc_maps(mem_ctx, ctx, r->num_deltas); + if (!NT_STATUS_IS_OK(status)) { + goto failed; } - if (ldif_file && (ldif_file != stdout)) { - fclose(ldif_file); + for (i = 0; i < r->num_deltas; i++) { + status = fetch_sam_entry_ldif(mem_ctx, database_id, + &r->delta_enum[i], ctx, + &g_index, &a_index); + if (!NT_STATUS_IS_OK(status)) { + goto failed; + } } - /* Return */ - talloc_destroy(mem_ctx); - return ret; + /* This was the last query */ + if (NT_STATUS_IS_OK(result)) { + ldif_write_output(database_id, ctx); + ldif_free_context(ctx->ldif); + ctx->ldif = NULL; + } + + return NT_STATUS_OK; + + failed: + ldif_free_context(ctx->ldif); + + return status; } /** @@ -2319,6 +2429,11 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; fstring my_dom_sid_str; fstring rem_dom_sid_str; + struct samsync_context *ctx; + samsync_fn_t *fn; + + ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); if (!sid_equal(domain_sid, get_global_sam_sid())) { d_printf("Cannot import users from %s at this time, " @@ -2337,14 +2452,18 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_DOMAIN, - domain_sid, argv[1]); - } else { - result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - NET_SAMSYNC_MODE_FETCH_PASSDB, - fetch_sam_entry, domain_sid); - } + ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF; + ctx->ldif_filename = argv[1]; + fn = (samsync_fn_t *)fetch_sam_entries_ldif; + } else { + ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB; + fn = (samsync_fn_t *)fetch_sam_entries; + } + /* fetch domain */ + ctx->domain_sid = domain_sid; + result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + (samsync_fn_t)fn, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch domain database: %s\n", nt_errstr(result)); @@ -2354,15 +2473,10 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, goto fail; } - if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - result = fetch_database_to_ldif(pipe_hnd, SAM_DATABASE_BUILTIN, - &global_sid_Builtin, argv[1]); - } else { - result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - NET_SAMSYNC_MODE_FETCH_PASSDB, - fetch_sam_entry, &global_sid_Builtin); - } - + /* fetch builtin */ + ctx->domain_sid = &global_sid_Builtin; + result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + (samsync_fn_t)fn, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch builtin database: %s\n", nt_errstr(result)); -- cgit From cb293f50fcf6de01e5a3624d355e0c3d6be0ffbf Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 21:11:55 +0200 Subject: net_vampire: add samsync_debug_str(). Guenther (This used to be commit bbfe5bcaf5ec5d06ffd110ab362ea3f228867603) --- source3/utils/net_rpc_samsync.c | 82 ++++++++++++++++++++++++++--------------- 1 file changed, 52 insertions(+), 30 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index f6483bdba2..61c60b2d04 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -343,6 +343,54 @@ static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +const char *samsync_debug_str(TALLOC_CTX *mem_ctx, + enum net_samsync_mode mode, + enum netr_SamDatabaseID database_id) +{ + const char *action = NULL; + const char *str = NULL; + + switch (mode) { + case NET_SAMSYNC_MODE_DUMP: + action = "Dumping (to stdout)"; + break; + case NET_SAMSYNC_MODE_FETCH_PASSDB: + action = "Fetching (to passdb)"; + break; + case NET_SAMSYNC_MODE_FETCH_LDIF: + action = "Fetching (to ldif)"; + break; + default: + action = "Unknown"; + break; + } + + switch (database_id) { + case SAM_DATABASE_DOMAIN: + str = talloc_asprintf(mem_ctx, "%s DOMAIN database", + action); + break; + case SAM_DATABASE_BUILTIN: + str = talloc_asprintf(mem_ctx, "%s BUILTIN database", + action); + break; + case SAM_DATABASE_PRIVS: + str = talloc_asprintf(mem_ctx, "%s PRIVS database", + action); + break; + default: + str = talloc_asprintf(mem_ctx, "%s unknown database type %u", + action, database_id); + break; + } + + if (!str) { + return NULL; + } + + return str; +} + typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, enum netr_SamDatabaseID, struct netr_DELTA_ENUM_ARRAY *, @@ -362,8 +410,8 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, struct netr_Authenticator return_authenticator; uint16_t restart_state = 0; uint32_t sync_context = 0; + const char *debug_str; DATA_BLOB session_key; - const char *action = NULL; ZERO_STRUCT(return_authenticator); @@ -371,35 +419,9 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, return NT_STATUS_NO_MEMORY; } - switch (ctx->mode) { - case NET_SAMSYNC_MODE_DUMP: - action = "Dumping (to stdout)"; - break; - case NET_SAMSYNC_MODE_FETCH_PASSDB: - action = "Fetching (to passdb)"; - break; - case NET_SAMSYNC_MODE_FETCH_LDIF: - action = "Fetching (to ldif)"; - break; - default: - action = "Unknown"; - break; - } - - switch (database_id) { - case SAM_DATABASE_DOMAIN: - d_fprintf(stderr, "%s DOMAIN database\n", action); - break; - case SAM_DATABASE_BUILTIN: - d_fprintf(stderr, "%s BUILTIN database\n", action); - break; - case SAM_DATABASE_PRIVS: - d_fprintf(stderr, "%s PRIVS databases\n", action); - break; - default: - d_fprintf(stderr, "%s unknown database type %u\n", - action, database_id); - break; + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); + if (debug_str) { + d_fprintf(stderr, "%s\n", debug_str); } do { -- cgit From fe43a56788e537d0cea99a368cf63b3e03ff379a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 21:25:53 +0200 Subject: net_vampire: add samsync_init_context(). Guenther (This used to be commit 63ca4414b62657983c27d2930483aa56f9c78ccf) --- source3/utils/net_rpc_samsync.c | 50 +++++++++++++++++++++++++++++++++-------- 1 file changed, 41 insertions(+), 9 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 61c60b2d04..0d289ed605 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -343,6 +343,26 @@ static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +static NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, + const struct dom_sid *domain_sid, + enum net_samsync_mode mode, + struct samsync_context **ctx_p) +{ + struct samsync_context *ctx; + + *ctx_p = NULL; + + ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); + NT_STATUS_HAVE_NO_MEMORY(ctx); + + ctx->mode = mode; + ctx->domain_sid = domain_sid; + + *ctx_p = ctx; + + return NT_STATUS_OK; +} + const char *samsync_debug_str(TALLOC_CTX *mem_ctx, enum net_samsync_mode mode, enum netr_SamDatabaseID database_id) @@ -487,13 +507,16 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, int argc, const char **argv) { - struct samsync_context *ctx; - - ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); - NT_STATUS_HAVE_NO_MEMORY(ctx); + struct samsync_context *ctx = NULL; + NTSTATUS status; - ctx->mode = NET_SAMSYNC_MODE_DUMP; - ctx->domain_sid = domain_sid; + status = samsync_init_context(mem_ctx, + domain_sid, + NET_SAMSYNC_MODE_DUMP, + &ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } process_database(pipe_hnd, SAM_DATABASE_DOMAIN, display_sam_entries, ctx); @@ -504,6 +527,8 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, process_database(pipe_hnd, SAM_DATABASE_PRIVS, display_sam_entries, ctx); + TALLOC_FREE(ctx); + return NT_STATUS_OK; } @@ -2451,11 +2476,16 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; fstring my_dom_sid_str; fstring rem_dom_sid_str; - struct samsync_context *ctx; + struct samsync_context *ctx = NULL; samsync_fn_t *fn; - ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); - NT_STATUS_HAVE_NO_MEMORY(ctx); + result = samsync_init_context(mem_ctx, + domain_sid, + 0, + &ctx); + if (!NT_STATUS_IS_OK(result)) { + return result; + } if (!sid_equal(domain_sid, get_global_sam_sid())) { d_printf("Cannot import users from %s at this time, " @@ -2508,6 +2538,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* Currently we crash on PRIVS somewhere in unmarshalling */ /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ + TALLOC_FREE(ctx); + fail: return result; } -- cgit From 8049d3aa8e94777a5e925ce195956b4b1ae52697 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 21:46:59 +0200 Subject: net_vampire: split out rpc_vampire_ldif(). Guenther (This used to be commit bcc6d3a0ebdcb904b5a2a4de63d9ed7415e9bb33) --- source3/utils/net_rpc_samsync.c | 96 +++++++++++++++++++++++++++++++---------- 1 file changed, 73 insertions(+), 23 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 0d289ed605..bc07341674 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -2473,15 +2473,12 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, int argc, const char **argv) { - NTSTATUS result; - fstring my_dom_sid_str; - fstring rem_dom_sid_str; + NTSTATUS result; struct samsync_context *ctx = NULL; - samsync_fn_t *fn; result = samsync_init_context(mem_ctx, domain_sid, - 0, + NET_SAMSYNC_MODE_FETCH_PASSDB, &ctx); if (!NT_STATUS_IS_OK(result)) { return result; @@ -2495,27 +2492,17 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, "workgroup=%s\n\n in your smb.conf?\n", domain_name, get_global_sam_name(), - sid_to_fstring(my_dom_sid_str, - get_global_sam_sid()), - domain_name, sid_to_fstring(rem_dom_sid_str, - domain_sid), + sid_string_dbg(get_global_sam_sid()), + domain_name, + sid_string_dbg(domain_sid), domain_name); return NT_STATUS_UNSUCCESSFUL; } - if (argc >= 1 && (strcmp(argv[0], "ldif") == 0)) { - ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF; - ctx->ldif_filename = argv[1]; - fn = (samsync_fn_t *)fetch_sam_entries_ldif; - } else { - ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB; - fn = (samsync_fn_t *)fetch_sam_entries; - } - /* fetch domain */ ctx->domain_sid = domain_sid; result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - (samsync_fn_t)fn, ctx); + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch domain database: %s\n", nt_errstr(result)); @@ -2528,18 +2515,81 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = &global_sid_Builtin; result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - (samsync_fn_t)fn, ctx); + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch builtin database: %s\n", nt_errstr(result)); goto fail; } - /* Currently we crash on PRIVS somewhere in unmarshalling */ - /* Dump_database(cli, SAM_DATABASE_PRIVS, &ret_creds); */ - TALLOC_FREE(ctx); fail: return result; } + +NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, + const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + struct samsync_context *ctx = NULL; + + status = samsync_init_context(mem_ctx, + domain_sid, + NET_SAMSYNC_MODE_FETCH_LDIF, + &ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (argc >= 1) { + ctx->ldif_filename = argv[1]; + } + + /* fetch domain */ + ctx->domain_sid = domain_sid; + status = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + fetch_sam_entries_ldif, ctx); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Failed to fetch domain database: %s\n", + nt_errstr(status)); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) + d_fprintf(stderr, "Perhaps %s is a Windows 2000 " + "native mode domain?\n", domain_name); + goto fail; + } + + /* fetch builtin */ + ctx->domain_sid = &global_sid_Builtin; + status = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + fetch_sam_entries_ldif, ctx); + if (!NT_STATUS_IS_OK(status)) { + d_fprintf(stderr, "Failed to fetch builtin database: %s\n", + nt_errstr(status)); + goto fail; + } + + TALLOC_FREE(ctx); + + fail: + return status; +} + +int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv) +{ + if (c->display_usage) { + d_printf("Usage\n" + "net rpc vampire ldif\n" + " Dump remote SAM database to LDIF file or stdout\n"); + return 0; + } + + return run_rpc_command(c, NULL, PI_NETLOGON, 0, rpc_vampire_ldif_internals, + argc, argv); +} -- cgit From fb0a11d1ec786d2fa9153fd8f25f2299604891e4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 21:57:32 +0200 Subject: net_vampire: fix ldif_init_context(). Guenther (This used to be commit 94d45b1bb97ac2b6025d429389993ac43044f5b8) --- source3/utils/net_rpc_samsync.c | 71 +++++++++++++++++++++++------------------ 1 file changed, 40 insertions(+), 31 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index bc07341674..af23b3c609 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -356,7 +356,14 @@ static NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, NT_STATUS_HAVE_NO_MEMORY(ctx); ctx->mode = mode; - ctx->domain_sid = domain_sid; + + if (domain_sid) { + ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); + + ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); + NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str); + } *ctx_p = ctx; @@ -2079,8 +2086,10 @@ static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, ****************************************************************/ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, - struct samsync_context *ctx, - enum netr_SamDatabaseID database_id) + enum netr_SamDatabaseID database_id, + const char *ldif_filename, + const char *domain_sid_str, + struct samsync_ldif_context **ctx) { NTSTATUS status = NT_STATUS_UNSUCCESSFUL; struct samsync_ldif_context *r; @@ -2088,13 +2097,6 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, const char *mod_template = "/tmp/mod.ldif.XXXXXX"; const char *builtin_sid = "S-1-5-32"; - if (ctx->ldif && ctx->ldif->initialized) { - return NT_STATUS_OK; - } - - r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context); - NT_STATUS_HAVE_NO_MEMORY(r); - /* Get other smb.conf data */ if (!(lp_workgroup()) || !*(lp_workgroup())) { DEBUG(0,("workgroup missing from smb.conf--exiting\n")); @@ -2102,26 +2104,31 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, } /* Get the ldap suffix */ - r->suffix = lp_ldap_suffix(); - if (r->suffix == NULL || strcmp(r->suffix, "") == 0) { + if (!(lp_ldap_suffix()) || !