From d93041e3363a6e0c6ebba63e6d8c92948be4f953 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 5 Nov 2008 19:11:40 -0800 Subject: Add reference to bug #4308 to remind me to add regression test to smbtorture. Jeremy. --- source3/smbd/posix_acls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index cccf3087f7..97b87cc3a9 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3511,7 +3511,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx - * for details. JRA. + * for details and also the log trace in bug #4308. JRA. */ if ((security_info_sent & DACL_SECURITY_INFORMATION) && -- cgit From f640135d125e84ad59e0b3920992d7b0fcbe0498 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 00:50:56 -0800 Subject: Fix crash in module, get more of the NULL acl test right. Jeremy. --- source3/modules/vfs_acl_xattr.c | 32 ++++++++++++++++++-------------- 1 file changed, 18 insertions(+), 14 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 5dfe43e55b..1619de4fd2 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -366,26 +366,26 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, parent_name, DACL_SECURITY_INFORMATION, &parent_desc); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("inherit_new_acl: directory %s failed " - "to get acl %s\n", - parent_name, - nt_errstr(status) )); - return status; - } - - /* Create an inherited descriptor from the parent. */ - status = se_create_child_secdesc(ctx, + if (NT_STATUS_IS_OK(status)) { + /* Create an inherited descriptor from the parent. */ + status = se_create_child_secdesc(ctx, &psd, &size, parent_desc, &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], container); - if (!NT_STATUS_IS_OK(status)) { - return status; + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } else { + DEBUG(10,("inherit_new_acl: directory %s failed " + "to get acl %s\n", + parent_name, + nt_errstr(status) )); } - if (psd->dacl == NULL) { + + if (!psd || psd->dacl == NULL) { SMB_STRUCT_STAT sbuf; int ret; @@ -393,7 +393,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { ret = SMB_VFS_FSTAT(fsp, &sbuf); } else { - ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + ret = SMB_VFS_STAT(handle->conn,fname, &sbuf); } if (ret == -1) { return map_nt_error_from_unix(errno); @@ -528,6 +528,10 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } + if (!psd->owner_sid && !psd->group_sid && !(psd->type & SEC_DESC_DACL_PRESENT)) { + return NT_STATUS_OK; + } + status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit From 4af3c2830ab61e2c93faf41a7472d6132687c7c3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:01:01 -0800 Subject: Only one more issue with NULL ACL test left to solve. Jeremy. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 1619de4fd2..9d9ea01375 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -74,7 +74,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, } #endif - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) ? xacl.info.sd_ts->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) -- cgit From 24c598b1b95742961d43ff5bd61831405b561dfe Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:40:21 -0800 Subject: Don't call FSET_NT_ACL on file create if there's no SD to set. Leave the default ACL in place. Jeremy. --- source3/modules/vfs_acl_xattr.c | 4 ---- source3/smbd/open.c | 7 ++++++- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 9d9ea01375..c6fb0b5907 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -528,10 +528,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } - if (!psd->owner_sid && !psd->group_sid && !(psd->type & SEC_DESC_DACL_PRESENT)) { - return NT_STATUS_OK; - } - status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 480352beda..3fd0d1a03a 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2923,7 +2923,12 @@ NTSTATUS create_file_unixpath(connection_struct *conn, security_acl_map_generic(sd->dacl, &file_generic_mapping); security_acl_map_generic(sd->sacl, &file_generic_mapping); - status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); + if (sec_info_sent & (OWNER_SECURITY_INFORMATION| + GROUP_SECURITY_INFORMATION| + DACL_SECURITY_INFORMATION| + SACL_SECURITY_INFORMATION)) { + status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); + } fsp->access_mask = saved_access_mask; -- cgit From 7522ef15aca2429ef57c75d8297dd8121e79c9da Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:45:40 -0800 Subject: Final fix to make us pass NULL SD test in RAW-ACLs. Not sure if this is 100% right. Only inheritance left to fix. Jeremy. --- source3/smbd/nttrans.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f711b588c5..50a3aea856 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -725,6 +725,9 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, if (psd->sacl==0) { security_info_sent &= ~SACL_SECURITY_INFORMATION; } + if (security_info_sent & DACL_SECURITY_INFORMATION) { + psd->type |= SEC_DESC_DACL_PRESENT; + } if (psd->dacl==0) { security_info_sent &= ~DACL_SECURITY_INFORMATION; } -- cgit From 87f563c2308b761bc9c42caf5ab240746004e908 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 01:58:56 -0800 Subject: Start factoring out the inheritance differences. Jeremy. --- source3/lib/secdesc.c | 3 +-- source3/modules/vfs_acl_xattr.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 2987306066..94d249564f 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -574,8 +574,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| - SEC_DESC_DACL_DEFAULTED, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, owner_sid, group_sid, NULL, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index c6fb0b5907..209209d287 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -326,8 +326,7 @@ static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, } return make_sec_desc(mem_ctx, SECURITY_DESCRIPTOR_REVISION_1, - SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT| - SEC_DESC_DACL_DEFAULTED, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, &owner_sid, &group_sid, NULL, -- cgit From 8d69a6511018390cc11a5020676e7cf14cdb000a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 12:53:00 +0100 Subject: s3-dsgetdcname: fix reply generation (forgot to map nt1 to nt5ex). Guenther --- source3/libsmb/dsgetdcname.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3') diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index ff0a8f9808..d8c2b70175 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -1040,6 +1040,8 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, r->data.nt4 = logon1; r->ntver = nt_version; + map_netlogon_samlogon_response(r); + namecache_store(tmp_dc_name, NBT_NAME_SERVER, 1, &ip_list); goto make_reply; -- cgit From 0db0ce4974b7371891472f75080b1da2d5538b07 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 06:42:04 -0800 Subject: Fix bug #5825 - Account locking out doesnt work with an LDAP backend.Based on a problem found by Boyang. Only the pdb_nds backend implements login attempts so this was broken for tdbsam and ldap. Jeremy. --- source3/passdb/pdb_interface.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 2a1024cc56..fcb38b464b 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -1150,7 +1150,9 @@ static NTSTATUS pdb_default_rename_sam_account (struct pdb_methods *methods, str static NTSTATUS pdb_default_update_login_attempts (struct pdb_methods *methods, struct samu *newpwd, bool success) { - return NT_STATUS_NOT_IMPLEMENTED; + /* Only the pdb_nds backend implements this, by + * default just return ok. */ + return NT_STATUS_OK; } static NTSTATUS pdb_default_get_account_policy(struct pdb_methods *methods, int policy_index, uint32 *value) -- cgit From c353c53692aa683a619d7c0a0689e71080574c7b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 16:47:38 +0100 Subject: netlogon: add 8bit varients of netr_SamDatabaseID8Bit and netr_DeltaEnum. Guenther --- source3/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index ce24001fd2..55306f13d6 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -278,7 +278,8 @@ RPCCLIENT_NDR_OBJ = rpc_client/ndr.o LIBNDR_GEN_OBJ0 = librpc/gen_ndr/ndr_samr.o \ librpc/gen_ndr/ndr_lsa.o -LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o +LIBNDR_GEN_OBJ1 = librpc/gen_ndr/ndr_netlogon.o \ + ../librpc/ndr/ndr_netlogon.o LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ $(LIBNDR_GEN_OBJ0) \ -- cgit From 884c3b301cef274e8cc0e3c2beecf9200f5cc564 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 31 Oct 2008 10:05:10 +0100 Subject: s3-build: rerun make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_netlogon.c | 4 +- source3/librpc/gen_ndr/cli_netlogon.h | 4 +- source3/librpc/gen_ndr/misc.h | 3 + source3/librpc/gen_ndr/ndr_netlogon.c | 216 +++++++++++++++++++++++++++++++--- source3/librpc/gen_ndr/ndr_netlogon.h | 7 ++ source3/librpc/gen_ndr/netlogon.h | 29 ++++- 6 files changed, 240 insertions(+), 23 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_netlogon.c b/source3/librpc/gen_ndr/cli_netlogon.c index 275c83a450..1af3249473 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.c +++ b/source3/librpc/gen_ndr/cli_netlogon.c @@ -892,8 +892,8 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, const char *computername /* [in] [charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, - uint32_t change_log_entry_size /* [in] */, + struct netr_ChangeLogEntry change_log_entry /* [in] [subcontext_size(change_log_entry_size),subcontext(4)] */, + uint32_t change_log_entry_size /* [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */, struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */) { struct netr_DatabaseRedo r; diff --git a/source3/librpc/gen_ndr/cli_netlogon.h b/source3/librpc/gen_ndr/cli_netlogon.h index 5adf8e8cad..9f5eac15b2 100644 --- a/source3/librpc/gen_ndr/cli_netlogon.h +++ b/source3/librpc/gen_ndr/cli_netlogon.h @@ -158,8 +158,8 @@ NTSTATUS rpccli_netr_DatabaseRedo(struct rpc_pipe_client *cli, const char *computername /* [in] [charset(UTF16)] */, struct netr_Authenticator *credential /* [in] [ref] */, struct netr_Authenticator *return_authenticator /* [in,out] [ref] */, - uint8_t *change_log_entry /* [in] [ref,size_is(change_log_entry_size)] */, - uint32_t change_log_entry_size /* [in] */, + struct netr_ChangeLogEntry change_log_entry /* [in] [subcontext_size(change_log_entry_size),subcontext(4)] */, + uint32_t change_log_entry_size /* [in] [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */, struct netr_DELTA_ENUM_ARRAY **delta_enum_array /* [out] [ref] */); NTSTATUS rpccli_netr_LogonControl2Ex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index b3740faf34..e439f7f43d 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -2,9 +2,12 @@ #include +#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_misc #define _HEADER_misc +enum netr_SamDatabaseID8Bit; + struct GUID { uint32_t time_low; uint16_t time_mid; diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index 12ab98e610..6575dbcb91 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -6232,6 +6232,192 @@ _PUBLIC_ void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *n ndr->depth--; } +static enum ndr_err_code ndr_push_netr_ChangeLogFlags(struct ndr_push *ndr, int ndr_flags, uint16_t r) +{ + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_ChangeLogFlags(struct ndr_pull *ndr, int ndr_flags, uint16_t *r) +{ + uint16_t v; + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogFlags(struct ndr_print *ndr, const char *name, uint16_t r) +{ + ndr_print_uint16(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED", NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_CHANGED_PASSWORD", NETR_CHANGELOG_CHANGED_PASSWORD, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_SID_INCLUDED", NETR_CHANGELOG_SID_INCLUDED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_NAME_INCLUDED", NETR_CHANGELOG_NAME_INCLUDED, r); + ndr_print_bitmap_flag(ndr, sizeof(uint16_t), "NETR_CHANGELOG_FIRST_PROMOTION_OBJ", NETR_CHANGELOG_FIRST_PROMOTION_OBJ, r); + ndr->depth--; +} + +static enum ndr_err_code ndr_push_netr_ChangeLogObject(struct ndr_push *ndr, int ndr_flags, const union netr_ChangeLogObject *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: { + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_SCALARS, &r->object_sid)); + break; } + + case NETR_CHANGELOG_NAME_INCLUDED: { + { + uint32_t _flags_save_string = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_push_string(ndr, NDR_SCALARS, r->object_name)); + ndr->flags = _flags_save_string; + } + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + NDR_CHECK(ndr_push_dom_sid(ndr, NDR_BUFFERS, &r->object_sid)); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_netr_ChangeLogObject(struct ndr_pull *ndr, int ndr_flags, union netr_ChangeLogObject *r) +{ + int level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: { + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->object_sid)); + break; } + + case NETR_CHANGELOG_NAME_INCLUDED: { + { + uint32_t _flags_save_string = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); + NDR_CHECK(ndr_pull_string(ndr, NDR_SCALARS, &r->object_name)); + ndr->flags = _flags_save_string; + } + break; } + + default: { + break; } + + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->object_sid)); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + break; + + default: + break; + + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogObject(struct ndr_print *ndr, const char *name, const union netr_ChangeLogObject *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "netr_ChangeLogObject"); + switch (level) { + case NETR_CHANGELOG_SID_INCLUDED: + ndr_print_dom_sid(ndr, "object_sid", &r->object_sid); + break; + + case NETR_CHANGELOG_NAME_INCLUDED: + ndr_print_string(ndr, "object_name", r->object_name); + break; + + default: + break; + + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_netr_ChangeLogEntry(struct ndr_push *ndr, int ndr_flags, const struct netr_ChangeLogEntry *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->serial_number1)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->serial_number2)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->object_rid)); + NDR_CHECK(ndr_push_netr_ChangeLogFlags(ndr, NDR_SCALARS, r->flags)); + NDR_CHECK(ndr_push_netr_SamDatabaseID8Bit(ndr, NDR_SCALARS, r->db_index)); + NDR_CHECK(ndr_push_netr_DeltaEnum8Bit(ndr, NDR_SCALARS, r->delta_type)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED))); + NDR_CHECK(ndr_push_netr_ChangeLogObject(ndr, NDR_SCALARS, &r->object)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_netr_ChangeLogObject(ndr, NDR_BUFFERS, &r->object)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_ChangeLogEntry(struct ndr_pull *ndr, int ndr_flags, struct netr_ChangeLogEntry *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number1)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->serial_number2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->object_rid)); + NDR_CHECK(ndr_pull_netr_ChangeLogFlags(ndr, NDR_SCALARS, &r->flags)); + NDR_CHECK(ndr_pull_netr_SamDatabaseID8Bit(ndr, NDR_SCALARS, &r->db_index)); + NDR_CHECK(ndr_pull_netr_DeltaEnum8Bit(ndr, NDR_SCALARS, &r->delta_type)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED))); + NDR_CHECK(ndr_pull_netr_ChangeLogObject(ndr, NDR_SCALARS, &r->object)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_netr_ChangeLogObject(ndr, NDR_BUFFERS, &r->object)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_ChangeLogEntry(struct ndr_print *ndr, const char *name, const struct netr_ChangeLogEntry *r) +{ + ndr_print_struct(ndr, name, "netr_ChangeLogEntry"); + ndr->depth++; + ndr_print_uint32(ndr, "serial_number1", r->serial_number1); + ndr_print_uint32(ndr, "serial_number2", r->serial_number2); + ndr_print_uint32(ndr, "object_rid", r->object_rid); + ndr_print_netr_ChangeLogFlags(ndr, "flags", r->flags); + ndr_print_netr_SamDatabaseID8Bit(ndr, "db_index", r->db_index); + ndr_print_netr_DeltaEnum8Bit(ndr, "delta_type", r->delta_type); + ndr_print_set_switch_value(ndr, &r->object, r->flags & (NETR_CHANGELOG_SID_INCLUDED | NETR_CHANGELOG_NAME_INCLUDED)); + ndr_print_netr_ChangeLogObject(ndr, "object", &r->object); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_netr_ChangeLogEntry(const struct netr_ChangeLogEntry *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_netr_ChangeLogEntry); +} + static enum ndr_err_code ndr_push_netr_Blob(struct ndr_push *ndr, int ndr_flags, const struct netr_Blob *r) { if (ndr_flags & NDR_SCALARS) { @@ -11307,12 +11493,13 @@ static enum ndr_err_code ndr_push_netr_DatabaseRedo(struct ndr_push *ndr, int fl return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_netr_Authenticator(ndr, NDR_SCALARS, r->in.return_authenticator)); - if (r->in.change_log_entry == NULL) { - return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + { + struct ndr_push *_ndr_change_log_entry; + NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_change_log_entry, 4, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); + NDR_CHECK(ndr_push_netr_ChangeLogEntry(_ndr_change_log_entry, NDR_SCALARS|NDR_BUFFERS, &r->in.change_log_entry)); + NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_change_log_entry, 4, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.change_log_entry_size)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->in.change_log_entry, r->in.change_log_entry_size)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.change_log_entry_size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags))); } if (flags & NDR_OUT) { if (r->out.return_authenticator == NULL) { @@ -11369,19 +11556,17 @@ static enum ndr_err_code ndr_pull_netr_DatabaseRedo(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.return_authenticator, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_netr_Authenticator(ndr, NDR_SCALARS, r->in.return_authenticator)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_return_authenticator_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_array_size(ndr, &r->in.change_log_entry)); - if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC_N(ndr, r->in.change_log_entry, ndr_get_array_size(ndr, &r->in.change_log_entry)); + { + struct ndr_pull *_ndr_change_log_entry; + NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_change_log_entry, 4, r->in.change_log_entry_size)); + NDR_CHECK(ndr_pull_netr_ChangeLogEntry(_ndr_change_log_entry, NDR_SCALARS|NDR_BUFFERS, &r->in.change_log_entry)); + NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_change_log_entry, 4, r->in.change_log_entry_size)); } - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.change_log_entry, ndr_get_array_size(ndr, &r->in.change_log_entry))); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.change_log_entry_size)); NDR_PULL_ALLOC(ndr, r->out.return_authenticator); *r->out.return_authenticator = *r->in.return_authenticator; NDR_PULL_ALLOC(ndr, r->out.delta_enum_array); ZERO_STRUCTP(r->out.delta_enum_array); - if (r->in.change_log_entry) { - NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.change_log_entry, r->in.change_log_entry_size)); - } } if (flags & NDR_OUT) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { @@ -11434,11 +11619,8 @@ _PUBLIC_ void ndr_print_netr_DatabaseRedo(struct ndr_print *ndr, const char *nam ndr->depth++; ndr_print_netr_Authenticator(ndr, "return_authenticator", r->in.return_authenticator); ndr->depth--; - ndr_print_ptr(ndr, "change_log_entry", r->in.change_log_entry); - ndr->depth++; - ndr_print_array_uint8(ndr, "change_log_entry", r->in.change_log_entry, r->in.change_log_entry_size); - ndr->depth--; - ndr_print_uint32(ndr, "change_log_entry_size", r->in.change_log_entry_size); + ndr_print_netr_ChangeLogEntry(ndr, "change_log_entry", &r->in.change_log_entry); + ndr_print_uint32(ndr, "change_log_entry_size", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_netr_ChangeLogEntry(&r->in.change_log_entry, ndr->flags):r->in.change_log_entry_size); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ndr_netlogon.h b/source3/librpc/gen_ndr/ndr_netlogon.h index 8561a5b5ca..be20448636 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.h +++ b/source3/librpc/gen_ndr/ndr_netlogon.h @@ -6,6 +6,7 @@ #ifndef _HEADER_NDR_netlogon #define _HEADER_NDR_netlogon +#include "../librpc/ndr/ndr_netlogon.h" #define NDR_NETLOGON_UUID "12345678-1234-abcd-ef00-01234567cffb" #define NDR_NETLOGON_VERSION 1.0 #define NDR_NETLOGON_NAME "netlogon" @@ -190,6 +191,12 @@ void ndr_print_netr_CONTROL_QUERY_INFORMATION(struct ndr_print *ndr, const char void ndr_print_netr_LogonControlCode(struct ndr_print *ndr, const char *name, enum netr_LogonControlCode r); void ndr_print_netr_CONTROL_DATA_INFORMATION(struct ndr_print *ndr, const char *name, const union netr_CONTROL_DATA_INFORMATION *r); void ndr_print_netr_NegotiateFlags(struct ndr_print *ndr, const char *name, uint32_t r); +void ndr_print_netr_ChangeLogFlags(struct ndr_print *ndr, const char *name, uint16_t r); +void ndr_print_netr_ChangeLogObject(struct ndr_print *ndr, const char *name, const union netr_ChangeLogObject *r); +enum ndr_err_code ndr_push_netr_ChangeLogEntry(struct ndr_push *ndr, int ndr_flags, const struct netr_ChangeLogEntry *r); +enum ndr_err_code ndr_pull_netr_ChangeLogEntry(struct ndr_pull *ndr, int ndr_flags, struct netr_ChangeLogEntry *r); +void ndr_print_netr_ChangeLogEntry(struct ndr_print *ndr, const char *name, const struct netr_ChangeLogEntry *r); +size_t ndr_size_netr_ChangeLogEntry(const struct netr_ChangeLogEntry *r, int flags); void ndr_print_netr_Blob(struct ndr_print *ndr, const char *name, const struct netr_Blob *r); void ndr_print_netr_DsRGetDCName_flags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_netr_DsRGetDCNameInfo_AddressType(struct ndr_print *ndr, const char *name, enum netr_DsRGetDCNameInfo_AddressType r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index fd9e08b461..e1dc69cca0 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -7,11 +7,14 @@ #include "librpc/gen_ndr/samr.h" #include "librpc/gen_ndr/security.h" #include "librpc/gen_ndr/nbt.h" +#define netr_DeltaEnum8Bit netr_DeltaEnum #ifndef _HEADER_netlogon #define _HEADER_netlogon #define DSGETDC_VALID_FLAGS ( (DS_FORCE_REDISCOVERY|DS_DIRECTORY_SERVICE_REQUIRED|DS_DIRECTORY_SERVICE_PREFERRED|DS_GC_SERVER_REQUIRED|DS_PDC_REQUIRED|DS_BACKGROUND_ONLY|DS_IP_REQUIRED|DS_KDC_REQUIRED|DS_TIMESERV_REQUIRED|DS_WRITABLE_REQUIRED|DS_GOOD_TIMESERV_PREFERRED|DS_AVOID_SELF|DS_ONLY_LDAP_NEEDED|DS_IS_FLAT_NAME|DS_IS_DNS_NAME|DS_RETURN_FLAT_NAME|DS_RETURN_DNS_NAME) ) #define DS_GFTI_UPDATE_TDO ( 0x1 ) +enum netr_DeltaEnum8Bit; + struct netr_UasInfo { const char *account_name;/* [unique,charset(UTF16)] */ uint32_t priv; @@ -712,6 +715,28 @@ union netr_CONTROL_DATA_INFORMATION { #define NETLOGON_NEG_AUTHENTICATED_RPC_LSASS ( 0x20000000 ) #define NETLOGON_NEG_SCHANNEL ( 0x40000000 ) +/* bitmap netr_ChangeLogFlags */ +#define NETR_CHANGELOG_IMMEDIATE_REPL_REQUIRED ( 0x0001 ) +#define NETR_CHANGELOG_CHANGED_PASSWORD ( 0x0002 ) +#define NETR_CHANGELOG_SID_INCLUDED ( 0x0004 ) +#define NETR_CHANGELOG_NAME_INCLUDED ( 0x0008 ) +#define NETR_CHANGELOG_FIRST_PROMOTION_OBJ ( 0x0010 ) + +union netr_ChangeLogObject { + struct dom_sid object_sid;/* [case(NETR_CHANGELOG_SID_INCLUDED)] */ + const char * object_name;/* [flag(LIBNDR_FLAG_STR_NULLTERM),case(NETR_CHANGELOG_NAME_INCLUDED)] */ +}/* [nodiscriminant] */; + +struct netr_ChangeLogEntry { + uint32_t serial_number1; + uint32_t serial_number2; + uint32_t object_rid; + uint16_t flags; + enum netr_SamDatabaseID8Bit db_index; + enum netr_DeltaEnum8Bit delta_type; + union netr_ChangeLogObject object;/* [switch_is(flags&(NETR_CHANGELOG_SID_INCLUDED|NETR_CHANGELOG_NAME_INCLUDED))] */ +}/* [gensize,public] */; + struct netr_Blob { uint32_t length; uint8_t *data;/* [unique,size_is(length)] */ @@ -1252,8 +1277,8 @@ struct netr_DatabaseRedo { const char *logon_server;/* [charset(UTF16)] */ const char *computername;/* [charset(UTF16)] */ struct netr_Authenticator *credential;/* [ref] */ - uint8_t *change_log_entry;/* [ref,size_is(change_log_entry_size)] */ - uint32_t change_log_entry_size; + struct netr_ChangeLogEntry change_log_entry;/* [subcontext_size(change_log_entry_size),subcontext(4)] */ + uint32_t change_log_entry_size;/* [value(ndr_size_netr_ChangeLogEntry(&change_log_entry,ndr->flags))] */ struct netr_Authenticator *return_authenticator;/* [ref] */ } in; -- cgit From 008ac81b31455b1fad2f0c724e86c0848d452f0f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 31 Oct 2008 10:00:28 +0100 Subject: s3-rpcclient: add database_redo command. Guenther --- source3/rpcclient/cmd_netlogon.c | 67 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 67 insertions(+) (limited to 'source3') diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c index 9e3f35545c..9955d2d3fa 100644 --- a/source3/rpcclient/cmd_netlogon.c +++ b/source3/rpcclient/cmd_netlogon.c @@ -1040,6 +1040,72 @@ static WERROR cmd_netlogon_getdcsitecoverage(struct rpc_pipe_client *cli, return werr; } +static NTSTATUS cmd_netlogon_database_redo(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, int argc, + const char **argv) +{ + NTSTATUS status = NT_STATUS_UNSUCCESSFUL; + const char *server_name = cli->desthost; + uint32_t neg_flags = NETLOGON_NEG_AUTH2_ADS_FLAGS; + struct netr_Authenticator clnt_creds, srv_cred; + struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; + unsigned char trust_passwd_hash[16]; + uint32_t sec_channel_type = 0; + struct netr_ChangeLogEntry e; + uint32_t rid = 500; + + if (argc > 2) { + fprintf(stderr, "Usage: %s \n", argv[0]); + return NT_STATUS_OK; + } + + if (argc == 2) { + sscanf(argv[1], "%d", &rid); + } + + if (!secrets_fetch_trust_account_password(lp_workgroup(), + trust_passwd_hash, + NULL, &sec_channel_type)) { + return NT_STATUS_UNSUCCESSFUL; + } + + status = rpccli_netlogon_setup_creds(cli, + server_name, /* server name */ + lp_workgroup(), /* domain */ + global_myname(), /* client name */ + global_myname(), /* machine account name */ + trust_passwd_hash, + sec_channel_type, + &neg_flags); + + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + netlogon_creds_client_step(cli->dc, &clnt_creds); + + ZERO_STRUCT(e); + + e.object_rid = rid; + e.db_index = SAM_DATABASE_DOMAIN; + e.delta_type = NETR_DELTA_USER; + + status = rpccli_netr_DatabaseRedo(cli, mem_ctx, + server_name, + global_myname(), + &clnt_creds, + &srv_cred, + e, + 0, /* is calculated automatically */ + &delta_enum_array); + + if (!netlogon_creds_client_check(cli->dc, &srv_cred.cred)) { + DEBUG(0,("credentials chain check failed\n")); + return NT_STATUS_ACCESS_DENIED; + } + + return status; +} /* List of commands exported by this module */ @@ -1067,6 +1133,7 @@ struct cmd_set netlogon_commands[] = { { "netrenumtrusteddomains", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomains, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" }, { "netrenumtrusteddomainsex", RPC_RTYPE_WERROR, NULL, cmd_netlogon_enumtrusteddomainsex, &ndr_table_netlogon.syntax_id, NULL, "Enumerate trusted domains", "" }, { "getdcsitecoverage", RPC_RTYPE_WERROR, NULL, cmd_netlogon_getdcsitecoverage, &ndr_table_netlogon.syntax_id, NULL, "Get the Site-Coverage from a DC", "" }, + { "database_redo", RPC_RTYPE_NTSTATUS, cmd_netlogon_database_redo, NULL, &ndr_table_netlogon.syntax_id, NULL, "Replicate single object from a DC", "" }, { NULL } }; -- cgit From 32695912dd3ed7c02da68209328d630c89d395ba Mon Sep 17 00:00:00 2001 From: Jeff Layton Date: Thu, 6 Nov 2008 15:07:07 -0500 Subject: mount.cifs: use lock/unlock_mtab scheme from util-linux-ng mount prog The util-linux-ng sources have a good, but rather complex scheme for locking the mtab before updating it. Mount helpers need to follow the same scheme. Advisory locking only works if everyone is using the same locking scheme. Copy the routines we need from util-linux-ng into a separate source file and then have mount.cifs and umount.cifs link in this object. The long term goal is to have these routines in a separate helper library (libmount). Mount helpers can then dynamically link in that lib. Until that happens, this should serve as a suitable stopgap solution. Signed-off-by: Jeff Layton --- source3/Makefile.in | 4 +- source3/client/mount.cifs.c | 97 +++++++++---------- source3/client/mount.h | 38 ++++++++ source3/client/mtab.c | 219 +++++++++++++++++++++++++++++++++++++++++++ source3/client/umount.cifs.c | 22 +---- 5 files changed, 311 insertions(+), 69 deletions(-) create mode 100644 source3/client/mount.h create mode 100644 source3/client/mtab.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 55306f13d6..4f757e9ebf 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -904,9 +904,9 @@ CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) $(POPT_LIB_OBJ) \ $(LIBNDR_GEN_OBJ0) -CIFS_MOUNT_OBJ = client/mount.cifs.o +CIFS_MOUNT_OBJ = client/mount.cifs.o client/mtab.o -CIFS_UMOUNT_OBJ = client/umount.cifs.o +CIFS_UMOUNT_OBJ = client/umount.cifs.o client/mtab.o CIFS_UPCALL_OBJ = client/cifs.upcall.o diff --git a/source3/client/mount.cifs.c b/source3/client/mount.cifs.c index 2a9c2b7304..da2f98bff8 100644 --- a/source3/client/mount.cifs.c +++ b/source3/client/mount.cifs.c @@ -39,9 +39,10 @@ #include #include #include +#include "mount.h" #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "11" +#define MOUNT_CIFS_VERSION_MINOR "12" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #ifdef _SAMBA_BUILD_ @@ -79,15 +80,6 @@ #define MOUNT_PASSWD_SIZE 64 #define DOMAIN_SIZE 64 -/* exit status - bits below are ORed */ -#define EX_USAGE 1 /* incorrect invocation or permission */ -#define EX_SYSERR 2 /* out of memory, cannot fork, ... */ -#define EX_SOFTWARE 4 /* internal mount bug or wrong version */ -#define EX_USER 8 /* user interrupt */ -#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */ -#define EX_FAIL 32 /* mount failure */ -#define EX_SOMEOK 64 /* some mount succeeded */ - const char *thisprogram; int verboseflag = 0; static int got_password = 0; @@ -1424,48 +1416,57 @@ mount_retry: printf("Refer to the mount.cifs(8) manual page (e.g.man mount.cifs)\n"); rc = EX_FAIL; } else { + atexit(unlock_mtab); + rc = lock_mtab(); + if (rc) { + printf("cannot lock mtab"); + goto mount_exit; + } pmntfile = setmntent(MOUNTED, "a+"); - if(pmntfile) { - mountent.mnt_fsname = dev_name; - mountent.mnt_dir = mountpoint; - mountent.mnt_type = CONST_DISCARD(char *,"cifs"); - mountent.mnt_opts = (char *)malloc(220); - if(mountent.mnt_opts) { - char * mount_user = getusername(); - memset(mountent.mnt_opts,0,200); - if(flags & MS_RDONLY) - strlcat(mountent.mnt_opts,"ro",220); - else - strlcat(mountent.mnt_opts,"rw",220); - if(flags & MS_MANDLOCK) - strlcat(mountent.mnt_opts,",mand",220); - if(flags & MS_NOEXEC) - strlcat(mountent.mnt_opts,",noexec",220); - if(flags & MS_NOSUID) - strlcat(mountent.mnt_opts,",nosuid",220); - if(flags & MS_NODEV) - strlcat(mountent.mnt_opts,",nodev",220); - if(flags & MS_SYNCHRONOUS) - strlcat(mountent.mnt_opts,",synch",220); - if(mount_user) { - if(getuid() != 0) { - strlcat(mountent.mnt_opts,",user=",220); - strlcat(mountent.mnt_opts,mount_user,220); - } - /* free(mount_user); do not free static mem */ - } - } - mountent.mnt_freq = 0; - mountent.mnt_passno = 0; - rc = addmntent(pmntfile,&mountent); - endmntent(pmntfile); - SAFE_FREE(mountent.mnt_opts); - if (rc) - rc = EX_FILEIO; - } else { + if (!pmntfile) { printf("could not update mount table\n"); + unlock_mtab(); rc = EX_FILEIO; + goto mount_exit; } + mountent.mnt_fsname = dev_name; + mountent.mnt_dir = mountpoint; + mountent.mnt_type = CONST_DISCARD(char *,"cifs"); + mountent.mnt_opts = (char *)malloc(220); + if(mountent.mnt_opts) { + char * mount_user = getusername(); + memset(mountent.mnt_opts,0,200); + if(flags & MS_RDONLY) + strlcat(mountent.mnt_opts,"ro",220); + else + strlcat(mountent.mnt_opts,"rw",220); + if(flags & MS_MANDLOCK) + strlcat(mountent.mnt_opts,",mand",220); + if(flags & MS_NOEXEC) + strlcat(mountent.mnt_opts,",noexec",220); + if(flags & MS_NOSUID) + strlcat(mountent.mnt_opts,",nosuid",220); + if(flags & MS_NODEV) + strlcat(mountent.mnt_opts,",nodev",220); + if(flags & MS_SYNCHRONOUS) + strlcat(mountent.mnt_opts,",sync",220); + if(mount_user) { + if(getuid() != 0) { + strlcat(mountent.mnt_opts, + ",user=", 220); + strlcat(mountent.mnt_opts, + mount_user, 220); + } + } + } + mountent.mnt_freq = 0; + mountent.mnt_passno = 0; + rc = addmntent(pmntfile,&mountent); + endmntent(pmntfile); + unlock_mtab(); + SAFE_FREE(mountent.mnt_opts); + if (rc) + rc = EX_FILEIO; } mount_exit: if(mountpassword) { diff --git a/source3/client/mount.h b/source3/client/mount.h new file mode 100644 index 0000000000..23ea4f0cbd --- /dev/null +++ b/source3/client/mount.h @@ -0,0 +1,38 @@ +/* + * Copyright (C) 2008 Jeff Layton (jlayton@samba.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +/* most of this info was taken from the util-linux-ng sources */ + +#ifndef _MOUNT_H_ +#define _MOUNT_H_ + +/* exit status - bits below are ORed */ +#define EX_USAGE 1 /* incorrect invocation or permission */ +#define EX_SYSERR 2 /* out of memory, cannot fork, ... */ +#define EX_SOFTWARE 4 /* internal mount bug or wrong version */ +#define EX_USER 8 /* user interrupt */ +#define EX_FILEIO 16 /* problems writing, locking, ... mtab/fstab */ +#define EX_FAIL 32 /* mount failure */ +#define EX_SOMEOK 64 /* some mount succeeded */ + +#define _PATH_MOUNTED_LOCK _PATH_MOUNTED "~" +#define _PATH_MOUNTED_TMP _PATH_MOUNTED ".tmp" + +extern int lock_mtab(void); +extern void unlock_mtab(void); + +#endif /* ! _MOUNT_H_ */ diff --git a/source3/client/mtab.c b/source3/client/mtab.c new file mode 100644 index 0000000000..93fbd11359 --- /dev/null +++ b/source3/client/mtab.c @@ -0,0 +1,219 @@ +/* + * mtab locking routines for use with mount.cifs and umount.cifs + * Copyright (C) 2008 Jeff Layton (jlayton@samba.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . +*/ + +/* + * This code was copied from the util-linux-ng sources and modified: + * + * git://git.kernel.org/pub/scm/utils/util-linux-ng/util-linux-ng.git + * + * ...specifically from mount/fstab.c. That file has no explicit license. The + * "default" license for anything in that tree is apparently GPLv2+, so I + * believe we're OK to copy it here. + * + * Jeff Layton + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "mount.h" + + +/* Updating mtab ----------------------------------------------*/ + +/* Flag for already existing lock file. */ +static int we_created_lockfile = 0; +static int lockfile_fd = -1; + +/* Flag to indicate that signals have been set up. */ +static int signals_have_been_setup = 0; + +static void +handler (int sig) { + exit(EX_USER); +} + +static void +setlkw_timeout (int sig) { + /* nothing, fcntl will fail anyway */ +} + +/* Remove lock file. */ +void +unlock_mtab (void) { + if (we_created_lockfile) { + close(lockfile_fd); + lockfile_fd = -1; + unlink (_PATH_MOUNTED_LOCK); + we_created_lockfile = 0; + } +} + +/* Create the lock file. + The lock file will be removed if we catch a signal or when we exit. */ +/* The old code here used flock on a lock file /etc/mtab~ and deleted + this lock file afterwards. However, as rgooch remarks, that has a + race: a second mount may be waiting on the lock and proceed as + soon as the lock file is deleted by the first mount, and immediately + afterwards a third mount comes, creates a new /etc/mtab~, applies + flock to that, and also proceeds, so that the second and third mount + now both are scribbling in /etc/mtab. + The new code uses a link() instead of a creat(), where we proceed + only if it was us that created the lock, and hence we always have + to delete the lock afterwards. Now the use of flock() is in principle + superfluous, but avoids an arbitrary sleep(). */ + +/* Where does the link point to? Obvious choices are mtab and mtab~~. + HJLu points out that the latter leads to races. Right now we use + mtab~. instead. Use 20 as upper bound for the length of %d. */ +#define MOUNTLOCK_LINKTARGET _PATH_MOUNTED_LOCK "%d" +#define MOUNTLOCK_LINKTARGET_LTH (sizeof(_PATH_MOUNTED_LOCK)+20) + +/* + * The original mount locking code has used sleep(1) between attempts and + * maximal number of attemps has been 5. + * + * There was very small number of attempts and extremely long waiting (1s) + * that is useless on machines with large number of concurret mount processes. + * + * Now we wait few thousand microseconds between attempts and we have global + * time limit (30s) rather than limit for number of attempts. The advantage + * is that this method also counts time which we spend in fcntl(F_SETLKW) and + * number of attempts is not so much restricted. + * + * -- kzak@redhat.com [2007-Mar-2007] + */ + +/* maximum seconds between first and last attempt */ +#define MOUNTLOCK_MAXTIME 30 + +/* sleep time (in microseconds, max=999999) between attempts */ +#define MOUNTLOCK_WAITTIME 5000 + +int +lock_mtab (void) { + int i; + struct timespec waittime; + struct timeval maxtime; + char linktargetfile[MOUNTLOCK_LINKTARGET_LTH]; + + if (!signals_have_been_setup) { + int sig = 0; + struct sigaction sa; + + sa.sa_handler = handler; + sa.sa_flags = 0; + sigfillset (&sa.sa_mask); + + while (sigismember (&sa.sa_mask, ++sig) != -1 + && sig != SIGCHLD) { + if (sig == SIGALRM) + sa.sa_handler = setlkw_timeout; + else + sa.sa_handler = handler; + sigaction (sig, &sa, (struct sigaction *) 0); + } + signals_have_been_setup = 1; + } + + sprintf(linktargetfile, MOUNTLOCK_LINKTARGET, getpid ()); + + i = open (linktargetfile, O_WRONLY|O_CREAT, S_IRUSR|S_IWUSR); + if (i < 0) { + /* linktargetfile does not exist (as a file) + and we cannot create it. Read-only filesystem? + Too many files open in the system? + Filesystem full? */ + return EX_FILEIO; + } + close(i); + + gettimeofday(&maxtime, NULL); + maxtime.tv_sec += MOUNTLOCK_MAXTIME; + + waittime.tv_sec = 0; + waittime.tv_nsec = (1000 * MOUNTLOCK_WAITTIME); + + /* Repeat until it was us who made the link */ + while (!we_created_lockfile) { + struct timeval now; + struct flock flock; + int errsv, j; + + j = link(linktargetfile, _PATH_MOUNTED_LOCK); + errsv = errno; + + if (j == 0) + we_created_lockfile = 1; + + if (j < 0 && errsv != EEXIST) { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + + lockfile_fd = open (_PATH_MOUNTED_LOCK, O_WRONLY); + + if (lockfile_fd < 0) { + /* Strange... Maybe the file was just deleted? */ + gettimeofday(&now, NULL); + if (errno == ENOENT && now.tv_sec < maxtime.tv_sec) { + we_created_lockfile = 0; + continue; + } + (void) unlink(linktargetfile); + return EX_FILEIO; + } + + flock.l_type = F_WRLCK; + flock.l_whence = SEEK_SET; + flock.l_start = 0; + flock.l_len = 0; + + if (j == 0) { + /* We made the link. Now claim the lock. If we can't + * get it, continue anyway + */ + fcntl (lockfile_fd, F_SETLK, &flock); + (void) unlink(linktargetfile); + } else { + /* Someone else made the link. Wait. */ + gettimeofday(&now, NULL); + if (now.tv_sec < maxtime.tv_sec) { + alarm(maxtime.tv_sec - now.tv_sec); + if (fcntl (lockfile_fd, F_SETLKW, &flock) == -1) { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + alarm(0); + nanosleep(&waittime, NULL); + } else { + (void) unlink(linktargetfile); + return EX_FILEIO; + } + close(lockfile_fd); + } + } + return 0; +} + diff --git a/source3/client/umount.cifs.c b/source3/client/umount.cifs.c index 3e2415ad00..aff7cea397 100644 --- a/source3/client/umount.cifs.c +++ b/source3/client/umount.cifs.c @@ -33,9 +33,10 @@ #include #include #include +#include "mount.h" #define UNMOUNT_CIFS_VERSION_MAJOR "0" -#define UNMOUNT_CIFS_VERSION_MINOR "5" +#define UNMOUNT_CIFS_VERSION_MINOR "6" #ifndef UNMOUNT_CIFS_VENDOR_SUFFIX #ifdef _SAMBA_BUILD_ @@ -137,24 +138,6 @@ static int umount_check_perm(char * dir) return rc; } -static int lock_mtab(void) -{ - int rc; - - rc = mknod(MOUNTED_LOCK , 0600, 0); - if(rc == -1) - printf("\ngetting lock file %s failed with %s\n",MOUNTED_LOCK, - strerror(errno)); - - return rc; - -} - -static void unlock_mtab(void) -{ - unlink(MOUNTED_LOCK); -} - static int remove_from_mtab(char * mountpoint) { int rc; @@ -168,6 +151,7 @@ static int remove_from_mtab(char * mountpoint) /* Do we first need to check if it is writable? */ + atexit(unlock_mtab); if (lock_mtab()) { printf("Mount table locked\n"); return -EACCES; -- cgit From 6815fd173077b02a80674a942225bd7cad6112c7 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 6 Nov 2008 10:19:20 +0100 Subject: s3: rpc: let serverinfo_to_SamInfo3() work with no pipe_session_key metze --- source3/include/proto.h | 3 ++- source3/rpc_client/init_netlogon.c | 18 +++++++++++++++--- source3/rpc_server/srv_netlog_nt.c | 2 +- 3 files changed, 18 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index ac55a67c19..49c9aff349 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5549,7 +5549,8 @@ void init_netr_SamInfo3(struct netr_SamInfo3 *r, uint32_t sidcount, struct netr_SidAttr *sids); NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, - uint8_t pipe_session_key[16], + uint8_t *pipe_session_key, + size_t pipe_session_key_len, struct netr_SamInfo3 *sam3); void init_netr_IdentityInfo(struct netr_IdentityInfo *r, const char *domain_name, diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index e4c39e739e..4318a94076 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -172,7 +172,8 @@ static NTSTATUS nt_token_to_group_list(TALLOC_CTX *mem_ctx, *****************************************************************************/ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, - uint8_t pipe_session_key[16], + uint8_t *pipe_session_key, + size_t pipe_session_key_len, struct netr_SamInfo3 *sam3) { struct samu *sampw; @@ -203,6 +204,13 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, user_sid = pdb_get_user_sid(sampw); group_sid = pdb_get_group_sid(sampw); + if (pipe_session_key && pipe_session_key_len != 16) { + DEBUG(0,("serverinfo_to_SamInfo3: invalid " + "pipe_session_key_len[%u] != 16\n", + pipe_session_key_len)); + return NT_STATUS_INTERNAL_ERROR; + } + if ((user_sid == NULL) || (group_sid == NULL)) { DEBUG(1, ("_netr_LogonSamLogon: User without group or user SID\n")); return NT_STATUS_UNSUCCESSFUL; @@ -248,14 +256,18 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, server_info->user_session_key.data, MIN(sizeof(user_session_key.key), server_info->user_session_key.length)); - SamOEMhash(user_session_key.key, pipe_session_key, 16); + if (pipe_session_key) { + SamOEMhash(user_session_key.key, pipe_session_key, 16); + } } if (server_info->lm_session_key.length) { memcpy(lm_session_key.key, server_info->lm_session_key.data, MIN(sizeof(lm_session_key.key), server_info->lm_session_key.length)); - SamOEMhash(lm_session_key.key, pipe_session_key, 8); + if (pipe_session_key) { + SamOEMhash(lm_session_key.key, pipe_session_key, 8); + } } groups.count = num_gids; diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c index 75fc99401e..45acd3ed48 100644 --- a/source3/rpc_server/srv_netlog_nt.c +++ b/source3/rpc_server/srv_netlog_nt.c @@ -981,7 +981,7 @@ NTSTATUS _netr_LogonSamLogon(pipes_struct *p, memcpy(pipe_session_key, p->auth.a_u.schannel_auth->sess_key, 16); } - status = serverinfo_to_SamInfo3(server_info, pipe_session_key, sam3); + status = serverinfo_to_SamInfo3(server_info, pipe_session_key, 16, sam3); TALLOC_FREE(server_info); return status; } -- cgit From e9b8dd561fb3d2c6daf2e18887d6b324eb0c9175 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 29 Oct 2008 12:20:02 +0100 Subject: s3: build ndr_named_pipe_auth.c metze --- source3/Makefile.in | 4 +- source3/librpc/gen_ndr/named_pipe_auth.h | 32 +++ source3/librpc/gen_ndr/ndr_named_pipe_auth.c | 302 +++++++++++++++++++++++++++ source3/librpc/gen_ndr/ndr_named_pipe_auth.h | 20 ++ 4 files changed, 357 insertions(+), 1 deletion(-) create mode 100644 source3/librpc/gen_ndr/named_pipe_auth.h create mode 100644 source3/librpc/gen_ndr/ndr_named_pipe_auth.c create mode 100644 source3/librpc/gen_ndr/ndr_named_pipe_auth.h (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 4f757e9ebf..b8646aa931 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -294,6 +294,7 @@ LIBNDR_GEN_OBJ = librpc/gen_ndr/ndr_wkssvc.o \ librpc/gen_ndr/ndr_notify.o \ librpc/gen_ndr/ndr_xattr.o \ librpc/gen_ndr/ndr_epmapper.o \ + librpc/gen_ndr/ndr_named_pipe_auth.o \ librpc/gen_ndr/ndr_ntsvcs.o RPC_PARSE_OBJ0 = rpc_parse/parse_prs.o rpc_parse/parse_misc.o @@ -1223,7 +1224,8 @@ samba3-idl:: ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ - ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl + ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ + ../librpc/idl/named_pipe_auth.idl librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h @echo "Generating $@" diff --git a/source3/librpc/gen_ndr/named_pipe_auth.h b/source3/librpc/gen_ndr/named_pipe_auth.h new file mode 100644 index 0000000000..5f4ba9afb1 --- /dev/null +++ b/source3/librpc/gen_ndr/named_pipe_auth.h @@ -0,0 +1,32 @@ +/* header auto-generated by pidl */ + +#include + +#include "librpc/gen_ndr/netlogon.h" +#ifndef _HEADER_named_pipe_auth +#define _HEADER_named_pipe_auth + +#define NAMED_PIPE_AUTH_MAGIC ( "NPAM" ) +union named_pipe_auth_req_info { + struct netr_SamInfo3 info1;/* [case] */ +}/* [switch_type(uint32)] */; + +struct named_pipe_auth_req { + uint32_t length;/* [value(ndr_size_named_pipe_auth_req(r,ndr->flags)-4),flag(LIBNDR_FLAG_BIGENDIAN)] */ + const char *magic;/* [value(NAMED_PIPE_AUTH_MAGIC),charset(DOS)] */ + uint32_t level; + union named_pipe_auth_req_info info;/* [switch_is(level)] */ +}/* [gensize,public] */; + +union named_pipe_auth_rep_info { +}/* [switch_type(uint32)] */; + +struct named_pipe_auth_rep { + uint32_t length;/* [value(ndr_size_named_pipe_auth_rep(r,ndr->flags)-4),flag(LIBNDR_FLAG_BIGENDIAN)] */ + const char *magic;/* [value(NAMED_PIPE_AUTH_MAGIC),charset(DOS)] */ + uint32_t level; + union named_pipe_auth_rep_info info;/* [switch_is(level)] */ + NTSTATUS status; +}/* [gensize,public] */; + +#endif /* _HEADER_named_pipe_auth */ diff --git a/source3/librpc/gen_ndr/ndr_named_pipe_auth.c b/source3/librpc/gen_ndr/ndr_named_pipe_auth.c new file mode 100644 index 0000000000..69412bf427 --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_named_pipe_auth.c @@ -0,0 +1,302 @@ +/* parser auto-generated by pidl */ + +#include "includes.h" +#include "librpc/gen_ndr/ndr_named_pipe_auth.h" + +#include "librpc/gen_ndr/ndr_netlogon.h" +static enum ndr_err_code ndr_push_named_pipe_auth_req_info(struct ndr_push *ndr, int ndr_flags, const union named_pipe_auth_req_info *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level)); + switch (level) { + case 0: { + break; } + + case 1: { + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_SCALARS, &r->info1)); + break; } + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case 0: + break; + + case 1: + NDR_CHECK(ndr_push_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info1)); + break; + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_named_pipe_auth_req_info(struct ndr_pull *ndr, int ndr_flags, union named_pipe_auth_req_info *r) +{ + int level; + uint32_t _level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); + if (_level != level) { + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level); + } + switch (level) { + case 0: { + break; } + + case 1: { + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_SCALARS, &r->info1)); + break; } + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case 0: + break; + + case 1: + NDR_CHECK(ndr_pull_netr_SamInfo3(ndr, NDR_BUFFERS, &r->info1)); + break; + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_req_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_req_info *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "named_pipe_auth_req_info"); + switch (level) { + case 0: + break; + + case 1: + ndr_print_netr_SamInfo3(ndr, "info1", &r->info1); + break; + + default: + ndr_print_bad_level(ndr, name, level); + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_req *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_named_pipe_auth_req(r, ndr->flags) - 4)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, NAMED_PIPE_AUTH_MAGIC, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->level)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_push_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_named_pipe_auth_req_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_SCALARS, &r->info)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_named_pipe_auth_req_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_req(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_req *r) +{ + ndr_print_struct(ndr, name, "named_pipe_auth_req"); + ndr->depth++; + ndr_print_uint32(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_named_pipe_auth_req(r, ndr->flags) - 4:r->length); + ndr_print_string(ndr, "magic", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NAMED_PIPE_AUTH_MAGIC:r->magic); + ndr_print_uint32(ndr, "level", r->level); + ndr_print_set_switch_value(ndr, &r->info, r->level); + ndr_print_named_pipe_auth_req_info(ndr, "info", &r->info); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_named_pipe_auth_req(const struct named_pipe_auth_req *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req); +} + +static enum ndr_err_code ndr_push_named_pipe_auth_rep_info(struct ndr_push *ndr, int ndr_flags, const union named_pipe_auth_rep_info *r) +{ + if (ndr_flags & NDR_SCALARS) { + int level = ndr_push_get_switch_value(ndr, r); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, level)); + switch (level) { + case 0: { + break; } + + case 1: { + break; } + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + int level = ndr_push_get_switch_value(ndr, r); + switch (level) { + case 0: + break; + + case 1: + break; + + default: + return ndr_push_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_named_pipe_auth_rep_info(struct ndr_pull *ndr, int ndr_flags, union named_pipe_auth_rep_info *r) +{ + int level; + uint32_t _level; + level = ndr_pull_get_switch_value(ndr, r); + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &_level)); + if (_level != level) { + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u for r", _level); + } + switch (level) { + case 0: { + break; } + + case 1: { + break; } + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + if (ndr_flags & NDR_BUFFERS) { + switch (level) { + case 0: + break; + + case 1: + break; + + default: + return ndr_pull_error(ndr, NDR_ERR_BAD_SWITCH, "Bad switch value %u", level); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_rep_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_rep_info *r) +{ + int level; + level = ndr_print_get_switch_value(ndr, r); + ndr_print_union(ndr, name, level, "named_pipe_auth_rep_info"); + switch (level) { + case 0: + break; + + case 1: + break; + + default: + ndr_print_bad_level(ndr, name, level); + } +} + +_PUBLIC_ enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_rep *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_size_named_pipe_auth_rep(r, ndr->flags) - 4)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, NAMED_PIPE_AUTH_MAGIC, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->level)); + NDR_CHECK(ndr_push_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_push_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); + NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->status)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_push_named_pipe_auth_rep_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + { + uint32_t _flags_save_uint32 = ndr->flags; + ndr_set_flags(&ndr->flags, LIBNDR_FLAG_BIGENDIAN); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->length)); + ndr->flags = _flags_save_uint32; + } + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->magic, 4, sizeof(uint8_t), CH_DOS)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->level)); + NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->info, r->level)); + NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_SCALARS, &r->info)); + NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->status)); + } + if (ndr_flags & NDR_BUFFERS) { + NDR_CHECK(ndr_pull_named_pipe_auth_rep_info(ndr, NDR_BUFFERS, &r->info)); + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_named_pipe_auth_rep(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_rep *r) +{ + ndr_print_struct(ndr, name, "named_pipe_auth_rep"); + ndr->depth++; + ndr_print_uint32(ndr, "length", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?ndr_size_named_pipe_auth_rep(r, ndr->flags) - 4:r->length); + ndr_print_string(ndr, "magic", (ndr->flags & LIBNDR_PRINT_SET_VALUES)?NAMED_PIPE_AUTH_MAGIC:r->magic); + ndr_print_uint32(ndr, "level", r->level); + ndr_print_set_switch_value(ndr, &r->info, r->level); + ndr_print_named_pipe_auth_rep_info(ndr, "info", &r->info); + ndr_print_NTSTATUS(ndr, "status", r->status); + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_named_pipe_auth_rep(const struct named_pipe_auth_rep *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_rep); +} + diff --git a/source3/librpc/gen_ndr/ndr_named_pipe_auth.h b/source3/librpc/gen_ndr/ndr_named_pipe_auth.h new file mode 100644 index 0000000000..fbef9d5f1c --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_named_pipe_auth.h @@ -0,0 +1,20 @@ +/* header auto-generated by pidl */ + +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/named_pipe_auth.h" + +#ifndef _HEADER_NDR_named_pipe_auth +#define _HEADER_NDR_named_pipe_auth + +#define NDR_NAMED_PIPE_AUTH_CALL_COUNT (0) +void ndr_print_named_pipe_auth_req_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_req_info *r); +enum ndr_err_code ndr_push_named_pipe_auth_req(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_req *r); +enum ndr_err_code ndr_pull_named_pipe_auth_req(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_req *r); +void ndr_print_named_pipe_auth_req(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_req *r); +size_t ndr_size_named_pipe_auth_req(const struct named_pipe_auth_req *r, int flags); +void ndr_print_named_pipe_auth_rep_info(struct ndr_print *ndr, const char *name, const union named_pipe_auth_rep_info *r); +enum ndr_err_code ndr_push_named_pipe_auth_rep(struct ndr_push *ndr, int ndr_flags, const struct named_pipe_auth_rep *r); +enum ndr_err_code ndr_pull_named_pipe_auth_rep(struct ndr_pull *ndr, int ndr_flags, struct named_pipe_auth_rep *r); +void ndr_print_named_pipe_auth_rep(struct ndr_print *ndr, const char *name, const struct named_pipe_auth_rep *r); +size_t ndr_size_named_pipe_auth_rep(const struct named_pipe_auth_rep *r, int flags); +#endif /* _HEADER_NDR_named_pipe_auth */ -- cgit From ace87f16c0f75d5d7685f3b4f187be539ca8ede4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 26 Oct 2008 18:56:29 +0100 Subject: For proxied named pipes, connect to np/ and send auth info Signed-off-by: Stefan Metzmacher --- source3/rpc_server/srv_pipe_hnd.c | 109 +++++++++++++++++++++++++++++++++++++- 1 file changed, 107 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 92f89282cf..d359b9b339 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -20,6 +20,7 @@ */ #include "includes.h" +#include "librpc/gen_ndr/ndr_named_pipe_auth.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_RPC_SRV @@ -944,6 +945,17 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, struct np_proxy_state *result; struct sockaddr_un addr; char *socket_path; + const char *socket_dir; + + DATA_BLOB req_blob; + struct netr_SamInfo3 *info3; + struct named_pipe_auth_req req; + DATA_BLOB rep_blob; + uint8 rep_buf[20]; + struct named_pipe_auth_rep rep; + enum ndr_err_code ndr_err; + NTSTATUS status; + ssize_t written; result = talloc(mem_ctx, struct np_proxy_state); if (result == NULL) { @@ -961,8 +973,16 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, ZERO_STRUCT(addr); addr.sun_family = AF_UNIX; - socket_path = talloc_asprintf(talloc_tos(), "%s/%s", - get_dyn_NCALRPCDIR(), "DEFAULT"); + socket_dir = lp_parm_const_string( + GLOBAL_SECTION_SNUM, "external_rpc_pipe", "socket_dir", + get_dyn_NCALRPCDIR()); + if (socket_dir == NULL) { + DEBUG(0, ("externan_rpc_pipe:socket_dir not set\n")); + goto fail; + } + + socket_path = talloc_asprintf(talloc_tos(), "%s/np/%s", + socket_dir, pipe_name); if (socket_path == NULL) { DEBUG(0, ("talloc_asprintf failed\n")); goto fail; @@ -970,11 +990,96 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, strncpy(addr.sun_path, socket_path, sizeof(addr.sun_path)); TALLOC_FREE(socket_path); + become_root(); if (sys_connect(result->fd, (struct sockaddr *)&addr) == -1) { + unbecome_root(); DEBUG(0, ("connect(%s) failed: %s\n", addr.sun_path, strerror(errno))); goto fail; } + unbecome_root(); + + info3 = talloc(talloc_tos(), struct netr_SamInfo3); + if (info3 == NULL) { + DEBUG(0, ("talloc failed\n")); + goto fail; + } + + status = serverinfo_to_SamInfo3(server_info, NULL, 0, info3); + if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(info3); + DEBUG(0, ("serverinfo_to_SamInfo3 failed: %s\n", + nt_errstr(status))); + goto fail; + } + + req.level = 1; + req.info.info1 = *info3; + + ndr_err = ndr_push_struct_blob( + &req_blob, talloc_tos(), NULL, &req, + (ndr_push_flags_fn_t)ndr_push_named_pipe_auth_req); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(10, ("ndr_push_named_pipe_auth_req failed: %s\n", + ndr_errstr(ndr_err))); + goto fail; + } + + DEBUG(10, ("named_pipe_auth_req(client)[%u]\n", (uint32_t)req_blob.length)); + dump_data(10, req_blob.data, req_blob.length); + + written = write_data(result->fd, (char *)req_blob.data, + req_blob.length); + if (written == -1) { + DEBUG(3, ("Could not write auth req data to RPC server\n")); + goto fail; + } + + status = read_data(result->fd, (char *)rep_buf, sizeof(rep_buf)); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(3, ("Could not read auth result\n")); + goto fail; + } + + rep_blob = data_blob_const(rep_buf, sizeof(rep_buf)); + + DEBUG(10,("name_pipe_auth_rep(client)[%u]\n", (uint32_t)rep_blob.length)); + dump_data(10, rep_blob.data, rep_blob.length); + + ndr_err = ndr_pull_struct_blob( + &rep_blob, talloc_tos(), NULL, &rep, + (ndr_pull_flags_fn_t)ndr_pull_named_pipe_auth_rep); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(0, ("ndr_pull_named_pipe_auth_rep failed: %s\n", + ndr_errstr(ndr_err))); + goto fail; + } + + if (rep.length != 16) { + DEBUG(0, ("req invalid length: %u != 16\n", + rep.length)); + goto fail; + } + + if (strcmp(NAMED_PIPE_AUTH_MAGIC, rep.magic) != 0) { + DEBUG(0, ("req invalid magic: %s != %s\n", + rep.magic, NAMED_PIPE_AUTH_MAGIC)); + goto fail; + } + + if (!NT_STATUS_IS_OK(rep.status)) { + DEBUG(0, ("req failed: %s\n", + nt_errstr(rep.status))); + goto fail; + } + + if (rep.level != 1) { + DEBUG(0, ("req invalid level: %u != 1\n", + rep.level)); + goto fail; + } return result; -- cgit From 8b4b5c3a92be83e99d9177b04f0da56f610025de Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 18:53:00 -0800 Subject: Add wrapper str_list_make_v3() to replace the old S3 behavior of str_list_make(). From Dan Sledz : In samba 3.2 passing NULL or an empty string returned NULL. In master, it now returns a list of length 1 with the first string set to NULL (an empty list). Jeremy. --- source3/auth/auth.c | 16 ++++++++-------- source3/include/proto.h | 1 + source3/lib/debug.c | 2 +- source3/lib/util_str.c | 16 ++++++++++++++++ source3/libgpo/gpo_ldap.c | 6 +++--- source3/param/loadparm.c | 8 ++++---- source3/smbd/map_username.c | 2 +- source3/smbd/password.c | 2 +- source3/web/neg_lang.c | 2 +- 9 files changed, 36 insertions(+), 19 deletions(-) (limited to 'source3') diff --git a/source3/auth/auth.c b/source3/auth/auth.c index 7f95656bef..505098c76a 100644 --- a/source3/auth/auth.c +++ b/source3/auth/auth.c @@ -469,13 +469,13 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) { case SEC_DOMAIN: DEBUG(5,("Making default auth method list for security=domain\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; case SEC_SERVER: DEBUG(5,("Making default auth method list for security=server\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam smbserver", NULL); break; @@ -483,36 +483,36 @@ NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) if (lp_encrypted_passwords()) { if ((lp_server_role() == ROLE_DOMAIN_PDC) || (lp_server_role() == ROLE_DOMAIN_BDC)) { DEBUG(5,("Making default auth method list for DC, security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:trustdomain", NULL); } else { DEBUG(5,("Making default auth method list for standalone security=user, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); } } else { DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; case SEC_SHARE: if (lp_encrypted_passwords()) { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam", NULL); } else { DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest unix", NULL); } break; case SEC_ADS: DEBUG(5,("Making default auth method list for security=ADS\n")); - auth_method_list = str_list_make( + auth_method_list = str_list_make_v3( talloc_tos(), "guest sam winbind:ntdomain", NULL); break; diff --git a/source3/include/proto.h b/source3/include/proto.h index 49c9aff349..482027e8dc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1582,6 +1582,7 @@ bool validate_net_name( const char *name, const char *invalid_chars, int max_len); char *escape_shell_string(const char *src); +char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep); /* The following definitions come from lib/util_unistr.c */ diff --git a/source3/lib/debug.c b/source3/lib/debug.c index 986dff48d7..d64fcb66d9 100644 --- a/source3/lib/debug.c +++ b/source3/lib/debug.c @@ -472,7 +472,7 @@ bool debug_parse_levels(const char *params_str) if (AllowDebugChange == False) return True; - params = str_list_make(talloc_tos(), params_str, NULL); + params = str_list_make_v3(talloc_tos(), params_str, NULL); if (debug_parse_params(params)) { debug_dump_status(5); diff --git a/source3/lib/util_str.c b/source3/lib/util_str.c index 046ce61ea3..fde4f825e8 100644 --- a/source3/lib/util_str.c +++ b/source3/lib/util_str.c @@ -2532,3 +2532,19 @@ char *escape_shell_string(const char *src) *dest++ = '\0'; return ret; } + +/*************************************************** + Wrapper for str_list_make() to restore the s3 behavior. + In samba 3.2 passing NULL or an empty string returned NULL. + + In master, it now returns a list of length 1 with the first string set + to NULL (an empty list) +***************************************************/ + +char **str_list_make_v3(TALLOC_CTX *mem_ctx, const char *string, const char *sep) +{ + if (!string || !*string) { + return NULL; + } + return str_list_make(mem_ctx, string, sep); +} diff --git a/source3/libgpo/gpo_ldap.c b/source3/libgpo/gpo_ldap.c index 0e77f0a856..26813864e5 100644 --- a/source3/libgpo/gpo_ldap.c +++ b/source3/libgpo/gpo_ldap.c @@ -44,7 +44,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, goto parse_error; } - ext_list = str_list_make(mem_ctx, extension_raw, "]"); + ext_list = str_list_make_v3(mem_ctx, extension_raw, "]"); if (!ext_list) { goto parse_error; } @@ -87,7 +87,7 @@ bool ads_parse_gp_ext(TALLOC_CTX *mem_ctx, p++; } - ext_strings = str_list_make(mem_ctx, p, "}"); + ext_strings = str_list_make_v3(mem_ctx, p, "}"); if (ext_strings == NULL) { goto parse_error; } @@ -162,7 +162,7 @@ static ADS_STATUS gpo_parse_gplink(TALLOC_CTX *mem_ctx, DEBUG(10,("gpo_parse_gplink: gPLink: %s\n", gp_link_raw)); - link_list = str_list_make(mem_ctx, gp_link_raw, "]"); + link_list = str_list_make_v3(mem_ctx, gp_link_raw, "]"); if (!link_list) { goto parse_error; } diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 84f6fb907a..fae6cb38dc 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4899,7 +4899,7 @@ static void init_globals(bool first_time_only) Globals.bWinbindTrustedDomainsOnly = False; Globals.bWinbindNestedGroups = True; Globals.winbind_expand_groups = 1; - Globals.szWinbindNssInfo = str_list_make(NULL, "template", NULL); + Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); Globals.bWinbindRefreshTickets = False; Globals.bWinbindOfflineLogon = False; @@ -5615,7 +5615,7 @@ const char **lp_parm_string_list(int snum, const char *type, const char *option, return (const char **)def; if (data->list==NULL) { - data->list = str_list_make(NULL, data->value, NULL); + data->list = str_list_make_v3(NULL, data->value, NULL); } return (const char **)data->list; @@ -6859,7 +6859,7 @@ static bool handle_netbios_scope(int snum, const char *pszParmValue, char **ptr) static bool handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr) { TALLOC_FREE(Globals.szNetbiosAliases); - Globals.szNetbiosAliases = str_list_make(NULL, pszParmValue, NULL); + Globals.szNetbiosAliases = str_list_make_v3(NULL, pszParmValue, NULL); return set_netbios_aliases((const char **)Globals.szNetbiosAliases); } @@ -7261,7 +7261,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue case P_LIST: TALLOC_FREE(*((char ***)parm_ptr)); - *(char ***)parm_ptr = str_list_make( + *(char ***)parm_ptr = str_list_make_v3( NULL, pszParmValue, NULL); break; diff --git a/source3/smbd/map_username.c b/source3/smbd/map_username.c index a8899dd538..f549f0c9f3 100644 --- a/source3/smbd/map_username.c +++ b/source3/smbd/map_username.c @@ -178,7 +178,7 @@ bool map_username(fstring user) /* skip lines like 'user = ' */ - dosuserlist = str_list_make(talloc_tos(), dosname, NULL); + dosuserlist = str_list_make_v3(talloc_tos(), dosname, NULL); if (!dosuserlist) { DEBUG(0,("Bad username map entry. Unable to build user list. Ignoring.\n")); continue; diff --git a/source3/smbd/password.c b/source3/smbd/password.c index 88e7b766be..84b40f28cc 100644 --- a/source3/smbd/password.c +++ b/source3/smbd/password.c @@ -576,7 +576,7 @@ static bool user_ok(const char *user, int snum) TALLOC_FREE(valid); if (ret && lp_onlyuser(snum)) { - char **user_list = str_list_make( + char **user_list = str_list_make_v3( talloc_tos(), lp_username(snum), NULL); if (user_list && str_list_substitute(user_list, "%S", diff --git a/source3/web/neg_lang.c b/source3/web/neg_lang.c index 82411000cd..491ca9eedd 100644 --- a/source3/web/neg_lang.c +++ b/source3/web/neg_lang.c @@ -74,7 +74,7 @@ void web_set_lang(const char *lang_string) int lang_num, i; /* build the lang list */ - lang_list = str_list_make(talloc_tos(), lang_string, ", \t\r\n"); + lang_list = str_list_make_v3(talloc_tos(), lang_string, ", \t\r\n"); if (!lang_list) return; /* sort the list by priority */ -- cgit From 7ae625345536572aa946f0715542a5cf2dbc2169 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Thu, 6 Nov 2008 20:40:20 -0800 Subject: Convert to use VFS layer. --- source3/smbd/posix_acls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 97b87cc3a9..7ca2ed787b 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4301,7 +4301,7 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) finfo.fh->fd = -1; finfo.fsp_name = CONST_DISCARD(char *,fname); - if (!NT_STATUS_IS_OK(posix_fget_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd))) { + if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, DACL_SECURITY_INFORMATION, &psd))) { DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); conn_free_internal( conn ); return NULL; -- cgit From 8962be69c700224983af4effd2cd086f7f5800b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 20:48:13 -0800 Subject: Make us clean under valgrind --leak-check=full by using talloc_autofree_context() instead of NULL. Remove the code in memcache that does a TALLOC_FREE on stored pointers. That's a disaster waiting to happen. If you're storing talloc'ed pointers, you can't know their lifecycle and they should be deleted when their parent context is deleted, so freeing them at some arbitrary point later will be a double-free. Jeremy. --- source3/auth/token_util.c | 2 +- source3/lib/memcache.c | 26 -------------------------- source3/lib/util.c | 6 +++--- source3/lib/util_pw.c | 2 +- source3/param/loadparm.c | 8 ++++---- source3/passdb/passdb.c | 2 +- source3/passdb/pdb_interface.c | 4 ++-- source3/passdb/util_unixsids.c | 2 +- source3/smbd/server.c | 6 +++--- source3/smbd/uid.c | 2 +- source3/utils/net_sam.c | 2 +- source3/utils/pdbedit.c | 4 ++-- source3/utils/smbpasswd.c | 4 ++-- source3/web/cgi.c | 4 ++-- 14 files changed, 24 insertions(+), 50 deletions(-) (limited to 'source3') diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index e739fdaabe..6c00aa0943 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -102,7 +102,7 @@ NT_USER_TOKEN *get_root_nt_token( void ) uid_to_sid(&u_sid, pw->pw_uid); gid_to_sid(&g_sid, pw->pw_gid); - token = create_local_nt_token(NULL, &u_sid, False, + token = create_local_nt_token(talloc_autofree_context(), &u_sid, False, 1, &global_sid_Builtin_Administrators); token->privileges = se_disk_operators; diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index 9c892fedfa..d586f707fa 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -40,37 +40,11 @@ struct memcache { static void memcache_element_parse(struct memcache_element *e, DATA_BLOB *key, DATA_BLOB *value); -static bool memcache_is_talloc(enum memcache_number n) -{ - bool result; - - switch (n) { - case GETPWNAM_CACHE: - case PDB_GETPWSID_CACHE: - case SINGLETON_CACHE_TALLOC: - result = true; - break; - default: - result = false; - break; - } - - return result; -} - static int memcache_destructor(struct memcache *cache) { struct memcache_element *e, *next; for (e = cache->mru; e != NULL; e = next) { next = e->next; - if (memcache_is_talloc((enum memcache_number)e->n) - && (e->valuelength == sizeof(void *))) { - DATA_BLOB key, value; - void *ptr; - memcache_element_parse(e, &key, &value); - memcpy(&ptr, value.data, sizeof(ptr)); - TALLOC_FREE(ptr); - } SAFE_FREE(e); } return 0; diff --git a/source3/lib/util.c b/source3/lib/util.c index 820cf376be..5007fb72ef 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1497,7 +1497,7 @@ uid_t nametouid(const char *name) char *p; uid_t u; - pass = getpwnam_alloc(NULL, name); + pass = getpwnam_alloc(talloc_autofree_context(), name); if (pass) { u = pass->pw_uid; TALLOC_FREE(pass); @@ -2255,8 +2255,8 @@ char *myhostname(void) static char *ret; if (ret == NULL) { /* This is cached forever so - * use NULL talloc ctx. */ - ret = talloc_get_myname(NULL); + * use talloc_autofree_context() ctx. */ + ret = talloc_get_myname(talloc_autofree_context()); } return ret; } diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index c0d37f1094..e0dbc97f00 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -57,7 +57,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) return NULL; } - cached = tcopy_passwd(NULL, temp); + cached = tcopy_passwd(talloc_autofree_context(), temp); if (cached == NULL) { /* * Just don't add this into the cache, ignore the failure diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index fae6cb38dc..217957ab37 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4899,7 +4899,7 @@ static void init_globals(bool first_time_only) Globals.bWinbindTrustedDomainsOnly = False; Globals.bWinbindNestedGroups = True; Globals.winbind_expand_groups = 1; - Globals.szWinbindNssInfo = str_list_make_v3(NULL, "template", NULL); + Globals.szWinbindNssInfo = str_list_make_v3(talloc_autofree_context(), "template", NULL); Globals.bWinbindRefreshTickets = False; Globals.bWinbindOfflineLogon = False; @@ -5615,7 +5615,7 @@ const char **lp_parm_string_list(int snum, const char *type, const char *option, return (const char **)def; if (data->list==NULL) { - data->list = str_list_make_v3(NULL, data->value, NULL); + data->list = str_list_make_v3(talloc_autofree_context(), data->value, NULL); } return (const char **)data->list; @@ -6859,7 +6859,7 @@ static bool handle_netbios_scope(int snum, const char *pszParmValue, char **ptr) static bool handle_netbios_aliases(int snum, const char *pszParmValue, char **ptr) { TALLOC_FREE(Globals.szNetbiosAliases); - Globals.szNetbiosAliases = str_list_make_v3(NULL, pszParmValue, NULL); + Globals.szNetbiosAliases = str_list_make_v3(talloc_autofree_context(), pszParmValue, NULL); return set_netbios_aliases((const char **)Globals.szNetbiosAliases); } @@ -7262,7 +7262,7 @@ bool lp_do_parameter(int snum, const char *pszParmName, const char *pszParmValue case P_LIST: TALLOC_FREE(*((char ***)parm_ptr)); *(char ***)parm_ptr = str_list_make_v3( - NULL, pszParmValue, NULL); + talloc_autofree_context(), pszParmValue, NULL); break; case P_STRING: diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c index 60699615f0..8367d6a9ad 100644 --- a/source3/passdb/passdb.c +++ b/source3/passdb/passdb.c @@ -665,7 +665,7 @@ NTSTATUS local_password_change(const char *user_name, DEBUGLEVEL = 1; } - if ( !(pwd = getpwnam_alloc( NULL, user_name)) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), user_name)) ) { return NT_STATUS_NO_SUCH_USER; } diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index fcb38b464b..6fe105854f 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -242,7 +242,7 @@ bool guest_user_info( struct samu *user ) NTSTATUS result; const char *guestname = lp_guestaccount(); - if ( !(pwd = getpwnam_alloc( NULL, guestname ) ) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), guestname ) ) ) { DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n", guestname)); return False; @@ -2016,7 +2016,7 @@ NTSTATUS make_pdb_method( struct pdb_methods **methods ) { /* allocate memory for the structure as its own talloc CTX */ - if ( !(*methods = TALLOC_ZERO_P(NULL, struct pdb_methods) ) ) { + if ( !(*methods = TALLOC_ZERO_P(talloc_autofree_context(), struct pdb_methods) ) ) { return NT_STATUS_NO_MEMORY; } diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c index 1b674d02a2..ad4e70256d 100644 --- a/source3/passdb/util_unixsids.c +++ b/source3/passdb/util_unixsids.c @@ -56,7 +56,7 @@ bool lookup_unix_user_name(const char *name, DOM_SID *sid) { struct passwd *pwd; - pwd = getpwnam_alloc(NULL, name); + pwd = getpwnam_alloc(talloc_autofree_context(), name); if (pwd == NULL) { return False; } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index 7583da65a5..fff05a3aac 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -80,7 +80,7 @@ struct event_context *smbd_event_context(void) { static struct event_context *ctx; - if (!ctx && !(ctx = event_context_init(NULL))) { + if (!ctx && !(ctx = event_context_init(talloc_autofree_context()))) { smb_panic("Could not init smbd event context"); } return ctx; @@ -91,7 +91,7 @@ struct messaging_context *smbd_messaging_context(void) static struct messaging_context *ctx; if (ctx == NULL) { - ctx = messaging_init(NULL, server_id_self(), + ctx = messaging_init(talloc_autofree_context(), server_id_self(), smbd_event_context()); } if (ctx == NULL) { @@ -105,7 +105,7 @@ struct memcache *smbd_memcache(void) static struct memcache *cache; if (!cache - && !(cache = memcache_init(NULL, + && !(cache = memcache_init(talloc_autofree_context(), lp_max_stat_cache_size()*1024))) { smb_panic("Could not init smbd memcache"); diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 8998f6a371..045de6f2d3 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -32,7 +32,7 @@ bool change_to_guest(void) if (!pass) { /* Don't need to free() this as its stored in a static */ - pass = getpwnam_alloc(NULL, lp_guestaccount()); + pass = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount()); if (!pass) return(False); } diff --git a/source3/utils/net_sam.c b/source3/utils/net_sam.c index ce132131f7..e8ebb60205 100644 --- a/source3/utils/net_sam.c +++ b/source3/utils/net_sam.c @@ -1735,7 +1735,7 @@ doma_done: d_printf("Checking Guest's group.\n"); - pwd = getpwnam_alloc(NULL, lp_guestaccount()); + pwd = getpwnam_alloc(talloc_autofree_context(), lp_guestaccount()); if (!pwd) { d_fprintf(stderr, "Failed to find just created Guest account!\n" " Is nss properly configured?!\n"); diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c index fe99b6fc9e..50cbc43d6d 100644 --- a/source3/utils/pdbedit.c +++ b/source3/utils/pdbedit.c @@ -571,7 +571,7 @@ static int new_user (struct pdb_methods *in, const char *username, get_global_sam_sid(); - if ( !(pwd = getpwnam_alloc( NULL, username )) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), username )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", username)); return -1; } @@ -675,7 +675,7 @@ static int new_machine (struct pdb_methods *in, const char *machine_in) fstrcpy(machineaccount, machinename); fstrcat(machineaccount, "$"); - if ( !(pwd = getpwnam_alloc( NULL, machineaccount )) ) { + if ( !(pwd = getpwnam_alloc(talloc_autofree_context(), machineaccount )) ) { DEBUG(0,("Cannot locate Unix account for %s\n", machineaccount)); return -1; } diff --git a/source3/utils/smbpasswd.c b/source3/utils/smbpasswd.c index 600fe52f0d..d2652ad95a 100644 --- a/source3/utils/smbpasswd.c +++ b/source3/utils/smbpasswd.c @@ -337,7 +337,7 @@ static int process_root(int local_flags) load_interfaces(); } - if (!user_name[0] && (pwd = getpwuid_alloc(NULL, geteuid()))) { + if (!user_name[0] && (pwd = getpwuid_alloc(talloc_autofree_context(), geteuid()))) { fstrcpy(user_name, pwd->pw_name); TALLOC_FREE(pwd); } @@ -498,7 +498,7 @@ static int process_nonroot(int local_flags) } if (!user_name[0]) { - pwd = getpwuid_alloc(NULL, getuid()); + pwd = getpwuid_alloc(talloc_autofree_context(), getuid()); if (pwd) { fstrcpy(user_name,pwd->pw_name); TALLOC_FREE(pwd); diff --git a/source3/web/cgi.c b/source3/web/cgi.c index ce36bd9310..49e83717c3 100644 --- a/source3/web/cgi.c +++ b/source3/web/cgi.c @@ -314,7 +314,7 @@ static void cgi_web_auth(void) exit(0); } - pwd = getpwnam_alloc(NULL, user); + pwd = getpwnam_alloc(talloc_autofree_context(), user); if (!pwd) { printf("%sCannot find user %s
%s\n", head, user, tail); exit(0); @@ -367,7 +367,7 @@ static bool cgi_handle_authorization(char *line) * Try and get the user from the UNIX password file. */ - pass = getpwnam_alloc(NULL, user); + pass = getpwnam_alloc(talloc_autofree_context(), user); /* * Validate the password they have given. -- cgit From 5a2feed9dc4e7d28dee619a6941aa49be76fb298 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 6 Nov 2008 23:29:20 -0800 Subject: If we didn't inherit any ACE's the ACE pointer should be NULL. Jeremy. --- source3/lib/secdesc.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index 94d249564f..de547d815f 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -563,15 +563,17 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, } /* Create child security descriptor to return */ - - new_dacl = make_sec_acl(ctx, + if (new_ace_list_ndx) { + new_dacl = make_sec_acl(ctx, NT4_ACL_REVISION, new_ace_list_ndx, new_ace_list); - if (!new_dacl) { - return NT_STATUS_NO_MEMORY; + if (!new_dacl) { + return NT_STATUS_NO_MEMORY; + } } + *ppsd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, -- cgit From 0d2551772301e9c25e63bb02479e09fc45fdaa26 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 21:31:04 +0100 Subject: s3: security.idl: split of dom_sid stuff into dom_sid.idl And use the toplevel ndr_sec_helper.c metze --- source3/Makefile.in | 4 +- source3/librpc/gen_ndr/dom_sid.h | 15 +++++ source3/librpc/gen_ndr/ndr_security.c | 1 + source3/librpc/gen_ndr/ndr_security.h | 1 + source3/librpc/gen_ndr/security.h | 4 +- source3/librpc/idl/dom_sid.idl | 29 +++++++++ source3/librpc/ndr/ndr_sec.h | 35 ---------- source3/librpc/ndr/ndr_sec_helper.c | 117 ---------------------------------- source3/librpc/ndr/sid.c | 53 +++++++++++++++ 9 files changed, 102 insertions(+), 157 deletions(-) create mode 100644 source3/librpc/gen_ndr/dom_sid.h create mode 100644 source3/librpc/idl/dom_sid.idl delete mode 100644 source3/librpc/ndr/ndr_sec.h delete mode 100644 source3/librpc/ndr/ndr_sec_helper.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index b8646aa931..a644eeae64 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -267,7 +267,7 @@ LIBNDR_OBJ = ../librpc/ndr/ndr_basic.o \ ../librpc/ndr/ndr_misc.o \ librpc/gen_ndr/ndr_misc.o \ librpc/gen_ndr/ndr_security.o \ - librpc/ndr/ndr_sec_helper.o \ + ../librpc/ndr/ndr_sec_helper.o \ librpc/ndr/ndr_string.o \ librpc/ndr/sid.o \ ../librpc/ndr/uuid.o \ @@ -1225,7 +1225,7 @@ samba3-idl:: ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ - ../librpc/idl/named_pipe_auth.idl + ../librpc/idl/named_pipe_auth.idl librpc/idl/dom_sid.idl librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h @echo "Generating $@" diff --git a/source3/librpc/gen_ndr/dom_sid.h b/source3/librpc/gen_ndr/dom_sid.h new file mode 100644 index 0000000000..57dd16855a --- /dev/null +++ b/source3/librpc/gen_ndr/dom_sid.h @@ -0,0 +1,15 @@ +/* header auto-generated by pidl */ + +#include + +#define dom_sid2 dom_sid +#define dom_sid28 dom_sid +#define dom_sid0 dom_sid +#ifndef _HEADER_dom_sid +#define _HEADER_dom_sid + +struct _dummy_domsid { + uint8_t dummy; +}; + +#endif /* _HEADER_dom_sid */ diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index de899241ab..b93a051d7a 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -4,6 +4,7 @@ #include "librpc/gen_ndr/ndr_security.h" #include "librpc/gen_ndr/ndr_misc.h" +#include "librpc/gen_ndr/ndr_dom_sid.h" static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index 7a2ff74309..90800d3d1b 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -6,6 +6,7 @@ #ifndef _HEADER_NDR_security #define _HEADER_NDR_security +#include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r); diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index bb06dc2584..59b00a56a9 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -3,9 +3,7 @@ #include #include "librpc/gen_ndr/misc.h" -#define dom_sid2 dom_sid -#define dom_sid28 dom_sid -#define dom_sid0 dom_sid +#include "librpc/gen_ndr/dom_sid.h" #ifndef _HEADER_security #define _HEADER_security diff --git a/source3/librpc/idl/dom_sid.idl b/source3/librpc/idl/dom_sid.idl new file mode 100644 index 0000000000..c405c18726 --- /dev/null +++ b/source3/librpc/idl/dom_sid.idl @@ -0,0 +1,29 @@ +/* + use the same structure for dom_sid2 as dom_sid. A dom_sid2 is really + just a dom sid, but with the sub_auths represented as a conformant + array. As with all in-structure conformant arrays, the array length + is placed before the start of the structure. That's what gives rise + to the extra num_auths elemenent. We don't want the Samba code to + have to bother with such esoteric NDR details, so its easier to just + define it as a dom_sid and use pidl magic to make it all work. It + just means you need to mark a sid as a "dom_sid2" in the IDL when you + know it is of the conformant array variety +*/ +cpp_quote("#define dom_sid2 dom_sid") + +/* same struct as dom_sid but inside a 28 bytes fixed buffer in NDR */ +cpp_quote("#define dom_sid28 dom_sid") + +/* same struct as dom_sid but in a variable byte buffer, which is maybe empty in NDR */ +cpp_quote("#define dom_sid0 dom_sid") + +[ + pointer_default(unique) +] +interface dom_sid +{ + struct _dummy_domsid { + uint8 dummy; + }; +} + diff --git a/source3/librpc/ndr/ndr_sec.h b/source3/librpc/ndr/ndr_sec.h deleted file mode 100644 index 8034367223..0000000000 --- a/source3/librpc/ndr/ndr_sec.h +++ /dev/null @@ -1,35 +0,0 @@ -#ifndef __LIBRPC_NDR_NDR_SEC_H__ -#define __LIBRPC_NDR_NDR_SEC_H__ - -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2) -/* This file was automatically generated by mkproto.pl. DO NOT EDIT */ - -#ifndef _PUBLIC_ -#define _PUBLIC_ -#endif - - -/* The following definitions come from librpc/ndr/ndr_sec_helper.c */ - -size_t ndr_size_dom_sid(const struct dom_sid *sid); -size_t ndr_length_dom_sid(const struct dom_sid *sid); -size_t ndr_size_security_ace(const struct security_ace *ace); -size_t ndr_size_security_acl(const struct security_acl *acl); -size_t ndr_size_security_descriptor(const struct security_descriptor *sd); -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid); -char *dom_sid_string(TALLOC_CTX *mem_ctx, const struct dom_sid *sid); - -/* The following definitions come from librpc/ndr/ndr_sec.c */ - -enum ndr_err_code ndr_pull_dom_sid2(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid2(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -enum ndr_err_code ndr_pull_dom_sid28(struct ndr_pull *ndr, int ndr_flags, struct dom_sid *sid); -enum ndr_err_code ndr_push_dom_sid28(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *sid); -#undef _PRINTF_ATTRIBUTE -#define _PRINTF_ATTRIBUTE(a1, a2) - -#endif /* __LIBRPC_NDR_NDR_SEC_H__ */ - diff --git a/source3/librpc/ndr/ndr_sec_helper.c b/source3/librpc/ndr/ndr_sec_helper.c deleted file mode 100644 index 18d343799e..0000000000 --- a/source3/librpc/ndr/ndr_sec_helper.c +++ /dev/null @@ -1,117 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - fast routines for getting the wire size of security objects - - Copyright (C) Andrew Tridgell 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . -*/ - - -#include "includes.h" - -/* - return the wire size of a dom_sid -*/ -size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) -{ - if (!sid) return 0; - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) -{ - struct dom_sid zero_sid; - - if (!sid) return 0; - - ZERO_STRUCT(zero_sid); - - if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { - return 0; - } - - return 8 + 4*sid->num_auths; -} - -size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) -{ - return ndr_size_dom_sid28(sid, flags); -} - -/* - return the wire size of a security_ace -*/ -size_t ndr_size_security_ace(const struct security_ace *ace, int flags) -{ - if (!ace) return 0; - return 8 + ndr_size_dom_sid(&ace->trustee, flags); -} - - -/* - return the wire size of a security_acl -*/ -size_t ndr_size_security_acl(const struct security_acl *acl, int flags) -{ - size_t ret; - int i; - if (!acl) return 0; - ret = 8; - for (i=0;inum_aces;i++) { - ret += ndr_size_security_ace(&acl->aces[i], flags); - } - return ret; -} - -/* - return the wire size of a security descriptor -*/ -size_t ndr_size_security_descriptor(const struct security_descriptor *sd, int flags) -{ - size_t ret; - if (!sd) return 0; - - ret = 20; - ret += ndr_size_dom_sid(sd->owner_sid, flags); - ret += ndr_size_dom_sid(sd->group_sid, flags); - ret += ndr_size_security_acl(sd->dacl, flags); - ret += ndr_size_security_acl(sd->sacl, flags); - return ret; -} - -/* - print a dom_sid -*/ -void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); -} - -void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - -void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) -{ - ndr_print_dom_sid(ndr, name, sid); -} - diff --git a/source3/librpc/ndr/sid.c b/source3/librpc/ndr/sid.c index ed27375de1..39b7e3cd59 100644 --- a/source3/librpc/ndr/sid.c +++ b/source3/librpc/ndr/sid.c @@ -21,6 +21,35 @@ #include "includes.h" +/* + return the wire size of a dom_sid +*/ +size_t ndr_size_dom_sid(const struct dom_sid *sid, int flags) +{ + if (!sid) return 0; + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid28(const struct dom_sid *sid, int flags) +{ + struct dom_sid zero_sid; + + if (!sid) return 0; + + ZERO_STRUCT(zero_sid); + + if (memcmp(&zero_sid, sid, sizeof(zero_sid)) == 0) { + return 0; + } + + return 8 + 4*sid->num_auths; +} + +size_t ndr_size_dom_sid0(const struct dom_sid *sid, int flags) +{ + return ndr_size_dom_sid28(sid, flags); +} + enum ndr_err_code ndr_push_dom_sid(struct ndr_push *ndr, int ndr_flags, const struct dom_sid *r) { uint32_t cntr_sub_auths_0; @@ -228,3 +257,27 @@ enum ndr_err_code ndr_push_dom_sid0(struct ndr_push *ndr, int ndr_flags, const s return ndr_push_dom_sid(ndr, ndr_flags, sid); } + +/* + print a dom_sid +*/ +void ndr_print_dom_sid(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr->print(ndr, "%-25s: %s", name, dom_sid_string(ndr, sid)); +} + +void ndr_print_dom_sid2(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid28(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + +void ndr_print_dom_sid0(struct ndr_print *ndr, const char *name, const struct dom_sid *sid) +{ + ndr_print_dom_sid(ndr, name, sid); +} + -- cgit From 07ee1a6e146b0639e3f00020a7bf763744cbc61f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 7 Nov 2008 23:32:28 +0100 Subject: s3: make idl metze --- source3/librpc/gen_ndr/ndr_security.c | 31 ++++++------------------------- source3/librpc/gen_ndr/ndr_security.h | 6 ++++++ source3/librpc/gen_ndr/security.h | 4 ++-- 3 files changed, 14 insertions(+), 27 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/ndr_security.c b/source3/librpc/gen_ndr/ndr_security.c index b93a051d7a..108f2f689c 100644 --- a/source3/librpc/gen_ndr/ndr_security.c +++ b/source3/librpc/gen_ndr/ndr_security.c @@ -5,13 +5,13 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_dom_sid.h" -static enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r) { uint8_t v; NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); @@ -34,13 +34,13 @@ _PUBLIC_ void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *na ndr->depth--; } -static enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r) { NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r)); return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r) { uint8_t v; NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &v)); @@ -279,7 +279,7 @@ _PUBLIC_ void ndr_print_security_ace_object(struct ndr_print *ndr, const char *n ndr->depth--; } -static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r) +_PUBLIC_ enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r) { if (ndr_flags & NDR_SCALARS) { int level = ndr_push_get_switch_value(ndr, r); @@ -332,7 +332,7 @@ static enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, return NDR_ERR_SUCCESS; } -static enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r) { int level; level = ndr_pull_get_switch_value(ndr, r); @@ -432,25 +432,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_f return NDR_ERR_SUCCESS; } -_PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r) -{ - if (ndr_flags & NDR_SCALARS) { - NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, &r->type)); - NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, &r->flags)); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->access_mask)); - NDR_CHECK(ndr_pull_set_switch_value(ndr, &r->object, r->type)); - NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_SCALARS, &r->object)); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, &r->trustee)); - } - if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_security_ace_object_ctr(ndr, NDR_BUFFERS, &r->object)); - NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_BUFFERS, &r->trustee)); - } - return NDR_ERR_SUCCESS; -} - _PUBLIC_ void ndr_print_security_ace(struct ndr_print *ndr, const char *name, const struct security_ace *r) { ndr_print_struct(ndr, name, "security_ace"); diff --git a/source3/librpc/gen_ndr/ndr_security.h b/source3/librpc/gen_ndr/ndr_security.h index 90800d3d1b..bddf1bd2b7 100644 --- a/source3/librpc/gen_ndr/ndr_security.h +++ b/source3/librpc/gen_ndr/ndr_security.h @@ -8,12 +8,18 @@ #include "librpc/gen_ndr/ndr_dom_sid.h" #define NDR_SECURITY_CALL_COUNT (0) +enum ndr_err_code ndr_push_security_ace_flags(struct ndr_push *ndr, int ndr_flags, uint8_t r); +enum ndr_err_code ndr_pull_security_ace_flags(struct ndr_pull *ndr, int ndr_flags, uint8_t *r); void ndr_print_security_ace_flags(struct ndr_print *ndr, const char *name, uint8_t r); +enum ndr_err_code ndr_push_security_ace_type(struct ndr_push *ndr, int ndr_flags, enum security_ace_type r); +enum ndr_err_code ndr_pull_security_ace_type(struct ndr_pull *ndr, int ndr_flags, enum security_ace_type *r); void ndr_print_security_ace_type(struct ndr_print *ndr, const char *name, enum security_ace_type r); void ndr_print_security_ace_object_flags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_security_ace_object_type(struct ndr_print *ndr, const char *name, const union security_ace_object_type *r); void ndr_print_security_ace_object_inherited_type(struct ndr_print *ndr, const char *name, const union security_ace_object_inherited_type *r); void ndr_print_security_ace_object(struct ndr_print *ndr, const char *name, const struct security_ace_object *r); +enum ndr_err_code ndr_push_security_ace_object_ctr(struct ndr_push *ndr, int ndr_flags, const union security_ace_object_ctr *r); +enum ndr_err_code ndr_pull_security_ace_object_ctr(struct ndr_pull *ndr, int ndr_flags, union security_ace_object_ctr *r); void ndr_print_security_ace_object_ctr(struct ndr_print *ndr, const char *name, const union security_ace_object_ctr *r); enum ndr_err_code ndr_push_security_ace(struct ndr_push *ndr, int ndr_flags, const struct security_ace *r); enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, int ndr_flags, struct security_ace *r); diff --git a/source3/librpc/gen_ndr/security.h b/source3/librpc/gen_ndr/security.h index 59b00a56a9..fe23347fdf 100644 --- a/source3/librpc/gen_ndr/security.h +++ b/source3/librpc/gen_ndr/security.h @@ -243,7 +243,7 @@ struct security_ace_object { union security_ace_object_ctr { struct security_ace_object object;/* [case(SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT)] */ -}/* [nodiscriminant] */; +}/* [public,nodiscriminant] */; struct security_ace { enum security_ace_type type; @@ -252,7 +252,7 @@ struct security_ace { uint32_t access_mask; union security_ace_object_ctr object;/* [switch_is(type)] */ struct dom_sid trustee; -}/* [gensize,public,nosize] */; +}/* [gensize,public,nopull,nosize] */; enum security_acl_revision #ifndef USE_UINT_ENUMS -- cgit From 8d4aaefd86915309cf0674afecfad8e923e80522 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Sat, 8 Nov 2008 09:15:51 +0100 Subject: s3: add missing librpc/gen_ndr/ndr_dom_sid.h metze --- source3/librpc/gen_ndr/ndr_dom_sid.h | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 source3/librpc/gen_ndr/ndr_dom_sid.h (limited to 'source3') diff --git a/source3/librpc/gen_ndr/ndr_dom_sid.h b/source3/librpc/gen_ndr/ndr_dom_sid.h new file mode 100644 index 0000000000..145ec1db46 --- /dev/null +++ b/source3/librpc/gen_ndr/ndr_dom_sid.h @@ -0,0 +1,10 @@ +/* header auto-generated by pidl */ + +#include "librpc/ndr/libndr.h" +#include "librpc/gen_ndr/dom_sid.h" + +#ifndef _HEADER_NDR_dom_sid +#define _HEADER_NDR_dom_sid + +#define NDR_DOM_SID_CALL_COUNT (0) +#endif /* _HEADER_NDR_dom_sid */ -- cgit From 87d4138d095bd6554ded80a94fb706bb754ae4c6 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 4 Nov 2008 22:04:58 +0100 Subject: Converting notify.c to store a request, not an inbuf --- source3/include/proto.h | 4 +-- source3/smbd/notify.c | 83 +++++++++++++++++-------------------------------- source3/smbd/nttrans.c | 3 +- 3 files changed, 32 insertions(+), 58 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 482027e8dc..96ed71657d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7973,11 +7973,11 @@ void reply_negprot(struct smb_request *req); /* The following definitions come from smbd/notify.c */ void change_notify_reply(connection_struct *conn, - const uint8 *request_buf, uint32 max_param, + struct smb_request *req, uint32 max_param, struct notify_change_buf *notify_buf); NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter, bool recursive); -NTSTATUS change_notify_add_request(const struct smb_request *req, +NTSTATUS change_notify_add_request(struct smb_request *req, uint32 max_param, uint32 filter, bool recursive, struct files_struct *fsp); diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index b2d0f20f89..5a517654bf 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -24,7 +24,7 @@ struct notify_change_request { struct notify_change_request *prev, *next; struct files_struct *fsp; /* backpointer for cancel by mid */ - uint8 request_buf[smb_size]; + struct smb_request *req; uint32 filter; uint32 max_param; struct notify_mid_map *mid_map; @@ -133,40 +133,33 @@ static bool notify_marshall_changes(int num_changes, *****************************************************************************/ static void change_notify_reply_packet(connection_struct *conn, - const uint8 *request_buf, + struct smb_request *req, NTSTATUS error_code) { - char outbuf[smb_size+38]; + reply_outbuf(req, 18, 0); - memset(outbuf, '\0', sizeof(outbuf)); - construct_reply_common((char *)request_buf, outbuf); - - ERROR_NT(error_code); - - /* - * Seems NT needs a transact command with an error code - * in it. This is a longer packet than a simple error. - */ - srv_set_message(outbuf,18,0,False); + if (!NT_STATUS_IS_OK(error_code)) { + error_packet_set((char *)req->outbuf, 0, 0, error_code, + __LINE__,__FILE__); + } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), - outbuf, - IS_CONN_ENCRYPTED(conn))) + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, + req->encrypted)) { exit_server_cleanly("change_notify_reply_packet: srv_send_smb " "failed."); + } + TALLOC_FREE(req->outbuf); } void change_notify_reply(connection_struct *conn, - const uint8 *request_buf, uint32 max_param, + struct smb_request *req, uint32 max_param, struct notify_change_buf *notify_buf) { prs_struct ps; - struct smb_request *req = NULL; - uint8 tmp_request[smb_size]; if (notify_buf->num_changes == -1) { - change_notify_reply_packet(conn, request_buf, NT_STATUS_OK); + change_notify_reply_packet(conn, req, NT_STATUS_OK); notify_buf->num_changes = 0; return; } @@ -179,32 +172,14 @@ void change_notify_reply(connection_struct *conn, * We exceed what the client is willing to accept. Send * nothing. */ - change_notify_reply_packet(conn, request_buf, NT_STATUS_OK); - goto done; - } - - if (!(req = talloc(talloc_tos(), struct smb_request))) { - change_notify_reply_packet(conn, request_buf, NT_STATUS_NO_MEMORY); + change_notify_reply_packet(conn, req, NT_STATUS_OK); goto done; } - memcpy(tmp_request, request_buf, smb_size); - - /* - * We're only interested in the header fields here - */ - - smb_setlen((char *)tmp_request, smb_size); - SCVAL(tmp_request, smb_wct, 0); - - init_smb_request(req, tmp_request,0, conn->encrypted_tid); - req->inbuf = tmp_request; - send_nt_replies(conn, req, NT_STATUS_OK, prs_data_p(&ps), prs_offset(&ps), NULL, 0); done: - TALLOC_FREE(req); prs_mem_free(&ps); TALLOC_FREE(notify_buf->changes); @@ -252,7 +227,7 @@ NTSTATUS change_notify_create(struct files_struct *fsp, uint32 filter, return status; } -NTSTATUS change_notify_add_request(const struct smb_request *req, +NTSTATUS change_notify_add_request(struct smb_request *req, uint32 max_param, uint32 filter, bool recursive, struct files_struct *fsp) @@ -263,16 +238,16 @@ NTSTATUS change_notify_add_request(const struct smb_request *req, DEBUG(10, ("change_notify_add_request: Adding request for %s: " "max_param = %d\n", fsp->fsp_name, (int)max_param)); - if (!(request = SMB_MALLOC_P(struct notify_change_request)) - || !(map = SMB_MALLOC_P(struct notify_mid_map))) { - SAFE_FREE(request); + if (!(request = talloc(NULL, struct notify_change_request)) + || !(map = talloc(request, struct notify_mid_map))) { + TALLOC_FREE(request); return NT_STATUS_NO_MEMORY; } request->mid_map = map; map->req = request; - memcpy(request->request_buf, req->inbuf, sizeof(request->request_buf)); + request->req = talloc_move(request, &req); request->max_param = max_param; request->filter = filter; request->fsp = fsp; @@ -281,11 +256,11 @@ NTSTATUS change_notify_add_request(const struct smb_request *req, DLIST_ADD_END(fsp->notify->requests, request, struct notify_change_request *); - map->mid = SVAL(req->inbuf, smb_mid); + map->mid = request->req->mid; DLIST_ADD(notify_changes_by_mid, map); /* Push the MID of this packet on the signing queue. */ - srv_defer_sign_response(SVAL(req->inbuf,smb_mid)); + srv_defer_sign_response(request->req->mid); return NT_STATUS_OK; } @@ -315,9 +290,7 @@ static void change_notify_remove_request(struct notify_change_request *remove_re DLIST_REMOVE(fsp->notify->requests, req); DLIST_REMOVE(notify_changes_by_mid, req->mid_map); - SAFE_FREE(req->mid_map); - TALLOC_FREE(req->backend_data); - SAFE_FREE(req); + TALLOC_FREE(req); } /**************************************************************************** @@ -338,8 +311,8 @@ void remove_pending_change_notify_requests_by_mid(uint16 mid) return; } - change_notify_reply_packet(map->req->fsp->conn, - map->req->request_buf, NT_STATUS_CANCELLED); + change_notify_reply_packet(map->req->fsp->conn, map->req->req, + NT_STATUS_CANCELLED); change_notify_remove_request(map->req); } @@ -355,8 +328,8 @@ void remove_pending_change_notify_requests_by_fid(files_struct *fsp, } while (fsp->notify->requests != NULL) { - change_notify_reply_packet(fsp->conn, - fsp->notify->requests->request_buf, status); + change_notify_reply_packet( + fsp->conn, fsp->notify->requests->req, status); change_notify_remove_request(fsp->notify->requests); } } @@ -450,7 +423,7 @@ static void notify_fsp(files_struct *fsp, uint32 action, const char *name) */ change_notify_reply(fsp->conn, - fsp->notify->requests->request_buf, + fsp->notify->requests->req, fsp->notify->requests->max_param, fsp->notify); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 50a3aea856..565f2cbb5f 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1443,7 +1443,8 @@ static void call_nt_transact_notify_change(connection_struct *conn, * here. */ - change_notify_reply(fsp->conn, req->inbuf, max_param_count, fsp->notify); + change_notify_reply(fsp->conn, req, max_param_count, + fsp->notify); /* * change_notify_reply() above has independently sent its -- cgit From 5e2956557b06b5b55dc8810b51bdbcf3e7f03c98 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 5 Nov 2008 19:16:06 +0100 Subject: Remove the change to the user context in process_blocking_lock_queue() --- source3/smbd/blocking.c | 84 +++++-------------------------------------------- 1 file changed, 8 insertions(+), 76 deletions(-) (limited to 'source3') diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 555033b7df..87ae3ca272 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -666,78 +666,9 @@ static void process_blocking_lock_queue(void) */ for (blr = blocking_lock_queue; blr; blr = next) { - connection_struct *conn = NULL; - uint16 vuid; - files_struct *fsp = NULL; next = blr->next; - /* - * Ensure we don't have any old chain_fsp values - * sitting around.... - */ - chain_size = 0; - fsp = blr->fsp; - - conn = conn_find(blr->req->tid); - vuid = (lp_security() == SEC_SHARE) - ? UID_FIELD_INVALID : blr->req->vuid; - - DEBUG(5,("process_blocking_lock_queue: examining pending lock fnum = %d for file %s\n", - fsp->fnum, fsp->fsp_name )); - - if(!change_to_user(conn,vuid)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); - - /* - * Remove the entry and return an error to the client. - */ - - if (br_lck) { - brl_lock_cancel(br_lck, - blr->lock_pid, - procid_self(), - blr->offset, - blr->count, - blr->lock_flav); - TALLOC_FREE(br_lck); - } - - DEBUG(0,("process_blocking_lock_queue: Unable to become user vuid=%d.\n", - vuid )); - blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); - DLIST_REMOVE(blocking_lock_queue, blr); - TALLOC_FREE(blr); - recalc_timeout = True; - continue; - } - - if(!set_current_service(conn,SVAL(blr->req->inbuf,smb_flg),True)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); - - /* - * Remove the entry and return an error to the client. - */ - - if (br_lck) { - brl_lock_cancel(br_lck, - blr->lock_pid, - procid_self(), - blr->offset, - blr->count, - blr->lock_flav); - TALLOC_FREE(br_lck); - } - - DEBUG(0,("process_blocking_lock_queue: Unable to become service Error was %s.\n", strerror(errno) )); - blocking_lock_reply_error(blr,NT_STATUS_ACCESS_DENIED); - DLIST_REMOVE(blocking_lock_queue, blr); - TALLOC_FREE(blr); - recalc_timeout = True; - change_to_root_user(); - continue; - } - /* * Go through the remaining locks and try and obtain them. * The call returns True if all locks were obtained successfully @@ -745,7 +676,8 @@ static void process_blocking_lock_queue(void) */ if(blocking_lock_record_process(blr)) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); + struct byte_range_lock *br_lck = brl_get_locks( + talloc_tos(), blr->fsp); if (br_lck) { brl_lock_cancel(br_lck, @@ -760,19 +692,17 @@ static void process_blocking_lock_queue(void) DLIST_REMOVE(blocking_lock_queue, blr); TALLOC_FREE(blr); recalc_timeout = True; - change_to_root_user(); continue; } - change_to_root_user(); - /* * We couldn't get the locks for this record on the list. * If the time has expired, return a lock error. */ if (!timeval_is_zero(&blr->expire_time) && timeval_compare(&blr->expire_time, &tv_curr) <= 0) { - struct byte_range_lock *br_lck = brl_get_locks(talloc_tos(), fsp); + struct byte_range_lock *br_lck = brl_get_locks( + talloc_tos(), blr->fsp); /* * Lock expired - throw away all previously @@ -780,8 +710,10 @@ static void process_blocking_lock_queue(void) */ if (br_lck) { - DEBUG(5,("process_blocking_lock_queue: pending lock fnum = %d for file %s timed out.\n", - fsp->fnum, fsp->fsp_name )); + DEBUG(5,("process_blocking_lock_queue: " + "pending lock fnum = %d for file %s " + "timed out.\n", blr->fsp->fnum, + blr->fsp->fsp_name )); brl_lock_cancel(br_lck, blr->lock_pid, -- cgit From 52958ea115ab3d1d8cebaad47b5ffff7fc86a4cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Wed, 5 Nov 2008 19:19:17 +0100 Subject: Remove a direct inbuf reference (should have been removed with 8987641d...) --- source3/smbd/aio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index fd553c3fc4..8beed0744c 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -506,7 +506,7 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) ERROR_BOTH(map_nt_error_from_unix(ret), ERRHRD, ERRdiskfull); srv_set_message(outbuf,0,0,true); } else { - bool write_through = BITSETW(aio_ex->req->inbuf+smb_vwv7,0); + bool write_through = BITSETW(aio_ex->req->vwv+7,0); NTSTATUS status; SSVAL(outbuf,smb_vwv2,nwritten); -- cgit From 807ad174b288e4c3d36ed02e5ef02cd7a848ce0e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 6 Nov 2008 12:14:08 +0100 Subject: Remove a direct inbuf reference from reply_nttrans() --- source3/smbd/nttrans.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 565f2cbb5f..c7a8bf7650 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2689,8 +2689,7 @@ void reply_nttrans(struct smb_request *req) goto bad_param; } - memcpy( state->setup, &req->inbuf[smb_nt_SetupStart], - state->setup_count); + memcpy(state->setup, req->vwv+19, state->setup_count); dump_data(10, (uint8 *)state->setup, state->setup_count); } -- cgit From 8637dd12325369e0056d77924cac577a67f2a0ab Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 6 Nov 2008 20:16:04 +0100 Subject: change CHECK_READ to use smb_request instead of inbuf --- source3/include/smb_macros.h | 4 ++-- source3/smbd/reply.c | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/include/smb_macros.h b/source3/include/smb_macros.h index 46ca236553..119ceeb158 100644 --- a/source3/include/smb_macros.h +++ b/source3/include/smb_macros.h @@ -52,8 +52,8 @@ return ERROR_NT(NT_STATUS_INVALID_HANDLE); \ } while(0) -#define CHECK_READ(fsp,inbuf) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \ - ((SVAL((inbuf),smb_flg2) & FLAGS2_READ_PERMIT_EXECUTE) && \ +#define CHECK_READ(fsp,req) (((fsp)->fh->fd != -1) && ((fsp)->can_read || \ + ((req->flags2 & FLAGS2_READ_PERMIT_EXECUTE) && \ (fsp->access_mask & FILE_EXECUTE)))) #define CHECK_WRITE(fsp) ((fsp)->can_write && ((fsp)->fh->fd != -1)) diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 377ba4e530..be39fd464d 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2894,7 +2894,7 @@ void reply_lockread(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBlockread); return; @@ -3002,7 +3002,7 @@ void reply_read(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS, ERRbadaccess); END_PROFILE(SMBread); return; @@ -3255,7 +3255,7 @@ void reply_read_and_X(struct smb_request *req) return; } - if (!CHECK_READ(fsp,req->inbuf)) { + if (!CHECK_READ(fsp,req)) { reply_doserror(req, ERRDOS,ERRbadaccess); END_PROFILE(SMBreadX); return; -- cgit From 7a35506bb87fd784a4a7a5b81c2d2ab5c32b233b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 12:29:24 +0100 Subject: Remove direct inbuf refs from send_trans_reply --- source3/smbd/ipc.c | 72 ++++++++++++++++++++++++++---------------------------- 1 file changed, 35 insertions(+), 37 deletions(-) (limited to 'source3') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index b9460e5211..c7a44270f5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -91,7 +91,6 @@ void send_trans_reply(connection_struct *conn, int tot_data_sent = 0; int tot_param_sent = 0; int align; - char *outbuf; int ldata = rdata ? rdata_len : 0; int lparam = rparam ? rparam_len : 0; @@ -104,38 +103,37 @@ void send_trans_reply(connection_struct *conn, align = ((this_lparam)%4); - if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, - 10, 1+align+this_ldata+this_lparam)) { - smb_panic("could not allocate outbuf"); - } + reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv0,lparam); - SSVAL(outbuf,smb_vwv1,ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,0); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7,smb_offset(smb_buf(outbuf)+1+this_lparam+align, - outbuf)); - SSVAL(outbuf,smb_vwv8,0); - SSVAL(outbuf,smb_vwv9,0); + SSVAL(req->outbuf,smb_vwv0,lparam); + SSVAL(req->outbuf,smb_vwv1,ldata); + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4, + smb_offset(smb_buf(req->outbuf)+1, req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,0); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7, + smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,0); + SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set((char *)outbuf, ERRDOS, ERRmoredata, + error_packet_set((char *)req->outbuf, ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), (char *)outbuf, + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, IS_CONN_ENCRYPTED(conn))) { exit_server_cleanly("send_trans_reply: srv_send_smb failed."); } - TALLOC_FREE(outbuf); + TALLOC_FREE(req->outbuf); tot_data_sent = this_ldata; tot_param_sent = this_lparam; @@ -155,39 +153,39 @@ void send_trans_reply(connection_struct *conn, align = (this_lparam%4); - if (!create_outbuf(talloc_tos(), (char *)req->inbuf, &outbuf, - 10, 1+align+this_ldata+this_lparam)) { - smb_panic("could not allocate outbuf"); - } + reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); - copy_trans_params_and_data(outbuf, align, + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); - SSVAL(outbuf,smb_vwv3,this_lparam); - SSVAL(outbuf,smb_vwv4,smb_offset(smb_buf(outbuf)+1,outbuf)); - SSVAL(outbuf,smb_vwv5,tot_param_sent); - SSVAL(outbuf,smb_vwv6,this_ldata); - SSVAL(outbuf,smb_vwv7, - smb_offset(smb_buf(outbuf)+1+this_lparam+align, outbuf)); - SSVAL(outbuf,smb_vwv8,tot_data_sent); - SSVAL(outbuf,smb_vwv9,0); + SSVAL(req->outbuf,smb_vwv3,this_lparam); + SSVAL(req->outbuf,smb_vwv4, + smb_offset(smb_buf(req->outbuf)+1,req->outbuf)); + SSVAL(req->outbuf,smb_vwv5,tot_param_sent); + SSVAL(req->outbuf,smb_vwv6,this_ldata); + SSVAL(req->outbuf,smb_vwv7, + smb_offset(smb_buf(req->outbuf)+1+this_lparam+align, + req->outbuf)); + SSVAL(req->outbuf,smb_vwv8,tot_data_sent); + SSVAL(req->outbuf,smb_vwv9,0); if (buffer_too_large) { - error_packet_set(outbuf, ERRDOS, ERRmoredata, + error_packet_set((char *)req->outbuf, + ERRDOS, ERRmoredata, STATUS_BUFFER_OVERFLOW, __LINE__, __FILE__); } - show_msg(outbuf); - if (!srv_send_smb(smbd_server_fd(), outbuf, + show_msg((char *)req->outbuf); + if (!srv_send_smb(smbd_server_fd(), (char *)req->outbuf, IS_CONN_ENCRYPTED(conn))) exit_server_cleanly("send_trans_reply: srv_send_smb " "failed."); tot_data_sent += this_ldata; tot_param_sent += this_lparam; - TALLOC_FREE(outbuf); + TALLOC_FREE(req->outbuf); } } -- cgit From 8315677ca3ca9eed62fe6e24bac333b9b5dc763b Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 20:38:05 +0100 Subject: Do not write into inbuf for the transs request Instead, fix up the outbuf in send_xx_reply. In those routines, we know what we are returning. --- source3/smbd/blocking.c | 1 - source3/smbd/ipc.c | 18 ++++++++++++------ source3/smbd/nttrans.c | 11 +++++------ source3/smbd/trans2.c | 12 ++++++------ 4 files changed, 23 insertions(+), 19 deletions(-) (limited to 'source3') diff --git a/source3/smbd/blocking.c b/source3/smbd/blocking.c index 87ae3ca272..2237a89ace 100644 --- a/source3/smbd/blocking.c +++ b/source3/smbd/blocking.c @@ -505,7 +505,6 @@ static bool process_trans2(blocking_lock_record *blr) /* We finally got the lock, return success. */ - SCVAL(blr->req->inbuf, smb_com, SMBtrans2); SSVAL(params,0,0); /* Fake up max_data_bytes here - we know it fits. */ send_trans2_replies(blr->fsp->conn, blr->req, params, 2, NULL, 0, 0xffff); diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c7a44270f5..26a4212ec9 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -105,6 +105,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the outbuf, + * fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -155,6 +161,12 @@ void send_trans_reply(connection_struct *conn, reply_outbuf(req, 10, 1+align+this_ldata+this_lparam); + /* + * We might have SMBtranss in req which was transferred to the + * outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans); + copy_trans_params_and_data((char *)req->outbuf, align, rparam, tot_param_sent, this_lparam, rdata, tot_data_sent, this_ldata); @@ -774,12 +786,6 @@ void reply_transs(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans); - handle_trans(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c7a8bf7650..1a13d962f0 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -119,6 +119,11 @@ void send_nt_replies(connection_struct *conn, total_sent_thistime + alignment_offset + data_alignment_offset); + /* + * We might have had SMBnttranss in req->inbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBnttrans); + /* * Set total params and data to be sent. */ @@ -2829,12 +2834,6 @@ void reply_nttranss(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBnttranss is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBnttrans); - handle_nttrans(conn, state, req); DLIST_REMOVE(conn->pending_trans, state); diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index d0e3a68e8a..c385c6ccb1 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -768,6 +768,12 @@ void send_trans2_replies(connection_struct *conn, reply_outbuf(req, 10, total_sent_thistime + alignment_offset + data_alignment_offset); + /* + * We might have SMBtrans2s in req which was transferred to + * the outbuf, fix that. + */ + SCVAL(req->outbuf, smb_com, SMBtrans2); + /* Set total params and data to be sent */ SSVAL(req->outbuf,smb_tprcnt,paramsize); SSVAL(req->outbuf,smb_tdrcnt,datasize); @@ -7822,12 +7828,6 @@ void reply_transs2(struct smb_request *req) return; } - /* - * construct_reply_common will copy smb_com from inbuf to - * outbuf. SMBtranss2 is wrong here. - */ - SCVAL(req->inbuf,smb_com,SMBtrans2); - handle_trans2(conn, req, state); DLIST_REMOVE(conn->pending_trans, state); -- cgit From 5a33e906f651ea84ec909fd6453e13a9489bd391 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 7 Nov 2008 21:02:11 +0100 Subject: Make "construct_reply_common" static --- source3/include/proto.h | 1 - source3/smbd/process.c | 4 +++- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 96ed71657d..5f9203a21f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8233,7 +8233,6 @@ void reply_outbuf(struct smb_request *req, uint8 num_words, uint32 num_bytes); const char *smb_fn_name(int type); void add_to_common_flags2(uint32 v); void remove_from_common_flags2(uint32 v); -void construct_reply_common(const char *inbuf, char *outbuf); void construct_reply_common_req(struct smb_request *req, char *outbuf); void chain_reply(struct smb_request *req); void check_reload(time_t t); diff --git a/source3/smbd/process.c b/source3/smbd/process.c index 7931fbebab..b3cd2f26c8 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -37,6 +37,8 @@ SIG_ATOMIC_T got_sig_term = 0; extern bool global_machine_password_needs_changing; extern int max_send; +static void construct_reply_common(const char *inbuf, char *outbuf); + /* Accessor function for smb_read_error for smbd functions. */ /**************************************************************************** @@ -1590,7 +1592,7 @@ void remove_from_common_flags2(uint32 v) common_flags2 &= ~v; } -void construct_reply_common(const char *inbuf, char *outbuf) +static void construct_reply_common(const char *inbuf, char *outbuf) { srv_set_message(outbuf,0,0,false); -- cgit From 813bf8b4f463199b7c2d3cddab7056b8a68a0b70 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 8 Nov 2008 22:57:57 -0800 Subject: Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix. Jeremy. --- source3/lib/secdesc.c | 3 +++ source3/modules/vfs_acl_xattr.c | 21 ++++++++++++++++++++- 2 files changed, 23 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index de547d815f..df85336603 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, ptrustee = creator; new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } else if (container && + !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + ptrustee = &ace->trustee; } init_sec_ace(new_ace, ptrustee, ace->type, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 209209d287..a5d93950f6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -363,10 +363,18 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, status = get_nt_acl_xattr_internal(handle, NULL, parent_name, - DACL_SECURITY_INFORMATION, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), &parent_desc); if (NT_STATUS_IS_OK(status)) { /* Create an inherited descriptor from the parent. */ + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: parent acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, parent_desc); + } + status = se_create_child_secdesc(ctx, &psd, &size, @@ -377,6 +385,12 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!NT_STATUS_IS_OK(status)) { return status; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: child acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + } else { DEBUG(10,("inherit_new_acl: directory %s failed " "to get acl %s\n", @@ -401,6 +415,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!psd) { return NT_STATUS_NO_MEMORY; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: default acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } } status = create_acl_blob(psd, &blob); -- cgit From 7d8787c915b97f44851d2ca4c854c5f3aca8a3c6 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Fri, 7 Nov 2008 09:13:26 +0100 Subject: ntlm_auth: Put huge NTLMv2 blobs into extra_data on CRAP auth. This fixes bug #5865 --- source3/nsswitch/winbind_struct_protocol.h | 4 +++- source3/utils/ntlm_auth.c | 18 +++++++++++++++--- source3/winbindd/winbindd_pam.c | 25 ++++++++++++++++++------- 3 files changed, 36 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index ff52dbddaf..169b4a8c95 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -202,7 +202,9 @@ typedef struct winbindd_gr { #define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */ /* Flag to say this is a winbindd internal send - don't recurse. */ #define WBFLAG_RECURSE 0x00000800 - +/* Flag to tell winbind the NTLMv2 blob is too big for the struct and is in the + * extra_data field */ +#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000 #define WINBINDD_MAX_EXTRA_DATA (128*1024) diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index 0a76761cb2..fbb105bfe6 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -380,13 +380,25 @@ NTSTATUS contact_winbind_auth_crap(const char *username, } if (nt_response && nt_response->length) { - memcpy(request.data.auth_crap.nt_resp, - nt_response->data, - MIN(nt_response->length, sizeof(request.data.auth_crap.nt_resp))); + if (nt_response->length > sizeof(request.data.auth_crap.nt_resp)) { + request.flags = request.flags | WBFLAG_BIG_NTLMV2_BLOB; + request.extra_len = nt_response->length; + request.extra_data.data = SMB_MALLOC_ARRAY(char, request.extra_len); + if (request.extra_data.data == NULL) { + return NT_STATUS_NO_MEMORY; + } + memcpy(request.extra_data.data, nt_response->data, + nt_response->length); + + } else { + memcpy(request.data.auth_crap.nt_resp, + nt_response->data, nt_response->length); + } request.data.auth_crap.nt_resp_len = nt_response->length; } result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response); + SAFE_FREE(request.extra_data.data); /* Display response */ diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 9ff3899661..7de28b08a9 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1854,17 +1854,28 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain, if (state->request.data.auth_crap.lm_resp_len > sizeof(state->request.data.auth_crap.lm_resp) || state->request.data.auth_crap.nt_resp_len > sizeof(state->request.data.auth_crap.nt_resp)) { - DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", - state->request.data.auth_crap.lm_resp_len, - state->request.data.auth_crap.nt_resp_len)); - result = NT_STATUS_INVALID_PARAMETER; - goto done; + if (!state->request.flags & WBFLAG_BIG_NTLMV2_BLOB || + state->request.extra_len != state->request.data.auth_crap.nt_resp_len) { + DEBUG(0, ("winbindd_pam_auth_crap: invalid password length %u/%u\n", + state->request.data.auth_crap.lm_resp_len, + state->request.data.auth_crap.nt_resp_len)); + result = NT_STATUS_INVALID_PARAMETER; + goto done; + } } lm_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.lm_resp, state->request.data.auth_crap.lm_resp_len); - nt_resp = data_blob_talloc(state->mem_ctx, state->request.data.auth_crap.nt_resp, - state->request.data.auth_crap.nt_resp_len); + + if (state->request.flags & WBFLAG_BIG_NTLMV2_BLOB) { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.extra_data.data, + state->request.data.auth_crap.nt_resp_len); + } else { + nt_resp = data_blob_talloc(state->mem_ctx, + state->request.data.auth_crap.nt_resp, + state->request.data.auth_crap.nt_resp_len); + } /* what domain should we contact? */ -- cgit From 4c391c94f47458a64bf71d17fc3d7c0507ebfd9b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 15:10:37 +0100 Subject: [s3]build: build cifs.upcall at build time instead of at install time. This is to prevent problems with packaging scripts that pass CFLAGS to make but not to make install... Based on a patch for v3-2 by Martin Schwenke . Michael --- source3/Makefile.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index a644eeae64..d11094d621 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1158,7 +1158,8 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ # now the rules... ###################################################################### all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \ - $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @EXTRA_ALL_TARGETS@ + $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \ + @EXTRA_ALL_TARGETS@ basics:: -- cgit From 951cf45ee7014e4099adf4efdfbb6eb71d7e8419 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 15:13:15 +0100 Subject: [s3]build: prevent make errors for picky makes when $(EXTRA_ALL_TARGETS) is empty picky make implementations don't like lines with only tabs in rules or dependencie Michael --- source3/Makefile.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index d11094d621..d216e1c11e 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -224,6 +224,8 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) \ $(CHARSET_MODULES) $(AUTH_MODULES) $(NSS_INFO_MODULES) \ $(GPEXT_MODULES) +EXTRA_ALL_TARGETS = @EXTRA_ALL_TARGETS@ + ###################################################################### # object file lists ###################################################################### @@ -1159,7 +1161,7 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \ ###################################################################### all:: SHOWFLAGS basics libs $(SBIN_PROGS) $(BIN_PROGS) $(ROOT_SBIN_PROGS) \ $(MODULES) $(NSS_MODULES) $(PAM_MODULES) @CIFSUPCALL_PROGS@ \ - @EXTRA_ALL_TARGETS@ + $(EXTRA_ALL_TARGETS) basics:: -- cgit From 0474c8665d47ca6f89e483ff20f6401698095b55 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 12:55:12 +0100 Subject: nterrors: add NT_STATUS_DS_BUSY. Guenther --- source3/libsmb/nterr.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/libsmb/nterr.c b/source3/libsmb/nterr.c index 1ba230cefe..465d88a9b6 100644 --- a/source3/libsmb/nterr.c +++ b/source3/libsmb/nterr.c @@ -532,6 +532,7 @@ static const nt_err_code_struct nt_errs[] = { "NT_STATUS_TOO_MANY_LINKS", NT_STATUS_TOO_MANY_LINKS }, { "NT_STATUS_QUOTA_LIST_INCONSISTENT", NT_STATUS_QUOTA_LIST_INCONSISTENT }, { "NT_STATUS_FILE_IS_OFFLINE", NT_STATUS_FILE_IS_OFFLINE }, + { "NT_STATUS_DS_BUSY", NT_STATUS_DS_BUSY }, { "NT_STATUS_DS_NO_MORE_RIDS", NT_STATUS_DS_NO_MORE_RIDS }, { "NT_STATUS_NOT_A_REPARSE_POINT", NT_STATUS_NOT_A_REPARSE_POINT }, { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED }, -- cgit From fdc28cf8a57f652c2ff897f1624b43bb96e5b8cd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 12:32:26 +0100 Subject: s3-netlogon: fix type of parameters string in user delta. Guenther --- source3/libnet/libnet_samsync_passdb.c | 6 +++--- source3/librpc/gen_ndr/ndr_netlogon.c | 10 +++++----- source3/librpc/gen_ndr/netlogon.h | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 1faef7b3eb..7ace77cace 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -118,12 +118,12 @@ static NTSTATUS sam_account_from_delta(struct samu *account, pdb_set_profile_path(account, new_string, PDB_CHANGED); } - if (r->parameters.string) { + if (r->parameters.array) { DATA_BLOB mung; char *newstr; old_string = pdb_get_munged_dial(account); - mung.length = r->parameters.length; - mung.data = (uint8 *) r->parameters.string; + mung.length = r->parameters.length * 2; + mung.data = (uint8_t *) r->parameters.array; newstr = (mung.length == 0) ? NULL : base64_encode_data_blob(talloc_tos(), mung); diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index 6575dbcb91..ac23c36a7c 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -2513,7 +2513,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->lm_password_present)); NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->comment)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS, &r->parameters)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->country_code)); NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->code_page)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_SCALARS, &r->user_private_info)); @@ -2540,7 +2540,7 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); - NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->parameters)); + NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); NDR_CHECK(ndr_push_sec_desc_buf(ndr, NDR_BUFFERS, &r->sdbuf)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->profile_path)); @@ -2578,7 +2578,7 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->lm_password_present)); NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->comment)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS, &r->parameters)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_SCALARS, &r->parameters)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->country_code)); NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->code_page)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_SCALARS, &r->user_private_info)); @@ -2605,7 +2605,7 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); - NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->parameters)); + NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); NDR_CHECK(ndr_pull_sec_desc_buf(ndr, NDR_BUFFERS, &r->sdbuf)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->profile_path)); @@ -2643,7 +2643,7 @@ _PUBLIC_ void ndr_print_netr_DELTA_USER(struct ndr_print *ndr, const char *name, ndr_print_uint8(ndr, "lm_password_present", r->lm_password_present); ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr_print_lsa_String(ndr, "comment", &r->comment); - ndr_print_lsa_String(ndr, "parameters", &r->parameters); + ndr_print_lsa_BinaryString(ndr, "parameters", &r->parameters); ndr_print_uint16(ndr, "country_code", r->country_code); ndr_print_uint16(ndr, "code_page", r->code_page); ndr_print_netr_USER_PRIVATE_INFO(ndr, "user_private_info", &r->user_private_info); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index e1dc69cca0..51cca4083b 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -327,7 +327,7 @@ struct netr_DELTA_USER { uint8_t lm_password_present; uint8_t password_expired; struct lsa_String comment; - struct lsa_String parameters; + struct lsa_BinaryString parameters; uint16_t country_code; uint16_t code_page; struct netr_USER_PRIVATE_INFO user_private_info; -- cgit From a4c24b4d3069698ae17bb57dc131f85b25a0c03d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 5 Nov 2008 13:39:25 +0100 Subject: s3-samr-idl: cleanup. Guenther --- source3/librpc/idl/samr.idl | 4 ---- source3/rpc_server/srv_samr_nt.c | 3 +++ source3/winbindd/winbindd_rpc.c | 2 ++ 3 files changed, 5 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index f47e0994dc..2f8657a0b1 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -441,9 +441,6 @@ import "misc.idl", "lsa.idl", "security.idl"; /************************/ /* Function 0x0b */ - const int MAX_SAM_ENTRIES_W2K = 0x400; /* 1024 */ - const int MAX_SAM_ENTRIES_W95 = 50; - NTSTATUS samr_EnumDomainGroups( [in] policy_handle *domain_handle, [in,out,ref] uint32 *resume_handle, @@ -1437,7 +1434,6 @@ import "misc.idl", "lsa.idl", "security.idl"; [out,ref] dom_sid2 *sid ); - /************************/ /* Function 0x42 */ diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c573173900..62ac1cb5c3 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -45,6 +45,9 @@ #define DISP_INFO_CACHE_TIMEOUT 10 +#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ +#define MAX_SAM_ENTRIES_W95 50 + typedef struct disp_info { DOM_SID sid; /* identify which domain this is. */ bool builtin_domain; /* Quick flag to check if this is the builtin domain. */ diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index d966e50159..7dea342a53 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -636,6 +636,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, return NT_STATUS_OK; } +#define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ + NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, uint32 num_sids, const DOM_SID *sids, -- cgit From 1f846f6e617dfd10324004cf7fa76174a468bb16 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 16:09:11 +0100 Subject: s3-build: re-run make samba3-idl (after cleanup). Guenther --- source3/librpc/gen_ndr/samr.h | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 8c8f3f70f9..8ef6752dbf 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -33,8 +33,6 @@ #define GENERIC_RIGHTS_ALIAS_READ ( (STANDARD_RIGHTS_READ_ACCESS|SAMR_ALIAS_ACCESS_GET_MEMBERS) ) #define GENERIC_RIGHTS_ALIAS_WRITE ( (STANDARD_RIGHTS_WRITE_ACCESS|SAMR_ALIAS_ACCESS_REMOVE_MEMBER|SAMR_ALIAS_ACCESS_ADD_MEMBER|SAMR_ALIAS_ACCESS_SET_INFO) ) #define GENERIC_RIGHTS_ALIAS_EXECUTE ( (STANDARD_RIGHTS_EXECUTE_ACCESS|SAMR_ALIAS_ACCESS_LOOKUP_INFO) ) -#define MAX_SAM_ENTRIES_W2K ( 0x400 ) -#define MAX_SAM_ENTRIES_W95 ( 50 ) #define SAMR_ENUM_USERS_MULTIPLIER ( 54 ) #define PASS_MUST_CHANGE_AT_NEXT_LOGON ( 0x01 ) #define PASS_DONT_CHANGE_AT_NEXT_LOGON ( 0x00 ) -- cgit From 94b7db1fb49e1811af002163f9818706e1ea7f7a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 28 Oct 2008 00:03:28 +0100 Subject: s4-samr: merge samr_RidToSid from s3 idl. (fixme: python) Guenther --- source3/librpc/idl/samr.idl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl index 2f8657a0b1..8fbc132aa7 100644 --- a/source3/librpc/idl/samr.idl +++ b/source3/librpc/idl/samr.idl @@ -1431,7 +1431,7 @@ import "misc.idl", "lsa.idl", "security.idl"; NTSTATUS samr_RidToSid( [in,ref] policy_handle *domain_handle, [in] uint32 rid, - [out,ref] dom_sid2 *sid + [out,ref] dom_sid2 **sid ); /************************/ -- cgit From 8f23dff45ee5e1d5af8593dfce649b64ca4abd9f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 15:55:09 +0100 Subject: s3-samr: remove old samr.idl file. Guenther --- source3/Makefile.in | 2 +- source3/librpc/idl/samr.idl | 1550 ------------------------------------------- 2 files changed, 1 insertion(+), 1551 deletions(-) delete mode 100644 source3/librpc/idl/samr.idl (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index d216e1c11e..2bcdd8ddaa 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1224,7 +1224,7 @@ samba3-idl:: ../librpc/idl/initshutdown.idl ../librpc/idl/srvsvc.idl ../librpc/idl/svcctl.idl \ ../librpc/idl/eventlog.idl ../librpc/idl/wkssvc.idl ../librpc/idl/netlogon.idl \ ../librpc/idl/notify.idl ../librpc/idl/epmapper.idl librpc/idl/messaging.idl \ - ../librpc/idl/xattr.idl ../librpc/idl/misc.idl librpc/idl/samr.idl \ + ../librpc/idl/xattr.idl ../librpc/idl/misc.idl ../librpc/idl/samr.idl \ ../librpc/idl/security.idl ../librpc/idl/dssetup.idl ../librpc/idl/krb5pac.idl \ ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ diff --git a/source3/librpc/idl/samr.idl b/source3/librpc/idl/samr.idl deleted file mode 100644 index 8fbc132aa7..0000000000 --- a/source3/librpc/idl/samr.idl +++ /dev/null @@ -1,1550 +0,0 @@ -#include "idl_types.h" - -/* - samr interface definition -*/ -import "misc.idl", "lsa.idl", "security.idl"; - -/* - Thanks to Todd Sabin for some information from his samr.idl in acltools -*/ - -[ uuid("12345778-1234-abcd-ef00-0123456789ac"), - version(1.0), - endpoint("ncacn_np:[\\pipe\\samr]","ncacn_ip_tcp:", "ncalrpc:"), - pointer_default(unique) -] interface samr -{ - typedef bitmap security_secinfo security_secinfo; - - /* account control (acct_flags) bits */ - typedef [public,bitmap32bit] bitmap { - ACB_DISABLED = 0x00000001, /* 1 = User account disabled */ - ACB_HOMDIRREQ = 0x00000002, /* 1 = Home directory required */ - ACB_PWNOTREQ = 0x00000004, /* 1 = User password not required */ - ACB_TEMPDUP = 0x00000008, /* 1 = Temporary duplicate account */ - ACB_NORMAL = 0x00000010, /* 1 = Normal user account */ - ACB_MNS = 0x00000020, /* 1 = MNS logon user account */ - ACB_DOMTRUST = 0x00000040, /* 1 = Interdomain trust account */ - ACB_WSTRUST = 0x00000080, /* 1 = Workstation trust account */ - ACB_SVRTRUST = 0x00000100, /* 1 = Server trust account */ - ACB_PWNOEXP = 0x00000200, /* 1 = User password does not expire */ - ACB_AUTOLOCK = 0x00000400, /* 1 = Account auto locked */ - ACB_ENC_TXT_PWD_ALLOWED = 0x00000800, /* 1 = Encryped text password is allowed */ - ACB_SMARTCARD_REQUIRED = 0x00001000, /* 1 = Smart Card required */ - ACB_TRUSTED_FOR_DELEGATION = 0x00002000, /* 1 = Trusted for Delegation */ - ACB_NOT_DELEGATED = 0x00004000, /* 1 = Not delegated */ - ACB_USE_DES_KEY_ONLY = 0x00008000, /* 1 = Use DES key only */ - ACB_DONT_REQUIRE_PREAUTH = 0x00010000, /* 1 = Preauth not required */ - ACB_PW_EXPIRED = 0x00020000, /* 1 = Password Expired */ - ACB_NO_AUTH_DATA_REQD = 0x00080000 /* 1 = No authorization data required */ - } samr_AcctFlags; - - /* SAM server specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_ACCESS_CONNECT_TO_SERVER = 0x00000001, - SAMR_ACCESS_SHUTDOWN_SERVER = 0x00000002, - SAMR_ACCESS_INITIALIZE_SERVER = 0x00000004, - SAMR_ACCESS_CREATE_DOMAIN = 0x00000008, - SAMR_ACCESS_ENUM_DOMAINS = 0x00000010, - SAMR_ACCESS_OPEN_DOMAIN = 0x00000020 - } samr_ConnectAccessMask; - - const int SAMR_ACCESS_ALL_ACCESS = 0x0000003F; - - const int GENERIC_RIGHTS_SAM_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_ACCESS_ALL_ACCESS); - - const int GENERIC_RIGHTS_SAM_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_ACCESS_ENUM_DOMAINS); - - const int GENERIC_RIGHTS_SAM_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_ACCESS_CREATE_DOMAIN | - SAMR_ACCESS_INITIALIZE_SERVER | - SAMR_ACCESS_SHUTDOWN_SERVER); - - const int GENERIC_RIGHTS_SAM_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_ACCESS_OPEN_DOMAIN | - SAMR_ACCESS_CONNECT_TO_SERVER); - - /* User Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_USER_ACCESS_GET_NAME_ETC = 0x00000001, - SAMR_USER_ACCESS_GET_LOCALE = 0x00000002, - SAMR_USER_ACCESS_SET_LOC_COM = 0x00000004, - SAMR_USER_ACCESS_GET_LOGONINFO = 0x00000008, - SAMR_USER_ACCESS_GET_ATTRIBUTES = 0x00000010, - SAMR_USER_ACCESS_SET_ATTRIBUTES = 0x00000020, - SAMR_USER_ACCESS_CHANGE_PASSWORD = 0x00000040, - SAMR_USER_ACCESS_SET_PASSWORD = 0x00000080, - SAMR_USER_ACCESS_GET_GROUPS = 0x00000100, - SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP = 0x00000200, - SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP = 0x00000400 - } samr_UserAccessMask; - - const int SAMR_USER_ACCESS_ALL_ACCESS = 0x000007FF; - - const int GENERIC_RIGHTS_USER_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_USER_ACCESS_ALL_ACCESS); /* 0x000f07ff */ - - const int GENERIC_RIGHTS_USER_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_USER_ACCESS_GET_GROUP_MEMBERSHIP | - SAMR_USER_ACCESS_GET_GROUPS | - SAMR_USER_ACCESS_GET_ATTRIBUTES | - SAMR_USER_ACCESS_GET_LOGONINFO | - SAMR_USER_ACCESS_GET_LOCALE); /* 0x0002031a */ - - const int GENERIC_RIGHTS_USER_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_USER_ACCESS_CHANGE_PASSWORD | - SAMR_USER_ACCESS_SET_LOC_COM | - SAMR_USER_ACCESS_SET_ATTRIBUTES | - SAMR_USER_ACCESS_SET_PASSWORD | - SAMR_USER_ACCESS_CHANGE_GROUP_MEMBERSHIP); /* 0x000204e4 */ - - const int GENERIC_RIGHTS_USER_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_USER_ACCESS_CHANGE_PASSWORD | - SAMR_USER_ACCESS_GET_NAME_ETC); /* 0x00020041 */ - - /* Domain Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1 = 0x00000001, - SAMR_DOMAIN_ACCESS_SET_INFO_1 = 0x00000002, - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2 = 0x00000004, - SAMR_DOMAIN_ACCESS_SET_INFO_2 = 0x00000008, - SAMR_DOMAIN_ACCESS_CREATE_USER = 0x00000010, - SAMR_DOMAIN_ACCESS_CREATE_GROUP = 0x00000020, - SAMR_DOMAIN_ACCESS_CREATE_ALIAS = 0x00000040, - SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS = 0x00000080, - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS = 0x00000100, - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT = 0x00000200, - SAMR_DOMAIN_ACCESS_SET_INFO_3 = 0x00000400 - } samr_DomainAccessMask; - - const int SAMR_DOMAIN_ACCESS_ALL_ACCESS = 0x000007FF; - - const int GENERIC_RIGHTS_DOMAIN_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_DOMAIN_ACCESS_ALL_ACCESS); - - const int GENERIC_RIGHTS_DOMAIN_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_DOMAIN_ACCESS_LOOKUP_ALIAS | - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_2); - - const int GENERIC_RIGHTS_DOMAIN_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_DOMAIN_ACCESS_SET_INFO_3 | - SAMR_DOMAIN_ACCESS_CREATE_ALIAS | - SAMR_DOMAIN_ACCESS_CREATE_GROUP | - SAMR_DOMAIN_ACCESS_CREATE_USER | - SAMR_DOMAIN_ACCESS_SET_INFO_2 | - SAMR_DOMAIN_ACCESS_SET_INFO_1); - - const int GENERIC_RIGHTS_DOMAIN_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_DOMAIN_ACCESS_OPEN_ACCOUNT | - SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS | - SAMR_DOMAIN_ACCESS_LOOKUP_INFO_1); - - /* Group Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_GROUP_ACCESS_LOOKUP_INFO = 0x00000001, - SAMR_GROUP_ACCESS_SET_INFO = 0x00000002, - SAMR_GROUP_ACCESS_ADD_MEMBER = 0x00000004, - SAMR_GROUP_ACCESS_REMOVE_MEMBER = 0x00000008, - SAMR_GROUP_ACCESS_GET_MEMBERS = 0x00000010 - } samr_GroupAccessMask; - - const int SAMR_GROUP_ACCESS_ALL_ACCESS = 0x0000001F; - - const int GENERIC_RIGHTS_GROUP_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_GROUP_ACCESS_ALL_ACCESS); /* 0x000f001f */ - - const int GENERIC_RIGHTS_GROUP_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_GROUP_ACCESS_GET_MEMBERS); /* 0x00020010 */ - - const int GENERIC_RIGHTS_GROUP_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_GROUP_ACCESS_REMOVE_MEMBER | - SAMR_GROUP_ACCESS_ADD_MEMBER | - SAMR_GROUP_ACCESS_SET_INFO); /* 0x0002000e */ - - const int GENERIC_RIGHTS_GROUP_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_GROUP_ACCESS_LOOKUP_INFO); /* 0x00020001 */ - - /* Alias Object specific access rights */ - - typedef [bitmap32bit] bitmap { - SAMR_ALIAS_ACCESS_ADD_MEMBER = 0x00000001, - SAMR_ALIAS_ACCESS_REMOVE_MEMBER = 0x00000002, - SAMR_ALIAS_ACCESS_GET_MEMBERS = 0x00000004, - SAMR_ALIAS_ACCESS_LOOKUP_INFO = 0x00000008, - SAMR_ALIAS_ACCESS_SET_INFO = 0x00000010 - } samr_AliasAccessMask; - - const int SAMR_ALIAS_ACCESS_ALL_ACCESS = 0x0000001F; - - const int GENERIC_RIGHTS_ALIAS_ALL_ACCESS = - (STANDARD_RIGHTS_REQUIRED_ACCESS | - SAMR_ALIAS_ACCESS_ALL_ACCESS); /* 0x000f001f */ - - const int GENERIC_RIGHTS_ALIAS_READ = - (STANDARD_RIGHTS_READ_ACCESS | - SAMR_ALIAS_ACCESS_GET_MEMBERS); /* 0x00020004 */ - - const int GENERIC_RIGHTS_ALIAS_WRITE = - (STANDARD_RIGHTS_WRITE_ACCESS | - SAMR_ALIAS_ACCESS_REMOVE_MEMBER | - SAMR_ALIAS_ACCESS_ADD_MEMBER | - SAMR_ALIAS_ACCESS_SET_INFO); /* 0x00020013 */ - - const int GENERIC_RIGHTS_ALIAS_EXECUTE = - (STANDARD_RIGHTS_EXECUTE_ACCESS | - SAMR_ALIAS_ACCESS_LOOKUP_INFO); /* 0x00020008 */ - - /******************/ - /* Function: 0x00 */ - NTSTATUS samr_Connect ( - /* notice the lack of [string] */ - [in,unique] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - - /******************/ - /* Function: 0x01 */ - [public] NTSTATUS samr_Close ( - [in,out,ref] policy_handle *handle - ); - - /******************/ - /* Function: 0x02 */ - - NTSTATUS samr_SetSecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [in,ref] sec_desc_buf *sdbuf - ); - - /******************/ - /* Function: 0x03 */ - - NTSTATUS samr_QuerySecurity ( - [in,ref] policy_handle *handle, - [in] security_secinfo sec_info, - [out,ref] sec_desc_buf **sdbuf - ); - - /******************/ - /* Function: 0x04 */ - - /* - shutdown the SAM - once you call this the SAM will be dead - */ - NTSTATUS samr_Shutdown ( - [in,ref] policy_handle *connect_handle - ); - - /******************/ - /* Function: 0x05 */ - NTSTATUS samr_LookupDomain ( - [in,ref] policy_handle *connect_handle, - [in,ref] lsa_String *domain_name, - [out,ref] dom_sid2 **sid - ); - - - /******************/ - /* Function: 0x06 */ - - typedef struct { - uint32 idx; - lsa_String name; - } samr_SamEntry; - - typedef struct { - uint32 count; - [size_is(count)] samr_SamEntry *entries; - } samr_SamArray; - - NTSTATUS samr_EnumDomains ( - [in] policy_handle *connect_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 buf_size, - [out,ref] uint32 *num_entries - ); - - - /************************/ - /* Function 0x07 */ - [public] NTSTATUS samr_OpenDomain( - [in,ref] policy_handle *connect_handle, - [in] samr_DomainAccessMask access_mask, - [in,ref] dom_sid2 *sid, - [out,ref] policy_handle *domain_handle - ); - - /************************/ - /* Function 0x08 */ - /* server roles */ - typedef [v1_enum] enum { - SAMR_ROLE_STANDALONE = 0, - SAMR_ROLE_DOMAIN_MEMBER = 1, - SAMR_ROLE_DOMAIN_BDC = 2, - SAMR_ROLE_DOMAIN_PDC = 3 - } samr_Role; - - /* password properties flags */ - typedef [public,bitmap32bit] bitmap { - DOMAIN_PASSWORD_COMPLEX = 0x00000001, - DOMAIN_PASSWORD_NO_ANON_CHANGE = 0x00000002, - DOMAIN_PASSWORD_NO_CLEAR_CHANGE = 0x00000004, - DOMAIN_PASSWORD_LOCKOUT_ADMINS = 0x00000008, - DOMAIN_PASSWORD_STORE_CLEARTEXT = 0x00000010, - DOMAIN_REFUSE_PASSWORD_CHANGE = 0x00000020 - } samr_PasswordProperties; - - typedef struct { - uint16 min_password_length; - uint16 password_history_length; - samr_PasswordProperties password_properties; - /* yes, these are signed. They are in negative 100ns */ - dlong max_password_age; - dlong min_password_age; - } samr_DomInfo1; - - typedef struct { - NTTIME force_logoff_time; - lsa_String oem_information; /* comment */ - lsa_String domain_name; - lsa_String primary; /* PDC name if this is a BDC */ - udlong sequence_num; - uint32 unknown2; - samr_Role role; - uint32 unknown3; - uint32 num_users; - uint32 num_groups; - uint32 num_aliases; - } samr_DomGeneralInformation; - - typedef struct { - NTTIME force_logoff_time; - } samr_DomInfo3; - - typedef struct { - lsa_String oem_information; /* comment */ - } samr_DomOEMInformation; - - typedef struct { - lsa_String domain_name; - } samr_DomInfo5; - - typedef struct { - lsa_String primary; - } samr_DomInfo6; - - typedef struct { - samr_Role role; - } samr_DomInfo7; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - } samr_DomInfo8; - - typedef struct { - uint32 unknown; /* w2k3 returns 1 */ - } samr_DomInfo9; - - typedef struct { - samr_DomGeneralInformation general; - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomGeneralInformation2; - - typedef struct { - hyper lockout_duration; - hyper lockout_window; - uint16 lockout_threshold; - } samr_DomInfo12; - - typedef struct { - hyper sequence_num; - NTTIME domain_create_time; - uint32 unknown1; - uint32 unknown2; - } samr_DomInfo13; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DomInfo1 info1; - [case(2)] samr_DomGeneralInformation general; - [case(3)] samr_DomInfo3 info3; - [case(4)] samr_DomOEMInformation oem; - [case(5)] samr_DomInfo5 info5; - [case(6)] samr_DomInfo6 info6; - [case(7)] samr_DomInfo7 info7; - [case(8)] samr_DomInfo8 info8; - [case(9)] samr_DomInfo9 info9; - [case(11)] samr_DomGeneralInformation2 general2; - [case(12)] samr_DomInfo12 info12; - [case(13)] samr_DomInfo13 info13; - } samr_DomainInfo; - - NTSTATUS samr_QueryDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_DomainInfo **info - ); - - /************************/ - /* Function 0x09 */ - /* - only levels 1, 3, 4, 6, 7, 9, 12 are valid for this - call in w2k3 - */ - NTSTATUS samr_SetDomainInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,switch_is(level),ref] samr_DomainInfo *info - ); - - - /************************/ - /* Function 0x0a */ - NTSTATUS samr_CreateDomainGroup( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *name, - [in] samr_GroupAccessMask access_mask, - [out,ref] policy_handle *group_handle, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x0b */ - - NTSTATUS samr_EnumDomainGroups( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x0c */ - NTSTATUS samr_CreateUser( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0d */ - - - /* w2k3 treats max_size as max_users*54 and sets the - resume_handle as the rid of the last user sent - */ - const int SAMR_ENUM_USERS_MULTIPLIER = 54; - - NTSTATUS samr_EnumDomainUsers( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [in] samr_AcctFlags acct_flags, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x0e */ - NTSTATUS samr_CreateDomAlias( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *alias_name, - [in] samr_AliasAccessMask access_mask, - [out,ref] policy_handle *alias_handle, - [out,ref] uint32 *rid - ); - - /************************/ - /* Function 0x0f */ - NTSTATUS samr_EnumDomainAliases( - [in] policy_handle *domain_handle, - [in,out,ref] uint32 *resume_handle, - [out,ref] samr_SamArray **sam, - [in] uint32 max_size, - [out,ref] uint32 *num_entries - ); - - /************************/ - /* Function 0x10 */ - - typedef struct { - [range(0,1024)] uint32 count; - [size_is(count)] uint32 *ids; - } samr_Ids; - - NTSTATUS samr_GetAliasMembership( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_SidArray *sids, - [out,ref] samr_Ids *rids - ); - - /************************/ - /* Function 0x11 */ - - [public] NTSTATUS samr_LookupNames( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_names, - [in,size_is(1000),length_is(num_names)] lsa_String names[], - [out,ref] samr_Ids *rids, - [out,ref] samr_Ids *types - ); - - - /************************/ - /* Function 0x12 */ - NTSTATUS samr_LookupRids( - [in,ref] policy_handle *domain_handle, - [in,range(0,1000)] uint32 num_rids, - [in,size_is(1000),length_is(num_rids)] uint32 rids[], - [out,ref] lsa_Strings *names, - [out,ref] samr_Ids *types - ); - - /************************/ - /* Function 0x13 */ - NTSTATUS samr_OpenGroup( - [in,ref] policy_handle *domain_handle, - [in] samr_GroupAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *group_handle - ); - - /* Group attributes */ - typedef [public,bitmap32bit] bitmap { - SE_GROUP_MANDATORY = 0x00000001, - SE_GROUP_ENABLED_BY_DEFAULT = 0x00000002, - SE_GROUP_ENABLED = 0x00000004, - SE_GROUP_OWNER = 0x00000008, - SE_GROUP_USE_FOR_DENY_ONLY = 0x00000010, - SE_GROUP_RESOURCE = 0x20000000, - SE_GROUP_LOGON_ID = 0xC0000000 - } samr_GroupAttrs; - - /************************/ - /* Function 0x14 */ - - typedef struct { - lsa_String name; - samr_GroupAttrs attributes; - uint32 num_members; - lsa_String description; - } samr_GroupInfoAll; - - typedef struct { - samr_GroupAttrs attributes; - } samr_GroupInfoAttributes; - - typedef struct { - lsa_String description; - } samr_GroupInfoDescription; - - typedef enum { - GROUPINFOALL = 1, - GROUPINFONAME = 2, - GROUPINFOATTRIBUTES = 3, - GROUPINFODESCRIPTION = 4, - GROUPINFOALL2 = 5 - } samr_GroupInfoEnum; - - typedef [switch_type(samr_GroupInfoEnum)] union { - [case(GROUPINFOALL)] samr_GroupInfoAll all; - [case(GROUPINFONAME)] lsa_String name; - [case(GROUPINFOATTRIBUTES)] samr_GroupInfoAttributes attributes; - [case(GROUPINFODESCRIPTION)] lsa_String description; - [case(GROUPINFOALL2)] samr_GroupInfoAll all2; - } samr_GroupInfo; - - NTSTATUS samr_QueryGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [out,ref,switch_is(level)] samr_GroupInfo **info - ); - - /************************/ - /* Function 0x15 */ - NTSTATUS samr_SetGroupInfo( - [in,ref] policy_handle *group_handle, - [in] samr_GroupInfoEnum level, - [in,switch_is(level),ref] samr_GroupInfo *info - ); - - /************************/ - /* Function 0x16 */ - NTSTATUS samr_AddGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid, - [in] uint32 flags - ); - - /************************/ - /* Function 0x17 */ - NTSTATUS samr_DeleteDomainGroup( - [in,out,ref] policy_handle *group_handle - ); - - /************************/ - /* Function 0x18 */ - NTSTATUS samr_DeleteGroupMember( - [in,ref] policy_handle *group_handle, - [in] uint32 rid - ); - - - /************************/ - /* Function 0x19 */ - typedef struct { - uint32 count; - [size_is(count)] uint32 *rids; - [size_is(count)] uint32 *types; - } samr_RidTypeArray; - - NTSTATUS samr_QueryGroupMember( - [in,ref] policy_handle *group_handle, - [out,ref] samr_RidTypeArray **rids - ); - - - /************************/ - /* Function 0x1a */ - - /* - win2003 seems to accept any data at all for the two integers - below, and doesn't seem to do anything with them that I can - see. Weird. I really expected the first integer to be a rid - and the second to be the attributes for that rid member. - */ - NTSTATUS samr_SetMemberAttributesOfGroup( - [in,ref] policy_handle *group_handle, - [in] uint32 unknown1, - [in] uint32 unknown2 - ); - - - /************************/ - /* Function 0x1b */ - NTSTATUS samr_OpenAlias ( - [in,ref] policy_handle *domain_handle, - [in] samr_AliasAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *alias_handle - ); - - - /************************/ - /* Function 0x1c */ - - typedef struct { - lsa_String name; - uint32 num_members; - lsa_String description; - } samr_AliasInfoAll; - - typedef enum { - ALIASINFOALL = 1, - ALIASINFONAME = 2, - ALIASINFODESCRIPTION = 3 - } samr_AliasInfoEnum; - - typedef [switch_type(samr_AliasInfoEnum)] union { - [case(ALIASINFOALL)] samr_AliasInfoAll all; - [case(ALIASINFONAME)] lsa_String name; - [case(ALIASINFODESCRIPTION)] lsa_String description; - } samr_AliasInfo; - - NTSTATUS samr_QueryAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [out,ref,switch_is(level)] samr_AliasInfo **info - ); - - /************************/ - /* Function 0x1d */ - NTSTATUS samr_SetAliasInfo( - [in,ref] policy_handle *alias_handle, - [in] samr_AliasInfoEnum level, - [in,switch_is(level),ref] samr_AliasInfo *info - ); - - /************************/ - /* Function 0x1e */ - NTSTATUS samr_DeleteDomAlias( - [in,out,ref] policy_handle *alias_handle - ); - - /************************/ - /* Function 0x1f */ - NTSTATUS samr_AddAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x20 */ - NTSTATUS samr_DeleteAliasMember( - [in,ref] policy_handle *alias_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x21 */ - NTSTATUS samr_GetMembersInAlias( - [in,ref] policy_handle *alias_handle, - [out,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x22 */ - [public] NTSTATUS samr_OpenUser( - [in,ref] policy_handle *domain_handle, - [in] samr_UserAccessMask access_mask, - [in] uint32 rid, - [out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x23 */ - NTSTATUS samr_DeleteUser( - [in,out,ref] policy_handle *user_handle - ); - - /************************/ - /* Function 0x24 */ - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 primary_gid; - lsa_String description; - lsa_String comment; - } samr_UserInfo1; - - typedef struct { - lsa_String comment; - lsa_String unknown; /* settable, but doesn't stick. probably obsolete */ - uint16 country_code; - uint16 code_page; - } samr_UserInfo2; - - /* this is also used in samr and netlogon */ - typedef [public, flag(NDR_PAHEX)] struct { - uint16 units_per_week; - [size_is(1260), length_is(units_per_week/8)] uint8 *bits; - } samr_LogonHours; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME allow_password_change; - NTTIME force_password_change; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - samr_AcctFlags acct_flags; - } samr_UserInfo3; - - typedef struct { - samr_LogonHours logon_hours; - } samr_UserInfo4; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - uint32 rid; - uint32 primary_gid; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - NTTIME last_logon; - NTTIME last_logoff; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - NTTIME last_password_change; - NTTIME acct_expiry; - samr_AcctFlags acct_flags; - } samr_UserInfo5; - - typedef struct { - lsa_String account_name; - lsa_String full_name; - } samr_UserInfo6; - - typedef struct { - lsa_String account_name; - } samr_UserInfo7; - - typedef struct { - lsa_String full_name; - } samr_UserInfo8; - - typedef struct { - uint32 primary_gid; - } samr_UserInfo9; - - typedef struct { - lsa_String home_directory; - lsa_String home_drive; - } samr_UserInfo10; - - typedef struct { - lsa_String logon_script; - } samr_UserInfo11; - - typedef struct { - lsa_String profile_path; - } samr_UserInfo12; - - typedef struct { - lsa_String description; - } samr_UserInfo13; - - typedef struct { - lsa_String workstations; - } samr_UserInfo14; - - typedef struct { - samr_AcctFlags acct_flags; - } samr_UserInfo16; - - typedef struct { - NTTIME acct_expiry; - } samr_UserInfo17; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 hash[16]; - } samr_Password; - - typedef struct { - samr_Password lm_pwd; - samr_Password nt_pwd; - boolean8 lm_pwd_active; - boolean8 nt_pwd_active; - } samr_UserInfo18; - - typedef struct { - lsa_BinaryString parameters; - } samr_UserInfo20; - - /* this defines the bits used for fields_present in info21 */ - typedef [bitmap32bit] bitmap { - SAMR_FIELD_ACCOUNT_NAME = 0x00000001, - SAMR_FIELD_FULL_NAME = 0x00000002, - SAMR_FIELD_RID = 0x00000004, - SAMR_FIELD_PRIMARY_GID = 0x00000008, - SAMR_FIELD_DESCRIPTION = 0x00000010, - SAMR_FIELD_COMMENT = 0x00000020, - SAMR_FIELD_HOME_DIRECTORY = 0x00000040, - SAMR_FIELD_HOME_DRIVE = 0x00000080, - SAMR_FIELD_LOGON_SCRIPT = 0x00000100, - SAMR_FIELD_PROFILE_PATH = 0x00000200, - SAMR_FIELD_WORKSTATIONS = 0x00000400, - SAMR_FIELD_LAST_LOGON = 0x00000800, - SAMR_FIELD_LAST_LOGOFF = 0x00001000, - SAMR_FIELD_LOGON_HOURS = 0x00002000, - SAMR_FIELD_BAD_PWD_COUNT = 0x00004000, - SAMR_FIELD_NUM_LOGONS = 0x00008000, - SAMR_FIELD_ALLOW_PWD_CHANGE = 0x00010000, - SAMR_FIELD_FORCE_PWD_CHANGE = 0x00020000, - SAMR_FIELD_LAST_PWD_CHANGE = 0x00040000, - SAMR_FIELD_ACCT_EXPIRY = 0x00080000, - SAMR_FIELD_ACCT_FLAGS = 0x00100000, - SAMR_FIELD_PARAMETERS = 0x00200000, - SAMR_FIELD_COUNTRY_CODE = 0x00400000, - SAMR_FIELD_CODE_PAGE = 0x00800000, - SAMR_FIELD_PASSWORD = 0x01000000, /* either of these */ - SAMR_FIELD_PASSWORD2 = 0x02000000, /* two bits seems to work */ - SAMR_FIELD_PRIVATE_DATA = 0x04000000, - SAMR_FIELD_EXPIRED_FLAG = 0x08000000, - SAMR_FIELD_SEC_DESC = 0x10000000, - SAMR_FIELD_OWF_PWD = 0x20000000 - } samr_FieldsPresent; - - /* used for 'password_expired' in samr_UserInfo21 */ - const int PASS_MUST_CHANGE_AT_NEXT_LOGON = 0x01; - const int PASS_DONT_CHANGE_AT_NEXT_LOGON = 0x00; - - typedef struct { - NTTIME last_logon; - NTTIME last_logoff; - NTTIME last_password_change; - NTTIME acct_expiry; - NTTIME allow_password_change; - NTTIME force_password_change; - lsa_String account_name; - lsa_String full_name; - lsa_String home_directory; - lsa_String home_drive; - lsa_String logon_script; - lsa_String profile_path; - lsa_String description; - lsa_String workstations; - lsa_String comment; - lsa_BinaryString parameters; - lsa_String unknown1; - lsa_String unknown2; - lsa_String unknown3; - uint32 buf_count; - [size_is(buf_count)] uint8 *buffer; - uint32 rid; - uint32 primary_gid; - samr_AcctFlags acct_flags; - samr_FieldsPresent fields_present; - samr_LogonHours logon_hours; - uint16 bad_password_count; - uint16 logon_count; - uint16 country_code; - uint16 code_page; - uint8 nt_password_set; - uint8 lm_password_set; - uint8 password_expired; - uint8 unknown4; - } samr_UserInfo21; - - typedef [public, flag(NDR_PAHEX)] struct { - uint8 data[516]; - } samr_CryptPassword; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPassword password; - } samr_UserInfo23; - - typedef struct { - samr_CryptPassword password; - uint8 pw_len; - } samr_UserInfo24; - - typedef [flag(NDR_PAHEX)] struct { - uint8 data[532]; - } samr_CryptPasswordEx; - - typedef struct { - samr_UserInfo21 info; - samr_CryptPasswordEx password; - } samr_UserInfo25; - - typedef struct { - samr_CryptPasswordEx password; - uint8 pw_len; - } samr_UserInfo26; - - typedef [switch_type(uint16)] union { - [case(1)] samr_UserInfo1 info1; - [case(2)] samr_UserInfo2 info2; - [case(3)] samr_UserInfo3 info3; - [case(4)] samr_UserInfo4 info4; - [case(5)] samr_UserInfo5 info5; - [case(6)] samr_UserInfo6 info6; - [case(7)] samr_UserInfo7 info7; - [case(8)] samr_UserInfo8 info8; - [case(9)] samr_UserInfo9 info9; - [case(10)] samr_UserInfo10 info10; - [case(11)] samr_UserInfo11 info11; - [case(12)] samr_UserInfo12 info12; - [case(13)] samr_UserInfo13 info13; - [case(14)] samr_UserInfo14 info14; - [case(16)] samr_UserInfo16 info16; - [case(17)] samr_UserInfo17 info17; - [case(18)] samr_UserInfo18 info18; - [case(20)] samr_UserInfo20 info20; - [case(21)] samr_UserInfo21 info21; - [case(23)] samr_UserInfo23 info23; - [case(24)] samr_UserInfo24 info24; - [case(25)] samr_UserInfo25 info25; - [case(26)] samr_UserInfo26 info26; - } samr_UserInfo; - - [public] NTSTATUS samr_QueryUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_UserInfo **info - ); - - - /************************/ - /* Function 0x25 */ - [public] NTSTATUS samr_SetUserInfo( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x26 */ - /* - this is a password change interface that doesn't give - the server the plaintext password. Depricated. - */ - NTSTATUS samr_ChangePasswordUser( - [in,ref] policy_handle *user_handle, - [in] boolean8 lm_present, - [in,unique] samr_Password *old_lm_crypted, - [in,unique] samr_Password *new_lm_crypted, - [in] boolean8 nt_present, - [in,unique] samr_Password *old_nt_crypted, - [in,unique] samr_Password *new_nt_crypted, - [in] boolean8 cross1_present, - [in,unique] samr_Password *nt_cross, - [in] boolean8 cross2_present, - [in,unique] samr_Password *lm_cross - ); - - /************************/ - /* Function 0x27 */ - - typedef [public] struct { - uint32 rid; - samr_GroupAttrs attributes; - } samr_RidWithAttribute; - - typedef [public] struct { - uint32 count; - [size_is(count)] samr_RidWithAttribute *rids; - } samr_RidWithAttributeArray; - - NTSTATUS samr_GetGroupsForUser( - [in,ref] policy_handle *user_handle, - [out,ref] samr_RidWithAttributeArray **rids - ); - - /************************/ - /* Function 0x28 */ - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - lsa_String full_name; - } samr_DispEntryGeneral; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryGeneral *entries; - } samr_DispInfoGeneral; - - typedef struct { - uint32 idx; - uint32 rid; - samr_AcctFlags acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFull; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFull *entries; - } samr_DispInfoFull; - - typedef struct { - uint32 idx; - uint32 rid; - samr_GroupAttrs acct_flags; - lsa_String account_name; - lsa_String description; - } samr_DispEntryFullGroup; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryFullGroup *entries; - } samr_DispInfoFullGroups; - - typedef struct { - uint32 idx; - lsa_AsciiStringLarge account_name; - } samr_DispEntryAscii; - - typedef struct { - uint32 count; - [size_is(count)] samr_DispEntryAscii *entries; - } samr_DispInfoAscii; - - typedef [switch_type(uint16)] union { - [case(1)] samr_DispInfoGeneral info1;/* users */ - [case(2)] samr_DispInfoFull info2; /* trust accounts? */ - [case(3)] samr_DispInfoFullGroups info3; /* groups */ - [case(4)] samr_DispInfoAscii info4; /* users */ - [case(5)] samr_DispInfoAscii info5; /* groups */ - } samr_DispInfo; - - NTSTATUS samr_QueryDisplayInfo( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - - /************************/ - /* Function 0x29 */ - - /* - this seems to be an alphabetic search function. The returned index - is the index for samr_QueryDisplayInfo needed to get names occurring - after the specified name. The supplied name does not need to exist - in the database (for example you can supply just a first letter for - searching starting at that letter) - - The level corresponds to the samr_QueryDisplayInfo level - */ - NTSTATUS samr_GetDisplayEnumerationIndex( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,ref] lsa_String *name, - [out,ref] uint32 *idx - ); - - - - /************************/ - /* Function 0x2a */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsDomain( - [in,ref] policy_handle *domain_handle - ); - - - /************************/ - /* Function 0x2b */ - - /* - w2k3 returns NT_STATUS_NOT_IMPLEMENTED for this - */ - NTSTATUS samr_TestPrivateFunctionsUser( - [in,ref] policy_handle *user_handle - ); - - - /************************/ - /* Function 0x2c */ - - typedef struct { - uint16 min_password_length; - samr_PasswordProperties password_properties; - } samr_PwInfo; - - [public] NTSTATUS samr_GetUserPwInfo( - [in,ref] policy_handle *user_handle, - [out,ref] samr_PwInfo *info - ); - - /************************/ - /* Function 0x2d */ - NTSTATUS samr_RemoveMemberFromForeignDomain( - [in,ref] policy_handle *domain_handle, - [in,ref] dom_sid2 *sid - ); - - /************************/ - /* Function 0x2e */ - - /* - how is this different from QueryDomainInfo ?? - */ - NTSTATUS samr_QueryDomainInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_DomainInfo **info - ); - - /************************/ - /* Function 0x2f */ - - /* - how is this different from QueryUserInfo ?? - */ - NTSTATUS samr_QueryUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [out,ref,switch_is(level)] samr_UserInfo **info - ); - - /************************/ - /* Function 0x30 */ - - /* - how is this different from QueryDisplayInfo?? - */ - NTSTATUS samr_QueryDisplayInfo2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - /************************/ - /* Function 0x31 */ - - /* - how is this different from GetDisplayEnumerationIndex ?? - */ - NTSTATUS samr_GetDisplayEnumerationIndex2( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in,ref] lsa_String *name, - [out,ref] uint32 *idx - ); - - - /************************/ - /* Function 0x32 */ - NTSTATUS samr_CreateUser2( - [in,ref] policy_handle *domain_handle, - [in,ref] lsa_String *account_name, - [in] samr_AcctFlags acct_flags, - [in] samr_UserAccessMask access_mask, - [out,ref] policy_handle *user_handle, - [out,ref] uint32 *access_granted, - [out,ref] uint32 *rid - ); - - - /************************/ - /* Function 0x33 */ - - /* - another duplicate. There must be a reason .... - */ - NTSTATUS samr_QueryDisplayInfo3( - [in,ref] policy_handle *domain_handle, - [in] uint16 level, - [in] uint32 start_idx, - [in] uint32 max_entries, - [in] uint32 buf_size, - [out,ref] uint32 *total_size, - [out,ref] uint32 *returned_size, - [out,ref,switch_is(level)] samr_DispInfo *info - ); - - /************************/ - /* Function 0x34 */ - NTSTATUS samr_AddMultipleMembersToAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x35 */ - NTSTATUS samr_RemoveMultipleMembersFromAlias( - [in,ref] policy_handle *alias_handle, - [in,ref] lsa_SidArray *sids - ); - - /************************/ - /* Function 0x36 */ - - NTSTATUS samr_OemChangePasswordUser2( - [in,unique] lsa_AsciiString *server, - [in,ref] lsa_AsciiString *account, - [in,unique] samr_CryptPassword *password, - [in,unique] samr_Password *hash - ); - - /************************/ - /* Function 0x37 */ - NTSTATUS samr_ChangePasswordUser2( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier - ); - - /************************/ - /* Function 0x38 */ - NTSTATUS samr_GetDomPwInfo( - [in,unique] lsa_String *domain_name, - [out,ref] samr_PwInfo *info - ); - - /************************/ - /* Function 0x39 */ - NTSTATUS samr_Connect2( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3a */ - /* - seems to be an exact alias for samr_SetUserInfo() - */ - [public] NTSTATUS samr_SetUserInfo2( - [in,ref] policy_handle *user_handle, - [in] uint16 level, - [in,ref,switch_is(level)] samr_UserInfo *info - ); - - /************************/ - /* Function 0x3b */ - /* - this one is mysterious. I have a few guesses, but nothing working yet - */ - NTSTATUS samr_SetBootKeyInformation( - [in,ref] policy_handle *connect_handle, - [in] uint32 unknown1, - [in] uint32 unknown2, - [in] uint32 unknown3 - ); - - /************************/ - /* Function 0x3c */ - NTSTATUS samr_GetBootKeyInformation( - [in,ref] policy_handle *domain_handle, - [out,ref] uint32 *unknown - ); - - /************************/ - /* Function 0x3d */ - NTSTATUS samr_Connect3( - [in,unique,string,charset(UTF16)] uint16 *system_name, - /* this unknown value seems to be completely ignored by w2k3 */ - [in] uint32 unknown, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3e */ - - typedef enum { - SAMR_CONNECT_PRE_W2K = 1, - SAMR_CONNECT_W2K = 2, - SAMR_CONNECT_AFTER_W2K = 3 - } samr_ConnectVersion; - - NTSTATUS samr_Connect4( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectVersion client_version, - [in] samr_ConnectAccessMask access_mask, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x3f */ - - typedef enum samr_RejectReason samr_RejectReason; - - typedef struct { - samr_RejectReason reason; - uint32 unknown1; - uint32 unknown2; - } samr_ChangeReject; - - NTSTATUS samr_ChangePasswordUser3( - [in,unique] lsa_String *server, - [in,ref] lsa_String *account, - [in,unique] samr_CryptPassword *nt_password, - [in,unique] samr_Password *nt_verifier, - [in] boolean8 lm_change, - [in,unique] samr_CryptPassword *lm_password, - [in,unique] samr_Password *lm_verifier, - [in,unique] samr_CryptPassword *password3, - [out,ref] samr_DomInfo1 **dominfo, - [out,ref] samr_ChangeReject **reject - ); - - /************************/ - /* Function 0x40 */ - - typedef struct { - samr_ConnectVersion client_version; /* w2k3 gives 3 */ - uint32 unknown2; /* w2k3 gives 0 */ - } samr_ConnectInfo1; - - typedef union { - [case(1)] samr_ConnectInfo1 info1; - } samr_ConnectInfo; - - [public] NTSTATUS samr_Connect5( - [in,unique,string,charset(UTF16)] uint16 *system_name, - [in] samr_ConnectAccessMask access_mask, - [in] uint32 level_in, - [in,ref,switch_is(level_in)] samr_ConnectInfo *info_in, - [out,ref] uint32 *level_out, - [out,ref,switch_is(*level_out)] samr_ConnectInfo *info_out, - [out,ref] policy_handle *connect_handle - ); - - /************************/ - /* Function 0x41 */ - NTSTATUS samr_RidToSid( - [in,ref] policy_handle *domain_handle, - [in] uint32 rid, - [out,ref] dom_sid2 **sid - ); - - /************************/ - /* Function 0x42 */ - - /* - this should set the DSRM password for the server, which is used - when booting into Directory Services Recovery Mode on a DC. Win2003 - gives me NT_STATUS_NOT_SUPPORTED - */ - - NTSTATUS samr_SetDsrmPassword( - [in,unique] lsa_String *name, - [in] uint32 unknown, - [in,unique] samr_Password *hash - ); - - - /************************/ - /* Function 0x43 */ - /************************/ - typedef [bitmap32bit] bitmap { - SAMR_VALIDATE_FIELD_PASSWORD_LAST_SET = 0x00000001, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_TIME = 0x00000002, - SAMR_VALIDATE_FIELD_LOCKOUT_TIME = 0x00000004, - SAMR_VALIDATE_FIELD_BAD_PASSWORD_COUNT = 0x00000008, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY_LENGTH = 0x00000010, - SAMR_VALIDATE_FIELD_PASSWORD_HISTORY = 0x00000020 - } samr_ValidateFieldsPresent; - - typedef enum { - NetValidateAuthentication = 1, - NetValidatePasswordChange= 2, - NetValidatePasswordReset = 3 - } samr_ValidatePasswordLevel; - - /* NetApi maps samr_ValidationStatus errors to WERRORs. Haven't - * identified the mapping of - * - NERR_PasswordFilterError - * - NERR_PasswordExpired and - * - NERR_PasswordCantChange - * yet - Guenther - */ - - typedef enum { - SAMR_VALIDATION_STATUS_SUCCESS = 0, - SAMR_VALIDATION_STATUS_PASSWORD_MUST_CHANGE = 1, - SAMR_VALIDATION_STATUS_ACCOUNT_LOCKED_OUT = 2, - SAMR_VALIDATION_STATUS_BAD_PASSWORD = 4, - SAMR_VALIDATION_STATUS_PWD_HISTORY_CONFLICT = 5, - SAMR_VALIDATION_STATUS_PWD_TOO_SHORT = 6, - SAMR_VALIDATION_STATUS_PWD_TOO_LONG = 7, - SAMR_VALIDATION_STATUS_NOT_COMPLEX_ENOUGH = 8, - SAMR_VALIDATION_STATUS_PASSWORD_TOO_RECENT = 9 - } samr_ValidationStatus; - - typedef struct { - uint32 length; - [size_is(length)] uint8 *data; - } samr_ValidationBlob; - - typedef struct { - samr_ValidateFieldsPresent fields_present; - NTTIME_hyper last_password_change; - NTTIME_hyper bad_password_time; - NTTIME_hyper lockout_time; - uint32 bad_pwd_count; - uint32 pwd_history_len; - [size_is(pwd_history_len)] samr_ValidationBlob *pwd_history; - } samr_ValidatePasswordInfo; - - typedef struct { - samr_ValidatePasswordInfo info; - samr_ValidationStatus status; - } samr_ValidatePasswordRepCtr; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordRepCtr ctr1; - [case(2)] samr_ValidatePasswordRepCtr ctr2; - [case(3)] samr_ValidatePasswordRepCtr ctr3; - } samr_ValidatePasswordRep; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 pwd_must_change_at_next_logon; - boolean8 clear_lockout; - } samr_ValidatePasswordReq3; - - typedef struct { - samr_ValidatePasswordInfo info; - lsa_StringLarge password; - lsa_StringLarge account; - samr_ValidationBlob hash; - boolean8 password_matched; - } samr_ValidatePasswordReq2; - - typedef struct { - samr_ValidatePasswordInfo info; - boolean8 password_matched; - } samr_ValidatePasswordReq1; - - typedef [switch_type(uint16)] union { - [case(1)] samr_ValidatePasswordReq1 req1; - [case(2)] samr_ValidatePasswordReq2 req2; - [case(3)] samr_ValidatePasswordReq3 req3; - } samr_ValidatePasswordReq; - - NTSTATUS samr_ValidatePassword( - [in] samr_ValidatePasswordLevel level, - [in,switch_is(level)] samr_ValidatePasswordReq *req, - [out,ref,switch_is(level)] samr_ValidatePasswordRep **rep - ); -} -- cgit From 676f3c1c5cc8c2790462ec618f821c31e34165c7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 10 Nov 2008 16:08:43 +0100 Subject: s3-build: re-run make samba3-idl (rid2sid). Guenther --- source3/librpc/gen_ndr/cli_samr.c | 2 +- source3/librpc/gen_ndr/cli_samr.h | 2 +- source3/librpc/gen_ndr/ndr_samr.c | 27 ++++++++++++++++++++++++--- source3/librpc/gen_ndr/samr.h | 2 +- source3/librpc/gen_ndr/srv_samr.c | 2 +- 5 files changed, 28 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_samr.c b/source3/librpc/gen_ndr/cli_samr.c index 179bd0007f..7edb790286 100644 --- a/source3/librpc/gen_ndr/cli_samr.c +++ b/source3/librpc/gen_ndr/cli_samr.c @@ -2838,7 +2838,7 @@ NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle /* [in] [ref] */, uint32_t rid /* [in] */, - struct dom_sid2 *sid /* [out] [ref] */) + struct dom_sid2 **sid /* [out] [ref] */) { struct samr_RidToSid r; NTSTATUS status; diff --git a/source3/librpc/gen_ndr/cli_samr.h b/source3/librpc/gen_ndr/cli_samr.h index 7216d0cf3d..b57d63334e 100644 --- a/source3/librpc/gen_ndr/cli_samr.h +++ b/source3/librpc/gen_ndr/cli_samr.h @@ -375,7 +375,7 @@ NTSTATUS rpccli_samr_RidToSid(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *domain_handle /* [in] [ref] */, uint32_t rid /* [in] */, - struct dom_sid2 *sid /* [out] [ref] */); + struct dom_sid2 **sid /* [out] [ref] */); NTSTATUS rpccli_samr_SetDsrmPassword(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct lsa_String *name /* [in] [unique] */, diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index f83d0f0875..e1b8fd17f9 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -11907,7 +11907,10 @@ static enum ndr_err_code ndr_push_samr_RidToSid(struct ndr_push *ndr, int flags, if (r->out.sid == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid)); + NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.sid)); + if (*r->out.sid) { + NDR_CHECK(ndr_push_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid)); + } NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -11915,8 +11918,10 @@ static enum ndr_err_code ndr_push_samr_RidToSid(struct ndr_push *ndr, int flags, static enum ndr_err_code ndr_pull_samr_RidToSid(struct ndr_pull *ndr, int flags, struct samr_RidToSid *r) { + uint32_t _ptr_sid; TALLOC_CTX *_mem_save_domain_handle_0; TALLOC_CTX *_mem_save_sid_0; + TALLOC_CTX *_mem_save_sid_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -11937,7 +11942,18 @@ static enum ndr_err_code ndr_pull_samr_RidToSid(struct ndr_pull *ndr, int flags, } _mem_save_sid_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.sid, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.sid)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sid)); + if (_ptr_sid) { + NDR_PULL_ALLOC(ndr, *r->out.sid); + } else { + *r->out.sid = NULL; + } + if (*r->out.sid) { + _mem_save_sid_1 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, *r->out.sid, 0); + NDR_CHECK(ndr_pull_dom_sid2(ndr, NDR_SCALARS|NDR_BUFFERS, *r->out.sid)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_1, 0); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sid_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } @@ -11966,7 +11982,12 @@ _PUBLIC_ void ndr_print_samr_RidToSid(struct ndr_print *ndr, const char *name, i ndr->depth++; ndr_print_ptr(ndr, "sid", r->out.sid); ndr->depth++; - ndr_print_dom_sid2(ndr, "sid", r->out.sid); + ndr_print_ptr(ndr, "sid", *r->out.sid); + ndr->depth++; + if (*r->out.sid) { + ndr_print_dom_sid2(ndr, "sid", *r->out.sid); + } + ndr->depth--; ndr->depth--; ndr_print_NTSTATUS(ndr, "result", r->out.result); ndr->depth--; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index 8ef6752dbf..d900c29d5e 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -1745,7 +1745,7 @@ struct samr_RidToSid { } in; struct { - struct dom_sid2 *sid;/* [ref] */ + struct dom_sid2 **sid;/* [ref] */ NTSTATUS result; } out; diff --git a/source3/librpc/gen_ndr/srv_samr.c b/source3/librpc/gen_ndr/srv_samr.c index 3e3a1cc6c1..f4facd2914 100644 --- a/source3/librpc/gen_ndr/srv_samr.c +++ b/source3/librpc/gen_ndr/srv_samr.c @@ -5202,7 +5202,7 @@ static bool api_samr_RidToSid(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.sid = talloc_zero(r, struct dom_sid2); + r->out.sid = talloc_zero(r, struct dom_sid2 *); if (r->out.sid == NULL) { talloc_free(r); return false; -- cgit From 39d42378b260240544b5649ff373fc15fbddaed8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 10 Nov 2008 09:51:39 +0100 Subject: [s3]make keytab filename argument mandatory to "net rpc vampire keytab" This prevents unintended overwriting of the default path /etc/krb5.keytab (e.g.). Michael --- source3/utils/net_rpc_samsync.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index c0922efe6b..73e6dd03cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -249,7 +249,10 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, return status; } - if (argc >= 1) { + if (argc < 1) { + /* the caller should ensure that a filename is provided */ + return NT_STATUS_INVALID_PARAMETER; + } else { ctx->output_filename = argv[0]; } @@ -299,9 +302,13 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, ctx->force_full_replication = c->opt_force_full_repl ? true : false; ctx->clean_old_entries = c->opt_clean_old_entries ? true : false; - if (argc >= 1) { + if (argc < 1) { + /* the caller should ensure that a filename is provided */ + return NT_STATUS_INVALID_PARAMETER; + } else { ctx->output_filename = argv[0]; } + if (argc >= 2) { ctx->object_dns = &argv[1]; ctx->object_count = argc - 1; @@ -342,9 +349,9 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) { int ret = 0; - if (c->display_usage) { + if (c->display_usage || (argc < 1)) { d_printf("Usage:\n" - "net rpc vampire keytab\n" + "net rpc vampire keytab \n" " Dump remote SAM database to Kerberos keytab file\n"); return 0; } -- cgit From 8076e50fad6346e3ca6e18a044ea01b31ca182dd Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Nov 2008 17:57:22 -0800 Subject: Added vfs_acl_tdb.c module to do ACLs completely in userspace. Passes all of RAW-ACLS except for the last test which uses a non-POSIX chown. More testing/documentation to follow. Jeremy. --- source3/Makefile.in | 5 + source3/configure.in | 3 +- source3/modules/vfs_acl_tdb.c | 843 ++++++++++++++++++++++++++++++++++++++++ source3/modules/vfs_acl_xattr.c | 98 ++--- 4 files changed, 904 insertions(+), 45 deletions(-) create mode 100644 source3/modules/vfs_acl_tdb.c (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index d216e1c11e..be075ad685 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -643,6 +643,7 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o VFS_SYNCOPS_OBJ = modules/vfs_syncops.o VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o +VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o @@ -2459,6 +2460,10 @@ bin/smb_traffic_analyzer.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SMB_TRAFFIC_ANALYZE @echo "Building plugin $@" @$(SHLD_MODULE) $(VFS_SMB_TRAFFIC_ANALYZER_OBJ) +bin/acl_tdb.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_TDB_OBJ) + @echo "Building plugin $@" + @$(SHLD_MODULE) $(VFS_ACL_TDB_OBJ) + bin/registry.@SHLIBEXT@: $(BINARY_PREREQS) libgpo/gpext/registry.o @echo "Building plugin $@" @$(SHLD_MODULE) libgpo/gpext/registry.o diff --git a/source3/configure.in b/source3/configure.in index 0aeefe4180..5e3eac55e2 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -399,7 +399,7 @@ dnl These have to be built static: default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin auth_netlogond vfs_default nss_info_template" dnl These are preferably build shared, and static if dlopen() is not available -default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_smb_traffic_analyzer" +default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr vfs_acl_tdb vfs_smb_traffic_analyzer" if test "x$developer" = xyes; then default_static_modules="$default_static_modules rpc_rpcecho" @@ -6087,6 +6087,7 @@ SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS) SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS) SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS) SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS) +SMB_MODULE(vfs_acl_tdb, \$(VFS_ACL_TDB_OBJ), "bin/acl_tdb.$SHLIBEXT", VFS) SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_traffic_analyzer.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c new file mode 100644 index 0000000000..be49bb798c --- /dev/null +++ b/source3/modules/vfs_acl_tdb.c @@ -0,0 +1,843 @@ +/* + * Store Windows ACLs in xattrs, or a tdb if configured that way. + * + * Copyright (C) Volker Lendecke, 2008 + * Copyright (C) Jeremy Allison, 2008 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* NOTE: This is an experimental module, not yet finished. JRA. */ + +#include "includes.h" +#include "librpc/gen_ndr/xattr.h" +#include "librpc/gen_ndr/ndr_xattr.h" + +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_VFS + +static unsigned int ref_count; +static struct db_context *acl_db; + +/******************************************************************* + Open acl_db if not already open, increment ref count. +*******************************************************************/ + +static bool acl_tdb_init(struct db_context **pp_db) +{ + const char *dbname; + + if (acl_db) { + *pp_db = acl_db; + ref_count++; + return true; + } + + dbname = lock_path("file_ntacls.tdb"); + + if (dbname == NULL) { + errno = ENOSYS; + return false; + } + + become_root(); + *pp_db = db_open(NULL, dbname, 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + unbecome_root(); + + if (*pp_db == NULL) { +#if defined(ENOTSUP) + errno = ENOTSUP; +#else + errno = ENOSYS; +#endif + return false; + } + + ref_count++; + return true; +} + +/******************************************************************* + Lower ref count and close acl_db if zero. +*******************************************************************/ + +static void free_acl_xattr_data(void **pptr) +{ + struct db_context **pp_db = (struct db_context **)pptr; + + ref_count--; + if (ref_count == 0) { + TALLOC_FREE(*pp_db); + acl_db = NULL; + } +} + +/******************************************************************* + Fetch_lock the tdb acl record for a file +*******************************************************************/ + +static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, + struct db_context *db, + const struct file_id *id) +{ + uint8 id_buf[16]; + push_file_id_16((char *)id_buf, id); + return db->fetch_locked(db, + mem_ctx, + make_tdb_data(id_buf, + sizeof(id_buf))); +} + +/******************************************************************* + Parse out a struct security_descriptor from a DATA_BLOB. +*******************************************************************/ + +static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, + uint32 security_info, + struct security_descriptor **ppdesc) +{ + TALLOC_CTX *ctx = talloc_tos(); + struct xattr_NTACL xacl; + enum ndr_err_code ndr_err; + size_t sd_size; + + ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl, + (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err);; + } + + if (xacl.version != 2) { + return NT_STATUS_REVISION_MISMATCH; + } + + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + (security_info & OWNER_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->owner_sid : NULL, + (security_info & GROUP_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->group_sid : NULL, + (security_info & SACL_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->sacl : NULL, + (security_info & DACL_SECURITY_INFORMATION) + ? xacl.info.sd_ts->sd->dacl : NULL, + &sd_size); + + TALLOC_FREE(xacl.info.sd); + + return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; +} + +/******************************************************************* + Pull a security descriptor into a DATA_BLOB from a tdb store. +*******************************************************************/ + +static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + TDB_DATA data; + struct file_id id; + struct db_context *db; + SMB_STRUCT_STAT sbuf; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (fsp && fsp->fh->fd != -1) { + if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } else { + if (SMB_VFS_STAT(handle->conn, name, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + push_file_id_16((char *)id_buf, &id); + + if (db->fetch(db, + ctx, + make_tdb_data(id_buf, sizeof(id_buf)), + &data) == -1) { + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + + pblob->data = data.dptr; + pblob->length = data.dsize; + + DEBUG(10,("get_acl_blob: returned %u bytes from file %s\n", + (unsigned int)data.dsize, name )); + + if (pblob->length == 0 || pblob->data == NULL) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } + return NT_STATUS_OK; +} + +/******************************************************************* + Create a DATA_BLOB from a security descriptor. +*******************************************************************/ + +static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) +{ + struct xattr_NTACL xacl; + struct security_descriptor_timestamp sd_ts; + enum ndr_err_code ndr_err; + TALLOC_CTX *ctx = talloc_tos(); + struct timespec curr = timespec_current(); + + ZERO_STRUCT(xacl); + ZERO_STRUCT(sd_ts); + + /* Horrid hack as setting an xattr changes the ctime + * on Linux. This gives a race of 1 second during + * which we would not see a POSIX ACL set. + */ + curr.tv_sec += 1; + + xacl.version = 2; + xacl.info.sd_ts = &sd_ts; + xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); + unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); + + DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", + timestring(ctx, curr.tv_sec) )); + + ndr_err = ndr_push_struct_blob( + pblob, ctx, &xacl, + (ndr_push_flags_fn_t)ndr_push_xattr_NTACL); + + if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { + DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n", + ndr_errstr(ndr_err))); + return ndr_map_error2ntstatus(ndr_err);; + } + + return NT_STATUS_OK; +} + +/******************************************************************* + Store a DATA_BLOB into a tdb record given an fsp pointer. +*******************************************************************/ + +static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, + files_struct *fsp, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + struct file_id id; + SMB_STRUCT_STAT sbuf; + TDB_DATA data; + struct db_context *db; + struct db_record *rec; + + DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n", + (unsigned int)pblob->length, fsp->fsp_name)); + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (fsp->fh->fd != -1) { + if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } else { + if (SMB_VFS_STAT(handle->conn, fsp->fsp_name, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + } + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + push_file_id_16((char *)id_buf, &id); + rec = db->fetch_locked(db, talloc_tos(), + make_tdb_data(id_buf, + sizeof(id_buf))); + if (rec == NULL) { + DEBUG(0, ("store_acl_blob_fsp_tdb: fetch_lock failed\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + data.dptr = pblob->data; + data.dsize = pblob->length; + return rec->store(rec, data, 0); +} + +/******************************************************************* + Store a DATA_BLOB into a tdb record given a pathname. +*******************************************************************/ + +static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, + const char *fname, + DATA_BLOB *pblob) +{ + uint8 id_buf[16]; + struct file_id id; + TDB_DATA data; + SMB_STRUCT_STAT sbuf; + struct db_context *db; + struct db_record *rec; + + DEBUG(10,("store_acl_blob_pathname: storing blob " + "length %u on file %s\n", + (unsigned int)pblob->length, fname)); + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + return NT_STATUS_INTERNAL_DB_CORRUPTION); + + if (SMB_VFS_STAT(handle->conn, fname, &sbuf) == -1) { + return map_nt_error_from_unix(errno); + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + push_file_id_16((char *)id_buf, &id); + + rec = db->fetch_locked(db, talloc_tos(), + make_tdb_data(id_buf, + sizeof(id_buf))); + if (rec == NULL) { + DEBUG(0, ("store_acl_blob_pathname_tdb: fetch_lock failed\n")); + return NT_STATUS_INTERNAL_DB_CORRUPTION; + } + data.dptr = pblob->data; + data.dsize = pblob->length; + return rec->store(rec, data, 0); +} + +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ + +static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + uint32 security_info, + struct security_descriptor **ppdesc) +{ + TALLOC_CTX *ctx = talloc_tos(); + DATA_BLOB blob; + NTSTATUS status; + + if (fsp && name == NULL) { + name = fsp->fsp_name; + } + + DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name)); + + status = get_acl_blob(ctx, handle, fsp, name, &blob); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status))); + return status; + } + + status = parse_acl_blob(&blob, security_info, ppdesc); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("parse_acl_blob returned %s\n", + nt_errstr(status))); + return status; + } + + TALLOC_FREE(blob.data); + return status; +} + +/********************************************************************* + Create a default security descriptor for a file in case no inheritance + exists. All permissions to the owner and SYSTEM. +*********************************************************************/ + +static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, + SMB_STRUCT_STAT *psbuf) +{ + struct dom_sid owner_sid, group_sid; + size_t sd_size; + struct security_ace *pace = NULL; + struct security_acl *pacl = NULL; + + uid_to_sid(&owner_sid, psbuf->st_uid); + gid_to_sid(&group_sid, psbuf->st_gid); + + pace = TALLOC_ARRAY(mem_ctx, struct security_ace, 2); + if (!pace) { + return NULL; + } + + init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, + SEC_RIGHTS_FILE_ALL, 0); + + pacl = make_sec_acl(mem_ctx, + NT4_ACL_REVISION, + 2, + pace); + if (!pacl) { + return NULL; + } + return make_sec_desc(mem_ctx, + SECURITY_DESCRIPTOR_REVISION_1, + SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + &owner_sid, + &group_sid, + NULL, + pacl, + &sd_size); +} + +/********************************************************************* +*********************************************************************/ + +static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, + const char *fname, + files_struct *fsp, + bool container) +{ + TALLOC_CTX *ctx = talloc_tos(); + NTSTATUS status; + struct security_descriptor *parent_desc = NULL; + struct security_descriptor *psd = NULL; + DATA_BLOB blob; + size_t size; + char *parent_name; + + if (!parent_dirname_talloc(ctx, + fname, + &parent_name, + NULL)) { + return NT_STATUS_NO_MEMORY; + } + + DEBUG(10,("inherit_new_acl: check directory %s\n", + parent_name)); + + status = get_nt_acl_xattr_internal(handle, + NULL, + parent_name, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &parent_desc); + if (NT_STATUS_IS_OK(status)) { + /* Create an inherited descriptor from the parent. */ + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: parent acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, parent_desc); + } + + status = se_create_child_secdesc(ctx, + &psd, + &size, + parent_desc, + &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], + &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], + container); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: child acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + + } else { + DEBUG(10,("inherit_new_acl: directory %s failed " + "to get acl %s\n", + parent_name, + nt_errstr(status) )); + } + + if (!psd || psd->dacl == NULL) { + SMB_STRUCT_STAT sbuf; + int ret; + + TALLOC_FREE(psd); + if (fsp && !fsp->is_directory && fsp->fh->fd != -1) { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } else { + ret = SMB_VFS_STAT(handle->conn,fname, &sbuf); + } + if (ret == -1) { + return map_nt_error_from_unix(errno); + } + psd = default_file_sd(ctx, &sbuf); + if (!psd) { + return NT_STATUS_NO_MEMORY; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: default acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + } + + status = create_acl_blob(psd, &blob); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if (fsp) { + return store_acl_blob_fsp(handle, fsp, &blob); + } else { + return store_acl_blob_pathname(handle, fname, &blob); + } +} + +/********************************************************************* + Check ACL on open. For new files inherit from parent directory. +*********************************************************************/ + +static int open_acl_xattr(vfs_handle_struct *handle, + const char *fname, + files_struct *fsp, + int flags, + mode_t mode) +{ + uint32_t access_granted = 0; + struct security_descriptor *pdesc = NULL; + bool file_existed = true; + NTSTATUS status = get_nt_acl_xattr_internal(handle, + NULL, + fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &pdesc); + if (NT_STATUS_IS_OK(status)) { + /* See if we can access it. */ + status = smb1_file_se_access_check(pdesc, + handle->conn->server_info->ptok, + fsp->access_mask, + &access_granted); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("open_acl_xattr: file %s open " + "refused with error %s\n", + fname, + nt_errstr(status) )); + errno = map_errno_from_nt_status(status); + return -1; + } + } else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) { + file_existed = false; + } + + DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " + "file %s returned %s\n", + fname, + nt_errstr(status) )); + + fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode); + + if (!file_existed && fsp->fh->fd != -1) { + /* File was created. Inherit from parent directory. */ + string_set(&fsp->fsp_name, fname); + inherit_new_acl(handle, fname, fsp, false); + } + + return fsp->fh->fd; +} + +/********************************************************************* + On unlink we need to delete the tdb record (if using tdb). +*********************************************************************/ + +static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) +{ + SMB_STRUCT_STAT sbuf; + struct file_id id; + struct db_context *db; + struct db_record *rec; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_UNLINK(handle, path); + + if (ret == -1) { + return -1; + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("unlink_acl_xattr: path %s rec == NULL\n", + path )); + TALLOC_FREE(rec); + return 0; + } + + rec->delete_rec(rec); + TALLOC_FREE(rec); + + return 0; +} + +/********************************************************************* + Store an inherited SD on mkdir. +*********************************************************************/ + +static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +{ + int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode); + + if (ret == -1) { + return ret; + } + /* New directory - inherit from parent. */ + inherit_new_acl(handle, path, NULL, true); + return ret; +} + +/********************************************************************* + On rmdir we need to delete the tdb record (if using tdb). +*********************************************************************/ + +static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) +{ + SMB_STRUCT_STAT sbuf; + struct file_id id; + struct db_context *db; + struct db_record *rec; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_RMDIR(handle, path); + + if (ret == -1) { + return -1; + } + + id = vfs_file_id_from_sbuf(handle->conn, &sbuf); + + rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("rmdir_acl_xattr: path %s rec == NULL\n", + path )); + TALLOC_FREE(rec); + return 0; + } + + rec->delete_rec(rec); + TALLOC_FREE(rec); + + return 0; +} + +/********************************************************************* + Fetch a security descriptor given an fsp. +*********************************************************************/ + +static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info, struct security_descriptor **ppdesc) +{ + NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp, + NULL, security_info, ppdesc); + if (NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fget_nt_acl_xattr: returning xattr sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, *ppdesc); + } + return NT_STATUS_OK; + } + + DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + fsp->fsp_name, + nt_errstr(status) )); + + return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, + security_info, ppdesc); +} + +/********************************************************************* + Fetch a security descriptor given a pathname. +*********************************************************************/ + +static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, + const char *name, uint32 security_info, struct security_descriptor **ppdesc) +{ + NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, + name, security_info, ppdesc); + if (NT_STATUS_IS_OK(status)) { + if (DEBUGLEVEL >= 10) { + DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n", + name)); + NDR_PRINT_DEBUG(security_descriptor, *ppdesc); + } + return NT_STATUS_OK; + } + + DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + name, + nt_errstr(status) )); + + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, + security_info, ppdesc); +} + +/********************************************************************* + Store a security descriptor given an fsp. +*********************************************************************/ + +static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, + uint32 security_info_sent, const struct security_descriptor *psd) +{ + NTSTATUS status; + DATA_BLOB blob; + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, + CONST_DISCARD(struct security_descriptor *,psd)); + } + + status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + /* Ensure owner and group are set. */ + if (!psd->owner_sid || !psd->group_sid) { + int ret; + SMB_STRUCT_STAT sbuf; + DOM_SID owner_sid, group_sid; + struct security_descriptor *nc_psd = dup_sec_desc(talloc_tos(), psd); + + if (!nc_psd) { + return NT_STATUS_OK; + } + if (fsp->is_directory || fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } + if (ret == -1) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + create_file_sids(&sbuf, &owner_sid, &group_sid); + /* This is safe as nc_psd is discarded at fn exit. */ + nc_psd->owner_sid = &owner_sid; + nc_psd->group_sid = &group_sid; + security_info_sent |= (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION); + psd = nc_psd; + } + + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + struct security_descriptor *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", + fsp->fsp_name)); + NDR_PRINT_DEBUG(security_descriptor, + CONST_DISCARD(struct security_descriptor *,psd)); + } + create_acl_blob(psd, &blob); + store_acl_blob_fsp(handle, fsp, &blob); + + return NT_STATUS_OK; +} + +/******************************************************************* + Handle opening the storage tdb if so configured. +*******************************************************************/ + +static int connect_acl_xattr(struct vfs_handle_struct *handle, + const char *service, + const char *user) +{ + struct db_context *db; + int res; + + res = SMB_VFS_NEXT_CONNECT(handle, service, user); + if (res < 0) { + return res; + } + + if (!acl_tdb_init(&db)) { + SMB_VFS_NEXT_DISCONNECT(handle); + return -1; + } + + SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_xattr_data, + struct db_context, return -1); + + return 0; +} + +/* VFS operations structure */ + +static vfs_op_tuple skel_op_tuples[] = +{ + {SMB_VFS_OP(connect_acl_xattr), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(unlink_acl_xattr), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + + /* NT File ACL operations */ + + {SMB_VFS_OP(fget_nt_acl_xattr),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} +}; + +NTSTATUS vfs_acl_xattr_init(void) +{ + return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_tdb", skel_op_tuples); +} diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index a5d93950f6..2b4e68bdea 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -27,8 +27,11 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS +/******************************************************************* + Parse out a struct security_descriptor from a DATA_BLOB. +*******************************************************************/ + static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, - const struct timespec cts, uint32 security_info, struct security_descriptor **ppdesc) { @@ -50,30 +53,6 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } -#if 0 - { - struct timespec ts; - /* Arg. This doesn't work. Too many activities - * change the ctime. May have to roll back to - * version 1. - */ - /* - * Check that the ctime timestamp is ealier - * than the stored timestamp. - */ - - ts = nt_time_to_unix_timespec(&xacl.info.sd_ts->last_changed); - - if (timespec_compare(&cts, &ts) > 0) { - DEBUG(5, ("parse_acl_blob: stored ACL out of date " - "(%s > %s.\n", - timestring(ctx, cts.tv_sec), - timestring(ctx, ts.tv_sec))); - return NT_STATUS_EA_CORRUPT_ERROR; - } - } -#endif - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) ? xacl.info.sd_ts->sd->owner_sid : NULL, @@ -90,6 +69,10 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY; } +/******************************************************************* + Pull a security descriptor into a DATA_BLOB from a xattr. +*******************************************************************/ + static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, vfs_handle_struct *handle, files_struct *fsp, @@ -144,6 +127,10 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, return NT_STATUS_OK; } +/******************************************************************* + Create a DATA_BLOB from a security descriptor. +*******************************************************************/ + static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; @@ -182,7 +169,12 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB return NT_STATUS_OK; } -static NTSTATUS store_acl_blob_fsp(files_struct *fsp, +/******************************************************************* + Store a DATA_BLOB into an xattr given an fsp pointer. +*******************************************************************/ + +static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, + files_struct *fsp, DATA_BLOB *pblob) { int ret; @@ -215,10 +207,15 @@ static NTSTATUS store_acl_blob_fsp(files_struct *fsp, return NT_STATUS_OK; } -static NTSTATUS store_acl_blob_pathname(connection_struct *conn, +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ + +static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, const char *fname, DATA_BLOB *pblob) { + connection_struct *conn = handle->conn; int ret; int saved_errno = 0; @@ -245,6 +242,9 @@ static NTSTATUS store_acl_blob_pathname(connection_struct *conn, return NT_STATUS_OK; } +/******************************************************************* + Store a DATA_BLOB into an xattr given a pathname. +*******************************************************************/ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, files_struct *fsp, @@ -254,7 +254,6 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, { TALLOC_CTX *ctx = talloc_tos(); DATA_BLOB blob; - SMB_STRUCT_STAT sbuf; NTSTATUS status; if (fsp && name == NULL) { @@ -269,18 +268,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, return status; } - if (fsp && fsp->fh->fd != -1) { - if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) { - return map_nt_error_from_unix(errno); - } - } else { - if (SMB_VFS_STAT(handle->conn, name, &sbuf) == -1) { - return map_nt_error_from_unix(errno); - } - } - - status = parse_acl_blob(&blob, get_ctimespec(&sbuf), - security_info, ppdesc); + status = parse_acl_blob(&blob, security_info, ppdesc); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("parse_acl_blob returned %s\n", nt_errstr(status))); @@ -427,9 +415,9 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } if (fsp) { - return store_acl_blob_fsp(fsp, &blob); + return store_acl_blob_fsp(handle, fsp, &blob); } else { - return store_acl_blob_pathname(handle->conn, fname, &blob); + return store_acl_blob_pathname(handle, fname, &blob); } } @@ -499,6 +487,10 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m return ret; } +/********************************************************************* + Fetch a security descriptor given an fsp. +*********************************************************************/ + static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { @@ -512,10 +504,19 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } return NT_STATUS_OK; } + + DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + fsp->fsp_name, + nt_errstr(status) )); + return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc); } +/********************************************************************* + Fetch a security descriptor given a pathname. +*********************************************************************/ + static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { @@ -529,10 +530,19 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, } return NT_STATUS_OK; } + + DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + name, + nt_errstr(status) )); + return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc); } +/********************************************************************* + Store a security descriptor given an fsp. +*********************************************************************/ + static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { @@ -602,7 +612,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, CONST_DISCARD(struct security_descriptor *,psd)); } create_acl_blob(psd, &blob); - store_acl_blob_fsp(fsp, &blob); + store_acl_blob_fsp(handle, fsp, &blob); return NT_STATUS_OK; } @@ -620,7 +630,7 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; NTSTATUS vfs_acl_xattr_init(void) -- cgit From d6be0ba672c5543ed9e7aa2d11dd1e26a3494649 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 10 Nov 2008 20:18:01 -0800 Subject: Fix the build (ndr_pull_struct_blob has a different signature in master). Jeremy. --- source3/modules/vfs_acl_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index be49bb798c..6deebf0ee6 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -112,7 +112,7 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, enum ndr_err_code ndr_err; size_t sd_size; - ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl, + ndr_err = ndr_pull_struct_blob(pblob, ctx, NULL, &xacl, (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From dee2c61ce0a5ff2485f4a0704c9d7288ca75cb52 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 11 Nov 2008 10:28:40 +0100 Subject: [s3]vfs_acl_tdb: fix the build. ndr_push_struct_blob has a different signature in master as well. Michael --- source3/modules/vfs_acl_tdb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 6deebf0ee6..202c1a8469 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -222,7 +222,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB timestring(ctx, curr.tv_sec) )); ndr_err = ndr_push_struct_blob( - pblob, ctx, &xacl, + pblob, ctx, NULL, &xacl, (ndr_push_flags_fn_t)ndr_push_xattr_NTACL); if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { -- cgit From 0baca66589d72acf7b3d6edf7c7d21fa17f98915 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Nov 2008 14:21:09 -0800 Subject: Fix bug 5889. "delete veto files = no" seems to break. Jeremy. --- source3/smbd/reply.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index be39fd464d..c363ed5609 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4989,8 +4989,16 @@ NTSTATUS rmdir_internals(TALLOC_CTX *ctx, } } - /* We only have veto files/directories. Recursive delete. */ + /* We only have veto files/directories. + * Are we allowed to delete them ? */ + if(!lp_recursive_veto_delete(SNUM(conn))) { + TALLOC_FREE(dir_hnd); + errno = ENOTEMPTY; + goto err; + } + + /* Do a recursive delete. */ RewindDir(dir_hnd,&dirpos); while ((dname = ReadDirName(dir_hnd,&dirpos))) { char *fullname = NULL; @@ -5016,9 +5024,8 @@ NTSTATUS rmdir_internals(TALLOC_CTX *ctx, break; } if(st.st_mode & S_IFDIR) { - if(lp_recursive_veto_delete(SNUM(conn))) { - if(!recursive_rmdir(ctx, conn, fullname)) - break; + if(!recursive_rmdir(ctx, conn, fullname)) { + break; } if(SMB_VFS_RMDIR(conn,fullname) != 0) { break; -- cgit From c62427c7fc7fd9c2c33faa25e931d4583bea905a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 11 Nov 2008 14:38:59 -0800 Subject: Fix bug 5891] : smbd crashed when viewing the eventlog exported by "eventlog list" Don't mix TALLOC and SAFE_FREE(). Jeremy. --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 3c7469f3ef..eec5b1d736 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -79,7 +79,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) /* get the security descriptor for the file */ sec_desc = get_nt_acl_no_snum( info, tdbname ); - SAFE_FREE( tdbname ); + TALLOC_FREE( tdbname ); if ( !sec_desc ) { DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", -- cgit From e6f8fd994567f85efd88b56e438816ee337f4f6e Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 11 Nov 2008 18:46:21 -0800 Subject: s3: Add support for make test to use a share dir outside of the prefix dir Some systems need to have the tdbs (and other files required for samba to run) on a different filesystem than the share directory that samba is exporting. This patch: - Adds an optional "shrdir" argument to selftest.sh - If shrdir is specified it will be used, otherwise the default will be used: "/tmp" - Adds a new configure option: --with-selftest-shrdir - Plumbs shrdir through Makefile.in and configure.in --- source3/Makefile.in | 3 ++- source3/m4/check_path.m4 | 16 ++++++++++++++++ source3/script/tests/selftest.sh | 28 +++++++++++++++++++++------- 3 files changed, 39 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index c048e193a6..6e40ba404a 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -17,6 +17,7 @@ localstatedir=@localstatedir@ datarootdir=@datarootdir@ selftest_prefix=@selftest_prefix@ +selftest_shrdir=@selftest_shrdir@ smbtorture4_path=@smbtorture4_path@ LIBS=@LIBS@ @@ -2846,7 +2847,7 @@ test_pam_modules:: pam_modules ## test:: all torture timelimit @echo Running Test suite - @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" + @LIB_PATH_VAR=$(LIB_PATH_VAR) PERL="$(PERL)" $(srcdir)/script/tests/selftest.sh ${selftest_prefix} all "${smbtorture4_path}" ${selftest_shrdir} valgrindtest:: all torture timelimit @echo Running Test suite with valgrind diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4 index 9c99468084..0cff397c93 100644 --- a/source3/m4/check_path.m4 +++ b/source3/m4/check_path.m4 @@ -275,6 +275,22 @@ AC_ARG_WITH(selftest-prefix, esac ]) +################################################# +# set shrdir for 'make test' +selftest_shrdir="" +AC_SUBST(selftest_shrdir) +AC_ARG_WITH(selftest-shrdir, +[AS_HELP_STRING([--with-selftest-shrdir=DIR], [The share directory that make test will be run against ($selftest_shrdir)])], +[ case "$withval" in + yes|no) + AC_MSG_WARN([--with-selftest-shrdir called without argument - will use default]) + ;; + * ) + selftest_shrdir="$withval" + ;; + esac +]) + ################################################# # set path of samba4's smbtorture smbtorture4_path="" diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index 0894b2507d..d41d0f36cf 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -1,7 +1,7 @@ #!