*(lp_ldap_suffix())) { DEBUG(0,("ldap suffix missing from smb.conf--exiting\n")); exit(1); } - /* Get the sid */ - ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str); + if (*ctx && (*ctx)->initialized) { + return NT_STATUS_OK; + } + + r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context); + NT_STATUS_HAVE_NO_MEMORY(r); + + /* Get the ldap suffix */ + r->suffix = lp_ldap_suffix(); /* Ensure we have an output file */ - if (ctx->ldif_filename) { - r->ldif_file = fopen(ctx->ldif_filename, "a"); + if (ldif_filename) { + r->ldif_file = fopen(ldif_filename, "a"); } else { r->ldif_file = stdout; } if (!r->ldif_file) { - fprintf(stderr, "Could not open %s\n", ctx->ldif_filename); - DEBUG(1, ("Could not open %s\n", ctx->ldif_filename)); + fprintf(stderr, "Could not open %s\n", ldif_filename); + DEBUG(1, ("Could not open %s\n", ldif_filename)); status = NT_STATUS_UNSUCCESSFUL; goto done; } @@ -2167,7 +2174,7 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, /* Initial database population */ if (database_id == SAM_DATABASE_DOMAIN) { - status = populate_ldap_for_ldif(ctx->domain_sid_str, + status = populate_ldap_for_ldif(domain_sid_str, r->suffix, builtin_sid, r->add_file); @@ -2178,7 +2185,7 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, status = map_populate_groups(mem_ctx, r->groupmap, r->accountmap, - ctx->domain_sid_str, + domain_sid_str, r->suffix, builtin_sid); if (!NT_STATUS_IS_OK(status)) { @@ -2188,7 +2195,7 @@ static NTSTATUS ldif_init_context(TALLOC_CTX *mem_ctx, r->initialized = true; - ctx->ldif = r; + *ctx = r; return NT_STATUS_OK; done: @@ -2237,10 +2244,8 @@ static void ldif_free_context(struct samsync_ldif_context *r) ****************************************************************/ static void ldif_write_output(enum netr_SamDatabaseID database_id, - struct samsync_context *ctx) + struct samsync_ldif_context *l) { - struct samsync_ldif_context *l = ctx->ldif; - /* Write ldif data to the user's file */ if (database_id == SAM_DATABASE_DOMAIN) { fprintf(l->ldif_file, @@ -2407,7 +2412,11 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, int i; uint32_t g_index = 0, a_index = 0; - status = ldif_init_context(mem_ctx, ctx, database_id); + status = ldif_init_context(mem_ctx, + database_id, + ctx->ldif_filename, + ctx->domain_sid_str, + &ctx->ldif); if (!NT_STATUS_IS_OK(status)) { goto failed; } @@ -2428,7 +2437,7 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, /* This was the last query */ if (NT_STATUS_IS_OK(result)) { - ldif_write_output(database_id, ctx); + ldif_write_output(database_id, ctx->ldif); ldif_free_context(ctx->ldif); ctx->ldif = NULL; } @@ -2500,7 +2509,6 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } /* fetch domain */ - ctx->domain_sid = domain_sid; result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { @@ -2513,7 +2521,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } /* fetch builtin */ - ctx->domain_sid = &global_sid_Builtin; + ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); + ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { @@ -2553,7 +2562,6 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } /* fetch domain */ - ctx->domain_sid = domain_sid; status = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status)) { @@ -2566,7 +2574,8 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } /* fetch builtin */ - ctx->domain_sid = &global_sid_Builtin; + ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); + ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); status = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status)) { -- cgit From 2d23da2cff2ce9ef2aaaa051ada42905c883cbe5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 13 Jun 2008 22:33:46 +0200 Subject: net_vampire: rename process_database to samsync_process_database. Guenther (This used to be commit cf382a87602a63368587ffa2c95b774f2f97c21b) --- source3/utils/net_rpc_samsync.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index af23b3c609..5343a0465b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -424,10 +424,10 @@ typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, NTSTATUS, struct samsync_context *); -static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, - struct samsync_context *ctx) +static NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, + enum netr_SamDatabaseID database_id, + samsync_fn_t callback_fn, + struct samsync_context *ctx) { NTSTATUS result; TALLOC_CTX *mem_ctx; @@ -442,7 +442,7 @@ static NTSTATUS process_database(struct rpc_pipe_client *pipe_hnd, ZERO_STRUCT(return_authenticator); - if (!(mem_ctx = talloc_init("process_database"))) { + if (!(mem_ctx = talloc_init("samsync_process_database"))) { return NT_STATUS_NO_MEMORY; } @@ -525,14 +525,14 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, return status; } - process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - display_sam_entries, ctx); + samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + display_sam_entries, ctx); - process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - display_sam_entries, ctx); + samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + display_sam_entries, ctx); - process_database(pipe_hnd, SAM_DATABASE_PRIVS, - display_sam_entries, ctx); + samsync_process_database(pipe_hnd, SAM_DATABASE_PRIVS, + display_sam_entries, ctx); TALLOC_FREE(ctx); @@ -2509,8 +2509,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } /* fetch domain */ - result = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries, ctx); + result = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch domain database: %s\n", nt_errstr(result)); @@ -2523,8 +2523,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - result = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries, ctx); + result = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result)) { d_fprintf(stderr, "Failed to fetch builtin database: %s\n", nt_errstr(result)); @@ -2562,8 +2562,8 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } /* fetch domain */ - status = process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries_ldif, ctx); + status = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, + fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "Failed to fetch domain database: %s\n", nt_errstr(status)); @@ -2576,8 +2576,8 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - status = process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries_ldif, ctx); + status = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, + fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status)) { d_fprintf(stderr, "Failed to fetch builtin database: %s\n", nt_errstr(status)); -- cgit From ccdcbc2efe86cde991a1cafdb2b098db41b163fd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 12:09:08 +0200 Subject: net_vampire: move some samsync functions to libnet. Guenther (This used to be commit b3b6af0a3e25fab0a14c9c802dbabd3d03448ebe) --- source3/utils/net_rpc_samsync.c | 161 ---------------------------------------- 1 file changed, 161 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 5343a0465b..3f661161cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -343,167 +343,6 @@ static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -static NTSTATUS samsync_init_context(TALLOC_CTX *mem_ctx, - const struct dom_sid *domain_sid, - enum net_samsync_mode mode, - struct samsync_context **ctx_p) -{ - struct samsync_context *ctx; - - *ctx_p = NULL; - - ctx = TALLOC_ZERO_P(mem_ctx, struct samsync_context); - NT_STATUS_HAVE_NO_MEMORY(ctx); - - ctx->mode = mode; - - if (domain_sid) { - ctx->domain_sid = sid_dup_talloc(mem_ctx, domain_sid); - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid); - - ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - NT_STATUS_HAVE_NO_MEMORY(ctx->domain_sid_str); - } - - *ctx_p = ctx; - - return NT_STATUS_OK; -} - -const char *samsync_debug_str(TALLOC_CTX *mem_ctx, - enum net_samsync_mode mode, - enum netr_SamDatabaseID database_id) -{ - const char *action = NULL; - const char *str = NULL; - - switch (mode) { - case NET_SAMSYNC_MODE_DUMP: - action = "Dumping (to stdout)"; - break; - case NET_SAMSYNC_MODE_FETCH_PASSDB: - action = "Fetching (to passdb)"; - break; - case NET_SAMSYNC_MODE_FETCH_LDIF: - action = "Fetching (to ldif)"; - break; - default: - action = "Unknown"; - break; - } - - switch (database_id) { - case SAM_DATABASE_DOMAIN: - str = talloc_asprintf(mem_ctx, "%s DOMAIN database", - action); - break; - case SAM_DATABASE_BUILTIN: - str = talloc_asprintf(mem_ctx, "%s BUILTIN database", - action); - break; - case SAM_DATABASE_PRIVS: - str = talloc_asprintf(mem_ctx, "%s PRIVS database", - action); - break; - default: - str = talloc_asprintf(mem_ctx, "%s unknown database type %u", - action, database_id); - break; - } - - if (!str) { - return NULL; - } - - return str; -} - -typedef NTSTATUS (*samsync_fn_t)(TALLOC_CTX *, - enum netr_SamDatabaseID, - struct netr_DELTA_ENUM_ARRAY *, - NTSTATUS, - struct samsync_context *); - -static NTSTATUS samsync_process_database(struct rpc_pipe_client *pipe_hnd, - enum netr_SamDatabaseID database_id, - samsync_fn_t callback_fn, - struct samsync_context *ctx) -{ - NTSTATUS result; - TALLOC_CTX *mem_ctx; - const char *logon_server = pipe_hnd->desthost; - const char *computername = global_myname(); - struct netr_Authenticator credential; - struct netr_Authenticator return_authenticator; - uint16_t restart_state = 0; - uint32_t sync_context = 0; - const char *debug_str; - DATA_BLOB session_key; - - ZERO_STRUCT(return_authenticator); - - if (!(mem_ctx = talloc_init("samsync_process_database"))) { - return NT_STATUS_NO_MEMORY; - } - - debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); - if (debug_str) { - d_fprintf(stderr, "%s\n", debug_str); - } - - do { - struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - - netlogon_creds_client_step(pipe_hnd->dc, &credential); - - result = rpccli_netr_DatabaseSync2(pipe_hnd, mem_ctx, - logon_server, - computername, - &credential, - &return_authenticator, - database_id, - restart_state, - &sync_context, - &delta_enum_array, - 0xffff); - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { - return result; - } - - /* Check returned credentials. */ - if (!netlogon_creds_client_check(pipe_hnd->dc, - &return_authenticator.cred)) { - DEBUG(0,("credentials chain check failed\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_ERR(result)) { - break; - } - - session_key = data_blob_const(pipe_hnd->dc->sess_key, 16); - - samsync_fix_delta_array(mem_ctx, - &session_key, - true, - database_id, - delta_enum_array); - - /* Process results */ - callback_fn(mem_ctx, database_id, delta_enum_array, result, ctx); - - TALLOC_FREE(delta_enum_array); - - /* Increment sync_context */ - sync_context += 1; - - } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); - - talloc_destroy(mem_ctx); - - return result; -} - /* dump sam database via samsync rpc calls */ NTSTATUS rpc_samdump_internals(struct net_context *c, const DOM_SID *domain_sid, -- cgit From 51fec7863b589dacfccaa0263c877d52a6d60a12 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 12:37:57 +0200 Subject: net_vampire: move ldif code out of net_rpc_samsync.c Guenther (This used to be commit 1d5758ec3a5160e5649242c42f6e4a7b39eb6199) --- source3/utils/net_rpc_samsync.c | 1153 --------------------------------------- 1 file changed, 1153 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3f661161cb..a7c6c30e34 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -26,10 +26,6 @@ #include "includes.h" #include "utils/net.h" -/* uid's and gid's for writing deltas to ldif */ -static uint32 ldif_gid = 999; -static uint32 ldif_uid = 999; - static void display_group_mem_info(uint32_t rid, struct netr_DELTA_GROUP_MEMBER *r) { @@ -1140,1155 +1136,6 @@ static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -/**************************************************************** -****************************************************************/ - -static NTSTATUS populate_ldap_for_ldif(const char *sid, - const char *suffix, - const char *builtin_sid, - FILE *add_fd) -{ - const char *user_suffix, *group_suffix, *machine_suffix, *idmap_suffix; - char *user_attr=NULL, *group_attr=NULL; - char *suffix_attr; - int len; - - /* Get the suffix attribute */ - suffix_attr = sstring_sub(suffix, '=', ','); - if (suffix_attr == NULL) { - len = strlen(suffix); - suffix_attr = (char*)SMB_MALLOC(len+1); - memcpy(suffix_attr, suffix, len); - suffix_attr[len] = '\0'; - } - - /* Write the base */ - fprintf(add_fd, "# %s\n", suffix); - fprintf(add_fd, "dn: %s\n", suffix); - fprintf(add_fd, "objectClass: dcObject\n"); - fprintf(add_fd, "objectClass: organization\n"); - fprintf(add_fd, "o: %s\n", suffix_attr); - fprintf(add_fd, "dc: %s\n", suffix_attr); - fprintf(add_fd, "\n"); - fflush(add_fd); - - user_suffix = lp_ldap_user_suffix(); - if (user_suffix == NULL) { - SAFE_FREE(suffix_attr); - return NT_STATUS_NO_MEMORY; - } - /* If it exists and is distinct from other containers, - Write the Users entity */ - if (*user_suffix && strcmp(user_suffix, suffix)) { - user_attr = sstring_sub(lp_ldap_user_suffix(), '=', ','); - fprintf(add_fd, "# %s\n", user_suffix); - fprintf(add_fd, "dn: %s\n", user_suffix); - fprintf(add_fd, "objectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", user_attr); - fprintf(add_fd, "\n"); - fflush(add_fd); - } - - - group_suffix = lp_ldap_group_suffix(); - if (group_suffix == NULL) { - SAFE_FREE(suffix_attr); - SAFE_FREE(user_attr); - return NT_STATUS_NO_MEMORY; - } - /* If it exists and is distinct from other containers, - Write the Groups entity */ - if (*group_suffix && strcmp(group_suffix, suffix)) { - group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); - fprintf(add_fd, "# %s\n", group_suffix); - fprintf(add_fd, "dn: %s\n", group_suffix); - fprintf(add_fd, "objectClass: organizationalUnit\n"); - fprintf(add_fd, "ou: %s\n", group_attr); - fprintf(add_fd, "\n"); - fflush(add_fd); - } - - /* If it exists and is distinct from other containers, - Write the Computers entity */ - machine_suffix = lp_ldap_machine_suffix(); - if (machine_suffix == NULL) { - SAFE_FREE(suffix_attr); - SAFE_FREE(user_attr); - SAFE_FREE(group_attr); - return NT_STATUS_NO_MEMORY; - } - if (*machine_suffix && strcmp(machine_suffix, user_suffix) && - strcmp(machine_suffix, suffix)) { - char *machine_ou = NULL; - fprintf(add_fd, "# %s\n", machine_suffix); - fprintf(add_fd, "dn: %s\n", machine_suffix); - fprintf(add_fd, "objectClass: organizationalUnit\n"); - /* this isn't totally correct as it assumes that - there _must_ be an ou. just fixing memleak now. jmcd */ - machine_ou = sstring_sub(lp_ldap_machine_suffix(), '=', ','); - fprintf(add_fd, "ou: %s\n", machine_ou); - SAFE_FREE(machine_ou); - fprintf(add_fd, "\n"); - fflush(add_fd); - } - - /* If it exists and is distinct from other containers, - Write the IdMap entity */ - idmap_suffix = lp_ldap_idmap_suffix(); - if (idmap_suffix == NULL) { - SAFE_FREE(suffix_attr); - SAFE_FREE(user_attr); - SAFE_FREE(group_attr); - return NT_STATUS_NO_MEMORY; - } - if (*idmap_suffix && - strcmp(idmap_suffix, user_suffix) && - strcmp(idmap_suffix, suffix)) { - char *s; - fprintf(add_fd, "# %s\n", idmap_suffix); - fprintf(add_fd, "dn: %s\n", idmap_suffix); - fprintf(add_fd, "ObjectClass: organizationalUnit\n"); - s = sstring_sub(lp_ldap_idmap_suffix(), '=', ','); - fprintf(add_fd, "ou: %s\n", s); - SAFE_FREE(s); - fprintf(add_fd, "\n"); - fflush(add_fd); - } - - /* Write the domain entity */ - fprintf(add_fd, "# %s, %s\n", lp_workgroup(), suffix); - fprintf(add_fd, "dn: sambaDomainName=%s,%s\n", lp_workgroup(), - suffix); - fprintf(add_fd, "objectClass: sambaDomain\n"); - fprintf(add_fd, "objectClass: sambaUnixIdPool\n"); - fprintf(add_fd, "sambaDomainName: %s\n", lp_workgroup()); - fprintf(add_fd, "sambaSID: %s\n", sid); - fprintf(add_fd, "uidNumber: %d\n", ++ldif_uid); - fprintf(add_fd, "gidNumber: %d\n", ++ldif_gid); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Domain Admins entity */ - fprintf(add_fd, "# Domain Admins, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Domain Admins,ou=%s,%s\n", group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "cn: Domain Admins\n"); - fprintf(add_fd, "memberUid: Administrator\n"); - fprintf(add_fd, "description: Netbios Domain Administrators\n"); - fprintf(add_fd, "gidNumber: 512\n"); - fprintf(add_fd, "sambaSID: %s-512\n", sid); - fprintf(add_fd, "sambaGroupType: 2\n"); - fprintf(add_fd, "displayName: Domain Admins\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Domain Users entity */ - fprintf(add_fd, "# Domain Users, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Domain Users,ou=%s,%s\n", group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "cn: Domain Users\n"); - fprintf(add_fd, "description: Netbios Domain Users\n"); - fprintf(add_fd, "gidNumber: 513\n"); - fprintf(add_fd, "sambaSID: %s-513\n", sid); - fprintf(add_fd, "sambaGroupType: 2\n"); - fprintf(add_fd, "displayName: Domain Users\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Domain Guests entity */ - fprintf(add_fd, "# Domain Guests, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Domain Guests,ou=%s,%s\n", group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "cn: Domain Guests\n"); - fprintf(add_fd, "description: Netbios Domain Guests\n"); - fprintf(add_fd, "gidNumber: 514\n"); - fprintf(add_fd, "sambaSID: %s-514\n", sid); - fprintf(add_fd, "sambaGroupType: 2\n"); - fprintf(add_fd, "displayName: Domain Guests\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Domain Computers entity */ - fprintf(add_fd, "# Domain Computers, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Domain Computers,ou=%s,%s\n", - group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "gidNumber: 515\n"); - fprintf(add_fd, "cn: Domain Computers\n"); - fprintf(add_fd, "description: Netbios Domain Computers accounts\n"); - fprintf(add_fd, "sambaSID: %s-515\n", sid); - fprintf(add_fd, "sambaGroupType: 2\n"); - fprintf(add_fd, "displayName: Domain Computers\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Admininistrators Groups entity */ - fprintf(add_fd, "# Administrators, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Administrators,ou=%s,%s\n", group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "gidNumber: 544\n"); - fprintf(add_fd, "cn: Administrators\n"); - fprintf(add_fd, "description: Netbios Domain Members can fully administer the computer/sambaDomainName\n"); - fprintf(add_fd, "sambaSID: %s-544\n", builtin_sid); - fprintf(add_fd, "sambaGroupType: 5\n"); - fprintf(add_fd, "displayName: Administrators\n"); - fprintf(add_fd, "\n"); - - /* Write the Print Operator entity */ - fprintf(add_fd, "# Print Operators, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Print Operators,ou=%s,%s\n", - group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "gidNumber: 550\n"); - fprintf(add_fd, "cn: Print Operators\n"); - fprintf(add_fd, "description: Netbios Domain Print Operators\n"); - fprintf(add_fd, "sambaSID: %s-550\n", builtin_sid); - fprintf(add_fd, "sambaGroupType: 5\n"); - fprintf(add_fd, "displayName: Print Operators\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Backup Operators entity */ - fprintf(add_fd, "# Backup Operators, %s, %s\n", group_attr, - suffix); - fprintf(add_fd, "dn: cn=Backup Operators,ou=%s,%s\n", - group_attr, suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "gidNumber: 551\n"); - fprintf(add_fd, "cn: Backup Operators\n"); - fprintf(add_fd, "description: Netbios Domain Members can bypass file security to back up files\n"); - fprintf(add_fd, "sambaSID: %s-551\n", builtin_sid); - fprintf(add_fd, "sambaGroupType: 5\n"); - fprintf(add_fd, "displayName: Backup Operators\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Write the Replicators entity */ - fprintf(add_fd, "# Replicators, %s, %s\n", group_attr, suffix); - fprintf(add_fd, "dn: cn=Replicators,ou=%s,%s\n", group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "gidNumber: 552\n"); - fprintf(add_fd, "cn: Replicators\n"); - fprintf(add_fd, "description: Netbios Domain Supports file replication in a sambaDomainName\n"); - fprintf(add_fd, "sambaSID: %s-552\n", builtin_sid); - fprintf(add_fd, "sambaGroupType: 5\n"); - fprintf(add_fd, "displayName: Replicators\n"); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Deallocate memory, and return */ - SAFE_FREE(suffix_attr); - SAFE_FREE(user_attr); - SAFE_FREE(group_attr); - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS map_populate_groups(TALLOC_CTX *mem_ctx, - GROUPMAP *groupmap, - ACCOUNTMAP *accountmap, - const char *sid, - const char *suffix, - const char *builtin_sid) -{ - char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); - - /* Map the groups created by populate_ldap_for_ldif */ - groupmap[0].rid = 512; - groupmap[0].gidNumber = 512; - groupmap[0].sambaSID = talloc_asprintf(mem_ctx, "%s-512", sid); - groupmap[0].group_dn = talloc_asprintf(mem_ctx, - "cn=Domain Admins,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[0].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[0].group_dn); - - accountmap[0].rid = 512; - accountmap[0].cn = talloc_strdup(mem_ctx, "Domain Admins"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[0].cn); - - groupmap[1].rid = 513; - groupmap[1].gidNumber = 513; - groupmap[1].sambaSID = talloc_asprintf(mem_ctx, "%s-513", sid); - groupmap[1].group_dn = talloc_asprintf(mem_ctx, - "cn=Domain Users,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[1].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[1].group_dn); - - accountmap[1].rid = 513; - accountmap[1].cn = talloc_strdup(mem_ctx, "Domain Users"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[1].cn); - - groupmap[2].rid = 514; - groupmap[2].gidNumber = 514; - groupmap[2].sambaSID = talloc_asprintf(mem_ctx, "%s-514", sid); - groupmap[2].group_dn = talloc_asprintf(mem_ctx, - "cn=Domain Guests,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[2].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[2].group_dn); - - accountmap[2].rid = 514; - accountmap[2].cn = talloc_strdup(mem_ctx, "Domain Guests"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[2].cn); - - groupmap[3].rid = 515; - groupmap[3].gidNumber = 515; - groupmap[3].sambaSID = talloc_asprintf(mem_ctx, "%s-515", sid); - groupmap[3].group_dn = talloc_asprintf(mem_ctx, - "cn=Domain Computers,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[3].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[3].group_dn); - - accountmap[3].rid = 515; - accountmap[3].cn = talloc_strdup(mem_ctx, "Domain Computers"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[3].cn); - - groupmap[4].rid = 544; - groupmap[4].gidNumber = 544; - groupmap[4].sambaSID = talloc_asprintf(mem_ctx, "%s-544", builtin_sid); - groupmap[4].group_dn = talloc_asprintf(mem_ctx, - "cn=Administrators,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[4].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[4].group_dn); - - accountmap[4].rid = 515; - accountmap[4].cn = talloc_strdup(mem_ctx, "Administrators"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[4].cn); - - groupmap[5].rid = 550; - groupmap[5].gidNumber = 550; - groupmap[5].sambaSID = talloc_asprintf(mem_ctx, "%s-550", builtin_sid); - groupmap[5].group_dn = talloc_asprintf(mem_ctx, - "cn=Print Operators,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[5].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[5].group_dn); - - accountmap[5].rid = 550; - accountmap[5].cn = talloc_strdup(mem_ctx, "Print Operators"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[5].cn); - - groupmap[6].rid = 551; - groupmap[6].gidNumber = 551; - groupmap[6].sambaSID = talloc_asprintf(mem_ctx, "%s-551", builtin_sid); - groupmap[6].group_dn = talloc_asprintf(mem_ctx, - "cn=Backup Operators,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[6].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[6].group_dn); - - accountmap[6].rid = 551; - accountmap[6].cn = talloc_strdup(mem_ctx, "Backup Operators"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[6].cn); - - groupmap[7].rid = 552; - groupmap[7].gidNumber = 552; - groupmap[7].sambaSID = talloc_asprintf(mem_ctx, "%s-552", builtin_sid); - groupmap[7].group_dn = talloc_asprintf(mem_ctx, - "cn=Replicators,ou=%s,%s", group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap[7].sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap[7].group_dn); - - accountmap[7].rid = 551; - accountmap[7].cn = talloc_strdup(mem_ctx, "Replicators"); - NT_STATUS_HAVE_NO_MEMORY(accountmap[7].cn); - - SAFE_FREE(group_attr); - - return NT_STATUS_OK; -} - -/* - * This is a crap routine, but I think it's the quickest way to solve the - * UTF8->base64 problem. - */ - -static int fprintf_attr(FILE *add_fd, const char *attr_name, - const char *fmt, ...) -{ - va_list ap; - char *value, *p, *base64; - DATA_BLOB base64_blob; - bool do_base64 = false; - int res; - - va_start(ap, fmt); - value = talloc_vasprintf(NULL, fmt, ap); - va_end(ap); - - SMB_ASSERT(value != NULL); - - for (p=value; *p; p++) { - if (*p & 0x80) { - do_base64 = true; - break; - } - } - - if (!do_base64) { - bool only_whitespace = true; - for (p=value; *p; p++) { - /* - * I know that this not multibyte safe, but we break - * on the first non-whitespace character anyway. - */ - if (!isspace(*p)) { - only_whitespace = false; - break; - } - } - if (only_whitespace) { - do_base64 = true; - } - } - - if (!do_base64) { - res = fprintf(add_fd, "%s: %s\n", attr_name, value); - TALLOC_FREE(value); - return res; - } - - base64_blob.data = (unsigned char *)value; - base64_blob.length = strlen(value); - - base64 = base64_encode_data_blob(value, base64_blob); - SMB_ASSERT(base64 != NULL); - - res = fprintf(add_fd, "%s:: %s\n", attr_name, base64); - TALLOC_FREE(value); - return res; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_group_info_to_ldif(TALLOC_CTX *mem_ctx, - struct netr_DELTA_GROUP *r, - GROUPMAP *groupmap, - FILE *add_fd, - const char *sid, - const char *suffix) -{ - const char *groupname = r->group_name.string; - uint32 grouptype = 0, g_rid = 0; - char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); - - /* Set up the group type (always 2 for group info) */ - grouptype = 2; - - /* These groups are entered by populate_ldap_for_ldif */ - if (strcmp(groupname, "Domain Admins") == 0 || - strcmp(groupname, "Domain Users") == 0 || - strcmp(groupname, "Domain Guests") == 0 || - strcmp(groupname, "Domain Computers") == 0 || - strcmp(groupname, "Administrators") == 0 || - strcmp(groupname, "Print Operators") == 0 || - strcmp(groupname, "Backup Operators") == 0 || - strcmp(groupname, "Replicators") == 0) { - SAFE_FREE(group_attr); - return NT_STATUS_OK; - } else { - /* Increment the gid for the new group */ - ldif_gid++; - } - - /* Map the group rid, gid, and dn */ - g_rid = r->rid; - groupmap->rid = g_rid; - groupmap->gidNumber = ldif_gid; - groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); - groupmap->group_dn = talloc_asprintf(mem_ctx, - "cn=%s,ou=%s,%s", groupname, group_attr, suffix); - NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); - NT_STATUS_HAVE_NO_MEMORY(groupmap->group_dn); - - /* Write the data to the temporary add ldif file */ - fprintf(add_fd, "# %s, %s, %s\n", groupname, group_attr, - suffix); - fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", groupname, group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf_attr(add_fd, "cn", "%s", groupname); - fprintf(add_fd, "gidNumber: %d\n", ldif_gid); - fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); - fprintf(add_fd, "sambaGroupType: %d\n", grouptype); - fprintf_attr(add_fd, "displayName", "%s", groupname); - fprintf(add_fd, "\n"); - fflush(add_fd); - - SAFE_FREE(group_attr); - /* Return */ - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_account_info_to_ldif(TALLOC_CTX *mem_ctx, - struct netr_DELTA_USER *r, - GROUPMAP *groupmap, - ACCOUNTMAP *accountmap, - FILE *add_fd, - const char *sid, - const char *suffix, - int alloced) -{ - fstring username, logonscript, homedrive, homepath = "", homedir = ""; - fstring hex_nt_passwd, hex_lm_passwd; - fstring description, profilepath, fullname, sambaSID; - uchar lm_passwd[16], nt_passwd[16]; - char *flags, *user_rdn; - const char *ou; - const char* nopasswd = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; - static uchar zero_buf[16]; - uint32 rid = 0, group_rid = 0, gidNumber = 0; - time_t unix_time; - int i; - - /* Get the username */ - fstrcpy(username, r->account_name.string); - - /* Get the rid */ - rid = r->rid; - - /* Map the rid and username for group member info later */ - accountmap->rid = rid; - accountmap->cn = talloc_strdup(mem_ctx, username); - NT_STATUS_HAVE_NO_MEMORY(accountmap->cn); - - /* Get the home directory */ - if (r->acct_flags & ACB_NORMAL) { - fstrcpy(homedir, r->home_directory.string); - if (!