/bin/sh -if [ $# != 3 ]; then - echo "$0 " +if [ $# != 3 -a $# != 4 ]; then + echo "$0 []" exit 1 fi @@ -38,7 +38,6 @@ PASSWORD=test SRCDIR="`dirname $0`/../.." BINDIR="`pwd`/bin" SCRIPTDIR=$SRCDIR/script/tests -SHRDIR=$PREFIX_ABS/tmp LIBDIR=$PREFIX_ABS/lib PIDDIR=$PREFIX_ABS/pid CONFFILE=$LIBDIR/client.conf @@ -113,8 +112,23 @@ mkdir -p $PRIVATEDIR $LIBDIR $PIDDIR $LOCKDIR $LOGDIR mkdir -p $SOCKET_WRAPPER_DIR mkdir -p $WINBINDD_SOCKET_DIR chmod 755 $WINBINDD_SOCKET_DIR -mkdir -p $PREFIX_ABS/tmp -chmod 777 $PREFIX_ABS/tmp + +## +## Create an alternate shrdir if one was specified. +## +if [ $# = 4 ]; then + ALT_SHRDIR=`echo $4 | sed s+//+/+` + mkdir -p $ALT_SHRDIR || exit $? + OLD_PWD=`pwd` + cd $ALT_SHRDIR || exit $? + SHRDIR=`pwd` + cd $OLD_PWD + /bin/rm -rf $SHRDIR/* +else + SHRDIR=$PREFIX_ABS/tmp + mkdir -p $SHRDIR +fi +chmod 777 $SHRDIR ## ## Create the common config include file with the basic settings @@ -184,7 +198,7 @@ cat >$SERVERCONFFILE< Date: Tue, 11 Nov 2008 00:06:07 +0100 Subject: s3-rpcclient: add ntsvcs_getdevlistsize command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 77 +++++++++++++++++++++--------------------- 1 file changed, 38 insertions(+), 39 deletions(-) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 377a8a2a00..b7dc718b51 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -75,44 +75,6 @@ static WERROR cmd_ntsvcs_validate_dev_inst(struct rpc_pipe_client *cli, return werr; } -static WERROR cmd_ntsvcs_get_device_list_size(struct rpc_pipe_client *cli, - TALLOC_CTX *mem_ctx, - int argc, - const char **argv) -{ - NTSTATUS status; - WERROR werr; - const char *devicename = NULL; - uint32_t flags = 0; - uint32_t size = 0; - - if (argc < 2 || argc > 4) { - printf("usage: %s [devicename] \n", argv[0]); - return WERR_OK; - } - - devicename = argv[1]; - - if (argc >= 3) { - flags = atoi(argv[2]); - } - - status = rpccli_PNP_GetDeviceListSize(cli, mem_ctx, - devicename, - &size, - flags, - &werr); - if (!NT_STATUS_IS_OK(status)) { - return ntstatus_to_werror(status); - } - - if (W_ERROR_IS_OK(werr)) { - printf("size: %d\n", size); - } - - return werr; -} - static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, int argc, @@ -215,15 +177,52 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_ntsvcs_get_dev_list_size(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + WERROR werr; + uint32_t size = 0; + uint32_t flags = 0; + const char *filter = NULL; + + if (argc > 3) { + printf("usage: %s [filter] [flags]\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + filter = argv[1]; + } + + if (argc >= 3) { + flags = atoi(argv[2]); + } + + status = rpccli_PNP_GetDeviceListSize(cli, mem_ctx, + filter, + &size, + flags, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + printf("size: %d\n", size); + + return werr; +} struct cmd_set ntsvcs_commands[] = { { "NTSVCS" }, { "ntsvcs_getversion", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_version, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS version", "" }, { "ntsvcs_validatedevinst", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_validate_dev_inst, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device instance", "" }, - { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_device_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS get device list", "" }, { "ntsvcs_hwprofflags", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_hw_prof_flags, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof flags", "" }, { "ntsvcs_hwprofinfo", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_hw_prof_info, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof info", "" }, { "ntsvcs_getdevregprop", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_reg_prop, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device registry property", "" }, + { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list size", "" }, { NULL } }; -- cgit From 17fe93f94b461c980d2deac648067101b22dae6a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 00:50:35 +0100 Subject: s3-rpcclient: add ntsvcs_getdevlist command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 46 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index b7dc718b51..a3ddde22a3 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -215,6 +215,51 @@ static WERROR cmd_ntsvcs_get_dev_list_size(struct rpc_pipe_client *cli, return werr; } +static WERROR cmd_ntsvcs_get_dev_list(struct rpc_pipe_client *cli, + TALLOC_CTX *mem_ctx, + int argc, + const char **argv) +{ + NTSTATUS status; + WERROR werr; + const char *filter = NULL; + uint16_t *buffer = NULL; + uint32_t length = 0; + uint32_t flags = 0; + + if (argc > 3) { + printf("usage: %s [length] [filter]\n", argv[0]); + return WERR_OK; + } + + if (argc >= 2) { + length = atoi(argv[1]); + } + + if (argc >= 3) { + filter = argv[2]; + } + + buffer = talloc(mem_ctx, uint16_t); + if (!buffer) { + return WERR_NOMEM; + } + + status = rpccli_PNP_GetDeviceList(cli, mem_ctx, + filter, + buffer, + &length, + flags, + &werr); + if (!NT_STATUS_IS_OK(status)) { + return ntstatus_to_werror(status); + } + + printf("devlist needs size: %d\n", length); + + return werr; +} + struct cmd_set ntsvcs_commands[] = { { "NTSVCS" }, @@ -224,5 +269,6 @@ struct cmd_set ntsvcs_commands[] = { { "ntsvcs_hwprofinfo", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_hw_prof_info, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS HW prof info", "" }, { "ntsvcs_getdevregprop", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_reg_prop, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device registry property", "" }, { "ntsvcs_getdevlistsize", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list_size, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list size", "" }, + { "ntsvcs_getdevlist", RPC_RTYPE_WERROR, NULL, cmd_ntsvcs_get_dev_list, &ndr_table_ntsvcs.syntax_id, NULL, "Query NTSVCS device list", "" }, { NULL } }; -- cgit From 0241b2cbdaf3f7f33ac5c15326957de7be734305 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:23:38 +0100 Subject: s3-rpcclient: some corrections for the PNP_GetDeviceRegProp client. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index a3ddde22a3..20d6928473 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -148,11 +148,11 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, WERROR werr; const char *devicepath = NULL; uint32_t property = DEV_REGPROP_DESC; - uint32_t unknown1 = 0; + uint32_t reg_data_type = REG_NONE; uint8_t buffer; uint32_t buffer_size = 0; - uint32_t unknown2 = 0; - uint32_t unknown3 = 0; + uint32_t needed = 0; + uint32_t flags = 0; if (argc < 2) { printf("usage: %s [devicepath]\n", argv[0]); @@ -161,14 +161,19 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, devicepath = argv[1]; + if (argc >= 3) { + buffer_size = atoi(argv[2]); + needed = buffer_size; + } + status = rpccli_PNP_GetDeviceRegProp(cli, mem_ctx, devicepath, property, - &unknown1, + ®_data_type, &buffer, &buffer_size, - &unknown2, - unknown3, + &needed, + flags, &werr); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); -- cgit From 0a77b1827d62945b4a308ae6cf23e9fb2bacdb24 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:18:55 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 2 +- source3/librpc/gen_ndr/cli_ntsvcs.h | 2 +- source3/librpc/gen_ndr/ndr_ntsvcs.c | 13 +++++++------ source3/librpc/gen_ndr/ntsvcs.h | 5 +++-- 4 files changed, 12 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index f8ef7a99ad..ada700f6fa 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -564,7 +564,7 @@ NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *devicepath /* [in] [ref,charset(UTF16)] */, uint32_t property /* [in] */, - uint32_t *reg_data_type /* [in,out] [ref] */, + enum winreg_Type *reg_data_type /* [in,out] [ref] */, uint8_t *buffer /* [out] [ref,length_is(*buffer_size),size_is(*buffer_size)] */, uint32_t *buffer_size /* [in,out] [ref] */, uint32_t *needed /* [in,out] [ref] */, diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 4ed8a401ec..7de018c03c 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -54,7 +54,7 @@ NTSTATUS rpccli_PNP_GetDeviceRegProp(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, const char *devicepath /* [in] [ref,charset(UTF16)] */, uint32_t property /* [in] */, - uint32_t *reg_data_type /* [in,out] [ref] */, + enum winreg_Type *reg_data_type /* [in,out] [ref] */, uint8_t *buffer /* [out] [ref,length_is(*buffer_size),size_is(*buffer_size)] */, uint32_t *buffer_size /* [in,out] [ref] */, uint32_t *needed /* [in,out] [ref] */, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index 35d02a0dcb..e1ed43e040 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3,6 +3,7 @@ #include "includes.h" #include "librpc/gen_ndr/ndr_ntsvcs.h" +#include "librpc/gen_ndr/ndr_winreg.h" static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_flags, const struct PNP_HwProfInfo *r) { uint32_t cntr_unknown2_0; @@ -818,7 +819,7 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int if (r->in.reg_data_type == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.reg_data_type)); + NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->in.reg_data_type)); if (r->in.buffer_size == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -833,7 +834,7 @@ static enum ndr_err_code ndr_push_PNP_GetDeviceRegProp(struct ndr_push *ndr, int if (r->out.reg_data_type == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.reg_data_type)); + NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, *r->out.reg_data_type)); if (r->out.buffer == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -875,7 +876,7 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int } _mem_save_reg_data_type_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.reg_data_type, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.reg_data_type)); + NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->in.reg_data_type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->in.buffer_size); @@ -907,7 +908,7 @@ static enum ndr_err_code ndr_pull_PNP_GetDeviceRegProp(struct ndr_pull *ndr, int } _mem_save_reg_data_type_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.reg_data_type, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.reg_data_type)); + NDR_CHECK(ndr_pull_winreg_Type(ndr, NDR_SCALARS, r->out.reg_data_type)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_reg_data_type_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); NDR_CHECK(ndr_pull_array_length(ndr, &r->out.buffer)); @@ -960,7 +961,7 @@ _PUBLIC_ void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char * ndr_print_uint32(ndr, "property", r->in.property); ndr_print_ptr(ndr, "reg_data_type", r->in.reg_data_type); ndr->depth++; - ndr_print_uint32(ndr, "reg_data_type", *r->in.reg_data_type); + ndr_print_winreg_Type(ndr, "reg_data_type", *r->in.reg_data_type); ndr->depth--; ndr_print_ptr(ndr, "buffer_size", r->in.buffer_size); ndr->depth++; @@ -978,7 +979,7 @@ _PUBLIC_ void ndr_print_PNP_GetDeviceRegProp(struct ndr_print *ndr, const char * ndr->depth++; ndr_print_ptr(ndr, "reg_data_type", r->out.reg_data_type); ndr->depth++; - ndr_print_uint32(ndr, "reg_data_type", *r->out.reg_data_type); + ndr_print_winreg_Type(ndr, "reg_data_type", *r->out.reg_data_type); ndr->depth--; ndr_print_ptr(ndr, "buffer", r->out.buffer); ndr->depth++; diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index b56b552ae2..bfe503e5d3 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -2,6 +2,7 @@ #include +#include "librpc/gen_ndr/winreg.h" #ifndef _HEADER_ntsvcs #define _HEADER_ntsvcs @@ -142,14 +143,14 @@ struct PNP_GetDeviceRegProp { const char *devicepath;/* [ref,charset(UTF16)] */ uint32_t property; uint32_t flags; - uint32_t *reg_data_type;/* [ref] */ + enum winreg_Type *reg_data_type;/* [ref] */ uint32_t *buffer_size;/* [ref] */ uint32_t *needed;/* [ref] */ } in; struct { uint8_t *buffer;/* [ref,length_is(*buffer_size),size_is(*buffer_size)] */ - uint32_t *reg_data_type;/* [ref] */ + enum winreg_Type *reg_data_type;/* [ref] */ uint32_t *buffer_size;/* [ref] */ uint32_t *needed;/* [ref] */ WERROR result; -- cgit From 2ea5e222c581fd7709345dfbc51c8f0565f7bb67 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:36:08 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 30 ++++---- source3/librpc/gen_ndr/cli_ntsvcs.h | 12 ++-- source3/librpc/gen_ndr/ndr_ntsvcs.c | 134 ++++++++++++++++++------------------ source3/librpc/gen_ndr/ntsvcs.h | 16 ++--- source3/librpc/gen_ndr/srv_ntsvcs.c | 4 +- 5 files changed, 98 insertions(+), 98 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index ada700f6fa..5803af4072 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -1686,29 +1686,29 @@ NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli, NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32_t unknown1 /* [in] */, + uint32_t action /* [in] */, const char *devicepath /* [in] [ref,charset(UTF16)] */, - uint32_t unknown2 /* [in] */, - uint32_t *unknown3 /* [in,out] [ref] */, - uint16_t *unknown4 /* [in,out] [unique] */, + uint32_t config /* [in] */, + uint32_t *profile_flags /* [in,out] [ref] */, + uint16_t *veto_type /* [in,out] [unique] */, const char *unknown5 /* [in] [unique,charset(UTF16)] */, const char **unknown5a /* [out] [unique,charset(UTF16)] */, - uint32_t unknown6 /* [in] */, - uint32_t unknown7 /* [in] */, + uint32_t name_length /* [in] */, + uint32_t flags /* [in] */, WERROR *werror) { struct PNP_HwProfFlags r; NTSTATUS status; /* In parameters */ - r.in.unknown1 = unknown1; + r.in.action = action; r.in.devicepath = devicepath; - r.in.unknown2 = unknown2; - r.in.unknown3 = unknown3; - r.in.unknown4 = unknown4; + r.in.config = config; + r.in.profile_flags = profile_flags; + r.in.veto_type = veto_type; r.in.unknown5 = unknown5; - r.in.unknown6 = unknown6; - r.in.unknown7 = unknown7; + r.in.name_length = name_length; + r.in.flags = flags; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(PNP_HwProfFlags, &r); @@ -1733,9 +1733,9 @@ NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, } /* Return variables */ - *unknown3 = *r.out.unknown3; - if (unknown4 && r.out.unknown4) { - *unknown4 = *r.out.unknown4; + *profile_flags = *r.out.profile_flags; + if (veto_type && r.out.veto_type) { + *veto_type = *r.out.veto_type; } if (unknown5a && r.out.unknown5a) { *unknown5a = *r.out.unknown5a; diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 7de018c03c..05c6ed411b 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -140,15 +140,15 @@ NTSTATUS rpccli_PNP_RequestEjectPC(struct rpc_pipe_client *cli, WERROR *werror); NTSTATUS rpccli_PNP_HwProfFlags(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - uint32_t unknown1 /* [in] */, + uint32_t action /* [in] */, const char *devicepath /* [in] [ref,charset(UTF16)] */, - uint32_t unknown2 /* [in] */, - uint32_t *unknown3 /* [in,out] [ref] */, - uint16_t *unknown4 /* [in,out] [unique] */, + uint32_t config /* [in] */, + uint32_t *profile_flags /* [in,out] [ref] */, + uint16_t *veto_type /* [in,out] [unique] */, const char *unknown5 /* [in] [unique,charset(UTF16)] */, const char **unknown5a /* [out] [unique,charset(UTF16)] */, - uint32_t unknown6 /* [in] */, - uint32_t unknown7 /* [in] */, + uint32_t name_length /* [in] */, + uint32_t flags /* [in] */, WERROR *werror); NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index e1ed43e040..a382b0696d 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -2068,7 +2068,7 @@ _PUBLIC_ void ndr_print_PNP_RequestEjectPC(struct ndr_print *ndr, const char *na static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flags, const struct PNP_HwProfFlags *r) { if (flags & NDR_IN) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.action)); if (r->in.devicepath == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -2076,14 +2076,14 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.devicepath, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.devicepath, ndr_charset_length(r->in.devicepath, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); - if (r->in.unknown3 == NULL) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.config)); + if (r->in.profile_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.unknown3)); - NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown4)); - if (r->in.unknown4) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.unknown4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.profile_flags)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.veto_type)); + if (r->in.veto_type) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->in.veto_type)); } NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.unknown5)); if (r->in.unknown5) { @@ -2092,17 +2092,17 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.unknown5, CH_UTF16))); NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.unknown5, ndr_charset_length(r->in.unknown5, CH_UTF16), sizeof(uint16_t), CH_UTF16)); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown6)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown7)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.name_length)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); } if (flags & NDR_OUT) { - if (r->out.unknown3 == NULL) { + if (r->out.profile_flags == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.unknown3)); - NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown4)); - if (r->out.unknown4) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.unknown4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.profile_flags)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.veto_type)); + if (r->out.veto_type) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, *r->out.veto_type)); } NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.unknown5a)); if (r->out.unknown5a) { @@ -2121,18 +2121,18 @@ static enum ndr_err_code ndr_push_PNP_HwProfFlags(struct ndr_push *ndr, int flag static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flags, struct PNP_HwProfFlags *r) { - uint32_t _ptr_unknown4; + uint32_t _ptr_veto_type; uint32_t _ptr_unknown5; uint32_t _ptr_unknown5a; - TALLOC_CTX *_mem_save_unknown3_0; - TALLOC_CTX *_mem_save_unknown4_0; + TALLOC_CTX *_mem_save_profile_flags_0; + TALLOC_CTX *_mem_save_veto_type_0; TALLOC_CTX *_mem_save_unknown5_0; TALLOC_CTX *_mem_save_unknown5a_0; TALLOC_CTX *_mem_save_unknown5a_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.action)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.devicepath)); NDR_CHECK(ndr_pull_array_length(ndr, &r->in.devicepath)); if (ndr_get_array_length(ndr, &r->in.devicepath) > ndr_get_array_size(ndr, &r->in.devicepath)) { @@ -2140,25 +2140,25 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag } NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t))); NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.devicepath, ndr_get_array_length(ndr, &r->in.devicepath), sizeof(uint16_t), CH_UTF16)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.config)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->in.unknown3); - } - _mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown3, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.unknown3)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4)); - if (_ptr_unknown4) { - NDR_PULL_ALLOC(ndr, r->in.unknown4); + NDR_PULL_ALLOC(ndr, r->in.profile_flags); + } + _mem_save_profile_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.profile_flags, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.profile_flags)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_profile_flags_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_veto_type)); + if (_ptr_veto_type) { + NDR_PULL_ALLOC(ndr, r->in.veto_type); } else { - r->in.unknown4 = NULL; + r->in.veto_type = NULL; } - if (r->in.unknown4) { - _mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->in.unknown4, 0); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.unknown4)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); + if (r->in.veto_type) { + _mem_save_veto_type_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.veto_type, 0); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->in.veto_type)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_veto_type_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5)); if (_ptr_unknown5) { @@ -2178,30 +2178,30 @@ static enum ndr_err_code ndr_pull_PNP_HwProfFlags(struct ndr_pull *ndr, int flag NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.unknown5, ndr_get_array_length(ndr, &r->in.unknown5), sizeof(uint16_t), CH_UTF16)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown5_0, 0); } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown6)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown7)); - NDR_PULL_ALLOC(ndr, r->out.unknown3); - *r->out.unknown3 = *r->in.unknown3; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.name_length)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); + NDR_PULL_ALLOC(ndr, r->out.profile_flags); + *r->out.profile_flags = *r->in.profile_flags; } if (flags & NDR_OUT) { if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->out.unknown3); - } - _mem_save_unknown3_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown3, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.unknown3)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown3_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown4)); - if (_ptr_unknown4) { - NDR_PULL_ALLOC(ndr, r->out.unknown4); + NDR_PULL_ALLOC(ndr, r->out.profile_flags); + } + _mem_save_profile_flags_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.profile_flags, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.profile_flags)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_profile_flags_0, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_veto_type)); + if (_ptr_veto_type) { + NDR_PULL_ALLOC(ndr, r->out.veto_type); } else { - r->out.unknown4 = NULL; + r->out.veto_type = NULL; } - if (r->out.unknown4) { - _mem_save_unknown4_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.unknown4, 0); - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.unknown4)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_unknown4_0, 0); + if (r->out.veto_type) { + _mem_save_veto_type_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.veto_type, 0); + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, r->out.veto_type)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_veto_type_0, 0); } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_unknown5a)); if (_ptr_unknown5a) { @@ -2247,20 +2247,20 @@ _PUBLIC_ void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, if (flags & NDR_IN) { ndr_print_struct(ndr, "in", "PNP_HwProfFlags"); ndr->depth++; - ndr_print_uint32(ndr, "unknown1", r->in.unknown1); + ndr_print_uint32(ndr, "action", r->in.action); ndr_print_ptr(ndr, "devicepath", r->in.devicepath); ndr->depth++; ndr_print_string(ndr, "devicepath", r->in.devicepath); ndr->depth--; - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); - ndr_print_ptr(ndr, "unknown3", r->in.unknown3); + ndr_print_uint32(ndr, "config", r->in.config); + ndr_print_ptr(ndr, "profile_flags", r->in.profile_flags); ndr->depth++; - ndr_print_uint32(ndr, "unknown3", *r->in.unknown3); + ndr_print_uint32(ndr, "profile_flags", *r->in.profile_flags); ndr->depth--; - ndr_print_ptr(ndr, "unknown4", r->in.unknown4); + ndr_print_ptr(ndr, "veto_type", r->in.veto_type); ndr->depth++; - if (r->in.unknown4) { - ndr_print_uint16(ndr, "unknown4", *r->in.unknown4); + if (r->in.veto_type) { + ndr_print_uint16(ndr, "veto_type", *r->in.veto_type); } ndr->depth--; ndr_print_ptr(ndr, "unknown5", r->in.unknown5); @@ -2269,21 +2269,21 @@ _PUBLIC_ void ndr_print_PNP_HwProfFlags(struct ndr_print *ndr, const char *name, ndr_print_string(ndr, "unknown5", r->in.unknown5); } ndr->depth--; - ndr_print_uint32(ndr, "unknown6", r->in.unknown6); - ndr_print_uint32(ndr, "unknown7", r->in.unknown7); + ndr_print_uint32(ndr, "name_length", r->in.name_length); + ndr_print_uint32(ndr, "flags", r->in.flags); ndr->depth--; } if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "PNP_HwProfFlags"); ndr->depth++; - ndr_print_ptr(ndr, "unknown3", r->out.unknown3); + ndr_print_ptr(ndr, "profile_flags", r->out.profile_flags); ndr->depth++; - ndr_print_uint32(ndr, "unknown3", *r->out.unknown3); + ndr_print_uint32(ndr, "profile_flags", *r->out.profile_flags); ndr->depth--; - ndr_print_ptr(ndr, "unknown4", r->out.unknown4); + ndr_print_ptr(ndr, "veto_type", r->out.veto_type); ndr->depth++; - if (r->out.unknown4) { - ndr_print_uint16(ndr, "unknown4", *r->out.unknown4); + if (r->out.veto_type) { + ndr_print_uint16(ndr, "veto_type", *r->out.veto_type); } ndr->depth--; ndr_print_ptr(ndr, "unknown5a", r->out.unknown5a); diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index bfe503e5d3..5502270bca 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -369,20 +369,20 @@ struct PNP_RequestEjectPC { struct PNP_HwProfFlags { struct { - uint32_t unknown1; + uint32_t action; const char *devicepath;/* [ref,charset(UTF16)] */ - uint32_t unknown2; + uint32_t config; const char *unknown5;/* [unique,charset(UTF16)] */ - uint32_t unknown6; - uint32_t unknown7; - uint32_t *unknown3;/* [ref] */ - uint16_t *unknown4;/* [unique] */ + uint32_t name_length; + uint32_t flags; + uint32_t *profile_flags;/* [ref] */ + uint16_t *veto_type;/* [unique] */ } in; struct { const char **unknown5a;/* [unique,charset(UTF16)] */ - uint32_t *unknown3;/* [ref] */ - uint16_t *unknown4;/* [unique] */ + uint32_t *profile_flags;/* [ref] */ + uint16_t *veto_type;/* [unique] */ WERROR result; } out; diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.c b/source3/librpc/gen_ndr/srv_ntsvcs.c index 87f5d51695..ae28b9932e 100644 --- a/source3/librpc/gen_ndr/srv_ntsvcs.c +++ b/source3/librpc/gen_ndr/srv_ntsvcs.c @@ -2997,8 +2997,8 @@ static bool api_PNP_HwProfFlags(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.unknown3 = r->in.unknown3; - r->out.unknown4 = r->in.unknown4; + r->out.profile_flags = r->in.profile_flags; + r->out.veto_type = r->in.veto_type; r->out.unknown5a = talloc_zero(r, const char *); if (r->out.unknown5a == NULL) { talloc_free(r); -- cgit From 0bb86657311cc753f258b9f10c2204ded3832c2c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:28:05 +0100 Subject: s3-rpcclient: correct some former unknonws in cmd_ntsvcs_hw_prof_flags command. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 20d6928473..7a25352943 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -83,8 +83,8 @@ static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, NTSTATUS status; WERROR werr; const char *devicepath = NULL; - uint32_t unk3 = 0; - uint16_t unk4 = 0; + uint32_t profile_flags = 0; + uint16_t veto_type = 0; const char *unk5 = NULL; const char *unk5a = NULL; @@ -99,8 +99,8 @@ static WERROR cmd_ntsvcs_hw_prof_flags(struct rpc_pipe_client *cli, 0, devicepath, 0, - &unk3, - &unk4, + &profile_flags, + &veto_type, unk5, &unk5a, 0, -- cgit From 1f87fc798d58dc27152b236e6e66c89684007b2a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:21:53 +0100 Subject: ntsvcs: use both named-pipe endpoints. Guenther --- source3/librpc/gen_ndr/ndr_ntsvcs.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index a382b0696d..717792861d 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3857,10 +3857,11 @@ static const struct ndr_interface_call ntsvcs_calls[] = { static const char * const ntsvcs_endpoint_strings[] = { "ncacn_np:[\\pipe\\ntsvcs]", + "ncacn_np:[\\pipe\\plugplay]", }; static const struct ndr_interface_string_array ntsvcs_endpoints = { - .count = 1, + .count = 2, .names = ntsvcs_endpoint_strings }; -- cgit From 92f64d3df59845edc421ea3607d0fee9059d39e8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 09:30:46 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_ntsvcs.c | 8 +++---- source3/librpc/gen_ndr/cli_ntsvcs.h | 4 ++-- source3/librpc/gen_ndr/ndr_ntsvcs.c | 46 ++++++++++++++++++------------------- source3/librpc/gen_ndr/ntsvcs.h | 10 ++++---- 4 files changed, 34 insertions(+), 34 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.c b/source3/librpc/gen_ndr/cli_ntsvcs.c index 5803af4072..0f97970e0b 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.c +++ b/source3/librpc/gen_ndr/cli_ntsvcs.c @@ -1753,8 +1753,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32_t idx /* [in] */, struct PNP_HwProfInfo *info /* [in,out] [ref] */, - uint32_t unknown1 /* [in] */, - uint32_t unknown2 /* [in] */, + uint32_t size /* [in] */, + uint32_t flags /* [in] */, WERROR *werror) { struct PNP_GetHwProfInfo r; @@ -1763,8 +1763,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, /* In parameters */ r.in.idx = idx; r.in.info = info; - r.in.unknown1 = unknown1; - r.in.unknown2 = unknown2; + r.in.size = size; + r.in.flags = flags; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(PNP_GetHwProfInfo, &r); diff --git a/source3/librpc/gen_ndr/cli_ntsvcs.h b/source3/librpc/gen_ndr/cli_ntsvcs.h index 05c6ed411b..fc4a9f4a71 100644 --- a/source3/librpc/gen_ndr/cli_ntsvcs.h +++ b/source3/librpc/gen_ndr/cli_ntsvcs.h @@ -154,8 +154,8 @@ NTSTATUS rpccli_PNP_GetHwProfInfo(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32_t idx /* [in] */, struct PNP_HwProfInfo *info /* [in,out] [ref] */, - uint32_t unknown1 /* [in] */, - uint32_t unknown2 /* [in] */, + uint32_t size /* [in] */, + uint32_t flags /* [in] */, WERROR *werror); NTSTATUS rpccli_PNP_AddEmptyLogConf(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index 717792861d..a63ed6f77a 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -6,14 +6,14 @@ #include "librpc/gen_ndr/ndr_winreg.h" static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_flags, const struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown1)); - for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) { - NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->unknown2[cntr_unknown2_0])); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->profile_handle)); + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->friendly_name[cntr_friendly_name_0])); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->unknown3)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->flags)); } if (ndr_flags & NDR_BUFFERS) { } @@ -22,14 +22,14 @@ static enum ndr_err_code ndr_push_PNP_HwProfInfo(struct ndr_push *ndr, int ndr_f static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_flags, struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 4)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown1)); - for (cntr_unknown2_0 = 0; cntr_unknown2_0 < 160; cntr_unknown2_0++) { - NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->unknown2[cntr_unknown2_0])); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->profile_handle)); + for (cntr_friendly_name_0 = 0; cntr_friendly_name_0 < 80; cntr_friendly_name_0++) { + NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->friendly_name[cntr_friendly_name_0])); } - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->unknown3)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->flags)); } if (ndr_flags & NDR_BUFFERS) { } @@ -38,21 +38,21 @@ static enum ndr_err_code ndr_pull_PNP_HwProfInfo(struct ndr_pull *ndr, int ndr_f _PUBLIC_ void ndr_print_PNP_HwProfInfo(struct ndr_print *ndr, const char *name, const struct PNP_HwProfInfo *r) { - uint32_t cntr_unknown2_0; + uint32_t cntr_friendly_name_0; ndr_print_struct(ndr, name, "PNP_HwProfInfo"); ndr->depth++; - ndr_print_uint32(ndr, "unknown1", r->unknown1); - ndr->print(ndr, "%s: ARRAY(%d)", "unknown2", (int)160); + ndr_print_uint32(ndr, "profile_handle", r->profile_handle); + ndr->print(ndr, "%s: ARRAY(%d)", "friendly_name", (int)80); ndr->depth++; - for (cntr_unknown2_0=0;cntr_unknown2_0<160;cntr_unknown2_0++) { + for (cntr_friendly_name_0=0;cntr_friendly_name_0<80;cntr_friendly_name_0++) { char *idx_0=NULL; - if (asprintf(&idx_0, "[%d]", cntr_unknown2_0) != -1) { - ndr_print_uint16(ndr, "unknown2", r->unknown2[cntr_unknown2_0]); + if (asprintf(&idx_0, "[%d]", cntr_friendly_name_0) != -1) { + ndr_print_uint16(ndr, "friendly_name", r->friendly_name[cntr_friendly_name_0]); free(idx_0); } } ndr->depth--; - ndr_print_uint32(ndr, "unknown3", r->unknown3); + ndr_print_uint32(ndr, "flags", r->flags); ndr->depth--; } @@ -2311,8 +2311,8 @@ static enum ndr_err_code ndr_push_PNP_GetHwProfInfo(struct ndr_push *ndr, int fl return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown1)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); } if (flags & NDR_OUT) { if (r->out.info == NULL) { @@ -2338,8 +2338,8 @@ static enum ndr_err_code ndr_pull_PNP_GetHwProfInfo(struct ndr_pull *ndr, int fl NDR_PULL_SET_MEM_CTX(ndr, r->in.info, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_PNP_HwProfInfo(ndr, NDR_SCALARS, r->in.info)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_info_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown1)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); NDR_PULL_ALLOC(ndr, r->out.info); *r->out.info = *r->in.info; } @@ -2371,8 +2371,8 @@ _PUBLIC_ void ndr_print_PNP_GetHwProfInfo(struct ndr_print *ndr, const char *nam ndr->depth++; ndr_print_PNP_HwProfInfo(ndr, "info", r->in.info); ndr->depth--; - ndr_print_uint32(ndr, "unknown1", r->in.unknown1); - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); + ndr_print_uint32(ndr, "size", r->in.size); + ndr_print_uint32(ndr, "flags", r->in.flags); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ntsvcs.h b/source3/librpc/gen_ndr/ntsvcs.h index 5502270bca..5021aa2252 100644 --- a/source3/librpc/gen_ndr/ntsvcs.h +++ b/source3/librpc/gen_ndr/ntsvcs.h @@ -8,9 +8,9 @@ #define DEV_REGPROP_DESC ( 1 ) struct PNP_HwProfInfo { - uint32_t unknown1; - uint16_t unknown2[160]; - uint32_t unknown3; + uint32_t profile_handle; + uint16_t friendly_name[80]; + uint32_t flags; }; @@ -392,8 +392,8 @@ struct PNP_HwProfFlags { struct PNP_GetHwProfInfo { struct { uint32_t idx; - uint32_t unknown1; - uint32_t unknown2; + uint32_t size; + uint32_t flags; struct PNP_HwProfInfo *info;/* [ref] */ } in; -- cgit From 7f36d3b55051150b9d4fa75af424898f48c48771 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 12 Nov 2008 14:27:51 +0100 Subject: pam_winbind: fix what data we put into the blobs. Guenther --- source3/nsswitch/pam_winbind.c | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1c927259e5..0c861e9f97 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -1615,14 +1615,16 @@ static int winbind_auth_request(struct pwb_context *ctx, logon.username = user; logon.password = pass; - wbc_status = wbcAddNamedBlob(&logon.num_blobs, - &logon.blobs, - "krb5_cc_type", - 0, - (uint8_t *)cctype, - strlen(cctype)+1); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto done; + if (cctype) { + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "krb5_cc_type", + 0, + (uint8_t *)cctype, + strlen(cctype)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } } wbc_status = wbcAddNamedBlob(&logon.num_blobs, @@ -1645,14 +1647,16 @@ static int winbind_auth_request(struct pwb_context *ctx, goto done; } - wbc_status = wbcAddNamedBlob(&logon.num_blobs, - &logon.blobs, - "membership_of", - 0, - (uint8_t *)membership_of, - sizeof(membership_of)); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto done; + if (member) { + wbc_status = wbcAddNamedBlob(&logon.num_blobs, + &logon.blobs, + "membership_of", + 0, + (uint8_t *)membership_of, + sizeof(membership_of)); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto done; + } } wbc_status = wbcLogonUser(&logon, &info, &error, &policy); -- cgit From d38bffd4126062b92384f0930196059441a2d765 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 5 Nov 2008 13:40:03 -0800 Subject: s3: Add support for storing dos attributes as st_flags in the stat struct. Some filesystems have support for storing dos attributes directly in the inode's st_flags and accessing them through the stat struct. This patch: - Adds a configure check to see if the special flags are available. - Implements getting and setting dos attributes in the stat struct and inode, respectively. This will not change the existing functionality of any system that doesn't have the special flags available. --- source3/configure.in | 19 ++++++ source3/smbd/dosmode.c | 160 +++++++++++++++++++++++++++++++++++++++++++++---- 2 files changed, 166 insertions(+), 13 deletions(-) (limited to 'source3') diff --git a/source3/configure.in b/source3/configure.in index 5e3eac55e2..24341e0bec 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1433,6 +1433,25 @@ if test x"$samba_cv_stat_st_birthtime" = x"yes" ; then AC_DEFINE(HAVE_STAT_ST_BIRTHTIME, 1, [whether struct stat contains st_birthtime]) fi +AC_CACHE_CHECK([whether there is DOS flags support in the stat struct], samba_cv_stat_dos_flags, + [ + AC_TRY_COMPILE( + [#include ], + [ + int a = UF_DOS_ARCHIVE; + int h = UF_DOS_HIDDEN; + int r = UF_DOS_RO; + int s = UF_DOS_SYSTEM; + int i = UF_DOS_NOINDEX; + int f = UF_DOS_FLAGS; + ], + samba_cv_stat_dos_flags=yes, samba_cv_stat_dos_flags=no) + ]) + +if test x"$samba_cv_stat_dos_flags" = x"yes" ; then + AC_DEFINE(HAVE_STAT_DOS_FLAGS, 1, [whether there is DOS flags support in the stat struct]) +fi + ##################################### # needed for SRV lookups AC_CHECK_LIB(resolv, dn_expand) diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 784b36d9bd..954cd5a4d2 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -30,6 +30,17 @@ static int set_sparse_flag(const SMB_STRUCT_STAT * const sbuf) return 0; } +static int set_link_read_only_flag(const SMB_STRUCT_STAT *const sbuf) +{ +#ifdef S_ISLNK +#if LINKS_READ_ONLY + if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode)) + return aRONLY; +#endif +#endif + return 0; +} + /**************************************************************************** Change a dos mode to a unix mode. Base permission for files: @@ -159,13 +170,7 @@ static uint32 dos_mode_from_sbuf(connection_struct *conn, const char *path, SMB_ result = aDIR | (result & aRONLY); result |= set_sparse_flag(sbuf); - -#ifdef S_ISLNK -#if LINKS_READ_ONLY - if (S_ISLNK(sbuf->st_mode) && S_ISDIR(sbuf->st_mode)) - result |= aRONLY; -#endif -#endif + result |= set_link_read_only_flag(sbuf); DEBUG(8,("dos_mode_from_sbuf returning ")); @@ -343,6 +348,113 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT return(result); } +#ifdef HAVE_STAT_DOS_FLAGS +/**************************************************************************** + Convert dos attributes (FILE_ATTRIBUTE_*) to dos stat flags (UF_*) +****************************************************************************/ + +static int dos_attributes_to_stat_dos_flags(uint32_t dosmode) +{ + uint32_t dos_stat_flags = 0; + + if (dosmode & aARCH) + dos_stat_flags |= UF_DOS_ARCHIVE; + if (dosmode & aHIDDEN) + dos_stat_flags |= UF_DOS_HIDDEN; + if (dosmode & aRONLY) + dos_stat_flags |= UF_DOS_RO; + if (dosmode & aSYSTEM) + dos_stat_flags |= UF_DOS_SYSTEM; + if (dosmode & FILE_ATTRIBUTE_NONINDEXED) + dos_stat_flags |= UF_DOS_NOINDEX; + + return dos_stat_flags; +} + +/**************************************************************************** + Gets DOS attributes, accessed via st_flags in the stat struct. +****************************************************************************/ + +static bool get_stat_dos_flags(connection_struct *conn, + const char *fname, + const SMB_STRUCT_STAT *sbuf, + uint32_t *dosmode) +{ + SMB_ASSERT(sbuf && VALID_STAT(*sbuf)); + SMB_ASSERT(dosmode); + + if (!lp_store_dos_attributes(SNUM(conn))) { + return false; + } + + DEBUG(5, ("Getting stat dos attributes for %s.\n", fname)); + + if (sbuf->st_flags & UF_DOS_ARCHIVE) + *dosmode |= aARCH; + if (sbuf->st_flags & UF_DOS_HIDDEN) + *dosmode |= aHIDDEN; + if (sbuf->st_flags & UF_DOS_RO) + *dosmode |= aRONLY; + if (sbuf->st_flags & UF_DOS_SYSTEM) + *dosmode |= aSYSTEM; + if (sbuf->st_flags & UF_DOS_NOINDEX) + *dosmode |= FILE_ATTRIBUTE_NONINDEXED; + if (S_ISDIR(sbuf->st_mode)) + *dosmode |= aDIR; + + *dosmode |= set_sparse_flag(sbuf); + *dosmode |= set_link_read_only_flag(sbuf); + + return true; +} + +/**************************************************************************** + Sets DOS attributes, stored in st_flags of the inode. +****************************************************************************/ + +static bool set_stat_dos_flags(connection_struct *conn, + const char *fname, + SMB_STRUCT_STAT *sbuf, + uint32_t dosmode, + bool *attributes_changed) +{ + uint32_t new_flags = 0; + int error = 0; + + SMB_ASSERT(sbuf && VALID_STAT(*sbuf)); + SMB_ASSERT(attributes_changed); + + *attributes_changed = false; + + if (!lp_store_dos_attributes(SNUM(conn))) { + return false; + } + + DEBUG(5, ("Setting stat dos attributes for %s.\n", fname)); + + new_flags = (sbuf->st_flags & ~UF_DOS_FLAGS) | + dos_attributes_to_stat_dos_flags(dosmode); + + /* Return early if no flags changed. */ + if (new_flags == sbuf->st_flags) + return true; + + DEBUG(5, ("Setting stat dos attributes=0x%x, prev=0x%x\n", new_flags, + sbuf->st_flags)); + + /* Set new flags with chflags. */ + error = SMB_VFS_CHFLAGS(conn, fname, new_flags); + if (error) { + DEBUG(0, ("Failed setting new stat dos attributes (0x%x) on " + "file %s! errno=%d\n", new_flags, fname, errno)); + return false; + } + + *attributes_changed = true; + return true; +} +#endif /* HAVE_STAT_DOS_FLAGS */ + /**************************************************************************** Change a unix mode to a dos mode. ****************************************************************************/ @@ -350,7 +462,7 @@ uint32 dos_mode_msdfs(connection_struct *conn, const char *path,SMB_STRUCT_STAT uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) { uint32 result = 0; - bool offline; + bool offline, used_stat_dos_flags = false; DEBUG(8,("dos_mode: %s\n", path)); @@ -373,11 +485,16 @@ uint32 dos_mode(connection_struct *conn, const char *path,SMB_STRUCT_STAT *sbuf) } } - /* Get the DOS attributes from an EA by preference. */ - if (get_ea_dos_attribute(conn, path, sbuf, &result)) { - result |= set_sparse_flag(sbuf); - } else { - result |= dos_mode_from_sbuf(conn, path, sbuf); +#ifdef HAVE_STAT_DOS_FLAGS + used_stat_dos_flags = get_stat_dos_flags(conn, path, sbuf, &result); +#endif + if (!used_stat_dos_flags) { + /* Get the DOS attributes from an EA by preference. */ + if (get_ea_dos_attribute(conn, path, sbuf, &result)) { + result |= set_sparse_flag(sbuf); + } else { + result |= dos_mode_from_sbuf(conn, path, sbuf); + } } @@ -468,6 +585,23 @@ int file_set_dosmode(connection_struct *conn, const char *fname, return(0); } +#ifdef HAVE_STAT_DOS_FLAGS + { + bool attributes_changed; + + if (set_stat_dos_flags(conn, fname, st, dosmode, + &attributes_changed)) + { + if (!newfile && attributes_changed) { + notify_fname(conn, NOTIFY_ACTION_MODIFIED, + FILE_NOTIFY_CHANGE_ATTRIBUTES, fname); + } + st->st_mode = unixmode; + return 0; + } + } +#endif + /* Store the DOS attributes in an EA by preference. */ if (set_ea_dos_attribute(conn, fname, st, dosmode)) { if (!newfile) { -- cgit From d67e7f3e15d73201dce2b73ce74c5d5c1cbcf524 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Nov 2008 14:06:47 -0800 Subject: Fix memory leak in error path, spotted by Martin Zielinski . Jeremy. --- source3/winbindd/winbindd_passdb.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 5677c01be1..0cf4540cfe 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -267,6 +267,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, } if ( !pdb_getsampwsid( user, user_sid ) ) { + TALLOC_FREE( user ); return NT_STATUS_NO_SUCH_USER; } -- cgit From 6f0be6c5d580ea751b28a0166b4454a0ef333dc2 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 12 Nov 2008 19:27:17 -0800 Subject: Pretty print out SD's on get/set. Jeremy. --- source3/smbd/nttrans.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1a13d962f0..caace5197c 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -741,6 +741,11 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, security_acl_map_generic(psd->dacl, &file_generic_mapping); security_acl_map_generic(psd->sacl, &file_generic_mapping); + if (DEBUGLEVEL >= 10) { + DEBUG(10,("set_sd for file %s\n", fsp->fsp_name )); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd); TALLOC_FREE(psd); @@ -1601,6 +1606,11 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); + if (DEBUGLEVEL >= 10) { + DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name ) + NDR_PRINT_DEBUG(security_descriptor, psd); + } + SIVAL(params,0,(uint32)sd_size); if (max_data_count < sd_size) { -- cgit From 5e25f5f4f2b5b8dfd31206ebdc295c00870effe9 Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Wed, 12 Nov 2008 21:24:00 -0800 Subject: Fix build break --- source3/smbd/nttrans.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index caace5197c..52c16e2ac6 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1607,7 +1607,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); if (DEBUGLEVEL >= 10) { - DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name ) + DEBUG(10,("call_nt_transact_query_security_desc for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, psd); } -- cgit From a8722a190b65ddd4e6e958c6e8b28b268531d130 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Thu, 30 Oct 2008 17:53:52 +0800 Subject: i18n/l10n pam_winbind MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/Makefile.in | 29 ++++++++-- source3/configure.in | 3 +- source3/include/localedir.h | 6 ++ source3/locale/pam_winbind/genmsg | 25 ++++++++ source3/localedir.c | 3 + source3/m4/check_path.m4 | 19 +++++++ source3/nsswitch/pam_winbind.c | 117 ++++++++++++++++++++++---------------- source3/nsswitch/pam_winbind.h | 15 ++++- source3/script/installmo.sh | 83 +++++++++++++++++++++++++++ source3/script/uninstallmo.sh | 1 + 10 files changed, 244 insertions(+), 57 deletions(-) create mode 100644 source3/include/localedir.h create mode 100755 source3/locale/pam_winbind/genmsg create mode 100644 source3/localedir.c create mode 100644 source3/script/installmo.sh create mode 100644 source3/script/uninstallmo.sh (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 6e40ba404a..4a0590c8ed 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -140,6 +140,9 @@ PRIVATE_DIR = $(PRIVATEDIR) # This is where SWAT images and help files go SWATDIR = @swatdir@ +# This is where locale(mo) files go +LOCALEDIR= @localedir@ + # the directory where lock files go LOCKDIR = @lockdir@ @@ -173,7 +176,8 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" \ -DCONFIGDIR=\"$(CONFIGDIR)\" \ -DCODEPAGEDIR=\"$(CODEPAGEDIR)\" \ -DCACHEDIR=\"$(CACHEDIR)\" \ - -DSTATEDIR=\"$(STATEDIR)\" + -DSTATEDIR=\"$(STATEDIR)\" \ + -DLOCALEDIR=\"$(LOCALEDIR)\" # Note that all executable programs now provide for an optional executable suffix. @@ -803,7 +807,7 @@ RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(LIBADS_OBJ) $(POPT_LIB_OBJ) \ $(SMBLDAP_OBJ) $(DCUTIL_OBJ) $(LDB_OBJ) -PAM_WINBIND_OBJ = nsswitch/pam_winbind.o $(WBCOMMON_OBJ) \ +PAM_WINBIND_OBJ = nsswitch/pam_winbind.o localedir.o $(WBCOMMON_OBJ) \ $(LIBREPLACE_OBJ) @BUILD_INIPARSER@ LIBSMBCLIENT_OBJ0 = \ @@ -1312,6 +1316,13 @@ dynconfig.o: dynconfig.c Makefile echo "$(COMPILE_CC_PATH)" 1>&2;\ $(COMPILE_CC_PATH) >/dev/null 2>&1 +localedir.o: localedir.c Makefile + @echo Compiling $*.c + @$(COMPILE_CC_PATH) && exit 0;\ + echo "The following command failed:" 1>&2;\ + echo "$(COMPILE_CC_PATH)" 1>&2;\ + $(COMPILE_CC_PATH) >/dev/null 2>&1 + lib/pidfile.o: lib/pidfile.c @echo Compiling $*.c @$(COMPILE_CC_PATH) && exit 0;\ @@ -2558,7 +2569,7 @@ bin/test_lp_load@EXEEXT@: $(BINARY_PREREQS) $(TEST_LP_LOAD_OBJ) @BUILD_POPT@ @LI install:: installservers installbin @INSTALL_CIFSMOUNT@ @INSTALL_CIFSUPCALL@ installman \ installscripts installdat installmodules @SWAT_INSTALL_TARGETS@ \ - @INSTALL_PAM_MODULES@ installlibs + @INSTALL_PAM_MODULES@ installlibs installmo install-everything:: install installmodules @@ -2571,7 +2582,7 @@ install-everything:: install installmodules # is not used installdirs:: - @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR) + @$(SHELL) $(srcdir)/script/installdirs.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) $(PIDDIR) $(LOCKDIR) $(MANDIR) $(CODEPAGEDIR) $(MODULESDIR) $(LOCALEDIR) installservers:: all installdirs @$(SHELL) script/installbin.sh $(INSTALLPERMS_BIN) $(DESTDIR) $(prefix) $(SBINDIR) $(SBIN_PROGS) @@ -2637,6 +2648,9 @@ revert:: installman:: installdirs @$(SHELL) $(srcdir)/script/installman.sh $(DESTDIR)$(MANDIR) $(srcdir) C "@ROFF@" +installmo:: all installdirs + @$(SHELL) $(srcdir)/script/installmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir) + .PHONY: showlayout showlayout:: @@ -2656,7 +2670,10 @@ showlayout:: @echo " codepagedir: $(CODEPAGEDIR)" -uninstall:: uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@ +uninstall:: uninstallmo uninstallman uninstallservers uninstallbin @UNINSTALL_CIFSMOUNT@ @UNINSTALL_CIFSUPCALL@ uninstallscripts uninstalldat uninstallswat uninstallmodules uninstalllibs @UNINSTALL_PAM_MODULES@ + +uninstallmo:: + @$(SHELL) $(srcdir)/script/uninstallmo.sh $(DESTDIR) $(LOCALEDIR) $(srcdir) uninstallman:: @$(SHELL) $(srcdir)/script/uninstallman.sh $(DESTDIR)$(MANDIR) $(srcdir) C @@ -2701,7 +2718,7 @@ uninstallpammodules:: done # Toplevel clean files -TOPFILES=dynconfig.o +TOPFILES=dynconfig.o localedir.o cleanlibs:: -rm -f ../lib/*/*.o ../lib/*/*/*.o \ diff --git a/source3/configure.in b/source3/configure.in index 24341e0bec..1adb56ad91 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -654,7 +654,7 @@ AUTH_LIBS="${AUTH_LIBS} ${CRYPT_LIBS}" AC_CHECK_HEADERS(aio.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h rpc/nettype.h) AC_CHECK_HEADERS(unistd.h grp.h sys/id.h memory.h alloca.h) -AC_CHECK_HEADERS(limits.h float.h pthread.h) +AC_CHECK_HEADERS(limits.h float.h pthread.h libintl.h) AC_CHECK_HEADERS(rpc/rpc.h rpcsvc/nis.h rpcsvc/ypclnt.h) AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/prctl.h) AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h) @@ -1029,6 +1029,7 @@ AC_CHECK_FUNCS(memalign posix_memalign hstrerror) AC_CHECK_HEADERS(sys/mman.h) # setbuffer, shmget, shm_open are needed for smbtorture AC_CHECK_FUNCS(shmget shm_open) +AC_CHECK_FUNCS(gettext dgettext) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) diff --git a/source3/include/localedir.h b/source3/include/localedir.h new file mode 100644 index 0000000000..2a291d3ceb --- /dev/null +++ b/source3/include/localedir.h @@ -0,0 +1,6 @@ +#ifndef __LOCALEDIR_H__ +#define __LOCALEDIR_H__ + +extern const char *dyn_LOCALEDIR; + +#endif diff --git a/source3/locale/pam_winbind/genmsg b/source3/locale/pam_winbind/genmsg new file mode 100755 index 0000000000..5aa258aa85 --- /dev/null +++ b/source3/locale/pam_winbind/genmsg @@ -0,0 +1,25 @@ +#!/bin/sh + +FILES="../../nsswitch/pam_winbind.c ../../nsswitch/pam_winbind.h" +LANGS="af ar bg bn bs ca cs cy da de el en_GB en_US es et fi fr gl gu he hi hr hu id it ja ka km ko lo lt mk mr nb nl pa pl pt_BR pt ro ru si sk sl sr sv ta th tr uk vi wa xh zh_CN zh_TW zu" + +XGETTEXT=xgettext +MSGMERGE=msgmerge + +WIDTH=256 + +$XGETTEXT --default-domain="pam_winbind" \ + --add-comments \ + --keyword=_ --keyword=N_ \ + --width=${WIDTH} \ + ${FILES} + +for lang in ${LANGS}; do + echo -n $lang + touch ${lang}.po + mv ${lang}.po ${lang}.po.old + ${MSGMERGE} --width=${WIDTH} ${lang}.po.old pam_winbind.po -o ${lang}.po + rm -fr ${lang}.po.old +done + +rm -fr pam_winbind.po diff --git a/source3/localedir.c b/source3/localedir.c new file mode 100644 index 0000000000..20f69219ed --- /dev/null +++ b/source3/localedir.c @@ -0,0 +1,3 @@ +#include "localedir.h" + +const char *dyn_LOCALEDIR = LOCALEDIR; diff --git a/source3/m4/check_path.m4 b/source3/m4/check_path.m4 index 0cff397c93..da6c922233 100644 --- a/source3/m4/check_path.m4 +++ b/source3/m4/check_path.m4 @@ -30,6 +30,7 @@ swatdir="\${prefix}/swat" codepagedir="\${MODULESDIR}" statedir="\${LOCKDIR}" cachedir="\${LOCKDIR}" +localedir="\${prefix}/share/locale" AC_ARG_WITH(fhs, [AS_HELP_STRING([--with-fhs],[Use FHS-compliant paths (default=no)])], @@ -242,6 +243,23 @@ AC_ARG_WITH(mandir, ;; esac]) +################################################ +# set locale directory location +AC_ARG_WITH(localedir, +[ --with-localedir=DIR Where to put po files ($ac_default_prefix/share/locale)], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-localedir called without argument - will use default]) + ;; + *) + localedir="$withval" + ;; + esac]) + + AC_SUBST(configdir) AC_SUBST(lockdir) AC_SUBST(piddir) @@ -258,6 +276,7 @@ AC_SUBST(cachedir) AC_SUBST(rootsbindir) AC_SUBST(pammodulesdir) AC_SUBST(modulesdir) +AC_SUBST(localedir) ################################################# # set prefix for 'make test' diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 0c861e9f97..2c46a0c839 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -147,6 +147,21 @@ static const char *_pam_error_code_str(int err) #define MAX_PASSWD_TRIES 3 +#ifdef HAVE_GETTEXT +static char initialized = 0; + +static inline void textdomain_init(void); +static inline void textdomain_init(void) +{ + if (!initialized) { + bindtextdomain(MODULE_NAME, dyn_LOCALEDIR); + initialized = 1; + } + return; +} +#endif + + /* * Work around the pam API that has functions with void ** as parameters * These lead to strict aliasing warnings with gcc. @@ -515,6 +530,10 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, { struct pwb_context *r = NULL; +#ifdef HAVE_GETTEXT + textdomain_init(); +#endif + r = TALLOC_ZERO_P(NULL, struct pwb_context); if (!r) { return PAM_BUF_ERR; @@ -557,44 +576,44 @@ static const struct ntstatus_errors { const char *error_string; } ntstatus_errors[] = { {"NT_STATUS_OK", - "Success"}, + N_("Success")}, {"NT_STATUS_BACKUP_CONTROLLER", - "No primary Domain Controler available"}, + N_("No primary Domain Controler available")}, {"NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND", - "No domain controllers found"}, + N_("No domain controllers found")}, {"NT_STATUS_NO_LOGON_SERVERS", - "No logon servers"}, + N_("No logon servers")}, {"NT_STATUS_PWD_TOO_SHORT", - "Password too short"}, + N_("Password too short")}, {"NT_STATUS_PWD_TOO_RECENT", - "The password of this user is too recent to change"}, + N_("The password of this user is too recent to change")}, {"NT_STATUS_PWD_HISTORY_CONFLICT", - "Password is already in password history"}, + N_("Password is already in password history")}, {"NT_STATUS_PASSWORD_EXPIRED", - "Your password has expired"}, + N_("Your password has expired")}, {"NT_STATUS_PASSWORD_MUST_CHANGE", - "You need to change your password now"}, + N_("You need to change your password now")}, {"NT_STATUS_INVALID_WORKSTATION", - "You are not allowed to logon from this workstation"}, + N_("You are not allowed to logon from this workstation")}, {"NT_STATUS_INVALID_LOGON_HOURS", - "You are not allowed to logon at this time"}, + N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", "Your account has expired. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", "Your account is disabled. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", "Your account has been locked. " - "Please contact your System administrator"}, /* SCNR */ + N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT", - "Invalid Trust Account"}, + N_("Invalid Trust Account")}, {"NT_STATUS_ACCESS_DENIED", - "Access is denied"}, + N_("Access is denied")}, {NULL, NULL} }; @@ -604,7 +623,7 @@ static const char *_get_ntstatus_error_string(const char *nt_status_string) for (i=0; ntstatus_errors[i].ntstatus_string != NULL; i++) { if (!strcasecmp(ntstatus_errors[i].ntstatus_string, nt_status_string)) { - return ntstatus_errors[i].error_string; + return _(ntstatus_errors[i].error_string); } } return NULL; @@ -832,14 +851,14 @@ static bool _pam_send_password_expiry_message(struct pwb_context *ctx, if (days == 0) { _make_remark(ctx, PAM_TEXT_INFO, - "Your password expires today"); + _("Your password expires today")); return true; } if (days > 0 && days < warn_pwd_expire) { _make_remark_format(ctx, PAM_TEXT_INFO, - "Your password will expire in %d %s", - days, (days > 1) ? "days":"day"); + _("Your password will expire in %d %s"), + days, (days > 1) ? _("days"):_("day")); return true; } @@ -1231,9 +1250,9 @@ static void _pam_warn_logon_type(struct pwb_context *ctx, if (PAM_WB_GRACE_LOGON(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Grace login. " - "Please change your password as soon you're " - "online again"); + _("Grace login. " + "Please change your password as soon you're " + "online again")); _pam_log_debug(ctx, LOG_DEBUG, "User %s logged on using grace logon\n", username); @@ -1241,9 +1260,9 @@ static void _pam_warn_logon_type(struct pwb_context *ctx, } else if (PAM_WB_CACHED_LOGON(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Domain Controller unreachable, " - "using cached credentials instead. " - "Network resources may be unavailable"); + _("Domain Controller unreachable, " + "using cached credentials instead. " + "Network resources may be unavailable")); _pam_log_debug(ctx, LOG_DEBUG, "User %s logged on using cached credentials\n", username); @@ -1266,10 +1285,10 @@ static void _pam_warn_krb5_failure(struct pwb_context *ctx, { if (PAM_WB_KRB5_CLOCK_SKEW(info3_user_flgs)) { _make_remark(ctx, PAM_ERROR_MSG, - "Failed to establish your Kerberos Ticket cache " - "due time differences\n" - "with the domain controller. " - "Please verify the system time.\n"); + _("Failed to establish your Kerberos Ticket cache " + "due time differences\n" + "with the domain controller. " + "Please verify the system time.\n")); _pam_log_debug(ctx, LOG_DEBUG, "User %s: Clock skew when getting Krb5 TGT\n", username); @@ -1334,7 +1353,7 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, goto failed; } - str = talloc_asprintf(ctx, "Your password "); + str = talloc_asprintf(ctx, _("Your password ")); if (!str) { goto failed; } @@ -1350,8 +1369,8 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->password_history > 0) { str = talloc_asprintf_append(str, - "cannot repeat any of your previous %d " - "passwords; ", + _("cannot repeat any of your previous %d " + "passwords; "), i->password_history); if (!str) { goto failed; @@ -1360,19 +1379,19 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->password_properties & WBC_DOMAIN_PASSWORD_COMPLEX) { str = talloc_asprintf_append(str, - "must contain capitals, numerals " - "or punctuation; " - "and cannot contain your account " - "or full name; "); + _("must contain capitals, numerals " + "or punctuation; " + "and cannot contain your account " + "or full name; ")); if (!str) { goto failed; } } str = talloc_asprintf_append(str, - "Please type a different password. " - "Type a password which meets these requirements in " - "both text boxes."); + _("Please type a different password. " + "Type a password which meets these requirements in " + "both text boxes.")); if (!str) { goto failed; } @@ -1855,8 +1874,8 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, break; case WBC_PWD_CHANGE_REJECT_COMPLEXITY: _make_remark(ctx, PAM_ERROR_MSG, - "Password does not meet " - "complexity requirements"); + _("Password does not meet " + "complexity requirements")); break; default: _pam_log_debug(ctx, LOG_DEBUG, @@ -2489,7 +2508,7 @@ int pam_sm_authenticate(pam_handle_t *pamh, int flags, } retval = _winbind_read_password(ctx, ctx->ctrl, NULL, - "Password: ", NULL, + _("Password: "), NULL, &password); if (retval != PAM_SUCCESS) { @@ -2897,7 +2916,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* instruct user what is happening */ -#define greeting "Changing password for" +#define greeting _("Changing password for") Announce = talloc_asprintf(ctx, "%s %s", greeting, user); if (!Announce) { _pam_log(ctx, LOG_CRIT, @@ -2910,7 +2929,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, lctrl = ctx->ctrl | WINBIND__OLD_PASSWORD; ret = _winbind_read_password(ctx, lctrl, Announce, - "(current) NT password: ", + _("(current) NT password: "), NULL, (const char **) &pass_old); TALLOC_FREE(Announce); @@ -2980,8 +2999,8 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, ret = _winbind_read_password(ctx, lctrl, NULL, - "Enter new NT password: ", - "Retype new NT password: ", + _("Enter new NT password: "), + _("Retype new NT password: "), (const char **)&pass_new); if (ret != PAM_SUCCESS) { diff --git a/source3/nsswitch/pam_winbind.h b/source3/nsswitch/pam_winbind.h index cb6f450ccb..0656f5972e 100644 --- a/source3/nsswitch/pam_winbind.h +++ b/source3/nsswitch/pam_winbind.h @@ -9,6 +9,7 @@ #include "system/time.h" #include #include "libwbclient/wbclient.h" +#include "localedir.h" #define MODULE_NAME "pam_winbind" #define PAM_SM_AUTH @@ -22,6 +23,10 @@ #include +#ifdef HAVE_LIBINTL_H +#include +#endif + #ifndef LINUX /* Solaris always uses dynamic pam modules */ @@ -101,12 +106,20 @@ do { \ #define WINBIND_WARN_PWD_EXPIRE 0x00002000 #define WINBIND_MKHOMEDIR 0x00004000 +#if defined(HAVE_GETTEXT) && !defined(__LCLINT__) +#define _(string) dgettext(MODULE_NAME, string) +#else +#define _(string) string +#endif + +#define N_(string) string + /* * here is the string to inform the user that the new passwords they * typed were not the same. */ -#define MISTYPED_PASS "Sorry, passwords do not match" +#define MISTYPED_PASS _("Sorry, passwords do not match") #define on(x, y) (x & y) #define off(x, y) (!(x & y)) diff --git a/source3/script/installmo.sh b/source3/script/installmo.sh new file mode 100644 index 0000000000..a1f9c58e27 --- /dev/null +++ b/source3/script/installmo.sh @@ -0,0 +1,83 @@ +#!/bin/sh + +DESTDIR=$1 +LOCALEDIR=`echo $2 | sed 's/\/\//\//g'` +SRCDIR=$3/ +MSGFMT=msgfmt + +case $0 in + *uninstall*) + if test ! -d "$DESTDIR/$LOCALEDIR"; then + echo "Directory $DESTDIR/$LOCALEDIR doesn't exist!" + echo "Do a \"make installmo\" or \"make install\" first." + exit 1 + fi + mode='uninstall' + ;; + *) + mode='install' + ;; +esac + +for dir in $SRCDIR/locale/*; do + MODULE=`basename $dir` + for f in $SRCDIR/locale/$MODULE/*.po; do + BASE=`basename $f` + LANGUAGE=`echo $BASE | sed 's/\.po//g'` + FNAME="$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/$MODULE.mo" + if test ! -d "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/"; then + mkdir -p "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/" + fi + if test "$mode" = 'install'; then + echo "Installing $f as $FNAME" + touch "$FNAME" + $MSGFMT "$f" -f -o "$FNAME" + if test ! -f "$FNAME"; then + echo "Cannot install $FNAME. Does $USER have privileges?" + exit 1 + fi + chmod 0644 "$FNAME" + elif test "$mode" = 'uninstall'; then + echo "removing $FNAME" + rm -f "$FNAME" + if test -f "$FNAME"; then + echo "Cannot remove $FNAME. Does $USER have privileges?" + exit 1 + fi + else + echo "Unknown mode $mode. script called as $0." + exit 1 + fi + done + if test "$mode" = 'install'; then + cat << EOF +============================================================== +MO files for $MODULE are installed. +============================================================== +EOF + else + cat << EOF +============================================================== +MO files for $MODULE are removed. +============================================================== +EOF + fi +done + +if test "$mode" = 'install'; then + cat << EOF +============================================================== +All MO files for Samba are installed. You can use "make uninstall" +or "make uninstallmo" to remove them. +============================================================== +EOF +else + cat << EOF +============================================================== +All MO files for Samba are removed. you can use "make install" +or "make installmo" to install them. +============================================================== +EOF +fi + +exit 0 diff --git a/source3/script/uninstallmo.sh b/source3/script/uninstallmo.sh new file mode 100644 index 0000000000..5b4475f5c2 --- /dev/null +++ b/source3/script/uninstallmo.sh @@ -0,0 +1 @@ +installmo.sh -- cgit From 540b2df874ff053bccd6ef6165476d5225f2ae16 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 14:44:14 +0100 Subject: pam_winbind: translate some more string. boyang, please check. Guenther --- source3/nsswitch/pam_winbind.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 2c46a0c839..5ba4850a4b 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -598,13 +598,13 @@ static const struct ntstatus_errors { {"NT_STATUS_INVALID_LOGON_HOURS", N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", - "Your account has expired. " + N_("Your account has expired. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", - "Your account is disabled. " + N_("Your account is disabled. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", - "Your account has been locked. " + N_("Your account has been locked. ") N_("Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", N_("Invalid Trust Account")}, @@ -1360,7 +1360,7 @@ static char *_pam_compose_pwd_restriction_string(struct pwb_context *ctx, if (i->min_length_password > 0) { str = talloc_asprintf_append(str, - "must be at least %d characters; ", + _("must be at least %d characters; "), i->min_length_password); if (!str) { goto failed; @@ -1416,7 +1416,7 @@ static int _pam_create_homedir(struct pwb_context *ctx, if (mkdir(dirname, mode) != 0) { _make_remark_format(ctx, PAM_TEXT_INFO, - "Creating directory: %s failed: %s", + _("Creating directory: %s failed: %s"), dirname, strerror(errno)); _pam_log(ctx, LOG_ERR, "could not create dir: %s (%s)", dirname, strerror(errno)); @@ -2333,7 +2333,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, const char *ccname = NULL; struct passwd *pwd = NULL; - retval = pam_get_user(pamh, &user, "Username: "); + retval = pam_get_user(pamh, &user, _("Username: ")); if (retval) { _pam_log(ctx, LOG_ERR, "could not identify user"); @@ -2878,7 +2878,7 @@ int pam_sm_chauthtok(pam_handle_t * pamh, int flags, /* * First get the name of a user */ - ret = pam_get_user(pamh, &user, "Username: "); + ret = pam_get_user(pamh, &user, _("Username: ")); if (ret) { _pam_log(ctx, LOG_ERR, "password - could not identify user"); -- cgit From 85dec6917184a024f9b76ea6f6654227e6457af3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 16:45:42 +0100 Subject: pam_winbind: do not add empty blob. Guenther --- source3/nsswitch/pam_winbind.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 5ba4850a4b..c164f8e72a 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2369,14 +2369,16 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, logoff.username = user; - wbc_status = wbcAddNamedBlob(&logoff.num_blobs, - &logoff.blobs, - "ccfilename", - 0, - (uint8_t *)ccname, - strlen(ccname)+1); - if (!WBC_ERROR_IS_OK(wbc_status)) { - goto out; + if (ccname) { + wbc_status = wbcAddNamedBlob(&logoff.num_blobs, + &logoff.blobs, + "ccfilename", + 0, + (uint8_t *)ccname, + strlen(ccname)+1); + if (!WBC_ERROR_IS_OK(wbc_status)) { + goto out; + } } wbc_status = wbcAddNamedBlob(&logoff.num_blobs, -- cgit From 6a61580617b0bd2cf46d4857dd0e87b3e48288f6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 17:19:11 +0100 Subject: s3-winbindd: workaround for samr_ChangePasswordUser3 to User2 fallback for w2k dcs. Guenther --- source3/winbindd/winbindd_pam.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 7de28b08a9..597d48aad0 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -2117,9 +2117,15 @@ enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact got_info = true; } + /* atm the pidl generated rpccli_samr_ChangePasswordUser3 function will + * return with NT_STATUS_BUFFER_TOO_SMALL for w2k dcs as w2k just + * returns with 4byte error code (NT_STATUS_NOT_SUPPORTED) which is too + * short to comply with the samr_ChangePasswordUser3 idl - gd */ + /* only fallback when the chgpasswd_user3 call is not supported */ if ((NT_STATUS_EQUAL(result, NT_STATUS(DCERPC_FAULT_OP_RNG_ERROR))) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) || + (NT_STATUS_EQUAL(result, NT_STATUS_BUFFER_TOO_SMALL)) || (NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED))) { DEBUG(10,("Password change with chgpasswd_user3 failed with: %s, retrying chgpasswd_user2\n", -- cgit From 9f1ee827d5a9dff85cb160b1ad4c16583f55b327 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 16:44:28 +0100 Subject: pam_winbind: add german de.po file. germans, please have a look if this can actually be understood by germans. Guenther --- source3/locale/pam_winbind/de.po | 186 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) create mode 100644 source3/locale/pam_winbind/de.po (limited to 'source3') diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po new file mode 100644 index 0000000000..1d6a902b15 --- /dev/null +++ b/source3/locale/pam_winbind/de.po @@ -0,0 +1,186 @@ +# pam_winbind message translations (german) +# Copyright (C) 2008 Guenther Deschner +# This file is distributed under the same license as the pam_winbind package. +# +#, fuzzy +msgid "" +msgstr "" +"Project-Id-Version: @PACKAGE@\n" +"Report-Msgid-Bugs-To: \n" +"POT-Creation-Date: 2008-11-13 17:21+0100\n" +"PO-Revision-Date: 2008-11-13 14:29+0100\n" +"Last-Translator: Guenther Deschner \n" +"MIME-Version: 1.0\n" +"Content-Type: text/plain; charset=UTF-8\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +#: ../../nsswitch/pam_winbind.c:579 +msgid "Success" +msgstr "Erfolgreich" + +#: ../../nsswitch/pam_winbind.c:581 +msgid "No primary Domain Controler available" +msgstr "Kein primärer Domänen-Controller verfügbar" + +#: ../../nsswitch/pam_winbind.c:583 +msgid "No domain controllers found" +msgstr "Keine Domänen-Controller gefunden" + +#: ../../nsswitch/pam_winbind.c:585 +msgid "No logon servers" +msgstr "Keine Anmeldeserver verfügbar" + +#: ../../nsswitch/pam_winbind.c:587 +msgid "Password too short" +msgstr "Passwort ist zu kurz" + +#: ../../nsswitch/pam_winbind.c:589 +msgid "The password of this user is too recent to change" +msgstr "Das Passwort des Benutzers kann noch nicht erneut geändert werden" + +#: ../../nsswitch/pam_winbind.c:591 +msgid "Password is already in password history" +msgstr "Das neue Passwort ist bereits in der Passwort-Historie enthalten" + +#: ../../nsswitch/pam_winbind.c:593 +msgid "Your password has expired" +msgstr "Ihr Passwort ist abgelaufen" + +#: ../../nsswitch/pam_winbind.c:595 +msgid "You need to change your password now" +msgstr "Sie müßen Ihr Passwort unmittelbar ändern" + +#: ../../nsswitch/pam_winbind.c:597 +msgid "You are not allowed to logon from this workstation" +msgstr "Sie können sich nicht von diesem Arbeitsplatz aus anmelden" + +#: ../../nsswitch/pam_winbind.c:599 +msgid "You are not allowed to logon at this time" +msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" + +#: ../../nsswitch/pam_winbind.c:601 +#, fuzzy +msgid "Your account has expired. " +msgstr "Ihr Passwort ist abgelaufen" + +#: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 +msgid "Please contact your System administrator" +msgstr "Bitte kontaktieren Sie ihren System-Administrator" + +#: ../../nsswitch/pam_winbind.c:604 +msgid "Your account is disabled. " +msgstr "Ihr Account ist deaktiviert. " + +#: ../../nsswitch/pam_winbind.c:607 +msgid "Your account has been locked. " +msgstr "Ihr Account wurde gesperrt. " + +#: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 +msgid "Invalid Trust Account" +msgstr "Ungültiger Maschinen-Account" + +#: ../../nsswitch/pam_winbind.c:616 +msgid "Access is denied" +msgstr "Zugriff verweigert" + +#: ../../nsswitch/pam_winbind.c:854 +msgid "Your password expires today" +msgstr "Ihr Passwort läuft heute ab" + +#: ../../nsswitch/pam_winbind.c:860 +#, c-format +msgid "Your password will expire in %d %s" +msgstr "Ihr Passwort wird in %d %s ungültig" + +#: ../../nsswitch/pam_winbind.c:861 +msgid "days" +msgstr "Tagen" + +#: ../../nsswitch/pam_winbind.c:861 +msgid "day" +msgstr "Tag" + +#: ../../nsswitch/pam_winbind.c:1253 +msgid "Grace login. Please change your password as soon you're online again" +msgstr "" + +#: ../../nsswitch/pam_winbind.c:1263 +msgid "Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable" +msgstr "Domänen-Controller unerreichbar. Anmeldung erfolgte mit gespeicherten Anmeldedaten. Netzwerk Ressourcen können momentan nicht verfügbar sein" + +#: ../../nsswitch/pam_winbind.c:1288 +msgid "" +"Failed to establish your Kerberos Ticket cache due time differences\n" +"with the domain controller. Please verify the system time.\n" +msgstr "" +"Anforderung eines Kerberos Tickets aufgrund Zeitunterscheid zum \n" +"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die System Zeit.\n" + +#: ../../nsswitch/pam_winbind.c:1356 +msgid "Your password " +msgstr "Ihr Passwort " + +#: ../../nsswitch/pam_winbind.c:1363 +#, c-format +msgid "must be at least %d characters; " +msgstr "muß mindestens %d Zeichen lang sein; " + +#: ../../nsswitch/pam_winbind.c:1372 +#, c-format +msgid "cannot repeat any of your previous %d passwords; " +msgstr "kann keines der %d vorherigen Passwörter enthalten; " + +#: ../../nsswitch/pam_winbind.c:1382 +msgid "must contain capitals, numerals or punctuation; and cannot contain your account or full name; " +msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Anmelde- oder Vollnamen enthalten; " + +#: ../../nsswitch/pam_winbind.c:1392 +msgid "Please type a different password. Type a password which meets these requirements in both text boxes." +msgstr "Bitte wählen Sie ein anderes Passwort. Geben Sie ein geeignetes Passwort in beide Textfelder ein." + +#: ../../nsswitch/pam_winbind.c:1419 +#, c-format +msgid "Creating directory: %s failed: %s" +msgstr "Anlegen des Verzeichnis: %s fehlgeschlagen: %s" + +#: ../../nsswitch/pam_winbind.c:1877 +msgid "Password does not meet complexity requirements" +msgstr "Passwort genügt nicht den Komplexitätsanforderungen" + +#. +#. * First get the name of a user +#. +#: ../../nsswitch/pam_winbind.c:2336 ../../nsswitch/pam_winbind.c:2883 +msgid "Username: " +msgstr "Benuzername: " + +#: ../../nsswitch/pam_winbind.c:2513 +msgid "Password: " +msgstr "Passwort: " + +#. instruct user what is happening +#: ../../nsswitch/pam_winbind.c:2921 +#, fuzzy +msgid "Changing password for" +msgstr "Ändere Passwort für" + +#: ../../nsswitch/pam_winbind.c:2934 +msgid "(current) NT password: " +msgstr "(aktuelles) NT Passwort: " + +#: ../../nsswitch/pam_winbind.c:3004 +msgid "Enter new NT password: " +msgstr "Neues NT Passwort eingeben: " + +#: ../../nsswitch/pam_winbind.c:3005 +msgid "Retype new NT password: " +msgstr "Neues NT Passwort wiederholen: " + +#. +#. * here is the string to inform the user that the new passwords they +#. * typed were not the same. +#. +#: ../../nsswitch/pam_winbind.h:122 +msgid "Sorry, passwords do not match" +msgstr "Passwörter stimmen leider nicht überein" -- cgit From b0107f74a24ca9387f28968bbd21f3da3316e59f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Nov 2008 17:46:36 +0100 Subject: fix typo --- source3/locale/pam_winbind/de.po | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 1d6a902b15..642d9d3e12 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -49,7 +49,7 @@ msgstr "Ihr Passwort ist abgelaufen" #: ../../nsswitch/pam_winbind.c:595 msgid "You need to change your password now" -msgstr "Sie müßen Ihr Passwort unmittelbar ändern" +msgstr "Sie müssen Ihr Passwort unmittelbar ändern" #: ../../nsswitch/pam_winbind.c:597 msgid "You are not allowed to logon from this workstation" -- cgit From e76e77c32d8fe999604939d43589b8f441daed43 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 13 Nov 2008 19:42:13 +0100 Subject: s3-svctl-server: fix remote rpc service management (bug #5888). Don't TALLOC_FREE a non-talloced [ref] pointer. Guenther --- source3/rpc_server/srv_svcctl_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index cb6657400f..4beab6488b 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -690,7 +690,7 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, *r->out.bytes_needed = (buffer_size > r->in.buf_size) ? buffer_size : r->in.buf_size; if (buffer_size > r->in.buf_size ) { - TALLOC_FREE(r->out.query); + ZERO_STRUCTP(r->out.query); return WERR_INSUFFICIENT_BUFFER; } -- cgit From 4c7033df5da52bded995f3e4cccd0b78bf55a74f Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 13 Nov 2008 17:18:41 -0800 Subject: Move v2 from timestamp to 16-byte hash. Got the change in before on disk format is fixed. Jeremy. --- source3/librpc/gen_ndr/ndr_xattr.c | 48 +++++++++++++++++++------------------- source3/librpc/gen_ndr/ndr_xattr.h | 6 ++--- source3/librpc/gen_ndr/xattr.h | 6 ++--- source3/modules/vfs_acl_tdb.c | 30 ++++++++---------------- source3/modules/vfs_acl_xattr.c | 30 ++++++++---------------- 5 files changed, 50 insertions(+), 70 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/ndr_xattr.c b/source3/librpc/gen_ndr/ndr_xattr.c index 0e9dda9f47..75781d763d 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.c +++ b/source3/librpc/gen_ndr/ndr_xattr.c @@ -546,12 +546,12 @@ _PUBLIC_ void ndr_print_xattr_DosStreams(struct ndr_print *ndr, const char *name ndr->depth--; } -_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r) +_PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r) { if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 4)); NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd)); - NDR_CHECK(ndr_push_NTTIME(ndr, NDR_SCALARS, r->last_changed)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); } if (ndr_flags & NDR_BUFFERS) { if (r->sd) { @@ -561,7 +561,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_pus return NDR_ERR_SUCCESS; } -_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r) +_PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r) { uint32_t _ptr_sd; TALLOC_CTX *_mem_save_sd_0; @@ -573,7 +573,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul } else { r->sd = NULL; } - NDR_CHECK(ndr_pull_NTTIME(ndr, NDR_SCALARS, &r->last_changed)); + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->hash, 16)); } if (ndr_flags & NDR_BUFFERS) { if (r->sd) { @@ -586,9 +586,9 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pul return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r) +_PUBLIC_ void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r) { - ndr_print_struct(ndr, name, "security_descriptor_timestamp"); + ndr_print_struct(ndr, name, "security_descriptor_hash"); ndr->depth++; ndr_print_ptr(ndr, "sd", r->sd); ndr->depth++; @@ -596,7 +596,7 @@ _PUBLIC_ void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, con ndr_print_security_descriptor(ndr, "sd", r->sd); } ndr->depth--; - ndr_print_NTTIME(ndr, "last_changed", r->last_changed); + ndr_print_array_uint8(ndr, "hash", r->hash, 16); ndr->depth--; } @@ -611,7 +611,7 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr break; } case 2: { - NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_ts)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->sd_hs)); break; } default: @@ -628,8 +628,8 @@ static enum ndr_err_code ndr_push_xattr_NTACL_Info(struct ndr_push *ndr, int ndr break; case 2: - if (r->sd_ts) { - NDR_CHECK(ndr_push_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); + if (r->sd_hs) { + NDR_CHECK(ndr_push_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs)); } break; @@ -645,7 +645,7 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr int level; uint16_t _level; TALLOC_CTX *_mem_save_sd_0; - TALLOC_CTX *_mem_save_sd_ts_0; + TALLOC_CTX *_mem_save_sd_hs_0; level = ndr_pull_get_switch_value(ndr, r); if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &_level)); @@ -664,12 +664,12 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr break; } case 2: { - uint32_t _ptr_sd_ts; - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_ts)); - if (_ptr_sd_ts) { - NDR_PULL_ALLOC(ndr, r->sd_ts); + uint32_t _ptr_sd_hs; + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_sd_hs)); + if (_ptr_sd_hs) { + NDR_PULL_ALLOC(ndr, r->sd_hs); } else { - r->sd_ts = NULL; + r->sd_hs = NULL; } break; } @@ -689,11 +689,11 @@ static enum ndr_err_code ndr_pull_xattr_NTACL_Info(struct ndr_pull *ndr, int ndr break; case 2: - if (r->sd_ts) { - _mem_save_sd_ts_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->sd_ts, 0); - NDR_CHECK(ndr_pull_security_descriptor_timestamp(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_ts)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_ts_0, 0); + if (r->sd_hs) { + _mem_save_sd_hs_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->sd_hs, 0); + NDR_CHECK(ndr_pull_security_descriptor_hash(ndr, NDR_SCALARS|NDR_BUFFERS, r->sd_hs)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_sd_hs_0, 0); } break; @@ -720,10 +720,10 @@ _PUBLIC_ void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name break; case 2: - ndr_print_ptr(ndr, "sd_ts", r->sd_ts); + ndr_print_ptr(ndr, "sd_hs", r->sd_hs); ndr->depth++; - if (r->sd_ts) { - ndr_print_security_descriptor_timestamp(ndr, "sd_ts", r->sd_ts); + if (r->sd_hs) { + ndr_print_security_descriptor_hash(ndr, "sd_hs", r->sd_hs); } ndr->depth--; break; diff --git a/source3/librpc/gen_ndr/ndr_xattr.h b/source3/librpc/gen_ndr/ndr_xattr.h index 38701b1aca..c565e8513a 100644 --- a/source3/librpc/gen_ndr/ndr_xattr.h +++ b/source3/librpc/gen_ndr/ndr_xattr.h @@ -24,9 +24,9 @@ void ndr_print_xattr_DosStream(struct ndr_print *ndr, const char *name, const st enum ndr_err_code ndr_push_xattr_DosStreams(struct ndr_push *ndr, int ndr_flags, const struct xattr_DosStreams *r); enum ndr_err_code ndr_pull_xattr_DosStreams(struct ndr_pull *ndr, int ndr_flags, struct xattr_DosStreams *r); void ndr_print_xattr_DosStreams(struct ndr_print *ndr, const char *name, const struct xattr_DosStreams *r); -enum ndr_err_code ndr_push_security_descriptor_timestamp(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_timestamp *r); -enum ndr_err_code ndr_pull_security_descriptor_timestamp(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_timestamp *r); -void ndr_print_security_descriptor_timestamp(struct ndr_print *ndr, const char *name, const struct security_descriptor_timestamp *r); +enum ndr_err_code ndr_push_security_descriptor_hash(struct ndr_push *ndr, int ndr_flags, const struct security_descriptor_hash *r); +enum ndr_err_code ndr_pull_security_descriptor_hash(struct ndr_pull *ndr, int ndr_flags, struct security_descriptor_hash *r); +void ndr_print_security_descriptor_hash(struct ndr_print *ndr, const char *name, const struct security_descriptor_hash *r); void ndr_print_xattr_NTACL_Info(struct ndr_print *ndr, const char *name, const union xattr_NTACL_Info *r); enum ndr_err_code ndr_push_xattr_NTACL(struct ndr_push *ndr, int ndr_flags, const struct xattr_NTACL *r); enum ndr_err_code ndr_pull_xattr_NTACL(struct ndr_pull *ndr, int ndr_flags, struct xattr_NTACL *r); diff --git a/source3/librpc/gen_ndr/xattr.h b/source3/librpc/gen_ndr/xattr.h index 1d8da3f5e2..1148a0acec 100644 --- a/source3/librpc/gen_ndr/xattr.h +++ b/source3/librpc/gen_ndr/xattr.h @@ -73,14 +73,14 @@ struct xattr_DosStreams { struct xattr_DosStream *streams;/* [unique,size_is(num_streams)] */ }/* [public] */; -struct security_descriptor_timestamp { +struct security_descriptor_hash { struct security_descriptor *sd;/* [unique] */ - NTTIME last_changed; + uint8_t hash[16]; }/* [public] */; union xattr_NTACL_Info { struct security_descriptor *sd;/* [unique,case] */ - struct security_descriptor_timestamp *sd_ts;/* [unique,case(2)] */ + struct security_descriptor_hash *sd_hs;/* [unique,case(2)] */ }/* [switch_type(uint16)] */; struct xattr_NTACL { diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 202c1a8469..1924812cf7 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -125,15 +125,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->owner_sid : NULL, + ? xacl.info.sd_hs->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->group_sid : NULL, + ? xacl.info.sd_hs->sd->group_sid : NULL, (security_info & SACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->sacl : NULL, + ? xacl.info.sd_hs->sd->sacl : NULL, (security_info & DACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->dacl : NULL, + ? xacl.info.sd_hs->sd->dacl : NULL, &sd_size); TALLOC_FREE(xacl.info.sd); @@ -199,27 +199,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; - struct security_descriptor_timestamp sd_ts; + struct security_descriptor_hash sd_hs; enum ndr_err_code ndr_err; TALLOC_CTX *ctx = talloc_tos(); - struct timespec curr = timespec_current(); ZERO_STRUCT(xacl); - ZERO_STRUCT(sd_ts); - - /* Horrid hack as setting an xattr changes the ctime - * on Linux. This gives a race of 1 second during - * which we would not see a POSIX ACL set. - */ - curr.tv_sec += 1; + ZERO_STRUCT(sd_hs); xacl.version = 2; - xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); - unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); - - DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", - timestring(ctx, curr.tv_sec) )); + xacl.info.sd_hs = &sd_hs; + xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd); + memset(&xacl.info.sd_hs->hash[0], '\0', 16); ndr_err = ndr_push_struct_blob( pblob, ctx, NULL, &xacl, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 2b4e68bdea..bc3edd7d04 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -53,15 +53,15 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, return NT_STATUS_REVISION_MISMATCH; } - *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_ts->sd->type | SEC_DESC_SELF_RELATIVE, + *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, xacl.info.sd_hs->sd->type | SEC_DESC_SELF_RELATIVE, (security_info & OWNER_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->owner_sid : NULL, + ? xacl.info.sd_hs->sd->owner_sid : NULL, (security_info & GROUP_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->group_sid : NULL, + ? xacl.info.sd_hs->sd->group_sid : NULL, (security_info & SACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->sacl : NULL, + ? xacl.info.sd_hs->sd->sacl : NULL, (security_info & DACL_SECURITY_INFORMATION) - ? xacl.info.sd_ts->sd->dacl : NULL, + ? xacl.info.sd_hs->sd->dacl : NULL, &sd_size); TALLOC_FREE(xacl.info.sd); @@ -134,27 +134,17 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, static NTSTATUS create_acl_blob(const struct security_descriptor *psd, DATA_BLOB *pblob) { struct xattr_NTACL xacl; - struct security_descriptor_timestamp sd_ts; + struct security_descriptor_hash sd_hs; enum ndr_err_code ndr_err; TALLOC_CTX *ctx = talloc_tos(); - struct timespec curr = timespec_current(); ZERO_STRUCT(xacl); - ZERO_STRUCT(sd_ts); - - /* Horrid hack as setting an xattr changes the ctime - * on Linux. This gives a race of 1 second during - * which we would not see a POSIX ACL set. - */ - curr.tv_sec += 1; + ZERO_STRUCT(sd_hs); xacl.version = 2; - xacl.info.sd_ts = &sd_ts; - xacl.info.sd_ts->sd = CONST_DISCARD(struct security_descriptor *, psd); - unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); - - DEBUG(10, ("create_acl_blob: timestamp stored as %s\n", - timestring(ctx, curr.tv_sec) )); + xacl.info.sd_hs = &sd_hs; + xacl.info.sd_hs->sd = CONST_DISCARD(struct security_descriptor *, psd); + memset(&xacl.info.sd_hs->hash[0], '\0', 16); ndr_err = ndr_push_struct_blob( pblob, ctx, NULL, &xacl, -- cgit From 1b41f670fc40ac583f546440c2a683e94eb05caf Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 12:49:18 +0100 Subject: sys_pwnam doesn't return talloced memory, so don't mix up the returned struct. (cherry picked from commit eb99923991960e53bd150ac8f1d818cb746101b4) --- source3/lib/util_pw.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index e0dbc97f00..e138273e8b 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -59,10 +59,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) cached = tcopy_passwd(talloc_autofree_context(), temp); if (cached == NULL) { - /* - * Just don't add this into the cache, ignore the failure - */ - return temp; + return NULL; } memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name), -- cgit From 5a210cc552f92459dc05c44a435acbcbbe6db9e7 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 13:13:40 +0100 Subject: Rename some variables in getpwnam_alloc() for clarity --- source3/lib/util_pw.c | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index e138273e8b..c9b26f0a4f 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -44,27 +44,28 @@ void flush_pwnam_cache(void) struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) { - struct passwd *temp, *cached; + struct passwd *pw, *for_cache; - temp = (struct passwd *)memcache_lookup_talloc( + pw = (struct passwd *)memcache_lookup_talloc( NULL, GETPWNAM_CACHE, data_blob_string_const_null(name)); - if (temp != NULL) { - return tcopy_passwd(mem_ctx, temp); + if (pw != NULL) { + return tcopy_passwd(mem_ctx, pw); } - temp = sys_getpwnam(name); - if (temp == NULL) { + pw = sys_getpwnam(name); + if (pw == NULL) { return NULL; } - cached = tcopy_passwd(talloc_autofree_context(), temp); - if (cached == NULL) { + for_cache = tcopy_passwd(talloc_autofree_context(), pw); + if (for_cache == NULL) { return NULL; } - memcache_add_talloc(NULL, GETPWNAM_CACHE, data_blob_string_const_null(name), - cached); - return tcopy_passwd(mem_ctx, temp); + memcache_add_talloc(NULL, GETPWNAM_CACHE, + data_blob_string_const_null(name), for_cache); + + return tcopy_passwd(mem_ctx, pw); } struct passwd *getpwuid_alloc(TALLOC_CTX *mem_ctx, uid_t uid) -- cgit From f50ad767505cc8847f5f574767b664b57326e468 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 13 Nov 2008 23:50:19 +0100 Subject: Actually finish memcache_add_talloc This fixes a memleak found by Martin Zielinski . Thanks for looking closely! Volker (cherry picked from commit a31a84a078100819809e6d40dbc3df207a50a0b2) --- source3/lib/memcache.c | 37 ++++++++++++++++++++++++++++++++++++- source3/torture/torture.c | 33 ++++++++++++++++++++++++++++++++- 2 files changed, 68 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index d586f707fa..1951b4abf9 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -40,6 +40,24 @@ struct memcache { static void memcache_element_parse(struct memcache_element *e, DATA_BLOB *key, DATA_BLOB *value); +static bool memcache_is_talloc(enum memcache_number n) +{ + bool result; + + switch (n) { + case GETPWNAM_CACHE: + case PDB_GETPWSID_CACHE: + case SINGLETON_CACHE_TALLOC: + result = true; + break; + default: + result = false; + break; + } + + return result; +} + static int memcache_destructor(struct memcache *cache) { struct memcache_element *e, *next; @@ -188,6 +206,16 @@ static void memcache_delete_element(struct memcache *cache, } DLIST_REMOVE(cache->mru, e); + if (memcache_is_talloc(e->n)) { + DATA_BLOB cache_key, cache_value; + void *ptr; + + memcache_element_parse(e, &cache_key, &cache_value); + SMB_ASSERT(cache_value.length == sizeof(ptr)); + memcpy(&ptr, cache_value.data, sizeof(ptr)); + TALLOC_FREE(ptr); + } + cache->size -= memcache_element_size(e->keylength, e->valuelength); SAFE_FREE(e); @@ -250,6 +278,12 @@ void memcache_add(struct memcache *cache, enum memcache_number n, memcache_element_parse(e, &cache_key, &cache_value); if (value.length <= cache_value.length) { + if (memcache_is_talloc(e->n)) { + void *ptr; + SMB_ASSERT(cache_value.length == sizeof(ptr)); + memcpy(&ptr, cache_value.data, sizeof(ptr)); + TALLOC_FREE(ptr); + } /* * We can reuse the existing record */ @@ -308,7 +342,8 @@ void memcache_add(struct memcache *cache, enum memcache_number n, void memcache_add_talloc(struct memcache *cache, enum memcache_number n, DATA_BLOB key, void *ptr) { - memcache_add(cache, n, key, data_blob_const(&ptr, sizeof(ptr))); + void *p = talloc_move(cache, &ptr); + memcache_add(cache, n, key, data_blob_const(&p, sizeof(p))); } void memcache_flush(struct memcache *cache, enum memcache_number n) diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 904fb5c262..762ea214d1 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5291,6 +5291,11 @@ static bool run_local_memcache(int dummy) DATA_BLOB d1, d2, d3; DATA_BLOB v1, v2, v3; + TALLOC_CTX *mem_ctx; + char *str1, *str2; + size_t size1, size2; + bool ret = false; + cache = memcache_init(NULL, 100); if (cache == NULL) { @@ -5342,7 +5347,33 @@ static bool run_local_memcache(int dummy) } TALLOC_FREE(cache); - return true; + + cache = memcache_init(NULL, 0); + + mem_ctx = talloc_init("foo"); + + str1 = talloc_strdup(mem_ctx, "string1"); + str2 = talloc_strdup(mem_ctx, "string2"); + + memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, + data_blob_string_const("torture"), str1); + size1 = talloc_total_size(cache); + + memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, + data_blob_string_const("torture"), str2); + size2 = talloc_total_size(cache); + + printf("size1=%d, size2=%d\n", (int)size1, (int)size2); + + if (size2 > size1) { + printf("memcache leaks memory!\n"); + goto fail; + } + + ret = true; + fail: + TALLOC_FREE(cache); + return ret; } static double create_procs(bool (*fn)(int), bool *result) -- cgit From 3c98d5bd987358b1cbeb81fa8db37b97492cf0cc Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Fri, 14 Nov 2008 13:42:54 +0100 Subject: Make memcache_add_talloc NULL out the source pointer This is an orthogonality measure to make clear this pointer now belongs to the cache. (cherry picked from commit e6080c6e87d6fe3995b121a772bf3f6343fa666f) --- source3/auth/token_util.c | 6 ++++-- source3/lib/memcache.c | 14 ++++++++++++-- source3/lib/util_pw.c | 2 +- source3/passdb/pdb_interface.c | 14 +++++++------- source3/torture/torture.c | 4 ++-- 5 files changed, 26 insertions(+), 14 deletions(-) (limited to 'source3') diff --git a/source3/auth/token_util.c b/source3/auth/token_util.c index 6c00aa0943..28d6601b5f 100644 --- a/source3/auth/token_util.c +++ b/source3/auth/token_util.c @@ -77,7 +77,7 @@ bool nt_token_check_domain_rid( NT_USER_TOKEN *token, uint32 rid ) NT_USER_TOKEN *get_root_nt_token( void ) { - struct nt_user_token *token = NULL; + struct nt_user_token *token, *for_cache; DOM_SID u_sid, g_sid; struct passwd *pw; void *cache_data; @@ -107,9 +107,11 @@ NT_USER_TOKEN *get_root_nt_token( void ) token->privileges = se_disk_operators; + for_cache = token; + memcache_add_talloc( NULL, SINGLETON_CACHE_TALLOC, - data_blob_string_const_null("root_nt_token"), token); + data_blob_string_const_null("root_nt_token"), &for_cache); return token; } diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index 1951b4abf9..eaff15deda 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -340,9 +340,19 @@ void memcache_add(struct memcache *cache, enum memcache_number n, } void memcache_add_talloc(struct memcache *cache, enum memcache_number n, - DATA_BLOB key, void *ptr) + DATA_BLOB key, void **pptr) { - void *p = talloc_move(cache, &ptr); + void **ptr = (void **)pptr; + void *p; + + if (cache == NULL) { + cache = global_cache; + } + if (cache == NULL) { + return; + } + + p = talloc_move(cache, ptr); memcache_add(cache, n, key, data_blob_const(&p, sizeof(p))); } diff --git a/source3/lib/util_pw.c b/source3/lib/util_pw.c index c9b26f0a4f..b0baa12c3e 100644 --- a/source3/lib/util_pw.c +++ b/source3/lib/util_pw.c @@ -63,7 +63,7 @@ struct passwd *getpwnam_alloc(TALLOC_CTX *mem_ctx, const char *name) } memcache_add_talloc(NULL, GETPWNAM_CACHE, - data_blob_string_const_null(name), for_cache); + data_blob_string_const_null(name), &for_cache); return tcopy_passwd(mem_ctx, pw); } diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c index 6fe105854f..5a79f09db0 100644 --- a/source3/passdb/pdb_interface.c +++ b/source3/passdb/pdb_interface.c @@ -207,28 +207,28 @@ static struct pdb_methods *pdb_get_methods(void) bool pdb_getsampwnam(struct samu *sam_acct, const char *username) { struct pdb_methods *pdb = pdb_get_methods(); - struct samu *cache_copy; + struct samu *for_cache; const struct dom_sid *user_sid; if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { return False; } - cache_copy = samu_new(NULL); - if (cache_copy == NULL) { + for_cache = samu_new(NULL); + if (for_cache == NULL) { return False; } - if (!pdb_copy_sam_account(cache_copy, sam_acct)) { - TALLOC_FREE(cache_copy); + if (!pdb_copy_sam_account(for_cache, sam_acct)) { + TALLOC_FREE(for_cache); return False; } - user_sid = pdb_get_user_sid(cache_copy); + user_sid = pdb_get_user_sid(for_cache); memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, data_blob_const(user_sid, sizeof(*user_sid)), - cache_copy); + &for_cache); return True; } diff --git a/source3/torture/torture.c b/source3/torture/torture.c index 762ea214d1..603426b67c 100644 --- a/source3/torture/torture.c +++ b/source3/torture/torture.c @@ -5356,11 +5356,11 @@ static bool run_local_memcache(int dummy) str2 = talloc_strdup(mem_ctx, "string2"); memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, - data_blob_string_const("torture"), str1); + data_blob_string_const("torture"), &str1); size1 = talloc_total_size(cache); memcache_add_talloc(cache, SINGLETON_CACHE_TALLOC, - data_blob_string_const("torture"), str2); + data_blob_string_const("torture"), &str2); size2 = talloc_total_size(cache); printf("size1=%d, size2=%d\n", (int)size1, (int)size2); -- cgit From df21095ce8981827767e8646b6aefb053beb29a8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 15 Nov 2008 00:50:33 +0100 Subject: Attempt to fix the build I have no idea how this could have happened. Probably done a make and make test in a different tree than the one I have done the push from. Sorry. Volker --- source3/lib/memcache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/lib/memcache.c b/source3/lib/memcache.c index eaff15deda..606d72ab5a 100644 --- a/source3/lib/memcache.c +++ b/source3/lib/memcache.c @@ -340,7 +340,7 @@ void memcache_add(struct memcache *cache, enum memcache_number n, } void memcache_add_talloc(struct memcache *cache, enum memcache_number n, - DATA_BLOB key, void **pptr) + DATA_BLOB key, void *pptr) { void **ptr = (void **)pptr; void *p; -- cgit From caf0c17e247b7c66051abc9ed239506a4be6aecc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 15 Nov 2008 02:23:31 +0100 Subject: s3-spoolss: fix enumports segfault (another malloc vs. talloc candidate). Guenther --- source3/rpc_server/srv_spoolss_nt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 577f7f1ded..59c1323a0f 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7482,11 +7482,11 @@ WERROR enumports_hook(TALLOC_CTX *ctx, int *count, char ***lines ) /* if no hook then just fill in the default port */ if ( !*cmd ) { - if (!(qlines = SMB_MALLOC_ARRAY( char*, 2 ))) { + if (!(qlines = TALLOC_ARRAY( NULL, char*, 2 ))) { return WERR_NOMEM; } - if (!(qlines[0] = SMB_STRDUP( SAMBA_PRINTER_PORT_NAME ))) { - SAFE_FREE(qlines); + if (!(qlines[0] = talloc_strdup(qlines, SAMBA_PRINTER_PORT_NAME ))) { + TALLOC_FREE(qlines); return WERR_NOMEM; } qlines[1] = NULL; -- cgit From 8beecd42f2789635891121be8e185e9acef0bcb5 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 00:58:08 +0100 Subject: Move torture directory to top-level. --- source3/samba4.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/samba4.mk b/source3/samba4.mk index 1743431aa4..032a3d9c35 100644 --- a/source3/samba4.mk +++ b/source3/samba4.mk @@ -88,7 +88,7 @@ libutilsrcdir := $(samba4srcdir)/../lib/util libtdrsrcdir := $(samba4srcdir)/lib/tdr libdbwrapsrcdir := $(samba4srcdir)/lib/dbwrap libcryptosrcdir := $(samba4srcdir)/../lib/crypto -libtorturesrcdir := $(samba4srcdir)/lib/torture +libtorturesrcdir := ../lib/torture libcompressionsrcdir := $(samba4srcdir)/../lib/compression libgencachesrcdir := $(samba4srcdir)/lib paramsrcdir := $(samba4srcdir)/param -- cgit From 12f64285ee09954cac447cf9c9fa241fd4b1e59e Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Sun, 16 Nov 2008 01:35:46 +0100 Subject: Fix merged build. --- source3/samba4.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/samba4.m4 b/source3/samba4.m4 index b99deb8870..5a3ae36884 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -47,7 +47,7 @@ SMB_INCLUDE_MK(lib/zlib.mk) AC_CONFIG_FILES(../source4/lib/registry/registry.pc) AC_CONFIG_FILES(../source4/librpc/dcerpc.pc) AC_CONFIG_FILES(../librpc/ndr.pc) -AC_CONFIG_FILES(../source4/lib/torture/torture.pc) +AC_CONFIG_FILES(../lib/torture/torture.pc) AC_CONFIG_FILES(../source4/auth/gensec/gensec.pc) AC_CONFIG_FILES(../source4/param/samba-hostconfig.pc) AC_CONFIG_FILES(../source4/librpc/dcerpc_samr.pc) -- cgit From e711d7615797c48650bc8159928ab00a68055a6e Mon Sep 17 00:00:00 2001 From: TAKAHASHI Motonobu Date: Sun, 16 Nov 2008 13:17:16 +0100 Subject: Fix bug 5901: Default for streams_depot location --- source3/modules/vfs_streams_depot.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index d8c476f96f..e7ecedaaed 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -117,9 +117,17 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, struct file_id id; uint8 id_buf[16]; + tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); + + if (tmp == NULL) { + errno = ENOMEM; + goto fail; + } + const char *rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", - handle->conn->connectpath); + tmp); + TALLOC_FREE(tmp); if (base_sbuf == NULL) { if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) { -- cgit From 5e5ccab372035a4e46e83775f40fca1ae5542ada Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 17 Nov 2008 08:37:21 +0100 Subject: net: Fix net rap printq info documentation (bug #5892) Carsten Dumke reported and provided a patch for v3.0 and v3.2. (See 0a7fb721cdc) This fixes the same issue in v3.3 and also changes the auto-generated usage information to give better help about net rap printq info. --- source3/utils/net_rap.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c index 570e951aee..dd757abd1a 100644 --- a/source3/utils/net_rap.c +++ b/source3/utils/net_rap.c @@ -612,7 +612,7 @@ int net_rap_printq_usage(struct net_context *c, int argc, const char **argv) d_printf( "net rap printq [misc. options] [targets]\n" "\tor\n" - "net rap printq list [] [misc. options] [targets]\n" + "net rap printq info [] [misc. options] [targets]\n" "\tlists the specified queue and jobs on the target server.\n" "\tIf the queue name is not specified, all queues are listed.\n\n"); d_printf( @@ -726,9 +726,10 @@ int net_rap_printq(struct net_context *c, int argc, const char **argv) "info", rap_printq_info, NET_TRANSPORT_RAP, - "Display info about print job", - "net rap printq info\n" - " Display info about print job" + "Display info about print queues and jobs", + "net rap printq info [queue]\n" + " Display info about print jobs in queue.\n" + " If queue is not specified, all queues are listed" }, { "delete", -- cgit From 806a45c3c7e33fad90597f87373a532016e614e3 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 17 Nov 2008 11:01:15 +0100 Subject: Improve the Gemand pam_winbind translation. Signed-off-by: Andreas Schneider --- source3/locale/pam_winbind/de.po | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source3') diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 642d9d3e12..79ec20ff9e 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -62,7 +62,7 @@ msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" #: ../../nsswitch/pam_winbind.c:601 #, fuzzy msgid "Your account has expired. " -msgstr "Ihr Passwort ist abgelaufen" +msgstr "Ihr Benutzerkonto ist abgelaufen" #: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 msgid "Please contact your System administrator" @@ -70,15 +70,15 @@ msgstr "Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:604 msgid "Your account is disabled. " -msgstr "Ihr Account ist deaktiviert. " +msgstr "Ihr Benutzerkonto ist deaktiviert. " #: ../../nsswitch/pam_winbind.c:607 msgid "Your account has been locked. " -msgstr "Ihr Account wurde gesperrt. " +msgstr "Ihr Benutzerkonto wurde gesperrt. " #: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 msgid "Invalid Trust Account" -msgstr "Ungültiger Maschinen-Account" +msgstr "Ungültiges Maschinen-Konto" #: ../../nsswitch/pam_winbind.c:616 msgid "Access is denied" @@ -103,7 +103,7 @@ msgstr "Tag" #: ../../nsswitch/pam_winbind.c:1253 msgid "Grace login. Please change your password as soon you're online again" -msgstr "" +msgstr "Kulanzanmeldung. Bitte ändern sie ihr Passwort sobald sie wieder online sind" #: ../../nsswitch/pam_winbind.c:1263 msgid "Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable" @@ -115,7 +115,7 @@ msgid "" "with the domain controller. Please verify the system time.\n" msgstr "" "Anforderung eines Kerberos Tickets aufgrund Zeitunterscheid zum \n" -"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die System Zeit.\n" +"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die Systemzeit.\n" #: ../../nsswitch/pam_winbind.c:1356 msgid "Your password " @@ -133,7 +133,7 @@ msgstr "kann keines der %d vorherigen Passwörter enthalten; " #: ../../nsswitch/pam_winbind.c:1382 msgid "must contain capitals, numerals or punctuation; and cannot contain your account or full name; " -msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Anmelde- oder Vollnamen enthalten; " +msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Benutzer- oder vollen Namen enthalten; " #: ../../nsswitch/pam_winbind.c:1392 msgid "Please type a different password. Type a password which meets these requirements in both text boxes." -- cgit From 29f2ca8ff2b0ea5ac4639530d2d10eecff0d5eec Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Sun, 16 Nov 2008 16:31:31 +0800 Subject: Fix broken msgids in ntstatus_errors MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Günther Deschner --- source3/nsswitch/pam_winbind.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index c164f8e72a..1daa05ea17 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -598,14 +598,14 @@ static const struct ntstatus_errors { {"NT_STATUS_INVALID_LOGON_HOURS", N_("You are not allowed to logon at this time")}, {"NT_STATUS_ACCOUNT_EXPIRED", - N_("Your account has expired. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account has expired. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_DISABLED", - N_("Your account is disabled. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account is disabled. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_ACCOUNT_LOCKED_OUT", - N_("Your account has been locked. ") - N_("Please contact your System administrator")}, /* SCNR */ + N_("Your account has been locked. " + "Please contact your System administrator")}, /* SCNR */ {"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT", N_("Invalid Trust Account")}, {"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT", -- cgit From f09231254e2777dd8a1bb5555897139eec2d0b5b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 13:06:42 +0100 Subject: pam_winbind: rerun genmsg after Bo Yang's fixes. Guenther --- source3/locale/pam_winbind/de.po | 19 +++++++------------ 1 file changed, 7 insertions(+), 12 deletions(-) (limited to 'source3') diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po index 79ec20ff9e..5a7223d63d 100644 --- a/source3/locale/pam_winbind/de.po +++ b/source3/locale/pam_winbind/de.po @@ -7,7 +7,7 @@ msgid "" msgstr "" "Project-Id-Version: @PACKAGE@\n" "Report-Msgid-Bugs-To: \n" -"POT-Creation-Date: 2008-11-13 17:21+0100\n" +"POT-Creation-Date: 2008-11-17 12:00+0100\n" "PO-Revision-Date: 2008-11-13 14:29+0100\n" "Last-Translator: Guenther Deschner \n" "MIME-Version: 1.0\n" @@ -60,21 +60,16 @@ msgid "You are not allowed to logon at this time" msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden" #: ../../nsswitch/pam_winbind.c:601 -#, fuzzy -msgid "Your account has expired. " -msgstr "Ihr Benutzerkonto ist abgelaufen" - -#: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608 -msgid "Please contact your System administrator" -msgstr "Bitte kontaktieren Sie ihren System-Administrator" +msgid "Your account has expired. Please contact your System administrator" +msgstr "Ihr Benutzerkonto ist abgelaufen. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:604 -msgid "Your account is disabled. " -msgstr "Ihr Benutzerkonto ist deaktiviert. " +msgid "Your account is disabled. Please contact your System administrator" +msgstr "Ihr Benutzerkonto ist deaktiviert. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:607 -msgid "Your account has been locked. " -msgstr "Ihr Benutzerkonto wurde gesperrt. " +msgid "Your account has been locked. Please contact your System administrator" +msgstr "Ihr Benutzerkonto wurde gesperrt. Bitte kontaktieren Sie ihren System-Administrator" #: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614 msgid "Invalid Trust Account" -- cgit From 2fbdf22541497b56143083863bf1ffe5af7487fd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 00:52:50 +0100 Subject: s3-rpcclient: fill in unknowns in cmd_ntsvcs_get_hw_prof_info. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 7a25352943..11f16d3462 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -122,15 +122,15 @@ static WERROR cmd_ntsvcs_get_hw_prof_info(struct rpc_pipe_client *cli, WERROR werr; uint32_t idx = 0; struct PNP_HwProfInfo info; - uint32_t unknown1 = 0, unknown2 = 0; + uint32_t size = 0, flags = 0; ZERO_STRUCT(info); status = rpccli_PNP_GetHwProfInfo(cli, mem_ctx, idx, &info, - unknown1, - unknown2, + size, + flags, &werr); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); -- cgit From 5b4140a99767db9f0dfa02049e4dcff23a7fdb83 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:54:16 +0100 Subject: svcctl: fill in SERVICE_CONTROL from s3. Guenther --- source3/include/rpc_svcctl.h | 8 -------- source3/librpc/gen_ndr/cli_svcctl.c | 2 +- source3/librpc/gen_ndr/cli_svcctl.h | 2 +- source3/librpc/gen_ndr/ndr_svcctl.c | 34 +++++++++++++++++++++++++++++++--- source3/librpc/gen_ndr/ndr_svcctl.h | 1 + source3/librpc/gen_ndr/svcctl.h | 14 +++++++++++--- 6 files changed, 45 insertions(+), 16 deletions(-) (limited to 'source3') diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h index 27858405e7..7dd849d5b4 100644 --- a/source3/include/rpc_svcctl.h +++ b/source3/include/rpc_svcctl.h @@ -103,14 +103,6 @@ #define SVCCTL_DEMAND_START 0x00000003 #define SVCCTL_DISABLED 0x00000004 -/* Service Controls */ - -#define SVCCTL_CONTROL_STOP 0x00000001 -#define SVCCTL_CONTROL_PAUSE 0x00000002 -#define SVCCTL_CONTROL_CONTINUE 0x00000003 -#define SVCCTL_CONTROL_INTERROGATE 0x00000004 -#define SVCCTL_CONTROL_SHUTDOWN 0x00000005 - #define SVC_HANDLE_IS_SCM 0x0000001 #define SVC_HANDLE_IS_SERVICE 0x0000002 #define SVC_HANDLE_IS_DBLOCK 0x0000003 diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index e5fd4dac87..f67b447c6a 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -53,7 +53,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint32_t control /* [in] */, + enum SERVICE_CONTROL control /* [in] */, struct SERVICE_STATUS *service_status /* [out] [ref] */, WERROR *werror) { diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 02abbadf1e..4e4e223243 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -8,7 +8,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint32_t control /* [in] */, + enum SERVICE_CONTROL control /* [in] */, struct SERVICE_STATUS *service_status /* [out] [ref] */, WERROR *werror); NTSTATUS rpccli_svcctl_DeleteService(struct rpc_pipe_client *cli, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index d04c89b9a1..b417ba0a5c 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -297,6 +297,34 @@ _PUBLIC_ void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *nam ndr->depth--; } +static enum ndr_err_code ndr_push_SERVICE_CONTROL(struct ndr_push *ndr, int ndr_flags, enum SERVICE_CONTROL r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_SERVICE_CONTROL(struct ndr_pull *ndr, int ndr_flags, enum SERVICE_CONTROL *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r) +{ + const char *val = NULL; + + switch (r) { + case SVCCTL_CONTROL_STOP: val = "SVCCTL_CONTROL_STOP"; break; + case SVCCTL_CONTROL_PAUSE: val = "SVCCTL_CONTROL_PAUSE"; break; + case SVCCTL_CONTROL_CONTINUE: val = "SVCCTL_CONTROL_CONTINUE"; break; + case SVCCTL_CONTROL_INTERROGATE: val = "SVCCTL_CONTROL_INTERROGATE"; break; + case SVCCTL_CONTROL_SHUTDOWN: val = "SVCCTL_CONTROL_SHUTDOWN"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + static enum ndr_err_code ndr_push_svcctl_MgrAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); @@ -646,7 +674,7 @@ static enum ndr_err_code ndr_push_svcctl_ControlService(struct ndr_push *ndr, in return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.control)); + NDR_CHECK(ndr_push_SERVICE_CONTROL(ndr, NDR_SCALARS, r->in.control)); } if (flags & NDR_OUT) { if (r->out.service_status == NULL) { @@ -672,7 +700,7 @@ static enum ndr_err_code ndr_pull_svcctl_ControlService(struct ndr_pull *ndr, in NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.control)); + NDR_CHECK(ndr_pull_SERVICE_CONTROL(ndr, NDR_SCALARS, &r->in.control)); NDR_PULL_ALLOC(ndr, r->out.service_status); ZERO_STRUCTP(r->out.service_status); } @@ -703,7 +731,7 @@ _PUBLIC_ void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "control", r->in.control); + ndr_print_SERVICE_CONTROL(ndr, "control", r->in.control); ndr->depth--; } if (flags & NDR_OUT) { diff --git a/source3/librpc/gen_ndr/ndr_svcctl.h b/source3/librpc/gen_ndr/ndr_svcctl.h index 0bebd3401a..8d7739a7db 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.h +++ b/source3/librpc/gen_ndr/ndr_svcctl.h @@ -106,6 +106,7 @@ void ndr_print_ENUM_SERVICE_STATUS(struct ndr_print *ndr, const char *name, cons enum ndr_err_code ndr_push_svcctl_ServerType(struct ndr_push *ndr, int ndr_flags, uint32_t r); enum ndr_err_code ndr_pull_svcctl_ServerType(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *name, uint32_t r); +void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r); void ndr_print_svcctl_MgrAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r); diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index b098eb1c42..631cc2af7a 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -81,11 +81,19 @@ struct ENUM_SERVICE_STATUS { enum SERVICE_CONTROL #ifndef USE_UINT_ENUMS { - FIXME=1 + SVCCTL_CONTROL_STOP=0x00000001, + SVCCTL_CONTROL_PAUSE=0x00000002, + SVCCTL_CONTROL_CONTINUE=0x00000003, + SVCCTL_CONTROL_INTERROGATE=0x00000004, + SVCCTL_CONTROL_SHUTDOWN=0x00000005 } #else { __donnot_use_enum_SERVICE_CONTROL=0x7FFFFFFF} -#define FIXME ( 1 ) +#define SVCCTL_CONTROL_STOP ( 0x00000001 ) +#define SVCCTL_CONTROL_PAUSE ( 0x00000002 ) +#define SVCCTL_CONTROL_CONTINUE ( 0x00000003 ) +#define SVCCTL_CONTROL_INTERROGATE ( 0x00000004 ) +#define SVCCTL_CONTROL_SHUTDOWN ( 0x00000005 ) #endif ; @@ -137,7 +145,7 @@ struct svcctl_CloseServiceHandle { struct svcctl_ControlService { struct { struct policy_handle *handle;/* [ref] */ - uint32_t control; + enum SERVICE_CONTROL control; } in; struct { -- cgit From 0e801722e335c1bd17897848bf63d2acf4576b2e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 14 Nov 2008 11:54:46 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_svcctl.c | 34 +++---- source3/librpc/gen_ndr/cli_svcctl.h | 32 +++---- source3/librpc/gen_ndr/ndr_svcctl.c | 182 +++++++++++++++++++++++++----------- source3/librpc/gen_ndr/srv_svcctl.c | 6 -- source3/librpc/gen_ndr/svcctl.h | 34 +++---- 5 files changed, 179 insertions(+), 109 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index f67b447c6a..9f11a40d7e 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -702,10 +702,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli, struct policy_handle *handle /* [in] [ref] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint32_t buf_size /* [in] */, - uint8_t *service /* [out] [size_is(buf_size)] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *services_returned /* [out] [ref] */, + uint8_t *service /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *services_returned /* [out] [ref,range(0,262144)] */, uint32_t *resume_handle /* [in,out] [unique] */, WERROR *werror) { @@ -1976,9 +1976,9 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceConfig2W r; @@ -2027,9 +2027,9 @@ NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceStatusEx r; @@ -2144,12 +2144,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, uint32_t info_level /* [in] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint8_t *services /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *service_returned /* [out] [ref] */, - uint32_t *resume_handle /* [in,out] [unique] */, - const char **group_name /* [out] [ref,charset(UTF16)] */, + uint8_t *services /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *service_returned /* [out] [ref,range(0,262144)] */, + uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */, + const char *group_name /* [in] [unique,charset(UTF16)] */, WERROR *werror) { struct EnumServicesStatusExW r; @@ -2162,6 +2162,7 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, r.in.state = state; r.in.buf_size = buf_size; r.in.resume_handle = resume_handle; + r.in.group_name = group_name; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(EnumServicesStatusExW, &r); @@ -2192,7 +2193,6 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, if (resume_handle && r.out.resume_handle) { *resume_handle = *r.out.resume_handle; } - *group_name = *r.out.group_name; /* Return result */ if (werror) { diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 4e4e223243..78c9bf40d8 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -104,10 +104,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli, struct policy_handle *handle /* [in] [ref] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint32_t buf_size /* [in] */, - uint8_t *service /* [out] [size_is(buf_size)] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *services_returned /* [out] [ref] */, + uint8_t *service /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *services_returned /* [out] [ref,range(0,262144)] */, uint32_t *resume_handle /* [in,out] [unique] */, WERROR *werror); NTSTATUS rpccli_svcctl_OpenSCManagerW(struct rpc_pipe_client *cli, @@ -292,17 +292,17 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t info_level /* [in] */, - uint8_t *buffer /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + uint8_t *buffer /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_EnumServicesStatusExA(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, @@ -323,12 +323,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli, uint32_t info_level /* [in] */, uint32_t type /* [in] */, uint32_t state /* [in] */, - uint8_t *services /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, - uint32_t *service_returned /* [out] [ref] */, - uint32_t *resume_handle /* [in,out] [unique] */, - const char **group_name /* [out] [ref,charset(UTF16)] */, + uint8_t *services /* [out] [ref,size_is(buf_size)] */, + uint32_t buf_size /* [in] [range(0,262144)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */, + uint32_t *service_returned /* [out] [ref,range(0,262144)] */, + uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */, + const char *group_name /* [in] [unique,charset(UTF16)] */, WERROR *werror); NTSTATUS rpccli_svcctl_SCSendTSMessage(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index b417ba0a5c..2bccde9ba0 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -2123,6 +2123,9 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusW(struct ndr_push *nd } } if (flags & NDR_OUT) { + if (r->out.service == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.service, r->in.buf_size)); if (r->out.bytes_needed == NULL) { @@ -2162,6 +2165,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { NDR_PULL_ALLOC(ndr, r->in.resume_handle); @@ -2174,6 +2180,8 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } + NDR_PULL_ALLOC_N(ndr, r->out.service, r->in.buf_size); + memset(r->out.service, 0, (r->in.buf_size) * sizeof(*r->out.service)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); NDR_PULL_ALLOC(ndr, r->out.services_returned); @@ -2181,7 +2189,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd } if (flags & NDR_OUT) { NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service)); - NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service)); + } NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); @@ -2189,6 +2199,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.services_returned); @@ -2196,6 +2209,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd _mem_save_services_returned_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.services_returned, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.services_returned)); + if (*r->out.services_returned < 0 || *r->out.services_returned > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_services_returned_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { @@ -2245,7 +2261,10 @@ _PUBLIC_ void ndr_print_svcctl_EnumServicesStatusW(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_EnumServicesStatusW"); ndr->depth++; + ndr_print_ptr(ndr, "service", r->out.service); + ndr->depth++; ndr_print_array_uint8(ndr, "service", r->out.service, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5333,6 +5352,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2W(struct ndr_push *n NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { + if (r->out.buffer == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5359,20 +5382,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); + memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.buffer) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5398,7 +5435,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfig2W(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfig2W"); ndr->depth++; + ndr_print_ptr(ndr, "buffer", r->out.buffer); + ndr->depth++; ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5420,6 +5460,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceStatusEx(struct ndr_push *n NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { + if (r->out.buffer == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5446,20 +5490,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *n NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); + memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.buffer) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5485,7 +5543,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceStatusEx(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceStatusEx"); ndr->depth++; + ndr_print_ptr(ndr, "buffer", r->out.buffer); + ndr->depth++; ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5716,8 +5777,19 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in if (r->in.resume_handle) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle)); } + NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.group_name)); + if (r->in.group_name) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.group_name, ndr_charset_length(r->in.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } } if (flags & NDR_OUT) { + if (r->out.services == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); @@ -5731,16 +5803,6 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in if (r->out.resume_handle) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle)); } - if (r->out.group_name == NULL) { - return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); - } - NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.group_name)); - if (*r->out.group_name) { - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16))); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16))); - NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16)); - } NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -5755,7 +5817,6 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in TALLOC_CTX *_mem_save_service_returned_0; TALLOC_CTX *_mem_save_resume_handle_0; TALLOC_CTX *_mem_save_group_name_0; - TALLOC_CTX *_mem_save_group_name_1; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -5770,6 +5831,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { NDR_PULL_ALLOC(ndr, r->in.resume_handle); @@ -5780,24 +5844,51 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, 0); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle)); + if (*r->in.resume_handle < 0 || *r->in.resume_handle > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name)); + if (_ptr_group_name) { + NDR_PULL_ALLOC(ndr, r->in.group_name); + } else { + r->in.group_name = NULL; + } + if (r->in.group_name) { + _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->in.group_name, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->in.group_name)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->in.group_name)); + if (ndr_get_array_length(ndr, &r->in.group_name) > ndr_get_array_size(ndr, &r->in.group_name)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.group_name), ndr_get_array_length(ndr, &r->in.group_name)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.group_name, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, 0); + } + NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size); + memset(r->out.services, 0, (r->in.buf_size) * sizeof(*r->out.services)); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); NDR_PULL_ALLOC(ndr, r->out.service_returned); ZERO_STRUCTP(r->out.service_returned); - NDR_PULL_ALLOC(ndr, r->out.group_name); - ZERO_STRUCTP(r->out.group_name); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size)); + NDR_CHECK(ndr_pull_array_size(ndr, &r->out.services)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC_N(ndr, r->out.services, ndr_get_array_size(ndr, &r->out.services)); + } + NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, ndr_get_array_size(ndr, &r->out.services))); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.service_returned); @@ -5805,6 +5896,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_service_returned_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.service_returned, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.service_returned)); + if (*r->out.service_returned < 0 || *r->out.service_returned > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_returned_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle)); if (_ptr_resume_handle) { @@ -5816,33 +5910,15 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in _mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, 0); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); - } - if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { - NDR_PULL_ALLOC(ndr, r->out.group_name); - } - _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, r->out.group_name, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name)); - if (_ptr_group_name) { - NDR_PULL_ALLOC(ndr, *r->out.group_name); - } else { - *r->out.group_name = NULL; - } - if (*r->out.group_name) { - _mem_save_group_name_1 = NDR_PULL_GET_MEM_CTX(ndr); - NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0); - NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name)); - NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name)); - if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) { - return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name)); + if (*r->out.resume_handle < 0 || *r->out.resume_handle > 262144) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t))); - NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16)); - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0); } - NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); + if (r->out.services) { + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.services, r->in.buf_size)); + } } return NDR_ERR_SUCCESS; } @@ -5871,12 +5947,21 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle); } ndr->depth--; + ndr_print_ptr(ndr, "group_name", r->in.group_name); + ndr->depth++; + if (r->in.group_name) { + ndr_print_string(ndr, "group_name", r->in.group_name); + } + ndr->depth--; ndr->depth--; } if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "EnumServicesStatusExW"); ndr->depth++; + ndr_print_ptr(ndr, "services", r->out.services); + ndr->depth++; ndr_print_array_uint8(ndr, "services", r->out.services, r->in.buf_size); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); @@ -5891,15 +5976,6 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle); } ndr->depth--; - ndr_print_ptr(ndr, "group_name", r->out.group_name); - ndr->depth++; - ndr_print_ptr(ndr, "group_name", *r->out.group_name); - ndr->depth++; - if (*r->out.group_name) { - ndr_print_string(ndr, "group_name", *r->out.group_name); - } - ndr->depth--; - ndr->depth--; ndr_print_WERROR(ndr, "result", r->out.result); ndr->depth--; } diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index 2349b4fd93..f37111137e 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -3445,12 +3445,6 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) } r->out.resume_handle = r->in.resume_handle; - r->out.group_name = talloc_zero(r, const char *); - if (r->out.group_name == NULL) { - talloc_free(r); - return false; - } - r->out.result = _EnumServicesStatusExW(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index 631cc2af7a..9baa122e56 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -341,14 +341,14 @@ struct svcctl_EnumServicesStatusW { struct policy_handle *handle;/* [ref] */ uint32_t type; uint32_t state; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,262144)] */ uint32_t *resume_handle;/* [unique] */ } in; struct { - uint8_t *service;/* [size_is(buf_size)] */ - uint32_t *bytes_needed;/* [ref] */ - uint32_t *services_returned;/* [ref] */ + uint8_t *service;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,262144)] */ + uint32_t *services_returned;/* [ref,range(0,262144)] */ uint32_t *resume_handle;/* [unique] */ WERROR result; } out; @@ -729,12 +729,12 @@ struct svcctl_QueryServiceConfig2W { struct { struct policy_handle *handle;/* [ref] */ uint32_t info_level; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *buffer; - uint32_t *bytes_needed;/* [ref] */ + uint8_t *buffer;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,8192)] */ WERROR result; } out; @@ -745,12 +745,12 @@ struct svcctl_QueryServiceStatusEx { struct { struct policy_handle *handle;/* [ref] */ uint32_t info_level; - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *buffer; - uint32_t *bytes_needed;/* [ref] */ + uint8_t *buffer;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,8192)] */ WERROR result; } out; @@ -785,16 +785,16 @@ struct EnumServicesStatusExW { uint32_t info_level; uint32_t type; uint32_t state; - uint32_t buf_size; - uint32_t *resume_handle;/* [unique] */ + uint32_t buf_size;/* [range(0,262144)] */ + const char *group_name;/* [unique,charset(UTF16)] */ + uint32_t *resume_handle;/* [unique,range(0,262144)] */ } in; struct { - uint8_t *services; - uint32_t *bytes_needed;/* [ref] */ - uint32_t *service_returned;/* [ref] */ - const char **group_name;/* [ref,charset(UTF16)] */ - uint32_t *resume_handle;/* [unique] */ + uint8_t *services;/* [ref,size_is(buf_size)] */ + uint32_t *bytes_needed;/* [ref,range(0,262144)] */ + uint32_t *service_returned;/* [ref,range(0,262144)] */ + uint32_t *resume_handle;/* [unique,range(0,262144)] */ WERROR result; } out; -- cgit From 0b1015d73edd437fdc85dd765e59cb5ae232afac Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Mon, 17 Nov 2008 10:21:29 -0800 Subject: Fix build warning introduced by making SERVICE_CONTROL an enum --- source3/rpc_server/srv_svcctl_nt.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 4beab6488b..0bed13e522 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -517,11 +517,9 @@ WERROR _svcctl_ControlService(pipes_struct *p, return info->ops->service_status( info->name, r->out.service_status ); + default: + return WERR_ACCESS_DENIED; } - - /* default control action */ - - return WERR_ACCESS_DENIED; } /******************************************************************** -- cgit From a48abdaa811c76e64a3383fe970e62b7bbb3582c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 18:25:01 +0100 Subject: s3-libnet-samsync: use enctype 23 for vampired keytab entries. Guenther --- source3/libnet/libnet_samsync_keytab.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 4b0cc06d94..0341641a4c 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -90,7 +90,7 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, ctx->dns_domain_name); entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16); entry.kvno = ads_get_kvno(ctx->ads, entry.name); - entry.enctype = ENCTYPE_NULL; + entry.enctype = ENCTYPE_ARCFOUR_HMAC; NT_STATUS_HAVE_NO_MEMORY(entry.name); NT_STATUS_HAVE_NO_MEMORY(entry.principal); -- cgit From d8df43e65d507710de72c6743f43127ad14019fc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 17 Nov 2008 14:13:20 -0800 Subject: Fix bug #5900 reported by monyo@samba.gr.jp - vfs_readonly.so does not work. Jeremy. --- source3/include/proto.h | 3 ++- source3/modules/vfs_readonly.c | 13 +++++++++++++ source3/smbd/share_access.c | 6 ++++-- source3/smbd/uid.c | 3 ++- 4 files changed, 21 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 5f9203a21f..33425849d1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8459,7 +8459,8 @@ bool user_ok_token(const char *username, const char *domain, struct nt_user_token *token, int snum); bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, int snum); + struct nt_user_token *token, + connection_struct *conn); /* The following definitions come from smbd/srvstr.c */ diff --git a/source3/modules/vfs_readonly.c b/source3/modules/vfs_readonly.c index d4ddf32e3a..58c83e5e1b 100644 --- a/source3/modules/vfs_readonly.c +++ b/source3/modules/vfs_readonly.c @@ -64,12 +64,25 @@ static int readonly_connect(vfs_handle_struct *handle, "period", period_def); if (period && period[0] && period[1]) { + int i; time_t current_time = time(NULL); time_t begin_period = get_date(period[0], ¤t_time); time_t end_period = get_date(period[1], ¤t_time); if ((current_time >= begin_period) && (current_time <= end_period)) { + connection_struct *conn = handle->conn; + handle->conn->read_only = True; + + /* Wipe out the VUID cache. */ + for (i=0; i< VUID_CACHE_SIZE; i++) { + struct vuid_cache_entry *ent = ent = &conn->vuid_cache.array[i]; + ent->vuid = UID_FIELD_INVALID; + TALLOC_FREE(ent->server_info); + ent->read_only = false; + ent->admin_user = false; + } + conn->vuid_cache.next_entry = 0; } return SMB_VFS_NEXT_CONNECT(handle, service, user); diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c index f5f79c86e5..9dbacc2998 100644 --- a/source3/smbd/share_access.c +++ b/source3/smbd/share_access.c @@ -252,9 +252,11 @@ bool user_ok_token(const char *username, const char *domain, bool is_share_read_only_for_token(const char *username, const char *domain, - struct nt_user_token *token, int snum) + struct nt_user_token *token, + connection_struct *conn) { - bool result = lp_readonly(snum); + int snum = SNUM(conn); + bool result = conn->read_only; if (lp_readlist(snum) != NULL) { if (token_contains_name_in_list(username, domain, diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index 045de6f2d3..c238f40cfd 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -88,7 +88,8 @@ static bool check_user_ok(connection_struct *conn, uint16_t vuid, readonly_share = is_share_read_only_for_token( server_info->unix_name, pdb_get_domain(server_info->sam_account), - server_info->ptok, snum); + server_info->ptok, + conn); if (!readonly_share && !share_access_check(server_info->ptok, lp_servicename(snum), -- cgit From 9ea794417e8bad3da4236f4071a0d8a23612ac8a Mon Sep 17 00:00:00 2001 From: Davide Sfriso Date: Mon, 17 Nov 2008 15:38:56 -0800 Subject: Fix bug #5906 when running winbindd on a Samba PDC. Winbindd crash on 'getent group' Jeremy. --- source3/winbindd/winbindd_passdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c index 0cf4540cfe..101854ae94 100644 --- a/source3/winbindd/winbindd_passdb.c +++ b/source3/winbindd/winbindd_passdb.c @@ -639,13 +639,13 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain, sid_type_lookup(lsa_names[i].type))); continue; } - if (!((*names)[i] = talloc_strdup((*names), + if (!((*names)[num_mapped] = talloc_strdup((*names), lsa_names[i].name))) { TALLOC_FREE(tmp_ctx); return NT_STATUS_NO_MEMORY; } - (*name_types)[i] = lsa_names[i].type; + (*name_types)[num_mapped] = lsa_names[i].type; num_mapped += 1; } -- cgit From 1a48107cc4667f22b05fdfce952f9dcdcfaa0c7a Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 15:49:27 +0100 Subject: s3-libnet-samsync: add support for partial replication. Guenther --- source3/libnet/libnet_samsync.c | 119 ++++++++++++++++++++++++++++++++++++---- source3/libnet/libnet_samsync.h | 17 ++++++ 2 files changed, 124 insertions(+), 12 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 00caf2b8c1..2e7063e4ea 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -282,8 +282,58 @@ static const char *samsync_debug_str(TALLOC_CTX *mem_ctx, * libnet_samsync */ -NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, - struct samsync_context *ctx) +void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, + struct netr_ChangeLogEntry *e) +{ + ZERO_STRUCTP(e); + + e->db_index = o->database_id; + e->delta_type = o->object_type; + + switch (e->delta_type) { + case NETR_DELTA_DOMAIN: + case NETR_DELTA_DELETE_GROUP: + case NETR_DELTA_RENAME_GROUP: + case NETR_DELTA_DELETE_USER: + case NETR_DELTA_RENAME_USER: + case NETR_DELTA_DELETE_ALIAS: + case NETR_DELTA_RENAME_ALIAS: + case NETR_DELTA_DELETE_TRUST: + case NETR_DELTA_DELETE_ACCOUNT: + case NETR_DELTA_DELETE_SECRET: + case NETR_DELTA_DELETE_GROUP2: + case NETR_DELTA_DELETE_USER2: + case NETR_DELTA_MODIFY_COUNT: + break; + case NETR_DELTA_USER: + case NETR_DELTA_GROUP: + case NETR_DELTA_GROUP_MEMBER: + case NETR_DELTA_ALIAS: + case NETR_DELTA_ALIAS_MEMBER: + e->object_rid = o->object_identifier.rid; + break; + case NETR_DELTA_SECRET: + e->object.object_name = o->object_identifier.name; + e->flags = NETR_CHANGELOG_NAME_INCLUDED; + break; + case NETR_DELTA_TRUSTED_DOMAIN: + case NETR_DELTA_ACCOUNT: + case NETR_DELTA_POLICY: + e->object.object_sid = o->object_identifier.sid; + e->flags = NETR_CHANGELOG_SID_INCLUDED; + break; + default: + break; + } +} + +/** + * libnet_samsync_delta + */ + +static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, + struct samsync_context *ctx, + struct netr_ChangeLogEntry *e) { NTSTATUS result; TALLOC_CTX *mem_ctx; @@ -313,16 +363,28 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, netlogon_creds_client_step(ctx->cli->dc, &credential); - result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, - logon_server, - computername, - &credential, - &return_authenticator, - database_id, - restart_state, - &sync_context, - &delta_enum_array, - 0xffff); + if (ctx->single_object_replication) { + result = rpccli_netr_DatabaseRedo(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + *e, + 0, + &delta_enum_array); + } else { + result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + restart_state, + &sync_context, + &delta_enum_array, + 0xffff); + } + if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { return result; } @@ -383,6 +445,39 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, return result; } +/** + * libnet_samsync + */ + +NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, + struct samsync_context *ctx) +{ + NTSTATUS status = NT_STATUS_OK; + int i = 0; + + if (!ctx->single_object_replication) { + return libnet_samsync_delta(database_id, ctx, NULL); + } + + for (i=0; inum_objects; i++) { + + struct netr_ChangeLogEntry e; + + if (ctx->objects[i].database_id != database_id) { + continue; + } + + libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e); + + status = libnet_samsync_delta(database_id, ctx, &e); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + } + + return status; +} + /** * pull_netr_AcctLockStr */ diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 1f10d2c1c0..4a356e2eed 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -33,6 +33,16 @@ typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, bool, struct samsync_context *); +struct samsync_object { + uint16_t database_id; + uint16_t object_type; + union { + uint32_t rid; + const char *name; + struct dom_sid sid; + } object_identifier; +}; + struct samsync_context { enum net_samsync_mode mode; const struct dom_sid *domain_sid; @@ -46,6 +56,13 @@ struct samsync_context { char *result_message; char *error_message; + bool single_object_replication; + bool force_full_replication; + bool clean_old_entries; + + uint32_t num_objects; + struct samsync_object *objects; + struct rpc_pipe_client *cli; samsync_delta_fn_t delta_fn; void *private_data; -- cgit From 2ac4b434302ad5e9c105a709fe02431f17a0fecc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 4 Nov 2008 16:25:40 +0100 Subject: s3-net-vampire: add support for partial replication (individual deltas). Guenther --- source3/utils/net_rpc_samsync.c | 109 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) (limited to 'source3') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 73e6dd03cb..9fab949130 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -26,6 +26,81 @@ #include "includes.h" #include "utils/net.h" +static void parse_samsync_partial_replication_objects(TALLOC_CTX *mem_ctx, + int argc, + const char **argv, + bool *do_single_object_replication, + struct samsync_object **objects, + uint32_t *num_objects) +{ + int i; + + if (argc > 0) { + *do_single_object_replication = true; + } + + for (i=0; iis_dc = (info.basic.role & (DS_ROLE_PRIMARY_DC|DS_ROLE_BACKUP_DC)); + dc_info->is_pdc = (info.basic.role & DS_ROLE_PRIMARY_DC); + dc_info->is_ad = (info.basic.flags & DS_ROLE_PRIMARY_DS_RUNNING); + dc_info->is_mixed_mode = (info.basic.flags & DS_ROLE_PRIMARY_DS_MIXED_MODE); + dc_info->netbios_domain_name = talloc_strdup(mem_ctx, info.basic.domain); + dc_info->dns_domain_name = talloc_strdup(mem_ctx, info.basic.dns_domain); + dc_info->forest_name = talloc_strdup(mem_ctx, info.basic.forest); + + return NT_STATUS_OK; +} -- cgit From 4be8d9cca011cc090e19b2b43b59455d7e6a4b89 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 19:00:26 +0100 Subject: s3-net: use net_scan_dc in net rpc vampire keytab. Guenther --- source3/utils/net_rpc_samsync.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 9fab949130..22c6d25402 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -457,6 +457,9 @@ static NTSTATUS rpc_vampire_keytab_ds_internals(struct net_context *c, int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) { int ret = 0; + NTSTATUS status; + struct cli_state *cli = NULL; + struct net_dc_info dc_info; if (c->display_usage || (argc < 1)) { d_printf("Usage:\n" @@ -465,14 +468,30 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv) return 0; } - ret = run_rpc_command(c, NULL, &ndr_table_drsuapi.syntax_id, - NET_FLAGS_SEAL, - rpc_vampire_keytab_ds_internals, argc, argv); - if (ret == 0) { - return 0; + status = net_make_ipc_connection(c, 0, &cli); + if (!NT_STATUS_IS_OK(status)) { + return -1; } - return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, - rpc_vampire_keytab_internals, - argc, argv); + status = net_scan_dc(c, cli, &dc_info); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + if (!dc_info.is_ad) { + printf("DC is not running Active Directory\n"); + return -1; + } + + if (dc_info.is_mixed_mode) { + ret = run_rpc_command(c, cli, &ndr_table_netlogon.syntax_id, + 0, + rpc_vampire_keytab_internals, argc, argv); + } else { + ret = run_rpc_command(c, cli, &ndr_table_drsuapi.syntax_id, + NET_FLAGS_SEAL, + rpc_vampire_keytab_ds_internals, argc, argv); + } + + return ret; } -- cgit From 9f86dd715a3d79d17c9366293f0dccdf95cc31ba Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 13:25:50 +0100 Subject: s3-net: add "net rpc vampire passdb" that allows to take arguments. Guenther --- source3/utils/net_proto.h | 1 + source3/utils/net_rpc.c | 8 ++++++++ source3/utils/net_rpc_samsync.c | 13 +++++++++++++ 3 files changed, 22 insertions(+) (limited to 'source3') diff --git a/source3/utils/net_proto.h b/source3/utils/net_proto.h index 128f88b0d3..c058a0166f 100644 --- a/source3/utils/net_proto.h +++ b/source3/utils/net_proto.h @@ -359,6 +359,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, TALLOC_CTX *mem_ctx, int argc, const char **argv); +int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv); int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv); NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, const DOM_SID *domain_sid, diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 10f2a324a3..8c79cea021 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -6370,6 +6370,14 @@ static int rpc_vampire(struct net_context *c, int argc, const char **argv) "net rpc vampire keytab\n" " Dump remote SAM database to Kerberos keytab file" }, + { + "passdb", + rpc_vampire_passdb, + NET_TRANSPORT_RPC, + "Dump remote SAM database to passdb", + "net rpc vampire passdb\n" + " Dump remote SAM database to passdb" + }, {NULL, NULL, 0, NULL, NULL} }; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 22c6d25402..3b97718634 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -248,6 +248,19 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, return result; } +int rpc_vampire_passdb(struct net_context *c, int argc, const char **argv) +{ + if (c->display_usage) { + d_printf("Usage:\n" + "net rpc vampire passdb\n" + " Dump remote SAM database to passdb\n"); + return 0; + } + + return run_rpc_command(c, NULL, &ndr_table_netlogon.syntax_id, 0, + rpc_vampire_internals, argc, argv); +} + NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, const DOM_SID *domain_sid, const char *domain_name, -- cgit From 0861a7122e5772d4a987afb3e77baa2faa99fb32 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 01:16:53 +0100 Subject: s3-libnet: move add_to_keytab_entries to libnet_keytab. Guenther --- source3/libnet/libnet_dssync_keytab.c | 111 ++++++++++++--------------------- source3/libnet/libnet_keytab.c | 33 ++++++++++ source3/libnet/libnet_proto.h | 7 +++ source3/libnet/libnet_samsync_keytab.c | 29 +++++---- 4 files changed, 93 insertions(+), 87 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c index 6a3139d6ad..a05bfdcbe2 100644 --- a/source3/libnet/libnet_dssync_keytab.c +++ b/source3/libnet/libnet_dssync_keytab.c @@ -24,39 +24,6 @@ #if defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) -/** - * Internal helper function to add data to the list - * of keytab entries. It builds the prefix from the input. - */ -static NTSTATUS add_to_keytab_entries(TALLOC_CTX *mem_ctx, - struct libnet_keytab_context *ctx, - uint32_t kvno, - const char *name, - const char *prefix, - const krb5_enctype enctype, - DATA_BLOB blob) -{ - struct libnet_keytab_entry entry; - - entry.kvno = kvno; - entry.name = talloc_strdup(mem_ctx, name); - entry.principal = talloc_asprintf(mem_ctx, "%s%s%s@%s", - prefix ? prefix : "", - prefix ? "/" : "", - name, ctx->dns_domain_name); - entry.enctype = enctype; - entry.password = blob; - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); - NT_STATUS_HAVE_NO_MEMORY(ctx->entries); - - return NT_STATUS_OK; -} - static NTSTATUS keytab_startup(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, struct replUpToDateVectorBlob **pold_utdv) { @@ -134,10 +101,10 @@ static NTSTATUS keytab_finish(struct dssync_context *ctx, TALLOC_CTX *mem_ctx, goto done; } - status = add_to_keytab_entries(mem_ctx, keytab_ctx, 0, - ctx->nc_dn, "UTDV", - ENCTYPE_NULL, - blob); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, 0, + ctx->nc_dn, "UTDV", + ENCTYPE_NULL, + blob); if (!NT_STATUS_IS_OK(status)) { goto done; } @@ -391,11 +358,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } if (name) { - status = add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, - "SAMACCOUNTNAME", - ENCTYPE_NULL, - data_blob_talloc(mem_ctx, name, - strlen(name) + 1)); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, 0, object_dn, + "SAMACCOUNTNAME", + ENCTYPE_NULL, + data_blob_talloc(mem_ctx, name, + strlen(name) + 1)); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -454,9 +421,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } DEBUGADD(1,("\n")); - status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, - ENCTYPE_ARCFOUR_HMAC, - data_blob_talloc(mem_ctx, nt_passwd, 16)); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, NULL, + ENCTYPE_ARCFOUR_HMAC, + data_blob_talloc(mem_ctx, nt_passwd, 16)); if (!NT_STATUS_IS_OK(status)) { return status; @@ -469,11 +436,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno, - name, - NULL, - pkb4->keys[i].keytype, - *pkb4->keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, + name, + NULL, + pkb4->keys[i].keytype, + *pkb4->keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -482,11 +449,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->old_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, - name, - NULL, - pkb4->old_keys[i].keytype, - *pkb4->old_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb4->old_keys[i].keytype, + *pkb4->old_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -495,11 +462,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb4->older_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 2, - name, - NULL, - pkb4->older_keys[i].keytype, - *pkb4->older_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 2, + name, + NULL, + pkb4->older_keys[i].keytype, + *pkb4->older_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -511,10 +478,10 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb3->keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno, name, - NULL, - pkb3->keys[i].keytype, - *pkb3->keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno, name, + NULL, + pkb3->keys[i].keytype, + *pkb3->keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -523,11 +490,11 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, if (!pkb3->old_keys[i].value) { continue; } - status = add_to_keytab_entries(mem_ctx, ctx, kvno - 1, - name, - NULL, - pkb3->old_keys[i].keytype, - *pkb3->old_keys[i].value); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, kvno - 1, + name, + NULL, + pkb3->old_keys[i].keytype, + *pkb3->old_keys[i].value); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -549,9 +516,9 @@ static NTSTATUS parse_object(TALLOC_CTX *mem_ctx, } for (; idns_domain_name); + entry.enctype = enctype; + entry.password = blob; + NT_STATUS_HAVE_NO_MEMORY(entry.name); + NT_STATUS_HAVE_NO_MEMORY(entry.principal); + NT_STATUS_HAVE_NO_MEMORY(entry.password.data); + + ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, + &ctx->entries, &ctx->count); + NT_STATUS_HAVE_NO_MEMORY(ctx->entries); + + return NT_STATUS_OK; +} + #endif /* HAVE_KRB5 */ diff --git a/source3/libnet/libnet_proto.h b/source3/libnet/libnet_proto.h index 69a16c1c7d..9a193b724d 100644 --- a/source3/libnet/libnet_proto.h +++ b/source3/libnet/libnet_proto.h @@ -55,6 +55,13 @@ struct libnet_keytab_entry *libnet_keytab_search(struct libnet_keytab_context *c const char *principal, int kvno, const krb5_enctype enctype, TALLOC_CTX *mem_ctx); +NTSTATUS libnet_keytab_add_to_keytab_entries(TALLOC_CTX *mem_ctx, + struct libnet_keytab_context *ctx, + uint32_t kvno, + const char *name, + const char *prefix, + const krb5_enctype enctype, + DATA_BLOB blob); #endif /* The following definitions come from libnet/libnet_samsync.c */ diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 0341641a4c..5c17d010aa 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -78,27 +78,26 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, bool last_query, struct libnet_keytab_context *ctx) { - struct libnet_keytab_entry entry; + NTSTATUS status; + uint32_t kvno = 0; + DATA_BLOB blob; if (memcmp(r->ntpassword.hash, ctx->zero_buf, 16) == 0) { return NT_STATUS_OK; } - entry.name = talloc_strdup(mem_ctx, r->account_name.string); - entry.principal = talloc_asprintf(mem_ctx, "%s@%s", - r->account_name.string, - ctx->dns_domain_name); - entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16); - entry.kvno = ads_get_kvno(ctx->ads, entry.name); - entry.enctype = ENCTYPE_ARCFOUR_HMAC; - - NT_STATUS_HAVE_NO_MEMORY(entry.name); - NT_STATUS_HAVE_NO_MEMORY(entry.principal); - NT_STATUS_HAVE_NO_MEMORY(entry.password.data); - + kvno = ads_get_kvno(ctx->ads, r->account_name.string); + blob = data_blob_const(r->ntpassword.hash, 16); - ADD_TO_ARRAY(mem_ctx, struct libnet_keytab_entry, entry, - &ctx->entries, &ctx->count); + status = libnet_keytab_add_to_keytab_entries(mem_ctx, ctx, + kvno, + r->account_name.string, + NULL, + ENCTYPE_ARCFOUR_HMAC, + blob); + if (!NT_STATUS_IS_OK(status)) { + return status; + } return NT_STATUS_OK; } -- cgit From 10572d1bf46da4e5dce2e9744778d8cffa312cb0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:28:34 +0100 Subject: s3-libnet-samsync: add samsync_ops. Guenther --- source3/libnet/libnet_samsync.h | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 4a356e2eed..42bf8d1537 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -32,6 +32,21 @@ typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, struct netr_DELTA_ENUM_ARRAY *, bool, struct samsync_context *); +struct samsync_ops { + NTSTATUS (*startup)(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID id, + uint64_t *sequence_num); + NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID id, + struct netr_DELTA_ENUM_ARRAY *array, + bool last_query, + struct samsync_context *ctx); + NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID id, + uint64_t sequence_num); +}; struct samsync_object { uint16_t database_id; @@ -64,6 +79,9 @@ struct samsync_context { struct samsync_object *objects; struct rpc_pipe_client *cli; + + const struct samsync_ops *ops; + samsync_delta_fn_t delta_fn; void *private_data; }; -- cgit From d10293dfdc1c2aded1305191161dbd31521557bf Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:29:11 +0100 Subject: s3-libnet-samsync: add samsync_ops to all samsync modules. Guenther --- source3/libnet/libnet_samsync.h | 5 +++++ source3/libnet/libnet_samsync_display.c | 4 ++++ source3/libnet/libnet_samsync_keytab.c | 4 ++++ source3/libnet/libnet_samsync_ldif.c | 4 ++++ source3/libnet/libnet_samsync_passdb.c | 4 ++++ 5 files changed, 21 insertions(+) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 42bf8d1537..2f0f049fb9 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -86,6 +86,11 @@ struct samsync_context { void *private_data; }; +extern const struct samsync_ops libnet_samsync_ldif_ops; +extern const struct samsync_ops libnet_samsync_keytab_ops; +extern const struct samsync_ops libnet_samsync_display_ops; +extern const struct samsync_ops libnet_samsync_passdb_ops; + NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 1dd9a1add5..5a0c3088cf 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -300,3 +300,7 @@ NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +const struct samsync_ops libnet_samsync_display_ops = { + .process_objects = display_sam_entries, +}; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 5c17d010aa..b68d70145c 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -188,3 +188,7 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, } #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ + +const struct samsync_ops libnet_samsync_keytab_ops = { + .process_objects = fetch_sam_entries_keytab, +}; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index dd5380b6b8..245ebe0b9f 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1226,3 +1226,7 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, } #endif + +const struct samsync_ops libnet_samsync_ldif_ops = { + .process_objects = fetch_sam_entries_ldif, +}; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 7ace77cace..6e068e0f41 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -786,3 +786,7 @@ NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } + +const struct samsync_ops libnet_samsync_passdb_ops = { + .process_objects = fetch_sam_entries, +}; -- cgit From eef8de5c887e013f5b05742a74fbb130596c62d3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 16:31:59 +0100 Subject: s3-libnet-samsync: use samsync_ops. Guenther --- source3/libnet/libnet_samsync.c | 7 ++++--- source3/libnet/libnet_samsync.h | 27 --------------------------- source3/libnet/libnet_samsync_display.c | 10 +++++----- source3/libnet/libnet_samsync_keytab.c | 20 ++++++++++---------- source3/libnet/libnet_samsync_ldif.c | 20 ++++++++++---------- source3/libnet/libnet_samsync_passdb.c | 10 +++++----- source3/utils/net_rpc_samsync.c | 8 ++++---- 7 files changed, 38 insertions(+), 64 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 2e7063e4ea..e57c2a5e11 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -408,9 +408,10 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, delta_enum_array); /* Process results */ - callback_status = ctx->delta_fn(mem_ctx, database_id, - delta_enum_array, - NT_STATUS_IS_OK(result), ctx); + callback_status = ctx->ops->process_objects(mem_ctx, database_id, + delta_enum_array, + NT_STATUS_IS_OK(result), + ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; goto out; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 2f0f049fb9..23a3746fc9 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -27,11 +27,6 @@ enum net_samsync_mode { struct samsync_context; -typedef NTSTATUS (*samsync_delta_fn_t)(TALLOC_CTX *, - enum netr_SamDatabaseID, - struct netr_DELTA_ENUM_ARRAY *, - bool, - struct samsync_context *); struct samsync_ops { NTSTATUS (*startup)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, @@ -82,7 +77,6 @@ struct samsync_context { const struct samsync_ops *ops; - samsync_delta_fn_t delta_fn; void *private_data; }; @@ -90,24 +84,3 @@ extern const struct samsync_ops libnet_samsync_ldif_ops; extern const struct samsync_ops libnet_samsync_keytab_ops; extern const struct samsync_ops libnet_samsync_display_ops; extern const struct samsync_ops libnet_samsync_passdb_ops; - -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx); diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 5a0c3088cf..5fdf327b74 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -285,11 +285,11 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { int i; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index b68d70145c..679f9df480 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -105,11 +105,11 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; @@ -178,11 +178,11 @@ NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, #else -NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 245ebe0b9f..7f794e7d8c 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1156,11 +1156,11 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { NTSTATUS status; int i; @@ -1216,11 +1216,11 @@ NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, #else /* HAVE_LDAP */ -NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 6e068e0f41..10c7ff110f 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -772,11 +772,11 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } -NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + bool last_query, + struct samsync_context *ctx) { int i; diff --git a/source3/utils/net_rpc_samsync.c b/source3/utils/net_rpc_samsync.c index 3b97718634..6b23db74cb 100644 --- a/source3/utils/net_rpc_samsync.c +++ b/source3/utils/net_rpc_samsync.c @@ -123,7 +123,7 @@ NTSTATUS rpc_samdump_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_DUMP; ctx->cli = pipe_hnd; - ctx->delta_fn = display_sam_entries; + ctx->ops = &libnet_samsync_display_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -206,7 +206,7 @@ NTSTATUS rpc_vampire_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_PASSDB; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries; + ctx->ops = &libnet_samsync_passdb_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -292,7 +292,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_LDIF; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries_ldif; + ctx->ops = &libnet_samsync_ldif_ops; ctx->domain_name = domain_name; ctx->force_full_replication = c->opt_force_full_repl ? true : false; @@ -377,7 +377,7 @@ NTSTATUS rpc_vampire_keytab_internals(struct net_context *c, ctx->mode = NET_SAMSYNC_MODE_FETCH_KEYTAB; ctx->cli = pipe_hnd; - ctx->delta_fn = fetch_sam_entries_keytab; + ctx->ops = &libnet_samsync_keytab_ops; ctx->domain_name = domain_name; ctx->username = c->opt_user_name; ctx->password = c->opt_password; -- cgit From 677921b9a3176c3feb9f07b8a0ed9e887c3c46fc Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 17:14:19 +0100 Subject: s3-libnet-samsync: call init and close ops function where appropriate. Guenther --- source3/libnet/libnet_samsync.c | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index e57c2a5e11..ab7ca21bda 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -336,6 +336,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, struct netr_ChangeLogEntry *e) { NTSTATUS result; + NTSTATUS callback_status; TALLOC_CTX *mem_ctx; const char *logon_server = ctx->cli->desthost; const char *computername = global_myname(); @@ -345,13 +346,26 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, uint32_t sync_context = 0; const char *debug_str; DATA_BLOB session_key; + uint64_t sequence_num = 0; ZERO_STRUCT(return_authenticator); + if (!ctx->ops) { + return NT_STATUS_INVALID_PARAMETER; + } + if (!(mem_ctx = talloc_init("libnet_samsync"))) { return NT_STATUS_NO_MEMORY; } + if (ctx->ops->startup) { + result = ctx->ops->startup(mem_ctx, ctx, + database_id, &sequence_num); + if (!NT_STATUS_IS_OK(result)) { + goto out; + } + } + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); if (debug_str) { d_fprintf(stderr, "%s\n", debug_str); @@ -359,7 +373,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; - NTSTATUS callback_status; netlogon_creds_client_step(ctx->cli->dc, &credential); @@ -425,6 +438,15 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, } while (NT_STATUS_EQUAL(result, STATUS_MORE_ENTRIES)); out: + + if (NT_STATUS_IS_OK(result) && ctx->ops->finish) { + callback_status = ctx->ops->finish(mem_ctx, ctx, + database_id, sequence_num); + if (!NT_STATUS_IS_OK(callback_status)) { + result = callback_status; + } + } + if (NT_STATUS_IS_ERR(result) && !ctx->error_message) { ctx->error_message = talloc_asprintf(ctx, -- cgit From 8c671597550d4fde385f6ef011dfdc7b3695f9f4 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 17 Nov 2008 19:34:56 +0100 Subject: s3-libnet-samsync: move all modules to startup,process,finish callbacks. Guenther --- source3/libnet/libnet_samsync.c | 1 - source3/libnet/libnet_samsync.h | 1 - source3/libnet/libnet_samsync_display.c | 4 +- source3/libnet/libnet_samsync_keytab.c | 112 ++++++++++++++++++++++---------- source3/libnet/libnet_samsync_ldif.c | 105 +++++++++++++++++++++--------- source3/libnet/libnet_samsync_passdb.c | 1 - 6 files changed, 153 insertions(+), 71 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index ab7ca21bda..ff2ba951bf 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -423,7 +423,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, - NT_STATUS_IS_OK(result), ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index 23a3746fc9..cbd35fa327 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -35,7 +35,6 @@ struct samsync_ops { NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID id, struct netr_DELTA_ENUM_ARRAY *array, - bool last_query, struct samsync_context *ctx); NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 5fdf327b74..675fcd5a0d 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -163,7 +163,6 @@ static void display_rename_alias(uint32_t rid, struct netr_DELTA_RENAME *r) static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, - bool last_query, struct samsync_context *ctx) { union netr_DELTA_UNION u = r->delta_union; @@ -288,14 +287,13 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { int i; for (i = 0; i < r->num_deltas; i++) { display_sam_entry(mem_ctx, database_id, &r->delta_enum[i], - last_query, ctx); + ctx); } return NT_STATUS_OK; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 679f9df480..4ec03af886 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -75,7 +75,6 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, uint32_t rid, struct netr_DELTA_USER *r, - bool last_query, struct libnet_keytab_context *ctx) { NTSTATUS status; @@ -105,35 +104,50 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) { - NTSTATUS status = NT_STATUS_OK; krb5_error_code ret = 0; - static struct libnet_keytab_context *keytab_ctx = NULL; - int i; + NTSTATUS status; + struct libnet_keytab_context *keytab_ctx; - if (!keytab_ctx) { - ret = libnet_keytab_init(mem_ctx, ctx->output_filename, - &keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - goto out; - } + ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); + if (ret) { + return krb5_to_nt_status(ret); } + keytab_ctx->clean_old_entries = ctx->clean_old_entries; + ctx->private_data = keytab_ctx; + status = keytab_ad_connect(mem_ctx, ctx->domain_name, ctx->username, ctx->password, keytab_ctx); if (!NT_STATUS_IS_OK(status)) { - goto out; + TALLOC_FREE(keytab_ctx); + return status; } + return status; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + struct samsync_context *ctx) +{ + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; + + NTSTATUS status = NT_STATUS_OK; + int i; + for (i = 0; i < r->num_deltas; i++) { if (r->delta_enum[i].delta_type != NETR_DELTA_USER) { @@ -143,52 +157,78 @@ static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, status = fetch_sam_entry_keytab(mem_ctx, database_id, r->delta_enum[i].delta_id_union.rid, r->delta_enum[i].delta_union.user, - last_query, keytab_ctx); if (!NT_STATUS_IS_OK(status)) { goto out; } } + out: + return status; +} - if (last_query) { - - ret = libnet_keytab_add(keytab_ctx); - if (ret) { - status = krb5_to_nt_status(ret); - ctx->error_message = talloc_asprintf(mem_ctx, - "Failed to add entries to keytab %s: %s", - keytab_ctx->keytab_name, error_message(ret)); - goto out; - } +/**************************************************************** +****************************************************************/ - ctx->result_message = talloc_asprintf(mem_ctx, - "Vampired %d accounts to keytab %s", - keytab_ctx->count, - keytab_ctx->keytab_name); +static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + struct libnet_keytab_context *keytab_ctx = + (struct libnet_keytab_context *)ctx->private_data; + krb5_error_code ret; + NTSTATUS status; + ret = libnet_keytab_add(keytab_ctx); + if (ret) { + status = krb5_to_nt_status(ret); + ctx->error_message = talloc_asprintf(ctx, + "Failed to add entries to keytab %s: %s", + keytab_ctx->keytab_name, error_message(ret)); TALLOC_FREE(keytab_ctx); + return status; } - return NT_STATUS_OK; - out: + ctx->result_message = talloc_asprintf(ctx, + "Vampired %d accounts to keytab %s", + keytab_ctx->count, + keytab_ctx->keytab_name); + TALLOC_FREE(keytab_ctx); - return status; + return NT_STATUS_OK; } #else +static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } +static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + #endif /* defined(HAVE_ADS) && defined(ENCTYPE_ARCFOUR_HMAC) */ const struct samsync_ops libnet_samsync_keytab_ops = { + .startup = init_keytab, .process_objects = fetch_sam_entries_keytab, + .finish = close_keytab }; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 7f794e7d8c..495a828749 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -32,6 +32,10 @@ static uint32 ldif_gid = 999; static uint32 ldif_uid = 999; +/* global counters */ +static uint32_t g_index = 0; +static uint32_t a_index = 0; + /* Structure for mapping accounts to groups */ /* Array element is the group rid */ typedef struct _groupmap { @@ -1046,8 +1050,8 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM *r, struct samsync_context *ctx, - uint32_t *a_index, - uint32_t *g_index) + uint32_t *a_index_p, + uint32_t *g_index_p) { union netr_DELTA_UNION u = r->delta_union; union netr_DELTA_ID_UNION id = r->delta_id_union; @@ -1061,34 +1065,34 @@ static NTSTATUS fetch_sam_entry_ldif(TALLOC_CTX *mem_ctx, case NETR_DELTA_GROUP: fetch_group_info_to_ldif(mem_ctx, u.group, - &l->groupmap[*g_index], + &l->groupmap[*g_index_p], l->add_file, ctx->domain_sid_str, l->suffix); - (*g_index)++; + (*g_index_p)++; break; case NETR_DELTA_USER: fetch_account_info_to_ldif(mem_ctx, u.user, l->groupmap, - &l->accountmap[*a_index], + &l->accountmap[*a_index_p], l->add_file, ctx->domain_sid_str, l->suffix, l->num_alloced); - (*a_index)++; + (*a_index_p)++; break; case NETR_DELTA_ALIAS: fetch_alias_info_to_ldif(mem_ctx, u.alias, - &l->groupmap[*g_index], + &l->groupmap[*g_index_p], l->add_file, ctx->domain_sid_str, l->suffix, database_id); - (*g_index)++; + (*g_index_p)++; break; case NETR_DELTA_GROUP_MEMBER: @@ -1156,15 +1160,12 @@ static NTSTATUS ldif_realloc_maps(TALLOC_CTX *mem_ctx, /**************************************************************** ****************************************************************/ -static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, - enum netr_SamDatabaseID database_id, - struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, - struct samsync_context *ctx) +static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) { NTSTATUS status; - int i; - uint32_t g_index = 0, a_index = 0; struct samsync_ldif_context *ldif_ctx = (struct samsync_ldif_context *)ctx->private_data; @@ -1174,11 +1175,27 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, ctx->domain_sid_str, &ldif_ctx); if (!NT_STATUS_IS_OK(status)) { - goto failed; + return status; } ctx->private_data = ldif_ctx; + return NT_STATUS_OK; +} + +/**************************************************************** +****************************************************************/ + +static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + struct netr_DELTA_ENUM_ARRAY *r, + struct samsync_context *ctx) +{ + NTSTATUS status; + int i; + struct samsync_ldif_context *ldif_ctx = + (struct samsync_ldif_context *)ctx->private_data; + status = ldif_realloc_maps(mem_ctx, ldif_ctx, r->num_deltas); if (!NT_STATUS_IS_OK(status)) { goto failed; @@ -1193,18 +1210,6 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, } } - /* This was the last query */ - if (last_query) { - ldif_write_output(database_id, ldif_ctx); - if (ldif_ctx->ldif_file != stdout) { - ctx->result_message = talloc_asprintf(mem_ctx, - "Vampired %d accounts and %d groups to %s", - a_index, g_index, ctx->output_filename); - } - ldif_free_context(ldif_ctx); - ctx->private_data = NULL; - } - return NT_STATUS_OK; failed: @@ -1214,19 +1219,61 @@ static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, return status; } +/**************************************************************** +****************************************************************/ + +static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + struct samsync_ldif_context *ldif_ctx = + (struct samsync_ldif_context *)ctx->private_data; + + /* This was the last query */ + ldif_write_output(database_id, ldif_ctx); + if (ldif_ctx->ldif_file != stdout) { + ctx->result_message = talloc_asprintf(ctx, + "Vampired %d accounts and %d groups to %s", + a_index, g_index, ctx->output_filename); + } + + ldif_free_context(ldif_ctx); + ctx->private_data = NULL; + + return NT_STATUS_OK; +} + #else /* HAVE_LDAP */ +static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; } +static NTSTATUS close_ldif(TALLOC_CTX *mem_ctx, + struct samsync_context *ctx, + enum netr_SamDatabaseID database_id, + uint64_t sequence_num) +{ + return NT_STATUS_NOT_SUPPORTED; +} + #endif const struct samsync_ops libnet_samsync_ldif_ops = { + .startup = init_ldif, .process_objects = fetch_sam_entries_ldif, + .finish = close_ldif, }; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 10c7ff110f..08c8190d41 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -775,7 +775,6 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, - bool last_query, struct samsync_context *ctx) { int i; -- cgit From 90513515096f0b82d3e9d1cb23df73aa26f267a8 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 02:01:03 +0100 Subject: s3-libnet-samsync: pass sequence number pointer to process routine. Guenther --- source3/libnet/libnet_samsync.c | 1 + source3/libnet/libnet_samsync.h | 1 + source3/libnet/libnet_samsync_display.c | 1 + source3/libnet/libnet_samsync_keytab.c | 2 ++ source3/libnet/libnet_samsync_ldif.c | 2 ++ source3/libnet/libnet_samsync_passdb.c | 1 + 6 files changed, 8 insertions(+) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index ff2ba951bf..43891ce829 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -423,6 +423,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, + &sequence_num, ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; diff --git a/source3/libnet/libnet_samsync.h b/source3/libnet/libnet_samsync.h index cbd35fa327..3a686a7f45 100644 --- a/source3/libnet/libnet_samsync.h +++ b/source3/libnet/libnet_samsync.h @@ -35,6 +35,7 @@ struct samsync_ops { NTSTATUS (*process_objects)(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID id, struct netr_DELTA_ENUM_ARRAY *array, + uint64_t *sequence_num, struct samsync_context *ctx); NTSTATUS (*finish)(TALLOC_CTX *mem_ctx, struct samsync_context *ctx, diff --git a/source3/libnet/libnet_samsync_display.c b/source3/libnet/libnet_samsync_display.c index 675fcd5a0d..c8d9ec6f09 100644 --- a/source3/libnet/libnet_samsync_display.c +++ b/source3/libnet/libnet_samsync_display.c @@ -287,6 +287,7 @@ static NTSTATUS display_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS display_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { int i; diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 4ec03af886..7eeae3a1a0 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -140,6 +140,7 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { struct libnet_keytab_context *keytab_ctx = @@ -212,6 +213,7 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; diff --git a/source3/libnet/libnet_samsync_ldif.c b/source3/libnet/libnet_samsync_ldif.c index 495a828749..c72eadf03f 100644 --- a/source3/libnet/libnet_samsync_ldif.c +++ b/source3/libnet/libnet_samsync_ldif.c @@ -1189,6 +1189,7 @@ static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { NTSTATUS status; @@ -1257,6 +1258,7 @@ static NTSTATUS init_ldif(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries_ldif(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { return NT_STATUS_NOT_SUPPORTED; diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c index 08c8190d41..388b10a0fa 100644 --- a/source3/libnet/libnet_samsync_passdb.c +++ b/source3/libnet/libnet_samsync_passdb.c @@ -775,6 +775,7 @@ static NTSTATUS fetch_sam_entry(TALLOC_CTX *mem_ctx, static NTSTATUS fetch_sam_entries(TALLOC_CTX *mem_ctx, enum netr_SamDatabaseID database_id, struct netr_DELTA_ENUM_ARRAY *r, + uint64_t *sequence_num, struct samsync_context *ctx) { int i; -- cgit From 6aaf220f9e20815a32d166c1c5953e41152e1c99 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 03:45:38 +0100 Subject: s3-libnet-samsync: use netr_DatabaseDeltas unless full replication enforced. Guenther --- source3/libnet/libnet_samsync.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 43891ce829..5711b231c7 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -376,7 +376,8 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, netlogon_creds_client_step(ctx->cli->dc, &credential); - if (ctx->single_object_replication) { + if (ctx->single_object_replication && + !ctx->force_full_replication) { result = rpccli_netr_DatabaseRedo(ctx->cli, mem_ctx, logon_server, computername, @@ -385,6 +386,16 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, *e, 0, &delta_enum_array); + } else if (!ctx->force_full_replication && (sequence_num > 0)) { + result = rpccli_netr_DatabaseDeltas(ctx->cli, mem_ctx, + logon_server, + computername, + &credential, + &return_authenticator, + database_id, + &sequence_num, + &delta_enum_array, + 0xffff); } else { result = rpccli_netr_DatabaseSync2(ctx->cli, mem_ctx, logon_server, -- cgit From a079c500a6491aa2e2e9fed265096ebee7de1c8b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:42:59 +0100 Subject: s3-libnet-samsync: pass back sequence number from fetch_sam_entries_keytab. Guenther --- source3/libnet/libnet_samsync_keytab.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 7eeae3a1a0..7bafad9b0b 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -151,7 +151,22 @@ static NTSTATUS fetch_sam_entries_keytab(TALLOC_CTX *mem_ctx, for (i = 0; i < r->num_deltas; i++) { - if (r->delta_enum[i].delta_type != NETR_DELTA_USER) { + switch (r->delta_enum[i].delta_type) { + case NETR_DELTA_USER: + break; + case NETR_DELTA_DOMAIN: + if (sequence_num) { + *sequence_num = + r->delta_enum[i].delta_union.domain->sequence_num; + } + continue; + case NETR_DELTA_MODIFY_COUNT: + if (sequence_num) { + *sequence_num = + *r->delta_enum[i].delta_union.modified_count; + } + continue; + default: continue; } -- cgit From b8769141e65dd640b9ab4fca409579ec8fcfe8f7 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:49:37 +0100 Subject: s3-libnet-samsync: refactor libnet_samsync. Guenther --- source3/libnet/libnet_samsync.c | 123 +++++++++++++++++++++------------------- 1 file changed, 66 insertions(+), 57 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync.c b/source3/libnet/libnet_samsync.c index 5711b231c7..4351810169 100644 --- a/source3/libnet/libnet_samsync.c +++ b/source3/libnet/libnet_samsync.c @@ -331,46 +331,24 @@ void libnet_init_netr_ChangeLogEntry(struct samsync_object *o, * libnet_samsync_delta */ -static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, +static NTSTATUS libnet_samsync_delta(TALLOC_CTX *mem_ctx, + enum netr_SamDatabaseID database_id, + uint64_t *sequence_num, struct samsync_context *ctx, struct netr_ChangeLogEntry *e) { NTSTATUS result; NTSTATUS callback_status; - TALLOC_CTX *mem_ctx; const char *logon_server = ctx->cli->desthost; const char *computername = global_myname(); struct netr_Authenticator credential; struct netr_Authenticator return_authenticator; uint16_t restart_state = 0; uint32_t sync_context = 0; - const char *debug_str; DATA_BLOB session_key; - uint64_t sequence_num = 0; ZERO_STRUCT(return_authenticator); - if (!ctx->ops) { - return NT_STATUS_INVALID_PARAMETER; - } - - if (!(mem_ctx = talloc_init("libnet_samsync"))) { - return NT_STATUS_NO_MEMORY; - } - - if (ctx->ops->startup) { - result = ctx->ops->startup(mem_ctx, ctx, - database_id, &sequence_num); - if (!NT_STATUS_IS_OK(result)) { - goto out; - } - } - - debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); - if (debug_str) { - d_fprintf(stderr, "%s\n", debug_str); - } - do { struct netr_DELTA_ENUM_ARRAY *delta_enum_array = NULL; @@ -386,14 +364,15 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, *e, 0, &delta_enum_array); - } else if (!ctx->force_full_replication && (sequence_num > 0)) { + } else if (!ctx->force_full_replication && + sequence_num && (*sequence_num > 0)) { result = rpccli_netr_DatabaseDeltas(ctx->cli, mem_ctx, logon_server, computername, &credential, &return_authenticator, database_id, - &sequence_num, + sequence_num, &delta_enum_array, 0xffff); } else { @@ -434,7 +413,7 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, /* Process results */ callback_status = ctx->ops->process_objects(mem_ctx, database_id, delta_enum_array, - &sequence_num, + sequence_num, ctx); if (!NT_STATUS_IS_OK(callback_status)) { result = callback_status; @@ -450,32 +429,6 @@ static NTSTATUS libnet_samsync_delta(enum netr_SamDatabaseID database_id, out: - if (NT_STATUS_IS_OK(result) && ctx->ops->finish) { - callback_status = ctx->ops->finish(mem_ctx, ctx, - database_id, sequence_num); - if (!NT_STATUS_IS_OK(callback_status)) { - result = callback_status; - } - } - - if (NT_STATUS_IS_ERR(result) && !ctx->error_message) { - - ctx->error_message = talloc_asprintf(ctx, - "Failed to fetch %s database: %s", - samsync_database_str(database_id), - nt_errstr(result)); - - if (NT_STATUS_EQUAL(result, NT_STATUS_NOT_SUPPORTED)) { - - ctx->error_message = - talloc_asprintf_append(ctx->error_message, - "\nPerhaps %s is a Windows native mode domain?", - ctx->domain_name); - } - } - - talloc_destroy(mem_ctx); - return result; } @@ -487,10 +440,37 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, struct samsync_context *ctx) { NTSTATUS status = NT_STATUS_OK; + NTSTATUS callback_status; + TALLOC_CTX *mem_ctx; + const char *debug_str; + uint64_t sequence_num = 0; int i = 0; + if (!(mem_ctx = talloc_new(ctx))) { + return NT_STATUS_NO_MEMORY; + } + + if (!ctx->ops) { + return NT_STATUS_INVALID_PARAMETER; + } + + if (ctx->ops->startup) { + status = ctx->ops->startup(mem_ctx, ctx, + database_id, &sequence_num); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } + + debug_str = samsync_debug_str(mem_ctx, ctx->mode, database_id); + if (debug_str) { + d_fprintf(stderr, "%s\n", debug_str); + } + if (!ctx->single_object_replication) { - return libnet_samsync_delta(database_id, ctx, NULL); + status = libnet_samsync_delta(mem_ctx, database_id, + &sequence_num, ctx, NULL); + goto done; } for (i=0; inum_objects; i++) { @@ -503,12 +483,41 @@ NTSTATUS libnet_samsync(enum netr_SamDatabaseID database_id, libnet_init_netr_ChangeLogEntry(&ctx->objects[i], &e); - status = libnet_samsync_delta(database_id, ctx, &e); + status = libnet_samsync_delta(mem_ctx, database_id, + &sequence_num, ctx, &e); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } } + done: + + if (NT_STATUS_IS_OK(status) && ctx->ops->finish) { + callback_status = ctx->ops->finish(mem_ctx, ctx, + database_id, sequence_num); + if (!NT_STATUS_IS_OK(callback_status)) { + status = callback_status; + } + } + + if (NT_STATUS_IS_ERR(status) && !ctx->error_message) { + + ctx->error_message = talloc_asprintf(ctx, + "Failed to fetch %s database: %s", + samsync_database_str(database_id), + nt_errstr(status)); + + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + + ctx->error_message = + talloc_asprintf_append(ctx->error_message, + "\nPerhaps %s is a Windows native mode domain?", + ctx->domain_name); + } + } + + talloc_destroy(mem_ctx); + return status; } -- cgit From 6ef719bf92f6a6b9cdbd35d6b9c6e9d4d4f0dde5 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 18 Nov 2008 09:52:35 +0100 Subject: s3-libnet-samsync: store samsync sequence number state in keytab. Guenther --- source3/libnet/libnet_samsync_keytab.c | 53 +++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c index 7bafad9b0b..cdb344604d 100644 --- a/source3/libnet/libnet_samsync_keytab.c +++ b/source3/libnet/libnet_samsync_keytab.c @@ -112,6 +112,9 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, krb5_error_code ret = 0; NTSTATUS status; struct libnet_keytab_context *keytab_ctx; + struct libnet_keytab_entry *entry; + uint64_t old_sequence_num = 0; + const char *principal = NULL; ret = libnet_keytab_init(mem_ctx, ctx->output_filename, &keytab_ctx); if (ret) { @@ -131,6 +134,20 @@ static NTSTATUS init_keytab(TALLOC_CTX *mem_ctx, return status; } + principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s", + keytab_ctx->dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(principal); + + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry && (entry->password.length == 8)) { + old_sequence_num = BVAL(entry->password.data, 0); + } + + if (sequence_num) { + *sequence_num = old_sequence_num; + } + return status; } @@ -194,6 +211,37 @@ static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, (struct libnet_keytab_context *)ctx->private_data; krb5_error_code ret; NTSTATUS status; + struct libnet_keytab_entry *entry; + uint64_t old_sequence_num = 0; + const char *principal = NULL; + + principal = talloc_asprintf(mem_ctx, "SEQUENCE_NUM@%s", + keytab_ctx->dns_domain_name); + NT_STATUS_HAVE_NO_MEMORY(principal); + + + entry = libnet_keytab_search(keytab_ctx, principal, 0, ENCTYPE_NULL, + mem_ctx); + if (entry && (entry->password.length == 8)) { + old_sequence_num = BVAL(entry->password.data, 0); + } + + + if (sequence_num > old_sequence_num) { + DATA_BLOB blob; + blob = data_blob_talloc_zero(mem_ctx, 8); + SBVAL(blob.data, 0, sequence_num); + + status = libnet_keytab_add_to_keytab_entries(mem_ctx, keytab_ctx, + 0, + "SEQUENCE_NUM", + NULL, + ENCTYPE_NULL, + blob); + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + } ret = libnet_keytab_add(keytab_ctx); if (ret) { @@ -210,9 +258,12 @@ static NTSTATUS close_keytab(TALLOC_CTX *mem_ctx, keytab_ctx->count, keytab_ctx->keytab_name); + status = NT_STATUS_OK; + + done: TALLOC_FREE(keytab_ctx); - return NT_STATUS_OK; + return status; } #else -- cgit From 6ce29dc9add1252b0ded9d2c1c2b6bae74604cc4 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Tue, 18 Nov 2008 17:03:38 +0100 Subject: Fix trans2findfirst for the large directory optimization With case sensitive = yes preserve case = no short preserve case = no default case = upper a "dir FOO.txt" would not find "FOO.TXT" because FOO.txt ends up unconverted in the mask for mask_match. Jeremy, please check! Volker --- source3/smbd/filename.c | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'source3') diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 562f1e8d94..3eb2d63734 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -206,6 +206,11 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, *pp_saved_last_component = talloc_strdup(ctx, orig_path); } + if (conn->case_sensitive && !conn->case_preserve && + !conn->short_case_preserve) { + strnorm(*pp_saved_last_component, + lp_defaultcase(SNUM(conn))); + } } if (!(name = talloc_strdup(ctx, orig_path))) { -- cgit From 93fd28a350c1f2652a24daead8ca6e4c8ff696cb Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 18 Nov 2008 10:57:54 -0800 Subject: Re-structure Volker's patch to "Fix trans2findfirst for the large directory optimization". Makes the change clearer. Jeremy. --- source3/smbd/filename.c | 47 +++++++++++++++++++++-------------------------- 1 file changed, 21 insertions(+), 26 deletions(-) (limited to 'source3') diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c index 3eb2d63734..392264bfc0 100644 --- a/source3/smbd/filename.c +++ b/source3/smbd/filename.c @@ -194,30 +194,39 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, return result; } + if (!(name = talloc_strdup(ctx, orig_path))) { + DEBUG(0, ("talloc_strdup failed\n")); + return NT_STATUS_NO_MEMORY; + } + + /* + * Large directory fix normalization. If we're case sensitive, and + * the case preserving parameters are set to "no", normalize the case of + * the incoming filename from the client WHETHER IT EXISTS OR NOT ! + * This is in conflict with the current (3.0.20) man page, but is + * what people expect from the "large directory howto". I'll update + * the man page. Thanks to jht@samba.org for finding this. JRA. + */ + + if (conn->case_sensitive && !conn->case_preserve && + !conn->short_case_preserve) { + strnorm(name, lp_defaultcase(SNUM(conn))); + } + /* * Ensure saved_last_component is valid even if file exists. */ if(pp_saved_last_component) { - end = strrchr_m(orig_path, '/'); + end = strrchr_m(name, '/'); if (end) { *pp_saved_last_component = talloc_strdup(ctx, end + 1); } else { *pp_saved_last_component = talloc_strdup(ctx, - orig_path); - } - if (conn->case_sensitive && !conn->case_preserve && - !conn->short_case_preserve) { - strnorm(*pp_saved_last_component, - lp_defaultcase(SNUM(conn))); + name); } } - if (!(name = talloc_strdup(ctx, orig_path))) { - DEBUG(0, ("talloc_strdup failed\n")); - return NT_STATUS_NO_MEMORY; - } - if (!lp_posix_pathnames()) { stream = strchr_m(name, ':'); @@ -232,20 +241,6 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx, } } - /* - * Large directory fix normalization. If we're case sensitive, and - * the case preserving parameters are set to "no", normalize the case of - * the incoming filename from the client WHETHER IT EXISTS OR NOT ! - * This is in conflict with the current (3.0.20) man page, but is - * what people expect from the "large directory howto". I'll update - * the man page. Thanks to jht@samba.org for finding this. JRA. - */ - - if (conn->case_sensitive && !conn->case_preserve && - !conn->short_case_preserve) { - strnorm(name, lp_defaultcase(SNUM(conn))); - } - start = name; /* If we're providing case insentive semantics or -- cgit From 69debd45e56428aceaac607994e61ecd66a73daa Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Tue, 18 Nov 2008 11:25:14 -0800 Subject: libsmb: Fix up pointer passed to cli_send_trans in cli_link_internal --- source3/libsmb/clifile.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c index 1c525363f7..a9e81082ea 100644 --- a/source3/libsmb/clifile.c +++ b/source3/libsmb/clifile.c @@ -66,7 +66,7 @@ static bool cli_link_internal(struct cli_state *cli, const char *oldname, const -1, 0, /* fid, flags */ &setup, 1, 0, /* setup, length, max */ param, param_len, 2, /* param, length, max */ - (char *)&data, data_len, cli->max_xmit /* data, length, max */ + data, data_len, cli->max_xmit /* data, length, max */ )) { SAFE_FREE(data); SAFE_FREE(param); -- cgit From 0e62bb39de93433dfeb7f822ec1026da7ed643f4 Mon Sep 17 00:00:00 2001 From: Dina Fine Date: Tue, 18 Nov 2008 12:45:42 -0800 Subject: Fix bug #5908 - Samba 3.0.32 - internal change notify on share directory fails" --- source3/smbd/notify.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c index 5a517654bf..2d0811bc1c 100644 --- a/source3/smbd/notify.c +++ b/source3/smbd/notify.c @@ -339,6 +339,9 @@ void notify_fname(connection_struct *conn, uint32 action, uint32 filter, { char *fullpath; + if (path[0] == '.' && path[1] == '/') { + path += 2; + } if (asprintf(&fullpath, "%s/%s", conn->connectpath, path) == -1) { DEBUG(0, ("asprintf failed\n")); return; -- cgit From 9a7900fb38b9690bf51ab638c0f0629f2557b870 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Fri, 14 Nov 2008 19:16:12 -0800 Subject: Whitespace and >80 column cleanups. --- source3/libads/ldap.c | 24 ++++++------- source3/winbindd/winbindd_ads.c | 76 ++++++++++++++++++++------------------- source3/winbindd/winbindd_group.c | 4 +-- 3 files changed, 53 insertions(+), 51 deletions(-) (limited to 'source3') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index 2dcd1fd6ae..c651b33efe 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3111,15 +3111,15 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, /** * pull a DOM_SID from an extended dn string - * @param mem_ctx TALLOC_CTX + * @param mem_ctx TALLOC_CTX * @param extended_dn string * @param flags string type of extended_dn * @param sid pointer to a DOM_SID * @return boolean inidicating success **/ -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, +bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, DOM_SID *sid) { char *p, *q, *dn; @@ -3132,7 +3132,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) { return False; } - /* + /* * ADS_EXTENDED_DN_HEX_STRING: * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de * @@ -3155,13 +3155,13 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, if (!q) { return False; } - + *q = '\0'; DEBUG(100,("ads_get_sid_from_extended_dn: sid string is %s\n", p)); switch (flags) { - + case ADS_EXTENDED_DN_STRING: if (!string_to_sid(sid, p)) { return False; @@ -3200,9 +3200,9 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, * @param sids pointer to sid array to allocate * @return the count of SIDs pulled **/ - int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, - TALLOC_CTX *mem_ctx, - LDAPMessage *msg, + int ads_pull_sids_from_extendeddn(ADS_STRUCT *ads, + TALLOC_CTX *mem_ctx, + LDAPMessage *msg, const char *field, enum ads_extended_dn_flags flags, DOM_SID **sids) @@ -3211,7 +3211,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, size_t dn_count; char **dn_strings; - if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, + if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, &dn_count)) == NULL) { return 0; } @@ -3224,7 +3224,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, for (i=0; iname)); + DEBUG(10,("lookup_usergroups_memberof: No incoming trust for " + "domain %s\n", domain->name)); return NT_STATUS_OK; } @@ -671,16 +671,16 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, goto done; } - rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, - ADS_EXTENDED_DN_HEX_STRING, + rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, + ADS_EXTENDED_DN_HEX_STRING, &strings, &num_strings); if (!ADS_ERR_OK(rc)) { - DEBUG(1,("lookup_usergroups_memberof ads_search member=%s: %s\n", - user_dn, ads_errstr(rc))); + DEBUG(1,("lookup_usergroups_memberof ads_search " + "member=%s: %s\n", user_dn, ads_errstr(rc))); return ads_ntstatus(rc); } - + *user_sids = NULL; num_groups = 0; @@ -700,8 +700,8 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, for (i=0; iname, + DEBUG(10,("ads: lookup_groupmem %s sid=%s\n", domain->name, sid_string_dbg(group_sid))); *num_names = 0; @@ -935,12 +935,12 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, if ( !winbindd_can_contact_domain( domain ) ) { DEBUG(10,("lookup_groupmem: No incoming trust for domain %s\n", - domain->name)); + domain->name)); return NT_STATUS_OK; } ads = ads_cached_connection(domain); - + if (!ads) { domain->last_status = NT_STATUS_SERVER_DISABLED; goto done; @@ -952,8 +952,8 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, } /* search for all members of the group */ - if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", - sidbinstr))) + if (!(ldap_exp = talloc_asprintf(tmp_ctx, "(objectSid=%s)", + sidbinstr))) { SAFE_FREE(sidbinstr); DEBUG(1, ("ads: lookup_groupmem: talloc_asprintf for ldap_exp failed!\n")); @@ -966,21 +966,21 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, args.val = ADS_EXTENDED_DN_HEX_STRING; args.critical = True; - rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, + rc = ads_ranged_search(ads, tmp_ctx, LDAP_SCOPE_SUBTREE, ads->config.bind_path, ldap_exp, &args, "member", &members, &num_members); if (!ADS_ERR_OK(rc)) { DEBUG(0,("ads_ranged_search failed with: %s\n", ads_errstr(rc))); status = NT_STATUS_UNSUCCESSFUL; goto done; - } - + } + DEBUG(10, ("ads lookup_groupmem: got %d sids via extended dn call\n", (int)num_members)); - + /* Now that we have a list of sids, we need to get the * lists of names and name_types belonging to these sids. - * even though conceptually not quite clean, we use the - * RPC call lsa_lookup_sids for this since it can handle a + * even though conceptually not quite clean, we use the + * RPC call lsa_lookup_sids for this since it can handle a * list of sids. ldap calls can just resolve one sid at a time. * * At this stage, the sids are still hidden in the exetended dn @@ -988,7 +988,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, * stated above: In extracting the sids from the member strings, * we try to resolve as many sids as possible from the * cache. Only the rest is passed to the lsa_lookup_sids call. */ - + if (num_members) { (*sid_mem) = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_members); (*names) = TALLOC_ZERO_ARRAY(mem_ctx, char *, num_members); @@ -1015,11 +1015,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, char *name, *domain_name; DOM_SID sid; - if (!ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, &sid)) { + if (!ads_get_sid_from_extended_dn(tmp_ctx, members[i], args.val, + &sid)) { status = NT_STATUS_INVALID_PARAMETER; goto done; } - if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, &name_type)) { + if (lookup_cached_sid(mem_ctx, &sid, &domain_name, &name, + &name_type)) { DEBUG(10,("ads: lookup_groupmem: got sid %s from " "cache\n", sid_string_dbg(&sid))); sid_copy(&(*sid_mem)[*num_names], &sid); @@ -1052,23 +1054,23 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, goto done; } - status = rpccli_lsa_lookup_sids(cli, tmp_ctx, + status = rpccli_lsa_lookup_sids(cli, tmp_ctx, &lsa_policy, - num_nocache, - sid_mem_nocache, - &domains_nocache, - &names_nocache, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, &name_types_nocache); if (NT_STATUS_IS_OK(status) || - NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) + NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { - /* Copy the entries over from the "_nocache" arrays - * to the result arrays, skipping the gaps the + /* Copy the entries over from the "_nocache" arrays + * to the result arrays, skipping the gaps the * lookup_sids call left. */ for (i=0; i < num_nocache; i++) { - if (((names_nocache)[i] != NULL) && - ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) + if (((names_nocache)[i] != NULL) && + ((name_types_nocache)[i] != SID_NAME_UNKNOWN)) { sid_copy(&(*sid_mem)[*num_names], &sid_mem_nocache[i]); diff --git a/source3/winbindd/winbindd_group.c b/source3/winbindd/winbindd_group.c index 8e56138bb5..3422fdba1c 100644 --- a/source3/winbindd/winbindd_group.c +++ b/source3/winbindd/winbindd_group.c @@ -585,7 +585,7 @@ static bool fill_grent_mem(struct winbindd_domain *domain, } /* Real work goes here. Create a list of group names to - expand startign with the initial one. Pass that to + expand starting with the initial one. Pass that to expand_groups() which returns a list of more group names to expand. Do this up to the max search depth. */ @@ -922,7 +922,7 @@ static void getgrsid_lookupsid_recv( void *private_data, bool success, nt_status = normalize_name_unmap(s->state->mem_ctx, raw_name, &mapped_name); - /* basiuc whitespace reversal */ + /* basic whitespace reversal */ if (NT_STATUS_IS_OK(nt_status)) { s->group_name = talloc_asprintf(s->state->mem_ctx, "%s%c%s", -- cgit From 6d59be1e6d83d4faf145c9b6d574bab9f2acb36a Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sat, 15 Nov 2008 13:07:15 -0800 Subject: Fix extended DN parse error when AD object does not have a SID. Some AD objects, like Exchange Public Folders, can be members of Security Groups but do not have a SID attribute. This patch adds more granular return errors to ads_get_sid_from_extended_dn(). Callers can now determine if a parse error occured because of bad input, or the DN was valid but contained no SID. I updated all callers to ignore SIDless objects when appropriate. Also did some cleanup to the out paths of lookup_usergroups_memberof() --- source3/include/proto.h | 8 +++--- source3/libads/ldap.c | 62 +++++++++++++++++++++++++---------------- source3/winbindd/winbindd_ads.c | 55 ++++++++++++++++++++++++------------ 3 files changed, 79 insertions(+), 46 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 33425849d1..1cdf6c9cbc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1920,10 +1920,10 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, TALLOC_CTX *mem_ctx, char ***ous, size_t *num_ous); -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, - DOM_SID *sid); +ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, + DOM_SID *sid); char* ads_get_dnshostname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); char* ads_get_upn( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); char* ads_get_samaccountname( ADS_STRUCT *ads, TALLOC_CTX *ctx, const char *machine_name ); diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index c651b33efe..f55cfa784a 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -3115,45 +3115,51 @@ ADS_STATUS ads_get_joinable_ous(ADS_STRUCT *ads, * @param extended_dn string * @param flags string type of extended_dn * @param sid pointer to a DOM_SID - * @return boolean inidicating success + * @return NT_STATUS_OK on success, + * NT_INVALID_PARAMETER on error, + * NT_STATUS_NOT_FOUND if no SID present **/ -bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, - const char *extended_dn, - enum ads_extended_dn_flags flags, - DOM_SID *sid) +ADS_STATUS ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, + const char *extended_dn, + enum ads_extended_dn_flags flags, + DOM_SID *sid) { char *p, *q, *dn; if (!extended_dn) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } /* otherwise extended_dn gets stripped off */ if ((dn = talloc_strdup(mem_ctx, extended_dn)) == NULL) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } /* * ADS_EXTENDED_DN_HEX_STRING: * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de * * ADS_EXTENDED_DN_STRING (only with w2k3): - ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de + * ;;CN=gd,OU=berlin,OU=suse,DC=ber,DC=suse,DC=de + * + * Object with no SID, such as an Exchange Public Folder + * ;CN=public,CN=Microsoft Exchange System Objects,DC=sd2k3ms,DC=west,DC=isilon,DC=com */ p = strchr(dn, ';'); if (!p) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (strncmp(p, ";'); if (!q) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } *q = '\0'; @@ -3164,7 +3170,7 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, case ADS_EXTENDED_DN_STRING: if (!string_to_sid(sid, p)) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } break; case ADS_EXTENDED_DN_HEX_STRING: { @@ -3173,21 +3179,21 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, buf_len = strhex_to_str(buf, sizeof(buf), p, strlen(p)); if (buf_len == 0) { - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } if (!sid_parse(buf, buf_len, sid)) { DEBUG(10,("failed to parse sid\n")); - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } break; } default: DEBUG(10,("unknown extended dn format\n")); - return False; + return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER); } - return True; + return ADS_ERROR_NT(NT_STATUS_OK); } /** @@ -3208,7 +3214,8 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, DOM_SID **sids) { int i; - size_t dn_count; + ADS_STATUS rc; + size_t dn_count, ret_count = 0; char **dn_strings; if ((dn_strings = ads_pull_strings(ads, mem_ctx, msg, field, @@ -3223,18 +3230,25 @@ bool ads_get_sid_from_extended_dn(TALLOC_CTX *mem_ctx, } for (i=0; ilast_status = NT_STATUS_SERVER_DISABLED; - goto done; + return NT_STATUS_UNSUCCESSFUL; } rc = ads_search_retry_extended_dn_ranged(ads, mem_ctx, user_dn, attrs, @@ -693,21 +694,26 @@ static NTSTATUS lookup_usergroups_memberof(struct winbindd_domain *domain, group_sids = TALLOC_ZERO_ARRAY(mem_ctx, DOM_SID, num_strings + 1); if (!group_sids) { - TALLOC_FREE(strings); status = NT_STATUS_NO_MEMORY; goto done; } for (i=0; i Date: Mon, 27 Oct 2008 23:46:44 -0700 Subject: Added ability to set id mappings in wbinfo. The two new parameters are: --set-uid-mapping --set-gid-mapping These allow wbinfo to create new, or override existing id mappings in the idmap backend. These expose the exisiting ability of libwbclient and winbindd to do this, up through a command line utility. --- source3/nsswitch/wbinfo.c | 99 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) (limited to 'source3') diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 84f01e19ff..27df52f92c 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -130,6 +130,31 @@ static bool parse_wbinfo_domain_user(const char *domuser, fstring domain, return true; } +/* Parse string of "uid,sid" or "gid,sid" into separate int and string values. + * Return true if input was valid, false otherwise. */ +static bool parse_mapping_arg(char *arg, int *id, char **sid) +{ + char *tmp, *endptr; + + if (!arg || !*arg) + return false; + + tmp = strtok(arg, ","); + *sid = strtok(NULL, ","); + + if (!tmp || !*tmp || !*sid || !