*homedir) { - snprintf(homedir, sizeof(homedir), "/home/%s", username); - } else { - snprintf(homedir, sizeof(homedir), "/nobodyshomedir"); - } - ou = lp_ldap_user_suffix(); - } else { - ou = lp_ldap_machine_suffix(); - snprintf(homedir, sizeof(homedir), "/machinehomedir"); - } - - /* Get the logon script */ - fstrcpy(logonscript, r->logon_script.string); - - /* Get the home drive */ - fstrcpy(homedrive, r->home_drive.string); - - /* Get the home path */ - fstrcpy(homepath, r->home_directory.string); - - /* Get the description */ - fstrcpy(description, r->description.string); - - /* Get the display name */ - fstrcpy(fullname, r->full_name.string); - - /* Get the profile path */ - fstrcpy(profilepath, r->profile_path.string); - - /* Get lm and nt password data */ - if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); - } else { - pdb_sethexpwd(hex_lm_passwd, NULL, 0); - } - if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); - } else { - pdb_sethexpwd(hex_nt_passwd, NULL, 0); - } - unix_time = nt_time_to_unix(r->last_password_change); - - /* Increment the uid for the new user */ - ldif_uid++; - - /* Set up group id and sambaSID for the user */ - group_rid = r->primary_gid; - for (i=0; iacct_flags, - NEW_PW_FORMAT_SPACE_PADDED_LEN); - - /* Add the user to the temporary add ldif file */ - /* this isn't quite right...we can't assume there's just OU=. jmcd */ - user_rdn = sstring_sub(ou, '=', ','); - fprintf(add_fd, "# %s, %s, %s\n", username, user_rdn, suffix); - fprintf_attr(add_fd, "dn", "uid=%s,ou=%s,%s", username, user_rdn, - suffix); - SAFE_FREE(user_rdn); - fprintf(add_fd, "ObjectClass: top\n"); - fprintf(add_fd, "objectClass: inetOrgPerson\n"); - fprintf(add_fd, "objectClass: posixAccount\n"); - fprintf(add_fd, "objectClass: shadowAccount\n"); - fprintf(add_fd, "objectClass: sambaSamAccount\n"); - fprintf_attr(add_fd, "cn", "%s", username); - fprintf_attr(add_fd, "sn", "%s", username); - fprintf_attr(add_fd, "uid", "%s", username); - fprintf(add_fd, "uidNumber: %d\n", ldif_uid); - fprintf(add_fd, "gidNumber: %d\n", gidNumber); - fprintf_attr(add_fd, "homeDirectory", "%s", homedir); - if (*homepath) - fprintf_attr(add_fd, "sambaHomePath", "%s", homepath); - if (*homedrive) - fprintf_attr(add_fd, "sambaHomeDrive", "%s", homedrive); - if (*logonscript) - fprintf_attr(add_fd, "sambaLogonScript", "%s", logonscript); - fprintf(add_fd, "loginShell: %s\n", - ((r->acct_flags & ACB_NORMAL) ? - "/bin/bash" : "/bin/false")); - fprintf(add_fd, "gecos: System User\n"); - if (*description) - fprintf_attr(add_fd, "description", "%s", description); - fprintf(add_fd, "sambaSID: %s-%d\n", sid, rid); - fprintf(add_fd, "sambaPrimaryGroupSID: %s\n", sambaSID); - if(*fullname) - fprintf_attr(add_fd, "displayName", "%s", fullname); - if(*profilepath) - fprintf_attr(add_fd, "sambaProfilePath", "%s", profilepath); - if (strcmp(nopasswd, hex_lm_passwd) != 0) - fprintf(add_fd, "sambaLMPassword: %s\n", hex_lm_passwd); - if (strcmp(nopasswd, hex_nt_passwd) != 0) - fprintf(add_fd, "sambaNTPassword: %s\n", hex_nt_passwd); - fprintf(add_fd, "sambaPwdLastSet: %d\n", (int)unix_time); - fprintf(add_fd, "sambaAcctFlags: %s\n", flags); - fprintf(add_fd, "\n"); - fflush(add_fd); - - /* Return */ - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_alias_info_to_ldif(TALLOC_CTX *mem_ctx, - struct netr_DELTA_ALIAS *r, - GROUPMAP *groupmap, - FILE *add_fd, - const char *sid, - const char *suffix, - enum netr_SamDatabaseID database_id) -{ - fstring aliasname, description; - uint32 grouptype = 0, g_rid = 0; - char *group_attr = sstring_sub(lp_ldap_group_suffix(), '=', ','); - - /* Get the alias name */ - fstrcpy(aliasname, r->alias_name.string); - - /* Get the alias description */ - fstrcpy(description, r->description.string); - - /* Set up the group type */ - switch (database_id) { - case SAM_DATABASE_DOMAIN: - grouptype = 4; - break; - case SAM_DATABASE_BUILTIN: - grouptype = 5; - break; - default: - grouptype = 4; - break; - } - - /* - These groups are entered by populate_ldap_for_ldif - Note that populate creates a group called Relicators, - but NT returns a group called Replicator - */ - if (strcmp(aliasname, "Domain Admins") == 0 || - strcmp(aliasname, "Domain Users") == 0 || - strcmp(aliasname, "Domain Guests") == 0 || - strcmp(aliasname, "Domain Computers") == 0 || - strcmp(aliasname, "Administrators") == 0 || - strcmp(aliasname, "Print Operators") == 0 || - strcmp(aliasname, "Backup Operators") == 0 || - strcmp(aliasname, "Replicator") == 0) { - SAFE_FREE(group_attr); - return NT_STATUS_OK; - } else { - /* Increment the gid for the new group */ - ldif_gid++; - } - - /* Map the group rid and gid */ - g_rid = r->rid; - groupmap->gidNumber = ldif_gid; - groupmap->sambaSID = talloc_asprintf(mem_ctx, "%s-%d", sid, g_rid); - NT_STATUS_HAVE_NO_MEMORY(groupmap->sambaSID); - - /* Write the data to the temporary add ldif file */ - fprintf(add_fd, "# %s, %s, %s\n", aliasname, group_attr, - suffix); - fprintf_attr(add_fd, "dn", "cn=%s,ou=%s,%s", aliasname, group_attr, - suffix); - fprintf(add_fd, "objectClass: posixGroup\n"); - fprintf(add_fd, "objectClass: sambaGroupMapping\n"); - fprintf(add_fd, "cn: %s\n", aliasname); - fprintf(add_fd, "gidNumber: %d\n", ldif_gid); - fprintf(add_fd, "sambaSID: %s\n", groupmap->sambaSID); - fprintf(add_fd, "sambaGroupType: %d\n", grouptype); - fprintf_attr(add_fd, "displayName", "%s", aliasname); - if (description[0]) - fprintf_attr(add_fd, "description", "%s", description); - fprintf(add_fd, "\n"); - fflush(add_fd); - - SAFE_FREE(group_attr); - /* Return */ - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_groupmem_info_to_ldif(struct netr_DELTA_GROUP_MEMBER *r, - uint32_t id_rid, - GROUPMAP *groupmap, - ACCOUNTMAP *accountmap, - FILE *mod_fd, int alloced) -{ - fstring group_dn; - uint32 group_rid = 0, rid = 0; - int i, j, k; - - /* Get the dn for the group */ - if (r->num_rids > 0) { - group_rid = id_rid; - for (j=0; jnum_rids; i++) { - rid = r->rids[i]; - for (k=0; kinitialized) { - return NT_STATUS_OK; - } - - r = TALLOC_ZERO_P(mem_ctx, struct samsync_ldif_context); - NT_STATUS_HAVE_NO_MEMORY(r); - - /* Get the ldap suffix */ - r->suffix = lp_ldap_suffix(); - - /* Ensure we have an output file */ - if (ldif_filename) { - r->ldif_file = fopen(ldif_filename, "a"); - } else { - r->ldif_file = stdout; - } - - if (!r->ldif_file) { - fprintf(stderr, "Could not open %s\n", ldif_filename); - DEBUG(1, ("Could not open %s\n", ldif_filename)); - status = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - r->add_template = talloc_strdup(mem_ctx, add_template); - r->mod_template = talloc_strdup(mem_ctx, mod_template); - if (!r->add_template || !r->mod_template) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - r->add_name = talloc_strdup(mem_ctx, add_template); - r->mod_name = talloc_strdup(mem_ctx, mod_template); - if (!r->add_name || !r->mod_name) { - status = NT_STATUS_NO_MEMORY; - goto done; - } - - /* Open the add and mod ldif files */ - if (!(r->add_file = fdopen(smb_mkstemp(r->add_name),"w"))) { - DEBUG(1, ("Could not open %s\n", r->add_name)); - status = NT_STATUS_UNSUCCESSFUL; - goto done; - } - if (!(r->mod_file = fdopen(smb_mkstemp(r->mod_name),"w"))) { - DEBUG(1, ("Could not open %s\n", r->mod_name)); - status = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Allocate initial memory for groupmap and accountmap arrays */ - r->groupmap = TALLOC_ZERO_ARRAY(mem_ctx, GROUPMAP, 8); - r->accountmap = TALLOC_ZERO_ARRAY(mem_ctx, ACCOUNTMAP, 8); - if (r->groupmap == NULL || r->accountmap == NULL) { - DEBUG(1,("GROUPMAP talloc failed\n")); - status = NT_STATUS_NO_MEMORY; - goto done; - } - - /* Remember how many we malloced */ - r->num_alloced = 8; - - /* Initial database population */ - if (database_id == SAM_DATABASE_DOMAIN) { - - status = populate_ldap_for_ldif(domain_sid_str, - r->suffix, - builtin_sid, - r->add_file); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - - status = map_populate_groups(mem_ctx, - r->groupmap, - r->accountmap, - domain_sid_str, - r->suffix, - builtin_sid); - if (!NT_STATUS_IS_OK(status)) { - goto done; - } - } - - r->initialized = true; - - *ctx = r; - - return NT_STATUS_OK; - done: - TALLOC_FREE(r); - return status; -} - -/**************************************************************** -****************************************************************/ - -static void ldif_free_context(struct samsync_ldif_context *r) -{ - if (!r) { - return; - } - - /* Close and delete the ldif files */ - if (r->add_file) { - fclose(r->add_file); - } - - if ((r->add_name != NULL) && - strcmp(r->add_name, r->add_template) && (unlink(r->add_name))) { - DEBUG(1,("unlink(%s) failed, error was (%s)\n", - r->add_name, strerror(errno))); - } - - if (r->mod_file) { - fclose(r->mod_file); - } - - if ((r->mod_name != NULL) && - strcmp(r->mod_name, r->mod_template) && (unlink(r->mod_name))) { - DEBUG(1,("unlink(%s) failed, error was (%s)\n", - r->mod_name, strerror(errno))); - } - - if (r->ldif_file && (r->ldif_file != stdout)) { - fclose(r->ldif_file); - } - - TALLOC_FREE(r); -} - -/**************************************************************** -****************************************************************/ - -static void ldif_write_output(enum netr_SamDatabaseID database_id, - struct samsync_ldif_context *l) -{ - /* Write ldif data to the user's file */ - if (database_id == SAM_DATABASE_DOMAIN) { - fprintf(l->ldif_file, - "# SAM_DATABASE_DOMAIN: ADD ENTITIES\n"); - fprintf(l->ldif_file, - "# =================================\n\n"); - fflush(l->ldif_file); - } else if (database_id == SAM_DATABASE_BUILTIN) { - fprintf(l->ldif_file, - "# SAM_DATABASE_BUILTIN: ADD ENTITIES\n"); - fprintf(l->ldif_file, - "# ==================================\n\n"); - fflush(l->ldif_file); - } - fseek(l->add_file, 0, SEEK_SET); - transfer_file(fileno(l->add_file), fileno(l->ldif_file), (size_t) -1); - - if (database_id == SAM_DATABASE_DOMAIN) { - fprintf(l->ldif_file, - "# SAM_DATABASE_DOMAIN: MODIFY ENTITIES\n"); - fprintf(l->ldif_file, - "# ====================================\n\n"); - fflush(l->ldif_file); - } else if (database_id == SAM_DATABASE_BUILTIN) { - fprintf(l->ldif_file, - "# SAM_DATABASE_BUILTIN: MODIFY ENTITIES\n"); - fprintf(l->ldif_file, - "# =====================================\n\n"); - fflush(l->ldif_file); - } - fseek(l->mod_file, 0, SEEK_SET); - transfer_file(fileno(l->mod_file), fileno(l->ldif_file), (size_t) -1); -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM *r, - struct samsync_context *ctx, - uint32_t *a_index, - uint32_t *g_index) -{ - union netr_DELTA_UNION u = r->delta_union; - union netr_DELTA_ID_UNION id = r->delta_id_union; - struct samsync_ldif_context *l = ctx->ldif; - - switch (r->delta_type) { - case NETR_DELTA_DOMAIN: - break; - - case NETR_DELTA_GROUP: - fetch_group_info_to_ldif(mem_ctx, - u.group, - &l->groupmap[*g_index], - l->add_file, - ctx->domain_sid_str, - l->suffix); - (*g_index)++; - break; - - case NETR_DELTA_USER: - fetch_account_info_to_ldif(mem_ctx, - u.user, - l->groupmap, - &l->accountmap[*a_index], - l->add_file, - ctx->domain_sid_str, - l->suffix, - l->num_alloced); - (*a_index)++; - break; - - case NETR_DELTA_ALIAS: - fetch_alias_info_to_ldif(mem_ctx, - u.alias, - &l->groupmap[*g_index], - l->add_file, - ctx->domain_sid_str, - l->suffix, - database_id); - (*g_index)++; - break; - - case NETR_DELTA_GROUP_MEMBER: - fetch_groupmem_info_to_ldif(u.group_member, - id.rid, - l->groupmap, - l->accountmap, - l->mod_file, - l->num_alloced); - break; - - case NETR_DELTA_ALIAS_MEMBER: - case NETR_DELTA_POLICY: - case NETR_DELTA_ACCOUNT: - case NETR_DELTA_TRUSTED_DOMAIN: - case NETR_DELTA_SECRET: - case NETR_DELTA_RENAME_GROUP: - case NETR_DELTA_RENAME_USER: - case NETR_DELTA_RENAME_ALIAS: - case NETR_DELTA_DELETE_GROUP: - case NETR_DELTA_DELETE_USER: - case NETR_DELTA_MODIFY_COUNT: - default: - break; - } /* end of switch */ - - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, - struct samsync_context *ctx, - uint32_t num_entries) -{ - struct samsync_ldif_context *l = ctx->ldif; - - if (!l) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* Re-allocate memory for groupmap and accountmap arrays */ - l->groupmap = TALLOC_REALLOC_ARRAY(mem_ctx, - l->groupmap, - GROUPMAP, - num_entries + l->num_alloced); - - l->accountmap = TALLOC_REALLOC_ARRAY(mem_ctx, - l->accountmap, - ACCOUNTMAP, - num_entries + l->num_alloced); - - if (l->groupmap == NULL || l->accountmap == NULL) { - DEBUG(1,("GROUPMAP talloc failed\n")); - return NT_STATUS_NO_MEMORY; - } - - /* Initialize the new records */ - memset(&(l->groupmap[l->num_alloced]), 0, - sizeof(GROUPMAP) * num_entries); - memset(&(l->accountmap[l->num_alloced]), 0, - sizeof(ACCOUNTMAP) * num_entries); - - /* Remember how many we alloced this time */ - l->num_alloced += num_entries; - - return NT_STATUS_OK; -} - -/**************************************************************** -****************************************************************/ - -static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS result, - struct samsync_context *ctx) -{ - NTSTATUS status; - int i; - uint32_t g_index = 0, a_index = 0; - - status = ldif_init_context(mem_ctx, - database_id, - ctx->ldif_filename, - ctx->domain_sid_str, - &ctx->ldif); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - - status = ldif_realloc_maps(mem_ctx, ctx, r->num_deltas); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - - for (i = 0; i < r->num_deltas; i++) { - status = fetch_sam_entry_ldif(mem_ctx, database_id, - &r->delta_enum[i], ctx, - &g_index, &a_index); - if (!NT_STATUS_IS_OK(status)) { - goto failed; - } - } - - /* This was the last query */ - if (NT_STATUS_IS_OK(result)) { - ldif_write_output(database_id, ctx->ldif); - ldif_free_context(ctx->ldif); - ctx->ldif = NULL; - } - - return NT_STATUS_OK; - - failed: - ldif_free_context(ctx->ldif); - - return status; -} - /** * Basic usage function for 'net rpc vampire' * -- cgit From 16eb846fa5c9ef0b15eade917e0fe6a9bb3d8624 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 13:49:05 +0200 Subject: net_vampire: use generic output filename and use correct argv element. Guenther (This used to be commit e0843e631e379645296a5fe34dfc83bc265ebef3) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index a7c6c30e34..90637e294d 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1244,7 +1244,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } if (argc >= 1) { - ctx->ldif_filename = argv[1]; + ctx->output_filename = argv[0]; } /* fetch domain */ -- cgit From 49b269f50fc2fc2817bdee97e9670b8579113060 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 18:02:03 +0200 Subject: net_vampire: add domain_name to samsync_context. Guenther (This used to be commit 7e7f07ec59d23e909809ed32adc8fc399826310d) --- source3/utils/net_rpc_samsync.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 90637e294d..797598c48e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -354,6 +354,7 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, status = samsync_init_context(mem_ctx, domain_sid, + domain_name, NET_SAMSYNC_MODE_DUMP, &ctx); if (!NT_STATUS_IS_OK(status)) { @@ -1173,6 +1174,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, result = samsync_init_context(mem_ctx, domain_sid, + domain_name, NET_SAMSYNC_MODE_FETCH_PASSDB, &ctx); if (!NT_STATUS_IS_OK(result)) { @@ -1237,6 +1239,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, status = samsync_init_context(mem_ctx, domain_sid, + domain_name, NET_SAMSYNC_MODE_FETCH_LDIF, &ctx); if (!NT_STATUS_IS_OK(status)) { -- cgit From fefcb70f870cae351d29a937df674db8c4ee9abe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 19:49:58 +0200 Subject: net_vampire: add error and result_message to samsync_context. Guenther (This used to be commit e0b117200441f842fbc11cc817ab2cde4d63a22e) --- source3/utils/net_rpc_samsync.c | 48 ++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 20 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 797598c48e..5161bb3ef5 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -1199,29 +1199,33 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* fetch domain */ result = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, fetch_sam_entries, ctx); - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to fetch domain database: %s\n", - nt_errstr(result)); - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) - d_fprintf(stderr, "Perhaps %s is a Windows 2000 " - "native mode domain?\n", domain_name); + + if (!NT_STATUS_IS_OK(result) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); goto fail; } + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } + /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); result = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, fetch_sam_entries, ctx); - if (!NT_STATUS_IS_OK(result)) { - d_fprintf(stderr, "Failed to fetch builtin database: %s\n", - nt_errstr(result)); + + if (!NT_STATUS_IS_OK(result) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); goto fail; } - TALLOC_FREE(ctx); + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } fail: + TALLOC_FREE(ctx); return result; } @@ -1253,29 +1257,33 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, /* fetch domain */ status = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, fetch_sam_entries_ldif, ctx); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "Failed to fetch domain database: %s\n", - nt_errstr(status)); - if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) - d_fprintf(stderr, "Perhaps %s is a Windows 2000 " - "native mode domain?\n", domain_name); + + if (!NT_STATUS_IS_OK(status) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); goto fail; } + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } + /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); status = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, fetch_sam_entries_ldif, ctx); - if (!NT_STATUS_IS_OK(status)) { - d_fprintf(stderr, "Failed to fetch builtin database: %s\n", - nt_errstr(status)); + + if (!NT_STATUS_IS_OK(status) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); goto fail; } - TALLOC_FREE(ctx); + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } fail: + TALLOC_FREE(ctx); return status; } -- cgit From 33000d77e4b904cf9cdfd3e3d83a3c3cc84d7f2b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 16 Jun 2008 13:36:53 +0200 Subject: time: move uint64s_nt_time_to_unix_abs() to lib/time.c Guenther (This used to be commit 58f54f180f0a942776455ab6e813628422493dac) --- source3/utils/net_rpc_samsync.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 5161bb3ef5..d945be76f1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -84,13 +84,6 @@ static void display_account_info(uint32_t rid, pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } -static time_t uint64s_nt_time_to_unix_abs(const uint64 *src) -{ - NTTIME nttime; - nttime = *src; - return nt_time_to_unix_abs(&nttime); -} - static NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, struct lsa_BinaryString *r, struct netr_AcctLockStr **str_p) -- cgit From ddf6e73b1fcbc4faae938815e7c7840d04d84150 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:22:06 +0200 Subject: net_vampire: move pull_netr_AcctLockStr() to libnet. Guenther (This used to be commit 8ec64a96e43d2e55e81f725fe693178ecdc65e88) --- source3/utils/net_rpc_samsync.c | 34 ---------------------------------- 1 file changed, 34 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index d945be76f1..2ac49270a7 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -84,40 +84,6 @@ static void display_account_info(uint32_t rid, pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); } -static NTSTATUS pull_netr_AcctLockStr(TALLOC_CTX *mem_ctx, - struct lsa_BinaryString *r, - struct netr_AcctLockStr **str_p) -{ - struct netr_AcctLockStr *str; - enum ndr_err_code ndr_err; - DATA_BLOB blob; - - if (!mem_ctx || !r || !str_p) { - return NT_STATUS_INVALID_PARAMETER; - } - - *str_p = NULL; - - str = TALLOC_ZERO_P(mem_ctx, struct netr_AcctLockStr); - if (!str) { - return NT_STATUS_NO_MEMORY; - } - - blob = data_blob_const(r->array, r->length); - - ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, str, - (ndr_pull_flags_fn_t)ndr_pull_netr_AcctLockStr); - data_blob_free(&blob); - - if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { - return ndr_map_error2ntstatus(ndr_err); - } - - *str_p = str; - - return NT_STATUS_OK; -} - static void display_domain_info(struct netr_DELTA_DOMAIN *r) { time_t u_logout; -- cgit From a6e887fbc655280eb56d751330bc95582339a285 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:32:12 +0200 Subject: net_vampire: display more deltas while doing samdump. Guenther (This used to be commit 43579907c3cbd5a4c07fe1f8da13c9a2a7db3f32) --- source3/utils/net_rpc_samsync.c | 85 +++++++++++++++++++++-------------------- 1 file changed, 44 insertions(+), 41 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2ac49270a7..6045b7c8a3 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -125,6 +125,42 @@ static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) d_printf("desc='%s', rid=%u\n", r->description.string, rid); } +static void display_delete_group(uint32_t rid) +{ + d_printf("Delete Group '%d' ", rid); +} + +static void display_rename_group(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename Group '%d' ", rid); + d_printf("Rename Group: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + +static void display_delete_user(uint32_t rid) +{ + d_printf("Delete User '%d' ", rid); +} + +static void display_rename_user(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename User '%d' ", rid); + d_printf("Rename User: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + +static void display_delete_alias(uint32_t rid) +{ + d_printf("Delete Alias '%d' ", rid); +} + +static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) +{ + d_printf("Rename Alias '%d' ", rid); + d_printf("Rename Alias: %s -> %s\n", + r->OldName.string, r->NewName.string); +} + static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, @@ -141,52 +177,36 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, case NETR_DELTA_GROUP: display_group_info(id.rid, u.group); break; -#if 0 case NETR_DELTA_DELETE_GROUP: - printf("Delete Group: %d\n", - u.delete_account.unknown); + display_delete_group(id.rid); break; case NETR_DELTA_RENAME_GROUP: - printf("Rename Group: %s -> %s\n", - u.rename_group->OldName.string, - u.rename_group->NewName.string); + display_rename_group(id.rid, u.rename_group); break; -#endif case NETR_DELTA_USER: display_account_info(id.rid, u.user); break; -#if 0 case NETR_DELTA_DELETE_USER: - printf("Delete User: %d\n", - id.rid); + display_delete_user(id.rid); break; case NETR_DELTA_RENAME_USER: - printf("Rename user: %s -> %s\n", - u.rename_user->OldName.string, - u.rename_user->NewName.string); + display_rename_user(id.rid, u.rename_user); break; -#endif case NETR_DELTA_GROUP_MEMBER: display_group_mem_info(id.rid, u.group_member); break; case NETR_DELTA_ALIAS: display_alias_info(id.rid, u.alias); break; -#if 0 case NETR_DELTA_DELETE_ALIAS: - printf("Delete Alias: %d\n", - id.rid); + display_delete_alias(id.rid); break; case NETR_DELTA_RENAME_ALIAS: - printf("Rename alias: %s -> %s\n", - u.rename_alias->OldName.string, - u.rename_alias->NewName.string); + display_rename_alias(id.rid, u.rename_alias); break; -#endif case NETR_DELTA_ALIAS_MEMBER: display_alias_mem(id.rid, u.alias_member); break; -#if 0 case NETR_DELTA_POLICY: printf("Policy\n"); break; @@ -224,17 +244,8 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, printf("sam sequence update: 0x%016llx\n", (unsigned long long) *u.modified_count); break; -#endif +#if 0 /* The following types are recognised but not handled */ - case NETR_DELTA_RENAME_GROUP: - d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); - break; - case NETR_DELTA_RENAME_USER: - d_printf("NETR_DELTA_RENAME_USER not handled\n"); - break; - case NETR_DELTA_RENAME_ALIAS: - d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); - break; case NETR_DELTA_POLICY: d_printf("NETR_DELTA_POLICY not handled\n"); break; @@ -247,18 +258,9 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, case NETR_DELTA_SECRET: d_printf("NETR_DELTA_SECRET not handled\n"); break; - case NETR_DELTA_DELETE_GROUP: - d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); - break; - case NETR_DELTA_DELETE_USER: - d_printf("NETR_DELTA_DELETE_USER not handled\n"); - break; case NETR_DELTA_MODIFY_COUNT: d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); break; - case NETR_DELTA_DELETE_ALIAS: - d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); - break; case NETR_DELTA_DELETE_TRUST: d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); break; @@ -274,6 +276,7 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, case NETR_DELTA_DELETE_USER2: d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); break; +#endif default: printf("unknown delta type 0x%02x\n", r->delta_type); -- cgit From de33b264d18620ed7f91e759bcf80c9d64a99c17 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:44:30 +0200 Subject: net_vampire: move out passdb routines to one file. Guenther (This used to be commit 74d431270d9b4cc1524f79fa2ad743420afef417) --- source3/utils/net_rpc_samsync.c | 762 ---------------------------------------- 1 file changed, 762 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 6045b7c8a3..587fdf293e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -337,768 +337,6 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, return NT_STATUS_OK; } -/* Convert a struct samu_DELTA to a struct samu. */ -#define STRING_CHANGED (old_string && !new_string) ||\ - (!old_string && new_string) ||\ - (old_string && new_string && (strcmp(old_string, new_string) != 0)) - -#define STRING_CHANGED_NC(s1,s2) ((s1) && !(s2)) ||\ - (!(s1) && (s2)) ||\ - ((s1) && (s2) && (strcmp((s1), (s2)) != 0)) - -static NTSTATUS sam_account_from_delta(struct samu *account, - struct netr_DELTA_USER *r) -{ - const char *old_string, *new_string; - time_t unix_time, stored_time; - uchar lm_passwd[16], nt_passwd[16]; - static uchar zero_buf[16]; - - /* Username, fullname, home dir, dir drive, logon script, acct - desc, workstations, profile. */ - - if (r->account_name.string) { - old_string = pdb_get_nt_username(account); - new_string = r->account_name.string; - - if (STRING_CHANGED) { - pdb_set_nt_username(account, new_string, PDB_CHANGED); - } - - /* Unix username is the same - for sanity */ - old_string = pdb_get_username( account ); - if (STRING_CHANGED) { - pdb_set_username(account, new_string, PDB_CHANGED); - } - } - - if (r->full_name.string) { - old_string = pdb_get_fullname(account); - new_string = r->full_name.string; - - if (STRING_CHANGED) - pdb_set_fullname(account, new_string, PDB_CHANGED); - } - - if (r->home_directory.string) { - old_string = pdb_get_homedir(account); - new_string = r->home_directory.string; - - if (STRING_CHANGED) - pdb_set_homedir(account, new_string, PDB_CHANGED); - } - - if (r->home_drive.string) { - old_string = pdb_get_dir_drive(account); - new_string = r->home_drive.string; - - if (STRING_CHANGED) - pdb_set_dir_drive(account, new_string, PDB_CHANGED); - } - - if (r->logon_script.string) { - old_string = pdb_get_logon_script(account); - new_string = r->logon_script.string; - - if (STRING_CHANGED) - pdb_set_logon_script(account, new_string, PDB_CHANGED); - } - - if (r->description.string) { - old_string = pdb_get_acct_desc(account); - new_string = r->description.string; - - if (STRING_CHANGED) - pdb_set_acct_desc(account, new_string, PDB_CHANGED); - } - - if (r->workstations.string) { - old_string = pdb_get_workstations(account); - new_string = r->workstations.string; - - if (STRING_CHANGED) - pdb_set_workstations(account, new_string, PDB_CHANGED); - } - - if (r->profile_path.string) { - old_string = pdb_get_profile_path(account); - new_string = r->profile_path.string; - - if (STRING_CHANGED) - pdb_set_profile_path(account, new_string, PDB_CHANGED); - } - - if (r->parameters.string) { - DATA_BLOB mung; - char *newstr; - old_string = pdb_get_munged_dial(account); - mung.length = r->parameters.length; - mung.data = (uint8 *) r->parameters.string; - newstr = (mung.length == 0) ? NULL : - base64_encode_data_blob(talloc_tos(), mung); - - if (STRING_CHANGED_NC(old_string, newstr)) - pdb_set_munged_dial(account, newstr, PDB_CHANGED); - TALLOC_FREE(newstr); - } - - /* User and group sid */ - if (pdb_get_user_rid(account) != r->rid) - pdb_set_user_sid_from_rid(account, r->rid, PDB_CHANGED); - if (pdb_get_group_rid(account) != r->primary_gid) - pdb_set_group_sid_from_rid(account, r->primary_gid, PDB_CHANGED); - - /* Logon and password information */ - if (!nt_time_is_zero(&r->last_logon)) { - unix_time = nt_time_to_unix(r->last_logon); - stored_time = pdb_get_logon_time(account); - if (stored_time != unix_time) - pdb_set_logon_time(account, unix_time, PDB_CHANGED); - } - - if (!nt_time_is_zero(&r->last_logoff)) { - unix_time = nt_time_to_unix(r->last_logoff); - stored_time = pdb_get_logoff_time(account); - if (stored_time != unix_time) - pdb_set_logoff_time(account, unix_time,PDB_CHANGED); - } - - /* Logon Divs */ - if (pdb_get_logon_divs(account) != r->logon_hours.units_per_week) - pdb_set_logon_divs(account, r->logon_hours.units_per_week, PDB_CHANGED); - -#if 0 - /* no idea what to do with this one - gd */ - /* Max Logon Hours */ - if (delta->unknown1 != pdb_get_unknown_6(account)) { - pdb_set_unknown_6(account, delta->unknown1, PDB_CHANGED); - } -#endif - /* Logon Hours Len */ - if (r->logon_hours.units_per_week/8 != pdb_get_hours_len(account)) { - pdb_set_hours_len(account, r->logon_hours.units_per_week/8, PDB_CHANGED); - } - - /* Logon Hours */ - if (r->logon_hours.bits) { - char oldstr[44], newstr[44]; - pdb_sethexhours(oldstr, pdb_get_hours(account)); - pdb_sethexhours(newstr, r->logon_hours.bits); - if (!strequal(oldstr, newstr)) - pdb_set_hours(account, r->logon_hours.bits, PDB_CHANGED); - } - - if (pdb_get_bad_password_count(account) != r->bad_password_count) - pdb_set_bad_password_count(account, r->bad_password_count, PDB_CHANGED); - - if (pdb_get_logon_count(account) != r->logon_count) - pdb_set_logon_count(account, r->logon_count, PDB_CHANGED); - - if (!nt_time_is_zero(&r->last_password_change)) { - unix_time = nt_time_to_unix(r->last_password_change); - stored_time = pdb_get_pass_last_set_time(account); - if (stored_time != unix_time) - pdb_set_pass_last_set_time(account, unix_time, PDB_CHANGED); - } else { - /* no last set time, make it now */ - pdb_set_pass_last_set_time(account, time(NULL), PDB_CHANGED); - } - - if (!nt_time_is_zero(&r->acct_expiry)) { - unix_time = nt_time_to_unix(r->acct_expiry); - stored_time = pdb_get_kickoff_time(account); - if (stored_time != unix_time) - pdb_set_kickoff_time(account, unix_time, PDB_CHANGED); - } - - /* Decode hashes from password hash - Note that win2000 may send us all zeros for the hashes if it doesn't - think this channel is secure enough - don't set the passwords at all - in that case - */ - if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->ntpassword.hash, lm_passwd, 0); - pdb_set_lanman_passwd(account, lm_passwd, PDB_CHANGED); - } - - if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->lmpassword.hash, nt_passwd, 0); - pdb_set_nt_passwd(account, nt_passwd, PDB_CHANGED); - } - - /* TODO: account expiry time */ - - pdb_set_acct_ctrl(account, r->acct_flags, PDB_CHANGED); - - pdb_set_domain(account, lp_workgroup(), PDB_CHANGED); - - return NT_STATUS_OK; -} - -static NTSTATUS fetch_account_info(uint32_t rid, - struct netr_DELTA_USER *r) -{ - - NTSTATUS nt_ret = NT_STATUS_UNSUCCESSFUL; - fstring account; - char *add_script = NULL; - struct samu *sam_account=NULL; - GROUP_MAP map; - struct group *grp; - DOM_SID user_sid; - DOM_SID group_sid; - struct passwd *passwd; - fstring sid_string; - - fstrcpy(account, r->account_name.string); - d_printf("Creating account: %s\n", account); - - if ( !