**sid) + return false; + + /* Because atoi() can return 0 on invalid input, which would be a valid + * UID/GID we must use strtol() and do error checking */ + *id = strtol(tmp, &endptr, 10); + + if (endptr[0] != '\0') + return false; + + return true; +} + /* pull pwent info for a given user */ static bool wbinfo_get_userinfo(char *user) @@ -738,6 +763,54 @@ static bool wbinfo_allocate_gid(void) return true; } +static bool wbinfo_set_uid_mapping(uid_t uid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcSetUidMapping(uid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("uid %d now mapped to sid %s\n", uid, sid_str); + + return true; +} + +static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcSetGidMapping(gid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("gid %d now mapped to sid %s\n", gid, sid_str); + + return true; +} + /* Convert sid to string */ static bool wbinfo_lookupsid(const char *sid_str) @@ -1414,6 +1487,8 @@ enum { OPT_USERSIDS, OPT_ALLOCATE_UID, OPT_ALLOCATE_GID, + OPT_SET_UID_MAPPING, + OPT_SET_GID_MAPPING, OPT_SEPARATOR, OPT_LIST_ALL_DOMAINS, OPT_LIST_OWN_DOMAIN, @@ -1431,8 +1506,10 @@ int main(int argc, char **argv, char **envp) TALLOC_CTX *frame = talloc_stackframe(); poptContext pc; static char *string_arg; + char *string_subarg = NULL; static char *opt_domain_name; static int int_arg; + int int_subarg = -1; int result = 1; bool verbose = false; @@ -1459,6 +1536,8 @@ int main(int argc, char **argv, char **envp) "Get a new UID out of idmap" }, { "allocate-gid", 0, POPT_ARG_NONE, 0, OPT_ALLOCATE_GID, "Get a new GID out of idmap" }, + { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" }, + { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, @@ -1627,6 +1706,26 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_SET_UID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_set_uid_mapping(int_subarg, string_subarg)) + { + d_fprintf(stderr, "Could not create or modify " + "uid to sid mapping\n"); + goto done; + } + break; + case OPT_SET_GID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_set_gid_mapping(int_subarg, string_subarg)) + { + d_fprintf(stderr, "Could not create or modify " + "gid to sid mapping\n"); + goto done; + } + break; case 't': if (!wbinfo_check_secret()) { d_fprintf(stderr, "Could not check secret\n"); -- cgit From 00c6271d5cbbfe808b81906d5be2b328e4f25b30 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Mon, 27 Oct 2008 23:37:55 -0700 Subject: Added ability to remove id mappings in wbinfo and libwbclient. The idmap_tdb backend already provides an interface to remove existing id mappings. This commit plumbs that ability up through, winbindd, libwbclient, and wbinfo. Added new winbindd command: WINBINDD_REMOVE_MAPPING Added new libwbclient interfaces: wbcRemoveUidMapping() and wbcRemoveGidMapping() Added new wbinfo options: --remove-uid-mapping --remove-gid-mapping Increased libwbclient version to 0.2 Increased winbind interface version to 20 --- source3/include/proto.h | 1 + source3/nsswitch/libwbclient/wbc_idmap.c | 86 ++++++++++++++++++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 9 +++- source3/nsswitch/wbinfo.c | 74 +++++++++++++++++++++++++ source3/nsswitch/winbind_struct_protocol.h | 6 ++- source3/winbindd/idmap.c | 17 ++++++ source3/winbindd/idmap_tdb.c | 14 ++++- source3/winbindd/winbindd.c | 1 + source3/winbindd/winbindd_idmap.c | 63 ++++++++++++++++++++++ source3/winbindd/winbindd_proto.h | 6 +++ source3/winbindd/winbindd_sid.c | 42 +++++++++++++++ 11 files changed, 315 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 1cdf6c9cbc..45f66203e1 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8665,6 +8665,7 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domname, NTSTATUS idmap_new_mapping(const struct dom_sid *psid, enum id_type type, struct unixid *pxid); NTSTATUS idmap_set_mapping(const struct id_map *map); +NTSTATUS idmap_remove_mapping(const struct id_map *map); /* The following definitions come from winbindd/idmap_cache.c */ diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 1615fd33ee..6652f67636 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -362,6 +362,92 @@ wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid) return wbc_status; } +/** @brief Remove a user id mapping + * + * @param uid Uid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = uid; + request.data.dual_idmapset.type = _ID_TYPE_UID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + +/** @brief Remove a group id mapping + * + * @param gid Gid of the mapping to remove. + * @param *sid Pointer to the sid of the mapping to remove. + * + * @return #wbcErr + **/ +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid) +{ + struct winbindd_request request; + struct winbindd_response response; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + char *sid_string = NULL; + + if (!sid) { + return WBC_ERR_INVALID_PARAM; + } + + /* Initialise request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + /* Make request */ + + request.data.dual_idmapset.id = gid; + request.data.dual_idmapset.type = _ID_TYPE_GID; + + wbc_status = wbcSidToString(sid, &sid_string); + BAIL_ON_WBC_ERROR(wbc_status); + + strncpy(request.data.dual_idmapset.sid, sid_string, + sizeof(request.data.dual_idmapset.sid)-1); + wbcFreeMemory(sid_string); + + wbc_status = wbcRequestResponse(WINBINDD_REMOVE_MAPPING, + &request, &response); + BAIL_ON_WBC_ERROR(wbc_status); + + done: + return wbc_status; +} + /** @brief Set the highwater mark for allocated uids. * * @param uid_hwm The new uid highwater mark value diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 662e0cdf8d..9c3d1998e0 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -57,9 +57,12 @@ const char *wbcErrorString(wbcErr error); /** * @brief Some useful details about the wbclient library * + * 0.1: Initial version + * 0.2: Added wbcRemoveUidMapping() + * Added wbcRemoveGidMapping() **/ #define WBCLIENT_MAJOR_VERSION 0 -#define WBCLIENT_MINOR_VERSION 1 +#define WBCLIENT_MINOR_VERSION 2 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" struct wbcLibraryDetails { uint16_t major_version; @@ -555,6 +558,10 @@ wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); +wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); + +wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); + wbcErr wbcSetUidHwm(uid_t uid_hwm); wbcErr wbcSetGidHwm(gid_t gid_hwm); diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index 27df52f92c..d5eee7e8f8 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -811,6 +811,54 @@ static bool wbinfo_set_gid_mapping(gid_t gid, const char *sid_str) return true; } +static bool wbinfo_remove_uid_mapping(uid_t uid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcRemoveUidMapping(uid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("Removed uid %d to sid %s mapping\n", uid, sid_str); + + return true; +} + +static bool wbinfo_remove_gid_mapping(gid_t gid, const char *sid_str) +{ + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct wbcDomainSid sid; + + /* Send request */ + + wbc_status = wbcStringToSid(sid_str, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + wbc_status = wbcRemoveGidMapping(gid, &sid); + if (!WBC_ERROR_IS_OK(wbc_status)) { + return false; + } + + /* Display response */ + + d_printf("Removed gid %d to sid %s mapping\n", gid, sid_str); + + return true; +} + /* Convert sid to string */ static bool wbinfo_lookupsid(const char *sid_str) @@ -1489,6 +1537,8 @@ enum { OPT_ALLOCATE_GID, OPT_SET_UID_MAPPING, OPT_SET_GID_MAPPING, + OPT_REMOVE_UID_MAPPING, + OPT_REMOVE_GID_MAPPING, OPT_SEPARATOR, OPT_LIST_ALL_DOMAINS, OPT_LIST_OWN_DOMAIN, @@ -1538,6 +1588,8 @@ int main(int argc, char **argv, char **envp) "Get a new GID out of idmap" }, { "set-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_UID_MAPPING, "Create or modify uid to sid mapping in idmap", "UID,SID" }, { "set-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_SET_GID_MAPPING, "Create or modify gid to sid mapping in idmap", "GID,SID" }, + { "remove-uid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_UID_MAPPING, "Remove uid to sid mapping in idmap", "UID,SID" }, + { "remove-gid-mapping", 0, POPT_ARG_STRING, &string_arg, OPT_REMOVE_GID_MAPPING, "Remove gid to sid mapping in idmap", "GID,SID" }, { "check-secret", 't', POPT_ARG_NONE, 0, 't', "Check shared secret" }, { "trusted-domains", 'm', POPT_ARG_NONE, 0, 'm', "List trusted domains" }, { "all-domains", 0, POPT_ARG_NONE, 0, OPT_LIST_ALL_DOMAINS, "List all domains (trusted and own domain)" }, @@ -1726,6 +1778,28 @@ int main(int argc, char **argv, char **envp) goto done; } break; + case OPT_REMOVE_UID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_remove_uid_mapping(int_subarg, + string_subarg)) + { + d_fprintf(stderr, "Could not remove uid to sid " + "mapping\n"); + goto done; + } + break; + case OPT_REMOVE_GID_MAPPING: + if (!parse_mapping_arg(string_arg, &int_subarg, + &string_subarg) || + !wbinfo_remove_gid_mapping(int_subarg, + string_subarg)) + { + d_fprintf(stderr, "Could not remove gid to sid " + "mapping\n"); + goto done; + } + break; case 't': if (!wbinfo_check_secret()) { d_fprintf(stderr, "Could not check secret\n"); diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index 169b4a8c95..e16103465f 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -41,7 +41,9 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 19 +/* Version 20: added WINBINDD_REMOVE_MAPPING command */ + +#define WINBIND_INTERFACE_VERSION 20 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment. On a 64bit Linux box, we have to support a constant structure size @@ -104,6 +106,7 @@ enum winbindd_cmd { WINBINDD_ALLOCATE_UID, WINBINDD_ALLOCATE_GID, WINBINDD_SET_MAPPING, + WINBINDD_REMOVE_MAPPING, WINBINDD_SET_HWM, /* Miscellaneous other stuff */ @@ -150,6 +153,7 @@ enum winbindd_cmd { WINBINDD_DUAL_UID2SID, WINBINDD_DUAL_GID2SID, WINBINDD_DUAL_SET_MAPPING, + WINBINDD_DUAL_REMOVE_MAPPING, WINBINDD_DUAL_SET_HWM, /* Wrapper around possibly blocking unix nss calls */ diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index cfc5597f42..054df9be05 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -788,3 +788,20 @@ NTSTATUS idmap_set_mapping(const struct id_map *map) return dom->methods->set_mapping(dom, map); } + +NTSTATUS idmap_remove_mapping(const struct id_map *map) +{ + struct idmap_domain *dom; + + dom = idmap_find_domain(NULL); + if (dom == NULL) { + DEBUG(3, ("no default domain, no place to write\n")); + return NT_STATUS_ACCESS_DENIED; + } + if (dom->methods->remove_mapping == NULL) { + DEBUG(3, ("default domain not writable\n")); + return NT_STATUS_MEDIA_WRITE_PROTECTED; + } + + return dom->methods->remove_mapping(dom, map); +} diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index f9d3a9fbff..7c4de5f6fb 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -875,8 +875,13 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ ksid = string_term_tdb_data(ksidstr); /* *DELETE* previous mappings if any. - * This is done both SID and [U|G]ID passed in */ - + * This is done for both the SID and [U|G]ID passed in */ + + /* NOTE: We should lock both the ksid and kid records here, before + * making modifications. However, because tdb_chainlock() is a + * blocking call we could create an unrecoverable deadlock, so for now + * we only lock the ksid record. */ + /* Lock the record for this SID. */ if (tdb_chainlock(ctx->tdb, ksid) != 0) { DEBUG(10,("Failed to lock record %s. Error %s\n", @@ -981,6 +986,11 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct ksid = string_term_tdb_data(ksidstr); kid = string_term_tdb_data(kidstr); + /* NOTE: We should lock both the ksid and kid records here, before + * making modifications. However, because tdb_chainlock() is a + * blocking call we could create an unrecoverable deadlock, so for now + * we only lock the ksid record. */ + /* Lock the record for this SID. */ if (tdb_chainlock(ctx->tdb, ksid) != 0) { DEBUG(10,("Failed to lock record %s. Error %s\n", diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index ce1a1fe52f..9e8a5a613e 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -343,6 +343,7 @@ static struct winbindd_dispatch_table { { WINBINDD_ALLOCATE_UID, winbindd_allocate_uid, "ALLOCATE_UID" }, { WINBINDD_ALLOCATE_GID, winbindd_allocate_gid, "ALLOCATE_GID" }, { WINBINDD_SET_MAPPING, winbindd_set_mapping, "SET_MAPPING" }, + { WINBINDD_REMOVE_MAPPING, winbindd_remove_mapping, "REMOVE_MAPPING" }, { WINBINDD_SET_HWM, winbindd_set_hwm, "SET_HWMS" }, /* Miscellaneous */ diff --git a/source3/winbindd/winbindd_idmap.c b/source3/winbindd/winbindd_idmap.c index d8c67dc21c..94a8c78a85 100644 --- a/source3/winbindd/winbindd_idmap.c +++ b/source3/winbindd/winbindd_idmap.c @@ -111,6 +111,65 @@ enum winbindd_result winbindd_dual_set_mapping(struct winbindd_domain *domain, return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; } +static void winbindd_remove_mapping_recv(TALLOC_CTX *mem_ctx, bool success, + struct winbindd_response *response, + void *c, void *private_data) +{ + void (*cont)(void *priv, bool succ) = (void (*)(void *, bool))c; + + if (!success) { + DEBUG(5, ("Could not trigger idmap_remove_mapping\n")); + cont(private_data, False); + return; + } + + if (response->result != WINBINDD_OK) { + DEBUG(5, ("idmap_remove_mapping returned an error\n")); + cont(private_data, False); + return; + } + + cont(private_data, True); +} + +void winbindd_remove_mapping_async(TALLOC_CTX *mem_ctx, + const struct id_map *map, + void (*cont)(void *private_data, bool success), + void *private_data) +{ + struct winbindd_request request; + ZERO_STRUCT(request); + request.cmd = WINBINDD_DUAL_REMOVE_MAPPING; + request.data.dual_idmapset.id = map->xid.id; + request.data.dual_idmapset.type = map->xid.type; + sid_to_fstring(request.data.dual_idmapset.sid, map->sid); + + do_async(mem_ctx, idmap_child(), &request, winbindd_remove_mapping_recv, + (void *)cont, private_data); +} + +enum winbindd_result winbindd_dual_remove_mapping( + struct winbindd_domain *domain, + struct winbindd_cli_state *state) +{ + struct id_map map; + DOM_SID sid; + NTSTATUS result; + + DEBUG(3, ("[%5lu]: dual_idmapremove\n", (unsigned long)state->pid)); + + if (!string_to_sid(&sid, state->request.data.dual_idmapset.sid)) + return WINBINDD_ERROR; + + map.sid = &sid; + map.xid.id = state->request.data.dual_idmapset.id; + map.xid.type = state->request.data.dual_idmapset.type; + map.status = ID_MAPPED; + + result = idmap_remove_mapping(&map); + return NT_STATUS_IS_OK(result) ? WINBINDD_OK : WINBINDD_ERROR; +} + static void winbindd_set_hwm_recv(TALLOC_CTX *mem_ctx, bool success, struct winbindd_response *response, void *c, void *private_data) @@ -485,6 +544,10 @@ static const struct winbindd_child_dispatch_table idmap_dispatch_table[] = { .name = "DUAL_SET_MAPPING", .struct_cmd = WINBINDD_DUAL_SET_MAPPING, .struct_fn = winbindd_dual_set_mapping, + },{ + .name = "DUAL_REMOVE_MAPPING", + .struct_cmd = WINBINDD_DUAL_REMOVE_MAPPING, + .struct_fn = winbindd_dual_remove_mapping, },{ .name = "DUAL_SET_HWMS", .struct_cmd = WINBINDD_DUAL_SET_HWM, diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 65ad47dd03..4f3d10f57f 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -353,6 +353,11 @@ void winbindd_set_mapping_async(TALLOC_CTX *mem_ctx, const struct id_map *map, void *private_data); enum winbindd_result winbindd_dual_set_mapping(struct winbindd_domain *domain, struct winbindd_cli_state *state); +void winbindd_remove_mapping_async(TALLOC_CTX *mem_ctx, const struct id_map *map, + void (*cont)(void *private_data, bool success), + void *private_data); +enum winbindd_result winbindd_dual_remove_mapping(struct winbindd_domain *domain, + struct winbindd_cli_state *state); void winbindd_set_hwm_async(TALLOC_CTX *mem_ctx, const struct unixid *xid, void (*cont)(void *private_data, bool success), void *private_data); @@ -505,6 +510,7 @@ void winbindd_sid_to_uid(struct winbindd_cli_state *state); void winbindd_sid_to_gid(struct winbindd_cli_state *state); void winbindd_sids_to_unixids(struct winbindd_cli_state *state); void winbindd_set_mapping(struct winbindd_cli_state *state); +void winbindd_remove_mapping(struct winbindd_cli_state *state); void winbindd_set_hwm(struct winbindd_cli_state *state); void winbindd_uid_to_sid(struct winbindd_cli_state *state); void winbindd_gid_to_sid(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_sid.c b/source3/winbindd/winbindd_sid.c index 274786fa63..d8bd863037 100644 --- a/source3/winbindd/winbindd_sid.c +++ b/source3/winbindd/winbindd_sid.c @@ -415,6 +415,48 @@ void winbindd_set_mapping(struct winbindd_cli_state *state) set_mapping_recv, state); } +static void remove_mapping_recv(void *private_data, bool success) +{ + struct winbindd_cli_state *state = + talloc_get_type_abort(private_data, struct winbindd_cli_state); + + if (!success) { + DEBUG(5, ("Could not remove sid mapping\n")); + request_error(state); + return; + } + + request_ok(state); +} + +void winbindd_remove_mapping(struct winbindd_cli_state *state) +{ + struct id_map map; + DOM_SID sid; + + DEBUG(3, ("[%5lu]: remove id map\n", (unsigned long)state->pid)); + + if ( ! state->privileged) { + DEBUG(0, ("Only root is allowed to remove mappings!\n")); + request_error(state); + return; + } + + if (!string_to_sid(&sid, state->request.data.dual_idmapset.sid)) { + DEBUG(1, ("Could not get convert sid %s from string\n", + state->request.data.sid)); + request_error(state); + return; + } + + map.sid = &sid; + map.xid.id = state->request.data.dual_idmapset.id; + map.xid.type = state->request.data.dual_idmapset.type; + + winbindd_remove_mapping_async(state->mem_ctx, &map, + remove_mapping_recv, state); +} + static void set_hwm_recv(void *private_data, bool success) { struct winbindd_cli_state *state = -- cgit From ce44a2032362c6160931663af67e2e2e663b0c63 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Mon, 27 Oct 2008 23:36:36 -0700 Subject: Clean-up various trailing space and >80 column lines. --- source3/nsswitch/libwbclient/wbclient.c | 2 +- source3/nsswitch/libwbclient/wbclient.h | 4 +-- source3/nsswitch/wb_common.c | 2 +- source3/nsswitch/wbinfo.c | 8 ++--- source3/nsswitch/winbind_struct_protocol.h | 2 +- source3/winbindd/idmap_tdb.c | 49 ++++++++++++++++++------------ source3/winbindd/winbindd.c | 2 +- source3/winbindd/winbindd_sid.c | 3 +- 8 files changed, 42 insertions(+), 30 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbclient.c b/source3/nsswitch/libwbclient/wbclient.c index bdde562a93..c0b7e0675a 100644 --- a/source3/nsswitch/libwbclient/wbclient.c +++ b/source3/nsswitch/libwbclient/wbclient.c @@ -59,7 +59,7 @@ wbcErr wbcRequestResponse(int cmd, wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; NSS_STATUS nss_status; - /* for some calls the request and/or response cna be NULL */ + /* for some calls the request and/or response can be NULL */ nss_status = winbindd_request_response(cmd, request, response); diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 9c3d1998e0..639f7f359f 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -361,7 +361,7 @@ struct wbcLogonUserInfo { #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008 -#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 +#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100 @@ -388,7 +388,7 @@ struct wbcLogonUserInfo { #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */ #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */ #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */ -#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ +#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ struct wbcAuthErrorInfo { diff --git a/source3/nsswitch/wb_common.c b/source3/nsswitch/wb_common.c index 6e6d2bbbf8..a1646215bd 100644 --- a/source3/nsswitch/wb_common.c +++ b/source3/nsswitch/wb_common.c @@ -314,7 +314,7 @@ static int winbind_open_pipe_sock(int recursing, int need_priv) if ((need_priv != 0) && (is_privileged == 0)) { winbind_close_sock(); } - + if (winbindd_fd != -1) { return winbindd_fd; } diff --git a/source3/nsswitch/wbinfo.c b/source3/nsswitch/wbinfo.c index d5eee7e8f8..d14cfe94b7 100644 --- a/source3/nsswitch/wbinfo.c +++ b/source3/nsswitch/wbinfo.c @@ -75,7 +75,7 @@ static char winbind_separator_int(bool strict) /* HACK: (this module should not call lp_ funtions) */ sep = *lp_winbind_separator(); } - + return sep; } @@ -1604,7 +1604,7 @@ int main(int argc, char **argv, char **envp) { "user-domgroups", 0, POPT_ARG_STRING, &string_arg, OPT_USERDOMGROUPS, "Get user domain groups", "SID" }, { "user-sids", 0, POPT_ARG_STRING, &string_arg, OPT_USERSIDS, "Get user group sids for user SID", "SID" }, - { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, + { "authenticate", 'a', POPT_ARG_STRING, &string_arg, 'a', "authenticate user", "user%password" }, { "set-auth-user", 0, POPT_ARG_STRING, &string_arg, OPT_SET_AUTH_USER, "Store user and password used by winbindd (root only)", "user%password" }, { "getdcname", 0, POPT_ARG_STRING, &string_arg, OPT_GETDCNAME, "Get a DC name for a foreign domain", "domainname" }, @@ -1613,7 +1613,7 @@ int main(int argc, char **argv, char **envp) { "ping", 'p', POPT_ARG_NONE, 0, 'p', "Ping winbindd to see if it is alive" }, { "domain", 0, POPT_ARG_STRING, &opt_domain_name, OPT_DOMAIN_NAME, "Define to the domain to restrict operation", "domain" }, #ifdef WITH_FAKE_KASERVER - { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, + { "klog", 'k', POPT_ARG_STRING, &string_arg, 'k', "set an AFS token from winbind", "user%password" }, #endif #ifdef HAVE_KRB5 { "krb5auth", 'K', POPT_ARG_STRING, &string_arg, 'K', "authenticate user using Kerberos", "user%password" }, @@ -1665,7 +1665,7 @@ int main(int argc, char **argv, char **envp) load_interfaces(); - pc = poptGetContext(NULL, argc, (const char **)argv, long_options, + pc = poptGetContext(NULL, argc, (const char **)argv, long_options, POPT_CONTEXT_KEEP_FIRST); while((opt = poptGetNextOpt(pc)) != -1) { diff --git a/source3/nsswitch/winbind_struct_protocol.h b/source3/nsswitch/winbind_struct_protocol.h index e16103465f..36873f2096 100644 --- a/source3/nsswitch/winbind_struct_protocol.h +++ b/source3/nsswitch/winbind_struct_protocol.h @@ -97,7 +97,7 @@ enum winbindd_cmd { /* Lookup functions */ - WINBINDD_SID_TO_UID, + WINBINDD_SID_TO_UID, WINBINDD_SID_TO_GID, WINBINDD_SIDS_TO_XIDS, WINBINDD_UID_TO_SID, diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c index 7c4de5f6fb..4c8cceb691 100644 --- a/source3/winbindd/idmap_tdb.c +++ b/source3/winbindd/idmap_tdb.c @@ -820,10 +820,11 @@ done: } /********************************** - set a mapping. + set a mapping. **********************************/ -static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_map *map) +static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, + const struct id_map *map) { struct idmap_tdb_context *ctx; NTSTATUS ret; @@ -839,17 +840,19 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data.dptr = NULL; /* TODO: should we filter a set_mapping using low/high filters ? */ - + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); switch (map->xid.type) { case ID_TYPE_UID: - kidstr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "UID %lu", + (unsigned long)map->xid.id); break; - + case ID_TYPE_GID: - kidstr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "GID %lu", + (unsigned long)map->xid.id); break; default: @@ -891,7 +894,8 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data = tdb_fetch(ctx->tdb, ksid); if (data.dptr) { - DEBUG(10, ("Deleting existing mapping %s <-> %s\n", (const char *)data.dptr, ksidstr )); + DEBUG(10, ("Deleting existing mapping %s <-> %s\n", + (const char *)data.dptr, ksidstr )); tdb_delete(ctx->tdb, data); tdb_delete(ctx->tdb, ksid); SAFE_FREE(data.dptr); @@ -899,20 +903,23 @@ static NTSTATUS idmap_tdb_set_mapping(struct idmap_domain *dom, const struct id_ data = tdb_fetch(ctx->tdb, kid); if (data.dptr) { - DEBUG(10,("Deleting existing mapping %s <-> %s\n", (const char *)data.dptr, kidstr )); + DEBUG(10,("Deleting existing mapping %s <-> %s\n", + (const char *)data.dptr, kidstr )); tdb_delete(ctx->tdb, data); tdb_delete(ctx->tdb, kid); SAFE_FREE(data.dptr); } if (tdb_store(ctx->tdb, ksid, kid, TDB_INSERT) == -1) { - DEBUG(0, ("Error storing SID -> ID: %s\n", tdb_errorstr(ctx->tdb))); + DEBUG(0, ("Error storing SID -> ID: %s\n", + tdb_errorstr(ctx->tdb))); tdb_chainunlock(ctx->tdb, ksid); ret = NT_STATUS_UNSUCCESSFUL; goto done; } if (tdb_store(ctx->tdb, kid, ksid, TDB_INSERT) == -1) { - DEBUG(0, ("Error stroing ID -> SID: %s\n", tdb_errorstr(ctx->tdb))); + DEBUG(0, ("Error storing ID -> SID: %s\n", + tdb_errorstr(ctx->tdb))); /* try to remove the previous stored SID -> ID map */ tdb_delete(ctx->tdb, ksid); tdb_chainunlock(ctx->tdb, ksid); @@ -932,10 +939,11 @@ done: } /********************************** - remove a mapping. + remove a mapping. **********************************/ -static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct id_map *map) +static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, + const struct id_map *map) { struct idmap_tdb_context *ctx; NTSTATUS ret; @@ -951,17 +959,19 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct data.dptr = NULL; /* TODO: should we filter a remove_mapping using low/high filters ? */ - + ctx = talloc_get_type(dom->private_data, struct idmap_tdb_context); switch (map->xid.type) { case ID_TYPE_UID: - kidstr = talloc_asprintf(ctx, "UID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "UID %lu", + (unsigned long)map->xid.id); break; - + case ID_TYPE_GID: - kidstr = talloc_asprintf(ctx, "GID %lu", (unsigned long)map->xid.id); + kidstr = talloc_asprintf(ctx, "GID %lu", + (unsigned long)map->xid.id); break; default: @@ -1011,16 +1021,17 @@ static NTSTATUS idmap_tdb_remove_mapping(struct idmap_domain *dom, const struct if ((data.dsize != kid.dsize) || (memcmp(data.dptr, kid.dptr, data.dsize) != 0)) { DEBUG(10,("Specified SID does not map to specified ID\n")); - DEBUGADD(10,("Actual mapping is %s -> %s\n", ksidstr, (const char *)data.dptr)); + DEBUGADD(10,("Actual mapping is %s -> %s\n", ksidstr, + (const char *)data.dptr)); tdb_chainunlock(ctx->tdb, ksid); ret = NT_STATUS_NONE_MAPPED; goto done; } - + DEBUG(10, ("Removing %s <-> %s map\n", ksidstr, kidstr)); /* Delete previous mappings. */ - + DEBUG(10, ("Deleting existing mapping %s -> %s\n", ksidstr, kidstr )); tdb_delete(ctx->tdb, ksid); diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 9e8a5a613e..82af55800f 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -368,7 +368,7 @@ static struct winbindd_dispatch_table { { WINBINDD_WINS_BYNAME, winbindd_wins_byname, "WINS_BYNAME" }, { WINBINDD_WINS_BYIP, winbindd_wins_byip, "WINS_BYIP" }, - + /* End of list */ { WINBINDD_NUM_CMDS, NULL, "NONE" } diff --git a/source3/winbindd/winbindd_sid.c b/source3/winbindd/winbindd_sid.c index d8bd863037..641b18ebbd 100644 --- a/source3/winbindd/winbindd_sid.c +++ b/source3/winbindd/winbindd_sid.c @@ -370,7 +370,8 @@ void winbindd_sid_to_gid(struct winbindd_cli_state *state) range from random SIDs. */ backend: - winbindd_lookupsid_async( state->mem_ctx, &sid, sid2gid_lookupsid_recv, state ); + winbindd_lookupsid_async( state->mem_ctx, &sid, sid2gid_lookupsid_recv, + state ); } static void set_mapping_recv(void *private_data, bool success) -- cgit From cd82c07943c329149572473546cae732c977308c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 11:22:50 -0800 Subject: Fix bug #5904 - libnss_wins causes SIGABRT while servicing getaddrinfo() request. Jeremy. --- source3/nsswitch/wins.c | 63 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 48 insertions(+), 15 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/wins.c b/source3/nsswitch/wins.c index 2f82997aaf..e028eb8cf2 100644 --- a/source3/nsswitch/wins.c +++ b/source3/nsswitch/wins.c @@ -24,6 +24,14 @@ #include #endif +#if HAVE_PTHREAD_H +#include +#endif + +#if HAVE_PTHREAD +static pthread_mutex_t wins_nss_mutex = PTHREAD_MUTEX_INITIALIZER; +#endif + #ifndef INADDRSZ #define INADDRSZ 4 #endif @@ -320,11 +328,16 @@ NSS_STATUS _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, char *buffer, size_t buflen, int *h_errnop) { + NSS_STATUS nss_status = NSS_STATUS_SUCCESS; struct in_addr *ip_list; int i, count; fstring name; size_t namelen; +#if HAVE_PTHREAD + pthread_mutex_lock(&wins_nss_mutex); +#endif + memset(he, '\0', sizeof(*he)); fstrcpy(name, hostname); @@ -332,8 +345,10 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, ip_list = lookup_byname_backend(name, &count); - if (!ip_list) - return NSS_STATUS_NOTFOUND; + if (!ip_list) { + nss_status = NSS_STATUS_NOTFOUND; + goto out; + } /* Copy h_name */ @@ -341,7 +356,8 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if ((he->h_name = get_static(&buffer, &buflen, namelen)) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } memcpy(he->h_name, name, namelen); @@ -353,20 +369,23 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if (get_static(&buffer, &buflen, i) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } if ((he->h_addr_list = (char **)get_static( &buffer, &buflen, (count + 1) * sizeof(char *))) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } for (i = 0; i < count; i++) { if ((he->h_addr_list[i] = get_static(&buffer, &buflen, INADDRSZ)) == NULL) { free(ip_list); - return NSS_STATUS_TRYAGAIN; + nss_status = NSS_STATUS_TRYAGAIN; + goto out; } memcpy(he->h_addr_list[i], &ip_list[i], INADDRSZ); } @@ -385,16 +404,27 @@ _nss_wins_gethostbyname_r(const char *hostname, struct hostent *he, if ((i = (unsigned long)(buffer) % sizeof(char*)) != 0) i = sizeof(char*) - i; - if (get_static(&buffer, &buflen, i) == NULL) - return NSS_STATUS_TRYAGAIN; + if (get_static(&buffer, &buflen, i) == NULL) { + nss_status = NSS_STATUS_TRYAGAIN; + goto out; + } if ((he->h_aliases = (char **)get_static( - &buffer, &buflen, sizeof(char *))) == NULL) - return NSS_STATUS_TRYAGAIN; + &buffer, &buflen, sizeof(char *))) == NULL) { + nss_status = NSS_STATUS_TRYAGAIN; + goto out; + } he->h_aliases[0] = NULL; - return NSS_STATUS_SUCCESS; + nss_status = NSS_STATUS_SUCCESS; + + out: + +#if HAVE_PTHREAD + pthread_mutex_unlock(&wins_nss_mutex); +#endif + return nss_status; } @@ -402,12 +432,15 @@ NSS_STATUS _nss_wins_gethostbyname2_r(const char *name, int af, struct hostent *he, char *buffer, size_t buflen, int *h_errnop) { + NSS_STATUS nss_status; + if(af!=AF_INET) { *h_errnop = NO_DATA; - return NSS_STATUS_UNAVAIL; + nss_status = NSS_STATUS_UNAVAIL; + } else { + nss_status = _nss_wins_gethostbyname_r( + name, he, buffer, buflen, h_errnop); } - - return _nss_wins_gethostbyname_r( - name, he, buffer, buflen, h_errnop); + return nss_status; } #endif -- cgit From d53219704282bc6792416796dd6398875386243e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 12:24:53 -0800 Subject: Add functions to delete NTACL on posix ACL set. Jeremy. --- source3/modules/vfs_acl_tdb.c | 212 +++++++++++++++++++++++++--------------- source3/modules/vfs_acl_xattr.c | 100 +++++++++++++++++++ 2 files changed, 235 insertions(+), 77 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 1924812cf7..915f73233d 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -1,5 +1,5 @@ /* - * Store Windows ACLs in xattrs, or a tdb if configured that way. + * Store Windows ACLs in a tdb. * * Copyright (C) Volker Lendecke, 2008 * Copyright (C) Jeremy Allison, 2008 @@ -72,7 +72,7 @@ static bool acl_tdb_init(struct db_context **pp_db) Lower ref count and close acl_db if zero. *******************************************************************/ -static void free_acl_xattr_data(void **pptr) +static void free_acl_tdb_data(void **pptr) { struct db_context **pp_db = (struct db_context **)pptr; @@ -87,7 +87,7 @@ static void free_acl_xattr_data(void **pptr) Fetch_lock the tdb acl record for a file *******************************************************************/ -static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, +static struct db_record *acl_tdb_lock(TALLOC_CTX *mem_ctx, struct db_context *db, const struct file_id *id) { @@ -99,6 +99,33 @@ static struct db_record *acl_xattr_tdb_lock(TALLOC_CTX *mem_ctx, sizeof(id_buf))); } +/******************************************************************* + Delete the tdb acl record for a file +*******************************************************************/ + +static NTSTATUS acl_tdb_delete(vfs_handle_struct *handle, + struct db_context *db, + SMB_STRUCT_STAT *psbuf) +{ + NTSTATUS status; + struct file_id id = vfs_file_id_from_sbuf(handle->conn, psbuf); + struct db_record *rec = acl_tdb_lock(talloc_tos(), db, &id); + + /* + * If rec == NULL there's not much we can do about it + */ + + if (rec == NULL) { + DEBUG(10,("acl_tdb_delete: rec == NULL\n")); + TALLOC_FREE(rec); + return NT_STATUS_OK; + } + + status = rec->delete_rec(rec); + TALLOC_FREE(rec); + return status; +} + /******************************************************************* Parse out a struct security_descriptor from a DATA_BLOB. *******************************************************************/ @@ -311,10 +338,10 @@ static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, } /******************************************************************* - Store a DATA_BLOB into an xattr given a pathname. + Store a DATA_BLOB into an tdb given a pathname. *******************************************************************/ -static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, +static NTSTATUS get_nt_acl_tdb_internal(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, @@ -328,7 +355,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, name = fsp->fsp_name; } - DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name)); + DEBUG(10, ("get_nt_acl_tdb_internal: name=%s\n", name)); status = get_acl_blob(ctx, handle, fsp, name, &blob); if (!NT_STATUS_IS_OK(status)) { @@ -416,7 +443,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, DEBUG(10,("inherit_new_acl: check directory %s\n", parent_name)); - status = get_nt_acl_xattr_internal(handle, + status = get_nt_acl_tdb_internal(handle, NULL, parent_name, (OWNER_SECURITY_INFORMATION | @@ -493,7 +520,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, Check ACL on open. For new files inherit from parent directory. *********************************************************************/ -static int open_acl_xattr(vfs_handle_struct *handle, +static int open_acl_tdb(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, @@ -502,7 +529,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, uint32_t access_granted = 0; struct security_descriptor *pdesc = NULL; bool file_existed = true; - NTSTATUS status = get_nt_acl_xattr_internal(handle, + NTSTATUS status = get_nt_acl_tdb_internal(handle, NULL, fname, (OWNER_SECURITY_INFORMATION | @@ -516,7 +543,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, fsp->access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10,("open_acl_xattr: file %s open " + DEBUG(10,("open_acl_tdb: file %s open " "refused with error %s\n", fname, nt_errstr(status) )); @@ -527,7 +554,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, file_existed = false; } - DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for " + DEBUG(10,("open_acl_tdb: get_nt_acl_attr_internal for " "file %s returned %s\n", fname, nt_errstr(status) )); @@ -547,12 +574,10 @@ static int open_acl_xattr(vfs_handle_struct *handle, On unlink we need to delete the tdb record (if using tdb). *********************************************************************/ -static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) +static int unlink_acl_tdb(vfs_handle_struct *handle, const char *path) { SMB_STRUCT_STAT sbuf; - struct file_id id; struct db_context *db; - struct db_record *rec; int ret; SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); @@ -567,24 +592,7 @@ static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) return -1; } - id = vfs_file_id_from_sbuf(handle->conn, &sbuf); - - rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); - - /* - * If rec == NULL there's not much we can do about it - */ - - if (rec == NULL) { - DEBUG(10,("unlink_acl_xattr: path %s rec == NULL\n", - path )); - TALLOC_FREE(rec); - return 0; - } - - rec->delete_rec(rec); - TALLOC_FREE(rec); - + acl_tdb_delete(handle, db, &sbuf); return 0; } @@ -592,7 +600,7 @@ static int unlink_acl_xattr(vfs_handle_struct *handle, const char *path) Store an inherited SD on mkdir. *********************************************************************/ -static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +static int mkdir_acl_tdb(vfs_handle_struct *handle, const char *path, mode_t mode) { int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode); @@ -608,12 +616,11 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m On rmdir we need to delete the tdb record (if using tdb). *********************************************************************/ -static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) +static int rmdir_acl_tdb(vfs_handle_struct *handle, const char *path) { + SMB_STRUCT_STAT sbuf; - struct file_id id; struct db_context *db; - struct db_record *rec; int ret; SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); @@ -623,29 +630,11 @@ static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) } ret = SMB_VFS_NEXT_RMDIR(handle, path); - if (ret == -1) { return -1; } - id = vfs_file_id_from_sbuf(handle->conn, &sbuf); - - rec = acl_xattr_tdb_lock(talloc_tos(), db, &id); - - /* - * If rec == NULL there's not much we can do about it - */ - - if (rec == NULL) { - DEBUG(10,("rmdir_acl_xattr: path %s rec == NULL\n", - path )); - TALLOC_FREE(rec); - return 0; - } - - rec->delete_rec(rec); - TALLOC_FREE(rec); - + acl_tdb_delete(handle, db, &sbuf); return 0; } @@ -653,21 +642,21 @@ static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path) Fetch a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS fget_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { - NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp, + NTSTATUS status = get_nt_acl_tdb_internal(handle, fsp, NULL, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { - DEBUG(10,("fget_nt_acl_xattr: returning xattr sd for file %s\n", + DEBUG(10,("fget_nt_acl_tdb: returning tdb sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } - DEBUG(10,("fget_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + DEBUG(10,("fget_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n", fsp->fsp_name, nt_errstr(status) )); @@ -679,21 +668,21 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Fetch a security descriptor given a pathname. *********************************************************************/ -static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, +static NTSTATUS get_nt_acl_tdb(vfs_handle_struct *handle, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { - NTSTATUS status = get_nt_acl_xattr_internal(handle, NULL, + NTSTATUS status = get_nt_acl_tdb_internal(handle, NULL, name, security_info, ppdesc); if (NT_STATUS_IS_OK(status)) { if (DEBUGLEVEL >= 10) { - DEBUG(10,("get_nt_acl_xattr: returning xattr sd for file %s\n", + DEBUG(10,("get_nt_acl_tdb: returning tdb sd for file %s\n", name)); NDR_PRINT_DEBUG(security_descriptor, *ppdesc); } return NT_STATUS_OK; } - DEBUG(10,("get_nt_acl_xattr: failed to get xattr sd for file %s, Error %s\n", + DEBUG(10,("get_nt_acl_tdb: failed to get tdb sd for file %s, Error %s\n", name, nt_errstr(status) )); @@ -705,14 +694,14 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, Store a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS fset_nt_acl_tdb(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { NTSTATUS status; DATA_BLOB blob; if (DEBUGLEVEL >= 10) { - DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", + DEBUG(10,("fset_nt_acl_tdb: incoming sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); @@ -768,7 +757,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, } if (DEBUGLEVEL >= 10) { - DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", + DEBUG(10,("fset_nt_acl_tdb: storing tdb sd for file %s\n", fsp->fsp_name)); NDR_PRINT_DEBUG(security_descriptor, CONST_DISCARD(struct security_descriptor *,psd)); @@ -783,7 +772,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Handle opening the storage tdb if so configured. *******************************************************************/ -static int connect_acl_xattr(struct vfs_handle_struct *handle, +static int connect_acl_tdb(struct vfs_handle_struct *handle, const char *service, const char *user) { @@ -800,34 +789,103 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle, return -1; } - SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_xattr_data, + SMB_VFS_HANDLE_SET_DATA(handle, db, free_acl_tdb_data, struct db_context, return -1); return 0; } +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_tdb(vfs_handle_struct *handle, + const char *path, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + SMB_STRUCT_STAT sbuf; + struct db_context *db; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (SMB_VFS_STAT(handle->conn, path, &sbuf) == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + path, + type, + theacl); + if (ret == -1) { + return -1; + } + + acl_tdb_delete(handle, db, &sbuf); + return 0; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_tdb(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + SMB_STRUCT_STAT sbuf; + struct db_context *db; + int ret; + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, return -1); + + if (fsp->is_directory || fsp->fh->fd == -1) { + ret = SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf); + } else { + ret = SMB_VFS_FSTAT(fsp, &sbuf); + } + if (ret == -1) { + return -1; + } + + ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + acl_tdb_delete(handle, db, &sbuf); + return 0; +} + /* VFS operations structure */ static vfs_op_tuple skel_op_tuples[] = { - {SMB_VFS_OP(connect_acl_xattr), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(connect_acl_tdb), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(mkdir_acl_xattr), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(rmdir_acl_xattr), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(mkdir_acl_tdb), SMB_VFS_OP_MKDIR, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(rmdir_acl_tdb), SMB_VFS_OP_RMDIR, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(open_acl_xattr), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(unlink_acl_xattr), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(open_acl_tdb), SMB_VFS_OP_OPEN, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(unlink_acl_tdb), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, /* NT File ACL operations */ - {SMB_VFS_OP(fget_nt_acl_xattr),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fget_nt_acl_tdb),SMB_VFS_OP_FGET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(get_nt_acl_tdb), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(fset_nt_acl_tdb),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_tdb), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_tdb), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -NTSTATUS vfs_acl_xattr_init(void) +NTSTATUS vfs_acl_tdb_init(void) { return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_tdb", skel_op_tuples); } diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index bc3edd7d04..e0d0ef1414 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -607,6 +607,98 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return NT_STATUS_OK; } +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_xattr(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + name, + type, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_REMOVEXATTR(handle, name, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_FREMOVEXATTR(handle, fsp, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_file_xattr(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, + name, + type, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_REMOVEXATTR(handle->conn, name, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + +/********************************************************************* + Remove a Windows ACL - we're setting the underlying POSIX ACL. +*********************************************************************/ + +static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, + files_struct *fsp, + SMB_ACL_T theacl) +{ + int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, + fsp, + theacl); + if (ret == -1) { + return -1; + } + + become_root(); + SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME); + unbecome_root(); + + return ret; +} + /* VFS operations structure */ static vfs_op_tuple skel_op_tuples[] = @@ -620,6 +712,14 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(get_nt_acl_xattr), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(fset_nt_acl_xattr),SMB_VFS_OP_FSET_NT_ACL,SMB_VFS_LAYER_TRANSPARENT}, + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys__acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + + /* POSIX ACL operations. */ + {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From 07b3a1e988deae2e2d8d619fb2792dd0a719504f Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 22:00:43 +0100 Subject: s3-build: re-run make samba3-idl after pidl change. Guenther --- source3/librpc/gen_ndr/srv_lsa.c | 28 ++++++++++++++-------------- source3/librpc/gen_ndr/srv_netlogon.c | 10 +++++----- source3/librpc/gen_ndr/srv_ntsvcs.c | 6 +++--- source3/librpc/gen_ndr/srv_srvsvc.c | 20 ++++++++++---------- source3/librpc/gen_ndr/srv_svcctl.c | 16 ++++++++-------- source3/librpc/gen_ndr/srv_winreg.c | 2 +- source3/librpc/gen_ndr/srv_wkssvc.c | 6 +++--- 7 files changed, 44 insertions(+), 44 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/srv_lsa.c b/source3/librpc/gen_ndr/srv_lsa.c index b0893623a8..c30f276800 100644 --- a/source3/librpc/gen_ndr/srv_lsa.c +++ b/source3/librpc/gen_ndr/srv_lsa.c @@ -1128,14 +1128,14 @@ static bool api_lsa_LookupNames(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames(p, r); if (p->rng_fault_state) { @@ -1210,14 +1210,14 @@ static bool api_lsa_LookupSids(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids(p, r); if (p->rng_fault_state) { @@ -4444,14 +4444,14 @@ static bool api_lsa_LookupSids2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids2(p, r); if (p->rng_fault_state) { @@ -4526,14 +4526,14 @@ static bool api_lsa_LookupNames2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames2(p, r); if (p->rng_fault_state) { @@ -5272,14 +5272,14 @@ static bool api_lsa_LookupNames3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames3(p, r); if (p->rng_fault_state) { @@ -5872,14 +5872,14 @@ static bool api_lsa_LookupSids3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.names = r->in.names; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.names = r->in.names; - r->out.count = r->in.count; r->out.result = _lsa_LookupSids3(p, r); if (p->rng_fault_state) { @@ -5954,14 +5954,14 @@ static bool api_lsa_LookupNames4(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.sids = r->in.sids; + r->out.count = r->in.count; r->out.domains = talloc_zero(r, struct lsa_RefDomainList *); if (r->out.domains == NULL) { talloc_free(r); return false; } - r->out.sids = r->in.sids; - r->out.count = r->in.count; r->out.result = _lsa_LookupNames4(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_netlogon.c b/source3/librpc/gen_ndr/srv_netlogon.c index 9546b2551b..2cb2978af2 100644 --- a/source3/librpc/gen_ndr/srv_netlogon.c +++ b/source3/librpc/gen_ndr/srv_netlogon.c @@ -871,6 +871,7 @@ static bool api_netr_AccountSync(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; + r->out.recordid = r->in.recordid; r->out.buffer = talloc_zero(r, struct netr_AccountBuffer); if (r->out.buffer == NULL) { talloc_free(r); @@ -895,7 +896,6 @@ static bool api_netr_AccountSync(pipes_struct *p) return false; } - r->out.recordid = r->in.recordid; r->out.result = _netr_AccountSync(p, r); if (p->rng_fault_state) { @@ -1290,13 +1290,13 @@ static bool api_netr_ServerAuthenticate2(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.negotiate_flags = r->in.negotiate_flags; r->out.return_credentials = talloc_zero(r, struct netr_Credential); if (r->out.return_credentials == NULL) { talloc_free(r); return false; } - r->out.negotiate_flags = r->in.negotiate_flags; r->out.result = _netr_ServerAuthenticate2(p, r); if (p->rng_fault_state) { @@ -2146,13 +2146,13 @@ static bool api_netr_ServerAuthenticate3(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.negotiate_flags = r->in.negotiate_flags; r->out.return_credentials = talloc_zero(r, struct netr_Credential); if (r->out.return_credentials == NULL) { talloc_free(r); return false; } - r->out.negotiate_flags = r->in.negotiate_flags; r->out.rid = talloc_zero(r, uint32_t); if (r->out.rid == NULL) { talloc_free(r); @@ -3186,6 +3186,7 @@ static bool api_netr_LogonSamLogonEx(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.flags = r->in.flags; r->out.validation = talloc_zero(r, union netr_Validation); if (r->out.validation == NULL) { talloc_free(r); @@ -3198,7 +3199,6 @@ static bool api_netr_LogonSamLogonEx(pipes_struct *p) return false; } - r->out.flags = r->in.flags; r->out.result = _netr_LogonSamLogonEx(p, r); if (p->rng_fault_state) { @@ -3685,6 +3685,7 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) ZERO_STRUCT(r->out); r->out.return_authenticator = r->in.return_authenticator; + r->out.flags = r->in.flags; r->out.validation = talloc_zero(r, union netr_Validation); if (r->out.validation == NULL) { talloc_free(r); @@ -3697,7 +3698,6 @@ static bool api_netr_LogonSamLogonWithFlags(pipes_struct *p) return false; } - r->out.flags = r->in.flags; r->out.result = _netr_LogonSamLogonWithFlags(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_ntsvcs.c b/source3/librpc/gen_ndr/srv_ntsvcs.c index ae28b9932e..288f3ed5d7 100644 --- a/source3/librpc/gen_ndr/srv_ntsvcs.c +++ b/source3/librpc/gen_ndr/srv_ntsvcs.c @@ -782,13 +782,13 @@ static bool api_PNP_GetDeviceList(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.length = r->in.length; r->out.buffer = talloc_zero_array(r, uint16_t, *r->out.length); if (r->out.buffer == NULL) { talloc_free(r); return false; } - r->out.length = r->in.length; r->out.result = _PNP_GetDeviceList(p, r); if (p->rng_fault_state) { @@ -1017,14 +1017,14 @@ static bool api_PNP_GetDeviceRegProp(pipes_struct *p) ZERO_STRUCT(r->out); r->out.reg_data_type = r->in.reg_data_type; + r->out.buffer_size = r->in.buffer_size; + r->out.needed = r->in.needed; r->out.buffer = talloc_zero_array(r, uint8_t, *r->out.buffer_size); if (r->out.buffer == NULL) { talloc_free(r); return false; } - r->out.buffer_size = r->in.buffer_size; - r->out.needed = r->in.needed; r->out.result = _PNP_GetDeviceRegProp(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_srvsvc.c b/source3/librpc/gen_ndr/srv_srvsvc.c index f995930b89..59f51ba774 100644 --- a/source3/librpc/gen_ndr/srv_srvsvc.c +++ b/source3/librpc/gen_ndr/srv_srvsvc.c @@ -46,13 +46,13 @@ static bool api_srvsvc_NetCharDevEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetCharDevEnum(p, r); if (p->rng_fault_state) { @@ -281,13 +281,13 @@ static bool api_srvsvc_NetCharDevQEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetCharDevQEnum(p, r); if (p->rng_fault_state) { @@ -664,13 +664,13 @@ static bool api_srvsvc_NetConnEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetConnEnum(p, r); if (p->rng_fault_state) { @@ -746,13 +746,13 @@ static bool api_srvsvc_NetFileEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetFileEnum(p, r); if (p->rng_fault_state) { @@ -981,13 +981,13 @@ static bool api_srvsvc_NetSessEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetSessEnum(p, r); if (p->rng_fault_state) { @@ -1211,13 +1211,13 @@ static bool api_srvsvc_NetShareEnumAll(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetShareEnumAll(p, r); if (p->rng_fault_state) { @@ -1829,13 +1829,13 @@ static bool api_srvsvc_NetDiskEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetDiskEnum(p, r); if (p->rng_fault_state) { @@ -2064,13 +2064,13 @@ static bool api_srvsvc_NetTransportEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.transports = r->in.transports; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetTransportEnum(p, r); if (p->rng_fault_state) { @@ -2451,13 +2451,13 @@ static bool api_srvsvc_NetPathCanonicalize(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.pathtype = r->in.pathtype; r->out.can_path = talloc_zero_array(r, uint8_t, r->in.maxbuf); if (r->out.can_path == NULL) { talloc_free(r); return false; } - r->out.pathtype = r->in.pathtype; r->out.result = _srvsvc_NetPathCanonicalize(p, r); if (p->rng_fault_state) { @@ -2825,13 +2825,13 @@ static bool api_srvsvc_NetShareEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info_ctr = r->in.info_ctr; + r->out.resume_handle = r->in.resume_handle; r->out.totalentries = talloc_zero(r, uint32_t); if (r->out.totalentries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _srvsvc_NetShareEnum(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index f37111137e..5b30bf00f7 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -1139,6 +1139,7 @@ static bool api_svcctl_EnumServicesStatusW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.service = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.service == NULL) { talloc_free(r); @@ -1157,7 +1158,6 @@ static bool api_svcctl_EnumServicesStatusW(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _svcctl_EnumServicesStatusW(p, r); if (p->rng_fault_state) { @@ -1637,13 +1637,13 @@ static bool api_svcctl_GetServiceDisplayNameW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.display_name = talloc_zero(r, const char *); if (r->out.display_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceDisplayNameW(p, r); if (p->rng_fault_state) { @@ -1718,13 +1718,13 @@ static bool api_svcctl_GetServiceKeyNameW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.key_name = talloc_zero(r, const char *); if (r->out.key_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceKeyNameW(p, r); if (p->rng_fault_state) { @@ -2124,6 +2124,7 @@ static bool api_svcctl_EnumServicesStatusA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.service = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.service == NULL) { talloc_free(r); @@ -2142,7 +2143,6 @@ static bool api_svcctl_EnumServicesStatusA(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _svcctl_EnumServicesStatusA(p, r); if (p->rng_fault_state) { @@ -2615,13 +2615,13 @@ static bool api_svcctl_GetServiceDisplayNameA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.display_name = talloc_zero(r, const char *); if (r->out.display_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceDisplayNameA(p, r); if (p->rng_fault_state) { @@ -2696,13 +2696,13 @@ static bool api_svcctl_GetServiceKeyNameA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.display_name_length = r->in.display_name_length; r->out.key_name = talloc_zero(r, const char *); if (r->out.key_name == NULL) { talloc_free(r); return false; } - r->out.display_name_length = r->in.display_name_length; r->out.result = _svcctl_GetServiceKeyNameA(p, r); if (p->rng_fault_state) { @@ -3327,6 +3327,7 @@ static bool api_EnumServicesStatusExA(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.services = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.services == NULL) { talloc_free(r); @@ -3345,7 +3346,6 @@ static bool api_EnumServicesStatusExA(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.group_name = talloc_zero(r, const char *); if (r->out.group_name == NULL) { talloc_free(r); @@ -3426,6 +3426,7 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.resume_handle = r->in.resume_handle; r->out.services = talloc_zero_array(r, uint8_t, r->in.buf_size); if (r->out.services == NULL) { talloc_free(r); @@ -3444,7 +3445,6 @@ static bool api_EnumServicesStatusExW(pipes_struct *p) return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _EnumServicesStatusExW(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_winreg.c b/source3/librpc/gen_ndr/srv_winreg.c index 77b0a1c5d2..ac70b41219 100644 --- a/source3/librpc/gen_ndr/srv_winreg.c +++ b/source3/librpc/gen_ndr/srv_winreg.c @@ -520,13 +520,13 @@ static bool api_winreg_CreateKey(pipes_struct *p) } ZERO_STRUCT(r->out); + r->out.action_taken = r->in.action_taken; r->out.new_handle = talloc_zero(r, struct policy_handle); if (r->out.new_handle == NULL) { talloc_free(r); return false; } - r->out.action_taken = r->in.action_taken; r->out.result = _winreg_CreateKey(p, r); if (p->rng_fault_state) { diff --git a/source3/librpc/gen_ndr/srv_wkssvc.c b/source3/librpc/gen_ndr/srv_wkssvc.c index 9c07fa86ea..61a5be081f 100644 --- a/source3/librpc/gen_ndr/srv_wkssvc.c +++ b/source3/librpc/gen_ndr/srv_wkssvc.c @@ -201,13 +201,13 @@ static bool api_wkssvc_NetWkstaEnumUsers(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.entries_read = talloc_zero(r, uint32_t); if (r->out.entries_read == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetWkstaEnumUsers(p, r); if (p->rng_fault_state) { @@ -438,13 +438,13 @@ static bool api_wkssvc_NetWkstaTransportEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.total_entries = talloc_zero(r, uint32_t); if (r->out.total_entries == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetWkstaTransportEnum(p, r); if (p->rng_fault_state) { @@ -896,13 +896,13 @@ static bool api_wkssvc_NetrUseEnum(pipes_struct *p) ZERO_STRUCT(r->out); r->out.info = r->in.info; + r->out.resume_handle = r->in.resume_handle; r->out.entries_read = talloc_zero(r, uint32_t); if (r->out.entries_read == NULL) { talloc_free(r); return false; } - r->out.resume_handle = r->in.resume_handle; r->out.result = _wkssvc_NetrUseEnum(p, r); if (p->rng_fault_state) { -- cgit From 9b40d26e30518c666e4dad9cf55ec319cf19e28e Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 23:02:49 +0100 Subject: s3-rpcclient: fix cmd_ntsvcs_get_dev_reg_prop. Guenther --- source3/rpcclient/cmd_ntsvcs.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c index 11f16d3462..eb620d06b2 100644 --- a/source3/rpcclient/cmd_ntsvcs.c +++ b/source3/rpcclient/cmd_ntsvcs.c @@ -149,13 +149,13 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, const char *devicepath = NULL; uint32_t property = DEV_REGPROP_DESC; uint32_t reg_data_type = REG_NONE; - uint8_t buffer; + uint8_t *buffer; uint32_t buffer_size = 0; uint32_t needed = 0; uint32_t flags = 0; if (argc < 2) { - printf("usage: %s [devicepath]\n", argv[0]); + printf("usage: %s [devicepath] [buffersize]\n", argv[0]); return WERR_OK; } @@ -166,11 +166,14 @@ static WERROR cmd_ntsvcs_get_dev_reg_prop(struct rpc_pipe_client *cli, needed = buffer_size; } + buffer = talloc_array(mem_ctx, uint8_t, buffer_size); + W_ERROR_HAVE_NO_MEMORY(buffer); + status = rpccli_PNP_GetDeviceRegProp(cli, mem_ctx, devicepath, property, ®_data_type, - &buffer, + buffer, &buffer_size, &needed, flags, -- cgit From 12fdb5eb4628db08a665791fb76d15e9f5894478 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 11:21:45 +0100 Subject: s3-ntsvcs: use pidl for _PNP_GetDeviceRegProp. Guenther --- source3/rpc_server/srv_ntsvcs.c | 18 +--------------- source3/rpc_server/srv_ntsvcs_nt.c | 43 +++++++++++++++++++------------------- 2 files changed, 23 insertions(+), 38 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_ntsvcs.c b/source3/rpc_server/srv_ntsvcs.c index 5010990b58..840da3eec4 100644 --- a/source3/rpc_server/srv_ntsvcs.c +++ b/source3/rpc_server/srv_ntsvcs.c @@ -97,23 +97,7 @@ static bool api_ntsvcs_validate_device_instance(pipes_struct *p) static bool api_ntsvcs_get_device_reg_property(pipes_struct *p) { - NTSVCS_Q_GET_DEVICE_REG_PROPERTY q_u; - NTSVCS_R_GET_DEVICE_REG_PROPERTY r_u; - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!ntsvcs_io_q_get_device_reg_property("", &q_u, data, 0)) - return False; - - r_u.status = _ntsvcs_get_device_reg_property(p, &q_u, &r_u); - - if(!ntsvcs_io_r_get_device_reg_property("", &r_u, rdata, 0)) - return False; - - return True; + return proxy_ntsvcs_call(p, NDR_PNP_GETDEVICEREGPROP); } /******************************************************************* diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c index 268da52896..abeb2ca856 100644 --- a/source3/rpc_server/srv_ntsvcs_nt.c +++ b/source3/rpc_server/srv_ntsvcs_nt.c @@ -93,26 +93,26 @@ WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, } /******************************************************************** +_PNP_GetDeviceRegProp ********************************************************************/ -WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u ) +WERROR _PNP_GetDeviceRegProp(pipes_struct *p, + struct PNP_GetDeviceRegProp *r) { - fstring devicepath; char *ptr; REGVAL_CTR *values; REGISTRY_VALUE *val; - rpcstr_pull(devicepath, q_u->devicepath.buffer, sizeof(devicepath), q_u->devicepath.uni_str_len*2, 0); - - switch( q_u->property ) { + switch( r->in.property ) { case DEV_REGPROP_DESC: + /* just parse the service name from the device path and then lookup the display name */ - if ( !(ptr = strrchr_m( devicepath, '\\' )) ) + if ( !(ptr = strrchr_m( r->in.devicepath, '\\' )) ) return WERR_GENERAL_FAILURE; *ptr = '\0'; - if ( !(ptr = strrchr_m( devicepath, '_' )) ) + if ( !(ptr = strrchr_m( r->in.devicepath, '_' )) ) return WERR_GENERAL_FAILURE; ptr++; @@ -124,16 +124,27 @@ WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG return WERR_GENERAL_FAILURE; } - r_u->unknown1 = 0x1; /* always 1...tested using a remove device manager connection */ - r_u->size = reg_init_regval_buffer( &r_u->value, val ); - r_u->needed = r_u->size; + if (*r->in.buffer_size < val->size) { + *r->out.needed = val->size; + *r->out.buffer_size = 0; + TALLOC_FREE( values ); + return WERR_CM_BUFFER_SMALL; + } + r->out.buffer = (uint8_t *)talloc_memdup(p->mem_ctx, val->data_p, val->size); TALLOC_FREE(values); + if (!r->out.buffer) { + return WERR_NOMEM; + } + + *r->out.reg_data_type = REG_SZ; /* always 1...tested using a remove device manager connection */ + *r->out.buffer_size = val->size; + *r->out.needed = val->size; break; default: - r_u->unknown1 = 0x00437c98; + *r->out.reg_data_type = 0x00437c98; /* ??? */ return WERR_CM_NO_SUCH_VALUE; } @@ -279,16 +290,6 @@ WERROR _PNP_GetDepth(pipes_struct *p, /**************************************************************** ****************************************************************/ -WERROR _PNP_GetDeviceRegProp(pipes_struct *p, - struct PNP_GetDeviceRegProp *r) -{ - p->rng_fault_state = true; - return WERR_NOT_SUPPORTED; -} - -/**************************************************************** -****************************************************************/ - WERROR _PNP_SetDeviceRegProp(pipes_struct *p, struct PNP_SetDeviceRegProp *r) { -- cgit From f9d691d9d808ec2f91f3f469fe2201b0909a8552 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 11 Nov 2008 12:49:20 +0100 Subject: s3-ntsvcs: remove old hand-marshalling for ntsvcs getdevregprop. Guenther --- source3/include/proto.h | 7 ----- source3/include/rpc_ntsvcs.h | 19 ----------- source3/rpc_client/cli_reg.c | 17 ---------- source3/rpc_parse/parse_misc.c | 54 ------------------------------- source3/rpc_parse/parse_ntsvcs.c | 68 ---------------------------------------- source3/rpc_parse/parse_prs.c | 33 ------------------- 6 files changed, 198 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 45f66203e1..dd4b9d15f7 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5296,7 +5296,6 @@ NTSTATUS cli_get_session_key(TALLOC_CTX *mem_ctx, NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, uint32 reg_type, uint32 access_mask, POLICY_HND *reg_hnd); -uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ); /* The following definitions come from rpc_client/cli_samr.c */ @@ -5910,8 +5909,6 @@ void init_rpc_blob_str(RPC_DATA_BLOB *str, const char *buf, int len); void init_rpc_blob_hex(RPC_DATA_BLOB *str, const char *buf); void init_rpc_blob_bytes(RPC_DATA_BLOB *str, uint8 *buf, size_t len); bool smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth); -void init_regval_buffer(REGVAL_BUFFER *str, const uint8 *buf, size_t len); -bool smb_io_regval_buffer(const char *desc, prs_struct *ps, int depth, REGVAL_BUFFER *buf2); void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf); void copy_unistr2(UNISTR2 *str, const UNISTR2 *from); void init_string2(STRING2 *str, const char *buf, size_t max_len, size_t str_len); @@ -5974,8 +5971,6 @@ bool policy_handle_is_valid(const POLICY_HND *hnd); bool ntsvcs_io_q_get_device_list(const char *desc, NTSVCS_Q_GET_DEVICE_LIST *q_u, prs_struct *ps, int depth); bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u, prs_struct *ps, int depth); -bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth); -bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u, prs_struct *ps, int depth); /* The following definitions come from rpc_parse/parse_prs.c */ @@ -6031,7 +6026,6 @@ bool prs_uint16s(bool charmode, const char *name, prs_struct *ps, int depth, uin bool prs_uint16uni(bool charmode, const char *name, prs_struct *ps, int depth, uint16 *data16s, int len); bool prs_uint32s(bool charmode, const char *name, prs_struct *ps, int depth, uint32 *data32s, int len); bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUFFER5 *str); -bool prs_regval_buffer(bool charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf); bool prs_string2(bool charmode, const char *name, prs_struct *ps, int depth, STRING2 *str); bool prs_unistr2(bool charmode, const char *name, prs_struct *ps, int depth, UNISTR2 *str); bool prs_unistr3(bool charmode, const char *name, UNISTR3 *str, prs_struct *ps, int depth); @@ -6824,7 +6818,6 @@ WERROR _PNP_GetVersion(pipes_struct *p, WERROR _PNP_GetDeviceListSize(pipes_struct *p, struct PNP_GetDeviceListSize *r); WERROR _ntsvcs_get_device_list( pipes_struct *p, NTSVCS_Q_GET_DEVICE_LIST *q_u, NTSVCS_R_GET_DEVICE_LIST *r_u ); -WERROR _ntsvcs_get_device_reg_property( pipes_struct *p, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u ); WERROR _PNP_ValidateDeviceInstance(pipes_struct *p, struct PNP_ValidateDeviceInstance *r); WERROR _PNP_GetHwProfInfo(pipes_struct *p, diff --git a/source3/include/rpc_ntsvcs.h b/source3/include/rpc_ntsvcs.h index 0056d16eb9..dc74298cb9 100644 --- a/source3/include/rpc_ntsvcs.h +++ b/source3/include/rpc_ntsvcs.h @@ -47,23 +47,4 @@ typedef struct { WERROR status; } NTSVCS_R_GET_DEVICE_LIST; -/**************************/ - -typedef struct { - UNISTR2 devicepath; - uint32 property; - uint32 unknown2; - uint32 buffer_size1; - uint32 buffer_size2; - uint32 unknown5; -} NTSVCS_Q_GET_DEVICE_REG_PROPERTY; - -typedef struct { - uint32 unknown1; - REGVAL_BUFFER value; - uint32 size; - uint32 needed; - WERROR status; -} NTSVCS_R_GET_DEVICE_REG_PROPERTY; - #endif /* _RPC_NTSVCS_H */ diff --git a/source3/rpc_client/cli_reg.c b/source3/rpc_client/cli_reg.c index ba98e25d63..2ed7119f4b 100644 --- a/source3/rpc_client/cli_reg.c +++ b/source3/rpc_client/cli_reg.c @@ -60,20 +60,3 @@ NTSTATUS rpccli_winreg_Connect(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } - -/******************************************************************* - Fill in a REGVAL_BUFFER for the data given a REGISTRY_VALUE - *******************************************************************/ - -uint32 reg_init_regval_buffer( REGVAL_BUFFER *buf2, REGISTRY_VALUE *val ) -{ - uint32 real_size = 0; - - if ( !buf2 || !val ) - return 0; - - real_size = regval_size(val); - init_regval_buffer( buf2, (unsigned char*)regval_data_p(val), real_size ); - - return real_size; -} diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index cf989c8b5e..169e5cb560 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -557,60 +557,6 @@ bool smb_io_buffer5(const char *desc, BUFFER5 *buf5, prs_struct *ps, int depth) return True; } -/******************************************************************* - Inits a REGVAL_BUFFER structure. -********************************************************************/ - -void init_regval_buffer(REGVAL_BUFFER *str, const uint8 *buf, size_t len) -{ - ZERO_STRUCTP(str); - - /* max buffer size (allocated size) */ - str->buf_max_len = len; - str->offset = 0; - str->buf_len = buf != NULL ? len : 0; - - if (buf != NULL) { - SMB_ASSERT(str->buf_max_len >= str->buf_len); - str->buffer = (uint16 *)TALLOC_ZERO(talloc_tos(), - str->buf_max_len); - if (str->buffer == NULL) - smb_panic("init_regval_buffer: talloc fail"); - memcpy(str->buffer, buf, str->buf_len); - } -} - -/******************************************************************* - Reads or writes a REGVAL_BUFFER structure. - the uni_max_len member tells you how large the buffer is. - the uni_str_len member tells you how much of the buffer is really used. -********************************************************************/ - -bool smb_io_regval_buffer(const char *desc, prs_struct *ps, int depth, REGVAL_BUFFER *buf2) -{ - - prs_debug(ps, depth, desc, "smb_io_regval_buffer"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!prs_uint32("buf_max_len", ps, depth, &buf2->buf_max_len)) - return False; - if(!prs_uint32("offset ", ps, depth, &buf2->offset)) - return False; - if(!prs_uint32("buf_len ", ps, depth, &buf2->buf_len)) - return False; - - /* buffer advanced by indicated length of string - NOT by searching for null-termination */ - - if(!prs_regval_buffer(True, "buffer ", ps, depth, buf2)) - return False; - - return True; -} - /******************************************************************* creates a UNISTR2 structure: sets up the buffer, too ********************************************************************/ diff --git a/source3/rpc_parse/parse_ntsvcs.c b/source3/rpc_parse/parse_ntsvcs.c index 2b15a45506..17b51fa751 100644 --- a/source3/rpc_parse/parse_ntsvcs.c +++ b/source3/rpc_parse/parse_ntsvcs.c @@ -77,71 +77,3 @@ bool ntsvcs_io_r_get_device_list(const char *desc, NTSVCS_R_GET_DEVICE_LIST *r_u return True; } - -/******************************************************************* -********************************************************************/ - -bool ntsvcs_io_q_get_device_reg_property(const char *desc, NTSVCS_Q_GET_DEVICE_REG_PROPERTY *q_u, prs_struct *ps, int depth) -{ - if (q_u == NULL) - return False; - - prs_debug(ps, depth, desc, "ntsvcs_io_q_get_device_reg_property"); - depth++; - - if(!prs_align(ps)) - return False; - - if ( !prs_io_unistr2("devicepath", ps, depth, &q_u->devicepath) ) - return False; - if( !prs_align(ps) ) - return False; - - if ( !prs_uint32("property", ps, depth, &q_u->property) ) - return False; - if ( !prs_uint32("unknown2", ps, depth, &q_u->unknown2) ) - return False; - if ( !prs_uint32("buffer_size1", ps, depth, &q_u->buffer_size1) ) - return False; - if ( !prs_uint32("buffer_size2", ps, depth, &q_u->buffer_size2) ) - return False; - if ( !prs_uint32("unknown5", ps, depth, &q_u->unknown5) ) - return False; - - return True; - -} - -/******************************************************************* -********************************************************************/ - -bool ntsvcs_io_r_get_device_reg_property(const char *desc, NTSVCS_R_GET_DEVICE_REG_PROPERTY *r_u, prs_struct *ps, int depth) -{ - if ( !r_u ) - return False; - - prs_debug(ps, depth, desc, "ntsvcs_io_r_get_device_reg_property"); - depth++; - - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32("unknown1", ps, depth, &r_u->unknown1) ) - return False; - - if ( !smb_io_regval_buffer("value", ps, depth, &r_u->value) ) - return False; - if ( !prs_align(ps) ) - return False; - - if ( !prs_uint32("size", ps, depth, &r_u->size) ) - return False; - - if ( !prs_uint32("needed", ps, depth, &r_u->needed) ) - return False; - - if(!prs_werror("status", ps, depth, &r_u->status)) - return False; - - return True; -} diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c index a0d3ed7397..acc0cc88ef 100644 --- a/source3/rpc_parse/parse_prs.c +++ b/source3/rpc_parse/parse_prs.c @@ -1055,39 +1055,6 @@ bool prs_buffer5(bool charmode, const char *name, prs_struct *ps, int depth, BUF return True; } -/****************************************************************** - Stream a "not" unicode string, length/buffer specified separately, - in byte chars. String is in little-endian format. - ********************************************************************/ - -bool prs_regval_buffer(bool charmode, const char *name, prs_struct *ps, int depth, REGVAL_BUFFER *buf) -{ - char *p; - char *q = prs_mem_get(ps, buf->buf_len); - if (q == NULL) - return False; - - if (UNMARSHALLING(ps)) { - if (buf->buf_len > buf->buf_max_len) { - return False; - } - if ( buf->buf_max_len ) { - buf->buffer = PRS_ALLOC_MEM(ps, uint16, buf->buf_max_len); - if ( buf->buffer == NULL ) - return False; - } else { - buf->buffer = NULL; - } - } - - p = (char *)buf->buffer; - - dbg_rw_punival(charmode, name, depth, ps, q, p, buf->buf_len/2); - ps->data_offset += buf->buf_len; - - return True; -} - /****************************************************************** Stream a string, length/buffer specified separately, in uint8 chars. -- cgit From 31a8c4df1305b63729e49a61e27bc9e1825af0d0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 14:51:55 -0800 Subject: Fix build farm breakage. --- source3/modules/vfs_acl_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index e0d0ef1414..c28ba839be 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -714,7 +714,7 @@ static vfs_op_tuple skel_op_tuples[] = /* POSIX ACL operations. */ {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(sys__acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, /* POSIX ACL operations. */ {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, -- cgit From da683d6a73a37d18aa8fca52ef2b4837c7ff1345 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 19 Nov 2008 16:49:03 -0800 Subject: This code mixes up int and uint32 when pulling out of a TDB. This is very bad. Fixing... May fix bug #5891, not sure. Jeremy. --- source3/rpc_server/srv_eventlog_lib.c | 42 ++++++++++++++++++----------------- source3/rpc_server/srv_eventlog_nt.c | 8 +++---- 2 files changed, 26 insertions(+), 24 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c index 9215a86d3f..c4a7828b6c 100644 --- a/source3/rpc_server/srv_eventlog_lib.c +++ b/source3/rpc_server/srv_eventlog_lib.c @@ -140,13 +140,13 @@ int elog_tdb_size( TDB_CONTEXT * tdb, int *MaxSize, int *Retention ) return True if we made enough room to accommodate needed bytes ********************************************************************/ -static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, +static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32_t needed, bool whack_by_date ) { - int start_record, i, new_start; - int end_record; - int nbytes, reclen, len, Retention, MaxSize; - int tresv1, trecnum, timegen, timewr; + int32_t start_record, i, new_start; + int32_t end_record; + int32_t reclen, tresv1, trecnum, timegen, timewr; + int nbytes, len, Retention, MaxSize; TDB_DATA key, ret; time_t current_time, exp_time; @@ -173,16 +173,17 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, nbytes = 0; DEBUG( 3, - ( "MaxSize [%d] Retention [%d] Current Time [%d] exp_time [%d]\n", - MaxSize, Retention, (uint32)current_time, (uint32)exp_time ) ); + ( "MaxSize [%d] Retention [%d] Current Time [%u] exp_time [%u]\n", + MaxSize, Retention, (unsigned int)current_time, (unsigned int)exp_time ) ); DEBUG( 3, - ( "Start Record [%d] End Record [%d]\n", start_record, - end_record ) ); + ( "Start Record [%u] End Record [%u]\n", + (unsigned int)start_record, + (unsigned int)end_record )); for ( i = start_record; i < end_record; i++ ) { /* read a record, add the amt to nbytes */ - key.dsize = sizeof( int32 ); - key.dptr = ( uint8 * ) ( int32 * ) & i; + key.dsize = sizeof(int32_t); + key.dptr = (unsigned char *)&i; ret = tdb_fetch( the_tdb, key ); if ( ret.dsize == 0 ) { DEBUG( 8, @@ -198,12 +199,13 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, if (len == -1) { DEBUG( 10,("make_way_for_eventlogs: tdb_unpack failed.\n")); tdb_unlock_bystring( the_tdb, EVT_NEXT_RECORD ); + SAFE_FREE( ret.dptr ); return False; } DEBUG( 8, - ( "read record %d, record size is [%d], total so far [%d]\n", - i, reclen, nbytes ) ); + ( "read record %u, record size is [%d], total so far [%d]\n", + (unsigned int)i, reclen, nbytes ) ); SAFE_FREE( ret.dptr ); @@ -220,14 +222,14 @@ static bool make_way_for_eventlogs( TDB_CONTEXT * the_tdb, int32 needed, } DEBUG( 3, - ( "nbytes [%d] needed [%d] start_record is [%d], should be set to [%d]\n", - nbytes, needed, start_record, i ) ); + ( "nbytes [%d] needed [%d] start_record is [%u], should be set to [%u]\n", + nbytes, needed, (unsigned int)start_record, (unsigned int)i ) ); /* todo - remove eventlog entries here and set starting record to start_record... */ new_start = i; if ( start_record != new_start ) { for ( i = start_record; i < new_start; i++ ) { - key.dsize = sizeof( int32 ); - key.dptr = ( uint8 * ) ( int32 * ) & i; + key.dsize = sizeof(int32_t); + key.dptr = (unsigned char *)&i; tdb_delete( the_tdb, key ); } @@ -267,7 +269,7 @@ bool prune_eventlog( TDB_CONTEXT * tdb ) /******************************************************************** ********************************************************************/ -bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32 needed ) +bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32_t needed ) { int calcd_size; int MaxSize, Retention; @@ -313,7 +315,7 @@ bool can_write_to_eventlog( TDB_CONTEXT * tdb, int32 needed ) ELOG_TDB *elog_open_tdb( char *logname, bool force_clear ) { TDB_CONTEXT *tdb = NULL; - uint32 vers_id; + uint32_t vers_id; ELOG_TDB *ptr; char *tdbpath = NULL; ELOG_TDB *tdb_node = NULL; @@ -454,7 +456,7 @@ int write_eventlog_tdb( TDB_CONTEXT * the_tdb, Eventlog_entry * ee ) uint8 *packed_ee; TALLOC_CTX *mem_ctx = NULL; TDB_DATA kbuf, ebuf; - uint32 n_packed; + uint32_t n_packed; if ( !ee ) return 0; diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index eec5b1d736..de2bafc969 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -290,8 +290,8 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, Eventlog_entry *ee = NULL; TDB_DATA ret, key; - int srecno; - int reclen; + int32_t srecno; + int32_t reclen; int len; char *wpsource = NULL; @@ -300,10 +300,10 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, char *wpstrs = NULL; char *puserdata = NULL; - key.dsize = sizeof(int32); + key.dsize = sizeof(int32_t); srecno = recno; - key.dptr = ( uint8 * ) &srecno; + key.dptr = (unsigned char *)&srecno; ret = tdb_fetch( tdb, key ); -- cgit From 172628dca2b8553b8b7273a645393d5c96daa67e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Nov 2008 16:31:44 +0100 Subject: eventlog: don't crash in sync_eventlog_params(). MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When freeing the talloc ctx at the end of the routine, it must be a talloc ctx created inside. talloc_tos() needs to be valid after the function finishes, since callers (may) have data attached to it. Michael Signed-off-by: Günther Deschner --- source3/rpc_server/srv_eventlog_nt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index de2bafc969..71257dfdb5 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -426,7 +426,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) struct registry_value *value; WERROR wresult; char *elogname = info->logname; - TALLOC_CTX *ctx = talloc_tos(); + TALLOC_CTX *ctx = talloc_stackframe(); bool ret = false; DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) ); -- cgit From afd57a16d87bbe5d7fd447742c693d6f185206a9 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Wed, 19 Nov 2008 23:44:07 +0100 Subject: s3-eventlog: move non rpc eventlog headers to own include file. Guenther --- source3/include/eventlog.h | 41 +++++++++++++++++++++++++++++++++++++++++ source3/include/includes.h | 1 + source3/include/rpc_eventlog.h | 23 ----------------------- 3 files changed, 42 insertions(+), 23 deletions(-) create mode 100644 source3/include/eventlog.h (limited to 'source3') diff --git a/source3/include/eventlog.h b/source3/include/eventlog.h new file mode 100644 index 0000000000..16affe3313 --- /dev/null +++ b/source3/include/eventlog.h @@ -0,0 +1,41 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Marcin Krzysztof Porwit 2005. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see . + */ + +/* Defines for TDB keys */ +#define EVT_OLDEST_ENTRY "INFO/oldest_entry" +#define EVT_NEXT_RECORD "INFO/next_record" +#define EVT_VERSION "INFO/version" +#define EVT_MAXSIZE "INFO/maxsize" +#define EVT_RETENTION "INFO/retention" + +#define ELOG_APPL "Application" +#define ELOG_SYS "System" +#define ELOG_SEC "Security" + +typedef struct elog_tdb { + struct elog_tdb *prev, *next; + char *name; + TDB_CONTEXT *tdb; + int ref_count; +} ELOG_TDB; + +#define ELOG_TDB_CTX(x) ((x)->tdb) + + +#define EVENTLOG_DATABASE_VERSION_V1 1 diff --git a/source3/include/includes.h b/source3/include/includes.h index 4399c734d0..38d6ec06b9 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -654,6 +654,7 @@ struct smb_iconv_convenience *lp_iconv_convenience(void *lp_ctx); #include "async_smb.h" #include "async_sock.h" #include "services.h" +#include "eventlog.h" #include "lib/smbconf/smbconf.h" diff --git a/source3/include/rpc_eventlog.h b/source3/include/rpc_eventlog.h index 3f5d03ed63..f17e448d9e 100644 --- a/source3/include/rpc_eventlog.h +++ b/source3/include/rpc_eventlog.h @@ -35,29 +35,6 @@ /* Event types */ /* defined in librpc/gen_ndr/eventlog.h */ -/* Defines for TDB keys */ -#define EVT_OLDEST_ENTRY "INFO/oldest_entry" -#define EVT_NEXT_RECORD "INFO/next_record" -#define EVT_VERSION "INFO/version" -#define EVT_MAXSIZE "INFO/maxsize" -#define EVT_RETENTION "INFO/retention" - -#define ELOG_APPL "Application" -#define ELOG_SYS "System" -#define ELOG_SEC "Security" - -typedef struct elog_tdb { - struct elog_tdb *prev, *next; - char *name; - TDB_CONTEXT *tdb; - int ref_count; -} ELOG_TDB; - -#define ELOG_TDB_CTX(x) ((x)->tdb) - - -#define EVENTLOG_DATABASE_VERSION_V1 1 - /***********************************/ typedef struct -- cgit From 70f55ddb7012f8cc44520088949bdfa4484c3a8b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 10:55:03 +0100 Subject: s3-eventlog: avoid passing down full prs_struct in eventlog server. Guenther --- source3/rpc_server/srv_eventlog_nt.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 71257dfdb5..c679b54fcc 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -283,7 +283,7 @@ static int elog_size( EVENTLOG_INFO *info ) Eventlog_entry. returns NULL if it can't get the record for some reason. ********************************************************************/ -static Eventlog_entry *get_eventlog_record(prs_struct *ps, +static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx, TDB_CONTEXT *tdb, int recno) { @@ -321,7 +321,7 @@ static Eventlog_entry *get_eventlog_record(prs_struct *ps, if ( !len ) return NULL; - ee = TALLOC_ARRAY(ps->mem_ctx, Eventlog_entry, 1); + ee = TALLOC_ARRAY(mem_ctx, Eventlog_entry, 1); if (!ee) { return NULL; } @@ -491,13 +491,13 @@ done: /******************************************************************** ********************************************************************/ -static Eventlog_entry *read_package_entry( prs_struct * ps, +static Eventlog_entry *read_package_entry( TALLOC_CTX *mem_ctx, Eventlog_entry * entry ) { uint8 *offset; Eventlog_entry *ee_new = NULL; - ee_new = PRS_ALLOC_MEM( ps, Eventlog_entry, 1 ); + ee_new = TALLOC_ZERO_ARRAY(mem_ctx, Eventlog_entry, 1 ); if ( ee_new == NULL ) { return NULL; } @@ -536,10 +536,10 @@ static Eventlog_entry *read_package_entry( prs_struct * ps, DEBUG( 10, ( "entry->record.length is [%d].\n", entry->record.length ) ); entry->data = - PRS_ALLOC_MEM( ps, uint8, - entry->record.length - - sizeof( Eventlog_record ) - - sizeof( entry->record.length ) ); + TALLOC_ZERO_ARRAY(mem_ctx, uint8_t, + entry->record.length - + sizeof( Eventlog_record ) - + sizeof( entry->record.length )); if ( entry->data == NULL ) { return NULL; } @@ -761,7 +761,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* assume that when the record fetch fails, that we are done */ - entry = get_eventlog_record (ps, ELOG_TDB_CTX(info->etdb), record_number); + entry = get_eventlog_record (ps->mem_ctx, ELOG_TDB_CTX(info->etdb), record_number); if (!entry) { break; } @@ -770,7 +770,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p, /* Now see if there is enough room to add */ - if ( !(ee_new = read_package_entry( ps, entry )) ) + if ( !(ee_new = read_package_entry( ps->mem_ctx, entry )) ) return NT_STATUS_NO_MEMORY; if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) { -- cgit From 6ed83d3d4533ff7a290f1e674e5e82895319d18d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 13:30:34 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/cli_eventlog.c | 8 +++---- source3/librpc/gen_ndr/cli_eventlog.h | 4 ++-- source3/librpc/gen_ndr/eventlog.h | 4 ++-- source3/librpc/gen_ndr/ndr_eventlog.c | 43 +++++++++++++++++++++++++++-------- source3/librpc/gen_ndr/ndr_eventlog.h | 1 + 5 files changed, 43 insertions(+), 17 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/cli_eventlog.c b/source3/librpc/gen_ndr/cli_eventlog.c index 08456fc994..02d8fb2e65 100644 --- a/source3/librpc/gen_ndr/cli_eventlog.c +++ b/source3/librpc/gen_ndr/cli_eventlog.c @@ -278,8 +278,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, struct eventlog_OpenUnknown0 *unknown0 /* [in] [unique] */, struct lsa_String *logname /* [in] [ref] */, struct lsa_String *servername /* [in] [ref] */, - uint32_t unknown2 /* [in] */, - uint32_t unknown3 /* [in] */, + uint32_t major_version /* [in] */, + uint32_t minor_version /* [in] */, struct policy_handle *handle /* [out] [ref] */) { struct eventlog_OpenEventLogW r; @@ -289,8 +289,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, r.in.unknown0 = unknown0; r.in.logname = logname; r.in.servername = servername; - r.in.unknown2 = unknown2; - r.in.unknown3 = unknown3; + r.in.major_version = major_version; + r.in.minor_version = minor_version; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(eventlog_OpenEventLogW, &r); diff --git a/source3/librpc/gen_ndr/cli_eventlog.h b/source3/librpc/gen_ndr/cli_eventlog.h index 6945683340..0594a06f59 100644 --- a/source3/librpc/gen_ndr/cli_eventlog.h +++ b/source3/librpc/gen_ndr/cli_eventlog.h @@ -27,8 +27,8 @@ NTSTATUS rpccli_eventlog_OpenEventLogW(struct rpc_pipe_client *cli, struct eventlog_OpenUnknown0 *unknown0 /* [in] [unique] */, struct lsa_String *logname /* [in] [ref] */, struct lsa_String *servername /* [in] [ref] */, - uint32_t unknown2 /* [in] */, - uint32_t unknown3 /* [in] */, + uint32_t major_version /* [in] */, + uint32_t minor_version /* [in] */, struct policy_handle *handle /* [out] [ref] */); NTSTATUS rpccli_eventlog_RegisterEventSourceW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx); diff --git a/source3/librpc/gen_ndr/eventlog.h b/source3/librpc/gen_ndr/eventlog.h index 0fd929dd99..76b9e863bb 100644 --- a/source3/librpc/gen_ndr/eventlog.h +++ b/source3/librpc/gen_ndr/eventlog.h @@ -131,8 +131,8 @@ struct eventlog_OpenEventLogW { struct eventlog_OpenUnknown0 *unknown0;/* [unique] */ struct lsa_String *logname;/* [ref] */ struct lsa_String *servername;/* [ref] */ - uint32_t unknown2; - uint32_t unknown3; + uint32_t major_version; + uint32_t minor_version; } in; struct { diff --git a/source3/librpc/gen_ndr/ndr_eventlog.c b/source3/librpc/gen_ndr/ndr_eventlog.c index f0c7ee4d61..12fa9fcec4 100644 --- a/source3/librpc/gen_ndr/ndr_eventlog.c +++ b/source3/librpc/gen_ndr/ndr_eventlog.c @@ -5,6 +5,31 @@ #include "librpc/gen_ndr/ndr_lsa.h" #include "librpc/gen_ndr/ndr_security.h" +static enum ndr_err_code ndr_push_eventlogReadFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +static enum ndr_err_code ndr_pull_eventlogReadFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_eventlogReadFlags(struct ndr_print *ndr, const char *name, uint32_t r) +{ + ndr_print_uint32(ndr, name, r); + ndr->depth++; + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_SEQUENTIAL_READ", EVENTLOG_SEQUENTIAL_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_SEEK_READ", EVENTLOG_SEEK_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_FORWARDS_READ", EVENTLOG_FORWARDS_READ, r); + ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "EVENTLOG_BACKWARDS_READ", EVENTLOG_BACKWARDS_READ, r); + ndr->depth--; +} + static enum ndr_err_code ndr_push_eventlog_OpenUnknown0(struct ndr_push *ndr, int ndr_flags, const struct eventlog_OpenUnknown0 *r) { if (ndr_flags & NDR_SCALARS) { @@ -635,8 +660,8 @@ static enum ndr_err_code ndr_push_eventlog_OpenEventLogW(struct ndr_push *ndr, i return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown2)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.unknown3)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.major_version)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.minor_version)); } if (flags & NDR_OUT) { if (r->out.handle == NULL) { @@ -684,8 +709,8 @@ static enum ndr_err_code ndr_pull_eventlog_OpenEventLogW(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.servername, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.servername)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_servername_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown2)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.unknown3)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.major_version)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.minor_version)); NDR_PULL_ALLOC(ndr, r->out.handle); ZERO_STRUCTP(r->out.handle); } @@ -726,8 +751,8 @@ _PUBLIC_ void ndr_print_eventlog_OpenEventLogW(struct ndr_print *ndr, const char ndr->depth++; ndr_print_lsa_String(ndr, "servername", r->in.servername); ndr->depth--; - ndr_print_uint32(ndr, "unknown2", r->in.unknown2); - ndr_print_uint32(ndr, "unknown3", r->in.unknown3); + ndr_print_uint32(ndr, "major_version", r->in.major_version); + ndr_print_uint32(ndr, "minor_version", r->in.minor_version); ndr->depth--; } if (flags & NDR_OUT) { @@ -832,7 +857,7 @@ static enum ndr_err_code ndr_push_eventlog_ReadEventLogW(struct ndr_push *ndr, i return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.flags)); + NDR_CHECK(ndr_push_eventlogReadFlags(ndr, NDR_SCALARS, r->in.flags)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offset)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.number_of_bytes)); } @@ -870,7 +895,7 @@ static enum ndr_err_code ndr_pull_eventlog_ReadEventLogW(struct ndr_pull *ndr, i NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.flags)); + NDR_CHECK(ndr_pull_eventlogReadFlags(ndr, NDR_SCALARS, &r->in.flags)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offset)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.number_of_bytes)); if (r->in.number_of_bytes < 0 || r->in.number_of_bytes > 0x7FFFF) { @@ -925,7 +950,7 @@ _PUBLIC_ void ndr_print_eventlog_ReadEventLogW(struct ndr_print *ndr, const char ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "flags", r->in.flags); + ndr_print_eventlogReadFlags(ndr, "flags", r->in.flags); ndr_print_uint32(ndr, "offset", r->in.offset); ndr_print_uint32(ndr, "number_of_bytes", r->in.number_of_bytes); ndr->depth--; diff --git a/source3/librpc/gen_ndr/ndr_eventlog.h b/source3/librpc/gen_ndr/ndr_eventlog.h index 6c6e679eca..6002f35a7d 100644 --- a/source3/librpc/gen_ndr/ndr_eventlog.h +++ b/source3/librpc/gen_ndr/ndr_eventlog.h @@ -60,6 +60,7 @@ extern const struct ndr_interface_table ndr_table_eventlog; #define NDR_EVENTLOG_FLUSHEVENTLOG (0x17) #define NDR_EVENTLOG_CALL_COUNT (24) +void ndr_print_eventlogReadFlags(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_eventlog_OpenUnknown0(struct ndr_print *ndr, const char *name, const struct eventlog_OpenUnknown0 *r); enum ndr_err_code ndr_push_eventlog_Record(struct ndr_push *ndr, int ndr_flags, const struct eventlog_Record *r); enum ndr_err_code ndr_pull_eventlog_Record(struct ndr_pull *ndr, int ndr_flags, struct eventlog_Record *r); -- cgit From f0e75484a7a4fc5646f7fed6cfb736a009526f59 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 20 Nov 2008 13:33:24 +0100 Subject: s3-eventlog: remove trailing whitespace. Guenther --- source3/rpc_server/srv_eventlog_nt.c | 88 ++++++++++++++++++------------------ 1 file changed, 44 insertions(+), 44 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index c679b54fcc..612db1c469 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -1,20 +1,20 @@ -/* +/* * Unix SMB/CIFS implementation. * RPC Pipe client / server routines * Copyright (C) Marcin Krzysztof Porwit 2005, * Copyright (C) Brian Moran 2005, * Copyright (C) Gerald (Jerry) Carter 2005. - * + * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. - * + * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with this program; if not, see . */ @@ -40,10 +40,10 @@ typedef struct { static void free_eventlog_info( void *ptr ) { EVENTLOG_INFO *elog = (EVENTLOG_INFO *)ptr; - + if ( elog->etdb ) elog_close_tdb( elog->etdb, False ); - + TALLOC_FREE( elog ); } @@ -72,21 +72,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) char *tdbname = elog_tdbname(talloc_tos(), info->logname ); SEC_DESC *sec_desc; NTSTATUS status; - - if ( !tdbname ) + + if ( !tdbname ) return False; - + /* get the security descriptor for the file */ - + sec_desc = get_nt_acl_no_snum( info, tdbname ); TALLOC_FREE( tdbname ); - + if ( !sec_desc ) { - DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", + DEBUG(5,("elog_check_access: Unable to get NT ACL for %s\n", tdbname)); return False; } - + /* root free pass */ if ( geteuid() == sec_initial_uid() ) { @@ -95,21 +95,21 @@ static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token ) } /* run the check, try for the max allowed */ - + status = se_access_check( sec_desc, token, MAXIMUM_ALLOWED_ACCESS, &info->access_granted); - + if ( sec_desc ) TALLOC_FREE( sec_desc ); - + if (!NT_STATUS_IS_OK(status)) { DEBUG(8,("elog_check_access: se_access_check() return %s\n", nt_errstr(status))); return False; } - + /* we have to have READ permission for a successful open */ - + return ( info->access_granted & SA_RIGHT_FILE_READ_DATA ); } @@ -120,7 +120,7 @@ static bool elog_validate_logname( const char *name ) { int i; const char **elogs = lp_eventlog_list(); - + if (!elogs) { return False; } @@ -129,7 +129,7 @@ static bool elog_validate_logname( const char *name ) if ( strequal( name, elogs[i] ) ) return True; } - + return False; } @@ -178,19 +178,19 @@ static bool get_oldest_entry_hook( EVENTLOG_INFO * info ) static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hnd ) { EVENTLOG_INFO *elog; - + /* first thing is to validate the eventlog name */ if ( !elog_validate_logname( logname ) ) return NT_STATUS_OBJECT_PATH_INVALID; - + if ( !(elog = TALLOC_ZERO_P( NULL, EVENTLOG_INFO )) ) return NT_STATUS_NO_MEMORY; - + elog->logname = talloc_strdup( elog, logname ); - + /* Open the tdb first (so that we can create any new tdbs if necessary). - We have to do this as root and then use an internal access check + We have to do this as root and then use an internal access check on the file permissions since you can only have a tdb open once in a single process */ @@ -201,30 +201,30 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !elog->etdb ) { /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !strequal( logname, ELOG_APPL ) ) { - + TALLOC_FREE( elog->logname ); - - elog->logname = talloc_strdup( elog, ELOG_APPL ); + + elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + become_root(); elog->etdb = elog_open_tdb( elog->logname, False ); unbecome_root(); - } - + } + if ( !elog->etdb ) { TALLOC_FREE( elog ); - return NT_STATUS_ACCESS_DENIED; /* ??? */ + return NT_STATUS_ACCESS_DENIED; /* ??? */ } } - + /* now do the access check. Close the tdb if we fail here */ if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { @@ -232,9 +232,9 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } - + /* create the policy handle */ - + if ( !create_policy_hnd ( p, hnd, free_eventlog_info, ( void * ) elog ) ) { free_eventlog_info( elog ); @@ -246,7 +246,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn if ( !get_oldest_entry_hook( elog ) ) { DEBUG(3,("elog_open: Successfully opened eventlog but can't " "get any information on internal records!\n")); - } + } elog->current_record = elog->oldest_entry; @@ -413,7 +413,7 @@ static Eventlog_entry *get_eventlog_record(TALLOC_CTX *mem_ctx, } /******************************************************************** - note that this can only be called AFTER the table is constructed, + note that this can only be called AFTER the table is constructed, since it uses the table to find the tdb handle ********************************************************************/ @@ -440,9 +440,9 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) uiMaxSize = 0x80000; uiRetention = 604800; - /* the general idea is to internally open the registry - key and retrieve the values. That way we can continue - to use the same fetch/store api that we use in + /* the general idea is to internally open the registry + key and retrieve the values. That way we can continue + to use the same fetch/store api that we use in srv_reg_nt.c */ path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); @@ -625,13 +625,13 @@ NTSTATUS _eventlog_OpenEventLogW(pipes_struct *p, if (r->in.logname->string) { logname = r->in.logname->string; } - + DEBUG( 10,("_eventlog_open_eventlog: Server [%s], Log [%s]\n", servername, logname )); - + /* according to MSDN, if the logfile cannot be found, we should default to the "Application" log */ - + if ( !NT_STATUS_IS_OK( result = elog_open( p, logname, r->out.handle )) ) return result; -- cgit From 53903d9eb1e50a98ff5fae305a1f74fc9ae73143 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Nov 2008 10:45:18 -0800 Subject: Fix the build, by some cut-and-paste error I got two versions of the same functions here. Jeremy. --- source3/modules/vfs_acl_xattr.c | 50 ----------------------------------------- 1 file changed, 50 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index c28ba839be..2edb441741 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -611,52 +611,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Remove a Windows ACL - we're setting the underlying POSIX ACL. *********************************************************************/ -static int sys_acl_set_file_xattr(vfs_handle_struct *handle, - const char *name, - SMB_ACL_TYPE_T type, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, - name, - type, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_REMOVEXATTR(handle, name, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - -static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, - files_struct *fsp, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, - fsp, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_FREMOVEXATTR(handle, fsp, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - static int sys_acl_set_file_xattr(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T type, @@ -716,10 +670,6 @@ static vfs_op_tuple skel_op_tuples[] = {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, - /* POSIX ACL operations. */ - {SMB_VFS_OP(sys_acl_set_file_xattr), SMB_VFS_OP_SYS_ACL_SET_FILE, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(sys_acl_set_fd_xattr), SMB_VFS_OP_SYS_ACL_SET_FD, SMB_VFS_LAYER_TRANSPARENT}, - {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }; -- cgit From 98bf3ee2f614cf89ab4920c69d2872b6d786c4b0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Nov 2008 10:56:14 -0800 Subject: Second part of fix for bug #5891 - smbd crashed when viewing the eventlog exported by "eventlog list". Don't leak memory on error paths. Jeremy. --- source3/rpc_server/srv_eventlog_nt.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 612db1c469..4ff10390f7 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -433,7 +433,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) if ( !info->etdb ) { DEBUG( 4, ( "No open tdb! (%s)\n", info->logname ) ); - return False; + goto done; } /* set resonable defaults. 512Kb on size and 1 week on time */ @@ -447,7 +447,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname ); if (!path) { - return false; + goto done; } wresult = reg_open_path(ctx, path, REG_KEY_READ, get_root_nt_token(), @@ -457,14 +457,13 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) DEBUG( 4, ( "sync_eventlog_params: Failed to open key [%s] (%s)\n", path, win_errstr( wresult ) ) ); - return false; + goto done; } wresult = reg_queryvalue(key, key, "Retention", &value); if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"Retention\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiRetention = value->v.dword; @@ -473,7 +472,6 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info ) if (!W_ERROR_IS_OK(wresult)) { DEBUG(4, ("Failed to query value \"MaxSize\": %s\n", win_errstr(wresult))); - ret = false; goto done; } uiMaxSize = value->v.dword; -- cgit From 293372ff8d32a48d764171ecca3a8c55dfe0e818 Mon Sep 17 00:00:00 2001 From: Yasuma Takeda Date: Thu, 20 Nov 2008 11:38:37 -0800 Subject: Fix bug #5909 - MS-DFS does not work on Vista, if link name includes multibyte character. --- source3/smbd/msdfs.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 32240ff0d5..1504b19169 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -923,7 +923,6 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, static int setup_ver2_dfs_referral(const char *pathname, char **ppdata, struct junction_map *junction, - int consumedcnt, bool self_referral) { char* pdata = *ppdata; @@ -988,7 +987,8 @@ static int setup_ver2_dfs_referral(const char *pathname, memcpy(pdata+uni_reqpathoffset2,uni_requestedpath,requestedpathlen); /* create the header */ - SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ + SSVAL(pdata,0,requestedpathlen - 2); /* UCS2 of path consumed minus + 2 byte null */ /* number of referral in this pkt */ SSVAL(pdata,2,junction->referral_count); if(self_referral) { @@ -1037,7 +1037,6 @@ static int setup_ver2_dfs_referral(const char *pathname, static int setup_ver3_dfs_referral(const char *pathname, char **ppdata, struct junction_map *junction, - int consumedcnt, bool self_referral) { char *pdata = *ppdata; @@ -1084,7 +1083,8 @@ static int setup_ver3_dfs_referral(const char *pathname, *ppdata = pdata; /* create the header */ - SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ + SSVAL(pdata,0,reqpathlen - 2); /* UCS2 of path consumed minus + 2 byte null */ SSVAL(pdata,2,junction->referral_count); /* number of referral */ if(self_referral) { SIVAL(pdata,4,DFSREF_REFERRAL_SERVER | DFSREF_STORAGE_SERVER); @@ -1224,11 +1224,11 @@ int setup_dfs_referral(connection_struct *orig_conn, case 2: reply_size = setup_ver2_dfs_referral(pathnamep, ppdata, junction, - consumedcnt, self_referral); + self_referral); break; case 3: reply_size = setup_ver3_dfs_referral(pathnamep, ppdata, - junction, consumedcnt, self_referral); + junction, self_referral); break; default: DEBUG(0,("setup_dfs_referral: Invalid dfs referral " -- cgit From 03e0d0fb3791d0350199e396b562d3830f0fa095 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 21 Nov 2008 00:53:11 +0100 Subject: s3-winbindd: for now only change machine pwd when not using a system krb5 keytab. Guenther --- source3/winbindd/winbindd_dual.c | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 03d1e043bf..9153585c26 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1279,6 +1279,7 @@ static bool fork_domain_child(struct winbindd_child *child) } if (child->domain && child->domain->primary && + !lp_use_kerberos_keytab() && lp_server_role() == ROLE_DOMAIN_MEMBER) { struct timeval next_change; -- cgit From 35ac6236bdf560f8ea3e4c2e268cdb0c9c71e1cd Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 6 Nov 2008 13:37:03 +0100 Subject: s3-libnetjoin: try to show a better error message upon invalid configuration. Guenther --- source3/libnet/libnet_join.c | 61 ++++++++++++++++++++++++++++++++++++-------- 1 file changed, 50 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 6935e000dc..bb59a2b0a2 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1638,24 +1638,31 @@ WERROR libnet_init_UnjoinCtx(TALLOC_CTX *mem_ctx, static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, struct libnet_JoinCtx *r) { + bool valid_security = false; + bool valid_workgroup = false; + bool valid_realm = false; + /* check if configuration is already set correctly */ + valid_workgroup = strequal(lp_workgroup(), r->out.netbios_domain_name); + switch (r->out.domain_is_ad) { case false: - if ((strequal(lp_workgroup(), - r->out.netbios_domain_name)) && - (lp_security() == SEC_DOMAIN)) { + valid_security = (lp_security() == SEC_DOMAIN); + if (valid_workgroup && valid_security) { /* nothing to be done */ return WERR_OK; } break; case true: - if ((strequal(lp_workgroup(), - r->out.netbios_domain_name)) && - (strequal(lp_realm(), - r->out.dns_domain_name)) && - ((lp_security() == SEC_ADS) || - (lp_security() == SEC_DOMAIN))) { + valid_realm = strequal(lp_realm(), r->out.dns_domain_name); + switch (lp_security()) { + case SEC_DOMAIN: + case SEC_ADS: + valid_security = true; + } + + if (valid_workgroup && valid_realm && valid_security) { /* nothing to be done */ return WERR_OK; } @@ -1665,9 +1672,41 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, /* check if we are supposed to manipulate configuration */ if (!r->in.modify_config) { + + char *wrong_conf = talloc_strdup(mem_ctx, ""); + + if (!valid_workgroup) { + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"workgroup\" set to '%s', should be '%s'", + lp_workgroup(), r->out.netbios_domain_name); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + + if (!valid_realm) { + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"realm\" set to '%s', should be '%s'", + lp_realm(), r->out.dns_domain_name); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + + if (!valid_security) { + const char *sec; + switch (lp_security()) { + case SEC_SHARE: sec = "share"; break; + case SEC_USER: sec = "user"; break; + case SEC_DOMAIN: sec = "domain"; break; + case SEC_ADS: sec = "ads"; break; + } + wrong_conf = talloc_asprintf_append(wrong_conf, + "\"security\" set to '%s', should be %s", + sec, r->out.domain_is_ad ? + "either 'domain' or 'ads'" : "'domain'"); + W_ERROR_HAVE_NO_MEMORY(wrong_conf); + } + libnet_join_set_error_string(mem_ctx, r, - "Invalid configuration and configuration modification " - "was not requested"); + "Invalid configuration (%s) and configuration modification " + "was not requested", wrong_conf); return WERR_CAN_NOT_COMPLETE; } -- cgit From 98e1dd64ab5a5a0f9298684e09ab4637606b5b7c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 21 Nov 2008 15:56:30 +0100 Subject: s3-libnetjoin: fix build warning. Guenther --- source3/libnet/libnet_join.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bb59a2b0a2..bd127f8607 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -1690,7 +1690,7 @@ static WERROR libnet_join_check_config(TALLOC_CTX *mem_ctx, } if (!valid_security) { - const char *sec; + const char *sec = NULL; switch (lp_security()) { case SEC_SHARE: sec = "share"; break; case SEC_USER: sec = "user"; break; -- cgit From 97fb05c2c0d0b08f3ed5aa7358a4d6d8c1725012 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 12:14:53 -0800 Subject: First part of fix for bug #5903 - vfs_streams_xattr breaks contents of the file. Restructures parts of open code so that fsp must be allocated before calling open_file_ntcreate(_internal). Also fix up file ref-counting inside files.c. Jeremy. --- source3/include/proto.h | 6 +- source3/printing/printfsp.c | 15 +---- source3/smbd/close.c | 8 +-- source3/smbd/fake_file.c | 1 - source3/smbd/files.c | 74 ++++++++++------------- source3/smbd/open.c | 143 +++++++++++++++++++++++++------------------- source3/smbd/reply.c | 9 ++- 7 files changed, 131 insertions(+), 125 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index dd4b9d15f7..2cf1a9645e 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4866,7 +4866,7 @@ bool sysv_cache_reload(void); NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, const char *fname, - uint16_t current_vuid, files_struct **result); + uint16_t current_vuid, files_struct *fsp); void print_fsp_end(files_struct *fsp, enum file_close_type close_type); /* The following definitions come from printing/printing.c */ @@ -7860,9 +7860,9 @@ void file_sync_all(connection_struct *conn); void file_free(struct smb_request *req, files_struct *fsp); files_struct *file_fnum(uint16 fnum); files_struct *file_fsp(struct smb_request *req, uint16 fid); -NTSTATUS dup_file_fsp(struct smb_request *req, files_struct *fsp, +void dup_file_fsp(struct smb_request *req, files_struct *from, uint32 access_mask, uint32 share_access, - uint32 create_options, files_struct **result); + uint32 create_options, files_struct *to); /* The following definitions come from smbd/ipc.c */ diff --git a/source3/printing/printfsp.c b/source3/printing/printfsp.c index a247cd8427..5481d95650 100644 --- a/source3/printing/printfsp.c +++ b/source3/printing/printfsp.c @@ -27,19 +27,13 @@ print_job_start(). NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, const char *fname, - uint16_t current_vuid, files_struct **result) + uint16_t current_vuid, files_struct *fsp) { int jobid; SMB_STRUCT_STAT sbuf; - files_struct *fsp; fstring name; NTSTATUS status; - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - fstrcpy( name, "Remote Downlevel Document"); if (fname) { const char *p = strrchr(fname, '/'); @@ -53,7 +47,6 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, jobid = print_job_start(conn->server_info, SNUM(conn), name, NULL); if (jobid == -1) { status = map_nt_error_from_unix(errno); - file_free(req, fsp); return status; } @@ -62,7 +55,6 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, if (fsp->rap_print_jobid == 0) { /* We need to delete the entry in the tdb. */ pjob_delete(lp_const_servicename(SNUM(conn)), jobid); - file_free(req, fsp); return NT_STATUS_ACCESS_DENIED; /* No errno around here */ } @@ -81,14 +73,11 @@ NTSTATUS print_fsp_open(struct smb_request *req, connection_struct *conn, fsp->sent_oplock_break = NO_BREAK_SENT; fsp->is_directory = False; string_set(&fsp->fsp_name,print_job_fname(lp_const_servicename(SNUM(conn)),jobid)); - fsp->wcp = NULL; + fsp->wcp = NULL; SMB_VFS_FSTAT(fsp, &sbuf); fsp->mode = sbuf.st_mode; fsp->file_id = vfs_file_id_from_sbuf(conn, &sbuf); - conn->num_files_open++; - - *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/close.c b/source3/smbd/close.c index d4c531ab19..ce918ab6a3 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -106,8 +106,7 @@ static void check_magic(struct files_struct *fsp) static NTSTATUS close_filestruct(files_struct *fsp) { NTSTATUS status = NT_STATUS_OK; - connection_struct *conn = fsp->conn; - + if (fsp->fh->fd != -1) { if(flush_write_cache(fsp, CLOSE_FLUSH) == -1) { status = map_nt_error_from_unix(errno); @@ -115,9 +114,8 @@ static NTSTATUS close_filestruct(files_struct *fsp) delete_write_cache(fsp); } - conn->num_files_open--; return status; -} +} /**************************************************************************** If any deferred opens are waiting on this close, notify them. @@ -583,7 +581,7 @@ static NTSTATUS close_normal_file(struct smb_request *req, files_struct *fsp, DEBUG(2,("%s closed file %s (numopen=%d) %s\n", conn->server_info->unix_name,fsp->fsp_name, - conn->num_files_open, + conn->num_files_open - 1, nt_errstr(status) )); file_free(req, fsp); diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 58b09604c4..7feedcc9f9 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -141,7 +141,6 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, return NT_STATUS_NO_MEMORY; } - conn->num_files_open++; *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/files.c b/source3/smbd/files.c index d3bfce7499..1a3a997e59 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -129,6 +129,8 @@ NTSTATUS file_new(struct smb_request *req, connection_struct *conn, ZERO_STRUCT(fsp_fi_cache); + conn->num_files_open++; + *result = fsp; return NT_STATUS_OK; } @@ -420,9 +422,7 @@ void file_free(struct smb_request *req, files_struct *fsp) DEBUG(5,("freed files structure %d (%d used)\n", fsp->fnum, files_used)); - /* this is paranoia, just in case someone tries to reuse the - information */ - ZERO_STRUCTP(fsp); + fsp->conn->num_files_open--; if ((req != NULL) && (fsp == req->chain_fsp)) { req->chain_fsp = NULL; @@ -438,6 +438,10 @@ void file_free(struct smb_request *req, files_struct *fsp) vfs_remove_fsp_extension(fsp->vfs_extension->owner, fsp); } + /* this is paranoia, just in case someone tries to reuse the + information */ + ZERO_STRUCTP(fsp); + SAFE_FREE(fsp); } @@ -484,46 +488,34 @@ files_struct *file_fsp(struct smb_request *req, uint16 fid) Duplicate the file handle part for a DOS or FCB open. ****************************************************************************/ -NTSTATUS dup_file_fsp(struct smb_request *req, files_struct *fsp, +void dup_file_fsp(struct smb_request *req, files_struct *from, uint32 access_mask, uint32 share_access, - uint32 create_options, files_struct **result) + uint32 create_options, files_struct *to) { - NTSTATUS status; - files_struct *dup_fsp; - - status = file_new(NULL, fsp->conn, &dup_fsp); - - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - SAFE_FREE(dup_fsp->fh); - - dup_fsp->fh = fsp->fh; - dup_fsp->fh->ref_count++; - - dup_fsp->file_id = fsp->file_id; - dup_fsp->initial_allocation_size = fsp->initial_allocation_size; - dup_fsp->mode = fsp->mode; - dup_fsp->file_pid = fsp->file_pid; - dup_fsp->vuid = fsp->vuid; - dup_fsp->open_time = fsp->open_time; - dup_fsp->access_mask = access_mask; - dup_fsp->share_access = share_access; - dup_fsp->oplock_type = fsp->oplock_type; - dup_fsp->can_lock = fsp->can_lock; - dup_fsp->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; - if (!CAN_WRITE(fsp->conn)) { - dup_fsp->can_write = False; + SAFE_FREE(to->fh); + + to->fh = from->fh; + to->fh->ref_count++; + + to->file_id = from->file_id; + to->initial_allocation_size = from->initial_allocation_size; + to->mode = from->mode; + to->file_pid = from->file_pid; + to->vuid = from->vuid; + to->open_time = from->open_time; + to->access_mask = access_mask; + to->share_access = share_access; + to->oplock_type = from->oplock_type; + to->can_lock = from->can_lock; + to->can_read = (access_mask & (FILE_READ_DATA)) ? True : False; + if (!CAN_WRITE(from->conn)) { + to->can_write = False; } else { - dup_fsp->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? True : False; + to->can_write = (access_mask & (FILE_WRITE_DATA | FILE_APPEND_DATA)) ? True : False; } - dup_fsp->print_file = fsp->print_file; - dup_fsp->modified = fsp->modified; - dup_fsp->is_directory = fsp->is_directory; - dup_fsp->aio_write_behind = fsp->aio_write_behind; - string_set(&dup_fsp->fsp_name,fsp->fsp_name); - - *result = dup_fsp; - return NT_STATUS_OK; + to->print_file = from->print_file; + to->modified = from->modified; + to->is_directory = from->is_directory; + to->aio_write_behind = from->aio_write_behind; + string_set(&to->fsp_name,from->fsp_name); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 3fd0d1a03a..aca64917b5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -462,7 +462,7 @@ static NTSTATUS open_file(files_struct *fsp, conn->server_info->unix_name, fsp->fsp_name, BOOLSTR(fsp->can_read), BOOLSTR(fsp->can_write), - conn->num_files_open + 1)); + conn->num_files_open)); errno = 0; return NT_STATUS_OK; @@ -951,9 +951,10 @@ static bool open_match_attributes(connection_struct *conn, Try and find a duplicated file handle. ****************************************************************************/ -static files_struct *fcb_or_dos_open(struct smb_request *req, +static NTSTATUS fcb_or_dos_open(struct smb_request *req, connection_struct *conn, - const char *fname, + files_struct *fsp_to_dup_into, + const char *fname, struct file_id id, uint16 file_pid, uint16 vuid, @@ -962,7 +963,6 @@ static files_struct *fcb_or_dos_open(struct smb_request *req, uint32 create_options) { files_struct *fsp; - files_struct *dup_fsp; DEBUG(5,("fcb_or_dos_open: attempting old open semantics for " "file %s.