(sam_account = samu_new( NULL )) ) { - return NT_STATUS_NO_MEMORY; - } - - if (!(passwd = Get_Pwnam_alloc(sam_account, account))) { - /* Create appropriate user */ - if (r->acct_flags & ACB_NORMAL) { - add_script = talloc_strdup(sam_account, - lp_adduser_script()); - } else if ( (r->acct_flags & ACB_WSTRUST) || - (r->acct_flags & ACB_SVRTRUST) || - (r->acct_flags & ACB_DOMTRUST) ) { - add_script = talloc_strdup(sam_account, - lp_addmachine_script()); - } else { - DEBUG(1, ("Unknown user type: %s\n", - pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN))); - nt_ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - if (!add_script) { - nt_ret = NT_STATUS_NO_MEMORY; - goto done; - } - if (*add_script) { - int add_ret; - add_script = talloc_all_string_sub(sam_account, - add_script, - "%u", - account); - if (!add_script) { - nt_ret = NT_STATUS_NO_MEMORY; - goto done; - } - add_ret = smbrun(add_script,NULL); - DEBUG(add_ret ? 0 : 1,("fetch_account: Running the command `%s' " - "gave %d\n", add_script, add_ret)); - if (add_ret == 0) { - smb_nscd_flush_user_cache(); - } - } - - /* try and find the possible unix account again */ - if ( !(passwd = Get_Pwnam_alloc(sam_account, account)) ) { - d_fprintf(stderr, "Could not create posix account info for '%s'\n", account); - nt_ret = NT_STATUS_NO_SUCH_USER; - goto done; - } - } - - sid_copy(&user_sid, get_global_sam_sid()); - sid_append_rid(&user_sid, r->rid); - - DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n", - sid_to_fstring(sid_string, &user_sid), account)); - if (!pdb_getsampwsid(sam_account, &user_sid)) { - sam_account_from_delta(sam_account, r); - DEBUG(3, ("Attempting to add user SID %s for user %s in the passdb\n", - sid_to_fstring(sid_string, &user_sid), - pdb_get_username(sam_account))); - if (!NT_STATUS_IS_OK(pdb_add_sam_account(sam_account))) { - DEBUG(1, ("SAM Account for %s failed to be added to the passdb!\n", - account)); - return NT_STATUS_ACCESS_DENIED; - } - } else { - sam_account_from_delta(sam_account, r); - DEBUG(3, ("Attempting to update user SID %s for user %s in the passdb\n", - sid_to_fstring(sid_string, &user_sid), - pdb_get_username(sam_account))); - if (!NT_STATUS_IS_OK(pdb_update_sam_account(sam_account))) { - DEBUG(1, ("SAM Account for %s failed to be updated in the passdb!\n", - account)); - TALLOC_FREE(sam_account); - return NT_STATUS_ACCESS_DENIED; - } - } - - if (pdb_get_group_sid(sam_account) == NULL) { - return NT_STATUS_UNSUCCESSFUL; - } - - group_sid = *pdb_get_group_sid(sam_account); - - if (!pdb_getgrsid(&map, group_sid)) { - DEBUG(0, ("Primary group of %s has no mapping!\n", - pdb_get_username(sam_account))); - } else { - if (map.gid != passwd->pw_gid) { - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu for user %s (group SID=%s)\n", - (unsigned long)map.gid, pdb_get_username(sam_account), sid_string_tos(&group_sid))); - } else { - smb_set_primary_group(grp->gr_name, pdb_get_username(sam_account)); - } - } - } - - if ( !passwd ) { - DEBUG(1, ("No unix user for this account (%s), cannot adjust mappings\n", - pdb_get_username(sam_account))); - } - - done: - TALLOC_FREE(sam_account); - return nt_ret; -} - -static NTSTATUS fetch_group_info(uint32_t rid, - struct netr_DELTA_GROUP *r) -{ - fstring name; - fstring comment; - struct group *grp = NULL; - DOM_SID group_sid; - fstring sid_string; - GROUP_MAP map; - bool insert = true; - - fstrcpy(name, r->group_name.string); - fstrcpy(comment, r->description.string); - - /* add the group to the mapping table */ - sid_copy(&group_sid, get_global_sam_sid()); - sid_append_rid(&group_sid, rid); - sid_to_fstring(sid_string, &group_sid); - - if (pdb_getgrsid(&map, group_sid)) { - if ( map.gid != -1 ) - grp = getgrgid(map.gid); - insert = false; - } - - if (grp == NULL) { - gid_t gid; - - /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { - - /* No appropriate group found, create one */ - - d_printf("Creating unix group: '%s'\n", name); - - if (smb_create_group(name, &gid) != 0) - return NT_STATUS_ACCESS_DENIED; - - if ((grp = getgrnam(name)) == NULL) - return NT_STATUS_ACCESS_DENIED; - } - } - - map.gid = grp->gr_gid; - map.sid = group_sid; - map.sid_name_use = SID_NAME_DOM_GRP; - fstrcpy(map.nt_name, name); - if (r->description.string) { - fstrcpy(map.comment, comment); - } else { - fstrcpy(map.comment, ""); - } - - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); - - return NT_STATUS_OK; -} - -static NTSTATUS fetch_group_mem_info(uint32_t rid, - struct netr_DELTA_GROUP_MEMBER *r) -{ - int i; - TALLOC_CTX *t = NULL; - char **nt_members = NULL; - char **unix_members; - DOM_SID group_sid; - GROUP_MAP map; - struct group *grp; - - if (r->num_rids == 0) { - return NT_STATUS_OK; - } - - sid_copy(&group_sid, get_global_sam_sid()); - sid_append_rid(&group_sid, rid); - - if (!get_domain_group_from_sid(group_sid, &map)) { - DEBUG(0, ("Could not find global group %d\n", rid)); - return NT_STATUS_NO_SUCH_GROUP; - } - - if (!(grp = getgrgid(map.gid))) { - DEBUG(0, ("Could not find unix group %lu\n", (unsigned long)map.gid)); - return NT_STATUS_NO_SUCH_GROUP; - } - - d_printf("Group members of %s: ", grp->gr_name); - - if (!(t = talloc_init("fetch_group_mem_info"))) { - DEBUG(0, ("could not talloc_init\n")); - return NT_STATUS_NO_MEMORY; - } - - if (r->num_rids) { - if ((nt_members = TALLOC_ZERO_ARRAY(t, char *, r->num_rids)) == NULL) { - DEBUG(0, ("talloc failed\n")); - talloc_free(t); - return NT_STATUS_NO_MEMORY; - } - } else { - nt_members = NULL; - } - - for (i=0; i < r->num_rids; i++) { - struct samu *member = NULL; - DOM_SID member_sid; - - if ( !(member = samu_new(t)) ) { - talloc_destroy(t); - return NT_STATUS_NO_MEMORY; - } - - sid_copy(&member_sid, get_global_sam_sid()); - sid_append_rid(&member_sid, r->rids[i]); - - if (!pdb_getsampwsid(member, &member_sid)) { - DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n", - r->rids[i], sid_string_tos(&member_sid), grp->gr_name)); - TALLOC_FREE(member); - continue; - } - - if (pdb_get_group_rid(member) == rid) { - d_printf("%s(primary),", pdb_get_username(member)); - TALLOC_FREE(member); - continue; - } - - d_printf("%s,", pdb_get_username(member)); - nt_members[i] = talloc_strdup(t, pdb_get_username(member)); - TALLOC_FREE(member); - } - - d_printf("\n"); - - unix_members = grp->gr_mem; - - while (*unix_members) { - bool is_nt_member = false; - for (i=0; i < r->num_rids; i++) { - if (nt_members[i] == NULL) { - /* This was a primary group */ - continue; - } - - if (strcmp(*unix_members, nt_members[i]) == 0) { - is_nt_member = true; - break; - } - } - if (!is_nt_member) { - /* We look at a unix group member that is not - an nt group member. So, remove it. NT is - boss here. */ - smb_delete_user_group(grp->gr_name, *unix_members); - } - unix_members += 1; - } - - for (i=0; i < r->num_rids; i++) { - bool is_unix_member = false; - - if (nt_members[i] == NULL) { - /* This was the primary group */ - continue; - } - - unix_members = grp->gr_mem; - - while (*unix_members) { - if (strcmp(*unix_members, nt_members[i]) == 0) { - is_unix_member = true; - break; - } - unix_members += 1; - } - - if (!is_unix_member) { - /* We look at a nt group member that is not a - unix group member currently. So, add the nt - group member. */ - smb_add_user_group(grp->gr_name, nt_members[i]); - } - } - - talloc_destroy(t); - return NT_STATUS_OK; -} - -static NTSTATUS fetch_alias_info(uint32_t rid, - struct netr_DELTA_ALIAS *r, - const DOM_SID *dom_sid) -{ - fstring name; - fstring comment; - struct group *grp = NULL; - DOM_SID alias_sid; - fstring sid_string; - GROUP_MAP map; - bool insert = true; - - fstrcpy(name, r->alias_name.string); - fstrcpy(comment, r->description.string); - - /* Find out whether the group is already mapped */ - sid_copy(&alias_sid, dom_sid); - sid_append_rid(&alias_sid, rid); - sid_to_fstring(sid_string, &alias_sid); - - if (pdb_getgrsid(&map, alias_sid)) { - grp = getgrgid(map.gid); - insert = false; - } - - if (grp == NULL) { - gid_t gid; - - /* No group found from mapping, find it from its name. */ - if ((grp = getgrnam(name)) == NULL) { - /* No appropriate group found, create one */ - d_printf("Creating unix group: '%s'\n", name); - if (smb_create_group(name, &gid) != 0) - return NT_STATUS_ACCESS_DENIED; - if ((grp = getgrgid(gid)) == NULL) - return NT_STATUS_ACCESS_DENIED; - } - } - - map.gid = grp->gr_gid; - map.sid = alias_sid; - - if (sid_equal(dom_sid, &global_sid_Builtin)) - map.sid_name_use = SID_NAME_WKN_GRP; - else - map.sid_name_use = SID_NAME_ALIAS; - - fstrcpy(map.nt_name, name); - fstrcpy(map.comment, comment); - - if (insert) - pdb_add_group_mapping_entry(&map); - else - pdb_update_group_mapping_entry(&map); - - return NT_STATUS_OK; -} - -static NTSTATUS fetch_alias_mem(uint32_t rid, - struct netr_DELTA_ALIAS_MEMBER *r, - const DOM_SID *dom_sid) -{ - return NT_STATUS_OK; -} - -static NTSTATUS fetch_domain_info(uint32_t rid, - struct netr_DELTA_DOMAIN *r) -{ - time_t u_max_age, u_min_age, u_logout; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - const char *domname; - struct netr_AcctLockStr *lockstr = NULL; - NTSTATUS status; - TALLOC_CTX *mem_ctx = talloc_tos(); - - status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, - &lockstr); - if (!NT_STATUS_IS_OK(status)) { - d_printf("failed to pull account lockout string: %s\n", - nt_errstr(status)); - } - - u_max_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->max_password_age); - u_min_age = uint64s_nt_time_to_unix_abs((uint64 *)&r->min_password_age); - u_logout = uint64s_nt_time_to_unix_abs((uint64 *)&r->force_logoff_time); - - domname = r->domain_name.string; - if (!domname) { - return NT_STATUS_NO_MEMORY; - } - - /* we don't handle BUILTIN account policies */ - if (!strequal(domname, get_global_sam_name())) { - printf("skipping SAM_DOMAIN_INFO delta for '%s' (is not my domain)\n", domname); - return NT_STATUS_OK; - } - - - if (!pdb_set_account_policy(AP_PASSWORD_HISTORY, - r->password_history_length)) - return nt_status; - - if (!pdb_set_account_policy(AP_MIN_PASSWORD_LEN, - r->min_password_length)) - return nt_status; - - if (!pdb_set_account_policy(AP_MAX_PASSWORD_AGE, (uint32)u_max_age)) - return nt_status; - - if (!pdb_set_account_policy(AP_MIN_PASSWORD_AGE, (uint32)u_min_age)) - return nt_status; - - if (!pdb_set_account_policy(AP_TIME_TO_LOGOUT, (uint32)u_logout)) - return nt_status; - - if (lockstr) { - time_t u_lockoutreset, u_lockouttime; - - u_lockoutreset = uint64s_nt_time_to_unix_abs(&lockstr->reset_count); - u_lockouttime = uint64s_nt_time_to_unix_abs((uint64_t *)&lockstr->lockout_duration); - - if (!pdb_set_account_policy(AP_BAD_ATTEMPT_LOCKOUT, - lockstr->bad_attempt_lockout)) - return nt_status; - - if (!pdb_set_account_policy(AP_RESET_COUNT_TIME, (uint32_t)u_lockoutreset/60)) - return nt_status; - - if (u_lockouttime != -1) - u_lockouttime /= 60; - - if (!pdb_set_account_policy(AP_LOCK_ACCOUNT_DURATION, (uint32_t)u_lockouttime)) - return nt_status; - } - - if (!pdb_set_account_policy(AP_USER_MUST_LOGON_TO_CHG_PASS, - r->logon_to_chgpass)) - return nt_status; - - return NT_STATUS_OK; -} - -static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM *r, - struct samsync_context *ctx) -{ - switch(r->delta_type) { - case NETR_DELTA_USER: - fetch_account_info(r->delta_id_union.rid, - r->delta_union.user); - break; - case NETR_DELTA_GROUP: - fetch_group_info(r->delta_id_union.rid, - r->delta_union.group); - break; - case NETR_DELTA_GROUP_MEMBER: - fetch_group_mem_info(r->delta_id_union.rid, - r->delta_union.group_member); - break; - case NETR_DELTA_ALIAS: - fetch_alias_info(r->delta_id_union.rid, - r->delta_union.alias, - ctx->domain_sid); - break; - case NETR_DELTA_ALIAS_MEMBER: - fetch_alias_mem(r->delta_id_union.rid, - r->delta_union.alias_member, - ctx->domain_sid); - break; - case NETR_DELTA_DOMAIN: - fetch_domain_info(r->delta_id_union.rid, - r->delta_union.domain); - break; - /* The following types are recognised but not handled */ - case NETR_DELTA_RENAME_GROUP: - d_printf("NETR_DELTA_RENAME_GROUP not handled\n"); - break; - case NETR_DELTA_RENAME_USER: - d_printf("NETR_DELTA_RENAME_USER not handled\n"); - break; - case NETR_DELTA_RENAME_ALIAS: - d_printf("NETR_DELTA_RENAME_ALIAS not handled\n"); - break; - case NETR_DELTA_POLICY: - d_printf("NETR_DELTA_POLICY not handled\n"); - break; - case NETR_DELTA_TRUSTED_DOMAIN: - d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); - break; - case NETR_DELTA_ACCOUNT: - d_printf("NETR_DELTA_ACCOUNT not handled\n"); - break; - case NETR_DELTA_SECRET: - d_printf("NETR_DELTA_SECRET not handled\n"); - break; - case NETR_DELTA_DELETE_GROUP: - d_printf("NETR_DELTA_DELETE_GROUP not handled\n"); - break; - case NETR_DELTA_DELETE_USER: - d_printf("NETR_DELTA_DELETE_USER not handled\n"); - break; - case NETR_DELTA_MODIFY_COUNT: - d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); - break; - case NETR_DELTA_DELETE_ALIAS: - d_printf("NETR_DELTA_DELETE_ALIAS not handled\n"); - break; - case NETR_DELTA_DELETE_TRUST: - d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); - break; - case NETR_DELTA_DELETE_ACCOUNT: - d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); - break; - case NETR_DELTA_DELETE_SECRET: - d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); - break; - case NETR_DELTA_DELETE_GROUP2: - d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); - break; - case NETR_DELTA_DELETE_USER2: - d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); - break; - default: - d_printf("Unknown delta record type %d\n", r->delta_type); - break; - } - - return NT_STATUS_OK; -} - -static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, - struct samsync_context *ctx) -{ - int i; - - for (i = 0; i < r->num_deltas; i++) { - fetch_sam_entry(mem_ctx, database_id, &r->delta_enum[i], ctx); - } - - return NT_STATUS_OK; -} - /** * Basic usage function for 'net rpc vampire' * -- cgit From bd6fece98af7142790625ddd19769529eba4ada3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 17 Jun 2008 21:53:01 +0200 Subject: net_vampire: move out display routines to one file. Guenther (This used to be commit 64b48a07e714d7eb97dd49c11d9ca62951d79524) --- source3/utils/net_rpc_samsync.c | 275 ---------------------------------------- 1 file changed, 275 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 587fdf293e..c0a3de7190 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -26,281 +26,6 @@ #include "includes.h" #include "utils/net.h" -static void display_group_mem_info(uint32_t rid, - struct netr_DELTA_GROUP_MEMBER *r) -{ - int i; - d_printf("Group mem %u: ", rid); - for (i=0; i< r->num_rids; i++) { - d_printf("%u ", r->rids[i]); - } - d_printf("\n"); -} - -static void display_alias_info(uint32_t rid, - struct netr_DELTA_ALIAS *r) -{ - d_printf("Alias '%s' ", r->alias_name.string); - d_printf("desc='%s' rid=%u\n", r->description.string, r->rid); -} - -static void display_alias_mem(uint32_t rid, - struct netr_DELTA_ALIAS_MEMBER *r) -{ - int i; - d_printf("Alias rid %u: ", rid); - for (i=0; i< r->sids.num_sids; i++) { - d_printf("%s ", sid_string_tos(r->sids.sids[i].sid)); - } - d_printf("\n"); -} - -static void display_account_info(uint32_t rid, - struct netr_DELTA_USER *r) -{ - fstring hex_nt_passwd, hex_lm_passwd; - uchar lm_passwd[16], nt_passwd[16]; - static uchar zero_buf[16]; - - /* Decode hashes from password hash (if they are not NULL) */ - - if (memcmp(r->lmpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->lmpassword.hash, lm_passwd, 0); - pdb_sethexpwd(hex_lm_passwd, lm_passwd, r->acct_flags); - } else { - pdb_sethexpwd(hex_lm_passwd, NULL, 0); - } - - if (memcmp(r->ntpassword.hash, zero_buf, 16) != 0) { - sam_pwd_hash(r->rid, r->ntpassword.hash, nt_passwd, 0); - pdb_sethexpwd(hex_nt_passwd, nt_passwd, r->acct_flags); - } else { - pdb_sethexpwd(hex_nt_passwd, NULL, 0); - } - - printf("%s:%d:%s:%s:%s:LCT-0\n", - r->account_name.string, - r->rid, hex_lm_passwd, hex_nt_passwd, - pdb_encode_acct_ctrl(r->acct_flags, NEW_PW_FORMAT_SPACE_PADDED_LEN)); -} - -static void display_domain_info(struct netr_DELTA_DOMAIN *r) -{ - time_t u_logout; - struct netr_AcctLockStr *lockstr = NULL; - NTSTATUS status; - TALLOC_CTX *mem_ctx = talloc_tos(); - - status = pull_netr_AcctLockStr(mem_ctx, &r->account_lockout, - &lockstr); - if (!NT_STATUS_IS_OK(status)) { - d_printf("failed to pull account lockout string: %s\n", - nt_errstr(status)); - } - - u_logout = uint64s_nt_time_to_unix_abs((const uint64 *)&r->force_logoff_time); - - d_printf("Domain name: %s\n", r->domain_name.string); - - d_printf("Minimal Password Length: %d\n", r->min_password_length); - d_printf("Password History Length: %d\n", r->password_history_length); - - d_printf("Force Logoff: %d\n", (int)u_logout); - - d_printf("Max Password Age: %s\n", display_time(r->max_password_age)); - d_printf("Min Password Age: %s\n", display_time(r->min_password_age)); - - if (lockstr) { - d_printf("Lockout Time: %s\n", display_time((NTTIME)lockstr->lockout_duration)); - d_printf("Lockout Reset Time: %s\n", display_time((NTTIME)lockstr->reset_count)); - d_printf("Bad Attempt Lockout: %d\n", lockstr->bad_attempt_lockout); - } - - d_printf("User must logon to change password: %d\n", r->logon_to_chgpass); -} - -static void display_group_info(uint32_t rid, struct netr_DELTA_GROUP *r) -{ - d_printf("Group '%s' ", r->group_name.string); - d_printf("desc='%s', rid=%u\n", r->description.string, rid); -} - -static void display_delete_group(uint32_t rid) -{ - d_printf("Delete Group '%d' ", rid); -} - -static void display_rename_group(uint32_t rid, struct netr_DELTA_RENAME *r) -{ - d_printf("Rename Group '%d' ", rid); - d_printf("Rename Group: %s -> %s\n", - r->OldName.string, r->NewName.string); -} - -static void display_delete_user(uint32_t rid) -{ - d_printf("Delete User '%d' ", rid); -} - -static void display_rename_user(uint32_t rid, struct netr_DELTA_RENAME *r) -{ - d_printf("Rename User '%d' ", rid); - d_printf("Rename User: %s -> %s\n", - r->OldName.string, r->NewName.string); -} - -static void display_delete_alias(uint32_t rid) -{ - d_printf("Delete Alias '%d' ", rid); -} - -static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) -{ - d_printf("Rename Alias '%d' ", rid); - d_printf("Rename Alias: %s -> %s\n", - r->OldName.string, r->NewName.string); -} - -static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM *r, - NTSTATUS status, - struct samsync_context *ctx) -{ - union netr_DELTA_UNION u = r->delta_union; - union netr_DELTA_ID_UNION id = r->delta_id_union; - - switch (r->delta_type) { - case NETR_DELTA_DOMAIN: - display_domain_info(u.domain); - break; - case NETR_DELTA_GROUP: - display_group_info(id.rid, u.group); - break; - case NETR_DELTA_DELETE_GROUP: - display_delete_group(id.rid); - break; - case NETR_DELTA_RENAME_GROUP: - display_rename_group(id.rid, u.rename_group); - break; - case NETR_DELTA_USER: - display_account_info(id.rid, u.user); - break; - case NETR_DELTA_DELETE_USER: - display_delete_user(id.rid); - break; - case NETR_DELTA_RENAME_USER: - display_rename_user(id.rid, u.rename_user); - break; - case NETR_DELTA_GROUP_MEMBER: - display_group_mem_info(id.rid, u.group_member); - break; - case NETR_DELTA_ALIAS: - display_alias_info(id.rid, u.alias); - break; - case NETR_DELTA_DELETE_ALIAS: - display_delete_alias(id.rid); - break; - case NETR_DELTA_RENAME_ALIAS: - display_rename_alias(id.rid, u.rename_alias); - break; - case NETR_DELTA_ALIAS_MEMBER: - display_alias_mem(id.rid, u.alias_member); - break; - case NETR_DELTA_POLICY: - printf("Policy\n"); - break; - case NETR_DELTA_TRUSTED_DOMAIN: - printf("Trusted Domain: %s\n", - u.trusted_domain->domain_name.string); - break; - case NETR_DELTA_DELETE_TRUST: - printf("Delete Trust: %d\n", - u.delete_trust.unknown); - break; - case NETR_DELTA_ACCOUNT: - printf("Account\n"); - break; - case NETR_DELTA_DELETE_ACCOUNT: - printf("Delete Account: %d\n", - u.delete_account.unknown); - break; - case NETR_DELTA_SECRET: - printf("Secret\n"); - break; - case NETR_DELTA_DELETE_SECRET: - printf("Delete Secret: %d\n", - u.delete_secret.unknown); - break; - case NETR_DELTA_DELETE_GROUP2: - printf("Delete Group2: %s\n", - u.delete_group->account_name); - break; - case NETR_DELTA_DELETE_USER2: - printf("Delete User2: %s\n", - u.delete_user->account_name); - break; - case NETR_DELTA_MODIFY_COUNT: - printf("sam sequence update: 0x%016llx\n", - (unsigned long long) *u.modified_count); - break; -#if 0 - /* The following types are recognised but not handled */ - case NETR_DELTA_POLICY: - d_printf("NETR_DELTA_POLICY not handled\n"); - break; - case NETR_DELTA_TRUSTED_DOMAIN: - d_printf("NETR_DELTA_TRUSTED_DOMAIN not handled\n"); - break; - case NETR_DELTA_ACCOUNT: - d_printf("NETR_DELTA_ACCOUNT not handled\n"); - break; - case NETR_DELTA_SECRET: - d_printf("NETR_DELTA_SECRET not handled\n"); - break; - case NETR_DELTA_MODIFY_COUNT: - d_printf("NETR_DELTA_MODIFY_COUNT not handled\n"); - break; - case NETR_DELTA_DELETE_TRUST: - d_printf("NETR_DELTA_DELETE_TRUST not handled\n"); - break; - case NETR_DELTA_DELETE_ACCOUNT: - d_printf("NETR_DELTA_DELETE_ACCOUNT not handled\n"); - break; - case NETR_DELTA_DELETE_SECRET: - d_printf("NETR_DELTA_DELETE_SECRET not handled\n"); - break; - case NETR_DELTA_DELETE_GROUP2: - d_printf("NETR_DELTA_DELETE_GROUP2 not handled\n"); - break; - case NETR_DELTA_DELETE_USER2: - d_printf("NETR_DELTA_DELETE_USER2 not handled\n"); - break; -#endif - default: - printf("unknown delta type 0x%02x\n", - r->delta_type); - break; - } - - return NT_STATUS_OK; -} - -static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - NTSTATUS status, - struct samsync_context *ctx) -{ - int i; - - for (i = 0; i < r->num_deltas; i++) { - display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], status, ctx); - } - - return NT_STATUS_OK; -} - /* dump sam database via samsync rpc calls */ NTSTATUS rpc_samdump_internals(struct net_context *c, const DOM_SID *domain_sid, -- cgit From 8725626ec8b2b2a11b2c0bb5e7010f229d552b5e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Jun 2008 17:03:53 +0200 Subject: net_vampire: prepend libnet_ to the public samsync functions. Guenther (This used to be commit f020c947cfb1482176af8827ed9c361d7c21e26f) --- source3/utils/net_rpc_samsync.c | 58 ++++++++++++++++++++--------------------- 1 file changed, 29 insertions(+), 29 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c0a3de7190..4dfa72dcc9 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -39,23 +39,23 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, struct samsync_context *ctx = NULL; NTSTATUS status; - status = samsync_init_context(mem_ctx, - domain_sid, - domain_name, - NET_SAMSYNC_MODE_DUMP, - &ctx); + status = libnet_samsync_init_context(mem_ctx, + domain_sid, + domain_name, + NET_SAMSYNC_MODE_DUMP, + &ctx); if (!NT_STATUS_IS_OK(status)) { return status; } - samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - display_sam_entries, ctx); + libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, + display_sam_entries, ctx); - samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - display_sam_entries, ctx); + libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, + display_sam_entries, ctx); - samsync_process_database(pipe_hnd, SAM_DATABASE_PRIVS, - display_sam_entries, ctx); + libnet_samsync(pipe_hnd, SAM_DATABASE_PRIVS, + display_sam_entries, ctx); TALLOC_FREE(ctx); @@ -97,11 +97,11 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; struct samsync_context *ctx = NULL; - result = samsync_init_context(mem_ctx, - domain_sid, - domain_name, - NET_SAMSYNC_MODE_FETCH_PASSDB, - &ctx); + result = libnet_samsync_init_context(mem_ctx, + domain_sid, + domain_name, + NET_SAMSYNC_MODE_FETCH_PASSDB, + &ctx); if (!NT_STATUS_IS_OK(result)) { return result; } @@ -122,8 +122,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, } /* fetch domain */ - result = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries, ctx); + result = libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -137,8 +137,8 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - result = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries, ctx); + result = libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, + fetch_sam_entries, ctx); if (!NT_STATUS_IS_OK(result) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -166,11 +166,11 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, NTSTATUS status; struct samsync_context *ctx = NULL; - status = samsync_init_context(mem_ctx, - domain_sid, - domain_name, - NET_SAMSYNC_MODE_FETCH_LDIF, - &ctx); + status = libnet_samsync_init_context(mem_ctx, + domain_sid, + domain_name, + NET_SAMSYNC_MODE_FETCH_LDIF, + &ctx); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -180,8 +180,8 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, } /* fetch domain */ - status = samsync_process_database(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries_ldif, ctx); + status = libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, + fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -195,8 +195,8 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - status = samsync_process_database(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries_ldif, ctx); + status = libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, + fetch_sam_entries_ldif, ctx); if (!NT_STATUS_IS_OK(status) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); -- cgit From 48a680ecf2a00169066c6e6c84ec3fecc3245dbd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 23 Jun 2008 17:29:01 +0200 Subject: net_vampire: more libnet_samsync restructuring. Guenther (This used to be commit 3bcda522f025aff249678a8a086218679fc19c6b) --- source3/utils/net_rpc_samsync.c | 56 +++++++++++++++++++++-------------------- 1 file changed, 29 insertions(+), 27 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 4dfa72dcc9..c941338b32 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -41,21 +41,21 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, status = libnet_samsync_init_context(mem_ctx, domain_sid, - domain_name, - NET_SAMSYNC_MODE_DUMP, &ctx); if (!NT_STATUS_IS_OK(status)) { return status; } - libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, - display_sam_entries, ctx); + ctx->mode = NET_SAMSYNC_MODE_DUMP; + ctx->cli = pipe_hnd; + ctx->delta_fn = display_sam_entries; + ctx->domain_name = domain_name; - libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, - display_sam_entries, ctx); + libnet_samsync(SAM_DATABASE_DOMAIN, ctx); - libnet_samsync(pipe_hnd, SAM_DATABASE_PRIVS, - display_sam_entries, ctx); + libnet_samsync(SAM_DATABASE_BUILTIN, ctx); + + libnet_samsync(SAM_DATABASE_PRIVS, ctx); TALLOC_FREE(ctx); @@ -97,15 +97,6 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, NTSTATUS result; struct samsync_context *ctx = NULL; - result = libnet_samsync_init_context(mem_ctx, - domain_sid, - domain_name, - NET_SAMSYNC_MODE_FETCH_PASSDB, - &ctx); - if (!NT_STATUS_IS_OK(result)) { - return result; - } - if (!sid_equal(domain_sid, get_global_sam_sid())) { d_printf("Cannot import users from %s at this time, " "as the current domain:\n\t%s: %s\nconflicts " @@ -121,9 +112,20 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, return NT_STATUS_UNSUCCESSFUL; } + result = libnet_samsync_init_context(mem_ctx, + domain_sid, + &ctx); + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB; + ctx->cli = pipe_hnd; + ctx->delta_fn = fetch_sam_entries; + ctx->domain_name = domain_name; + /* fetch domain */ - result = libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries, ctx); + result = libnet_samsync(SAM_DATABASE_DOMAIN, ctx); if (!NT_STATUS_IS_OK(result) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -137,8 +139,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - result = libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries, ctx); + result = libnet_samsync(SAM_DATABASE_BUILTIN, ctx); if (!NT_STATUS_IS_OK(result) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -168,8 +169,6 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, status = libnet_samsync_init_context(mem_ctx, domain_sid, - domain_name, - NET_SAMSYNC_MODE_FETCH_LDIF, &ctx); if (!NT_STATUS_IS_OK(status)) { return status; @@ -179,9 +178,13 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, ctx->output_filename = argv[0]; } + ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF; + ctx->cli = pipe_hnd; + ctx->delta_fn = fetch_sam_entries_ldif; + ctx->domain_name = domain_name; + /* fetch domain */ - status = libnet_samsync(pipe_hnd, SAM_DATABASE_DOMAIN, - fetch_sam_entries_ldif, ctx); + status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx); if (!NT_STATUS_IS_OK(status) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); @@ -195,8 +198,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, /* fetch builtin */ ctx->domain_sid = sid_dup_talloc(mem_ctx, &global_sid_Builtin); ctx->domain_sid_str = sid_string_talloc(mem_ctx, ctx->domain_sid); - status = libnet_samsync(pipe_hnd, SAM_DATABASE_BUILTIN, - fetch_sam_entries_ldif, ctx); + status = libnet_samsync(SAM_DATABASE_BUILTIN, ctx); if (!NT_STATUS_IS_OK(status) && ctx->error_message) { d_fprintf(stderr, "%s\n", ctx->error_message); -- cgit From