\n", fname )); @@ -991,23 +991,21 @@ static files_struct *fcb_or_dos_open(struct smb_request *req, } if (!fsp) { - return NULL; + return NT_STATUS_NOT_FOUND; } /* quite an insane set of semantics ... */ if (is_executable(fname) && (fsp->fh->private_options & NTCREATEX_OPTIONS_PRIVATE_DENY_DOS)) { DEBUG(10,("fcb_or_dos_open: file fail due to is_executable.\n")); - return NULL; + return NT_STATUS_INVALID_PARAMETER; } /* We need to duplicate this fsp. */ - if (!NT_STATUS_IS_OK(dup_file_fsp(req, fsp, access_mask, share_access, - create_options, &dup_fsp))) { - return NULL; - } + dup_file_fsp(req, fsp, access_mask, share_access, + create_options, fsp_to_dup_into); - return dup_fsp; + return NT_STATUS_OK; } /**************************************************************************** @@ -1249,10 +1247,10 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, } /**************************************************************************** - Open a file with a share mode. + Open a file with a share mode. Passed in an already created files_struct *. ****************************************************************************/ -NTSTATUS open_file_ntcreate(connection_struct *conn, +static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, struct smb_request *req, const char *fname, SMB_STRUCT_STAT *psbuf, @@ -1264,7 +1262,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, int oplock_request, /* internal Samba oplock codes. */ /* Information (FILE_EXISTS etc.) */ int *pinfo, - files_struct **result) + files_struct *fsp) { int flags=0; int flags2=0; @@ -1274,7 +1272,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, bool new_file_created = False; struct file_id id; NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED; - files_struct *fsp = NULL; mode_t new_unx_mode = (mode_t)0; mode_t unx_mode = (mode_t)0; int info; @@ -1291,7 +1288,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, ZERO_STRUCT(id); if (conn->printer) { - /* + /* * Printers are handled completely differently. * Most of the passed parameters are ignored. */ @@ -1302,7 +1299,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, DEBUG(10, ("open_file_ntcreate: printer open fname=%s\n", fname)); - return print_fsp_open(req, conn, fname, req->vuid, result); + return print_fsp_open(req, conn, fname, req->vuid, fsp); } if (!parent_dirname_talloc(talloc_tos(), fname, &parent_dir, @@ -1366,7 +1363,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, status = check_name(conn, fname); if (!NT_STATUS_IS_OK(status)) { return status; - } + } if (!posix_open) { new_dos_attributes &= SAMBA_ATTRIBUTES_MASK; @@ -1533,7 +1530,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, flags2 |= O_SYNC; } #endif /* O_SYNC */ - + if (posix_open && (access_mask & FILE_APPEND_DATA)) { flags2 |= O_APPEND; } @@ -1560,11 +1557,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - status = file_new(req, conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); fsp->share_access = share_access; fsp->fh->private_options = create_options; @@ -1589,7 +1581,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, fname, &old_write_time); if (lck == NULL) { - file_free(req, fsp); DEBUG(0, ("Could not get share mode lock\n")); return NT_STATUS_SHARING_VIOLATION; } @@ -1600,7 +1591,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, oplock_request)) { schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1620,7 +1610,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, oplock_request)) { schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } } @@ -1628,7 +1617,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (NT_STATUS_EQUAL(status, NT_STATUS_DELETE_PENDING)) { /* DELETE_PENDING is not deferred for a second */ TALLOC_FREE(lck); - file_free(req, fsp); return status; } @@ -1643,33 +1631,31 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (create_options & (NTCREATEX_OPTIONS_PRIVATE_DENY_DOS| NTCREATEX_OPTIONS_PRIVATE_DENY_FCB)) { - files_struct *fsp_dup; - if (req == NULL) { DEBUG(0, ("DOS open without an SMB " "request!\n")); TALLOC_FREE(lck); - file_free(req, fsp); return NT_STATUS_INTERNAL_ERROR; } /* Use the client requested access mask here, * not the one we open with. */ - fsp_dup = fcb_or_dos_open(req, conn, fname, id, - req->smbpid, - req->vuid, - access_mask, - share_access, - create_options); - - if (fsp_dup) { + status = fcb_or_dos_open(req, + conn, + fsp, + fname, + id, + req->smbpid, + req->vuid, + access_mask, + share_access, + create_options); + + if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); - file_free(req, fsp); if (pinfo) { *pinfo = FILE_WAS_OPENED; } - conn->num_files_open++; - *result = fsp_dup; return NT_STATUS_OK; } } @@ -1697,7 +1683,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, can_access = False; } - /* + /* * If we're returning a share violation, ensure we * cope with the braindead 1 second delay. */ @@ -1750,7 +1736,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } else { status = NT_STATUS_ACCESS_DENIED; } - file_free(req, fsp); return status; } @@ -1788,7 +1773,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, if (lck != NULL) { TALLOC_FREE(lck); } - file_free(req, fsp); return fsp_open; } @@ -1819,7 +1803,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, DEBUG(0, ("open_file_ntcreate: Could not get share " "mode lock for %s\n", fname)); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1830,7 +1813,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1849,7 +1831,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, schedule_defer_open(lck, request_time, req); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } } @@ -1858,7 +1839,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, struct deferred_open_record state; fd_close(fsp); - file_free(req, fsp); state.delayed_for_oplocks = False; state.id = id; @@ -1900,7 +1880,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return NT_STATUS_SHARING_VIOLATION; } @@ -1926,7 +1905,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, status = map_nt_error_from_unix(errno); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return status; } } @@ -1958,7 +1936,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, *pinfo = info; } - /* + /* * Setup the oplock info in both the shared memory and * file structs. */ @@ -1990,14 +1968,13 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, del_share_mode(lck, fsp); TALLOC_FREE(lck); fd_close(fsp); - file_free(req, fsp); return status; } /* Note that here we set the *inital* delete on close flag, not the regular one. The magic gets handled in close. */ fsp->initial_delete_on_close = True; } - + if (new_file_created) { /* Files should be initially set as archive */ if (lp_map_archive(SNUM(conn)) || @@ -2066,10 +2043,57 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } TALLOC_FREE(lck); - conn->num_files_open++; + return NT_STATUS_OK; +} + +/**************************************************************************** + Open a file with a share mode. +****************************************************************************/ + +NTSTATUS open_file_ntcreate(connection_struct *conn, + struct smb_request *req, + const char *fname, + SMB_STRUCT_STAT *psbuf, + uint32 access_mask, /* access bits (FILE_READ_DATA etc.) */ + uint32 share_access, /* share constants (FILE_SHARE_READ etc) */ + uint32 create_disposition, /* FILE_OPEN_IF etc. */ + uint32 create_options, /* options such as delete on close. */ + uint32 new_dos_attributes, /* attributes used for new file. */ + int oplock_request, /* internal Samba oplock codes. */ + /* Information (FILE_EXISTS etc.) */ + int *pinfo, + files_struct **result) +{ + NTSTATUS status; + files_struct *fsp = NULL; + + *result = NULL; + + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + return status; + } + + status = open_file_ntcreate_internal(conn, + req, + fname, + psbuf, + access_mask, + share_access, + create_disposition, + create_options, + new_dos_attributes, + oplock_request, + pinfo, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + return status; + } *result = fsp; - return NT_STATUS_OK; + return status; } /**************************************************************************** @@ -2097,10 +2121,9 @@ NTSTATUS open_file_fchmod(struct smb_request *req, connection_struct *conn, status = open_file(fsp, conn, NULL, NULL, NULL, fname, psbuf, O_WRONLY, 0, FILE_WRITE_DATA, FILE_WRITE_DATA); - /* + /* * This is not a user visible file open. - * Don't set a share mode and don't increment - * the conn->num_files_open. + * Don't set a share mode. */ if (!NT_STATUS_IS_OK(status)) { @@ -2431,8 +2454,6 @@ NTSTATUS open_directory(connection_struct *conn, *pinfo = info; } - conn->num_files_open++; - *result = fsp; return NT_STATUS_OK; } diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c363ed5609..1f99db2de4 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -4558,8 +4558,15 @@ void reply_printopen(struct smb_request *req) return; } + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + reply_nterror(req, status); + END_PROFILE(SMBsplopen); + return; + } + /* Open for exclusive use, write only. */ - status = print_fsp_open(req, conn, NULL, req->vuid, &fsp); + status = print_fsp_open(req, conn, NULL, req->vuid, fsp); if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); -- cgit From fa60e4e97d7e1f208b6a8e8a363ec3c96e40b2d8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Thu, 20 Nov 2008 16:57:44 +0100 Subject: s3-winbindd_ads: prevent negative GM/ cache entries due to broken connections The ads lookup_groupmem() function calls lda_lookupsids to resolve sids to names. This is tried only once. So in case the connection was broken, e.g. closed by the server (without a reset packet), there will be an empty GM/ cache entry for the requested group which will prevent proper working of access checks among other checks for the expiry period. This patch works around this problem by retrying once if the lsa_lookupsids call fails, re-establishing the dc-connection, as we already do in many other places (e.g. the winbindd retry methods for the rpc layer). Michael --- source3/winbindd/winbindd_ads.c | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 18cc1cbd03..94a24278eb 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -1081,6 +1081,29 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, &names_nocache, &name_types_nocache); + if (!(NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) || + NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))) + { + DEBUG(1, ("lsa_lookupsids call failed with %s " + "- retrying...\n", nt_errstr(status))); + + status = cm_connect_lsa(domain, tmp_ctx, &cli, + &lsa_policy); + + if (!NT_STATUS_IS_OK(status)) { + goto done; + } + + status = rpccli_lsa_lookup_sids(cli, tmp_ctx, + &lsa_policy, + num_nocache, + sid_mem_nocache, + &domains_nocache, + &names_nocache, + &name_types_nocache); + } + if (NT_STATUS_IS_OK(status) || NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED)) { -- cgit From e179c41718d4d92a825dbcaea0120a0bd3befc43 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Nov 2008 02:26:50 +0100 Subject: s3-winbindd_ads: use the reconnect methods instead of the rpc methods directly Some of the ads methods just point to the rpc methods. This makes winbindd_ads use the reconnect methods instead of calling the rpc methods directly in order to prevent negative cache entries for e.g. name_to_sid, when the dc has closed the connection without sending a reset. Michael --- source3/winbindd/winbindd_ads.c | 81 ++++++++++++++++++++++++++++++++++++++--- 1 file changed, 75 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c index 94a24278eb..5c7d491849 100644 --- a/source3/winbindd/winbindd_ads.c +++ b/source3/winbindd/winbindd_ads.c @@ -401,6 +401,47 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, return NT_STATUS_OK; } +/* convert a single name to a sid in a domain - use rpc methods */ +static NTSTATUS name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + enum winbindd_cmd orig_cmd, + const char *domain_name, + const char *name, + DOM_SID *sid, + enum lsa_SidType *type) +{ + return reconnect_methods.name_to_sid(domain, mem_ctx, orig_cmd, + domain_name, name, + sid, type); +} + +/* convert a domain SID to a user or group name - use rpc methods */ +static NTSTATUS sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) +{ + return reconnect_methods.sid_to_name(domain, mem_ctx, sid, + domain_name, name, type); +} + +/* convert a list of rids to names - use rpc methods */ +static NTSTATUS rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) +{ + return reconnect_methods.rids_to_names(domain, mem_ctx, sid, + rids, num_rids, + domain_name, names, types); +} + /* If you are looking for "dn_lookup": Yes, it used to be here! * It has gone now since it was a major speed bottleneck in * lookup_groupmem (its only use). It has been replaced by @@ -903,6 +944,18 @@ done: return status; } +/* Lookup aliases a user is member of - use rpc methods */ +static NTSTATUS lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 num_sids, const DOM_SID *sids, + uint32 *num_aliases, uint32 **alias_rids) +{ + return reconnect_methods.lookup_useraliases(domain, mem_ctx, + num_sids, sids, + num_aliases, + alias_rids); +} + /* find the members of a group, given a group rid and domain */ @@ -1194,6 +1247,22 @@ static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) return ads_ntstatus(rc); } +/* find the lockout policy of a domain - use rpc methods */ +static NTSTATUS lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo12 *policy) +{ + return reconnect_methods.lockout_policy(domain, mem_ctx, policy); +} + +/* find the password policy of a domain - use rpc methods */ +static NTSTATUS password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *policy) +{ + return reconnect_methods.password_policy(domain, mem_ctx, policy); +} + /* get a list of trusted domains */ static NTSTATUS trusted_domains(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, @@ -1384,16 +1453,16 @@ struct winbindd_methods ads_methods = { query_user_list, enum_dom_groups, enum_local_groups, - msrpc_name_to_sid, - msrpc_sid_to_name, - msrpc_rids_to_names, + name_to_sid, + sid_to_name, + rids_to_names, query_user, lookup_usergroups, - msrpc_lookup_useraliases, + lookup_useraliases, lookup_groupmem, sequence_number, - msrpc_lockout_policy, - msrpc_password_policy, + lockout_policy, + password_policy, trusted_domains, }; -- cgit From dd54e680143675698330f49b9aed7188f37bec65 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 21 Nov 2008 23:17:05 +0100 Subject: s3-winbindd: make all winbind rpc-methods static. Now that the methods are no longer needed in winbindd_ads, we can make them static again. Michael --- source3/winbindd/winbindd_proto.h | 34 --------------------- source3/winbindd/winbindd_rpc.c | 63 ++++++++++++++++++++------------------- 2 files changed, 32 insertions(+), 65 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h index 4f3d10f57f..9de385e3b3 100644 --- a/source3/winbindd/winbindd_proto.h +++ b/source3/winbindd/winbindd_proto.h @@ -467,40 +467,6 @@ enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domai /* The following definitions come from winbindd/winbindd_reconnect.c */ -/* The following definitions come from winbindd/winbindd_rpc.c */ - -NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, - const char *domain_name, - const char *name, - DOM_SID *sid, - enum lsa_SidType *type); -NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **domain_name, - char **name, - enum lsa_SidType *type); -NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - uint32 *rids, - size_t num_rids, - char **domain_name, - char ***names, - enum lsa_SidType **types); -NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 num_sids, const DOM_SID *sids, - uint32 *num_aliases, uint32 **alias_rids); -NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo12 *lockout_policy); -NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo1 *password_policy); - /* The following definitions come from winbindd/winbindd_sid.c */ void winbindd_lookupsid(struct winbindd_cli_state *state); diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c index 7dea342a53..0070bde2cc 100644 --- a/source3/winbindd/winbindd_rpc.c +++ b/source3/winbindd/winbindd_rpc.c @@ -265,13 +265,13 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, } /* convert a single name to a sid in a domain */ -NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - enum winbindd_cmd original_cmd, - const char *domain_name, - const char *name, - DOM_SID *sid, - enum lsa_SidType *type) +static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + enum winbindd_cmd original_cmd, + const char *domain_name, + const char *name, + DOM_SID *sid, + enum lsa_SidType *type) { NTSTATUS result; DOM_SID *sids = NULL; @@ -331,12 +331,12 @@ NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain, /* convert a domain SID to a user or group name */ -NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **domain_name, - char **name, - enum lsa_SidType *type) +static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + char **domain_name, + char **name, + enum lsa_SidType *type) { char **domains; char **names; @@ -384,14 +384,14 @@ NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain, return NT_STATUS_OK; } -NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - uint32 *rids, - size_t num_rids, - char **domain_name, - char ***names, - enum lsa_SidType **types) +static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + const DOM_SID *sid, + uint32 *rids, + size_t num_rids, + char **domain_name, + char ***names, + enum lsa_SidType **types) { char **domains; NTSTATUS result; @@ -638,10 +638,11 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, #define MAX_SAM_ENTRIES_W2K 0x400 /* 1024 */ -NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 num_sids, const DOM_SID *sids, - uint32 *num_aliases, uint32 **alias_rids) +static NTSTATUS msrpc_lookup_useraliases(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + uint32 num_sids, const DOM_SID *sids, + uint32 *num_aliases, + uint32 **alias_rids) { NTSTATUS result = NT_STATUS_UNSUCCESSFUL; POLICY_HND dom_pol; @@ -1104,9 +1105,9 @@ static NTSTATUS trusted_domains(struct winbindd_domain *domain, } /* find the lockout policy for a domain */ -NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo12 *lockout_policy) +static NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo12 *lockout_policy) { NTSTATUS result; struct rpc_pipe_client *cli; @@ -1145,9 +1146,9 @@ NTSTATUS msrpc_lockout_policy(struct winbindd_domain *domain, } /* find the password policy for a domain */ -NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - struct samr_DomInfo1 *password_policy) +static NTSTATUS msrpc_password_policy(struct winbindd_domain *domain, + TALLOC_CTX *mem_ctx, + struct samr_DomInfo1 *password_policy) { NTSTATUS result; struct rpc_pipe_client *cli; -- cgit From 8d674e351ada654ab79d635851ac73cef71d4753 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 15:42:03 -0800 Subject: Second part of the fix for bug #5903 - vfs_streams_xattr breaks contents of the file (also fix a bad merge of the previous patch from 3.3). Jeremy. --- source3/modules/vfs_streams_xattr.c | 61 ++++++++++++++++++++++++++++++++++++- source3/smbd/open.c | 61 ++++++++++++++++++++++++++++--------- 2 files changed, 106 insertions(+), 16 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index b74c4f7902..9df88e5e19 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -624,7 +624,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); struct ea_struct ea; NTSTATUS status; - size_t length, overlap; + size_t length, overlap; if (sio == NULL) { return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); @@ -651,6 +651,63 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return overlap; } +static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, + struct files_struct *fsp, + SMB_OFF_T offset) +{ + int ret; + uint8 *tmp; + struct ea_struct ea; + NTSTATUS status; + struct stream_io *sio = + (struct stream_io *)VFS_FETCH_FSP_EXTENSION(handle, fsp); + + DEBUG(10, ("streams_xattr_ftruncate called for file %s offset %.0f\n", + fsp->fsp_name, + (double)offset )); + + if (sio == NULL) { + return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); + } + + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + sio->base, sio->xattr_name, &ea); + if (!NT_STATUS_IS_OK(status)) { + return -1; + } + + tmp = TALLOC_REALLOC_ARRAY(talloc_tos(), ea.value.data, uint8, + offset + 1); + + if (tmp == NULL) { + TALLOC_FREE(ea.value.data); + errno = ENOMEM; + return -1; + } + + /* Did we expand ? */ + if (ea.value.length < offset + 1) { + memset(&tmp[ea.value.length], '\0', + offset + 1 - ea.value.length); + } + + ea.value.data = tmp; + ea.value.length = offset + 1; + ea.value.data[offset] = 0; + + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + + TALLOC_FREE(ea.value.data); + + if (ret == -1) { + return -1; + } + + return 0; +} + /* VFS operations structure */ static vfs_op_tuple streams_xattr_ops[] = { @@ -672,6 +729,8 @@ static vfs_op_tuple streams_xattr_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_xattr_ftruncate), SMB_VFS_OP_FTRUNCATE, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} diff --git a/source3/smbd/open.c b/source3/smbd/open.c index aca64917b5..a6867e077c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1651,7 +1651,7 @@ static NTSTATUS open_file_ntcreate_internal(connection_struct *conn, share_access, create_options); - if (!NT_STATUS_IS_OK(status)) { + if (NT_STATUS_IS_OK(status)) { TALLOC_FREE(lck); if (pinfo) { *pinfo = FILE_WAS_OPENED; @@ -2878,10 +2878,42 @@ NTSTATUS create_file_unixpath(connection_struct *conn, * Ordinary file case. */ - status = open_file_ntcreate( - conn, req, fname, &sbuf, access_mask, share_access, - create_disposition, create_options, file_attributes, - oplock_request, &info, &fsp); + if (base_fsp) { + /* + * We're opening the stream element of a base_fsp + * we already opened. We need to initialize + * the fsp first, and set up the base_fsp pointer. + */ + status = file_new(req, conn, &fsp); + if(!NT_STATUS_IS_OK(status)) { + goto fail; + } + + fsp->base_fsp = base_fsp; + + status = open_file_ntcreate_internal(conn, + req, + fname, + &sbuf, + access_mask, + share_access, + create_disposition, + create_options, + file_attributes, + oplock_request, + &info, + fsp); + + if(!NT_STATUS_IS_OK(status)) { + file_free(req, fsp); + fsp = NULL; + } + } else { + status = open_file_ntcreate( + conn, req, fname, &sbuf, access_mask, share_access, + create_disposition, create_options, file_attributes, + oplock_request, &info, &fsp); + } if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { @@ -2908,6 +2940,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, goto fail; } + fsp->base_fsp = base_fsp; + /* * According to the MS documentation, the only time the security * descriptor is applied to the opened file is iff we *created* the @@ -2994,16 +3028,6 @@ NTSTATUS create_file_unixpath(connection_struct *conn, DEBUG(10, ("create_file_unixpath: info=%d\n", info)); - /* - * Set fsp->base_fsp late enough that we can't "goto fail" anymore. In - * the fail: branch we call close_file(fsp, ERROR_CLOSE) which would - * also close fsp->base_fsp which we have to also do explicitly in - * this routine here, as not in all "goto fail:" we have the fsp set - * up already to be initialized with the base_fsp. - */ - - fsp->base_fsp = base_fsp; - *result = fsp; if (pinfo != NULL) { *pinfo = info; @@ -3022,6 +3046,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, DEBUG(10, ("create_file_unixpath: %s\n", nt_errstr(status))); if (fsp != NULL) { + if (base_fsp && fsp->base_fsp == base_fsp) { + /* + * The close_file below will close + * fsp->base_fsp. + */ + base_fsp = NULL; + } close_file(req, fsp, ERROR_CLOSE); fsp = NULL; } -- cgit From ecd8c5d3078f4fd06586485665f956520b2314a3 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 16:02:31 -0800 Subject: Use fxattr calls whenever possible (trying to work around the strange Linux kernel oplock bug). Jeremy. --- source3/modules/vfs_streams_xattr.c | 70 +++++++++++++++++++++++++++---------- 1 file changed, 51 insertions(+), 19 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 9df88e5e19..2ea5336295 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -64,14 +64,16 @@ static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) return result; } -static ssize_t get_xattr_size(connection_struct *conn, const char *fname, - const char *xattr_name) +static ssize_t get_xattr_size(connection_struct *conn, + files_struct *fsp, + const char *fname, + const char *xattr_name) { NTSTATUS status; struct ea_struct ea; ssize_t result; - status = get_ea_value(talloc_tos(), conn, NULL, fname, + status = get_ea_value(talloc_tos(), conn, fsp, fname, xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -100,7 +102,8 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, io->base, io->xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, + io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; } @@ -144,7 +147,7 @@ static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname, goto fail; } - sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, NULL, base, xattr_name); if (sbuf->st_size == -1) { errno = ENOENT; goto fail; @@ -191,7 +194,7 @@ static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname, goto fail; } - sbuf->st_size = get_xattr_size(handle->conn, base, xattr_name); + sbuf->st_size = get_xattr_size(handle->conn, NULL, base, xattr_name); if (sbuf->st_size == -1) { errno = ENOENT; goto fail; @@ -300,22 +303,40 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (SMB_VFS_SETXATTR( - handle->conn, base, xattr_name, - &null, sizeof(null), - flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; + if (fsp->base_fsp->fh->fd != -1) { + if (SMB_VFS_FSETXATTR( + fsp->base_fsp, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } + } else { + if (SMB_VFS_SETXATTR( + handle->conn, base, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } } } } if (flags & O_TRUNC) { char null = '\0'; - if (SMB_VFS_SETXATTR( - handle->conn, base, xattr_name, - &null, sizeof(null), - flags & O_EXCL ? XATTR_CREATE : 0) == -1) { - goto fail; + if (fsp->base_fsp->fh->fd != -1) { + if (SMB_VFS_FSETXATTR( + fsp->base_fsp, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } + } else { + if (SMB_VFS_SETXATTR( + handle->conn, base, xattr_name, + &null, sizeof(null), + flags & O_EXCL ? XATTR_CREATE : 0) == -1) { + goto fail; + } } } @@ -603,10 +624,15 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); - + } else { + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + } TALLOC_FREE(ea.value.data); if (ret == -1) { @@ -695,9 +721,15 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); + } else { + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + sio->xattr_name, + ea.value.data, ea.value.length, 0); + } TALLOC_FREE(ea.value.data); -- cgit From c23a6dc3ec4f9a5ea5ab4f8cb9cd62aa6cacc3a4 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Fri, 14 Nov 2008 18:41:17 -0800 Subject: FreeBSD configure check for backtrace_symbols On FreeBSD backtrace_symbols is defined in libexecinfo.so.1. Look for it there as well. --- source3/configure.in | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3') diff --git a/source3/configure.in b/source3/configure.in index 1adb56ad91..287189f093 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -1033,6 +1033,8 @@ AC_CHECK_FUNCS(gettext dgettext) # Find a method of generating a stack trace AC_CHECK_HEADERS(execinfo.h libexc.h libunwind.h) +# libexecinfo provides backtrace_symbols on FreeBSD +AC_SEARCH_LIBS(backtrace_symbols, [execinfo]) AC_CHECK_FUNCS(backtrace_symbols) AC_CHECK_LIB(exc, trace_back_stack) -- cgit From 3d30d5945cf561c5baf2716d8f41870cecf947c0 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Nov 2008 12:48:26 +0100 Subject: [s3]nfs4_acls: make prototype header match definition for smb_set_nt_acl_nfs4() Add the const from nfs4_acls.c to nfs4_acls.h This fixes my build of the zfsacl module on solaris. Michael --- source3/modules/nfs4_acls.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index 0f783aa977..a227c6e0fc 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -144,7 +144,7 @@ typedef bool (*set_nfs4acl_native_fn_t)(files_struct *, SMB4ACL_T *); NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, - SEC_DESC *psd, + const SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native); #endif /* __NFS4_ACLS_H__ */ -- cgit From 83ff6979f504d50caf725ee62549604630b69be7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 18:20:38 -0800 Subject: Fix the logic bug that caused us to run into kernel oplocks on an open for a stream inside a file with stream_xattr module. On opening the base_fsp we must break existing oplocks. Jeremy. --- source3/modules/vfs_streams_xattr.c | 68 ++++++++++++++++++------------------- source3/smbd/open.c | 8 ++++- 2 files changed, 41 insertions(+), 35 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 2ea5336295..3555654dac 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -102,7 +102,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, + sbuf->st_size = get_xattr_size(handle->conn, fsp, io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; @@ -249,29 +249,29 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, /* * We use baseflags to turn off nasty side-effects when opening the * underlying file. - */ - baseflags = flags; - baseflags &= ~O_TRUNC; - baseflags &= ~O_EXCL; - baseflags &= ~O_CREAT; - - hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); - - /* It is legit to open a stream on a directory, but the base - * fd has to be read-only. - */ - if ((hostfd == -1) && (errno == EISDIR)) { - baseflags &= ~O_ACCMODE; - baseflags |= O_RDONLY; - hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, - mode); - } + */ + baseflags = flags; + baseflags &= ~O_TRUNC; + baseflags &= ~O_EXCL; + baseflags &= ~O_CREAT; + + hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); + + /* It is legit to open a stream on a directory, but the base + * fd has to be read-only. + */ + if ((hostfd == -1) && (errno == EISDIR)) { + baseflags &= ~O_ACCMODE; + baseflags |= O_RDONLY; + hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, + mode); + } - if (hostfd == -1) { + if (hostfd == -1) { goto fail; - } + } - status = get_ea_value(talloc_tos(), handle->conn, NULL, base, + status = get_ea_value(talloc_tos(), handle->conn, fsp, base, xattr_name, &ea); DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); @@ -303,9 +303,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (fsp->base_fsp->fh->fd != -1) { + if (fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp->base_fsp, xattr_name, + fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -323,9 +323,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, if (flags & O_TRUNC) { char null = '\0'; - if (fsp->base_fsp->fh->fd != -1) { + if (fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp->base_fsp, xattr_name, + fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -600,7 +600,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -624,12 +624,12 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - if (fsp->base_fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + if (fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, sio->xattr_name, ea.value.data, ea.value.length, 0); } @@ -656,7 +656,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -696,7 +696,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -721,12 +721,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - if (fsp->base_fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp->base_fsp, + if (fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, + ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, sio->xattr_name, ea.value.data, ea.value.length, 0); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a6867e077c..018d104d0b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2830,7 +2830,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, break; } - status = create_file_unixpath(conn, NULL, base, 0, + DEBUG(10, ("Recursing into create_file_unixpath for " + "base %s\n", base)); + + /* This call will break any oplock on the base file, + * but will not actually open an underlying fd. */ + + status = create_file_unixpath(conn, req, base, 0, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, -- cgit From 338303eb379320411829ee3dd1621e490f8d7fe1 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 22:48:37 -0800 Subject: Rever 83ff6979f504d50caf725ee62549604630b69be7 - "Fix the logic bug that caused us to run into kernel oplocks on an open for a stream inside a file with stream_xattr module. On opening the base_fsp we must break existing oplocks." as it broke make test. Jeremy. --- source3/modules/vfs_streams_xattr.c | 68 ++++++++++++++++++------------------- source3/smbd/open.c | 8 +---- 2 files changed, 35 insertions(+), 41 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 3555654dac..2ea5336295 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -102,7 +102,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - sbuf->st_size = get_xattr_size(handle->conn, fsp, + sbuf->st_size = get_xattr_size(handle->conn, fsp->base_fsp, io->base, io->xattr_name); if (sbuf->st_size == -1) { return -1; @@ -249,29 +249,29 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, /* * We use baseflags to turn off nasty side-effects when opening the * underlying file. - */ - baseflags = flags; - baseflags &= ~O_TRUNC; - baseflags &= ~O_EXCL; - baseflags &= ~O_CREAT; - - hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); - - /* It is legit to open a stream on a directory, but the base - * fd has to be read-only. - */ - if ((hostfd == -1) && (errno == EISDIR)) { - baseflags &= ~O_ACCMODE; - baseflags |= O_RDONLY; - hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, - mode); - } + */ + baseflags = flags; + baseflags &= ~O_TRUNC; + baseflags &= ~O_EXCL; + baseflags &= ~O_CREAT; + + hostfd = SMB_VFS_OPEN(handle->conn, base, fsp, baseflags, mode); + + /* It is legit to open a stream on a directory, but the base + * fd has to be read-only. + */ + if ((hostfd == -1) && (errno == EISDIR)) { + baseflags &= ~O_ACCMODE; + baseflags |= O_RDONLY; + hostfd = SMB_VFS_OPEN(handle->conn, fname, fsp, baseflags, + mode); + } - if (hostfd == -1) { + if (hostfd == -1) { goto fail; - } + } - status = get_ea_value(talloc_tos(), handle->conn, fsp, base, + status = get_ea_value(talloc_tos(), handle->conn, NULL, base, xattr_name, &ea); DEBUG(10, ("get_ea_value returned %s\n", nt_errstr(status))); @@ -303,9 +303,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, DEBUG(10, ("creating attribute %s on file %s\n", xattr_name, base)); - if (fsp->fh->fd != -1) { + if (fsp->base_fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp, xattr_name, + fsp->base_fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -323,9 +323,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, if (flags & O_TRUNC) { char null = '\0'; - if (fsp->fh->fd != -1) { + if (fsp->base_fsp->fh->fd != -1) { if (SMB_VFS_FSETXATTR( - fsp, xattr_name, + fsp->base_fsp, xattr_name, &null, sizeof(null), flags & O_EXCL ? XATTR_CREATE : 0) == -1) { goto fail; @@ -600,7 +600,7 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -624,12 +624,12 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, memcpy(ea.value.data + offset, data, n); - if (fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, sio->xattr_name, ea.value.data, ea.value.length, 0); } @@ -656,7 +656,7 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -696,7 +696,7 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } - status = get_ea_value(talloc_tos(), handle->conn, fsp, + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { return -1; @@ -721,12 +721,12 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, ea.value.length = offset + 1; ea.value.data[offset] = 0; - if (fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp, + if (fsp->base_fsp->fh->fd != -1) { + ret = SMB_VFS_FSETXATTR(fsp->base_fsp, sio->xattr_name, ea.value.data, ea.value.length, 0); } else { - ret = SMB_VFS_SETXATTR(fsp->conn, sio->base, + ret = SMB_VFS_SETXATTR(fsp->conn, fsp->base_fsp->fsp_name, sio->xattr_name, ea.value.data, ea.value.length, 0); } diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 018d104d0b..a6867e077c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2830,13 +2830,7 @@ NTSTATUS create_file_unixpath(connection_struct *conn, break; } - DEBUG(10, ("Recursing into create_file_unixpath for " - "base %s\n", base)); - - /* This call will break any oplock on the base file, - * but will not actually open an underlying fd. */ - - status = create_file_unixpath(conn, req, base, 0, + status = create_file_unixpath(conn, NULL, base, 0, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE, -- cgit From d205766e60be96449930f270b0a77002dffab278 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 21 Nov 2008 22:51:20 -0800 Subject: Fix a C90 error. Jeremy. --- source3/modules/vfs_streams_depot.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index e7ecedaaed..0d6e0e02c1 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -116,6 +116,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, char *id_hex; struct file_id id; uint8 id_buf[16]; + const char *rootdir; tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); @@ -124,7 +125,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - const char *rootdir = lp_parm_const_string( + rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", tmp); TALLOC_FREE(tmp); @@ -149,7 +150,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, first = hash & 0xff; second = (hash >> 8) & 0xff; - id_hex = hex_encode(talloc_tos(), id_buf, sizeof(id_buf)); + id_hex = hex_encode_talloc(talloc_tos(), id_buf, sizeof(id_buf)); if (id_hex == NULL) { errno = ENOMEM; -- cgit From 84e37eb5f56e2979cae89b96bc25ae746d7efab9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sat, 22 Nov 2008 23:25:14 +0100 Subject: s3 build: don't specify ZLIB_LIBS (i.e. "-lz") in object collections. This causes make to fail on at least HP-UX and MacOS X with message "no rule to make target -lz" or similar, when these object collections are specified in dependencies. Michael --- source3/Makefile.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 4a0590c8ed..8498447cfc 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -931,7 +931,7 @@ SMBTORTURE_OBJ = $(SMBTORTURE_OBJ1) $(PARAM_OBJ) \ MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ @@ -939,7 +939,7 @@ MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ LOCKTEST_OBJ = torture/locktest.o $(PARAM_OBJ) $(LOCKING_OBJ) $(KRBCLIENT_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) NSSTEST_OBJ = torture/nsstest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \ $(LIB_NONSMBD_OBJ) \ @@ -958,7 +958,7 @@ LOG2PCAP_OBJ = utils/log2pcaphex.o LOCKTEST2_OBJ = torture/locktest2.o $(PARAM_OBJ) $(LOCKING_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) \ - $(LIBNDR_GEN_OBJ0) $(ZLIB_LIBS) + $(LIBNDR_GEN_OBJ0) SMBCACLS_OBJ = utils/smbcacls.o $(PARAM_OBJ) $(LIBSMB_OBJ) \ $(KRBCLIENT_OBJ) $(LIB_NONSMBD_OBJ) $(RPC_PARSE_OBJ) \ -- cgit From 71c782c72af496c86491d16ef384a5b320f9616f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 01:11:29 +0100 Subject: s3-build: do not auto-genereate ndr tables but use checked-in tables. This removes the build-dependency on perl that was introduced in commit e0905c30908b4d621030689d33de28a13c04a690. The tables can now be re-built with "make ndr-tables". This is also called by make samba3-idl to ensure that the tables are updated after idl changes. This hopefully fixes the build on some build farm hosts (e.g. gwen). Michael --- source3/Makefile.in | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 8498447cfc..60ea4e2cfd 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -1235,10 +1235,13 @@ samba3-idl:: ../librpc/idl/ntsvcs.idl librpc/idl/libnetapi.idl ../librpc/idl/drsuapi.idl \ ../librpc/idl/drsblobs.idl ../librpc/idl/nbt.idl \ ../librpc/idl/named_pipe_auth.idl librpc/idl/dom_sid.idl + @$(MAKE) ndr-tables -librpc/gen_ndr/tables.c:: librpc/gen_ndr/*.h - @echo "Generating $@" - @$(PERL) ../librpc/tables.pl $^ > $@ +NDR_TABLES = librpc/gen_ndr/tables.c + +ndr-tables:: librpc/gen_ndr/*.h + @echo "Generating $(NDR_TABLES)" + @$(PERL) ../librpc/tables.pl $^ > $(NDR_TABLES) ##################################################################### -- cgit From 09bc3a2f9c3847aafdb2e6cc2651baba62f2489e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 01:59:30 +0100 Subject: s3 build: when detecting to use internal zlib, put "-I../lib/zlib" first in CFLAGS This should fix a build error on our Tru64 build farm box where a zlib.h is found in an include path handed in via external CFLAGS, but that zlib.h belongs to an old zlib. So in ndr_compression.c, "#include " includes the wrong header for the internal zlib. Michael --- source3/configure.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/configure.in b/source3/configure.in index 287189f093..9214d031b3 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -6256,7 +6256,7 @@ AC_ZLIB([ZLIB_OBJS=""], [ do ZLIB_OBJS="$ZLIB_OBJS ../lib/zlib/$o" done - CFLAGS="$CFLAGS -I../lib/zlib" + CFLAGS="-I../lib/zlib $CFLAGS" ]) dnl Remove -L/usr/lib/? from LDFLAGS and LIBS -- cgit From 9c3173142d3c9e0157a76ed32987cfb910d49a93 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 19:37:36 +0100 Subject: Fix an uninitialized variable warning Andreas Schneider, please check! --- source3/nsswitch/pam_winbind.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c index 1daa05ea17..be22ff3f5e 100644 --- a/source3/nsswitch/pam_winbind.c +++ b/source3/nsswitch/pam_winbind.c @@ -2316,7 +2316,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, struct wbcLogoffUserParams logoff; struct wbcAuthErrorInfo *error = NULL; const char *user; - wbcErr wbc_status; + wbcErr wbc_status = WBC_ERR_SUCCESS; retval = _pam_winbind_init_context(pamh, flags, argc, argv, &ctx); if (retval) { -- cgit From 671d68d573e1b39ab816989b6d5bf41da3f56e78 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Mon, 17 Nov 2008 16:38:02 +0100 Subject: ctags: Ignore source3/includes/proto.h for tags. --- source3/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/Makefile.in b/source3/Makefile.in index 60ea4e2cfd..37c48d4286 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -2791,7 +2791,7 @@ etags:: etags --append `find $(srcdir)/../source4/dsdb -name "*.[ch]"` ctags:: - ctags `find $(srcdir)/.. -name "*.[ch]"` + ctags `find $(srcdir)/.. -name "*.[ch]" | grep -v include/proto\.h` realclean:: clean -rm -f config.log bin/.dummy script/findsmb script/gen-8bit-gap.sh -- cgit From 526c609d5f4d892e534fa3db42d5e2cf103b08f3 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 22:20:58 +0100 Subject: s3-rpcclient: Fix a compile warning. --- source3/rpc_client/init_netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index 4318a94076..b2ad1a5bcb 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -206,7 +206,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, if (pipe_session_key && pipe_session_key_len != 16) { DEBUG(0,("serverinfo_to_SamInfo3: invalid " - "pipe_session_key_len[%u] != 16\n", + "pipe_session_key_len[%d] != 16\n", pipe_session_key_len)); return NT_STATUS_INTERNAL_ERROR; } -- cgit From ed27d91068ca45a2f2924cb2d53c3fdf856c5c47 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 22:21:26 +0100 Subject: Add auth_serversupplied_info to create_conn_struct srvsvc needs it, as will printing --- source3/include/proto.h | 3 ++- source3/rpc_server/srv_srvsvc_nt.c | 10 ++++------ source3/smbd/msdfs.c | 19 +++++++++++++++---- 3 files changed, 21 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 2cf1a9645e..a024d683f3 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7957,7 +7957,8 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, connection_struct **pconn, int snum, const char *path, - char **poldcwd); + struct auth_serversupplied_info *server_info, + char **poldcwd); /* The following definitions come from smbd/negprot.c */ diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 9d9e9af59b..274deab88b 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2050,7 +2050,8 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, } nt_status = create_conn_struct(talloc_tos(), &conn, snum, - lp_pathname(snum), &oldcwd); + lp_pathname(snum), p->server_info, + &oldcwd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_conn_struct failed: %s\n", nt_errstr(nt_status))); @@ -2058,8 +2059,6 @@ WERROR _srvsvc_NetGetFileSecurity(pipes_struct *p, goto error_exit; } - conn->server_info = p->server_info; - nt_status = create_file( conn, /* conn */ NULL, /* req */ @@ -2165,7 +2164,8 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, } nt_status = create_conn_struct(talloc_tos(), &conn, snum, - lp_pathname(snum), &oldcwd); + lp_pathname(snum), p->server_info, + &oldcwd); if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(10, ("create_conn_struct failed: %s\n", nt_errstr(nt_status))); @@ -2173,8 +2173,6 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } - conn->server_info = p->server_info; - nt_status = create_file( conn, /* conn */ NULL, /* req */ diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c index 1504b19169..d46be64262 100644 --- a/source3/smbd/msdfs.c +++ b/source3/smbd/msdfs.c @@ -219,6 +219,7 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, connection_struct **pconn, int snum, const char *path, + struct auth_serversupplied_info *server_info, char **poldcwd) { connection_struct *conn; @@ -254,6 +255,15 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, conn->params->service = snum; + if (server_info != NULL) { + conn->server_info = copy_serverinfo(conn, server_info); + if (conn->server_info == NULL) { + DEBUG(0, ("copy_serverinfo failed\n")); + TALLOC_FREE(conn); + return NT_STATUS_NO_MEMORY; + } + } + set_conn_connectpath(conn, connpath); if (!smbd_vfs_init(conn)) { @@ -881,7 +891,7 @@ NTSTATUS get_referred_path(TALLOC_CTX *ctx, } status = create_conn_struct(ctx, &conn, snum, lp_pathname(snum), - &oldpath); + NULL, &oldpath); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(pdp); return status; @@ -1321,7 +1331,7 @@ static bool junction_to_local_path(const struct junction_map *jucn, return False; } status = create_conn_struct(talloc_tos(), conn_out, snum, - lp_pathname(snum), oldpath); + lp_pathname(snum), NULL, oldpath); if (!NT_STATUS_IS_OK(status)) { return False; } @@ -1455,7 +1465,7 @@ static int count_dfs_links(TALLOC_CTX *ctx, int snum) */ status = create_conn_struct(talloc_tos(), &conn, snum, connect_path, - &cwd); + NULL, &cwd); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("create_conn_struct failed: %s\n", nt_errstr(status))); @@ -1523,7 +1533,8 @@ static int form_junctions(TALLOC_CTX *ctx, * Fake up a connection struct for the VFS layer. */ - status = create_conn_struct(ctx, &conn, snum, connect_path, &cwd); + status = create_conn_struct(ctx, &conn, snum, connect_path, NULL, + &cwd); if (!NT_STATUS_IS_OK(status)) { DEBUG(3, ("create_conn_struct failed: %s\n", nt_errstr(status))); -- cgit From a36415a5651c598e1dd28e163995e266dad51130 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 23:54:27 +0100 Subject: s3-rpcclient; Really fix compile warning. Screwed up in 526c609d, now the real fix. --- source3/rpc_client/init_netlogon.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_client/init_netlogon.c b/source3/rpc_client/init_netlogon.c index b2ad1a5bcb..6f7a541f72 100644 --- a/source3/rpc_client/init_netlogon.c +++ b/source3/rpc_client/init_netlogon.c @@ -206,7 +206,7 @@ NTSTATUS serverinfo_to_SamInfo3(struct auth_serversupplied_info *server_info, if (pipe_session_key && pipe_session_key_len != 16) { DEBUG(0,("serverinfo_to_SamInfo3: invalid " - "pipe_session_key_len[%d] != 16\n", + "pipe_session_key_len[%zu] != 16\n", pipe_session_key_len)); return NT_STATUS_INTERNAL_ERROR; } -- cgit From 798b9e1ad6bbdcf873285d0e1c5008e566744162 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 23 Nov 2008 18:20:19 -0800 Subject: Fix to allow setting of NULL DACL/SACL This is a modification of Jeremy's 7522ef15aca2429ef57c75d8297dd8121e79c9da commit. If no DACL/SACL is present in the packet, the SEC_INFO field should still be passed down as is to the VFS layer to signal the creation of a NULL DACL/SACL. As seen in metze RAW-ACL test_nttrans_create_null_dacl(), a NULL DACL is set regardless of the SEC_DESC_DACL_PRESENT bit being set. --- source3/smbd/nttrans.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 52c16e2ac6..8a18c87903 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -721,21 +721,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, return status; } - if (psd->owner_sid==0) { + if (psd->owner_sid == NULL) { security_info_sent &= ~OWNER_SECURITY_INFORMATION; } - if (psd->group_sid==0) { + if (psd->group_sid == NULL) { security_info_sent &= ~GROUP_SECURITY_INFORMATION; } - if (psd->sacl==0) { - security_info_sent &= ~SACL_SECURITY_INFORMATION; - } - if (security_info_sent & DACL_SECURITY_INFORMATION) { - psd->type |= SEC_DESC_DACL_PRESENT; - } - if (psd->dacl==0) { - security_info_sent &= ~DACL_SECURITY_INFORMATION; - } /* Convert all the generic bits. */ security_acl_map_generic(psd->dacl, &file_generic_mapping); -- cgit From 783ab0480b7c1454a95cdb414d3277a8fa543e9a Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 22:46:08 +0100 Subject: Convert move_driver_to_download_area to use create_conn_struct This removes a use of struct current_user and the vuid The become_user() here is unnecessary, within the spoolss handling code we have switched to the authenticated pipe user anyway. Jerry, please check! --- source3/include/proto.h | 5 ++-- source3/printing/nt_printing.c | 56 +++++++++++++++---------------------- source3/rpc_server/srv_spoolss_nt.c | 3 +- 3 files changed, 28 insertions(+), 36 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index a024d683f3..abb65ac654 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4775,8 +4775,9 @@ int get_ntdrivers(fstring **list, const char *architecture, uint32 version); const char *get_short_archi(const char *long_archi); WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, struct current_user *user); -WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, - struct current_user *user, WERROR *perr); +WERROR move_driver_to_download_area(struct pipes_struct *p, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, WERROR *perr); int pack_devicemode(NT_DEVICEMODE *nt_devmode, uint8 *buf, int buflen); uint32 del_a_printer(const char *sharename); NT_DEVICEMODE *construct_nt_devicemode(const fstring default_devicename); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 11370272a2..71d906cb41 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1796,8 +1796,9 @@ static char* ffmt(unsigned char *c){ /**************************************************************************** ****************************************************************************/ -WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, - struct current_user *user, WERROR *perr) +WERROR move_driver_to_download_area(struct pipes_struct *p, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level, WERROR *perr) { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver; @@ -1805,14 +1806,15 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract char *new_dir = NULL; char *old_name = NULL; char *new_name = NULL; - DATA_BLOB null_pw; - connection_struct *conn; + connection_struct *conn = NULL; NTSTATUS nt_status; - fstring res_type; SMB_STRUCT_STAT st; int i; TALLOC_CTX *ctx = talloc_tos(); int ver = 0; + char *oldcwd; + fstring printdollar; + int printdollar_snum; *perr = WERR_OK; @@ -1831,38 +1833,24 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract return WERR_UNKNOWN_PRINTER_DRIVER; } - /* - * Connect to the print$ share under the same account as the user connected to the rpc pipe. - * Note we must be root to do this. - */ - - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status); - unbecome_root(); + fstrcpy(printdollar, "print$"); - if (conn == NULL) { - DEBUG(0,("move_driver_to_download_area: Unable to connect\n")); - *perr = ntstatus_to_werror(nt_status); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + *perr = WERR_NO_SUCH_SHARE; return WERR_NO_SUCH_SHARE; } - /* - * Save who we are - we are temporarily becoming the connection user. - */ - - if (!become_user(conn, conn->vuid)) { - DEBUG(0,("move_driver_to_download_area: Can't become user!\n")); - return WERR_ACCESS_DENIED; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + p->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("move_driver_to_download_area: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + *perr = ntstatus_to_werror(nt_status); + return *perr; } - /* WE ARE NOW RUNNING AS USER conn->vuid !!!!! */ - - /* - * make the directories version and version\driver_name - * under the architecture directory. - */ DEBUG(5,("Creating first directory\n")); new_dir = talloc_asprintf(ctx, "%s/%d", @@ -2092,8 +2080,10 @@ WERROR move_driver_to_download_area(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract err_exit: - close_cnum(conn, user->vuid); - unbecome_user(); + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } if (W_ERROR_EQUAL(*perr, WERR_OK)) { return WERR_OK; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 59c1323a0f..cc958aa8a6 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7860,7 +7860,8 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, goto done; DEBUG(5,("Moving driver to final destination\n")); - if( !W_ERROR_IS_OK(err = move_driver_to_download_area(driver, level, &p->pipe_user, &err)) ) { + if( !W_ERROR_IS_OK(err = move_driver_to_download_area(p, driver, level, + &err)) ) { goto done; } -- cgit From cb4f8573ba5fe7164be8adee8af7fbec9ec18ab0 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:01:24 +0100 Subject: Convert get_correct_cversion to use create_conn_struct Jerry, please check! --- source3/include/proto.h | 5 +- source3/printing/nt_printing.c | 95 +++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 2 +- 3 files changed, 54 insertions(+), 48 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index abb65ac654..d3cc8c9f12 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4773,8 +4773,9 @@ bool delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, WERROR void update_a_form(nt_forms_struct **list, const FORM *form, int count); int get_ntdrivers(fstring **list, const char *architecture, uint32 version); const char *get_short_archi(const char *long_archi); -WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, - uint32 level, struct current_user *user); +WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level); WERROR move_driver_to_download_area(struct pipes_struct *p, NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, WERROR *perr); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 71d906cb41..fc73cb55d2 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1454,18 +1454,21 @@ static int file_version_is_newer(connection_struct *conn, fstring new_file, fstr /**************************************************************************** Determine the correct cVersion associated with an architecture and driver ****************************************************************************/ -static uint32 get_correct_cversion(const char *architecture, fstring driverpath_in, - struct current_user *user, WERROR *perr) +static uint32 get_correct_cversion(struct pipes_struct *p, + const char *architecture, + fstring driverpath_in, + WERROR *perr) { int cversion; NTSTATUS nt_status; char *driverpath = NULL; - DATA_BLOB null_pw; - fstring res_type; files_struct *fsp = NULL; SMB_STRUCT_STAT st; - connection_struct *conn; + connection_struct *conn = NULL; NTSTATUS status; + char *oldcwd; + fstring printdollar; + int printdollar_snum; SET_STAT_INVALID(st); @@ -1485,28 +1488,21 @@ static uint32 get_correct_cversion(const char *architecture, fstring driverpath_ return 3; } - /* - * Connect to the print$ share under the same account as the user connected - * to the rpc pipe. Note we must still be root to do this. - */ - - /* Null password is ok - we are already an authenticated user... */ - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status); - unbecome_root(); + fstrcpy(printdollar, "print$"); - if (conn == NULL) { - DEBUG(0,("get_correct_cversion: Unable to connect\n")); - *perr = ntstatus_to_werror(nt_status); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + *perr = WERR_NO_SUCH_SHARE; return -1; } - /* We are temporarily becoming the connection user. */ - if (!become_user(conn, user->vuid)) { - DEBUG(0,("get_correct_cversion: Can't become user!\n")); - *perr = WERR_ACCESS_DENIED; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + p->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("get_correct_cversion: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + *perr = ntstatus_to_werror(nt_status); return -1; } @@ -1583,27 +1579,28 @@ static uint32 get_correct_cversion(const char *architecture, fstring driverpath_ DEBUG(10,("get_correct_cversion: Driver file [%s] cversion = %d\n", driverpath, cversion)); - close_file(NULL, fsp, NORMAL_CLOSE); - close_cnum(conn, user->vuid); - unbecome_user(); - *perr = WERR_OK; - return cversion; - + goto done; - error_exit: - - if(fsp) + error_exit: + cversion = -1; + done: + if (fsp != NULL) { close_file(NULL, fsp, NORMAL_CLOSE); - - close_cnum(conn, user->vuid); - unbecome_user(); - return -1; + } + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } + if (cversion != -1) { + *perr = WERR_OK; + } + return cversion; } /**************************************************************************** ****************************************************************************/ -static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver, - struct current_user *user) +static WERROR clean_up_driver_struct_level_3(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver) { const char *architecture; fstring new_name; @@ -1661,7 +1658,9 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri * NT 4: cversion=2 * NT2K: cversion=3 */ - if ((driver->cversion = get_correct_cversion( architecture, driver->driverpath, user, &err)) == -1) + if ((driver->cversion = get_correct_cversion(rpc_pipe, architecture, + driver->driverpath, + &err)) == -1) return err; return WERR_OK; @@ -1669,7 +1668,8 @@ static WERROR clean_up_driver_struct_level_3(NT_PRINTER_DRIVER_INFO_LEVEL_3 *dri /**************************************************************************** ****************************************************************************/ -static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver, struct current_user *user) +static WERROR clean_up_driver_struct_level_6(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver) { const char *architecture; fstring new_name; @@ -1728,7 +1728,9 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri * NT2K: cversion=3 */ - if ((driver->version = get_correct_cversion(architecture, driver->driverpath, user, &err)) == -1) + if ((driver->version = get_correct_cversion(rpc_pipe, architecture, + driver->driverpath, + &err)) == -1) return err; return WERR_OK; @@ -1736,21 +1738,24 @@ static WERROR clean_up_driver_struct_level_6(NT_PRINTER_DRIVER_INFO_LEVEL_6 *dri /**************************************************************************** ****************************************************************************/ -WERROR clean_up_driver_struct(NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, - uint32 level, struct current_user *user) +WERROR clean_up_driver_struct(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, + uint32 level) { switch (level) { case 3: { NT_PRINTER_DRIVER_INFO_LEVEL_3 *driver; driver=driver_abstract.info_3; - return clean_up_driver_struct_level_3(driver, user); + return clean_up_driver_struct_level_3(rpc_pipe, + driver); } case 6: { NT_PRINTER_DRIVER_INFO_LEVEL_6 *driver; driver=driver_abstract.info_6; - return clean_up_driver_struct_level_6(driver, user); + return clean_up_driver_struct_level_6(rpc_pipe, + driver); } default: return WERR_INVALID_PARAM; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index cc958aa8a6..b032ce2aad 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -7855,7 +7855,7 @@ WERROR _spoolss_addprinterdriver(pipes_struct *p, SPOOL_Q_ADDPRINTERDRIVER *q_u, } DEBUG(5,("Cleaning driver's information\n")); - err = clean_up_driver_struct(driver, level, &p->pipe_user); + err = clean_up_driver_struct(p, driver, level); if (!W_ERROR_IS_OK(err)) goto done; -- cgit From c25f5c778acd7918551a6234d749854a0e8ea562 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:13:11 +0100 Subject: Convert delete_driver_files to use create_conn_struct Jerry, please check! --- source3/include/proto.h | 5 +-- source3/printing/nt_printing.c | 62 +++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 10 +++--- 3 files changed, 41 insertions(+), 36 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index d3cc8c9f12..853d827f2b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -4821,8 +4821,9 @@ WERROR get_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL *driver, uint32 level, uint32 free_a_printer_driver(NT_PRINTER_DRIVER_INFO_LEVEL driver, uint32 level); bool printer_driver_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3 ); bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ); -WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user, - uint32 version, bool delete_files ); +WERROR delete_printer_driver(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, + uint32 version, bool delete_files ); WERROR nt_printing_setsec(const char *sharename, SEC_DESC_BUF *secdesc_ctr); bool nt_printing_getsec(TALLOC_CTX *ctx, const char *sharename, SEC_DESC_BUF **secdesc_ctr); void map_printer_permissions(SEC_DESC *sd); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index fc73cb55d2..244b3aee03 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -5196,49 +5196,44 @@ bool printer_driver_files_in_use ( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info ) this. ****************************************************************************/ -static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user ) +static bool delete_driver_files(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3) { int i = 0; char *s; const char *file; connection_struct *conn; - DATA_BLOB null_pw; NTSTATUS nt_status; - fstring res_type; SMB_STRUCT_STAT st; + char *oldcwd; + fstring printdollar; + int printdollar_snum; + bool ret = false; if ( !info_3 ) return False; DEBUG(6,("delete_driver_files: deleting driver [%s] - version [%d]\n", info_3->name, info_3->cversion)); - /* - * Connect to the print$ share under the same account as the - * user connected to the rpc pipe. Note we must be root to - * do this. - */ + fstrcpy(printdollar, "print$"); - null_pw = data_blob_null; - fstrcpy(res_type, "A:"); - become_root(); - conn = make_connection_with_chdir( "print$", null_pw, res_type, user->vuid, &nt_status ); - unbecome_root(); + printdollar_snum = find_service(printdollar); + if (printdollar_snum == -1) { + return false; + } - if ( !conn ) { - DEBUG(0,("delete_driver_files: Unable to connect\n")); - return False; + nt_status = create_conn_struct(talloc_tos(), &conn, printdollar_snum, + lp_pathname(printdollar_snum), + rpc_pipe->server_info, &oldcwd); + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("delete_driver_files: create_conn_struct " + "returned %s\n", nt_errstr(nt_status))); + return false; } if ( !CAN_WRITE(conn) ) { DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n")); - return False; - } - - /* Save who we are - we are temporarily becoming the connection user. */ - - if ( !become_user(conn, conn->vuid) ) { - DEBUG(0,("delete_driver_files: Can't become user!\n")); - return False; + goto fail; } /* now delete the files; must strip the '\print$' string from @@ -5299,9 +5294,15 @@ static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct } } - unbecome_user(); - - return true; + goto done; + fail: + ret = false; + done: + if (conn != NULL) { + vfs_ChDir(conn, oldcwd); + conn_free_internal(conn); + } + return ret; } /**************************************************************************** @@ -5309,8 +5310,9 @@ static bool delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct previously looked up. ***************************************************************************/ -WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct current_user *user, - uint32 version, bool delete_files ) +WERROR delete_printer_driver(struct pipes_struct *rpc_pipe, + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, + uint32 version, bool delete_files ) { char *key = NULL; const char *arch; @@ -5360,7 +5362,7 @@ WERROR delete_printer_driver( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct cur */ if ( delete_files ) - delete_driver_files( info_3, user ); + delete_driver_files(rpc_pipe, info_3); DEBUG(5,("delete_printer_driver: driver delete successful [%s]\n", key)); SAFE_FREE(key); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index b032ce2aad..46aed7ce65 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -2070,7 +2070,8 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER /* if we get to here, we now have 2 driver info structures to remove */ /* remove the Win2k driver first*/ - status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, False ); + status_win2k = delete_printer_driver( + p, info_win2k.info_3, 3, False ); free_a_printer_driver( info_win2k, 3 ); /* this should not have failed---if it did, report to client */ @@ -2082,7 +2083,7 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER } } - status = delete_printer_driver(info.info_3, &p->pipe_user, version, False); + status = delete_printer_driver(p, info.info_3, version, False); /* if at least one of the deletes succeeded return OK */ @@ -2205,7 +2206,8 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV /* if we get to here, we now have 2 driver info structures to remove */ /* remove the Win2k driver first*/ - status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, delete_files); + status_win2k = delete_printer_driver( + p, info_win2k.info_3, 3, delete_files); free_a_printer_driver( info_win2k, 3 ); /* this should not have failed---if it did, report to client */ @@ -2215,7 +2217,7 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV } } - status = delete_printer_driver(info.info_3, &p->pipe_user, version, delete_files); + status = delete_printer_driver(p, info.info_3, version, delete_files); if ( W_ERROR_IS_OK(status) || W_ERROR_IS_OK(status_win2k) ) status = WERR_OK; -- cgit From 6f840dd678f8f19b84c042816e75e85d1077904e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:14:39 +0100 Subject: Remove unused make_connection_with_chdir() --- source3/include/proto.h | 4 ---- source3/smbd/service.c | 32 -------------------------------- 2 files changed, 36 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 853d827f2b..605066f763 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8422,10 +8422,6 @@ bool set_current_service(connection_struct *conn, uint16 flags, bool do_chdir); void load_registry_shares(void); int add_home_service(const char *service, const char *username, const char *homedir); int find_service(fstring service); -connection_struct *make_connection_with_chdir(const char *service_in, - DATA_BLOB password, - const char *dev, uint16 vuid, - NTSTATUS *status); connection_struct *make_connection(const char *service_in, DATA_BLOB password, const char *pdev, uint16 vuid, NTSTATUS *status); diff --git a/source3/smbd/service.c b/source3/smbd/service.c index 05197021a3..0dea615fb5 100644 --- a/source3/smbd/service.c +++ b/source3/smbd/service.c @@ -1123,38 +1123,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, return NULL; } -/*************************************************************************************** - Simple wrapper function for make_connection() to include a call to - vfs_chdir() - **************************************************************************************/ - -connection_struct *make_connection_with_chdir(const char *service_in, - DATA_BLOB password, - const char *dev, uint16 vuid, - NTSTATUS *status) -{ - connection_struct *conn = NULL; - - conn = make_connection(service_in, password, dev, vuid, status); - - /* - * make_connection() does not change the directory for us any more - * so we have to do it as a separate step --jerry - */ - - if ( conn && vfs_ChDir(conn,conn->connectpath) != 0 ) { - DEBUG(0,("make_connection_with_chdir: Can't change " - "directory to %s for [print$] (%s)\n", - conn->connectpath,strerror(errno))); - yield_connection(conn, lp_servicename(SNUM(conn))); - conn_free(conn); - *status = NT_STATUS_UNSUCCESSFUL; - return NULL; - } - - return conn; -} - /**************************************************************************** Make a connection to a service. * -- cgit From 907f126d3e84b7acddf70f8da12010d6b22d8e99 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 23 Nov 2008 23:48:17 +0100 Subject: Get rid of pipes_struct->pipe_user, we have server_info now --- YESSS! --- source3/include/ntdomain.h | 6 --- source3/include/proto.h | 1 - source3/rpc_server/srv_dfs_nt.c | 4 +- source3/rpc_server/srv_eventlog_nt.c | 4 +- source3/rpc_server/srv_lsa_nt.c | 42 +++++++++++--------- source3/rpc_server/srv_ntsvcs_nt.c | 3 +- source3/rpc_server/srv_pipe.c | 50 +----------------------- source3/rpc_server/srv_pipe_hnd.c | 10 ----- source3/rpc_server/srv_samr_nt.c | 74 ++++++++++++++++++------------------ source3/rpc_server/srv_spoolss_nt.c | 41 +++++++++++--------- source3/rpc_server/srv_srvsvc_nt.c | 48 +++++++++-------------- source3/rpc_server/srv_svcctl_nt.c | 20 ++++++---- source3/rpc_server/srv_winreg_nt.c | 10 +++-- source3/rpc_server/srv_wkssvc_nt.c | 4 +- source3/smbd/uid.c | 6 +-- 15 files changed, 132 insertions(+), 191 deletions(-) (limited to 'source3') diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index e6c97c69dc..1684e2d432 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -230,12 +230,6 @@ typedef struct pipes_struct { struct dcinfo *dc; /* Keeps the creds data from netlogon. */ - /* - * Unix user name and credentials used when a pipe is authenticated. - */ - - struct current_user pipe_user; - /* * Set to true when an RPC bind has been done on this pipe. */ diff --git a/source3/include/proto.h b/source3/include/proto.h index 605066f763..a02672351c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6966,7 +6966,6 @@ bool api_pipe_alter_context(pipes_struct *p, prs_struct *rpc_in_p); bool api_pipe_ntlmssp_auth_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len, NTSTATUS *pstatus); bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss_padding_len); -struct current_user *get_current_user(struct current_user *user, pipes_struct *p); void free_pipe_rpc_context( PIPE_RPC_FNS *list ); bool api_pipe_request(pipes_struct *p); diff --git a/source3/rpc_server/srv_dfs_nt.c b/source3/rpc_server/srv_dfs_nt.c index 661d262dc4..bef8d83103 100644 --- a/source3/rpc_server/srv_dfs_nt.c +++ b/source3/rpc_server/srv_dfs_nt.c @@ -48,7 +48,7 @@ WERROR _dfs_Add(pipes_struct *p, struct dfs_Add *r) NTSTATUS status; TALLOC_CTX *ctx = talloc_tos(); - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { DEBUG(10,("_dfs_add: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } @@ -113,7 +113,7 @@ WERROR _dfs_Remove(pipes_struct *p, struct dfs_Remove *r) TALLOC_CTX *ctx = talloc_tos(); char *altpath = NULL; - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n")); return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c index 4ff10390f7..d12b490d21 100644 --- a/source3/rpc_server/srv_eventlog_nt.c +++ b/source3/rpc_server/srv_eventlog_nt.c @@ -209,7 +209,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn elog->logname = talloc_strdup( elog, ELOG_APPL ); /* do the access check */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; } @@ -227,7 +227,7 @@ static NTSTATUS elog_open( pipes_struct * p, const char *logname, POLICY_HND *hn /* now do the access check. Close the tdb if we fail here */ - if ( !elog_check_access( elog, p->pipe_user.nt_user_token ) ) { + if ( !elog_check_access( elog, p->server_info->ptok ) ) { elog_close_tdb( elog->etdb, False ); TALLOC_FREE( elog ); return NT_STATUS_ACCESS_DENIED; diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index f4e891ca8c..05452112ca 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -381,9 +381,10 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + status = se_access_check(psd, p->server_info->ptok, des_access, + &acc_granted); if (!NT_STATUS_IS_OK(status)) { - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { return status; } DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", @@ -393,7 +394,7 @@ NTSTATUS _lsa_OpenPolicy2(pipes_struct *p, /* This is needed for lsa_open_account and rpcclient .... :-) */ - if (p->pipe_user.ut.uid == sec_initial_uid()) + if (p->server_info->utok.uid == sec_initial_uid()) acc_granted = LSA_POLICY_ALL_ACCESS; /* associate the domain SID with the (unique) handle. */ @@ -432,9 +433,10 @@ NTSTATUS _lsa_OpenPolicy(pipes_struct *p, /* get the generic lsa policy SD until we store it */ lsa_get_generic_sd(p->mem_ctx, &psd, &sd_size); - status = se_access_check(psd, p->pipe_user.nt_user_token, des_access, &acc_granted); + status = se_access_check(psd, p->server_info->ptok, des_access, + &acc_granted); if (!NT_STATUS_IS_OK(status)) { - if (p->pipe_user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { return status; } DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", @@ -1539,8 +1541,9 @@ NTSTATUS _lsa_CreateAccount(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; if ( is_privileged_sid( r->in.sid ) ) @@ -1726,8 +1729,9 @@ NTSTATUS _lsa_SetSystemAccessAccount(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) return NT_STATUS_ACCESS_DENIED; if (!pdb_getgrsid(&map, info->sid)) @@ -1755,8 +1759,9 @@ NTSTATUS _lsa_AddPrivilegesToAccount(pipes_struct *p, /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -1795,8 +1800,9 @@ NTSTATUS _lsa_RemovePrivilegesFromAccount(pipes_struct *p, /* check to see if the pipe_user is root or a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -1952,8 +1958,9 @@ NTSTATUS _lsa_AddAccountRights(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } @@ -2001,8 +2008,9 @@ NTSTATUS _lsa_RemoveAccountRights(pipes_struct *p, /* check to see if the pipe_user is a Domain Admin since account_pol.tdb was already opened as root, this is all we have */ - if ( p->pipe_user.ut.uid != sec_initial_uid() - && !nt_token_check_domain_rid( p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS ) ) + if ( p->server_info->utok.uid != sec_initial_uid() + && !nt_token_check_domain_rid( p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS ) ) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_ntsvcs_nt.c b/source3/rpc_server/srv_ntsvcs_nt.c index abeb2ca856..f2c85bbd3e 100644 --- a/source3/rpc_server/srv_ntsvcs_nt.c +++ b/source3/rpc_server/srv_ntsvcs_nt.c @@ -116,7 +116,8 @@ WERROR _PNP_GetDeviceRegProp(pipes_struct *p, return WERR_GENERAL_FAILURE; ptr++; - if ( !(values = svcctl_fetch_regvalues( ptr, p->pipe_user.nt_user_token )) ) + if ( !(values = svcctl_fetch_regvalues( + ptr, p->server_info->ptok))) return WERR_GENERAL_FAILURE; if ( !(val = regval_ctr_getvalue( values, "DisplayName" )) ) { diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index 2c31d7b3f1..5610e0bf71 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -614,11 +614,6 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) ZERO_STRUCT(reply); - /* Set up for non-authenticated user. */ - TALLOC_FREE(p->pipe_user.nt_user_token); - p->pipe_user.ut.ngroups = 0; - SAFE_FREE( p->pipe_user.ut.groups); - /* this has to be done as root in order to verify the password */ become_root(); status = auth_ntlmssp_update(a, *p_resp_blob, &reply); @@ -656,29 +651,8 @@ static bool pipe_ntlmssp_verify_final(pipes_struct *p, DATA_BLOB *p_resp_blob) "workstation: %s\n", a->ntlmssp_state->user, a->ntlmssp_state->domain, a->ntlmssp_state->workstation)); - /* - * Store the UNIX credential data (uid/gid pair) in the pipe structure. - */ - - p->pipe_user.ut.uid = a->server_info->utok.uid; - p->pipe_user.ut.gid = a->server_info->utok.gid; - - p->pipe_user.ut.ngroups = a->server_info->utok.ngroups; - if (p->pipe_user.ut.ngroups) { - if (!(p->pipe_user.ut.groups = (gid_t *)memdup( - a->server_info->utok.groups, - sizeof(gid_t) * p->pipe_user.ut.ngroups))) { - DEBUG(0,("failed to memdup group list to p->pipe_user.groups\n")); - return False; - } - } - - if (a->server_info->ptok) { - p->pipe_user.nt_user_token = - dup_nt_token(NULL, a->server_info->ptok); - } else { + if (a->server_info->ptok == NULL) { DEBUG(1,("Error: Authmodule failed to provide nt_user_token\n")); - p->pipe_user.nt_user_token = NULL; return False; } @@ -1711,11 +1685,6 @@ bool api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) case RPC_ANONYMOUS_AUTH_TYPE: /* Unauthenticated bind request. */ - /* Get the authenticated pipe user from current_user */ - if (!copy_current_user(&p->pipe_user, ¤t_user)) { - DEBUG(10, ("Could not copy current user\n")); - goto err_exit; - } /* We're finished - no more packets. */ p->auth.auth_type = PIPE_AUTH_TYPE_NONE; /* We must set the pipe auth_level here also. */ @@ -2225,23 +2194,6 @@ bool api_pipe_schannel_process(pipes_struct *p, prs_struct *rpc_in, uint32 *p_ss return True; } -/**************************************************************************** - Return a user struct for a pipe user. -****************************************************************************/ - -struct current_user *get_current_user(struct current_user *user, pipes_struct *p) -{ - if (p->pipe_bound && - (p->auth.auth_type == PIPE_AUTH_TYPE_NTLMSSP || - (p->auth.auth_type == PIPE_AUTH_TYPE_SPNEGO_NTLMSSP))) { - memcpy(user, &p->pipe_user, sizeof(struct current_user)); - } else { - memcpy(user, ¤t_user, sizeof(struct current_user)); - } - - return user; -} - /**************************************************************************** Find the set of RPC functions associated with this context_id ****************************************************************************/ diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index d359b9b339..03a0f72b33 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -162,13 +162,6 @@ static struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx, p->endian = RPC_LITTLE_ENDIAN; - ZERO_STRUCT(p->pipe_user); - - p->pipe_user.vuid = vuid; - p->pipe_user.ut.uid = (uid_t)-1; - p->pipe_user.ut.gid = (gid_t)-1; - p->pipe_user.nt_user_token = dup_nt_token(NULL, server_info->ptok); - /* * Initialize the outgoing RPC data buffer with no memory. */ @@ -900,9 +893,6 @@ static int close_internal_rpc_pipe_hnd(struct pipes_struct *p) /* Free the handles database. */ close_policy_by_pipe(p); - TALLOC_FREE(p->pipe_user.nt_user_token); - SAFE_FREE(p->pipe_user.ut.groups); - DLIST_REMOVE(InternalPipes, p); ZERO_STRUCTP(p); diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 62ac1cb5c3..3cc86edd62 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -632,7 +632,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, return status; /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd( p->mem_ctx, &psd, &sd_size, &dom_generic_mapping, NULL, 0 ); se_map_generic( &des_access, &dom_generic_mapping ); @@ -640,7 +640,7 @@ NTSTATUS _samr_OpenDomain(pipes_struct *p, se_priv_copy( &se_rights, &se_machine_account ); se_priv_add( &se_rights, &se_add_users ); - status = access_check_samr_object( psd, p->pipe_user.nt_user_token, + status = access_check_samr_object( psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_DOMAIN_WRITE, des_access, &acc_granted, "_samr_OpenDomain" ); @@ -2166,7 +2166,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, /* check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); se_map_generic(&des_access, &usr_generic_mapping); @@ -2174,7 +2174,7 @@ NTSTATUS _samr_OpenUser(pipes_struct *p, se_priv_copy( &se_rights, &se_machine_account ); se_priv_add( &se_rights, &se_add_users ); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_OpenUser"); @@ -3179,7 +3179,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, { se_priv_copy( &se_rights, &se_machine_account ); can_add_account = user_has_privileges( - p->pipe_user.nt_user_token, &se_rights ); + p->server_info->ptok, &se_rights ); } /* usrmgr.exe (and net rpc trustdom grant) creates a normal user account for domain trusts and changes the ACB flags later */ @@ -3188,7 +3188,7 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, { se_priv_copy( &se_rights, &se_add_users ); can_add_account = user_has_privileges( - p->pipe_user.nt_user_token, &se_rights ); + p->server_info->ptok, &se_rights ); } else /* implicit assumption of a BDC or domain trust account here * (we already check the flags earlier) */ @@ -3197,13 +3197,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, /* only Domain Admins can add a BDC or domain trust */ se_priv_copy( &se_rights, &se_priv_none ); can_add_account = nt_token_check_domain_rid( - p->pipe_user.nt_user_token, + p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS ); } } DEBUG(5, ("_samr_CreateUser2: %s can add this account : %s\n", - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), can_add_account ? "True":"False" )); /********** BEGIN Admin BLOCK **********/ @@ -3228,13 +3228,13 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, sid_compose(&sid, get_global_sam_sid(), *r->out.rid); - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &usr_generic_mapping, &sid, SAMR_USR_RIGHTS_WRITE_PW); se_map_generic(&des_access, &usr_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_USER_WRITE, des_access, &acc_granted, "_samr_CreateUser2"); @@ -3291,7 +3291,7 @@ NTSTATUS _samr_Connect(pipes_struct *p, was observed from a win98 client trying to enumerate users (when configured user level access control on shares) --jerry */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); se_map_generic( &des_access, &sam_generic_mapping ); info->acc_granted = des_access & (SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN); @@ -3327,12 +3327,12 @@ NTSTATUS _samr_Connect2(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect2"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3378,12 +3378,12 @@ NTSTATUS _samr_Connect4(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect4"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3429,12 +3429,12 @@ NTSTATUS _samr_Connect5(pipes_struct *p, return NT_STATUS_ACCESS_DENIED; } - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); se_map_generic(&des_access, &sam_generic_mapping); - nt_status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + nt_status = access_check_samr_object(psd, p->server_info->ptok, NULL, 0, des_access, &acc_granted, "_samr_Connect5"); if ( !NT_STATUS_IS_OK(nt_status) ) @@ -3598,7 +3598,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &ali_generic_mapping, NULL, 0); se_map_generic(&des_access,&ali_generic_mapping); @@ -3606,7 +3606,7 @@ NTSTATUS _samr_OpenAlias(pipes_struct *p, se_priv_copy( &se_rights, &se_add_users ); - status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_ALIAS_WRITE, des_access, &acc_granted, "_samr_OpenAlias"); @@ -4165,20 +4165,20 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, acb_info = pdb_get_acct_ctrl(pwd); if (acb_info & ACB_WSTRUST) - has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token, + has_enough_rights = user_has_privileges(p->server_info->ptok, &se_machine_account); else if (acb_info & ACB_NORMAL) - has_enough_rights = user_has_privileges(p->pipe_user.nt_user_token, + has_enough_rights = user_has_privileges(p->server_info->ptok, &se_add_users); else if (acb_info & (ACB_SVRTRUST|ACB_DOMTRUST)) { if (lp_enable_privileges()) { - has_enough_rights = nt_token_check_domain_rid(p->pipe_user.nt_user_token, + has_enough_rights = nt_token_check_domain_rid(p->server_info->ptok, DOMAIN_GROUP_RID_ADMINS); } } DEBUG(5, ("_samr_SetUserInfo: %s does%s possess sufficient rights\n", - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), has_enough_rights ? "" : " not")); /* ================ BEGIN SeMachineAccountPrivilege BLOCK ================ */ @@ -4556,7 +4556,7 @@ NTSTATUS _samr_AddAliasMember(pipes_struct *p, DEBUG(10, ("sid is %s\n", sid_string_dbg(&alias_sid))); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4606,7 +4606,7 @@ NTSTATUS _samr_DeleteAliasMember(pipes_struct *p, sid_string_dbg(&alias_sid))); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4661,7 +4661,7 @@ NTSTATUS _samr_AddGroupMember(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4719,7 +4719,7 @@ NTSTATUS _samr_DeleteGroupMember(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4790,9 +4790,9 @@ NTSTATUS _samr_DeleteUser(pipes_struct *p, /* For machine accounts it's the SeMachineAccountPrivilege that counts. */ if ( acb_info & ACB_WSTRUST ) { - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_machine_account ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_machine_account ); } else { - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); } /******** BEGIN SeAddUsers BLOCK *********/ @@ -4864,7 +4864,7 @@ NTSTATUS _samr_DeleteDomainGroup(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -4939,7 +4939,7 @@ NTSTATUS _samr_DeleteDomAlias(pipes_struct *p, DEBUG(10, ("lookup on Local SID\n")); se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5008,7 +5008,7 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p, } se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5082,7 +5082,7 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p, name = r->in.alias_name->string; se_priv_copy( &se_rights, &se_add_users ); - can_add_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_rights ); + can_add_accounts = user_has_privileges( p->server_info->ptok, &se_rights ); result = can_create(p->mem_ctx, name); if (!NT_STATUS_IS_OK(result)) { @@ -5294,7 +5294,7 @@ NTSTATUS _samr_SetGroupInfo(pipes_struct *p, return NT_STATUS_INVALID_INFO_CLASS; } - can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5396,7 +5396,7 @@ NTSTATUS _samr_SetAliasInfo(pipes_struct *p, return NT_STATUS_INVALID_INFO_CLASS; } - can_mod_accounts = user_has_privileges( p->pipe_user.nt_user_token, &se_add_users ); + can_mod_accounts = user_has_privileges( p->server_info->ptok, &se_add_users ); /******** BEGIN SeAddUsers BLOCK *********/ @@ -5484,14 +5484,14 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p, return status; /*check if access can be granted as requested by client. */ - map_max_allowed_access(p->pipe_user.nt_user_token, &des_access); + map_max_allowed_access(p->server_info->ptok, &des_access); make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &grp_generic_mapping, NULL, 0); se_map_generic(&des_access,&grp_generic_mapping); se_priv_copy( &se_rights, &se_add_users ); - status = access_check_samr_object(psd, p->pipe_user.nt_user_token, + status = access_check_samr_object(psd, p->server_info->ptok, &se_rights, GENERIC_RIGHTS_GROUP_WRITE, des_access, &acc_granted, "_samr_OpenGroup"); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 46aed7ce65..744de67db4 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -388,7 +388,8 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd) return WERR_BADFID; } - return delete_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, Printer->sharename ); + return delete_printer_hook(p->mem_ctx, p->server_info->ptok, + Printer->sharename ); } /**************************************************************************** @@ -1656,13 +1657,13 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->pipe_user.ut.uid != 0) && - !user_has_privileges(p->pipe_user.nt_user_token, + if ((p->server_info->utok.uid != 0) && + !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), + uidtoname(p->server_info->utok.uid), NULL, NULL, - p->pipe_user.nt_user_token, + p->server_info->ptok, lp_printer_admin(snum))) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -1715,8 +1716,8 @@ WERROR _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, return WERR_ACCESS_DENIED; } - if (!user_ok_token(uidtoname(p->pipe_user.ut.uid), NULL, - p->pipe_user.nt_user_token, snum) || + if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL, + p->server_info->ptok, snum) || !print_access_check(p->server_info, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); @@ -2018,11 +2019,11 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->pipe_user.ut.uid != 0) - && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop ) + if ( (p->server_info->utok.uid != 0) + && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), NULL, - NULL, p->pipe_user.nt_user_token, + uidtoname(p->server_info->utok.uid), NULL, + NULL, p->server_info->ptok, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; @@ -2116,11 +2117,11 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->pipe_user.ut.uid != 0) - && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop ) + if ( (p->server_info->utok.uid != 0) + && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( - uidtoname(p->pipe_user.ut.uid), NULL, NULL, - p->pipe_user.nt_user_token, lp_printer_admin(-1)) ) + uidtoname(p->server_info->utok.uid), NULL, NULL, + p->server_info->ptok, lp_printer_admin(-1)) ) { return WERR_ACCESS_DENIED; } @@ -6390,7 +6391,8 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level, { /* add_printer_hook() will call reload_services() */ - if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) { + if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + printer) ) { result = WERR_ACCESS_DENIED; goto done; } @@ -7730,7 +7732,8 @@ static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_ trying to add a printer like this --jerry */ if (*lp_addprinter_cmd() ) { - if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) { + if ( !add_printer_hook(p->mem_ctx, p->server_info->ptok, + printer) ) { free_a_printer(&printer,2); return WERR_ACCESS_DENIED; } @@ -9938,10 +9941,10 @@ WERROR _spoolss_xcvdataport(pipes_struct *p, SPOOL_Q_XCVDATAPORT *q_u, SPOOL_R_X switch ( Printer->printer_type ) { case SPLHND_PORTMON_TCP: - return process_xcvtcp_command( p->pipe_user.nt_user_token, command, + return process_xcvtcp_command( p->server_info->ptok, command, &q_u->indata, &r_u->outdata, &r_u->needed ); case SPLHND_PORTMON_LOCAL: - return process_xcvlocal_command( p->pipe_user.nt_user_token, command, + return process_xcvlocal_command( p->server_info->ptok, command, &q_u->indata, &r_u->outdata, &r_u->needed ); } diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 274deab88b..bf3669022d 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -262,7 +262,7 @@ static void init_srv_share_info_1(pipes_struct *p, struct srvsvc_NetShareInfo1 * remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -289,7 +289,7 @@ static void init_srv_share_info_2(pipes_struct *p, struct srvsvc_NetShareInfo2 * remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } path = talloc_asprintf(p->mem_ctx, @@ -355,7 +355,7 @@ static void init_srv_share_info_501(pipes_struct *p, struct srvsvc_NetShareInfo5 remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -383,7 +383,7 @@ static void init_srv_share_info_502(pipes_struct *p, struct srvsvc_NetShareInfo5 remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } path = talloc_asprintf(ctx, "C:%s", lp_pathname(snum)); @@ -422,7 +422,7 @@ static void init_srv_share_info_1004(pipes_struct *p, struct srvsvc_NetShareInfo remark = talloc_sub_advanced( p->mem_ctx, lp_servicename(snum), get_current_username(), lp_pathname(snum), - p->pipe_user.ut.uid, get_current_username(), + p->server_info->utok.uid, get_current_username(), "", remark); } @@ -1225,7 +1225,6 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, struct srvsvc_NetSessDel *r) { struct sessionid *session_list; - struct current_user user; int num_sessions, snum; const char *username; const char *machine; @@ -1246,12 +1245,11 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, werr = WERR_ACCESS_DENIED; - get_current_user(&user, p); - /* fail out now if you are not root or not a domain admin */ - if ((user.ut.uid != sec_initial_uid()) && - ( ! nt_token_check_domain_rid(p->pipe_user.nt_user_token, DOMAIN_GROUP_RID_ADMINS))) { + if ((p->server_info->utok.uid != sec_initial_uid()) && + ( ! nt_token_check_domain_rid(p->server_info->ptok, + DOMAIN_GROUP_RID_ADMINS))) { goto done; } @@ -1263,7 +1261,7 @@ WERROR _srvsvc_NetSessDel(pipes_struct *p, NTSTATUS ntstat; - if (user.ut.uid != sec_initial_uid()) { + if (p->server_info->utok.uid != sec_initial_uid()) { not_root = True; become_root(); } @@ -1466,7 +1464,6 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname) WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, struct srvsvc_NetShareSetInfo *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; char *comment = NULL; @@ -1510,13 +1507,11 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); /* fail out now if you are not root and not a disk op */ - if ( user.ut.uid != sec_initial_uid() && !is_disk_op ) + if ( p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; switch (r->in.level) { @@ -1683,7 +1678,6 @@ WERROR _srvsvc_NetShareSetInfo(pipes_struct *p, WERROR _srvsvc_NetShareAdd(pipes_struct *p, struct srvsvc_NetShareAdd *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; char *comment = NULL; @@ -1704,11 +1698,9 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, *r->out.parm_error = 0; } - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_add_share_cmd() || !*lp_add_share_cmd()) { @@ -1868,7 +1860,6 @@ WERROR _srvsvc_NetShareAdd(pipes_struct *p, WERROR _srvsvc_NetShareDel(pipes_struct *p, struct srvsvc_NetShareDel *r) { - struct current_user user; char *command = NULL; char *share_name = NULL; int ret; @@ -1901,11 +1892,9 @@ WERROR _srvsvc_NetShareDel(pipes_struct *p, if (lp_print_ok(snum)) return WERR_ACCESS_DENIED; - get_current_user(&user,p); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); - - if (user.ut.uid != sec_initial_uid() && !is_disk_op ) + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op ) return WERR_ACCESS_DENIED; if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { @@ -2409,17 +2398,14 @@ static void enum_file_close_fn( const struct share_mode_entry *e, WERROR _srvsvc_NetFileClose(pipes_struct *p, struct srvsvc_NetFileClose *r) { - struct current_user user; SE_PRIV se_diskop = SE_DISK_OPERATOR; bool is_disk_op; DEBUG(5,("_srvsvc_NetFileClose: %d\n", __LINE__)); - get_current_user(&user,p); - - is_disk_op = user_has_privileges( p->pipe_user.nt_user_token, &se_diskop ); + is_disk_op = user_has_privileges( p->server_info->ptok, &se_diskop ); - if (user.ut.uid != sec_initial_uid() && !is_disk_op) { + if (p->server_info->utok.uid != sec_initial_uid() && !is_disk_op) { return WERR_ACCESS_DENIED; } diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 0bed13e522..6692160ba2 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -272,7 +272,8 @@ WERROR _svcctl_OpenSCManagerW(pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &scm_generic_map ); - status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted ); + status = svcctl_access_check( sec_desc, p->server_info->ptok, + r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -309,7 +310,8 @@ WERROR _svcctl_OpenServiceW(pipes_struct *p, return WERR_NOMEM; se_map_generic( &r->in.access_mask, &svc_generic_map ); - status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, r->in.access_mask, &access_granted ); + status = svcctl_access_check( sec_desc, p->server_info->ptok, + r->in.access_mask, &access_granted ); if ( !NT_STATUS_IS_OK(status) ) return ntstatus_to_werror( status ); @@ -347,7 +349,8 @@ WERROR _svcctl_GetServiceDisplayNameW(pipes_struct *p, service = r->in.service_name; - display_name = svcctl_lookup_dispname(p->mem_ctx, service, p->pipe_user.nt_user_token ); + display_name = svcctl_lookup_dispname(p->mem_ctx, service, + p->server_info->ptok); if (!display_name) { display_name = ""; } @@ -424,7 +427,7 @@ WERROR _svcctl_enum_services_status(pipes_struct *p, SVCCTL_Q_ENUM_SERVICES_STAT size_t buffer_size = 0; WERROR result = WERR_OK; SERVICE_INFO *info = find_service_info_by_hnd( p, &q_u->handle ); - NT_USER_TOKEN *token = p->pipe_user.nt_user_token; + NT_USER_TOKEN *token = p->server_info->ptok; /* perform access checks */ @@ -680,7 +683,8 @@ WERROR _svcctl_QueryServiceConfigW(pipes_struct *p, *r->out.bytes_needed = r->in.buf_size; - wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, p->pipe_user.nt_user_token ); + wresult = fill_svc_config( p->mem_ctx, info->name, r->out.query, + p->server_info->ptok); if ( !W_ERROR_IS_OK(wresult) ) return wresult; @@ -723,7 +727,8 @@ WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CO SERVICE_DESCRIPTION desc_buf; const char *description; - description = svcctl_lookup_description(p->mem_ctx, info->name, p->pipe_user.nt_user_token ); + description = svcctl_lookup_description( + p->mem_ctx, info->name, p->server_info->ptok); ZERO_STRUCTP( &desc_buf ); @@ -903,7 +908,8 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, /* store the new SD */ - if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, p->pipe_user.nt_user_token ) ) + if ( !svcctl_set_secdesc( p->mem_ctx, info->name, sec_desc, + p->server_info->ptok) ) return WERR_ACCESS_DENIED; return WERR_OK; diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c index 7e842ed54d..1131033b04 100644 --- a/source3/rpc_server/srv_winreg_nt.c +++ b/source3/rpc_server/srv_winreg_nt.c @@ -70,7 +70,7 @@ static WERROR open_registry_key( pipes_struct *p, POLICY_HND *hnd, if (parent == NULL) { result = reg_openhive(NULL, subkeyname, access_desired, - p->pipe_user.nt_user_token, &key); + p->server_info->ptok, &key); } else { result = reg_openkey(NULL, parent, subkeyname, access_desired, @@ -556,7 +556,8 @@ WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateS return WERR_NOMEM; } - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + can_shutdown = user_has_privileges( p->server_info->ptok, + &se_remote_shutdown ); /* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root Take the error return from the script and provide it as the Windows return code. */ @@ -594,7 +595,8 @@ WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShu if (!*abort_shutdown_script) return WERR_ACCESS_DENIED; - can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown ); + can_shutdown = user_has_privileges( p->server_info->ptok, + &se_remote_shutdown ); /********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/ @@ -682,7 +684,7 @@ WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r) /* user must posses SeRestorePrivilege for this this proceed */ - if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) ) + if ( !user_has_privileges( p->server_info->ptok, &se_restore ) ) return WERR_ACCESS_DENIED; DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n", diff --git a/source3/rpc_server/srv_wkssvc_nt.c b/source3/rpc_server/srv_wkssvc_nt.c index 0a54b0dd3f..7071b55e7c 100644 --- a/source3/rpc_server/srv_wkssvc_nt.c +++ b/source3/rpc_server/srv_wkssvc_nt.c @@ -293,7 +293,7 @@ WERROR _wkssvc_NetrJoinDomain2(pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct nt_user_token *token = p->pipe_user.nt_user_token; + struct nt_user_token *token = p->server_info->ptok; if (!r->in.domain_name) { return WERR_INVALID_PARAM; @@ -368,7 +368,7 @@ WERROR _wkssvc_NetrUnjoinDomain2(pipes_struct *p, char *admin_domain = NULL; char *admin_account = NULL; WERROR werr; - struct nt_user_token *token = p->pipe_user.nt_user_token; + struct nt_user_token *token = p->server_info->ptok; if (!r->in.account || !r->in.encrypted_password) { return WERR_INVALID_PARAM; diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index c238f40cfd..ca7df264e2 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -318,9 +318,9 @@ bool become_authenticated_pipe_user(pipes_struct *p) if (!push_sec_ctx()) return False; - set_sec_ctx(p->pipe_user.ut.uid, p->pipe_user.ut.gid, - p->pipe_user.ut.ngroups, p->pipe_user.ut.groups, - p->pipe_user.nt_user_token); + set_sec_ctx(p->server_info->utok.uid, p->server_info->utok.gid, + p->server_info->utok.ngroups, p->server_info->utok.groups, + p->server_info->ptok); return True; } -- cgit From f340ed1348ca5f514dcd85a273559ecb9ff1615f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 24 Nov 2008 08:56:46 +0100 Subject: Fix nonempty blank lines --- source3/include/ntdomain.h | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) (limited to 'source3') diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h index 1684e2d432..cc99ad74c2 100644 --- a/source3/include/ntdomain.h +++ b/source3/include/ntdomain.h @@ -5,17 +5,17 @@ Copyright (C) Luke Kenneth Casson Leighton 1996-1997 Copyright (C) Paul Ashton 1997 Copyright (C) Jeremy Allison 2000-2004 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -27,7 +27,7 @@ * A bunch of stuff that was put into smb.h * in the NTDOM branch - it didn't belong there. */ - + typedef struct _prs_struct { bool io; /* parsing in or out of data stream */ /* @@ -138,7 +138,7 @@ struct dcinfo { struct netr_Credential seed_chal; struct netr_Credential clnt_chal; /* Client credential */ struct netr_Credential srv_chal; /* Server credential */ - + unsigned char sess_key[16]; /* Session key - 8 bytes followed by 8 zero bytes */ unsigned char mach_pw[16]; /* md4(machine password) */ @@ -154,13 +154,13 @@ struct dcinfo { typedef struct pipe_rpc_fns { struct pipe_rpc_fns *next, *prev; - + /* RPC function table associated with the current rpc_bind (associated by context) */ - + const struct api_struct *cmds; int n_cmds; uint32 context_id; - + } PIPE_RPC_FNS; /* @@ -217,12 +217,12 @@ typedef struct pipes_struct { fstring name; fstring pipe_srv_name; - + /* linked list of rpc dispatch tables associated with the open rpc contexts */ - + PIPE_RPC_FNS *contexts; - + RPC_HDR hdr; /* Incoming RPC header. */ RPC_HDR_REQ hdr_req; /* Incoming request header. */ @@ -233,13 +233,13 @@ typedef struct pipes_struct { /* * Set to true when an RPC bind has been done on this pipe. */ - + bool pipe_bound; - + /* * Set to true when we should return fault PDU's for everything. */ - + bool fault_state; /* @@ -253,13 +253,13 @@ typedef struct pipes_struct { */ bool rng_fault_state; - + /* * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's */ - + bool endian; - + /* * Struct to deal with multiple pdu inputs. */ -- cgit From 26461a72da5a646fcc6023bb4f82c66e17a8529b Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 24 Nov 2008 15:04:12 +0100 Subject: s3:libads/ldap.c: return an error instead of crashing when no realm is given The bug was triggered by "net ads info -S 127.8.7.6" (where 127.8.7.6 doesn't ex and "disable netbios = yes". metze Signed-off-by: Michael Adam --- source3/libads/ldap.