adef1b004bde0d88f7cf2f46b62312e49a1ad2e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 18 Jun 2008 12:52:00 +0200 Subject: net_vampire: add code to vampire a SAM database to a keytab file. Guenther (This used to be commit ee6e422c0e035aa4779fa718bb6f142827cc2de0) --- source3/utils/net_rpc_samsync.c | 77 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 75 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c941338b32..e4aa343d06 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -73,11 +73,13 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, int rpc_vampire_usage(struct net_context *c, int argc, const char **argv) { - d_printf("net rpc vampire [ldif [] [options]\n" + d_printf("net rpc vampire ([ldif [] | [keytab] [= 1) { + ctx->output_filename = argv[0]; + } + + ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB; + ctx->cli = pipe_hnd; + ctx->delta_fn = fetch_sam_entries_keytab; + ctx->domain_name = domain_name; + ctx->username = c->opt_user_name; + ctx->password = c->opt_password; + + /* fetch domain */ + status = libnet_samsync(SAM_DATABASE_DOMAIN, ctx); + + if (!NT_STATUS_IS_OK(status) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); + goto out; + } + + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } + + out: + TALLOC_FREE(ctx); + + return status; +} + +/** + * Basic function for 'net rpc vampire keytab' + * + * @param c A net_context structure + * @param argc Standard main() style argc + * @param argc Standard main() style argv. Initial components are already + * stripped + **/ + +int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) +{ + if (c->display_usage) { + d_printf("Usage\n" + "net rpc vampire keytab\n" + " Dump remote SAM database to Kerberos keytab file\n"); + return 0; + } + + return run_rpc_command(c, NULL, PI_NETLOGON, 0, rpc_vampire_keytab_internals, + argc, argv); +} -- cgit From 9b0e3bb0c36abd9396f07de988e5c402d8503681 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 27 Jun 2008 15:36:19 +0200 Subject: net_vampire: add code to vampire to a Kerberos keytab file using DRSUAPI. Guenther (This used to be commit 0ef420c3a478a8adce7483f14b45e9995bfa5e5d) --- source3/utils/net_rpc_samsync.c | 50 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index e4aa343d06..583984405f 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -278,6 +278,48 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, return status; } +NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, + const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + struct dssync_context *ctx = NULL; + + status = libnet_dssync_init_context(mem_ctx, + &ctx); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (argc >= 1) { + ctx->output_filename = argv[0]; + } + + ctx->cli = pipe_hnd; + ctx->domain_name = domain_name; + ctx->processing_fn = libnet_dssync_dump_keytab; + + status = libnet_dssync(mem_ctx, ctx); + if (!NT_STATUS_IS_OK(status) && ctx->error_message) { + d_fprintf(stderr, "%s\n", ctx->error_message); + goto out; + } + + if (ctx->result_message) { + d_fprintf(stdout, "%s\n", ctx->result_message); + } + + out: + TALLOC_FREE(ctx); + + return status; +} + /** * Basic function for 'net rpc vampire keytab' * @@ -289,6 +331,8 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) { + int ret = 0; + if (c->display_usage) { d_printf("Usage\n" "net rpc vampire keytab\n" @@ -296,6 +340,12 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) return 0; } + ret = run_rpc_command(c, NULL, PI_DRSUAPI, NET_FLAGS_SEAL, + rpc_vampire_keytab_ds_internals, argc, argv); + if (ret == 0) { + return 0; + } + return run_rpc_command(c, NULL, PI_NETLOGON, 0, rpc_vampire_keytab_internals, argc, argv); } -- cgit From 82a5c62e6415c9841f68235400de7f2fda4fd158 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 17 Jul 2008 13:06:46 +0200 Subject: net rpc vampire: eliminate missing proto warning by making rpc_vampire_keytab_ds_internals static. Michael (This used to be commit 772a76ceb3cd1c041db3ebb5abe449ac6180070e) --- source3/utils/net_rpc_samsync.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 583984405f..15d15cddb4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -278,14 +278,14 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, return status; } -NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, - const DOM_SID *domain_sid, - const char *domain_name, - struct cli_state *cli, - struct rpc_pipe_client *pipe_hnd, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) +static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, + const DOM_SID *domain_sid, + const char *domain_name, + struct cli_state *cli, + struct rpc_pipe_client *pipe_hnd, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) { NTSTATUS status; struct dssync_context *ctx = NULL; -- cgit From f23567fcb9d626c29603430a9cedd899e56ded32 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 20 Jul 2008 18:36:31 +0200 Subject: Refactoring: run_rpc_command uses ndr_syntax_id instead of pipe_idx (This used to be commit 850166ec0d17eb85a0c921dc3b966fac0677af4a) --- source3/utils/net_rpc_samsync.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 15d15cddb4..c60d441822 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -225,8 +225,8 @@ int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv) return 0; } - return run_rpc_command(c, NULL, PI_NETLOGON, 0, rpc_vampire_ldif_internals, - argc, argv); + return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, + rpc_vampire_ldif_internals, argc, argv); } @@ -340,12 +340,14 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) return 0; } - ret = run_rpc_command(c, NULL, PI_DRSUAPI, NET_FLAGS_SEAL, + ret = run_rpc_command(c, NULL, &ndr_table_drsuapi.syntax_id, + NET_FLAGS_SEAL, rpc_vampire_keytab_ds_internals, argc, argv); if (ret == 0) { return 0; } - return run_rpc_command(c, NULL, PI_NETLOGON, 0, rpc_vampire_keytab_internals, + return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, + rpc_vampire_keytab_internals, argc, argv); } -- cgit From 16c2190b149a2232aa49a16a41e570410edd2eaf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 16 Jul 2008 17:12:04 +0200 Subject: dssync: replace the processing_fn by startup/process/finish ops. This remove static a variable for the keytab context in the keytab processing function and simplifies the signature. The keytab context is instead in the new private data member of the dssync_context struct. This is in preparation of adding support for keeping track of the up-to-date-ness vector, in order to be able to sync diffs instead of the whole database. Michael (This used to be commit c51c3339f35e3bd921080d2e226e2422fc23e1e6) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c60d441822..2dd849df34 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -302,7 +302,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, ctx->cli = pipe_hnd; ctx->domain_name = domain_name; - ctx->processing_fn = libnet_dssync_dump_keytab; + ctx->ops = &libnet_dssync_keytab_ops; status = libnet_dssync(mem_ctx, ctx); if (!NT_STATUS_IS_OK(status) && ctx->error_message) { -- cgit From d42160f9de385693f12c54bf6c53652e64d113cb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 18 Jul 2008 00:18:40 +0200 Subject: dssync: allow replications of a single obj with net rpc vampire keytab. This is triggered by setting the new "single" flag in the dssync_context and filling the "object_dn" member with the dn of the object to be fetched. This call is accomplished by specifying the DRSUAPI_EXOP_REPL_OBJ extended operation in the DsGetNCCHanges request. This variant does honor an up-to-date-ness vectore passed in, but the answer does not return a new up-to-dateness vector. Call this operation as "net rpc vampire keytab /path/keytab object_dn" . Michael (This used to be commit f4a01178a3d8d71f416a3b67ce6b872420f211c0) --- source3/utils/net_rpc_samsync.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 2dd849df34..11ada717da 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -299,6 +299,10 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, if (argc >= 1) { ctx->output_filename = argv[0]; } + if (argc >= 2) { + ctx->object_dn = argv[1]; + ctx->single = true; + } ctx->cli = pipe_hnd; ctx->domain_name = domain_name; -- cgit From c655e295efce4b3f637f1be2c1d79bf1c16bac7b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 29 Jul 2008 22:52:59 +0200 Subject: vampire keytab: add switch --repl-nodiff to trigger full replication. I.e. replication without keeping track of the up to date vector. Michael (This used to be commit d4b36e447bce8692416e132ab9f53a6282f54cac) --- source3/utils/net_rpc_samsync.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 11ada717da..1e477e3a09 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -296,6 +296,8 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, return status; } + ctx->repl_nodiff = c->opt_repl_nodiff ? true : false; + if (argc >= 1) { ctx->output_filename = argv[0]; } -- cgit From f060b744efe6af1ad1a21e9e155b30eab502f81a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 13:02:36 +0200 Subject: libnet dssync: support lists of dns (instead of one dn) for single object replication. Just specify several DNs separated by spaces on the command line of "net rpc vampire keytab" to get the passwords for each of these accouns via single object replication. Michael (This used to be commit 6e53dc2db882d88470be5dfa1155b420fac8e6c5) --- source3/utils/net_rpc_samsync.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 1e477e3a09..77911f4d5e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -302,7 +302,8 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, ctx->output_filename = argv[0]; } if (argc >= 2) { - ctx->object_dn = argv[1]; + ctx->object_dns = &argv[1]; + ctx->object_count = argc - 1; ctx->single = true; } -- cgit From 072bd871946134b3c5e57809b4831ed6fe5586b2 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 17:44:22 +0200 Subject: libnet dssync: rename repl_nodiff flag to force_full_replication. Michael (This used to be commit ec959b4609c3f4927a9f2811c46d738f9c78a914) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 77911f4d5e..85b524c0a4 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -296,7 +296,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, return status; } - ctx->repl_nodiff = c->opt_repl_nodiff ? true : false; + ctx->force_full_replication = c->opt_repl_nodiff ? true : false; if (argc >= 1) { ctx->output_filename = argv[0]; -- cgit From 5330164ec4f40d7b9731a2d60643432c226ffc03 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 17:46:13 +0200 Subject: net rpc vampire: rename --repl-nodiff to --force-full-repl. This more clear. Michael (This used to be commit 0ddde9aae88e6244276e1c143056a4bfc7c7fcca) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 85b524c0a4..1f0b586d9e 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -296,7 +296,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, return status; } - ctx->force_full_replication = c->opt_repl_nodiff ? true : false; + ctx->force_full_replication = c->opt_force_full_repl ? true : false; if (argc >= 1) { ctx->output_filename = argv[0]; -- cgit From 9d12511e45a48eae0064c35501402aa0572261d7 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 30 Jul 2008 17:53:28 +0200 Subject: libnet dssync: rename flag single to single_object_replication So that it is more obvious what this controls. Michael (This used to be commit 2360f0a19f0fb89798b814a02cfca335a4a35b6d) --- source3/utils/net_rpc_samsync.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 1f0b586d9e..3731edaaf1 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -304,7 +304,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, if (argc >= 2) { ctx->object_dns = &argv[1]; ctx->object_count = argc - 1; - ctx->single = true; + ctx->single_object_replication = true; } ctx->cli = pipe_hnd; -- cgit From 03b6502dc69647e4410eca5bcf0f93fd5eba3fa9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 31 Jul 2008 23:05:45 +0200 Subject: vampire keytab: introduce switch --single-obj-repl. This controls whether single object replication is to be used. This only has an effect when at least one object dn is given on the commandline. NOTE: Now the default is to use normal replication with uptodateness vectors and use object dns given on the command line as a positive write filter. Single object replication is only performed when this new switch is specified. Michael (This used to be commit 0f81111ea8c049eb60f98d4939e520a5a562d2e6) --- source3/utils/net_rpc_samsync.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3731edaaf1..14449d5f49 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -304,7 +304,8 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, if (argc >= 2) { ctx->object_dns = &argv[1]; ctx->object_count = argc - 1; - ctx->single_object_replication = true; + ctx->single_object_replication = c->opt_single_obj_repl ? true + : false; } ctx->cli = pipe_hnd; -- cgit From 7f3495726fffdc9aa40c0c7be2abcefeb6d53db5 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 1 Aug 2008 00:12:18 +0200 Subject: vampire keytab: add command line switch --clean-old-entries . This allows to control cleaning the keytab. It will only clean old occurences of keys that are replicated in this run. So if you want to ensure things are cleaned up, combine this switch with --force-full-repl or --single-obj-repl (+dn list). Michael (This used to be commit 21385e1c635ea67215eb1da90e7dca97ae2f5d56) --- source3/utils/net_rpc_samsync.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 14449d5f49..c01aace8f5 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -297,6 +297,7 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, } ctx->force_full_replication = c->opt_force_full_repl ? true : false; + ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; if (argc >= 1) { ctx->output_filename = argv[0]; -- cgit From 2d2646e13d769da3ac514f64027990dc100be667 Mon Sep 17 00:00:00 2001 From: Karolin Seeger Date: Fri, 22 Aug 2008 16:47:19 +0200 Subject: net: Add missing colon to unify usage messages. Karolin (This used to be commit c7aef4b38bd2b152b316d8d76b45be4b73ca315f) --- source3/utils/net_rpc_samsync.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3/utils/net_rpc_samsync.c') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c01aace8f5..c0922efe6b 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -219,7 +219,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv) { if (c->display_usage) { - d_printf("Usage\n" + d_printf("Usage:\n" "net rpc vampire ldif\n" " Dump remote SAM database to LDIF file or stdout\n"); return 0; @@ -343,7 +343,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) int ret = 0; if (c->display_usage) { - d_printf("Usage\n" + d_printf("Usage:\n" "net rpc vampire keytab\n" " Dump remote SAM database to Kerberos keytab file\n"); return 0; -- cgit