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c index f55cfa784a..932e42e076 100644 --- a/source3/libads/ldap.c +++ b/source3/libads/ldap.c @@ -301,11 +301,11 @@ static NTSTATUS ads_find_dc(ADS_STRUCT *ads) if ( use_own_domain ) c_realm = lp_workgroup(); } + } - if ( !c_realm || !*c_realm ) { - DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); - return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ - } + if ( !c_realm || !*c_realm ) { + DEBUG(0,("ads_find_dc: no realm or workgroup! Don't know what to do\n")); + return NT_STATUS_INVALID_PARAMETER; /* rather need MISSING_PARAMETER ... */ } realm = c_realm; -- cgit From 51b840a07e84ab342f7b116171519219b3f9b1e1 Mon Sep 17 00:00:00 2001 From: Mathias Dietz Date: Wed, 12 Nov 2008 14:32:45 +0100 Subject: Search for gpfs functions in both libgpfs_gpl.so an libgpfs.so As of GPFS 3.2.1 PTF8 libgpfs will be available as GPL, so we don't need the special libgpfs_gpl lib anymore. For backwards compatibility with pre-PTF8 GPFS installations, still look there. --- source3/modules/gpfs.c | 92 ++++++++++++++++++++++++-------------------------- 1 file changed, 45 insertions(+), 47 deletions(-) (limited to 'source3') diff --git a/source3/modules/gpfs.c b/source3/modules/gpfs.c index a0d33fa33a..4e76b97ccf 100644 --- a/source3/modules/gpfs.c +++ b/source3/modules/gpfs.c @@ -24,7 +24,6 @@ #include "gpfs_gpl.h" #include "vfs_gpfs.h" -static void *libgpfs_handle = NULL; static bool gpfs_share_modes; static bool gpfs_leases; @@ -135,65 +134,64 @@ int smbd_gpfs_putacl(char *pathname, int flags, void *acl) return gpfs_putacl_fn(pathname, flags, acl); } -void init_gpfs(void) +static bool init_gpfs_function_lib(void *plibhandle_pointer, + const char *libname, + void *pfn_pointer, const char *fn_name) { - if (libgpfs_handle != NULL) { - return; - } - - libgpfs_handle = dlopen("libgpfs_gpl.so", RTLD_LAZY); - - if (libgpfs_handle == NULL) { - DEBUG(10, ("dlopen for libgpfs_gpl failed: %s\n", - strerror(errno))); - return; + bool did_open_here = false; + void **libhandle_pointer = (void **)plibhandle_pointer; + void **fn_pointer = (void **)pfn_pointer; + + if (*libhandle_pointer == NULL) { + *libhandle_pointer = dlopen(libname, RTLD_LAZY); + did_open_here = true; + } + if (*libhandle_pointer == NULL) { + DEBUG(10, ("Could not open lib %s\n", libname)); + return false; + } + + *fn_pointer = dlsym(*libhandle_pointer, fn_name); + if (*fn_pointer == NULL) { + DEBUG(10, ("Did not find symbol %s in lib %s\n", + fn_name, libname)); + if (did_open_here) { + dlclose(*libhandle_pointer); + *libhandle_pointer = NULL; + } + return false; } - DEBUG(10, ("libgpfs_gpl.so loaded\n")); - - gpfs_set_share_fn = dlsym(libgpfs_handle, "gpfs_set_share"); - if (gpfs_set_share_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_set_share'\n")); - goto failed; - } + return true; +} - gpfs_set_lease_fn = dlsym(libgpfs_handle, "gpfs_set_lease"); - if (gpfs_set_lease_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_set_lease'\n")); - dlclose(libgpfs_handle); +static bool init_gpfs_function(void *fn_pointer, const char *fn_name) +{ + static void *libgpfs_handle = NULL; + static void *libgpfs_gpl_handle = NULL; - goto failed; + if (init_gpfs_function_lib(&libgpfs_handle, "libgpfs.so", + fn_pointer, fn_name)) { + return true; } - - gpfs_getacl_fn = dlsym(libgpfs_handle, "gpfs_getacl"); - if (gpfs_getacl_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_getacl'\n")); - goto failed; + if (init_gpfs_function_lib(&libgpfs_gpl_handle, "libgpfs_gpl.so", + fn_pointer, fn_name)) { + return true; } + return false; +} - gpfs_putacl_fn = dlsym(libgpfs_handle, "gpfs_putacl"); - if (gpfs_putacl_fn == NULL) { - DEBUG(3, ("libgpfs_gpl.so does not contain the symbol " - "'gpfs_putacl'\n")); - goto failed; - } +void init_gpfs(void) +{ + init_gpfs_function(&gpfs_set_share_fn, "gpfs_set_share"); + init_gpfs_function(&gpfs_set_lease_fn, "gpfs_set_lease"); + init_gpfs_function(&gpfs_getacl_fn, "gpfs_getacl"); + init_gpfs_function(&gpfs_putacl_fn, "gpfs_putacl"); gpfs_share_modes = lp_parm_bool(-1, "gpfs", "sharemodes", True); gpfs_leases = lp_parm_bool(-1, "gpfs", "leases", True); return; - -failed: - dlclose(libgpfs_handle); - /* leave libgpfs_handle != NULL around, no point - in trying twice */ - gpfs_set_share_fn = NULL; - gpfs_set_lease_fn = NULL; - gpfs_getacl_fn = NULL; - gpfs_putacl_fn = NULL; } #else -- cgit From 2c458935933daf219be276b06c6eb1b5752f2638 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 24 Nov 2008 15:28:11 -0800 Subject: Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but that will have to be fixed another way. Jeremy. --- source3/smbd/posix_acls.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'source3') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 7ca2ed787b..0529d2765e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3211,6 +3211,9 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) return ret; } +#if 0 +/* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /**************************************************************************** Take care of parent ACL inheritance. ****************************************************************************/ @@ -3398,6 +3401,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, *pp_new_sd = psd; return status; } +#endif /**************************************************************************** Reply to set a security descriptor on an fsp. security_info_sent is the @@ -3510,6 +3514,9 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); +#if 0 + /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ + /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx * for details and also the log trace in bug #4308. JRA. */ @@ -3527,6 +3534,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC } psd = new_sd; } +#endif acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, &file_ace_list, &dir_ace_list, security_info_sent, psd); -- cgit From 417f187645de49ab35d2918c3ca0185a452e32b1 Mon Sep 17 00:00:00 2001 From: Dan Sledz Date: Sun, 16 Nov 2008 17:40:03 -0800 Subject: Allow SYSLOG_FACILITY to be modified with a new configure option called --with-syslog-facility --- source3/configure.in | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3') diff --git a/source3/configure.in b/source3/configure.in index 9214d031b3..90339d770c 100644 --- a/source3/configure.in +++ b/source3/configure.in @@ -4368,6 +4368,22 @@ AC_ARG_WITH(syslog, AC_MSG_RESULT(no) ) +################################################# +# check for custom syslog facility +AC_MSG_CHECKING(whether to use a custom syslog facility) +AC_ARG_WITH(syslog-facility, +[AS_HELP_STRING([--with-syslog-facility], [Use a custom syslog facility (default=none)])], +[ + if test "$withval" = "no" ; then + AC_MSG_ERROR([argument to --with-syslog-facility must be a string]) + else + if test "$withval" != "yes" ; then + syslog_facility="$withval" + AC_DEFINE_UNQUOTED(SYSLOG_FACILITY,$syslog_facility, [syslog facility to log to]) + fi + fi +]) + ################################################# # check for experimental disk-quotas support -- cgit From d1d9c06294596cc34e19277b77a5316b8f3d2200 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 00:57:33 +0100 Subject: libwbclient: Add placeholder functions for wbcQuery[GSU]idTo[GSU]id --- source3/nsswitch/libwbclient/wbc_idmap.c | 68 ++++++++++++++++++++++++++++++-- source3/nsswitch/libwbclient/wbclient.h | 12 ++++++ 2 files changed, 76 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_idmap.c b/source3/nsswitch/libwbclient/wbc_idmap.c index 6652f67636..81b369c87c 100644 --- a/source3/nsswitch/libwbclient/wbc_idmap.c +++ b/source3/nsswitch/libwbclient/wbc_idmap.c @@ -24,7 +24,7 @@ #include "libwbclient.h" -/** @brief Convert a Windows SID to a Unix uid +/** @brief Convert a Windows SID to a Unix uid, allocating an uid if needed * * @param *sid Pointer to the domain SID to be resolved * @param *puid Pointer to the resolved uid_t value @@ -71,7 +71,22 @@ wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid) return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID +/** @brief Convert a Windows SID to a Unix uid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *puid Pointer to the resolved uid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Unix uid to a Windows SID, allocating a SID if needed * * @param uid Unix uid to be resolved * @param *sid Pointer to the resolved domain SID @@ -112,7 +127,22 @@ done: return wbc_status; } -/** @brief Convert a Windows SID to a Unix gid +/** @brief Convert a Unix uid to a Windows SID if there already is a mapping + * + * @param uid Unix uid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Windows SID to a Unix gid, allocating a gid if needed * * @param *sid Pointer to the domain SID to be resolved * @param *pgid Pointer to the resolved gid_t value @@ -159,7 +189,22 @@ wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid) return wbc_status; } -/** @brief Convert a Unix uid to a Windows SID +/** @brief Convert a Windows SID to a Unix gid if there already is a mapping + * + * @param *sid Pointer to the domain SID to be resolved + * @param *pgid Pointer to the resolved gid_t value + * + * @return #wbcErr + * + **/ + +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + +/** @brief Convert a Unix gid to a Windows SID, allocating a SID if needed * * @param gid Unix gid to be resolved * @param *sid Pointer to the resolved domain SID @@ -200,6 +245,21 @@ done: return wbc_status; } +/** @brief Convert a Unix gid to a Windows SID if there already is a mapping + * + * @param gid Unix gid to be resolved + * @param *sid Pointer to the resolved domain SID + * + * @return #wbcErr + * + **/ + +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + /** @brief Obtain a new uid from Winbind * * @param *puid *pointer to the allocated uid diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 639f7f359f..2495b9604a 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -541,15 +541,27 @@ wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, wbcErr wbcSidToUid(const struct wbcDomainSid *sid, uid_t *puid); +wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, + uid_t *puid); + wbcErr wbcUidToSid(uid_t uid, struct wbcDomainSid *sid); +wbcErr wbcQueryUidToSid(uid_t uid, + struct wbcDomainSid *sid); + wbcErr wbcSidToGid(const struct wbcDomainSid *sid, gid_t *pgid); +wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, + gid_t *pgid); + wbcErr wbcGidToSid(gid_t gid, struct wbcDomainSid *sid); +wbcErr wbcQueryGidToSid(gid_t gid, + struct wbcDomainSid *sid); + wbcErr wbcAllocateUid(uid_t *puid); wbcErr wbcAllocateGid(gid_t *pgid); -- cgit From ddf821685436f7f49f49dda8fb4abb63ea1945cb Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 11:17:42 +0100 Subject: libwbclient: Add placeholder function for WINBINDD_GETGRLST --- source3/nsswitch/libwbclient/wbc_pwd.c | 14 ++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 2 ++ 2 files changed, 16 insertions(+) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 0d17b312ef..5bb9a9fde4 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -376,6 +376,20 @@ wbcErr wbcGetgrent(struct group **grp) return WBC_ERR_NOT_IMPLEMENTED; } +/** @brief Return the next struct group* entry from the pwent iterator + * + * This is similar to #wbcGetgrent, just that the member list is empty + * + * @param **grp Pointer to resulting struct group* from the query. + * + * @return #wbcErr + **/ + +wbcErr wbcGetgrlist(struct group **grp) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} + /** @brief Return the unix group array belonging to the given user * * @param *account The given user name diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 2495b9604a..9e74e1ed3c 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -602,6 +602,8 @@ wbcErr wbcEndgrent(void); wbcErr wbcGetgrent(struct group **grp); +wbcErr wbcGetgrlist(struct group **grp); + wbcErr wbcGetGroups(const char *account, uint32_t *num_groups, gid_t **_groups); -- cgit From 1fac1447038fef0c68620f69788d48abe4349fd7 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 11:18:40 +0100 Subject: libwbclient: Fix typo in wbcGetgrent docstring. --- source3/nsswitch/libwbclient/wbc_pwd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 5bb9a9fde4..70d3f3ce9d 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -364,7 +364,7 @@ wbcErr wbcEndgrent(void) return wbc_status; } -/** @brief Return the next struct passwd* entry from the pwent iterator +/** @brief Return the next struct group* entry from the pwent iterator * * @param **grp Pointer to resulting struct group* from the query. * -- cgit From 6485c99074fee57c016a202216570fce749d36c1 Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 15:16:17 +0100 Subject: libwbclient: Add placeholder function for WINBINDD_CCACHE_NTLMAUTH --- source3/nsswitch/libwbclient/wbc_pam.c | 15 +++++++++++++++ source3/nsswitch/libwbclient/wbclient.h | 28 ++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_pam.c b/source3/nsswitch/libwbclient/wbc_pam.c index 713ba2e65b..401d2ad2c3 100644 --- a/source3/nsswitch/libwbclient/wbc_pam.c +++ b/source3/nsswitch/libwbclient/wbc_pam.c @@ -1095,3 +1095,18 @@ done: return wbc_status; } + +/** @brief Authenticate a user with cached credentials + * + * @param *params Pointer to a wbcCredentialCacheParams structure + * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure + * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure + * + * @return #wbcErr + **/ +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error) +{ + return WBC_ERR_NOT_IMPLEMENTED; +} diff --git a/source3/nsswitch/libwbclient/wbclient.h b/source3/nsswitch/libwbclient/wbclient.h index 9e74e1ed3c..cb31360407 100644 --- a/source3/nsswitch/libwbclient/wbclient.h +++ b/source3/nsswitch/libwbclient/wbclient.h @@ -440,6 +440,30 @@ struct wbcLogoffUserParams { struct wbcNamedBlob *blobs; }; +/** @brief Credential cache log-on parameters + * + */ + +struct wbcCredentialCacheParams { + const char *account_name; + const char *domain_name; + enum wbcCredentialCacheLevel { + WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1 + } level; + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + + +/** @brief Info returned by credential cache auth + * + */ + +struct wbcCredentialCacheInfo { + size_t num_blobs; + struct wbcNamedBlob *blobs; +}; + /* * DomainControllerInfo struct */ @@ -683,6 +707,10 @@ wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, enum wbcPasswordChangeRejectReason *reject_reason, struct wbcUserPasswordPolicyInfo **policy); +wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, + struct wbcCredentialCacheInfo **info, + struct wbcAuthErrorInfo **error); + /* * Resolve functions */ -- cgit From 5856364af6e074410d521a4cdab893df998a04bd Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 16:36:01 +0100 Subject: libwbclient: Implement wbcGetpwent --- source3/nsswitch/libwbclient/wbc_pwd.c | 79 +++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 70d3f3ce9d..87908bb5e7 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -24,6 +24,11 @@ #include "libwbclient.h" +/** @brief The maximum number of pwent structs to get from winbindd + * + */ +#define MAX_GETPWENT_USERS 500 + /** * **/ @@ -284,6 +289,21 @@ wbcErr wbcGetgrgid(gid_t gid, struct group **grp) return wbc_status; } +/** @brief Number of cached passwd structs + * + */ +static uint32_t pw_cache_size; + +/** @brief Position of the pwent context + * + */ +static uint32_t pw_cache_idx; + +/** @brief Winbindd response containing the passwd structs + * + */ +static struct winbindd_response pw_response; + /** @brief Reset the passwd iterator * * @return #wbcErr @@ -293,6 +313,15 @@ wbcErr wbcSetpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (pw_cache_size > 0) { + pw_cache_idx = pw_cache_size = 0; + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + } + } + + ZERO_STRUCT(pw_response); + wbc_status = wbcRequestResponse(WINBINDD_SETPWENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -310,6 +339,13 @@ wbcErr wbcEndpwent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (pw_cache_size > 0) { + pw_cache_idx = pw_cache_size = 0; + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + } + } + wbc_status = wbcRequestResponse(WINBINDD_ENDPWENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -320,14 +356,53 @@ wbcErr wbcEndpwent(void) /** @brief Return the next struct passwd* entry from the pwent iterator * - * @param **pwd Pointer to resulting struct group* from the query. + * @param **pwd Pointer to resulting struct passwd* from the query. * * @return #wbcErr **/ wbcErr wbcGetpwent(struct passwd **pwd) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_pw *wb_pw; + + /* If there's a cached result, return that. */ + if (pw_cache_idx < pw_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + pw_cache_idx = 0; + + if (pw_response.extra_data.data) { + free(pw_response.extra_data.data); + ZERO_STRUCT(pw_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETPWENT_USERS; + + wbc_status = wbcRequestResponse(WINBINDD_GETPWENT, &request, + &pw_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + pw_cache_size = pw_response.data.num_entries; + +return_result: + + wb_pw = (struct winbindd_pw *) pw_response.extra_data.data; + + *pwd = copy_passwd_entry(&wb_pw[pw_cache_idx]); + + BAIL_ON_PTR_ERROR(*pwd, wbc_status); + + pw_cache_idx++; + +done: + return wbc_status; } /** @brief Reset the group iterator -- cgit From 9d2c2a7a0e9e69c8fa2ce81af79007da0e32605b Mon Sep 17 00:00:00 2001 From: Kai Blin Date: Sun, 23 Nov 2008 17:11:09 +0100 Subject: libwbclient: Implement wbcGetgrent and wbcGetgrlist --- source3/nsswitch/libwbclient/wbc_pwd.c | 123 ++++++++++++++++++++++++++++++++- 1 file changed, 121 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/nsswitch/libwbclient/wbc_pwd.c b/source3/nsswitch/libwbclient/wbc_pwd.c index 87908bb5e7..d54a5af4fc 100644 --- a/source3/nsswitch/libwbclient/wbc_pwd.c +++ b/source3/nsswitch/libwbclient/wbc_pwd.c @@ -29,6 +29,11 @@ */ #define MAX_GETPWENT_USERS 500 +/** @brief The maximum number of grent structs to get from winbindd + * + */ +#define MAX_GETGRENT_GROUPS 500 + /** * **/ @@ -405,6 +410,21 @@ done: return wbc_status; } +/** @brief Number of cached group structs + * + */ +static uint32_t gr_cache_size; + +/** @brief Position of the grent context + * + */ +static uint32_t gr_cache_idx; + +/** @brief Winbindd response containing the group structs + * + */ +static struct winbindd_response gr_response; + /** @brief Reset the group iterator * * @return #wbcErr @@ -414,6 +434,15 @@ wbcErr wbcSetgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (gr_cache_size > 0) { + gr_cache_idx = gr_cache_size = 0; + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + } + } + + ZERO_STRUCT(gr_response); + wbc_status = wbcRequestResponse(WINBINDD_SETGRENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -431,6 +460,13 @@ wbcErr wbcEndgrent(void) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + if (gr_cache_size > 0) { + gr_cache_idx = gr_cache_size = 0; + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + } + } + wbc_status = wbcRequestResponse(WINBINDD_ENDGRENT, NULL, NULL); BAIL_ON_WBC_ERROR(wbc_status); @@ -448,7 +484,51 @@ wbcErr wbcEndgrent(void) wbcErr wbcGetgrent(struct group **grp) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + uint32_t mem_ofs; + + /* If there's a cached result, return that. */ + if (gr_cache_idx < gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + gr_cache_idx = 0; + + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + ZERO_STRUCT(gr_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(WINBINDD_GETGRENT, &request, + &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + mem_ofs = wb_gr[gr_cache_idx].gr_mem_ofs + + gr_cache_size * sizeof(struct winbindd_gr); + + *grp = copy_group_entry(&wb_gr[gr_cache_idx], + ((char *)gr_response.extra_data.data)+mem_ofs); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + gr_cache_idx++; + +done: + return wbc_status; } /** @brief Return the next struct group* entry from the pwent iterator @@ -462,7 +542,46 @@ wbcErr wbcGetgrent(struct group **grp) wbcErr wbcGetgrlist(struct group **grp) { - return WBC_ERR_NOT_IMPLEMENTED; + wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; + struct winbindd_request request; + struct winbindd_gr *wb_gr; + + /* If there's a cached result, return that. */ + if (gr_cache_idx < gr_cache_size) { + goto return_result; + } + + /* Otherwise, query winbindd for some entries. */ + + gr_cache_idx = 0; + + if (gr_response.extra_data.data) { + free(gr_response.extra_data.data); + ZERO_STRUCT(gr_response); + } + + ZERO_STRUCT(request); + request.data.num_entries = MAX_GETGRENT_GROUPS; + + wbc_status = wbcRequestResponse(WINBINDD_GETGRLST, &request, + &gr_response); + + BAIL_ON_WBC_ERROR(wbc_status); + + gr_cache_size = gr_response.data.num_entries; + +return_result: + + wb_gr = (struct winbindd_gr *) gr_response.extra_data.data; + + *grp = copy_group_entry(&wb_gr[gr_cache_idx], NULL); + + BAIL_ON_PTR_ERROR(*grp, wbc_status); + + gr_cache_idx++; + +done: + return wbc_status; } /** @brief Return the unix group array belonging to the given user -- cgit From bf04324592695fd6e711ba25a89d47e1b61fa33e Mon Sep 17 00:00:00 2001 From: Nils Goroll Date: Mon, 17 Nov 2008 00:55:16 +0100 Subject: [s3]zfsacl: Prevent calling POSIX ACL vfs methods on zfs share. This is a proposed fix for Bugs #5135 and #5446. Signed-off-by: Michael Adam --- source3/modules/vfs_zfsacl.c | 83 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) (limited to 'source3') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 3688b2386e..650666e921 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -212,9 +212,92 @@ static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } +/* nils.goroll@hamburg.de 2008-06-16 : + + See also + - https://bugzilla.samba.org/show_bug.cgi?id=5446 + - http://bugs.opensolaris.org/view_bug.do?bug_id=6688240 + + Solaris supports NFSv4 and ZFS ACLs through a common system call, acl(2) + with ACE_SETACL / ACE_GETACL / ACE_GETACLCNT, which is being wrapped for + use by samba in this module. + + As the acl(2) interface is identical for ZFS and for NFS, this module, + vfs_zfsacl, can not only be used for ZFS, but also for sharing NFSv4 + mounts on Solaris. + + But while "traditional" POSIX DRAFT ACLs (using acl(2) with SETACL + / GETACL / GETACLCNT) fail for ZFS, the Solaris NFS client + implemets a compatibility wrapper, which will make calls to + traditional ACL calls though vfs_solarisacl succeed. As the + compatibility wrapper's implementation is (by design) incomplete, + we want to make sure that it is never being called. + + As long as Samba does not support an exiplicit method for a module + to define conflicting vfs methods, we should override all conflicting + methods here. + + For this to work, we need to make sure that this module is initialised + *after* vfs_solarisacl + + Function declarations taken from vfs_solarisacl +*/ + +SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle, + const char *path_p, + SMB_ACL_TYPE_T type) +{ + return (SMB_ACL_T)NULL; +} +SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + int fd) +{ + return (SMB_ACL_T)NULL; +} + +int zfsacl_fail__sys_acl_set_file(vfs_handle_struct *handle, + const char *name, + SMB_ACL_TYPE_T type, + SMB_ACL_T theacl) +{ + return(-1); +} + +int zfsacl_fail__sys_acl_set_fd(vfs_handle_struct *handle, + files_struct *fsp, + int fd, SMB_ACL_T theacl) +{ + return(-1); +} + +int zfsacl_fail__sys_acl_delete_def_file(vfs_handle_struct *handle, + const char *path) +{ + return(-1); +} + /* VFS operations structure */ static vfs_op_tuple zfsacl_ops[] = { + /* invalidate conflicting VFS methods */ + {SMB_VFS_OP(zfsacl_fail__sys_acl_get_file), + SMB_VFS_OP_SYS_ACL_GET_FILE, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_get_fd), + SMB_VFS_OP_SYS_ACL_GET_FD, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_set_file), + SMB_VFS_OP_SYS_ACL_SET_FILE, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_set_fd), + SMB_VFS_OP_SYS_ACL_SET_FD, + SMB_VFS_LAYER_OPAQUE}, + {SMB_VFS_OP(zfsacl_fail__sys_acl_delete_def_file), + SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, + SMB_VFS_LAYER_OPAQUE}, + + /* actual methods */ {SMB_VFS_OP(zfsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(zfsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, -- cgit From afbfbd7f4c656fa4ed036314837024be8cd634c9 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 17 Nov 2008 10:29:41 +0100 Subject: [s3]zfsacl: "return" is not a function. Michael --- source3/modules/vfs_zfsacl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 650666e921..a5b0490c8d 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -261,20 +261,20 @@ int zfsacl_fail__sys_acl_set_file(vfs_handle_struct *handle, SMB_ACL_TYPE_T type, SMB_ACL_T theacl) { - return(-1); + return -1; } int zfsacl_fail__sys_acl_set_fd(vfs_handle_struct *handle, files_struct *fsp, int fd, SMB_ACL_T theacl) { - return(-1); + return -1; } int zfsacl_fail__sys_acl_delete_def_file(vfs_handle_struct *handle, const char *path) { - return(-1); + return -1; } /* VFS operations structure */ -- cgit From 6a4957d35d50e6508917aca62b282ae4904187c8 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 23 Nov 2008 22:59:40 +0100 Subject: UNFINISHED - s3:idmap_ad: multi-domain Michael --- source3/winbindd/idmap_ad.c | 152 ++++++++++++++++++++++++-------------------- 1 file changed, 83 insertions(+), 69 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 60a2d8642a..5904b4f624 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -43,31 +43,33 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; + ADS_STRUCT *ad_idmap_ads; + struct posix_schema *ad_schema; + enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; }; NTSTATUS init_module(void); -static ADS_STRUCT *ad_idmap_ads = NULL; -static struct posix_schema *ad_schema = NULL; -static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; - /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(void) +static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ad_idmap_ads != NULL) { + if (ctx->ad_idmap_ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ad_idmap_ads; + ads = ctx->ad_idmap_ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -83,8 +85,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ad_idmap_ads = NULL; - TALLOC_FREE( ad_schema ); + ctx->ad_idmap_ads = NULL; + TALLOC_FREE(ctx->ad_schema); } } @@ -118,7 +120,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) ads->is_mine = False; - ad_idmap_ads = ads; + ctx->ad_idmap_ads = ads; return ads; } @@ -126,28 +128,31 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(void) +static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); - + ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom); + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + if ( !ads ) return NULL; /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ad_schema ) + if ( ctx->ad_schema ) return ads; /* Otherwise, set the schema model */ - if ( (ad_map_type == WB_POSIX_MAP_SFU) || - (ad_map_type == WB_POSIX_MAP_SFU20) || - (ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || + (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || + (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; - schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); + schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema); if ( !ADS_ERR_OK(schema_status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); return NULL; @@ -191,16 +196,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } /* schema mode */ - if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ad_map_type = WB_POSIX_MAP_RFC2307; + if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN ) + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -284,14 +289,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -308,7 +313,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ad_schema->posix_uidnumber_attr, + ctx->ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -322,7 +327,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ad_schema->posix_gidnumber_attr, + ctx->ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -405,10 +410,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -495,14 +500,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { + if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -592,10 +597,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -653,7 +658,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) ad_idmap_ads = NULL; } - TALLOC_FREE( ad_schema ); + TALLOC_FREE( ctx->ad_schema ); return NT_STATUS_OK; } @@ -671,15 +676,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU) ) { DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } @@ -689,15 +694,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU20) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_SFU20) ) { DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; return NT_STATUS_OK; } @@ -707,15 +712,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) ) { DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -725,7 +730,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *ctx, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -744,6 +749,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Only do query if we are online */ if (idmap_is_offline()) { @@ -755,7 +763,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ads_internal = ad_idmap_cached_connection(); - if ( !ads_internal || !ad_schema ) { + if ( !ads_internal || !ctx->ad_schema ) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -766,12 +774,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -781,13 +789,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ad_schema->posix_homedir_attr; - attrs[1] = ad_schema->posix_shell_attr; - attrs[2] = ad_schema->posix_gecos_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[0] = ctx->ad_schema->posix_homedir_attr; + attrs[1] = ctx->ad_schema->posix_shell_attr; + attrs[2] = ctx->ad_schema->posix_gecos_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -801,12 +809,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -835,6 +843,9 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -852,12 +863,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ad_schema->posix_uid_attr; + attrs[0] = ctx->ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -873,7 +884,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr ); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -908,6 +919,9 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; + struct idmap_ad_context *ctx; + + ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -925,14 +939,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ad_schema) { + if (!ads_internal || !ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ad_schema->posix_uid_attr, + ctx->ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; -- cgit From 03304c5152c8d56030a6e79e37f106a786ed0f64 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Tue, 25 Nov 2008 15:24:43 +0100 Subject: Revert "UNFINISHED - s3:idmap_ad: multi-domain" This reverts commit 6a4957d35d50e6508917aca62b282ae4904187c8. Sorry - this got accidentially pushed. Michael --- source3/winbindd/idmap_ad.c | 152 ++++++++++++++++++++------------------------ 1 file changed, 69 insertions(+), 83 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 5904b4f624..60a2d8642a 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -43,33 +43,31 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; - ADS_STRUCT *ad_idmap_ads; - struct posix_schema *ad_schema; - enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; }; NTSTATUS init_module(void); +static ADS_STRUCT *ad_idmap_ads = NULL; +static struct posix_schema *ad_schema = NULL; +static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; + /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) +static ADS_STRUCT *ad_idmap_cached_connection_internal(void) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ctx->ad_idmap_ads != NULL) { + if (ad_idmap_ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ctx->ad_idmap_ads; + ads = ad_idmap_ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -85,8 +83,8 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ctx->ad_idmap_ads = NULL; - TALLOC_FREE(ctx->ad_schema); + ad_idmap_ads = NULL; + TALLOC_FREE( ad_schema ); } } @@ -120,7 +118,7 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) ads->is_mine = False; - ctx->ad_idmap_ads = ads; + ad_idmap_ads = ads; return ads; } @@ -128,31 +126,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(struct idmap_domain *dom) /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(struct idmap_domain *dom) +static ADS_STRUCT *ad_idmap_cached_connection(void) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(dom); - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - + ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); + if ( !ads ) return NULL; /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ctx->ad_schema ) + if ( ad_schema ) return ads; /* Otherwise, set the schema model */ - if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || - (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || - (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ad_map_type == WB_POSIX_MAP_SFU) || + (ad_map_type == WB_POSIX_MAP_SFU20) || + (ad_map_type == WB_POSIX_MAP_RFC2307) ) { ADS_STATUS schema_status; - schema_status = ads_check_posix_schema_mapping( NULL, ads, ctx->ad_map_type, &ctx->ad_schema); + schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); if ( !ADS_ERR_OK(schema_status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); return NULL; @@ -196,16 +191,16 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } /* schema mode */ - if ( ctx->ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) + ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ctx->ad_map_type = WB_POSIX_MAP_SFU; + ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ctx->ad_map_type = WB_POSIX_MAP_SFU20; + ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -289,14 +284,14 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { + if ( (ads = ad_idmap_cached_connection()) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ctx->ad_schema->posix_uidnumber_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[2] = ad_schema->posix_uidnumber_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -313,7 +308,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ctx->ad_schema->posix_uidnumber_attr, + ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -327,7 +322,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ctx->ad_schema->posix_gidnumber_attr, + ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -410,10 +405,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ctx->ad_schema->posix_uidnumber_attr : - ctx->ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ad_schema->posix_uidnumber_attr : + ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -500,14 +495,14 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection(dom)) == NULL ) { + if ( (ads = ad_idmap_cached_connection()) == NULL ) { DEBUG(1, ("ADS uninitialized\n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ctx->ad_schema->posix_uidnumber_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[2] = ad_schema->posix_uidnumber_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -597,10 +592,10 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ctx->ad_schema->posix_uidnumber_attr : - ctx->ad_schema->posix_gidnumber_attr, - &id)) + if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? + ad_schema->posix_uidnumber_attr : + ad_schema->posix_gidnumber_attr, + &id)) { DEBUG(1, ("Could not get unix ID\n")); continue; @@ -658,7 +653,7 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) ad_idmap_ads = NULL; } - TALLOC_FREE( ctx->ad_schema ); + TALLOC_FREE( ad_schema ); return NT_STATUS_OK; } @@ -676,15 +671,15 @@ static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_SFU) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_SFU) ) { DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_SFU; + ad_map_type = WB_POSIX_MAP_SFU; return NT_STATUS_OK; } @@ -694,15 +689,15 @@ static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_SFU20) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_SFU20) ) { DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_SFU20; + ad_map_type = WB_POSIX_MAP_SFU20; return NT_STATUS_OK; } @@ -712,15 +707,15 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /* Sanity check if we have previously been called with a different schema model */ - if ( (ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ctx->ad_map_type != WB_POSIX_MAP_RFC2307) ) + if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ad_map_type != WB_POSIX_MAP_RFC2307) ) { DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " "Mixed schema models not supported!\n")); return NT_STATUS_NOT_SUPPORTED; } - ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + ad_map_type = WB_POSIX_MAP_RFC2307; return NT_STATUS_OK; } @@ -730,7 +725,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *mem_ctx, + TALLOC_CTX *ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -749,9 +744,6 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Only do query if we are online */ if (idmap_is_offline()) { @@ -763,7 +755,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ads_internal = ad_idmap_cached_connection(); - if ( !ads_internal || !ctx->ad_schema ) { + if ( !ads_internal || !ad_schema ) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -774,12 +766,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -789,13 +781,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ctx->ad_schema->posix_homedir_attr; - attrs[1] = ctx->ad_schema->posix_shell_attr; - attrs[2] = ctx->ad_schema->posix_gecos_attr; - attrs[3] = ctx->ad_schema->posix_gidnumber_attr; + attrs[0] = ad_schema->posix_homedir_attr; + attrs[1] = ad_schema->posix_shell_attr; + attrs[2] = ad_schema->posix_gecos_attr; + attrs[3] = ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -809,12 +801,12 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -843,9 +835,6 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -863,12 +852,12 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ctx->ad_schema) { + if (!ads_internal || !ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ctx->ad_schema->posix_uid_attr; + attrs[0] = ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -884,7 +873,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ctx->ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -919,9 +908,6 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; - struct idmap_ad_context *ctx; - - ctx = talloc_get_type(e->state, struct idmap_ad_context); /* Check incoming parameters */ @@ -939,14 +925,14 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ads_internal = ad_idmap_cached_connection(); - if (!ads_internal || !ctx->ad_schema) { + if (!ads_internal || !ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ctx->ad_schema->posix_uid_attr, + ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; -- cgit From 948218643a04e8bf28de5c716cb9e4115d8b2aa0 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:19:35 +0100 Subject: s3-samr: fix _samr_LookupNames return code. Guenther --- source3/rpc_server/srv_samr_nt.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 3cc86edd62..ba9d911c2b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1794,6 +1794,7 @@ NTSTATUS _samr_LookupNames(pipes_struct *p, DOM_SID pol_sid; uint32 acc_granted; struct samr_Ids rids, types; + uint32_t num_mapped = 0; DEBUG(5,("_samr_LookupNames: %d\n", __LINE__)); @@ -1841,10 +1842,18 @@ NTSTATUS _samr_LookupNames(pipes_struct *p, } if (type[i] != SID_NAME_UNKNOWN) { - status = NT_STATUS_OK; + num_mapped++; } } + if (num_mapped == num_rids) { + status = NT_STATUS_OK; + } else if (num_mapped == 0) { + status = NT_STATUS_NONE_MAPPED; + } else { + status = STATUS_SOME_UNMAPPED; + } + rids.count = num_rids; rids.ids = rid; -- cgit From d3fa3c080f4509d8d043b26f3bee157f026d6e8a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 25 Nov 2008 15:53:56 -0800 Subject: Fix bug #5914 - Build failure: redefinition of struct name_list Jeremy. --- source3/utils/smbtree.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/utils/smbtree.c b/source3/utils/smbtree.c index ce2de4d7fe..9fc02bac13 100644 --- a/source3/utils/smbtree.c +++ b/source3/utils/smbtree.c @@ -30,15 +30,15 @@ static enum tree_level level = LEV_SHARE; /* Holds a list of workgroups or servers */ -struct name_list { - struct name_list *prev, *next; +struct smb_name_list { + struct smb_name_list *prev, *next; char *name, *comment; uint32 server_type; }; -static struct name_list *workgroups, *servers, *shares; +static struct smb_name_list *workgroups, *servers, *shares; -static void free_name_list(struct name_list *list) +static void free_name_list(struct smb_name_list *list) { while(list) DLIST_REMOVE(list, list); @@ -47,10 +47,10 @@ static void free_name_list(struct name_list *list) static void add_name(const char *machine_name, uint32 server_type, const char *comment, void *state) { - struct name_list **name_list = (struct name_list **)state; - struct name_list *new_name; + struct smb_name_list **name_list = (struct smb_name_list **)state; + struct smb_name_list *new_name; - new_name = SMB_MALLOC_P(struct name_list); + new_name = SMB_MALLOC_P(struct smb_name_list); if (!new_name) return; @@ -222,7 +222,7 @@ static bool get_shares(char *server_name, struct user_auth_info *user_info) static bool print_tree(struct user_auth_info *user_info) { - struct name_list *wg, *sv, *sh; + struct smb_name_list *wg, *sv, *sh; /* List workgroups */ -- cgit From 8e9c5f8c006d5753b7bda0df16eadbcf802df0c9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Nov 2008 16:55:32 +0100 Subject: Don't filter out any variables for config.pm, only for config.mk. --- source3/samba4.m4 | 1 + 1 file changed, 1 insertion(+) (limited to 'source3') diff --git a/source3/samba4.m4 b/source3/samba4.m4 index 5a3ae36884..9ef3d71fd0 100644 --- a/source3/samba4.m4 +++ b/source3/samba4.m4 @@ -131,6 +131,7 @@ builddir="$builddir/../source4" oldsrcdir="$srcdir" srcdir="$srcdir/../source4" AC_SUBST(srcdir) +AC_SUBST(builddir) SMB_WRITE_PERLVARS(../source4/build/smb_build/config.pm) builddir="$oldbuilddir" srcdir="$oldsrcdir" -- cgit From 58db2befbd82b8e1e7cb7de29da7f567dea314e9 Mon Sep 17 00:00:00 2001 From: Jelmer Vernooij Date: Wed, 26 Nov 2008 18:20:51 +0100 Subject: Move netr_SamDatabaseID8Bit to netlogon.idl to prevent problems with forward enum declarations when compiled with C++. --- source3/librpc/gen_ndr/misc.h | 35 ----------------------- source3/librpc/gen_ndr/ndr_misc.c | 53 ----------------------------------- source3/librpc/gen_ndr/ndr_misc.h | 6 ---- source3/librpc/gen_ndr/ndr_netlogon.c | 34 ++++++---------------- source3/librpc/gen_ndr/ndr_ntsvcs.c | 2 +- source3/librpc/gen_ndr/ndr_samr.c | 53 +++++++++++++++++++++++++++++++++++ source3/librpc/gen_ndr/ndr_samr.h | 6 ++++ source3/librpc/gen_ndr/netlogon.h | 3 ++ source3/librpc/gen_ndr/samr.h | 32 +++++++++++++++++++++ 9 files changed, 103 insertions(+), 121 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/misc.h b/source3/librpc/gen_ndr/misc.h index e439f7f43d..d1cf64e0eb 100644 --- a/source3/librpc/gen_ndr/misc.h +++ b/source3/librpc/gen_ndr/misc.h @@ -2,12 +2,9 @@ #include -#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_misc #define _HEADER_misc -enum netr_SamDatabaseID8Bit; - struct GUID { uint32_t time_low; uint16_t time_mid; @@ -45,36 +42,4 @@ enum netr_SchannelType #endif ; -enum netr_SamDatabaseID -#ifndef USE_UINT_ENUMS - { - SAM_DATABASE_DOMAIN=0, - SAM_DATABASE_BUILTIN=1, - SAM_DATABASE_PRIVS=2 -} -#else - { __donnot_use_enum_netr_SamDatabaseID=0x7FFFFFFF} -#define SAM_DATABASE_DOMAIN ( 0 ) -#define SAM_DATABASE_BUILTIN ( 1 ) -#define SAM_DATABASE_PRIVS ( 2 ) -#endif -; - -enum samr_RejectReason -#ifndef USE_UINT_ENUMS - { - SAMR_REJECT_OTHER=0, - SAMR_REJECT_TOO_SHORT=1, - SAMR_REJECT_IN_HISTORY=2, - SAMR_REJECT_COMPLEXITY=5 -} -#else - { __donnot_use_enum_samr_RejectReason=0x7FFFFFFF} -#define SAMR_REJECT_OTHER ( 0 ) -#define SAMR_REJECT_TOO_SHORT ( 1 ) -#define SAMR_REJECT_IN_HISTORY ( 2 ) -#define SAMR_REJECT_COMPLEXITY ( 5 ) -#endif -; - #endif /* _HEADER_misc */ diff --git a/source3/librpc/gen_ndr/ndr_misc.c b/source3/librpc/gen_ndr/ndr_misc.c index 22c416a0d7..971cbdac24 100644 --- a/source3/librpc/gen_ndr/ndr_misc.c +++ b/source3/librpc/gen_ndr/ndr_misc.c @@ -132,56 +132,3 @@ _PUBLIC_ void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *nam ndr_print_enum(ndr, name, "ENUM", val, r); } -_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r) -{ - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r) -{ - uint32_t v; - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *r = v; - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r) -{ - const char *val = NULL; - - switch (r) { - case SAM_DATABASE_DOMAIN: val = "SAM_DATABASE_DOMAIN"; break; - case SAM_DATABASE_BUILTIN: val = "SAM_DATABASE_BUILTIN"; break; - case SAM_DATABASE_PRIVS: val = "SAM_DATABASE_PRIVS"; break; - } - ndr_print_enum(ndr, name, "ENUM", val, r); -} - -_PUBLIC_ enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r) -{ - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r) -{ - uint32_t v; - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); - *r = v; - return NDR_ERR_SUCCESS; -} - -_PUBLIC_ void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r) -{ - const char *val = NULL; - - switch (r) { - case SAMR_REJECT_OTHER: val = "SAMR_REJECT_OTHER"; break; - case SAMR_REJECT_TOO_SHORT: val = "SAMR_REJECT_TOO_SHORT"; break; - case SAMR_REJECT_IN_HISTORY: val = "SAMR_REJECT_IN_HISTORY"; break; - case SAMR_REJECT_COMPLEXITY: val = "SAMR_REJECT_COMPLEXITY"; break; - } - ndr_print_enum(ndr, name, "ENUM", val, r); -} - diff --git a/source3/librpc/gen_ndr/ndr_misc.h b/source3/librpc/gen_ndr/ndr_misc.h index a15a781367..b907af0605 100644 --- a/source3/librpc/gen_ndr/ndr_misc.h +++ b/source3/librpc/gen_ndr/ndr_misc.h @@ -20,10 +20,4 @@ void ndr_print_policy_handle(struct ndr_print *ndr, const char *name, const stru enum ndr_err_code ndr_push_netr_SchannelType(struct ndr_push *ndr, int ndr_flags, enum netr_SchannelType r); enum ndr_err_code ndr_pull_netr_SchannelType(struct ndr_pull *ndr, int ndr_flags, enum netr_SchannelType *r); void ndr_print_netr_SchannelType(struct ndr_print *ndr, const char *name, enum netr_SchannelType r); -enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r); -enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r); -void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r); -enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r); -enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r); -void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r); #endif /* _HEADER_NDR_misc */ diff --git a/source3/librpc/gen_ndr/ndr_netlogon.c b/source3/librpc/gen_ndr/ndr_netlogon.c index ac23c36a7c..c4102eba6e 100644 --- a/source3/librpc/gen_ndr/ndr_netlogon.c +++ b/source3/librpc/gen_ndr/ndr_netlogon.c @@ -363,8 +363,6 @@ static enum ndr_err_code ndr_push_netr_PasswordInfo(struct ndr_push *ndr, int nd } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_push_netr_IdentityInfo(ndr, NDR_BUFFERS, &r->identity_info)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -379,8 +377,6 @@ static enum ndr_err_code ndr_pull_netr_PasswordInfo(struct ndr_pull *ndr, int nd } if (ndr_flags & NDR_BUFFERS) { NDR_CHECK(ndr_pull_netr_IdentityInfo(ndr, NDR_BUFFERS, &r->identity_info)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2212,7 +2208,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEY16(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, &r->pwd)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->pwd)); } return NDR_ERR_SUCCESS; } @@ -2227,7 +2222,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEY16(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, &r->pwd)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->pwd)); } return NDR_ERR_SUCCESS; } @@ -2305,8 +2299,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEYS2(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2320,8 +2312,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEYS2(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_netr_PasswordHistory(ndr, NDR_SCALARS, &r->history)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_netr_USER_KEY16(ndr, NDR_BUFFERS, &r->ntpassword)); } return NDR_ERR_SUCCESS; } @@ -2343,7 +2333,6 @@ static enum ndr_err_code ndr_push_netr_USER_KEY_UNION(struct ndr_push *ndr, int NDR_CHECK(ndr_push_netr_USER_KEYS2(ndr, NDR_SCALARS, &r->keys2)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEYS2(ndr, NDR_BUFFERS, &r->keys2)); } return NDR_ERR_SUCCESS; } @@ -2355,7 +2344,6 @@ static enum ndr_err_code ndr_pull_netr_USER_KEY_UNION(struct ndr_pull *ndr, int NDR_CHECK(ndr_pull_netr_USER_KEYS2(ndr, NDR_SCALARS, &r->keys2)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEYS2(ndr, NDR_BUFFERS, &r->keys2)); } return NDR_ERR_SUCCESS; } @@ -2376,7 +2364,6 @@ _PUBLIC_ enum ndr_err_code ndr_push_netr_USER_KEYS(struct ndr_push *ndr, int ndr NDR_CHECK(ndr_push_netr_USER_KEY_UNION(ndr, NDR_SCALARS, &r->keys)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_push_netr_USER_KEY_UNION(ndr, NDR_BUFFERS, &r->keys)); } return NDR_ERR_SUCCESS; } @@ -2389,7 +2376,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netr_USER_KEYS(struct ndr_pull *ndr, int ndr NDR_CHECK(ndr_pull_netr_USER_KEY_UNION(ndr, NDR_SCALARS, &r->keys)); } if (ndr_flags & NDR_BUFFERS) { - NDR_CHECK(ndr_pull_netr_USER_KEY_UNION(ndr, NDR_BUFFERS, &r->keys)); } return NDR_ERR_SUCCESS; } @@ -2537,8 +2523,6 @@ static enum ndr_err_code ndr_push_netr_DELTA_USER(struct ndr_push *ndr, int ndr_ NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->description)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_push_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_push_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_push_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_push_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); @@ -2602,8 +2586,6 @@ static enum ndr_err_code ndr_pull_netr_DELTA_USER(struct ndr_pull *ndr, int ndr_ NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->description)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->workstations)); NDR_CHECK(ndr_pull_samr_LogonHours(ndr, NDR_BUFFERS, &r->logon_hours)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->lmpassword)); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_BUFFERS, &r->ntpassword)); NDR_CHECK(ndr_pull_lsa_String(ndr, NDR_BUFFERS, &r->comment)); NDR_CHECK(ndr_pull_lsa_BinaryString(ndr, NDR_BUFFERS, &r->parameters)); NDR_CHECK(ndr_pull_netr_USER_PRIVATE_INFO(ndr, NDR_BUFFERS, &r->user_private_info)); @@ -9608,7 +9590,7 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordSet(struct ndr_push *ndr, i if (r->in.new_password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->in.new_password)); } if (flags & NDR_OUT) { if (r->out.return_authenticator == NULL) { @@ -9675,7 +9657,7 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordSet(struct ndr_pull *ndr, i } _mem_save_new_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->in.new_password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->in.new_password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->in.new_password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_new_password_0, LIBNDR_FLAG_REF_ALLOC); NDR_PULL_ALLOC(ndr, r->out.return_authenticator); ZERO_STRUCTP(r->out.return_authenticator); @@ -13210,7 +13192,7 @@ static enum ndr_err_code ndr_push_netr_ServerPasswordGet(struct ndr_push *ndr, i if (r->out.password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -13284,7 +13266,7 @@ static enum ndr_err_code ndr_pull_netr_ServerPasswordGet(struct ndr_pull *ndr, i } _mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); } @@ -14704,11 +14686,11 @@ static enum ndr_err_code ndr_push_netr_ServerTrustPasswordsGet(struct ndr_push * if (r->out.password == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password)); if (r->out.password2 == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2)); + NDR_CHECK(ndr_push_samr_Password(ndr, NDR_SCALARS, r->out.password2)); NDR_CHECK(ndr_push_NTSTATUS(ndr, NDR_SCALARS, r->out.result)); } return NDR_ERR_SUCCESS; @@ -14785,14 +14767,14 @@ static enum ndr_err_code ndr_pull_netr_ServerTrustPasswordsGet(struct ndr_pull * } _mem_save_password_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.password2); } _mem_save_password2_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.password2, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.password2)); + NDR_CHECK(ndr_pull_samr_Password(ndr, NDR_SCALARS, r->out.password2)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_password2_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_NTSTATUS(ndr, NDR_SCALARS, &r->out.result)); } diff --git a/source3/librpc/gen_ndr/ndr_ntsvcs.c b/source3/librpc/gen_ndr/ndr_ntsvcs.c index a63ed6f77a..ced6fb7767 100644 --- a/source3/librpc/gen_ndr/ndr_ntsvcs.c +++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c @@ -3857,7 +3857,7 @@ static const struct ndr_interface_call ntsvcs_calls[] = { static const char * const ntsvcs_endpoint_strings[] = { "ncacn_np:[\\pipe\\ntsvcs]", - "ncacn_np:[\\pipe\\plugplay]", + "ncacn_np:[\\pipe\\plugplay]", }; static const struct ndr_interface_string_array ntsvcs_endpoints = { diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index e1b8fd17f9..52b8c72f75 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -6,6 +6,59 @@ #include "librpc/gen_ndr/ndr_misc.h" #include "librpc/gen_ndr/ndr_lsa.h" #include "librpc/gen_ndr/ndr_security.h" +_PUBLIC_ enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r) +{ + const char *val = NULL; + + switch (r) { + case SAM_DATABASE_DOMAIN: val = "SAM_DATABASE_DOMAIN"; break; + case SAM_DATABASE_BUILTIN: val = "SAM_DATABASE_BUILTIN"; break; + case SAM_DATABASE_PRIVS: val = "SAM_DATABASE_PRIVS"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + +_PUBLIC_ enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r) +{ + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r) +{ + uint32_t v; + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v)); + *r = v; + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r) +{ + const char *val = NULL; + + switch (r) { + case SAMR_REJECT_OTHER: val = "SAMR_REJECT_OTHER"; break; + case SAMR_REJECT_TOO_SHORT: val = "SAMR_REJECT_TOO_SHORT"; break; + case SAMR_REJECT_IN_HISTORY: val = "SAMR_REJECT_IN_HISTORY"; break; + case SAMR_REJECT_COMPLEXITY: val = "SAMR_REJECT_COMPLEXITY"; break; + } + ndr_print_enum(ndr, name, "ENUM", val, r); +} + _PUBLIC_ enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r) { NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r)); diff --git a/source3/librpc/gen_ndr/ndr_samr.h b/source3/librpc/gen_ndr/ndr_samr.h index 1f582061f9..64e09e18ef 100644 --- a/source3/librpc/gen_ndr/ndr_samr.h +++ b/source3/librpc/gen_ndr/ndr_samr.h @@ -148,6 +148,12 @@ extern const struct ndr_interface_table ndr_table_samr; #define NDR_SAMR_VALIDATEPASSWORD (0x43) #define NDR_SAMR_CALL_COUNT (68) +enum ndr_err_code ndr_push_netr_SamDatabaseID(struct ndr_push *ndr, int ndr_flags, enum netr_SamDatabaseID r); +enum ndr_err_code ndr_pull_netr_SamDatabaseID(struct ndr_pull *ndr, int ndr_flags, enum netr_SamDatabaseID *r); +void ndr_print_netr_SamDatabaseID(struct ndr_print *ndr, const char *name, enum netr_SamDatabaseID r); +enum ndr_err_code ndr_push_samr_RejectReason(struct ndr_push *ndr, int ndr_flags, enum samr_RejectReason r); +enum ndr_err_code ndr_pull_samr_RejectReason(struct ndr_pull *ndr, int ndr_flags, enum samr_RejectReason *r); +void ndr_print_samr_RejectReason(struct ndr_print *ndr, const char *name, enum samr_RejectReason r); enum ndr_err_code ndr_push_samr_AcctFlags(struct ndr_push *ndr, int ndr_flags, uint32_t r); enum ndr_err_code ndr_pull_samr_AcctFlags(struct ndr_pull *ndr, int ndr_flags, uint32_t *r); void ndr_print_samr_AcctFlags(struct ndr_print *ndr, const char *name, uint32_t r); diff --git a/source3/librpc/gen_ndr/netlogon.h b/source3/librpc/gen_ndr/netlogon.h index 51cca4083b..4d9b549e75 100644 --- a/source3/librpc/gen_ndr/netlogon.h +++ b/source3/librpc/gen_ndr/netlogon.h @@ -8,6 +8,7 @@ #include "librpc/gen_ndr/security.h" #include "librpc/gen_ndr/nbt.h" #define netr_DeltaEnum8Bit netr_DeltaEnum +#define netr_SamDatabaseID8Bit netr_SamDatabaseID #ifndef _HEADER_netlogon #define _HEADER_netlogon @@ -15,6 +16,8 @@ #define DS_GFTI_UPDATE_TDO ( 0x1 ) enum netr_DeltaEnum8Bit; +enum netr_SamDatabaseID8Bit; + struct netr_UasInfo { const char *account_name;/* [unique,charset(UTF16)] */ uint32_t priv; diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index d900c29d5e..f0bbc58e64 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -36,6 +36,38 @@ #define SAMR_ENUM_USERS_MULTIPLIER ( 54 ) #define PASS_MUST_CHANGE_AT_NEXT_LOGON ( 0x01 ) #define PASS_DONT_CHANGE_AT_NEXT_LOGON ( 0x00 ) +enum netr_SamDatabaseID +#ifndef USE_UINT_ENUMS + { + SAM_DATABASE_DOMAIN=0, + SAM_DATABASE_BUILTIN=1, + SAM_DATABASE_PRIVS=2 +} +#else + { __donnot_use_enum_netr_SamDatabaseID=0x7FFFFFFF} +#define SAM_DATABASE_DOMAIN ( 0 ) +#define SAM_DATABASE_BUILTIN ( 1 ) +#define SAM_DATABASE_PRIVS ( 2 ) +#endif +; + +enum samr_RejectReason +#ifndef USE_UINT_ENUMS + { + SAMR_REJECT_OTHER=0, + SAMR_REJECT_TOO_SHORT=1, + SAMR_REJECT_IN_HISTORY=2, + SAMR_REJECT_COMPLEXITY=5 +} +#else + { __donnot_use_enum_samr_RejectReason=0x7FFFFFFF} +#define SAMR_REJECT_OTHER ( 0 ) +#define SAMR_REJECT_TOO_SHORT ( 1 ) +#define SAMR_REJECT_IN_HISTORY ( 2 ) +#define SAMR_REJECT_COMPLEXITY ( 5 ) +#endif +; + /* bitmap samr_AcctFlags */ #define ACB_DISABLED ( 0x00000001 ) #define ACB_HOMDIRREQ ( 0x00000002 ) -- cgit From 114f519233cd37bfd623db820e888469c75fab26 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 17:14:06 +0100 Subject: Fix the offset checks in the trans routines This fixes a potential crash bug, a client can make us read memory we should not read. Luckily I got the disp checks right... Volker (cherry picked from commit 64a1d80851da5b05e70ec6c96f6e9bd473748369) (cherry picked from commit f04c5650a3aeca23591ddc781c4b297caaf9bb3f) --- source3/smbd/ipc.c | 6 +++--- source3/smbd/nttrans.c | 6 +++--- source3/smbd/trans2.c | 6 +++--- 3 files changed, 9 insertions(+), 9 deletions(-) (limited to 'source3') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index 26a4212ec9..a617756a53 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -769,10 +769,10 @@ void reply_transs(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8a18c87903..329ba23ddd 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2818,10 +2818,10 @@ void reply_nttranss(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index c385c6ccb1..0c63588ccc 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7811,10 +7811,10 @@ void reply_transs2(struct smb_request *req) goto bad_param; } - if (ddisp > av_size || + if (doff > av_size || dcnt > av_size || - ddisp+dcnt > av_size || - ddisp+dcnt < ddisp) { + doff+dcnt > av_size || + doff+dcnt < doff) { goto bad_param; } -- cgit From e09f658be72b6304e541da02dce843de79488d1c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:18:39 +0100 Subject: s3-samr: add init_samr_user_info5. Guenther --- source3/include/proto.h | 19 +++++++++++++++++ source3/rpc_client/init_samr.c | 47 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 66 insertions(+) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index a02672351c..73be87b6fc 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5644,6 +5644,25 @@ void init_samr_alias_info1(struct samr_AliasInfoAll *r, const char *description); void init_samr_alias_info3(struct lsa_String *r, const char *description); +void init_samr_user_info5(struct samr_UserInfo5 *r, + const char *account_name, + const char *full_name, + uint32_t rid, + uint32_t primary_gid, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + NTTIME last_logon, + NTTIME last_logoff, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + NTTIME last_password_change, + NTTIME acct_expiry, + uint32_t acct_flags); void init_samr_user_info7(struct samr_UserInfo7 *r, const char *account_name); void init_samr_user_info9(struct samr_UserInfo9 *r, diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 283be0d98b..43809c03d1 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -251,6 +251,53 @@ void init_samr_alias_info3(struct lsa_String *r, init_lsa_String(r, description); } +/******************************************************************* + inits a samr_UserInfo5 structure. +********************************************************************/ + +void init_samr_user_info5(struct samr_UserInfo5 *r, + const char *account_name, + const char *full_name, + uint32_t rid, + uint32_t primary_gid, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + NTTIME last_logon, + NTTIME last_logoff, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + NTTIME last_password_change, + NTTIME acct_expiry, + uint32_t acct_flags) +{ + DEBUG(5, ("init_samr_user_info5\n")); + + init_lsa_String(&r->account_name, account_name); + init_lsa_String(&r->full_name, full_name); + r->rid = rid; + r->primary_gid = primary_gid; + init_lsa_String(&r->home_directory, home_directory); + init_lsa_String(&r->home_drive, home_drive); + init_lsa_String(&r->logon_script, logon_script); + init_lsa_String(&r->profile_path, profile_path); + init_lsa_String(&r->description, description); + init_lsa_String(&r->workstations, workstations); + r->last_logon = last_logon; + r->last_logoff = last_logoff; + r->logon_hours = logon_hours; + r->bad_password_count = bad_password_count; + r->logon_count = logon_count; + r->last_password_change = last_password_change; + r->acct_expiry = acct_expiry; + r->acct_flags = acct_flags; +} + + /******************************************************************* inits a samr_UserInfo7 structure. ********************************************************************/ -- cgit From bed91c0e463ed425288f7b4223739108c1fced45 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 12:21:37 +0100 Subject: s3-samr: add support for _samr_QueryUserInfo level 5. Guenther --- source3/rpc_server/srv_samr_nt.c | 108 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 108 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index ba9d911c2b..0623dfb4f9 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2248,6 +2248,108 @@ static NTSTATUS init_samr_parameters_string(TALLOC_CTX *mem_ctx, return NT_STATUS_OK; } +static NTSTATUS get_user_info_5(TALLOC_CTX *mem_ctx, + struct samr_UserInfo5 *r, + DOM_SID *user_sid, + DOM_SID *domain_sid) +{ + struct samu *pw = NULL; + bool ret; + const DOM_SID *sid_user, *sid_group; + uint32_t rid, primary_gid; + NTTIME last_logon, last_logoff, last_password_change, + acct_expiry; + const char *account_name, *full_name, *home_directory, *home_drive, + *logon_script, *profile_path, *description, + *workstations, *comment; + struct samr_LogonHours logon_hours; + + ZERO_STRUCTP(r); + + if (!(pw = samu_new(mem_ctx))) { + return NT_STATUS_NO_MEMORY; + } + + become_root(); + ret = pdb_getsampwsid(pw, user_sid); + unbecome_root(); + + if (ret == False) { + DEBUG(4,("User %s not found\n", sid_string_dbg(user_sid))); + TALLOC_FREE(pw); + return NT_STATUS_NO_SUCH_USER; + } + + samr_clear_sam_passwd(pw); + + DEBUG(3,("User:[%s]\n", pdb_get_username(pw))); + + sid_user = pdb_get_user_sid(pw); + + if (!sid_peek_check_rid(domain_sid, sid_user, &rid)) { + DEBUG(0, ("get_user_info_5: User %s has SID %s, \nwhich conflicts with " + "the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_user), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } + + become_root(); + sid_group = pdb_get_group_sid(pw); + unbecome_root(); + + if (!sid_peek_check_rid(domain_sid, sid_group, &primary_gid)) { + DEBUG(0, ("get_user_info_5: User %s has Primary Group SID %s, \n" + "which conflicts with the domain sid %s. Failing operation.\n", + pdb_get_username(pw), sid_string_dbg(sid_group), + sid_string_dbg(domain_sid))); + TALLOC_FREE(pw); + return NT_STATUS_UNSUCCESSFUL; + } + + unix_to_nt_time(&last_logon, pdb_get_logon_time(pw)); + unix_to_nt_time(&last_logoff, pdb_get_logoff_time(pw)); + unix_to_nt_time(&acct_expiry, pdb_get_kickoff_time(pw)); + unix_to_nt_time(&last_password_change, pdb_get_pass_last_set_time(pw)); + + account_name = talloc_strdup(mem_ctx, pdb_get_username(pw)); + full_name = talloc_strdup(mem_ctx, pdb_get_fullname(pw)); + home_directory = talloc_strdup(mem_ctx, pdb_get_homedir(pw)); + home_drive = talloc_strdup(mem_ctx, pdb_get_dir_drive(pw)); + logon_script = talloc_strdup(mem_ctx, pdb_get_logon_script(pw)); + profile_path = talloc_strdup(mem_ctx, pdb_get_profile_path(pw)); + description = talloc_strdup(mem_ctx, pdb_get_acct_desc(pw)); + workstations = talloc_strdup(mem_ctx, pdb_get_workstations(pw)); + comment = talloc_strdup(mem_ctx, pdb_get_comment(pw)); + + logon_hours = get_logon_hours_from_pdb(mem_ctx, pw); + + init_samr_user_info5(r, + account_name, + full_name, + rid, + primary_gid, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + last_logon, + last_logoff, + logon_hours, + pdb_get_bad_password_count(pw), + pdb_get_logon_count(pw), + last_password_change, + acct_expiry, + pdb_get_acct_ctrl(pw)); + + TALLOC_FREE(pw); + + return NT_STATUS_OK; +} + /************************************************************************* get_user_info_7. Safe. Only gives out account_name. *************************************************************************/ @@ -2677,6 +2779,12 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, DEBUG(5,("_samr_QueryUserInfo: user info level: %d\n", r->in.level)); switch (r->in.level) { + case 5: + status = get_user_info_5(p->mem_ctx, &user_info->info5, &info->sid, &domain_sid); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + break; case 7: status = get_user_info_7(p->mem_ctx, &user_info->info7, &info->sid); if (!NT_STATUS_IS_OK(status)) { -- cgit From 9c2ed82d07a4c989896610d91aa2ff1614c579aa Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 15:50:28 +0100 Subject: s3-samr: support samr_QueryUserInfo2 as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 0623dfb4f9..b0c317f22b 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -2837,6 +2837,21 @@ NTSTATUS _samr_QueryUserInfo(pipes_struct *p, return status; } +/**************************************************************** +****************************************************************/ + +NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, + struct samr_QueryUserInfo2 *r) +{ + struct samr_QueryUserInfo u; + + u.in.user_handle = r->in.user_handle; + u.in.level = r->in.level; + u.out.info = r->out.info; + + return _samr_QueryUserInfo(p, &u); +} + /******************************************************************* _samr_GetGroupsForUser ********************************************************************/ @@ -6012,16 +6027,6 @@ NTSTATUS _samr_TestPrivateFunctionsUser(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _samr_QueryUserInfo2(pipes_struct *p, - struct samr_QueryUserInfo2 *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - NTSTATUS _samr_AddMultipleMembersToAlias(pipes_struct *p, struct samr_AddMultipleMembersToAlias *r) { -- cgit From 5f9524a9561ba3b29113ac0d2894617f1c6c40e6 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 25 Nov 2008 15:51:35 +0100 Subject: s3-samr: support samr_CreateUser as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index b0c317f22b..4b8fa67208 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3396,6 +3396,26 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, return NT_STATUS_OK; } +/**************************************************************** +****************************************************************/ + +NTSTATUS _samr_CreateUser(pipes_struct *p, + struct samr_CreateUser *r) +{ + struct samr_CreateUser2 c; + uint32_t access_granted; + + c.in.domain_handle = r->in.domain_handle; + c.in.account_name = r->in.account_name; + c.in.acct_flags = ACB_NORMAL; + c.in.access_mask = r->in.access_mask; + c.out.user_handle = r->out.user_handle; + c.out.access_granted = &access_granted; + c.out.rid = r->out.rid; + + return _samr_CreateUser2(p, &c); +} + /******************************************************************* _samr_Connect ********************************************************************/ @@ -5977,16 +5997,6 @@ NTSTATUS _samr_Shutdown(pipes_struct *p, /**************************************************************** ****************************************************************/ -NTSTATUS _samr_CreateUser(pipes_struct *p, - struct samr_CreateUser *r) -{ - p->rng_fault_state = true; - return NT_STATUS_NOT_IMPLEMENTED; -} - -/**************************************************************** -****************************************************************/ - NTSTATUS _samr_SetMemberAttributesOfGroup(pipes_struct *p, struct samr_SetMemberAttributesOfGroup *r) { -- cgit From d94f3e3db35580af366017e100b2047b96d85a9d Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:21:49 +0100 Subject: s3-samr: avoid enumeration and user creation on builtin domain handle. Guenther --- source3/rpc_server/srv_samr_nt.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b8fa67208..71eec0a59c 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -1484,6 +1484,11 @@ NTSTATUS _samr_QueryDisplayInfo(pipes_struct *p, if (!find_policy_by_hnd(p, r->in.domain_handle, (void **)(void *)&info)) return NT_STATUS_INVALID_HANDLE; + if (info->builtin_domain) { + DEBUG(5,("_samr_QueryDisplayInfo: Nothing in BUILTIN\n")); + return NT_STATUS_OK; + } + status = access_check_samr_function(info->acc_granted, SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS, "_samr_QueryDisplayInfo"); @@ -3281,6 +3286,11 @@ NTSTATUS _samr_CreateUser2(pipes_struct *p, &disp_info)) return NT_STATUS_INVALID_HANDLE; + if (disp_info->builtin_domain) { + DEBUG(5,("_samr_CreateUser2: Refusing user create in BUILTIN\n")); + return NT_STATUS_ACCESS_DENIED; + } + nt_status = access_check_samr_function(acc_granted, SAMR_DOMAIN_ACCESS_CREATE_USER, "_samr_CreateUser2"); -- cgit From e398eed15a7a94d2a53d3bb865927a9db411008c Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:22:39 +0100 Subject: s3-samr: fix return code for invalid name in _samr_LookupDomain. Guenther --- source3/rpc_server/srv_samr_nt.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 71eec0a59c..537d58fac1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3650,6 +3650,9 @@ NTSTATUS _samr_LookupDomain(pipes_struct *p, } domain_name = r->in.domain_name->string; + if (!domain_name) { + return NT_STATUS_INVALID_PARAMETER; + } sid = TALLOC_ZERO_P(p->mem_ctx, struct dom_sid2); if (!sid) { -- cgit From 257d99d0cd441697d67b52f3e7c260c17a4a0916 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 01:25:46 +0100 Subject: s3-samr: fix return code for invalid password sets in SetUserInfo. Guenther --- source3/rpc_server/srv_samr_nt.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 537d58fac1..332d41b1b0 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -4053,7 +4053,7 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, &len, STR_UNICODE)) { TALLOC_FREE(pwd); - return NT_STATUS_INVALID_PARAMETER; + return NT_STATUS_WRONG_PASSWORD; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { @@ -4410,7 +4410,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, if (!set_user_info_pw(info->info24.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; @@ -4431,7 +4431,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, } if (!set_user_info_pw(info->info25.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; @@ -4447,7 +4447,7 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, if (!set_user_info_pw(info->info26.password.data, pwd, switch_value)) { - status = NT_STATUS_ACCESS_DENIED; + status = NT_STATUS_WRONG_PASSWORD; } break; -- cgit From 6a627b440e8b3f42db2a8a27047dd3482bad0d28 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 27 Nov 2008 17:29:30 +0100 Subject: s3-samr: never allow to alter pwdlastset directly. Guenther --- source3/rpc_server/srv_samr_nt.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 332d41b1b0..c45be02ab8 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3959,6 +3959,11 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + /* we need to separately check for an account rename first */ if (id21->account_name.string && @@ -4042,6 +4047,12 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + + DEBUG(5, ("Attempting administrator password change (level 23) for user %s\n", pdb_get_username(pwd))); @@ -4220,6 +4231,11 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, return NT_STATUS_INVALID_PARAMETER; } + if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { + TALLOC_FREE(pwd); + return NT_STATUS_ACCESS_DENIED; + } + copy_id25_to_sam_passwd(pwd, id25); /* write the change out */ -- cgit From 599707c87a739811ba426e44b11189e1ddba078e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 15:44:20 +0100 Subject: Remove two direct inbuf references from reply_sesssetup_and_X_spnego() --- source3/smbd/sesssetup.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c index fde6cdc160..24a201013a 100644 --- a/source3/smbd/sesssetup.c +++ b/source3/smbd/sesssetup.c @@ -1171,7 +1171,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) const char *p2; uint16 data_blob_len = SVAL(req->vwv+7, 0); enum remote_arch_types ra_type = get_remote_arch(); - int vuid = SVAL(req->inbuf,smb_uid); + int vuid = req->vuid; user_struct *vuser = NULL; NTSTATUS status = NT_STATUS_OK; uint16 smbpid = req->smbpid; @@ -1203,7 +1203,7 @@ static void reply_sesssetup_and_X_spnego(struct smb_request *req) file_save("negotiate.dat", blob1.data, blob1.length); #endif - p2 = (char *)req->inbuf + smb_vwv13 + data_blob_len; + p2 = (char *)req->buf + data_blob_len; p2 += srvstr_pull_req_talloc(talloc_tos(), req, &tmp, p2, STR_TERMINATE); -- cgit From 4a322398c5ffaf238eba1e7bfbe47e2d093c7c4d Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:03:07 +0100 Subject: Remove an unused variable --- source3/smbd/trans2.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 0c63588ccc..3a28bd424f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7533,7 +7533,6 @@ void reply_trans2(struct smb_request *req) unsigned int psoff; unsigned int pscnt; unsigned int tran_call; - unsigned int size; unsigned int av_size; struct trans_state *state; NTSTATUS result; @@ -7551,7 +7550,6 @@ void reply_trans2(struct smb_request *req) psoff = SVAL(req->vwv+10, 0); pscnt = SVAL(req->vwv+9, 0); tran_call = SVAL(req->vwv+14, 0); - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); result = allow_new_trans(conn->pending_trans, req->mid); -- cgit From 9da3101e449649f0614240f13157ac81e17b2e90 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:14:12 +0100 Subject: Remove the variable "size" from reply_trans This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker --- source3/smbd/ipc.c | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) (limited to 'source3') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index a617756a53..bf9b1d87c5 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -503,7 +503,6 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - unsigned int size; unsigned int av_size; START_PROFILE(SMBtrans); @@ -514,7 +513,6 @@ void reply_trans(struct smb_request *req) return; } - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); dsoff = SVAL(req->vwv+12, 0); dscnt = SVAL(req->vwv+11, 0); @@ -624,6 +622,19 @@ void reply_trans(struct smb_request *req) if (state->setup_count) { unsigned int i; + + /* + * No overflow possible here, state->setup_count is an + * unsigned int, being filled by a single byte from + * CVAL(req->vwv+13, 0) above. The cast in the comparison + * below is not necessary, it's here to clarify things. The + * validity of req->vwv and req->wct has been checked in + * init_smb_request already. + */ + if (state->setup_count + 14 > (unsigned int)req->wct) { + goto bad_param; + } + if((state->setup = TALLOC_ARRAY( state, uint16, state->setup_count)) == NULL) { DEBUG(0,("reply_trans: setup malloc fail for %u " @@ -636,17 +647,10 @@ void reply_trans(struct smb_request *req) END_PROFILE(SMBtrans); return; } - if (req->inbuf+smb_vwv14+(state->setup_count*SIZEOFWORD) > - req->inbuf + size) - goto bad_param; - if ((smb_vwv14+(state->setup_count*SIZEOFWORD) < smb_vwv14) || - (smb_vwv14+(state->setup_count*SIZEOFWORD) < - (state->setup_count*SIZEOFWORD))) - goto bad_param; - for (i=0;isetup_count;i++) - state->setup[i] = SVAL(req->inbuf, - smb_vwv14+i*SIZEOFWORD); + for (i=0;isetup_count;i++) { + state->setup[i] = SVAL(req->vwv + 14 + i, 0); + } } state->received_param = pscnt; -- cgit From 738271fc2026b2911b7d20a73496989641714df3 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:14:12 +0100 Subject: Remove the variable "size" from reply_nttrans This converts the range checks for the setup[] array to rely on req->wct being set correctly in init_smb_request. As that already verifies the vwv array to be in the range of the smb_request inbuf, we don't have to do overflow checks here anymore. Jeremy, please check thoroughly! :-) Thanks, Volker --- source3/smbd/nttrans.c | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 329ba23ddd..b516f02c21 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2529,7 +2529,6 @@ void reply_nttrans(struct smb_request *req) uint16 function_code; NTSTATUS result; struct trans_state *state; - uint32_t size; uint32_t av_size; START_PROFILE(SMBnttrans); @@ -2540,7 +2539,6 @@ void reply_nttrans(struct smb_request *req) return; } - size = smb_len(req->inbuf) + 4; av_size = smb_len(req->inbuf); pscnt = IVAL(req->vwv+9, 1); psoff = IVAL(req->vwv+11, 1); @@ -2676,6 +2674,19 @@ void reply_nttrans(struct smb_request *req) if(state->setup_count > 0) { DEBUG(10,("reply_nttrans: state->setup_count = %d\n", state->setup_count)); + + /* + * No overflow possible here, state->setup_count is an + * unsigned int, being filled by a single byte from + * CVAL(req->vwv+13, 0) above. The cast in the comparison + * below is not necessary, it's here to clarify things. The + * validity of req->vwv and req->wct has been checked in + * init_smb_request already. + */ + if ((state->setup_count/2) + 19 > (unsigned int)req->wct) { + goto bad_param; + } + state->setup = (uint16 *)TALLOC(state, state->setup_count); if (state->setup == NULL) { DEBUG(0,("reply_nttrans : Out of memory\n")); @@ -2687,14 +2698,6 @@ void reply_nttrans(struct smb_request *req) return; } - if ((smb_nt_SetupStart + state->setup_count < smb_nt_SetupStart) || - (smb_nt_SetupStart + state->setup_count < state->setup_count)) { - goto bad_param; - } - if (smb_nt_SetupStart + state->setup_count > size) { - goto bad_param; - } - memcpy(state->setup, req->vwv+19, state->setup_count); dump_data(10, (uint8 *)state->setup, state->setup_count); } -- cgit From 9a3be6f0f8e120797a02fa1be60b51812cfd86f5 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 16:48:20 +0100 Subject: Move cli_trans_oob to lib/util.c Rename it to trans_oob, it will be used in the server routines. --- source3/include/proto.h | 1 + source3/lib/util.c | 19 +++++++++++++++++++ source3/libsmb/clitrans.c | 21 ++++----------------- 3 files changed, 24 insertions(+), 17 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 73be87b6fc..71f12a6844 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ char *procid_str_static(const struct server_id *pid); bool procid_valid(const struct server_id *pid); bool procid_is_local(const struct server_id *pid); int this_is_smp(void); +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length); bool is_offset_safe(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); char *get_safe_str_ptr(const char *buf_base, size_t buf_len, char *ptr, size_t off); diff --git a/source3/lib/util.c b/source3/lib/util.c index 5007fb72ef..074b523ae0 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -2878,6 +2878,25 @@ int this_is_smp(void) #endif } +/**************************************************************** + Check if offset/length fit into bufsize. Should probably be + merged with is_offset_safe, but this would require a rewrite + of lanman.c. Later :-) +****************************************************************/ + +bool trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) +{ + if ((offset + length < offset) || (offset + length < length)) { + /* wrap */ + return true; + } + if ((offset > bufsize) || (offset + length > bufsize)) { + /* overflow */ + return true; + } + return false; +} + /**************************************************************** Check if an offset into a buffer is safe. If this returns True it's safe to indirect into the byte at diff --git a/source3/libsmb/clitrans.c b/source3/libsmb/clitrans.c index c929f0b7a9..bbdfb75fcd 100644 --- a/source3/libsmb/clitrans.c +++ b/source3/libsmb/clitrans.c @@ -978,19 +978,6 @@ static void cli_trans_ship_rest(struct async_req *req, } } -static bool cli_trans_oob(uint32_t bufsize, uint32_t offset, uint32_t length) -{ - if ((offset + length < offset) || (offset + length < length)) { - /* wrap */ - return true; - } - if ((offset > bufsize) || (offset + length > bufsize)) { - /* overflow */ - return true; - } - return false; -} - static NTSTATUS cli_pull_trans(struct async_req *req, struct cli_request *cli_req, uint8_t smb_cmd, bool expect_first_reply, @@ -1072,10 +1059,10 @@ static NTSTATUS cli_pull_trans(struct async_req *req, * length. Likewise for param_ofs/param_disp. */ - if (cli_trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) - || cli_trans_oob(*ptotal_param, *pparam_disp, *pnum_param) - || cli_trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) - || cli_trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { + if (trans_oob(smb_len(cli_req->inbuf), param_ofs, *pnum_param) + || trans_oob(*ptotal_param, *pparam_disp, *pnum_param) + || trans_oob(smb_len(cli_req->inbuf), data_ofs, *pnum_data) + || trans_oob(*ptotal_data, *pdata_disp, *pnum_data)) { return NT_STATUS_INVALID_NETWORK_RESPONSE; } -- cgit From 2719216d60088eb3f10a2e3e968f15e8089b5491 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 8 Nov 2008 17:08:57 +0100 Subject: Consolidate the buffer checks for the reply_trans style functions This is the one where I found the problem that led to 3.2.5. So if there is one checkin in the last year that I would like others to review and *understand*, it is this one :-) Volker --- source3/smbd/ipc.c | 73 ++++++++++++------------------------------------ source3/smbd/nttrans.c | 75 ++++++++++++-------------------------------------- source3/smbd/trans2.c | 75 ++++++++++++-------------------------------------- 3 files changed, 54 insertions(+), 169 deletions(-) (limited to 'source3') diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index bf9b1d87c5..649ead4682 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -503,7 +503,6 @@ void reply_trans(struct smb_request *req) unsigned int pscnt; struct trans_state *state; NTSTATUS result; - unsigned int av_size; START_PROFILE(SMBtrans); @@ -513,7 +512,6 @@ void reply_trans(struct smb_request *req) return; } - av_size = smb_len(req->inbuf); dsoff = SVAL(req->vwv+12, 0); dscnt = SVAL(req->vwv+11, 0); psoff = SVAL(req->vwv+10, 0); @@ -559,6 +557,12 @@ void reply_trans(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many. */ state->data = (char *)SMB_MALLOC(state->total_data+100); @@ -573,21 +577,16 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(&state->data[state->total_data], 0, 100); - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. Out of paranoia, 100 bytes too many */ state->param = (char *)SMB_MALLOC(state->total_param+100); @@ -603,17 +602,6 @@ void reply_trans(struct smb_request *req) /* null-terminate the slack space */ memset(&state->param[state->total_param], 0, 100); - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -696,7 +684,6 @@ void reply_transs(struct smb_request *req) connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - unsigned int av_size; START_PROFILE(SMBtranss); @@ -729,8 +716,6 @@ void reply_transs(struct smb_request *req) if (SVAL(req->vwv+1, 0) < state->total_data) state->total_data = SVAL(req->vwv+1, 0); - av_size = smb_len(req->inbuf); - pcnt = SVAL(req->vwv+2, 0); poff = SVAL(req->vwv+3, 0); pdisp = SVAL(req->vwv+4, 0); @@ -747,41 +732,19 @@ void reply_transs(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index b516f02c21..fe2029eeed 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2529,7 +2529,6 @@ void reply_nttrans(struct smb_request *req) uint16 function_code; NTSTATUS result; struct trans_state *state; - uint32_t av_size; START_PROFILE(SMBnttrans); @@ -2539,7 +2538,6 @@ void reply_nttrans(struct smb_request *req) return; } - av_size = smb_len(req->inbuf); pscnt = IVAL(req->vwv+9, 1); psoff = IVAL(req->vwv+11, 1); dscnt = IVAL(req->vwv+13, 1); @@ -2616,6 +2614,12 @@ void reply_nttrans(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ if ((state->data = (char *)SMB_MALLOC(state->total_data)) == NULL) { @@ -2627,21 +2631,16 @@ void reply_nttrans(struct smb_request *req) return; } - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ if ((state->param = (char *)SMB_MALLOC(state->total_param)) == NULL) { @@ -2654,17 +2653,6 @@ void reply_nttrans(struct smb_request *req) return; } - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -2741,8 +2729,6 @@ void reply_nttranss(struct smb_request *req) connection_struct *conn = req->conn; uint32_t pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - uint32_t av_size; - uint32_t size; START_PROFILE(SMBnttranss); @@ -2776,9 +2762,6 @@ void reply_nttranss(struct smb_request *req) state->total_data = IVAL(req->vwv+3, 1); } - size = smb_len(req->inbuf) + 4; - av_size = smb_len(req->inbuf); - pcnt = IVAL(req->vwv+5, 1); poff = IVAL(req->vwv+7, 1); pdisp = IVAL(req->vwv+9, 1); @@ -2795,41 +2778,19 @@ void reply_nttranss(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp, smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp, smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 3a28bd424f..cc8c61175b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7533,7 +7533,6 @@ void reply_trans2(struct smb_request *req) unsigned int psoff; unsigned int pscnt; unsigned int tran_call; - unsigned int av_size; struct trans_state *state; NTSTATUS result; @@ -7550,7 +7549,6 @@ void reply_trans2(struct smb_request *req) psoff = SVAL(req->vwv+10, 0); pscnt = SVAL(req->vwv+9, 0); tran_call = SVAL(req->vwv+14, 0); - av_size = smb_len(req->inbuf); result = allow_new_trans(conn->pending_trans, req->mid); if (!NT_STATUS_IS_OK(result)) { @@ -7632,6 +7630,12 @@ void reply_trans2(struct smb_request *req) goto bad_param; if (state->total_data) { + + if (trans_oob(state->total_data, 0, dscnt) + || trans_oob(smb_len(req->inbuf), dsoff, dscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ state->data = (char *)SMB_MALLOC(state->total_data); @@ -7644,21 +7648,16 @@ void reply_trans2(struct smb_request *req) return; } - if (dscnt > state->total_data || - dsoff+dscnt < dsoff) { - goto bad_param; - } - - if (dsoff > av_size || - dscnt > av_size || - dsoff+dscnt > av_size) { - goto bad_param; - } - memcpy(state->data,smb_base(req->inbuf)+dsoff,dscnt); } if (state->total_param) { + + if (trans_oob(state->total_param, 0, pscnt) + || trans_oob(smb_len(req->inbuf), psoff, pscnt)) { + goto bad_param; + } + /* Can't use talloc here, the core routines do realloc on the * params and data. */ state->param = (char *)SMB_MALLOC(state->total_param); @@ -7672,17 +7671,6 @@ void reply_trans2(struct smb_request *req) return; } - if (pscnt > state->total_param || - psoff+pscnt < psoff) { - goto bad_param; - } - - if (psoff > av_size || - pscnt > av_size || - psoff+pscnt > av_size) { - goto bad_param; - } - memcpy(state->param,smb_base(req->inbuf)+psoff,pscnt); } @@ -7730,8 +7718,6 @@ void reply_transs2(struct smb_request *req) connection_struct *conn = req->conn; unsigned int pcnt,poff,dcnt,doff,pdisp,ddisp; struct trans_state *state; - unsigned int size; - unsigned int av_size; START_PROFILE(SMBtranss2); @@ -7743,9 +7729,6 @@ void reply_transs2(struct smb_request *req) return; } - size = smb_len(req->inbuf)+4; - av_size = smb_len(req->inbuf); - for (state = conn->pending_trans; state != NULL; state = state->next) { if (state->mid == req->mid) { @@ -7783,41 +7766,19 @@ void reply_transs2(struct smb_request *req) goto bad_param; if (pcnt) { - if (pdisp > state->total_param || - pcnt > state->total_param || - pdisp+pcnt > state->total_param || - pdisp+pcnt < pdisp) { - goto bad_param; - } - - if (poff > av_size || - pcnt > av_size || - poff+pcnt > av_size || - poff+pcnt < poff) { + if (trans_oob(state->total_param, pdisp, pcnt) + || trans_oob(smb_len(req->inbuf), poff, pcnt)) { goto bad_param; } - - memcpy(state->param+pdisp,smb_base(req->inbuf)+poff, - pcnt); + memcpy(state->param+pdisp,smb_base(req->inbuf)+poff,pcnt); } if (dcnt) { - if (ddisp > state->total_data || - dcnt > state->total_data || - ddisp+dcnt > state->total_data || - ddisp+dcnt < ddisp) { + if (trans_oob(state->total_data, ddisp, dcnt) + || trans_oob(smb_len(req->inbuf), doff, dcnt)) { goto bad_param; } - - if (doff > av_size || - dcnt > av_size || - doff+dcnt > av_size || - doff+dcnt < doff) { - goto bad_param; - } - - memcpy(state->data+ddisp, smb_base(req->inbuf)+doff, - dcnt); + memcpy(state->data+ddisp, smb_base(req->inbuf)+doff,dcnt); } if ((state->received_param < state->total_param) || -- cgit From a790dcbc4ec2f3b29045ab9919cca5a9ca038e26 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 9 Nov 2008 12:07:57 +0100 Subject: Remove inbuf references from the trans2ioctl code --- source3/smbd/trans2.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cc8c61175b..4dc2001042 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -7269,8 +7269,8 @@ static void call_trans2ioctl(connection_struct *conn, return; } - if ((SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL) - && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + if ((SVAL(req->vwv+16, 0) == LMCAT_SPL) + && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) { *ppdata = (char *)SMB_REALLOC(*ppdata, 32); if (*ppdata == NULL) { reply_nterror(req, NT_STATUS_NO_MEMORY); @@ -7613,8 +7613,8 @@ void reply_trans2(struct smb_request *req) */ if ( (state->setup_count == 4) && (tran_call == TRANSACT2_IOCTL) - && (SVAL(req->inbuf,(smb_setup+4)) == LMCAT_SPL) - && (SVAL(req->inbuf,(smb_setup+6)) == LMFUNC_GETJOBID)) { + && (SVAL(req->vwv+16, 0) == LMCAT_SPL) + && (SVAL(req->vwv+17, 0) == LMFUNC_GETJOBID)) { DEBUG(2,("Got Trans2 DevIOctl jobid\n")); } else { DEBUG(2,("Invalid smb_sucnt in trans2 call(%u)\n",state->setup_count)); -- cgit From 2bb90b7a88518844c1fcb8177cefcbc5b8ecda99 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 9 Nov 2008 17:25:40 +0100 Subject: Remove "conn" parameter from np_open, smb_request contains it --- source3/include/proto.h | 4 ++-- source3/rpc_server/srv_pipe_hnd.c | 5 +++-- source3/smbd/nttrans.c | 2 +- source3/smbd/pipes.c | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 71f12a6844..59df098d0d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6996,8 +6996,8 @@ pipes_struct *get_next_internal_pipe(pipes_struct *p); void init_rpc_pipe_hnd(void); bool fsp_is_np(struct files_struct *fsp); -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, - const char *name, struct files_struct **pfsp); +NTSTATUS np_open(struct smb_request *smb_req, const char *name, + struct files_struct **pfsp); NTSTATUS np_write(struct files_struct *fsp, const uint8_t *data, size_t len, ssize_t *nwritten); NTSTATUS np_read(struct files_struct *fsp, uint8_t *data, size_t len, diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index 03a0f72b33..1cff95dcab 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -1078,9 +1078,10 @@ static struct np_proxy_state *make_external_rpc_pipe_p(TALLOC_CTX *mem_ctx, return NULL; } -NTSTATUS np_open(struct smb_request *smb_req, struct connection_struct *conn, - const char *name, struct files_struct **pfsp) +NTSTATUS np_open(struct smb_request *smb_req, const char *name, + struct files_struct **pfsp) { + struct connection_struct *conn = smb_req->conn; NTSTATUS status; struct files_struct *fsp; const char **proxy_list; diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index fe2029eeed..18dd7d5c26 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -284,7 +284,7 @@ static void nt_open_pipe(char *fname, connection_struct *conn, /* Strip \\ off the name. */ fname++; - status = np_open(req, conn, fname, &fsp); + status = np_open(req, fname, &fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c index b52b1b02d0..261f12cb08 100644 --- a/source3/smbd/pipes.c +++ b/source3/smbd/pipes.c @@ -78,7 +78,7 @@ void reply_open_pipe_and_X(connection_struct *conn, struct smb_request *req) } #endif - status = np_open(req, conn, fname, &fsp); + status = np_open(req, fname, &fsp); if (!NT_STATUS_IS_OK(status)) { if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) { reply_botherror(req, NT_STATUS_OBJECT_NAME_NOT_FOUND, -- cgit From 408cd5b09d5079d73f0ea8819a4505a04e40f8ea Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Nov 2008 16:32:18 +0100 Subject: s3-build: re-run make samba3-idl. Guenther --- source3/librpc/gen_ndr/ndr_samr.c | 12 ++++++------ source3/librpc/gen_ndr/samr.h | 4 ++-- 2 files changed, 8 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/librpc/gen_ndr/ndr_samr.c b/source3/librpc/gen_ndr/ndr_samr.c index 52b8c72f75..40082e7f04 100644 --- a/source3/librpc/gen_ndr/ndr_samr.c +++ b/source3/librpc/gen_ndr/ndr_samr.c @@ -3014,7 +3014,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo24(struct ndr_push *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); NDR_CHECK(ndr_push_samr_CryptPassword(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3026,7 +3026,7 @@ static enum ndr_err_code ndr_pull_samr_UserInfo24(struct ndr_pull *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); NDR_CHECK(ndr_pull_samr_CryptPassword(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3038,7 +3038,7 @@ _PUBLIC_ void ndr_print_samr_UserInfo24(struct ndr_print *ndr, const char *name, ndr_print_struct(ndr, name, "samr_UserInfo24"); ndr->depth++; ndr_print_samr_CryptPassword(ndr, "password", &r->password); - ndr_print_uint8(ndr, "pw_len", r->pw_len); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } @@ -3127,7 +3127,7 @@ static enum ndr_err_code ndr_push_samr_UserInfo26(struct ndr_push *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_push_align(ndr, 1)); NDR_CHECK(ndr_push_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->pw_len)); + NDR_CHECK(ndr_push_uint8(ndr, NDR_SCALARS, r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3139,7 +3139,7 @@ static enum ndr_err_code ndr_pull_samr_UserInfo26(struct ndr_pull *ndr, int ndr_ if (ndr_flags & NDR_SCALARS) { NDR_CHECK(ndr_pull_align(ndr, 1)); NDR_CHECK(ndr_pull_samr_CryptPasswordEx(ndr, NDR_SCALARS, &r->password)); - NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->pw_len)); + NDR_CHECK(ndr_pull_uint8(ndr, NDR_SCALARS, &r->password_expired)); } if (ndr_flags & NDR_BUFFERS) { } @@ -3151,7 +3151,7 @@ _PUBLIC_ void ndr_print_samr_UserInfo26(struct ndr_print *ndr, const char *name, ndr_print_struct(ndr, name, "samr_UserInfo26"); ndr->depth++; ndr_print_samr_CryptPasswordEx(ndr, "password", &r->password); - ndr_print_uint8(ndr, "pw_len", r->pw_len); + ndr_print_uint8(ndr, "password_expired", r->password_expired); ndr->depth--; } diff --git a/source3/librpc/gen_ndr/samr.h b/source3/librpc/gen_ndr/samr.h index f0bbc58e64..9e7e3c5c69 100644 --- a/source3/librpc/gen_ndr/samr.h +++ b/source3/librpc/gen_ndr/samr.h @@ -554,7 +554,7 @@ struct samr_UserInfo23 { struct samr_UserInfo24 { struct samr_CryptPassword password; - uint8_t pw_len; + uint8_t password_expired; }; struct samr_CryptPasswordEx { @@ -568,7 +568,7 @@ struct samr_UserInfo25 { struct samr_UserInfo26 { struct samr_CryptPasswordEx password; - uint8_t pw_len; + uint8_t password_expired; }; union samr_UserInfo { -- cgit From 4d7485df96b45054aa8f4fcac38b25847f34ca87 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 24 Nov 2008 18:49:37 +0100 Subject: s3-samr: fix init_samr_user_info{23,24} callers. Guenther --- source3/include/proto.h | 7 +++---- source3/libnet/libnet_join.c | 3 ++- source3/rpc_client/init_samr.c | 13 ++++++------- source3/utils/net_rpc.c | 2 +- source3/utils/net_rpc_join.c | 3 ++- 5 files changed, 14 insertions(+), 14 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 59df098d0d..0087b5bb4d 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5733,11 +5733,10 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint8_t nt_password_set, uint8_t lm_password_set, uint8_t password_expired, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf); void init_samr_user_info24(struct samr_UserInfo24 *r, - uint8_t data[516], - uint8_t pw_len); + struct samr_CryptPassword *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index bd127f8607..498c7af3f0 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -941,7 +941,8 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, &cli->user_session_key, &crypt_pwd); - init_samr_user_info24(&user_info.info24, crypt_pwd.data, 24); + init_samr_user_info24(&user_info.info24, &crypt_pwd, + PASS_DONT_CHANGE_AT_NEXT_LOGON); status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 43809c03d1..19dd0b3c09 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -457,8 +457,7 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, uint8_t nt_password_set, uint8_t lm_password_set, uint8_t password_expired, - uint8_t data[516], - uint8_t pw_len) + struct samr_CryptPassword *pwd_buf) { memset(r, '\0', sizeof(*r)); init_samr_user_info21(&r->info, @@ -491,7 +490,7 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, lm_password_set, password_expired); - memcpy(r->password.data, data, sizeof(r->password.data)); + r->password = *pwd_buf; } /************************************************************************* @@ -499,13 +498,13 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, *************************************************************************/ void init_samr_user_info24(struct samr_UserInfo24 *r, - uint8_t data[516], - uint8_t pw_len) + struct samr_CryptPassword *pwd_buf, + uint8_t password_expired) { DEBUG(10, ("init_samr_user_info24:\n")); - memcpy(r->password.data, data, sizeof(r->password.data)); - r->pw_len = pw_len; + r->password = *pwd_buf; + r->password_expired = password_expired; } /************************************************************************* diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c index 8c79cea021..3c8ce0326e 100644 --- a/source3/utils/net_rpc.c +++ b/source3/utils/net_rpc.c @@ -5253,7 +5253,7 @@ static NTSTATUS rpc_trustdom_add_internals(struct net_context *c, 0, 0, ACB_DOMTRUST, SAMR_FIELD_ACCT_FLAGS, hours, 0, 0, 0, 0, 0, 0, 0, - crypt_pwd.data, 24); + &crypt_pwd); result = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, diff --git a/source3/utils/net_rpc_join.c b/source3/utils/net_rpc_join.c index 2fe464a000..8070a6282b 100644 --- a/source3/utils/net_rpc_join.c +++ b/source3/utils/net_rpc_join.c @@ -339,7 +339,8 @@ int net_rpc_join_newstyle(struct net_context *c, int argc, const char **argv) &cli->user_session_key, &crypt_pwd); - init_samr_user_info24(&set_info.info24, crypt_pwd.data, 24); + init_samr_user_info24(&set_info.info24, &crypt_pwd, + PASS_DONT_CHANGE_AT_NEXT_LOGON); CHECK_RPC_ERR(rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, &user_pol, -- cgit From 143097d71c15c1624446b56205639e0b863d35fe Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 28 Nov 2008 11:15:29 +0100 Subject: s3-samr: add init_samr_user_info25 and init_samr_user_info26. Guenther --- source3/include/proto.h | 33 ++++++++++++++++ source3/rpc_client/init_samr.c | 85 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 118 insertions(+) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 0087b5bb4d..2dd9b61b56 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -5737,6 +5737,39 @@ void init_samr_user_info23(struct samr_UserInfo23 *r, void init_samr_user_info24(struct samr_UserInfo24 *r, struct samr_CryptPassword *pwd_buf, uint8_t password_expired); +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + struct samr_CryptPasswordEx *pwd_buf); +void init_samr_user_info26(struct samr_UserInfo26 *r, + struct samr_CryptPasswordEx *pwd_buf, + uint8_t password_expired); void init_samr_CryptPasswordEx(const char *pwd, DATA_BLOB *session_key, struct samr_CryptPasswordEx *pwd_buf); diff --git a/source3/rpc_client/init_samr.c b/source3/rpc_client/init_samr.c index 19dd0b3c09..473fae73af 100644 --- a/source3/rpc_client/init_samr.c +++ b/source3/rpc_client/init_samr.c @@ -507,6 +507,91 @@ void init_samr_user_info24(struct samr_UserInfo24 *r, r->password_expired = password_expired; } +/************************************************************************* + init_samr_user_info25 + *************************************************************************/ + +void init_samr_user_info25(struct samr_UserInfo25 *r, + NTTIME last_logon, + NTTIME last_logoff, + NTTIME last_password_change, + NTTIME acct_expiry, + NTTIME allow_password_change, + NTTIME force_password_change, + const char *account_name, + const char *full_name, + const char *home_directory, + const char *home_drive, + const char *logon_script, + const char *profile_path, + const char *description, + const char *workstations, + const char *comment, + struct lsa_BinaryString *parameters, + uint32_t rid, + uint32_t primary_gid, + uint32_t acct_flags, + uint32_t fields_present, + struct samr_LogonHours logon_hours, + uint16_t bad_password_count, + uint16_t logon_count, + uint16_t country_code, + uint16_t code_page, + uint8_t nt_password_set, + uint8_t lm_password_set, + uint8_t password_expired, + struct samr_CryptPasswordEx *pwd_buf) +{ + DEBUG(10, ("init_samr_user_info25:\n")); + + memset(r, '\0', sizeof(*r)); + init_samr_user_info21(&r->info, + last_logon, + last_logoff, + last_password_change, + acct_expiry, + allow_password_change, + force_password_change, + account_name, + full_name, + home_directory, + home_drive, + logon_script, + profile_path, + description, + workstations, + comment, + parameters, + rid, + primary_gid, + acct_flags, + fields_present, + logon_hours, + bad_password_count, + logon_count, + country_code, + code_page, + nt_password_set, + lm_password_set, + password_expired); + + r->password = *pwd_buf; +} + +/************************************************************************* + init_samr_user_info26 + *************************************************************************/ + +void init_samr_user_info26(struct samr_UserInfo26 *r, + struct samr_CryptPasswordEx *pwd_buf, + uint8_t password_expired) +{ + DEBUG(10, ("init_samr_user_info26:\n")); + + r->password = *pwd_buf; + r->password_expired = password_expired; +} + /************************************************************************* inits a samr_CryptPasswordEx structure *************************************************************************/ -- cgit From 42adfd1be2237bbe5430fe972143b548b42f6edb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Nov 2008 00:10:18 +0100 Subject: s3-libnetjoin: remove unused md4_trust_password, found by metze. Guenther --- source3/libnet/libnet_join.c | 5 ----- 1 file changed, 5 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index 498c7af3f0..d9335b6a4b 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -762,7 +762,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, struct lsa_String lsa_acct_name; uint32_t user_rid; uint32_t acct_flags = ACB_WSTRUST; - uchar md4_trust_password[16]; struct samr_Ids user_rids; struct samr_Ids name_types; union samr_UserInfo user_info; @@ -898,10 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - /* Create a random machine account password and generate the hash */ - - E_md4hash(r->in.machine_password, md4_trust_password); - init_samr_CryptPasswordEx(r->in.machine_password, &cli->user_session_key, &crypt_pwd_ex); -- cgit From 28099876f9a39f56a54fd2540532309c0d1e2877 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Sat, 29 Nov 2008 00:12:26 +0100 Subject: s3-libnetjoin: Fix bug #5749. Re-set acctflags while joining. fix from metze. Guenther --- source3/libnet/libnet_join.c | 45 ++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) (limited to 'source3') diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c index d9335b6a4b..908fb78ab4 100644 --- a/source3/libnet/libnet_join.c +++ b/source3/libnet/libnet_join.c @@ -897,10 +897,6 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, goto done; } - init_samr_CryptPasswordEx(r->in.machine_password, - &cli->user_session_key, - &crypt_pwd_ex); - /* Fill in the additional account flags now */ acct_flags |= ACB_PWNOEXP; @@ -911,23 +907,40 @@ static NTSTATUS libnet_join_joindomain_rpc(TALLOC_CTX *mem_ctx, ;; } - /* Set password and account flags on machine account */ - - ZERO_STRUCT(user_info.info25); - - user_info.info25.info.fields_present = ACCT_NT_PWD_SET | - ACCT_LM_PWD_SET | - SAMR_FIELD_ACCT_FLAGS; - - user_info.info25.info.acct_flags = acct_flags; - memcpy(&user_info.info25.password.data, crypt_pwd_ex.data, - sizeof(crypt_pwd_ex.data)); + /* Set account flags on machine account */ + ZERO_STRUCT(user_info.info16); + user_info.info16.acct_flags = acct_flags; status = rpccli_samr_SetUserInfo(pipe_hnd, mem_ctx, &user_pol, - 25, + 16, &user_info); + if (!NT_STATUS_IS_OK(status)) { + + rpccli_samr_DeleteUser(pipe_hnd, mem_ctx, + &user_pol); + + libnet_join_set_error_string(mem_ctx, r, + "Failed to set account flags for machine account (%s)\n", + nt_errstr(status)); + goto done; + } + + /* Set password on machine account - first try level 26 */ + + init_samr_CryptPasswordEx(r->in.machine_password, + &cli->user_session_key, + &crypt_pwd_ex); + + init_samr_user_info26(&user_info.info26, &crypt_pwd_ex, + PASS_DONT_CHANGE_AT_NEXT_LOGON); + + status = rpccli_samr_SetUserInfo2(pipe_hnd, mem_ctx, + &user_pol, + 26, + &user_info); + if (NT_STATUS_EQUAL(status, NT_STATUS(DCERPC_FAULT_INVALID_TAG))) { /* retry with level 24 */ -- cgit From 88909acb6c462e34750c9b3b1346bec6112be5cd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:25:17 +0100 Subject: fix nonempty blank lines --- source3/libsmb/cliconnect.c | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index 1588ae3efe..b0fdc9920b 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -468,7 +468,7 @@ static bool cli_session_setup_blob_send(struct cli_state *cli, DATA_BLOB blob) SCVAL(cli->outbuf,smb_com,SMBsesssetupX); cli_setup_packet(cli); - + SCVAL(cli->outbuf,smb_vwv0,0xFF); SSVAL(cli->outbuf,smb_vwv2,CLI_BUFFER_SIZE); SSVAL(cli->outbuf,smb_vwv3,2); @@ -504,10 +504,10 @@ static DATA_BLOB cli_session_setup_blob_receive(struct cli_state *cli) NT_STATUS_MORE_PROCESSING_REQUIRED)) { return blob2; } - + /* use the returned vuid from now on */ cli->vuid = SVAL(cli->inbuf,smb_uid); - + p = smb_buf(cli->inbuf); blob2 = data_blob(p, SVAL(cli->inbuf, smb_vwv3)); @@ -696,14 +696,14 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use /* wrap it in SPNEGO */ msg1 = spnego_gen_auth(blob_out); } - + /* now send that blob on its way */ if (!cli_session_setup_blob_send(cli, msg1)) { DEBUG(3, ("Failed to send NTLMSSP/SPNEGO blob to server!\n")); nt_status = NT_STATUS_UNSUCCESSFUL; } else { blob = cli_session_setup_blob_receive(cli); - + nt_status = cli_nt_error(cli); if (cli_is_error(cli) && NT_STATUS_IS_OK(nt_status)) { if (cli->smb_rw_error == SMB_READ_BAD_SIG) { @@ -715,7 +715,7 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use } data_blob_free(&msg1); } - + if (!blob.length) { if (NT_STATUS_IS_OK(nt_status)) { nt_status = NT_STATUS_UNSUCCESSFUL; @@ -761,11 +761,11 @@ static NTSTATUS cli_session_setup_ntlmssp(struct cli_state *cli, const char *use data_blob_free(&key); if (res) { - + /* 'resign' the last message, so we get the right sequence numbers for checking the first reply from the server */ cli_calculate_sign_mac(cli, cli->outbuf); - + if (!cli_check_sign_mac(cli, cli->inbuf)) { nt_status = NT_STATUS_ACCESS_DENIED; } @@ -849,10 +849,10 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, if (pass && *pass) { int ret; - + use_in_memory_ccache(); ret = kerberos_kinit_password(user, pass, 0 /* no time correction for now */, NULL); - + if (ret){ TALLOC_FREE(principal); DEBUG(0, ("Kinit failed: %s\n", error_message(ret))); @@ -861,7 +861,7 @@ ADS_STATUS cli_session_setup_spnego(struct cli_state *cli, const char *user, return ADS_ERROR_KRB5(ret); } } - + /* If we get a bad principal, try to guess it if we have a valid host NetBIOS name. */ @@ -1132,7 +1132,7 @@ bool cli_send_tconX(struct cli_state *cli, * Non-encrypted passwords - convert to DOS codepage before using. */ passlen = clistr_push(cli, pword, pass, sizeof(pword), STR_TERMINATE); - + } else { if (passlen) { memcpy(pword, pass, passlen); @@ -1175,7 +1175,7 @@ bool cli_send_tconX(struct cli_state *cli, /* almost certainly win95 - enable bug fixes */ cli->win95 = True; } - + /* Make sure that we have the optional support 16-bit field. WCT > 2 */ /* Avoids issues when connecting to Win9x boxes sharing files */ @@ -1198,11 +1198,11 @@ bool cli_tdis(struct cli_state *cli) SCVAL(cli->outbuf,smb_com,SMBtdis); SSVAL(cli->outbuf,smb_tid,cli->cnum); cli_setup_packet(cli); - + cli_send_smb(cli); if (!cli_receive_smb(cli)) return False; - + if (cli_is_error(cli)) { return False; } @@ -1265,7 +1265,7 @@ bool cli_negprot(struct cli_state *cli) prots[numprots].name && prots[numprots].prot<=cli->protocol; numprots++) plength += strlen(prots[numprots].name)+2; - + cli_set_message(cli->outbuf,0,plength,True); p = smb_buf(cli->outbuf); @@ -1399,7 +1399,7 @@ bool cli_session_request(struct cli_state *cli, memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); - + /* put in the destination name */ p = cli->outbuf+len; name_mangle(cli->called .name, p, cli->called .name_type); @@ -1605,11 +1605,11 @@ NTSTATUS cli_start_connection(struct cli_state **output_cli, if (!my_name) my_name = global_myname(); - + if (!(cli = cli_initialise())) { return NT_STATUS_NO_MEMORY; } - + make_nmb_name(&calling, my_name, 0x0); make_nmb_name(&called , dest_host, 0x20); -- cgit From 95873566e3723ce5197b0a7a1689bc9b0b8b9dfd Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:30:00 +0100 Subject: Do not build the session request if it si not used anyway --- source3/libsmb/cliconnect.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c index b0fdc9920b..8b7ac7d718 100644 --- a/source3/libsmb/cliconnect.c +++ b/source3/libsmb/cliconnect.c @@ -1397,6 +1397,10 @@ bool cli_session_request(struct cli_state *cli, char *p; int len = 4; + /* 445 doesn't have session request */ + if (cli->port == 445) + return True; + memcpy(&(cli->calling), calling, sizeof(*calling)); memcpy(&(cli->called ), called , sizeof(*called )); @@ -1410,10 +1414,6 @@ bool cli_session_request(struct cli_state *cli, name_mangle(cli->calling.name, p, cli->calling.name_type); len += name_len(p); - /* 445 doesn't have session request */ - if (cli->port == 445) - return True; - /* send a session request (RFC 1002) */ /* setup the packet length * Remove four bytes from the length count, since the length -- cgit From d253a367ef04e4b00b9b87cbe61d2b19bf95a185 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:43:12 +0100 Subject: fix nonempty blank lines --- source3/include/ntlmssp.h | 5 ++--- source3/libsmb/ntlmssp.c | 54 +++++++++++++++++++++++------------------------ 2 files changed, 29 insertions(+), 30 deletions(-) (limited to 'source3') diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index b014b2170c..f6f9563b7c 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -98,9 +98,9 @@ typedef struct ntlmssp_state DATA_BLOB lm_resp; DATA_BLOB nt_resp; DATA_BLOB session_key; - + uint32 neg_flags; /* the current state of negotiation with the NTLMSSP partner */ - + void *auth_context; /** @@ -171,5 +171,4 @@ typedef struct ntlmssp_state response in at the time we want to process it. Store it here, until we need it */ DATA_BLOB stored_response; - } NTLMSSP_STATE; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index a0e54ce769..aa45fc518a 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -11,12 +11,12 @@ it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. - + You should have received a copy of the GNU General Public License along with this program. If not, see . */ @@ -60,7 +60,7 @@ static const struct ntlmssp_callbacks { void debug_ntlmssp_flags(uint32 neg_flags) { DEBUG(3,("Got NTLMSSP neg_flags=0x%08x\n", neg_flags)); - + if (neg_flags & NTLMSSP_NEGOTIATE_UNICODE) DEBUGADD(4, (" NTLMSSP_NEGOTIATE_UNICODE\n")); if (neg_flags & NTLMSSP_NEGOTIATE_OEM) @@ -109,7 +109,7 @@ void debug_ntlmssp_flags(uint32 neg_flags) * Default challenge generation code. * */ - + static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) { static uchar chal[8]; @@ -122,7 +122,7 @@ static const uint8 *get_challenge(const struct ntlmssp_state *ntlmssp_state) * Default 'we can set the challenge to anything we like' implementation * */ - + static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) { return True; @@ -134,7 +134,7 @@ static bool may_set_challenge(const struct ntlmssp_state *ntlmssp_state) * Does not actually do anything, as the value is always in the structure anyway. * */ - + static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *challenge) { SMB_ASSERT(challenge->length == 8); @@ -277,7 +277,7 @@ void ntlmssp_want_feature(NTLMSSP_STATE *ntlmssp_state, uint32 feature) ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_SEAL; } } - + /** * Next state function for the NTLMSSP state machine * @@ -304,7 +304,7 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, if (!in.length && ntlmssp_state->stored_response.length) { input = ntlmssp_state->stored_response; - + /* we only want to read the stored response once - overwrite it */ ntlmssp_state->stored_response = data_blob_null; } else { @@ -685,7 +685,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SAFE_FREE(workstation); data_blob_free(&encrypted_session_key); auth_flags = 0; - + /* Try again with a shorter string (Win9X truncates this packet) */ if (ntlmssp_state->unicode) { parse_string = "CdBBUUU"; @@ -753,23 +753,23 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* NTLM2 uses a 'challenge' that is made of up both the server challenge, and a client challenge - + However, the NTLM2 flag may still be set for the real NTLMv2 logins, be careful. */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_NTLM2) { if (ntlmssp_state->nt_resp.length == 24 && ntlmssp_state->lm_resp.length == 24) { struct MD5Context md5_session_nonce_ctx; SMB_ASSERT(ntlmssp_state->internal_chal.data && ntlmssp_state->internal_chal.length == 8); - + doing_ntlm2 = True; memcpy(session_nonce, ntlmssp_state->internal_chal.data, 8); memcpy(&session_nonce[8], ntlmssp_state->lm_resp.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); - + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, session_nonce_hash, 8); /* LM response is no longer useful */ @@ -812,7 +812,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); dump_data_pw("NTLM2 session key:\n", session_key.data, session_key.length); - + } else { DEBUG(10,("ntlmssp_server_auth: Failed to create NTLM2 session key.\n")); session_key = data_blob_null; @@ -892,7 +892,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } data_blob_free(&encrypted_session_key); - + /* Only one authentication allowed per server state. */ ntlmssp_state->expected_state = NTLMSSP_DONE; @@ -910,7 +910,7 @@ NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) TALLOC_CTX *mem_ctx; mem_ctx = talloc_init("NTLMSSP context"); - + *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); @@ -968,7 +968,7 @@ static NTSTATUS ntlmssp_client_initial(struct ntlmssp_state *ntlmssp_state, } else { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_OEM; } - + if (ntlmssp_state->use_ntlmv2) { ntlmssp_state->neg_flags |= NTLMSSP_NEGOTIATE_NTLM2; } @@ -1021,7 +1021,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - + data_blob_free(&server_domain_blob); DEBUG(3, ("Got challenge flags:\n")); @@ -1079,7 +1079,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* session key is all zeros */ session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16); - + /* not doing NLTM2 without a password */ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; } else if (ntlmssp_state->use_ntlmv2) { @@ -1092,7 +1092,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* TODO: if the remote server is standalone, then we should replace 'domain' with the server name as supplied above */ - + if (!SMBNTLMv2encrypt_hash(ntlmssp_state->user, ntlmssp_state->domain, ntlmssp_state->nt_hash, &challenge_blob, @@ -1107,14 +1107,14 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, uchar session_nonce[16]; uchar session_nonce_hash[16]; uchar user_session_key[16]; - + lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); generate_random_buffer(lm_response.data, 8); memset(lm_response.data+8, 0, 16); memcpy(session_nonce, challenge_blob.data, 8); memcpy(&session_nonce[8], lm_response.data, 8); - + MD5Init(&md5_session_nonce_ctx); MD5Update(&md5_session_nonce_ctx, challenge_blob.data, 8); MD5Update(&md5_session_nonce_ctx, lm_response.data, 8); @@ -1123,7 +1123,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("NTLMSSP challenge set by NTLM2\n")); DEBUG(5, ("challenge is: \n")); dump_data(5, session_nonce_hash, 8); - + nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash, session_nonce_hash, @@ -1141,11 +1141,11 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, lm_response.data); } - + nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data, nt_response.data); - + session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { @@ -1188,7 +1188,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ntlmssp_state->get_global_myname(), encrypted_session_key.data, encrypted_session_key.length, ntlmssp_state->neg_flags)) { - + return NT_STATUS_NO_MEMORY; } @@ -1216,7 +1216,7 @@ NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) TALLOC_CTX *mem_ctx; mem_ctx = talloc_init("NTLMSSP Client context"); - + *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); -- cgit From 8fc15ab96d198dce6da2324bbd589a5e9e66740e Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sun, 30 Nov 2008 12:54:32 +0100 Subject: remove the explicit mem_ctx from ntlmssp_state, use the state itself --- source3/include/ntlmssp.h | 1 - source3/libsmb/ntlmssp.c | 87 ++++++++++++++++++++++------------------------- source3/utils/ntlm_auth.c | 7 ++-- 3 files changed, 45 insertions(+), 50 deletions(-) (limited to 'source3') diff --git a/source3/include/ntlmssp.h b/source3/include/ntlmssp.h index f6f9563b7c..55b9249ea7 100644 --- a/source3/include/ntlmssp.h +++ b/source3/include/ntlmssp.h @@ -77,7 +77,6 @@ enum NTLM_MESSAGE_TYPE typedef struct ntlmssp_state { - TALLOC_CTX *mem_ctx; unsigned int ref_count; enum NTLMSSP_ROLE role; enum server_types server_role; diff --git a/source3/libsmb/ntlmssp.c b/source3/libsmb/ntlmssp.c index aa45fc518a..cc13476935 100644 --- a/source3/libsmb/ntlmssp.c +++ b/source3/libsmb/ntlmssp.c @@ -148,7 +148,7 @@ static NTSTATUS set_challenge(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *ch NTSTATUS ntlmssp_set_username(NTLMSSP_STATE *ntlmssp_state, const char *user) { - ntlmssp_state->user = talloc_strdup(ntlmssp_state->mem_ctx, user ? user : "" ); + ntlmssp_state->user = talloc_strdup(ntlmssp_state, user ? user : "" ); if (!ntlmssp_state->user) { return NT_STATUS_NO_MEMORY; } @@ -164,9 +164,9 @@ NTSTATUS ntlmssp_set_hashes(NTLMSSP_STATE *ntlmssp_state, const unsigned char nt_hash[16]) { ntlmssp_state->lm_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, lm_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, lm_hash, 16); ntlmssp_state->nt_hash = (unsigned char *) - TALLOC_MEMDUP(ntlmssp_state->mem_ctx, nt_hash, 16); + TALLOC_MEMDUP(ntlmssp_state, nt_hash, 16); if (!ntlmssp_state->lm_hash || !ntlmssp_state->nt_hash) { TALLOC_FREE(ntlmssp_state->lm_hash); TALLOC_FREE(ntlmssp_state->nt_hash); @@ -201,7 +201,8 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password */ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { - ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain ? domain : "" ); + ntlmssp_state->domain = talloc_strdup(ntlmssp_state, + domain ? domain : "" ); if (!ntlmssp_state->domain) { return NT_STATUS_NO_MEMORY; } @@ -214,7 +215,7 @@ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) */ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *workstation) { - ntlmssp_state->workstation = talloc_strdup(ntlmssp_state->mem_ctx, workstation); + ntlmssp_state->workstation = talloc_strdup(ntlmssp_state, workstation); if (!ntlmssp_state->workstation) { return NT_STATUS_NO_MEMORY; } @@ -229,8 +230,9 @@ NTSTATUS ntlmssp_set_workstation(NTLMSSP_STATE *ntlmssp_state, const char *works NTSTATUS ntlmssp_store_response(NTLMSSP_STATE *ntlmssp_state, DATA_BLOB response) { - ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state->mem_ctx, - response.data, response.length); + ntlmssp_state->stored_response = data_blob_talloc(ntlmssp_state, + response.data, + response.length); return NT_STATUS_OK; } @@ -357,16 +359,13 @@ NTSTATUS ntlmssp_update(NTLMSSP_STATE *ntlmssp_state, void ntlmssp_end(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx = (*ntlmssp_state)->mem_ctx; - (*ntlmssp_state)->ref_count--; if ((*ntlmssp_state)->ref_count == 0) { data_blob_free(&(*ntlmssp_state)->chal); data_blob_free(&(*ntlmssp_state)->lm_resp); data_blob_free(&(*ntlmssp_state)->nt_resp); - - talloc_destroy(mem_ctx); + TALLOC_FREE(*ntlmssp_state); } *ntlmssp_state = NULL; @@ -562,13 +561,14 @@ static NTSTATUS ntlmssp_server_negotiate(struct ntlmssp_state *ntlmssp_state, if (target_name == NULL) return NT_STATUS_INVALID_PARAMETER; - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); - ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state->mem_ctx, cryptkey, 8); + ntlmssp_state->chal = data_blob_talloc(ntlmssp_state, cryptkey, 8); + ntlmssp_state->internal_chal = data_blob_talloc(ntlmssp_state, + cryptkey, 8); /* This should be a 'netbios domain -> DNS domain' mapping */ - dnsdomname = get_mydnsdomname(ntlmssp_state->mem_ctx); + dnsdomname = get_mydnsdomname(ntlmssp_state); if (!dnsdomname) { - dnsdomname = talloc_strdup(ntlmssp_state->mem_ctx, ""); + dnsdomname = talloc_strdup(ntlmssp_state, ""); } if (!dnsdomname) { return NT_STATUS_NO_MEMORY; @@ -770,7 +770,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, MD5Update(&md5_session_nonce_ctx, session_nonce, 16); MD5Final(session_nonce_hash, &md5_session_nonce_ctx); - ntlmssp_state->chal = data_blob_talloc(ntlmssp_state->mem_ctx, session_nonce_hash, 8); + ntlmssp_state->chal = data_blob_talloc( + ntlmssp_state, session_nonce_hash, 8); /* LM response is no longer useful */ data_blob_free(&ntlmssp_state->lm_resp); @@ -807,7 +808,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, /* Handle the different session key derivation for NTLM2 */ if (doing_ntlm2) { if (user_session_key.data && user_session_key.length == 16) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); hmac_md5(user_session_key.data, session_nonce, sizeof(session_nonce), session_key.data); DEBUG(10,("ntlmssp_server_auth: Created NTLM2 session key.\n")); @@ -820,7 +822,8 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, } else if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) { if (lm_session_key.data && lm_session_key.length >= 8) { if (ntlmssp_state->lm_resp.data && ntlmssp_state->lm_resp.length == 24) { - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, + NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -831,7 +834,7 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, uint8 zeros[24]; ZERO_STRUCT(zeros); session_key = data_blob_talloc( - ntlmssp_state->mem_ctx, NULL, 16); + ntlmssp_state, NULL, 16); if (session_key.data == NULL) { return NT_STATUS_NO_MEMORY; } @@ -875,9 +878,9 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, SamOEMhash(encrypted_session_key.data, session_key.data, encrypted_session_key.length); - ntlmssp_state->session_key = data_blob_talloc(ntlmssp_state->mem_ctx, - encrypted_session_key.data, - encrypted_session_key.length); + ntlmssp_state->session_key = data_blob_talloc( + ntlmssp_state, encrypted_session_key.data, + encrypted_session_key.length); dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length); } @@ -907,20 +910,15 @@ static NTSTATUS ntlmssp_server_auth(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_server_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_server_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_SERVER; - (*ntlmssp_state)->mem_ctx = mem_ctx; (*ntlmssp_state)->get_challenge = get_challenge; (*ntlmssp_state)->set_challenge = set_challenge; (*ntlmssp_state)->may_set_challenge = may_set_challenge; @@ -1062,7 +1060,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, return NT_STATUS_INVALID_PARAMETER; } - ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state->mem_ctx, + ntlmssp_state->server_domain = talloc_strdup(ntlmssp_state, server_domain); SAFE_FREE(server_domain); @@ -1078,7 +1076,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, ZERO_STRUCT(zeros); /* session key is all zeros */ - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, zeros, 16); + session_key = data_blob_talloc(ntlmssp_state, zeros, 16); /* not doing NLTM2 without a password */ ntlmssp_state->neg_flags &= ~NTLMSSP_NEGOTIATE_NTLM2; @@ -1108,7 +1106,7 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, uchar session_nonce_hash[16]; uchar user_session_key[16]; - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + lm_response = data_blob_talloc(ntlmssp_state, NULL, 24); generate_random_buffer(lm_response.data, 8); memset(lm_response.data+8, 0, 16); @@ -1124,12 +1122,12 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, DEBUG(5, ("challenge is: \n")); dump_data(5, session_nonce_hash, 8); - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash, session_nonce_hash, nt_response.data); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); SMBsesskeygen_ntv1(ntlmssp_state->nt_hash, NULL, user_session_key); hmac_md5(user_session_key, session_nonce, sizeof(session_nonce), session_key.data); @@ -1137,16 +1135,17 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, } else { /* lanman auth is insecure, it may be disabled */ if (lp_client_lanman_auth()) { - lm_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + lm_response = data_blob_talloc(ntlmssp_state, + NULL, 24); SMBencrypt_hash(ntlmssp_state->lm_hash,challenge_blob.data, lm_response.data); } - nt_response = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 24); + nt_response = data_blob_talloc(ntlmssp_state, NULL, 24); SMBNTencrypt_hash(ntlmssp_state->nt_hash,challenge_blob.data, nt_response.data); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, NULL, 16); + session_key = data_blob_talloc(ntlmssp_state, NULL, 16); if ((ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_LM_KEY) && lp_client_lanman_auth()) { SMBsesskeygen_lm_sess_key(ntlmssp_state->lm_hash, lm_response.data, @@ -1174,7 +1173,9 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* Mark the new session key as the 'real' session key */ data_blob_free(&session_key); - session_key = data_blob_talloc(ntlmssp_state->mem_ctx, client_session_key, sizeof(client_session_key)); + session_key = data_blob_talloc(ntlmssp_state, + client_session_key, + sizeof(client_session_key)); } /* this generates the actual auth packet */ @@ -1213,21 +1214,15 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, NTSTATUS ntlmssp_client_start(NTLMSSP_STATE **ntlmssp_state) { - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("NTLMSSP Client context"); - - *ntlmssp_state = TALLOC_ZERO_P(mem_ctx, NTLMSSP_STATE); + *ntlmssp_state = TALLOC_ZERO_P(NULL, NTLMSSP_STATE); if (!*ntlmssp_state) { DEBUG(0,("ntlmssp_client_start: talloc failed!\n")); - talloc_destroy(mem_ctx); + talloc_destroy(*ntlmssp_state); return NT_STATUS_NO_MEMORY; } (*ntlmssp_state)->role = NTLMSSP_CLIENT; - (*ntlmssp_state)->mem_ctx = mem_ctx; - (*ntlmssp_state)->get_global_myname = global_myname; (*ntlmssp_state)->get_domain = lp_workgroup; diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c index fbb105bfe6..8aa8e5e0f9 100644 --- a/source3/utils/ntlm_auth.c +++ b/source3/utils/ntlm_auth.c @@ -547,7 +547,8 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB if (memcmp(user_sess_key, zeros, 16) != 0) { *user_session_key = data_blob(user_sess_key, 16); } - ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state->mem_ctx, unix_name); + ntlmssp_state->auth_context = talloc_strdup(ntlmssp_state, + unix_name); SAFE_FREE(unix_name); } else { DEBUG(NT_STATUS_EQUAL(nt_status, NT_STATUS_ACCESS_DENIED) ? 0 : 3, @@ -567,7 +568,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u nt_lm_owf_gen (opt_password, nt_pw, lm_pw); - nt_status = ntlm_password_check(ntlmssp_state->mem_ctx, + nt_status = ntlm_password_check(ntlmssp_state, &ntlmssp_state->chal, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, @@ -578,7 +579,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u lm_pw, nt_pw, user_session_key, lm_session_key); if (NT_STATUS_IS_OK(nt_status)) { - ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state->mem_ctx, + ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state, "%s%c%s", ntlmssp_state->domain, *lp_winbind_separator(), ntlmssp_state->user); -- cgit From 8340d100f6048776f6fd87704a10e7c103714ae7 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 30 Nov 2008 15:51:38 -0800 Subject: Set PRESENT flag when returning NULL [SD]ACL like Windows does. This could also be handled inside each ACL VFS module, by setting the PRESENT flag when a NULL [SD]ACL is created. --- source3/smbd/nttrans.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 18dd7d5c26..777073e6ba 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1587,12 +1587,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, status = SMB_VFS_FGET_NT_ACL( fsp, security_info_wanted, &psd); } - if (!NT_STATUS_IS_OK(status)) { reply_nterror(req, status); return; } + /* If the SACL/DACL is NULL, but was requested, we mark that it is + * present in the reply to match Windows behavior */ + if (psd->sacl == NULL && + security_info_wanted & SACL_SECURITY_INFORMATION) + psd->type |= SEC_DESC_SACL_PRESENT; + if (psd->dacl == NULL && + security_info_wanted & DACL_SECURITY_INFORMATION) + psd->type |= SEC_DESC_DACL_PRESENT; + sd_size = ndr_size_security_descriptor(psd, 0); DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); -- cgit From 757a1f5132747807f7870097fab358b150f2790b Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:17:55 +0100 Subject: s3:winbindd/nss_info: change nss_map_{to|from}_alias to take nss_domain_entry instead of just the domain name Michael --- source3/include/nss_info.h | 10 ++++++---- source3/winbindd/idmap_ad.c | 6 +++--- source3/winbindd/idmap_adex/idmap_adex.c | 16 ++++++++-------- source3/winbindd/idmap_hash/idmap_hash.c | 6 +++--- source3/winbindd/nss_info.c | 4 ++-- source3/winbindd/nss_info_template.c | 4 ++-- 6 files changed, 24 insertions(+), 22 deletions(-) (limited to 'source3') diff --git a/source3/include/nss_info.h b/source3/include/nss_info.h index e756136b76..0224be099f 100644 --- a/source3/include/nss_info.h +++ b/source3/include/nss_info.h @@ -66,10 +66,12 @@ struct nss_info_methods { TALLOC_CTX *ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, char **shell, char **gecos, gid_t *p_gid); - NTSTATUS (*map_to_alias)( TALLOC_CTX *mem_ctx, const char *domain, - const char *name, char **alias ); - NTSTATUS (*map_from_alias)( TALLOC_CTX *mem_ctx, const char *domain, - const char *alias, char **name ); + NTSTATUS (*map_to_alias)(TALLOC_CTX *mem_ctx, + struct nss_domain_entry *e, + const char *name, char **alias); + NTSTATUS (*map_from_alias)(TALLOC_CTX *mem_ctx, + struct nss_domain_entry *e, + const char *alias, char **name); NTSTATUS (*close_fn)( void ); }; diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 60a2d8642a..0f2ac5127e 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -824,7 +824,7 @@ done: *********************************************************************/ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias) { @@ -838,7 +838,7 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, /* Check incoming parameters */ - if ( !domain || !name || !*alias) { + if ( !e || !e->domain || !name || !*alias) { nt_status = NT_STATUS_INVALID_PARAMETER; goto done; } @@ -896,7 +896,7 @@ done: *********************************************************************/ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name ) { diff --git a/source3/winbindd/idmap_adex/idmap_adex.c b/source3/winbindd/idmap_adex/idmap_adex.c index 7596b1cbd8..7e186ca8a1 100644 --- a/source3/winbindd/idmap_adex/idmap_adex.c +++ b/source3/winbindd/idmap_adex/idmap_adex.c @@ -329,9 +329,9 @@ static NTSTATUS _nss_adex_get_info(struct /********************************************************************** *********************************************************************/ -static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, const char - *domain, const char - *name, char **alias) +static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, + struct nss_domain_entry *e, + const char *name, char **alias) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct likewise_cell *cell = NULL; @@ -344,7 +344,7 @@ static NTSTATUS _nss_adex_map_to_alias(TALLOC_CTX * mem_ctx, const char BAIL_ON_NTSTATUS_ERROR(nt_status); } - nt_status = cell->provider->map_to_alias(mem_ctx, domain, + nt_status = cell->provider->map_to_alias(mem_ctx, e->domain, name, alias); /* go ahead and allow the cache mgr to mark this in @@ -360,9 +360,9 @@ done: /********************************************************************** *********************************************************************/ -static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, const char - *domain, const char - *alias, char **name) +static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, + struct nss_domain_entry *e, + const char *alias, char **name) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; struct likewise_cell *cell = NULL; @@ -376,7 +376,7 @@ static NTSTATUS _nss_adex_map_from_alias(TALLOC_CTX * mem_ctx, const char } - nt_status = cell->provider->map_from_alias(mem_ctx, domain, + nt_status = cell->provider->map_from_alias(mem_ctx, e->domain, alias, name); /* go ahead and allow the cache mgr to mark this in diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c index a050f99bc8..7dd94aede0 100644 --- a/source3/winbindd/idmap_hash/idmap_hash.c +++ b/source3/winbindd/idmap_hash/idmap_hash.c @@ -304,14 +304,14 @@ done: *********************************************************************/ static NTSTATUS nss_hash_map_to_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias) { NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; const char *value; - value = talloc_asprintf(mem_ctx, "%s\\%s", domain, name); + value = talloc_asprintf(mem_ctx, "%s\\%s", e->domain, name); BAIL_ON_PTR_NT_ERROR(value, nt_status); nt_status = mapfile_lookup_key(mem_ctx, value, alias); @@ -325,7 +325,7 @@ done: *********************************************************************/ static NTSTATUS nss_hash_map_from_alias(TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name) { diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 0e8cb60257..c35df4fbed 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -295,7 +295,7 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) m = p->backend->methods; - return m->map_to_alias( mem_ctx, domain, name, alias ); + return m->map_to_alias(mem_ctx, p, name, alias); } @@ -316,7 +316,7 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) m = p->backend->methods; - return m->map_from_alias( mem_ctx, domain, alias, name ); + return m->map_from_alias( mem_ctx, p, alias, name ); } /******************************************************************** diff --git a/source3/winbindd/nss_info_template.c b/source3/winbindd/nss_info_template.c index d8f903ddd0..f44c73f3a6 100644 --- a/source3/winbindd/nss_info_template.c +++ b/source3/winbindd/nss_info_template.c @@ -62,7 +62,7 @@ static NTSTATUS nss_template_get_info( struct nss_domain_entry *e, *********************************************************************/ static NTSTATUS nss_template_map_to_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *name, char **alias ) { @@ -73,7 +73,7 @@ static NTSTATUS nss_template_map_to_alias( TALLOC_CTX *mem_ctx, *********************************************************************/ static NTSTATUS nss_template_map_from_alias( TALLOC_CTX *mem_ctx, - const char *domain, + struct nss_domain_entry *e, const char *alias, char **name ) { -- cgit From 67cc93c4a237921d2b54d20bfde5eb6754c13271 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:05:19 +0100 Subject: s3:winbindd/idmap_util: unify entering debug messages and add ouput of domain Michael --- source3/winbindd/idmap_util.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_util.c b/source3/winbindd/idmap_util.c index 9f876618be..9abf425f3e 100644 --- a/source3/winbindd/idmap_util.c +++ b/source3/winbindd/idmap_util.c @@ -33,7 +33,8 @@ NTSTATUS idmap_uid_to_sid(const char *domname, DOM_SID *sid, uid_t uid) struct id_map map; bool expired; - DEBUG(10,("uid = [%lu]\n", (unsigned long)uid)); + DEBUG(10,("idmap_uid_to_sid: uid = [%lu], domain = '%s'\n", + (unsigned long)uid, domname?domname:"NULL")); if (idmap_cache_find_uid2sid(uid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_uid2sid found %d%s\n", uid, @@ -85,7 +86,8 @@ NTSTATUS idmap_gid_to_sid(const char *domname, DOM_SID *sid, gid_t gid) struct id_map map; bool expired; - DEBUG(10,("gid = [%lu]\n", (unsigned long)gid)); + DEBUG(10,("idmap_gid_to_si: gid = [%lu], domain = '%s'\n", + (unsigned long)gid, domname?domname:"NULL")); if (idmap_cache_find_gid2sid(gid, sid, &expired)) { DEBUG(10, ("idmap_cache_find_gid2sid found %d%s\n", gid, @@ -137,7 +139,8 @@ NTSTATUS idmap_sid_to_uid(const char *dom_name, DOM_SID *sid, uid_t *uid) struct id_map map; bool expired; - DEBUG(10,("idmap_sid_to_uid: sid = [%s]\n", sid_string_dbg(sid))); + DEBUG(10,("idmap_sid_to_uid: sid = [%s], domain = '%s'\n", + sid_string_dbg(sid), dom_name)); if (idmap_cache_find_sid2uid(sid, uid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2uid found %d%s\n", @@ -209,7 +212,8 @@ NTSTATUS idmap_sid_to_gid(const char *domname, DOM_SID *sid, gid_t *gid) struct id_map map; bool expired; - DEBUG(10,("idmap_sid_to_gid: sid = [%s]\n", sid_string_dbg(sid))); + DEBUG(10,("idmap_sid_to_gid: sid = [%s], domain = '%s'\n", + sid_string_dbg(sid), domname)); if (idmap_cache_find_sid2gid(sid, gid, &expired)) { DEBUG(10, ("idmap_cache_find_sid2gid found %d%s\n", -- cgit From 5f5fa28c5d95c0ab117a33061c318eabd4a92246 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:08:46 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_find_domain(). Michael --- source3/winbindd/idmap.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 054df9be05..0062c7588e 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -461,6 +461,9 @@ static struct idmap_domain *idmap_find_domain(const char *domname) struct idmap_domain *result; int i; + DEBUG(10, ("idmap_find_domain called for domain '%s'\n", + domname?domname:"NULL")); + /* * Always init the default domain, we can't go without one */ -- cgit From 7b4e54359fcd455c4aaf6a4c3d9f510d7ab17c02 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:40:01 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_unixid_to_sid Michael --- source3/winbindd/idmap.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 0062c7588e..3e7be8cb7a 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -728,6 +728,10 @@ NTSTATUS idmap_backends_unixid_to_sid(const char *domname, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; + DEBUG(10, ("idmap_backend_unixid_to_sid: domain = '%s', xid = %d " + "(type %d)\n", + domname?domname:"NULL", id->xid.id, id->xid.type)); + maps[0] = id; maps[1] = NULL; -- cgit From 11d5b1a21a4ca3bbc9b9233a6afb2cb4546b736e Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Fri, 28 Nov 2008 10:40:42 +0100 Subject: s3:winbindd/idmap: add diagnostic entry debug msg to idmap_backends_sid_to_unixid Michael --- source3/winbindd/idmap.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c index 3e7be8cb7a..aaba7e53ee 100644 --- a/source3/winbindd/idmap.c +++ b/source3/winbindd/idmap.c @@ -758,6 +758,9 @@ NTSTATUS idmap_backends_sid_to_unixid(const char *domain, struct id_map *id) struct idmap_domain *dom; struct id_map *maps[2]; + DEBUG(10, ("idmap_backend_sid_to_unixid: domain = '%s', sid = [%s]\n", + domain?domain:"NULL", sid_string_dbg(id->sid))); + maps[0] = id; maps[1] = NULL; -- cgit From 73fddcd656718fcd2aeb1b452e4f8a8c2b19fa65 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 15:16:22 +0100 Subject: s3:winbindd/idmap_ad: rename ctx to mem_ctx in nss_ad_get_info() in preparation to using the idmap_ad_context there Michael --- source3/winbindd/idmap_ad.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 0f2ac5127e..170c1d954e 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -725,7 +725,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) ***********************************************************************/ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, - TALLOC_CTX *ctx, + TALLOC_CTX *mem_ctx, ADS_STRUCT *ads, LDAPMessage *msg, char **homedir, @@ -766,9 +766,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, ctx, msg, ad_schema->posix_gecos_attr ); + *homedir = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_gecos_attr ); if (gid) { if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) @@ -787,7 +787,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, attrs[3] = ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); - filter = talloc_asprintf(ctx, "(objectSid=%s)", sidstr); + filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); SAFE_FREE(sidstr); if (!filter) { @@ -801,9 +801,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - *homedir = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_gecos_attr); if (gid) { if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) -- cgit From be233ae32a573ba5048dff9d9fa30869493cf4ff Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 22:23:34 +0100 Subject: s3:winbindd/idmap_ad: refactor core of nss_{sfu|sfu20|rfc2307}_init to common function. Michael --- source3/winbindd/idmap_ad.c | 82 ++++++++++++++++++++++++++------------------- 1 file changed, 48 insertions(+), 34 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 170c1d954e..93cc7f04d8 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -666,58 +666,72 @@ static NTSTATUS idmap_ad_close(struct idmap_domain *dom) Initialize the {sfu,sfu20,rfc2307} state ***********************************************************************/ -static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) +static const char *wb_posix_map_unknown_string = "WB_POSIX_MAP_UNKNOWN"; +static const char *wb_posix_map_template_string = "WB_POSIX_MAP_TEMPLATE"; +static const char *wb_posix_map_sfu_string = "WB_POSIX_MAP_SFU"; +static const char *wb_posix_map_sfu20_string = "WB_POSIX_MAP_SFU20"; +static const char *wb_posix_map_rfc2307_string = "WB_POSIX_MAP_RFC2307"; +static const char *wb_posix_map_unixinfo_string = "WB_POSIX_MAP_UNIXINFO"; + +static const char *ad_map_type_string(enum wb_posix_mapping map_type) { - /* Sanity check if we have previously been called with a - different schema model */ - - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU) ) - { - DEBUG(0,("nss_sfu_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); - return NT_STATUS_NOT_SUPPORTED; + switch (map_type) { + case WB_POSIX_MAP_TEMPLATE: + return wb_posix_map_template_string; + break; + case WB_POSIX_MAP_SFU: + return wb_posix_map_sfu_string; + break; + case WB_POSIX_MAP_SFU20: + return wb_posix_map_sfu20_string; + break; + case WB_POSIX_MAP_RFC2307: + return wb_posix_map_rfc2307_string; + break; + case WB_POSIX_MAP_UNIXINFO: + return wb_posix_map_unixinfo_string; + break; + default: + return WB_POSIX_MAP_UNKNOWN; } - - ad_map_type = WB_POSIX_MAP_SFU; - - return NT_STATUS_OK; } -static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) +static NTSTATUS nss_ad_generic_init(struct nss_domain_entry *e, + enum wb_posix_mapping new_ad_map_type) { /* Sanity check if we have previously been called with a different schema model */ if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_SFU20) ) + (ad_map_type != new_ad_map_type)) { - DEBUG(0,("nss_sfu20_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); + DEBUG(0,("nss_ad_generic_init: " + "Cannot set Posix map type to %s. " + "Map type has already been set to %s." + "Mixed schema models not supported!\n", + ad_map_type_string(new_ad_map_type), + ad_map_type_string(ad_map_type))); return NT_STATUS_NOT_SUPPORTED; } - - ad_map_type = WB_POSIX_MAP_SFU20; + + ad_map_type = new_ad_map_type; return NT_STATUS_OK; } -static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) +static NTSTATUS nss_sfu_init( struct nss_domain_entry *e ) { - /* Sanity check if we have previously been called with a - different schema model */ - - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != WB_POSIX_MAP_RFC2307) ) - { - DEBUG(0,("nss_rfc2307_init: Posix Map type has already been set. " - "Mixed schema models not supported!\n")); - return NT_STATUS_NOT_SUPPORTED; - } - - ad_map_type = WB_POSIX_MAP_RFC2307; + return nss_ad_generic_init(e, WB_POSIX_MAP_SFU); +} - return NT_STATUS_OK; +static NTSTATUS nss_sfu20_init( struct nss_domain_entry *e ) +{ + return nss_ad_generic_init(e, WB_POSIX_MAP_SFU20); +} + +static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) +{ + return nss_ad_generic_init(e, WB_POSIX_MAP_RFC2307); } -- cgit From 484fa90aefe131d5dd67c458b365045dbf6c7e78 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Wed, 26 Nov 2008 23:09:49 +0100 Subject: s3:winbindd/idmap_ad: add support for trusted domains to idmap_ad (bug #3661) This initial fix does at least work for explicitly configured domains. The patch has a few disadvantages: 1. It does work only for explicitly configured domains, not with the default backend (idmap backend = ad), since it relies on the domain name being passed in via the idmap_domain. One workaround for this would be to create clones of the default idmap_domain for domains not explicitly configured. 2. It calls find_domain_from_name_noinit() from idmap_ad_cached_connection. The problem here is that only the NetBIOS domain name (workgroup name) is passed in via the idmap_domain struct, and the module has to establish a connection to the domain based on that information. find_domain_from_name_noinit() has the disadvantage that it uses the state of the domain list at fork time (unless used from the main winbindd). But this should be ok as long as the primary domain was reachable at start time. For nss_info, the situation is similar - This will only work for domains explicitly configured in smb.conf as follows: "winbind nss info = rfc2307:dom1 sfu:dom2 rfc2307:dom3 template:dom4" Setting the default nss info to one of the ad backends (rfc2307, sfu, sfu20) will fail since the domain name is not passed in with the nss_domain_entry. Michael --- source3/winbindd/idmap_ad.c | 347 ++++++++++++++++++++++++++++---------------- 1 file changed, 221 insertions(+), 126 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 93cc7f04d8..967a36b3ce 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -9,6 +9,7 @@ * Copyright (C) Andrew Bartlett 2003 * Copyright (C) Gerald (Jerry) Carter 2004-2007 * Copyright (C) Luke Howard 2001-2004 + * Copyright (C) Michael Adam 2008 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -25,6 +26,7 @@ */ #include "includes.h" +#include "winbindd.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_IDMAP @@ -43,31 +45,39 @@ struct idmap_ad_context { uint32_t filter_low_id; uint32_t filter_high_id; + ADS_STRUCT *ads; + struct posix_schema *ad_schema; + enum wb_posix_mapping ad_map_type; /* WB_POSIX_MAP_UNKNOWN */ }; NTSTATUS init_module(void); -static ADS_STRUCT *ad_idmap_ads = NULL; -static struct posix_schema *ad_schema = NULL; -static enum wb_posix_mapping ad_map_type = WB_POSIX_MAP_UNKNOWN; - /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection_internal(void) +static ADS_STATUS ad_idmap_cached_connection_internal(struct idmap_domain *dom) { ADS_STRUCT *ads; ADS_STATUS status; bool local = False; fstring dc_name; struct sockaddr_storage dc_ip; + struct idmap_ad_context *ctx; + char *ldap_server = NULL; + char *realm = NULL; + struct winbindd_domain *wb_dom; + + DEBUG(10, ("ad_idmap_cached_connection: called for domain '%s'\n", + dom->name)); - if (ad_idmap_ads != NULL) { + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + if (ctx->ads != NULL) { time_t expire; time_t now = time(NULL); - ads = ad_idmap_ads; + ads = ctx->ads; expire = MIN(ads->auth.tgt_expire, ads->auth.tgs_expire); @@ -76,15 +86,15 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) (uint32)expire-(uint32)now, (uint32) expire, (uint32) now)); if ( ads->config.realm && (expire > time(NULL))) { - return ads; + return ADS_SUCCESS; } else { /* we own this ADS_STRUCT so make sure it goes away */ DEBUG(7,("Deleting expired krb5 credential cache\n")); ads->is_mine = True; ads_destroy( &ads ); ads_kdestroy(WINBIND_CCACHE_NAME); - ad_idmap_ads = NULL; - TALLOC_FREE( ad_schema ); + ctx->ads = NULL; + TALLOC_FREE( ctx->ad_schema ); } } @@ -93,9 +103,28 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) setenv("KRB5CCNAME", WINBIND_CCACHE_NAME, 1); } - if ( (ads = ads_init(lp_realm(), lp_workgroup(), NULL)) == NULL ) { + /* + * At this point we only have the NetBIOS domain name. + * Check if we can get server nam and realm from SAF cache + * and the domain list. + */ + ldap_server = saf_fetch(dom->name); + DEBUG(10, ("ldap_server from saf cache: '%s'\n", ldap_server?ldap_server:"")); + + wb_dom = find_domain_from_name_noinit(dom->name); + if (wb_dom == NULL) { + DEBUG(10, ("find_domain_from_name_noinit did not find domain '%s'\n", + dom->name)); + realm = NULL; + } else { + DEBUG(10, ("find_domain_from_name_noinit found realm '%s' for " + " domain '%s'\n", wb_dom->alt_name, dom->name)); + realm = wb_dom->alt_name; + } + + if ( (ads = ads_init(realm, dom->name, ldap_server)) == NULL ) { DEBUG(1,("ads_init failed\n")); - return NULL; + return ADS_ERROR_NT(NT_STATUS_NO_MEMORY); } /* the machine acct password might have change - fetch it every time */ @@ -107,54 +136,57 @@ static ADS_STRUCT *ad_idmap_cached_connection_internal(void) /* setup server affinity */ - get_dc_name( NULL, ads->auth.realm, dc_name, &dc_ip ); + get_dc_name(dom->name, realm, dc_name, &dc_ip ); status = ads_connect(ads); if (!ADS_ERR_OK(status)) { DEBUG(1, ("ad_idmap_init: failed to connect to AD\n")); ads_destroy(&ads); - return NULL; + return status; } ads->is_mine = False; - ad_idmap_ads = ads; + ctx->ads = ads; - return ads; + return ADS_SUCCESS; } /************************************************************************ ***********************************************************************/ -static ADS_STRUCT *ad_idmap_cached_connection(void) +static ADS_STATUS ad_idmap_cached_connection(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_cached_connection_internal(); - - if ( !ads ) - return NULL; + ADS_STATUS status; + struct idmap_ad_context * ctx; + + status = ad_idmap_cached_connection_internal(dom); + if (!ADS_ERR_OK(status)) { + return status; + } + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); /* if we have a valid ADS_STRUCT and the schema model is defined, then we can return here. */ - if ( ad_schema ) - return ads; + if ( ctx->ad_schema ) { + return ADS_SUCCESS; + } /* Otherwise, set the schema model */ - if ( (ad_map_type == WB_POSIX_MAP_SFU) || - (ad_map_type == WB_POSIX_MAP_SFU20) || - (ad_map_type == WB_POSIX_MAP_RFC2307) ) + if ( (ctx->ad_map_type == WB_POSIX_MAP_SFU) || + (ctx->ad_map_type == WB_POSIX_MAP_SFU20) || + (ctx->ad_map_type == WB_POSIX_MAP_RFC2307) ) { - ADS_STATUS schema_status; - - schema_status = ads_check_posix_schema_mapping( NULL, ads, ad_map_type, &ad_schema); - if ( !ADS_ERR_OK(schema_status) ) { + status = ads_check_posix_schema_mapping(NULL, ctx->ads, ctx->ad_map_type, &ctx->ad_schema); + if ( !ADS_ERR_OK(status) ) { DEBUG(2,("ad_idmap_cached_connection: Failed to obtain schema details!\n")); - return NULL; } } - return ads; + return status; } /************************************************************************ @@ -190,17 +222,18 @@ static NTSTATUS idmap_ad_initialize(struct idmap_domain *dom, } } + /* default map type */ + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + /* schema mode */ - if ( ad_map_type == WB_POSIX_MAP_UNKNOWN ) - ad_map_type = WB_POSIX_MAP_RFC2307; schema_mode = lp_parm_const_string(-1, config_option, "schema_mode", NULL); if ( schema_mode && schema_mode[0] ) { if ( strequal(schema_mode, "sfu") ) - ad_map_type = WB_POSIX_MAP_SFU; + ctx->ad_map_type = WB_POSIX_MAP_SFU; else if ( strequal(schema_mode, "sfu20" ) ) - ad_map_type = WB_POSIX_MAP_SFU20; + ctx->ad_map_type = WB_POSIX_MAP_SFU20; else if ( strequal(schema_mode, "rfc2307" ) ) - ad_map_type = WB_POSIX_MAP_RFC2307; + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; else DEBUG(0,("idmap_ad_initialize: Unknown schema_mode (%s)\n", schema_mode)); @@ -256,7 +289,6 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map TALLOC_CTX *memctx; struct idmap_ad_context *ctx; ADS_STATUS rc; - ADS_STRUCT *ads; const char *attrs[] = { "sAMAccountType", "objectSid", NULL, /* uidnumber */ @@ -284,14 +316,16 @@ static NTSTATUS idmap_ad_unixids_to_sids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { - DEBUG(1, ("ADS uninitialized\n")); + rc = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; + /* ret = ads_ntstatus(rc); */ goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: bidx = idx; @@ -308,7 +342,7 @@ again: ATYPE_INTERDOMAIN_TRUST); } u_filter = talloc_asprintf_append_buffer(u_filter, "(%s=%lu)", - ad_schema->posix_uidnumber_attr, + ctx->ad_schema->posix_uidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(u_filter); break; @@ -322,7 +356,7 @@ again: ATYPE_SECURITY_LOCAL_GROUP); } g_filter = talloc_asprintf_append_buffer(g_filter, "(%s=%lu)", - ad_schema->posix_gidnumber_attr, + ctx->ad_schema->posix_gidnumber_attr, (unsigned long)ids[idx]->xid.id); CHECK_ALLOC_DONE(g_filter); break; @@ -348,14 +382,14 @@ again: filter = talloc_asprintf_append_buffer(filter, ")"); CHECK_ALLOC_DONE(filter); - rc = ads_search_retry(ads, &res, filter, attrs); + rc = ads_search_retry(ctx->ads, &res, filter, attrs); if (!ADS_ERR_OK(rc)) { DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if ( (count = ads_count_replies(ads, res)) == 0 ) { + if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) { DEBUG(10, ("No IDs found\n")); } @@ -368,9 +402,9 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, entry); + entry = ads_first_entry(ctx->ads, entry); } else { /* following ones */ - entry = ads_next_entry(ads, entry); + entry = ads_next_entry(ctx->ads, entry); } if ( !entry ) { @@ -379,13 +413,13 @@ again: } /* first check if the SID is present */ - if (!ads_pull_sid(ads, entry, "objectSid", &sid)) { + if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) { DEBUG(2, ("Could not retrieve SID from entry\n")); continue; } /* get type */ - if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) { + if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) { DEBUG(1, ("could not get SAM account type\n")); continue; } @@ -405,9 +439,9 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, + if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, &id)) { DEBUG(1, ("Could not get unix ID\n")); @@ -439,7 +473,7 @@ again: } if (res) { - ads_msgfree(ads, res); + ads_msgfree(ctx->ads, res); } if (ids[idx]) { /* still some values to map */ @@ -468,7 +502,6 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map TALLOC_CTX *memctx; struct idmap_ad_context *ctx; ADS_STATUS rc; - ADS_STRUCT *ads; const char *attrs[] = { "sAMAccountType", "objectSid", NULL, /* attr_uidnumber */ @@ -495,14 +528,22 @@ static NTSTATUS idmap_ad_sids_to_unixids(struct idmap_domain *dom, struct id_map return NT_STATUS_NO_MEMORY; } - if ( (ads = ad_idmap_cached_connection()) == NULL ) { - DEBUG(1, ("ADS uninitialized\n")); + rc = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(rc)) { + DEBUG(1, ("ADS uninitialized: %s\n", ads_errstr(rc))); + ret = NT_STATUS_UNSUCCESSFUL; + /* ret = ads_ntstatus(rc); */ + goto done; + } + + if (ctx->ad_schema == NULL) { + DEBUG(0, ("haven't got ctx->ad_schema ! \n")); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - attrs[2] = ad_schema->posix_uidnumber_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + attrs[2] = ctx->ad_schema->posix_uidnumber_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; again: filter = talloc_asprintf(memctx, "(&(|" @@ -529,14 +570,14 @@ again: CHECK_ALLOC_DONE(filter); DEBUG(10, ("Filter: [%s]\n", filter)); - rc = ads_search_retry(ads, &res, filter, attrs); + rc = ads_search_retry(ctx->ads, &res, filter, attrs); if (!ADS_ERR_OK(rc)) { DEBUG(1, ("ERROR: ads search returned: %s\n", ads_errstr(rc))); ret = NT_STATUS_UNSUCCESSFUL; goto done; } - if ( (count = ads_count_replies(ads, res)) == 0 ) { + if ( (count = ads_count_replies(ctx->ads, res)) == 0 ) { DEBUG(10, ("No IDs found\n")); } @@ -549,9 +590,9 @@ again: uint32_t atype; if (i == 0) { /* first entry */ - entry = ads_first_entry(ads, entry); + entry = ads_first_entry(ctx->ads, entry); } else { /* following ones */ - entry = ads_next_entry(ads, entry); + entry = ads_next_entry(ctx->ads, entry); } if ( !entry ) { @@ -560,7 +601,7 @@ again: } /* first check if the SID is present */ - if (!ads_pull_sid(ads, entry, "objectSid", &sid)) { + if (!ads_pull_sid(ctx->ads, entry, "objectSid", &sid)) { DEBUG(2, ("Could not retrieve SID from entry\n")); continue; } @@ -572,7 +613,7 @@ again: } /* get type */ - if (!ads_pull_uint32(ads, entry, "sAMAccountType", &atype)) { + if (!ads_pull_uint32(ctx->ads, entry, "sAMAccountType", &atype)) { DEBUG(1, ("could not get SAM account type\n")); continue; } @@ -592,9 +633,9 @@ again: continue; } - if (!ads_pull_uint32(ads, entry, (type==ID_TYPE_UID) ? - ad_schema->posix_uidnumber_attr : - ad_schema->posix_gidnumber_attr, + if (!ads_pull_uint32(ctx->ads, entry, (type==ID_TYPE_UID) ? + ctx->ad_schema->posix_uidnumber_attr : + ctx->ad_schema->posix_gidnumber_attr, &id)) { DEBUG(1, ("Could not get unix ID\n")); @@ -619,7 +660,7 @@ again: } if (res) { - ads_msgfree(ads, res); + ads_msgfree(ctx->ads, res); } if (ids[idx]) { /* still some values to map */ @@ -644,16 +685,18 @@ done: static NTSTATUS idmap_ad_close(struct idmap_domain *dom) { - ADS_STRUCT *ads = ad_idmap_ads; + struct idmap_ad_context * ctx; + + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - if (ads != NULL) { + if (ctx->ads != NULL) { /* we own this ADS_STRUCT so make sure it goes away */ - ads->is_mine = True; - ads_destroy( &ads ); - ad_idmap_ads = NULL; + ctx->ads->is_mine = True; + ads_destroy( &ctx->ads ); + ctx->ads = NULL; } - TALLOC_FREE( ad_schema ); + TALLOC_FREE( ctx->ad_schema ); return NT_STATUS_OK; } @@ -678,43 +721,69 @@ static const char *ad_map_type_string(enum wb_posix_mapping map_type) switch (map_type) { case WB_POSIX_MAP_TEMPLATE: return wb_posix_map_template_string; - break; case WB_POSIX_MAP_SFU: return wb_posix_map_sfu_string; - break; case WB_POSIX_MAP_SFU20: return wb_posix_map_sfu20_string; - break; case WB_POSIX_MAP_RFC2307: return wb_posix_map_rfc2307_string; - break; case WB_POSIX_MAP_UNIXINFO: return wb_posix_map_unixinfo_string; - break; default: - return WB_POSIX_MAP_UNKNOWN; + return wb_posix_map_unknown_string; } } static NTSTATUS nss_ad_generic_init(struct nss_domain_entry *e, enum wb_posix_mapping new_ad_map_type) { - /* Sanity check if we have previously been called with a - different schema model */ + struct idmap_domain *dom; + struct idmap_ad_context *ctx; + + if (e->state != NULL) { + dom = talloc_get_type(e->state, struct idmap_domain); + } else { + dom = TALLOC_ZERO_P(e, struct idmap_domain); + if (dom == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + e->state = dom; + } + + if (e->domain != NULL) { + dom->name = talloc_strdup(dom, e->domain); + if (dom->name == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + } + + if (dom->private_data != NULL) { + ctx = talloc_get_type(dom->private_data, + struct idmap_ad_context); + } else { + ctx = TALLOC_ZERO_P(dom, struct idmap_ad_context); + if (ctx == NULL) { + DEBUG(0, ("Out of memory!\n")); + return NT_STATUS_NO_MEMORY; + } + ctx->ad_map_type = WB_POSIX_MAP_RFC2307; + dom->private_data = ctx; + } - if ( (ad_map_type != WB_POSIX_MAP_UNKNOWN) && - (ad_map_type != new_ad_map_type)) + if ((ctx->ad_map_type != WB_POSIX_MAP_UNKNOWN) && + (ctx->ad_map_type != new_ad_map_type)) { - DEBUG(0,("nss_ad_generic_init: " - "Cannot set Posix map type to %s. " - "Map type has already been set to %s." - "Mixed schema models not supported!\n", - ad_map_type_string(new_ad_map_type), - ad_map_type_string(ad_map_type))); - return NT_STATUS_NOT_SUPPORTED; + DEBUG(2, ("nss_ad_generic_init: " + "Warning: overriding previously set posix map type " + "%s for domain %s with map type %s.\n", + ad_map_type_string(ctx->ad_map_type), + dom->name, + ad_map_type_string(new_ad_map_type))); } - ad_map_type = new_ad_map_type; + ctx->ad_map_type = new_ad_map_type; return NT_STATUS_OK; } @@ -737,6 +806,7 @@ static NTSTATUS nss_rfc2307_init( struct nss_domain_entry *e ) /************************************************************************ ***********************************************************************/ + static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, const DOM_SID *sid, TALLOC_CTX *mem_ctx, @@ -747,7 +817,6 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, char **gecos, uint32 *gid ) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {NULL, /* attr_homedir */ NULL, /* attr_shell */ NULL, /* attr_gecos */ @@ -758,18 +827,24 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *sidstr = NULL; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; } - /* We are assuming that the internal ADS_STRUCT is for the - same forest as the incoming *ads pointer */ + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); - ads_internal = ad_idmap_cached_connection(); + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if ( !ads_internal || !ad_schema ) { + if (!ctx->ad_schema) { + DEBUG(10, ("nss_ad_get_info: no ad_schema configured!\n")); return NT_STATUS_OBJECT_NAME_NOT_FOUND; } @@ -780,12 +855,15 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* See if we can use the ADS connection struct swe were given */ if (ads) { - *homedir = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_homedir_attr ); - *shell = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_shell_attr ); - *gecos = ads_pull_string( ads, mem_ctx, msg, ad_schema->posix_gecos_attr ); + DEBUG(10, ("nss_ad_get_info: using given ads connection and " + "LDAP message (%p)\n", msg)); + + *homedir = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_homedir_attr ); + *shell = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_shell_attr ); + *gecos = ads_pull_string( ads, mem_ctx, msg, ctx->ad_schema->posix_gecos_attr ); if (gid) { - if ( !ads_pull_uint32(ads, msg, ad_schema->posix_gidnumber_attr, gid ) ) + if ( !ads_pull_uint32(ads, msg, ctx->ad_schema->posix_gidnumber_attr, gid ) ) *gid = (uint32)-1; } @@ -795,10 +873,13 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, /* Have to do our own query */ - attrs[0] = ad_schema->posix_homedir_attr; - attrs[1] = ad_schema->posix_shell_attr; - attrs[2] = ad_schema->posix_gecos_attr; - attrs[3] = ad_schema->posix_gidnumber_attr; + DEBUG(10, ("nss_ad_get_info: no ads connection given, doing our " + "own query\n")); + + attrs[0] = ctx->ad_schema->posix_homedir_attr; + attrs[1] = ctx->ad_schema->posix_shell_attr; + attrs[2] = ctx->ad_schema->posix_gecos_attr; + attrs[3] = ctx->ad_schema->posix_gidnumber_attr; sidstr = sid_binstring(sid); filter = talloc_asprintf(mem_ctx, "(objectSid=%s)", sidstr); @@ -809,18 +890,18 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, goto done; } - ads_status = ads_search_retry(ads_internal, &msg_internal, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg_internal, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - *homedir = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_homedir_attr); - *shell = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_shell_attr); - *gecos = ads_pull_string(ads_internal, mem_ctx, msg_internal, ad_schema->posix_gecos_attr); + *homedir = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_homedir_attr); + *shell = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_shell_attr); + *gecos = ads_pull_string(ctx->ads, mem_ctx, msg_internal, ctx->ad_schema->posix_gecos_attr); if (gid) { - if (!ads_pull_uint32(ads_internal, msg_internal, ad_schema->posix_gidnumber_attr, gid)) + if (!ads_pull_uint32(ctx->ads, msg_internal, ctx->ad_schema->posix_gidnumber_attr, gid)) *gid = (uint32)-1; } @@ -828,7 +909,7 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, done: if (msg_internal) { - ads_msgfree(ads_internal, msg_internal); + ads_msgfree(ctx->ads, msg_internal); } return nt_status; @@ -842,13 +923,14 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, const char *name, char **alias) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {NULL, /* attr_uid */ NULL }; char *filter = NULL; LDAPMessage *msg = NULL; ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Check incoming parameters */ @@ -864,14 +946,20 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - ads_internal = ad_idmap_cached_connection(); + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if (!ads_internal || !ad_schema) { + if (!ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } - attrs[0] = ad_schema->posix_uid_attr; + attrs[0] = ctx->ad_schema->posix_uid_attr; filter = talloc_asprintf(mem_ctx, "(sAMAccountName=%s)", @@ -881,13 +969,13 @@ static NTSTATUS nss_ad_map_to_alias(TALLOC_CTX *mem_ctx, goto done; } - ads_status = ads_search_retry(ads_internal, &msg, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - *alias = ads_pull_string(ads_internal, mem_ctx, msg, ad_schema->posix_uid_attr ); + *alias = ads_pull_string(ctx->ads, mem_ctx, msg, ctx->ad_schema->posix_uid_attr); if (!*alias) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -900,7 +988,7 @@ done: talloc_destroy(filter); } if (msg) { - ads_msgfree(ads_internal, msg); + ads_msgfree(ctx->ads, msg); } return nt_status; @@ -914,7 +1002,6 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, const char *alias, char **name ) { - ADS_STRUCT *ads_internal = NULL; const char *attrs[] = {"sAMAccountName", NULL }; char *filter = NULL; @@ -922,6 +1009,8 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, ADS_STATUS ads_status = ADS_ERROR_NT(NT_STATUS_UNSUCCESSFUL); NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; char *username; + struct idmap_domain *dom; + struct idmap_ad_context *ctx; /* Check incoming parameters */ @@ -937,29 +1026,35 @@ static NTSTATUS nss_ad_map_from_alias( TALLOC_CTX *mem_ctx, goto done; } - ads_internal = ad_idmap_cached_connection(); + dom = talloc_get_type(e->state, struct idmap_domain); + ctx = talloc_get_type(dom->private_data, struct idmap_ad_context); + + ads_status = ad_idmap_cached_connection(dom); + if (!ADS_ERR_OK(ads_status)) { + return NT_STATUS_OBJECT_NAME_NOT_FOUND; + } - if (!ads_internal || !ad_schema) { + if (!ctx->ad_schema) { nt_status = NT_STATUS_OBJECT_PATH_NOT_FOUND; goto done; } filter = talloc_asprintf(mem_ctx, "(%s=%s)", - ad_schema->posix_uid_attr, + ctx->ad_schema->posix_uid_attr, alias); if (!filter) { nt_status = NT_STATUS_NO_MEMORY; goto done; } - ads_status = ads_search_retry(ads_internal, &msg, filter, attrs); + ads_status = ads_search_retry(ctx->ads, &msg, filter, attrs); if (!ADS_ERR_OK(ads_status)) { nt_status = ads_ntstatus(ads_status); goto done; } - username = ads_pull_string(ads_internal, mem_ctx, msg, + username = ads_pull_string(ctx->ads, mem_ctx, msg, "sAMAccountName"); if (!username) { return NT_STATUS_OBJECT_NAME_NOT_FOUND; @@ -980,7 +1075,7 @@ done: talloc_destroy(filter); } if (msg) { - ads_msgfree(ads_internal, msg); + ads_msgfree(ctx->ads, msg); } return nt_status; -- cgit From 82ee6d2f7d254a704574744bf9f25dcb0e2ab7cf Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:50:26 +0100 Subject: s3:winbindd/idmap_ad: add entry debug message to nss_ad_get_info() Michael --- source3/winbindd/idmap_ad.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/idmap_ad.c b/source3/winbindd/idmap_ad.c index 967a36b3ce..05d7d98cae 100644 --- a/source3/winbindd/idmap_ad.c +++ b/source3/winbindd/idmap_ad.c @@ -830,6 +830,9 @@ static NTSTATUS nss_ad_get_info( struct nss_domain_entry *e, struct idmap_domain *dom; struct idmap_ad_context *ctx; + DEBUG(10, ("nss_ad_get_info called for sid [%s] in domain '%s'\n", + sid_string_dbg(sid), e->domain?e->domain:"NULL")); + /* Only do query if we are online */ if (idmap_is_offline()) { return NT_STATUS_FILE_IS_OFFLINE; -- cgit From 1048c2ccbea1ce76719a6ac320ec9104e896db8f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:54:42 +0100 Subject: s3:winbindd/nss_info: add debugging to nss_init() Michael --- source3/winbindd/nss_info.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index c35df4fbed..7df1eeeb01 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -158,6 +158,9 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) continue; } + DEBUG(10, ("parsed backend = '%s', domain = '%s'\n", + backend, domain)); + /* validate the backend */ if ( (nss_backend = nss_get_backend( backend )) == NULL ) { @@ -197,6 +200,10 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) nss_domain->domain)); } + DEBUG(10, ("nss_init: nss domain initialized: " + "domain = '%s', backend = '%s'\n", + domain, backend)); + /* cleanup */ SAFE_FREE( backend ); -- cgit From 09d05bcffe9553d28876daed86ea0761f2506997 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 22:57:41 +0100 Subject: s3:winbindd/nss_info: add entry debug message to nss_get_info() Michael --- source3/winbindd/nss_info.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 7df1eeeb01..245274b238 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -273,6 +273,9 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) struct nss_domain_entry *p; struct nss_info_methods *m; + DEBUG(10, ("nss_get_info called for sid [%s] in domain '%s'\n", + sid_string_dbg(user_sid), domain?domain:"NULL")); + if ( (p = find_nss_domain( domain )) == NULL ) { DEBUG(4,("nss_get_info: Failed to find nss domain pointer for %s\n", domain )); -- cgit From af6f1b4085d82e44277b2505875f667065586eb6 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Sun, 30 Nov 2008 23:00:19 +0100 Subject: s3:winbindd_cache: add debugging to get_nss_info_cached() Michael --- source3/winbindd/winbindd_cache.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3') diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c index 360e915bc4..2f4a6ffe56 100644 --- a/source3/winbindd/winbindd_cache.c +++ b/source3/winbindd/winbindd_cache.c @@ -4222,7 +4222,14 @@ do_query: nt_status = nss_get_info( domain->name, user_sid, ctx, ads, msg, homedir, shell, gecos, p_gid ); + DEBUG(10, ("nss_get_info returned %s\n", nt_errstr(nt_status))); + if ( NT_STATUS_IS_OK(nt_status) ) { + DEBUG(10, ("result:\n\thomedir = '%s'\n", *homedir)); + DEBUGADD(10, ("\tshell = '%s'\n", *shell)); + DEBUGADD(10, ("\tgecos = '%s'\n", *gecos)); + DEBUGADD(10, ("\tgid = '%u'\n", *p_gid)); + wcache_save_user_pwinfo( domain, nt_status, user_sid, *homedir, *shell, *gecos, *p_gid ); } -- cgit From a7e60befdce5f6d131cbe5789cc94dbd2624fd38 Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 00:56:50 +0100 Subject: s3:winbindd/nss_info: whitespace cleanup. Remove trailing spaces and fix tab / space mixup. Michael --- source3/winbindd/nss_info.c | 68 ++++++++++++++++++++++----------------------- 1 file changed, 33 insertions(+), 35 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 245274b238..29393a565e 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -1,4 +1,4 @@ -/* +/* Unix SMB/CIFS implementation. Idmap NSS headers @@ -8,12 +8,12 @@ modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. - + This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public License for more details. - + You should have received a copy of the GNU Lesser General Public License along with this program. If not, see . */ @@ -48,14 +48,14 @@ static struct nss_function_entry *nss_get_backend(const char *name ) { struct nss_function_entry *entry; - if ((version != SMB_NSS_INFO_INTERFACE_VERSION)) { + if ((version != SMB_NSS_INFO_INTERFACE_VERSION)) { DEBUG(0, ("smb_register_idmap_nss: Failed to register idmap_nss module.\n" - "The module was compiled against SMB_NSS_INFO_INTERFACE_VERSION %d,\n" - "current SMB_NSS_INFO_INTERFACE_VERSION is %d.\n" - "Please recompile against the current version of samba!\n", + "The module was compiled against SMB_NSS_INFO_INTERFACE_VERSION %d,\n" + "current SMB_NSS_INFO_INTERFACE_VERSION is %d.\n" + "Please recompile against the current version of samba!\n", version, SMB_NSS_INFO_INTERFACE_VERSION)); return NT_STATUS_OBJECT_TYPE_MISMATCH; - } + } if (!name || !name[0] || !methods) { DEBUG(0,("smb_register_idmap_nss: called with NULL pointer or empty name!\n")); @@ -89,12 +89,12 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) int len; *backend = *domain = NULL; - + if ( !config ) return False; - + p = strchr( config, ':' ); - + /* if no : then the string must be the backend name only */ if ( !p ) { @@ -107,13 +107,13 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( strlen(p+1) > 0 ) { *domain = SMB_STRDUP( p+1 ); } - + len = PTR_DIFF(p,config)+1; if ( (q = SMB_MALLOC_ARRAY( char, len )) == NULL ) { SAFE_FREE( *backend ); return False; } - + StrnCpy( q, config, len-1); q[len-1] = '\0'; *backend = q; @@ -122,7 +122,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) } /******************************************************************** - Each nss backend must not store global state, but rather be able + Each nss backend must not store global state, but rather be able to initialize the state on a per domain basis. *******************************************************************/ @@ -139,12 +139,12 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( NT_STATUS_IS_OK(nss_initialized) ) return NT_STATUS_OK; - + /* The "template" backend should alqays be registered as it is a static module */ if ( (nss_backend = nss_get_backend( "template" )) == NULL ) { - static_init_nss_info; + static_init_nss_info; } /* Create the list of nss_domains (loading any shared plugins @@ -152,10 +152,10 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) for ( i=0; nss_list && nss_list[i]; i++ ) { - if ( !parse_nss_parm(nss_list[i], &backend, &domain) ) { + if ( !parse_nss_parm(nss_list[i], &backend, &domain) ) { DEBUG(0,("nss_init: failed to parse \"%s\"!\n", nss_list[i])); - continue; + continue; } DEBUG(10, ("parsed backend = '%s', domain = '%s'\n", @@ -169,17 +169,16 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) if ( !NT_STATUS_IS_OK(status) ) { continue; } - + /* try again */ if ( (nss_backend = nss_get_backend( backend )) == NULL ) { DEBUG(0,("nss_init: unregistered backend %s!. Skipping\n", backend)); continue; } - } - /* fill in the nss_domain_entry and add it to the + /* fill in the nss_domain_entry and add it to the list of domains */ nss_domain = TALLOC_ZERO_P( nss_domain_list, struct nss_domain_entry ); @@ -187,15 +186,15 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) DEBUG(0,("nss_init: talloc() failure!\n")); return NT_STATUS_NO_MEMORY; } - + nss_domain->backend = nss_backend; nss_domain->domain = talloc_strdup( nss_domain, domain ); /* Try to init and ave the result */ nss_domain->init_status = nss_domain->backend->methods->init( nss_domain ); - DLIST_ADD( nss_domain_list, nss_domain ); - if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { + DLIST_ADD( nss_domain_list, nss_domain ); + if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { DEBUG(0,("nss_init: Failed to init backend for %s domain!\n", nss_domain->domain)); } @@ -207,7 +206,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) /* cleanup */ SAFE_FREE( backend ); - SAFE_FREE( domain ); + SAFE_FREE( domain ); } if ( !nss_domain_list ) { @@ -217,10 +216,9 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) /* we shouild default to use template here */ } - - + nss_initialized = NT_STATUS_OK; - + return NT_STATUS_OK; } @@ -229,7 +227,7 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) static struct nss_domain_entry *find_nss_domain( const char *domain ) { - NTSTATUS status; + NTSTATUS status; struct nss_domain_entry *p; status = nss_init( lp_winbind_nss_info() ); @@ -238,20 +236,20 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) nt_errstr(status))); return NULL; } - + for ( p=nss_domain_list; p; p=p->next ) { if ( strequal( p->domain, domain ) ) break; } - + /* If we didn't find a match, then use the default nss info */ if ( !p ) { if ( !nss_domain_list ) { return NULL; } - - p = nss_domain_list; + + p = nss_domain_list; } if ( !NT_STATUS_IS_OK( p->init_status ) ) { @@ -281,10 +279,10 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) domain )); return NT_STATUS_NOT_FOUND; } - + m = p->backend->methods; - return m->get_nss_info( p, user_sid, ctx, ads, msg, + return m->get_nss_info( p, user_sid, ctx, ads, msg, homedir, shell, gecos, p_gid ); } -- cgit From 37be1f6d086084206b5153a15c2ac2e18793cceb Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 02:01:44 +0100 Subject: s3:winbindd/nss_info: fix default backend handling for ad backends. This fixes "winbind nss info = rfc2307" (or sfu or sfu20). Originally, only explicitly configured domains (like "rfc2307:domain") worked with the ad module, since the domain name was not passed backe to the module. This is fixed by recording the first backend listed without domain in the "winbind nss info" parameter as the default backend, and creating new nss_domain entries (using this default backend) on the fly as requests for domains which are not explicitly configured are encountered. Michael --- source3/winbindd/nss_info.c | 84 ++++++++++++++++++++++++++++++++------------- 1 file changed, 61 insertions(+), 23 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 29393a565e..a7b642440f 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -3,6 +3,7 @@ Idmap NSS headers Copyright (C) Gerald Carter 2006 + Copyright (C) Michael Adam 2008 This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public @@ -22,6 +23,7 @@ #include "nss_info.h" static struct nss_function_entry *backends = NULL; +static struct nss_function_entry *default_backend = NULL; static struct nss_domain_entry *nss_domain_list = NULL; /********************************************************************** @@ -121,6 +123,42 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) return True; } +NTSTATUS nss_domain_list_add_domain(const char *domain, + struct nss_function_entry *nss_backend) +{ + struct nss_domain_entry *nss_domain; + + nss_domain = TALLOC_ZERO_P(nss_domain_list, struct nss_domain_entry); + if (!nss_domain) { + DEBUG(0, ("nss_domain_list_add_domain: talloc() failure!\n")); + return NT_STATUS_NO_MEMORY; + } + + nss_domain->backend = nss_backend; + if (domain) { + nss_domain->domain = talloc_strdup(nss_domain, domain); + if (!nss_domain->domain) { + DEBUG(0, ("nss_domain_list_add_domain: talloc() " + "failure!\n")); + TALLOC_FREE(nss_domain); + return NT_STATUS_NO_MEMORY; + } + } + + nss_domain->init_status = nss_domain->backend->methods->init(nss_domain); + if (!NT_STATUS_IS_OK(nss_domain->init_status)) { + DEBUG(0, ("nss_init: Failed to init backend '%s' for domain " + "'%s'!\n", nss_backend->name, nss_domain->domain)); + } + + DLIST_ADD(nss_domain_list, nss_domain); + + DEBUG(10, ("Added domain '%s' with backend '%s' to nss_domain_list.\n", + domain, nss_backend->name)); + + return NT_STATUS_OK; +} + /******************************************************************** Each nss backend must not store global state, but rather be able to initialize the state on a per domain basis. @@ -178,31 +216,21 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) } } - /* fill in the nss_domain_entry and add it to the - list of domains */ - - nss_domain = TALLOC_ZERO_P( nss_domain_list, struct nss_domain_entry ); - if ( !nss_domain ) { - DEBUG(0,("nss_init: talloc() failure!\n")); - return NT_STATUS_NO_MEMORY; + /* + * The first config item of the list without an explicit domain + * is treated as the default nss info backend. + */ + if ((domain == NULL) && (default_backend == NULL)) { + DEBUG(10, ("nss_init: using '%s' as default backend.\n", + backend)); + default_backend = nss_backend; } - nss_domain->backend = nss_backend; - nss_domain->domain = talloc_strdup( nss_domain, domain ); - - /* Try to init and ave the result */ - - nss_domain->init_status = nss_domain->backend->methods->init( nss_domain ); - DLIST_ADD( nss_domain_list, nss_domain ); - if ( !NT_STATUS_IS_OK(nss_domain->init_status) ) { - DEBUG(0,("nss_init: Failed to init backend for %s domain!\n", - nss_domain->domain)); + status = nss_domain_list_add_domain(domain, nss_backend); + if (!NT_STATUS_IS_OK(status)) { + return status; } - DEBUG(10, ("nss_init: nss domain initialized: " - "domain = '%s', backend = '%s'\n", - domain, backend)); - /* cleanup */ SAFE_FREE( backend ); @@ -242,13 +270,23 @@ static struct nss_domain_entry *find_nss_domain( const char *domain ) break; } - /* If we didn't find a match, then use the default nss info */ + /* If we didn't find a match, then use the default nss backend */ if ( !p ) { - if ( !nss_domain_list ) { + if (!default_backend) { + return NULL; + } + + status = nss_domain_list_add_domain(domain, default_backend); + if (!NT_STATUS_IS_OK(status)) { return NULL; } + /* + * HACK ALERT: + * Here, we use the fact that the new domain was added at + * the beginning of the list... + */ p = nss_domain_list; } -- cgit From c77435caaf46734429fc3cea2e612cc17ca0d7ae Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:22:02 +0100 Subject: s3:winbindd/nss_info: make nss_domain_list_add_domain() static Michael --- source3/winbindd/nss_info.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index a7b642440f..8ba9b079c1 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -123,8 +123,8 @@ static bool parse_nss_parm( const char *config, char **backend, char **domain ) return True; } -NTSTATUS nss_domain_list_add_domain(const char *domain, - struct nss_function_entry *nss_backend) +static NTSTATUS nss_domain_list_add_domain(const char *domain, + struct nss_function_entry *nss_backend) { struct nss_domain_entry *nss_domain; -- cgit From 0744c32678da3757d5e16802e4c153bae72b961a Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 04:22:33 +0100 Subject: s3:winbindd/nss_info: remove unused variable from nss_init() Michael --- source3/winbindd/nss_info.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3') diff --git a/source3/winbindd/nss_info.c b/source3/winbindd/nss_info.c index 8ba9b079c1..734c009602 100644 --- a/source3/winbindd/nss_info.c +++ b/source3/winbindd/nss_info.c @@ -171,7 +171,6 @@ static NTSTATUS nss_domain_list_add_domain(const char *domain, int i; char *backend, *domain; struct nss_function_entry *nss_backend; - struct nss_domain_entry *nss_domain; /* check for previous successful initializations */ -- cgit From 7bd7846df7a28b9a066fd4d862de0e4d81aadb86 Mon Sep 17 00:00:00 2001 From: Steven Danneman Date: Sun, 30 Nov 2008 16:26:10 -0800 Subject: Make nt4_compatible_acls() non-static for use by VFS ACL modules. --- source3/include/proto.h | 1 + source3/smbd/posix_acls.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index 2dd9b61b56..4bc524f40a 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -8226,6 +8226,7 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req); /* The following definitions come from smbd/posix_acls.c */ void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid); +bool nt4_compatible_acls(void); NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd); SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl); NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0529d2765e..97fd3b2bbe 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -870,7 +870,7 @@ static void merge_aces( canon_ace **pp_list_head ) Check if we need to return NT4.x compatible ACL entries. ****************************************************************************/ -static bool nt4_compatible_acls(void) +bool nt4_compatible_acls(void) { int compat = lp_acl_compatibility(); -- cgit From e021ecea45bbd41fb671d3f0cb8f5c271f14ba7f Mon Sep 17 00:00:00 2001 From: Michael Adam Date: Mon, 1 Dec 2008 06:20:22 +0100 Subject: s3:vfs_tsmsm: fix potential segfault (freeing uninitialized buffer) Michael --- source3/modules/vfs_tsmsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_tsmsm.c b/source3/modules/vfs_tsmsm.c index ee958b1be5..6fb1d1d2d4 100644 --- a/source3/modules/vfs_tsmsm.c +++ b/source3/modules/vfs_tsmsm.c @@ -148,7 +148,7 @@ static bool tsmsm_is_offline(struct vfs_handle_struct *handle, dm_attrname_t dmname; int ret, lerrno; bool offline; - char *buf; + char *buf = NULL; size_t buflen; /* if the file has more than FILE_IS_ONLINE_RATIO of blocks available, -- cgit From 81fc50b4867acf63e624abeda8b3b48c4d300f93 Mon Sep 17 00:00:00 2001 From: Bo Yang Date: Tue, 2 Dec 2008 08:37:27 +0800 Subject: Fix script installmo.sh when no .po file exists --- source3/script/installmo.sh | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3') diff --git a/source3/script/installmo.sh b/source3/script/installmo.sh index a1f9c58e27..9c4ab1eefe 100644 --- a/source3/script/installmo.sh +++ b/source3/script/installmo.sh @@ -24,6 +24,10 @@ for dir in $SRCDIR/locale/*; do for f in $SRCDIR/locale/$MODULE/*.po; do BASE=`basename $f` LANGUAGE=`echo $BASE | sed 's/\.po//g'` + if test "$LANGUAGE" = '*'; then + echo "No .po file exists!" + exit 0 + fi FNAME="$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/$MODULE.mo" if test ! -d "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/"; then mkdir -p "$DESTDIR/$LOCALEDIR/$LANGUAGE/LC_MESSAGES/" -- cgit From 4f0661ace8c83be6686d7f81af77ccf243dbb992 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Mon, 1 Dec 2008 17:35:19 +0100 Subject: Fix a debug message, append the correct \n --- source3/smbd/trans2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 4dc2001042..9719d5c386 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -1135,7 +1135,7 @@ static uint32 unix_filetype(mode_t mode) return UNIX_TYPE_SOCKET; #endif - DEBUG(0,("unix_filetype: unknown filetype %u", (unsigned)mode)); + DEBUG(0,("unix_filetype: unknown filetype %u\n", (unsigned)mode)); return UNIX_TYPE_UNKNOWN; } -- cgit From c7c591c19fc4d17a900a0f15df9973b801c076c3 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 19:50:26 +0100 Subject: s3-samr: modify logging in _samr_Connect2 so that it can be called from other calls as well. Guenther --- source3/rpc_server/srv_samr_nt.c | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index c45be02ab8..11aa4e3609 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3478,14 +3478,26 @@ NTSTATUS _samr_Connect2(pipes_struct *p, uint32 des_access = r->in.access_mask; NTSTATUS nt_status; size_t sd_size; + const char *fn = "_samr_Connect2"; + switch (p->hdr_req.opnum) { + case NDR_SAMR_CONNECT2: + fn = "_samr_Connect2"; + break; + case NDR_SAMR_CONNECT4: + fn = "_samr_Connect4"; + break; + case NDR_SAMR_CONNECT5: + fn = "_samr_Connect5"; + break; + } - DEBUG(5,("_samr_Connect2: %d\n", __LINE__)); + DEBUG(5,("%s: %d\n", fn, __LINE__)); /* Access check */ if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to _samr_Connect2\n")); + DEBUG(3, ("access denied to %s\n", fn)); return NT_STATUS_ACCESS_DENIED; } @@ -3495,7 +3507,7 @@ NTSTATUS _samr_Connect2(pipes_struct *p, se_map_generic(&des_access, &sam_generic_mapping); nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect2"); + NULL, 0, des_access, &acc_granted, fn); if ( !NT_STATUS_IS_OK(nt_status) ) return nt_status; @@ -3511,7 +3523,7 @@ NTSTATUS _samr_Connect2(pipes_struct *p, if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) return NT_STATUS_OBJECT_NAME_NOT_FOUND; - DEBUG(5,("_samr_Connect2: %d\n", __LINE__)); + DEBUG(5,("%s: %d\n", fn, __LINE__)); return nt_status; } -- cgit From 24fec0a8d727a51ffe214af5ee62bb7a730ce539 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 19:51:27 +0100 Subject: s3-samr: avoid code duplication for identical code in _samr_Connect2, 4 and 5. Guenther --- source3/rpc_server/srv_samr_nt.c | 93 +++++++--------------------------------- 1 file changed, 15 insertions(+), 78 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 11aa4e3609..4b913bace1 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3535,48 +3535,13 @@ NTSTATUS _samr_Connect2(pipes_struct *p, NTSTATUS _samr_Connect4(pipes_struct *p, struct samr_Connect4 *r) { - struct samr_info *info = NULL; - SEC_DESC *psd = NULL; - uint32 acc_granted; - uint32 des_access = r->in.access_mask; - NTSTATUS nt_status; - size_t sd_size; - - - DEBUG(5,("_samr_Connect4: %d\n", __LINE__)); - - /* Access check */ - - if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to samr_Connect4\n")); - return NT_STATUS_ACCESS_DENIED; - } - - map_max_allowed_access(p->server_info->ptok, &des_access); - - make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); - se_map_generic(&des_access, &sam_generic_mapping); + struct samr_Connect2 c; - nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect4"); - - if ( !NT_STATUS_IS_OK(nt_status) ) - return nt_status; - - /* associate the user's SID and access granted with the new handle. */ - if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; - - info->acc_granted = acc_granted; - info->status = r->in.access_mask; /* ??? */ - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - DEBUG(5,("_samr_Connect4: %d\n", __LINE__)); + c.in.system_name = r->in.system_name; + c.in.access_mask = r->in.access_mask; + c.out.connect_handle = r->out.connect_handle; - return NT_STATUS_OK; + return _samr_Connect2(p, &c); } /******************************************************************* @@ -3586,50 +3551,22 @@ NTSTATUS _samr_Connect4(pipes_struct *p, NTSTATUS _samr_Connect5(pipes_struct *p, struct samr_Connect5 *r) { - struct samr_info *info = NULL; - SEC_DESC *psd = NULL; - uint32 acc_granted; - uint32 des_access = r->in.access_mask; - NTSTATUS nt_status; - size_t sd_size; + NTSTATUS status; + struct samr_Connect2 c; struct samr_ConnectInfo1 info1; - DEBUG(5,("_samr_Connect5: %d\n", __LINE__)); + info1.client_version = SAMR_CONNECT_AFTER_W2K; + info1.unknown2 = 0; - /* Access check */ + c.in.system_name = r->in.system_name; + c.in.access_mask = r->in.access_mask; + c.out.connect_handle = r->out.connect_handle; - if (!pipe_access_check(p)) { - DEBUG(3, ("access denied to samr_Connect5\n")); - return NT_STATUS_ACCESS_DENIED; + status = _samr_Connect2(p, &c); + if (!NT_STATUS_IS_OK(status)) { + return status; } - map_max_allowed_access(p->server_info->ptok, &des_access); - - make_samr_object_sd(p->mem_ctx, &psd, &sd_size, &sam_generic_mapping, NULL, 0); - se_map_generic(&des_access, &sam_generic_mapping); - - nt_status = access_check_samr_object(psd, p->server_info->ptok, - NULL, 0, des_access, &acc_granted, "_samr_Connect5"); - - if ( !NT_STATUS_IS_OK(nt_status) ) - return nt_status; - - /* associate the user's SID and access granted with the new handle. */ - if ((info = get_samr_info_by_sid(NULL)) == NULL) - return NT_STATUS_NO_MEMORY; - - info->acc_granted = acc_granted; - info->status = r->in.access_mask; /* ??? */ - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, r->out.connect_handle, free_samr_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - DEBUG(5,("_samr_Connect5: %d\n", __LINE__)); - - info1.client_version = SAMR_CONNECT_AFTER_W2K; - info1.unknown2 = 0; - *r->out.level_out = 1; r->out.info_out->info1 = info1; -- cgit From 49a8bd5e14fdb78197fc821fca72f0ba201f5f39 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:01:09 -0800 Subject: s3:smbd: '|' isn't allowed in windows filenames metze --- source3/smbd/reply.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 1f99db2de4..d23f9c106e 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -119,7 +119,7 @@ static NTSTATUS check_path_syntax_internal(char *path, if (!(*s & 0x80)) { if (!posix_path) { - if (*s <= 0x1f) { + if (*s <= 0x1f || *s == '|') { return NT_STATUS_OBJECT_NAME_INVALID; } switch (*s) { -- cgit From edde763d3f981f9ccdf65feffd85a591fb1708c1 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:22:55 -0800 Subject: s3:smbd: correctly verify stream names to pass RAW-STREAMS metze --- source3/smbd/reply.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index d23f9c106e..a1833b55df 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -52,11 +52,45 @@ static NTSTATUS check_path_syntax_internal(char *path, const char *s = path; NTSTATUS ret = NT_STATUS_OK; bool start_of_name_component = True; + bool stream_started = false; *p_last_component_contains_wcard = False; while (*s) { - if (IS_PATH_SEP(*s,posix_path)) { + if (stream_started) { + switch (*s) { + case '/': + case '\\': + return NT_STATUS_OBJECT_NAME_INVALID; + case ':': + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (strchr_m(&s[1], ':')) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + if (StrCaseCmp(s, ":$DATA") != 0) { + return NT_STATUS_INVALID_PARAMETER; + } + break; + } + } + + if (!stream_started && *s == ':') { + if (*p_last_component_contains_wcard) { + return NT_STATUS_OBJECT_NAME_INVALID; + } + /* stream names allow more characters than file names */ + stream_started = true; + start_of_name_component = false; + posix_path = true; + + if (s[1] == '\0') { + return NT_STATUS_OBJECT_NAME_INVALID; + } + } + + if (!stream_started && IS_PATH_SEP(*s,posix_path)) { /* * Safe to assume is not the second part of a mb char * as this is handled below. -- cgit From 936037c7dabab1654d4d5e398b2a6ef2d640fc17 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:27:47 -0800 Subject: s3:smbd: wildcard characters are allowed in stream names We only check the filename of the basefile now. metze --- source3/smbd/open.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a6867e077c..a8cc5c9118 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -332,6 +332,7 @@ static NTSTATUS open_file(files_struct *fsp, if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) || (!file_existed && (local_flags & O_CREAT)) || ((local_flags & O_TRUNC) == O_TRUNC) ) { + const char *wild; /* * We can't actually truncate here as the file may be locked. @@ -353,8 +354,17 @@ static NTSTATUS open_file(files_struct *fsp, #endif /* Don't create files with Microsoft wildcard characters. */ + if (fsp->base_fsp) { + /* + * wildcard characters are allowed in stream names + * only test the basefilename + */ + wild = fsp->base_fsp->fsp_name; + } else { + wild = path; + } if ((local_flags & O_CREAT) && !file_existed && - ms_has_wild(path)) { + ms_has_wild(wild)) { return NT_STATUS_OBJECT_NAME_INVALID; } -- cgit From 0b7430b0541af98fe3661069d93fafca42f321ec Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Mon, 1 Dec 2008 22:20:41 +0100 Subject: s3-samr: fix various potential memleaks in samr_SetUserInfo. Was there any reason why we did all these individual TALLOC_FREEs ? Guenther --- source3/rpc_server/srv_samr_nt.c | 45 ++-------------------------------------- 1 file changed, 2 insertions(+), 43 deletions(-) (limited to 'source3') diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c index 4b913bace1..3b8c3a1547 100644 --- a/source3/rpc_server/srv_samr_nt.c +++ b/source3/rpc_server/srv_samr_nt.c @@ -3774,13 +3774,11 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx, if (id7 == NULL) { DEBUG(5, ("set_user_info_7: NULL id7\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } if (!id7->account_name.string) { DEBUG(5, ("set_user_info_7: failed to get new username\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -3800,7 +3798,6 @@ static NTSTATUS set_user_info_7(TALLOC_CTX *mem_ctx, rc = pdb_rename_sam_account(pwd, id7->account_name.string); - TALLOC_FREE(pwd); return rc; } @@ -3813,23 +3810,18 @@ static bool set_user_info_16(struct samr_UserInfo16 *id16, { if (id16 == NULL) { DEBUG(5, ("set_user_info_16: NULL id16\n")); - TALLOC_FREE(pwd); return False; } /* FIX ME: check if the value is really changed --metze */ if (!pdb_set_acct_ctrl(pwd, id16->acct_flags, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -3842,29 +3834,23 @@ static bool set_user_info_18(struct samr_UserInfo18 *id18, { if (id18 == NULL) { DEBUG(2, ("set_user_info_18: id18 is NULL\n")); - TALLOC_FREE(pwd); return False; } if (!pdb_set_lanman_passwd (pwd, id18->lm_pwd.hash, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_nt_passwd (pwd, id18->nt_pwd.hash, PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_pass_last_set_time (pwd, time(NULL), PDB_CHANGED)) { - TALLOC_FREE(pwd); return False; } if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); return True; } @@ -3884,12 +3870,9 @@ static bool set_user_info_20(struct samr_UserInfo20 *id20, /* write the change out */ if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -3909,7 +3892,6 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, } if (id21->fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -3938,7 +3920,6 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("set_user_info_21: failed to rename account: %s\n", nt_errstr(status))); - TALLOC_FREE(pwd); return status; } @@ -3969,12 +3950,9 @@ static NTSTATUS set_user_info_21(TALLOC_CTX *mem_ctx, /* write the change out */ if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } - TALLOC_FREE(pwd); - return NT_STATUS_OK; } @@ -3997,7 +3975,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, } if (id23->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4012,12 +3989,10 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, &plaintext_buf, &len, STR_UNICODE)) { - TALLOC_FREE(pwd); return NT_STATUS_WRONG_PASSWORD; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4034,7 +4009,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, struct passwd *passwd; if (pdb_get_username(pwd) == NULL) { DEBUG(1, ("chgpasswd: User without name???\n")); - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4044,7 +4018,6 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, } if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } TALLOC_FREE(passwd); @@ -4056,17 +4029,13 @@ static NTSTATUS set_user_info_23(TALLOC_CTX *mem_ctx, if (IS_SAM_CHANGED(pwd, PDB_GROUPSID) && (!NT_STATUS_IS_OK(status = pdb_set_unix_primary_group(mem_ctx, pwd)))) { - TALLOC_FREE(pwd); return status; } if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } - TALLOC_FREE(pwd); - return NT_STATUS_OK; } @@ -4097,12 +4066,10 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, &plaintext_buf, &len, STR_UNICODE)) { - TALLOC_FREE(pwd); return False; } if (!pdb_set_plaintext_passwd (pwd, plaintext_buf)) { - TALLOC_FREE(pwd); return False; } @@ -4118,7 +4085,6 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, if (pdb_get_username(pwd) == NULL) { DEBUG(1, ("chgpasswd: User without name???\n")); - TALLOC_FREE(pwd); return False; } @@ -4128,7 +4094,6 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, } if(!chgpasswd(pdb_get_username(pwd), passwd, "", plaintext_buf, True)) { - TALLOC_FREE(pwd); return False; } TALLOC_FREE(passwd); @@ -4156,12 +4121,9 @@ static bool set_user_info_pw(uint8 *pass, struct samu *pwd, /* update the SAMBA password */ if(!NT_STATUS_IS_OK(pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return False; } - TALLOC_FREE(pwd); - return True; } @@ -4181,7 +4143,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, } if (id25->info.fields_present & SAMR_FIELD_LAST_PWD_CHANGE) { - TALLOC_FREE(pwd); return NT_STATUS_ACCESS_DENIED; } @@ -4189,7 +4150,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, /* write the change out */ if(!NT_STATUS_IS_OK(status = pdb_update_sam_account(pwd))) { - TALLOC_FREE(pwd); return status; } @@ -4208,9 +4168,6 @@ static NTSTATUS set_user_info_25(TALLOC_CTX *mem_ctx, } } - /* WARNING: No TALLOC_FREE(pwd), we are about to set the password - * hereafter! */ - return NT_STATUS_OK; } @@ -4422,6 +4379,8 @@ NTSTATUS _samr_SetUserInfo(pipes_struct *p, done: + TALLOC_FREE(pwd); + if (has_enough_rights) { unbecome_root(); } -- cgit From 8edd7752447e178d2e99b23997d475790efb5af2 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:31:43 -0800 Subject: s3:smbd: construct the correct newname for stream renames The Windows Explorer creates temporary streams and renames them later via SFILEINFO_RENAME_INFO. The newname comes in as ":Stream:$DATA". metze --- source3/smbd/trans2.c | 48 ++++++++++++++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 16 deletions(-) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 9719d5c386..8532c85d7b 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -5353,26 +5353,42 @@ static NTSTATUS smb_file_rename_information(connection_struct *conn, return NT_STATUS_NOT_SUPPORTED; } - /* Create the base directory. */ - base_name = talloc_strdup(ctx, fname); - if (!base_name) { - return NT_STATUS_NO_MEMORY; - } - p = strrchr_m(base_name, '/'); - if (p) { - p[1] = '\0'; + if (fsp && fsp->base_fsp) { + if (newname[0] != ':') { + return NT_STATUS_NOT_SUPPORTED; + } + base_name = talloc_asprintf(ctx, "%s%s", + fsp->base_fsp->fsp_name, + newname); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } } else { - base_name = talloc_strdup(ctx, "./"); + if (is_ntfs_stream_name(newname)) { + return NT_STATUS_NOT_SUPPORTED; + } + + /* Create the base directory. */ + base_name = talloc_strdup(ctx, fname); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } + p = strrchr_m(base_name, '/'); + if (p) { + p[1] = '\0'; + } else { + base_name = talloc_strdup(ctx, "./"); + if (!base_name) { + return NT_STATUS_NO_MEMORY; + } + } + /* Append the new name. */ + base_name = talloc_asprintf_append(base_name, + "%s", + newname); if (!base_name) { return NT_STATUS_NO_MEMORY; } - } - /* Append the new name. */ - base_name = talloc_asprintf_append(base_name, - "%s", - newname); - if (!base_name) { - return NT_STATUS_NO_MEMORY; } if (fsp) { -- cgit From 4659215a00da0e2ef65d98e6feb020c89563cdba Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:35:28 -0800 Subject: s3:smbd: return DELETE_PENDING on path based operations on streams, when the main file was deleted. metze --- source3/smbd/trans2.c | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 8532c85d7b..cc7b87f448 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -3999,6 +3999,46 @@ static void call_trans2qfilepathinfo(connection_struct *conn, return; } + if ((conn->fs_capabilities & FILE_NAMED_STREAMS) + && is_ntfs_stream_name(fname)) { + char *base; + SMB_STRUCT_STAT bsbuf; + + status = split_ntfs_stream_name(talloc_tos(), fname, + &base, NULL); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(10, ("create_file_unixpath: " + "split_ntfs_stream_name failed: %s\n", + nt_errstr(status))); + reply_nterror(req, status); + return; + } + + SMB_ASSERT(!is_ntfs_stream_name(base)); /* paranoia.. */ + + if (INFO_LEVEL_IS_UNIX(info_level)) { + /* Always do lstat for UNIX calls. */ + if (SMB_VFS_LSTAT(conn,base,&bsbuf)) { + DEBUG(3,("call_trans2qfilepathinfo: SMB_VFS_LSTAT of %s failed (%s)\n",base,strerror(errno))); + reply_unixerror(req,ERRDOS,ERRbadpath); + return; + } + } else { + if (SMB_VFS_STAT(conn,base,&bsbuf) != 0) { + DEBUG(3,("call_trans2qfilepathinfo: fileinfo of %s failed (%s)\n",base,strerror(errno))); + reply_unixerror(req,ERRDOS,ERRbadpath); + return; + } + } + + fileid = vfs_file_id_from_sbuf(conn, &bsbuf); + get_file_infos(fileid, &delete_pending, NULL); + if (delete_pending) { + reply_nterror(req, NT_STATUS_DELETE_PENDING); + return; + } + } + if (INFO_LEVEL_IS_UNIX(info_level)) { /* Always do lstat for UNIX calls. */ if (SMB_VFS_LSTAT(conn,fname,&sbuf)) { -- cgit From d1d9dc557434f4eb48cf53269920f43861e8c116 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:45:55 -0800 Subject: s3:smbd: write times should be set on the base file instead of the stream name metze --- source3/smbd/trans2.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index cc7b87f448..7b051d389f 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -4957,7 +4957,11 @@ NTSTATUS smb_set_file_time(connection_struct *conn, time_to_asc(convert_timespec_to_time_t(ts[1])) )); if (fsp != NULL) { - set_sticky_write_time_fsp(fsp, ts[1]); + if (fsp->base_fsp) { + set_sticky_write_time_fsp(fsp->base_fsp, ts[1]); + } else { + set_sticky_write_time_fsp(fsp, ts[1]); + } } else { set_sticky_write_time_path(conn, fname, vfs_file_id_from_sbuf(conn, psbuf), @@ -4967,6 +4971,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn, DEBUG(10,("smb_set_file_time: setting utimes to modified values.\n")); + if (fsp && fsp->base_fsp) { + fname = fsp->base_fsp->fsp_name; + } + if(file_ntimes(conn, fname, ts)!=0) { return map_nt_error_from_unix(errno); } -- cgit From 787b0536b7a8d3b13bcb3b0f1d8f7ef7d99f4561 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:52:28 -0800 Subject: s3:smbd: only try and fallback to open a directory if it's not a stream open metze --- source3/smbd/open.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'source3') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a8cc5c9118..420a65b562 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2927,6 +2927,13 @@ NTSTATUS create_file_unixpath(connection_struct *conn, if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_IS_A_DIRECTORY)) { + /* A stream open never opens a directory */ + + if (base_fsp) { + status = NT_STATUS_FILE_IS_A_DIRECTORY; + goto fail; + } + /* * Fail the open if it was explicitly a non-directory * file. -- cgit From 9ae1a17c95185aab928d3e362c37caf5d752c411 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:54:53 -0800 Subject: s3:streams_xattr: add support for renaming streams metze --- source3/modules/vfs_streams_xattr.c | 143 +++++++++++++++++++++++++++++++++++- 1 file changed, 142 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 2ea5336295..e96f616e31 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -94,7 +94,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10, ("streams_xattr_fstat called for %d\n", fsp->fh->fd)); - if (io == NULL) { + if (io == NULL || fsp->base_fsp == NULL) { return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); } @@ -136,6 +136,10 @@ static int streams_xattr_stat(vfs_handle_struct *handle, const char *fname, return -1; } + if (sname == NULL){ + return SMB_VFS_NEXT_STAT(handle, base, sbuf); + } + if (SMB_VFS_STAT(handle->conn, base, sbuf) == -1) { goto fail; } @@ -183,6 +187,10 @@ static int streams_xattr_lstat(vfs_handle_struct *handle, const char *fname, goto fail; } + if (sname == NULL){ + return SMB_VFS_NEXT_LSTAT(handle, base, sbuf); + } + if (SMB_VFS_LSTAT(handle->conn, base, sbuf) == -1) { goto fail; } @@ -239,6 +247,12 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, goto fail; } + if (sname == NULL) { + hostfd = SMB_VFS_NEXT_OPEN(handle, base, fsp, flags, mode); + talloc_free(frame); + return hostfd; + } + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { @@ -391,6 +405,10 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, const char *fname) goto fail; } + if (sname == NULL){ + return SMB_VFS_NEXT_UNLINK(handle, base); + } + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", SAMBA_XATTR_DOSSTREAM_PREFIX, sname); if (xattr_name == NULL) { @@ -413,6 +431,127 @@ static int streams_xattr_unlink(vfs_handle_struct *handle, const char *fname) return ret; } +static int streams_xattr_rename(vfs_handle_struct *handle, + const char *oldname, + const char *newname) +{ + NTSTATUS status; + TALLOC_CTX *frame = NULL; + char *obase; + char *ostream; + char *nbase; + char *nstream; + const char *base; + int ret = -1; + char *oxattr_name; + char *nxattr_name; + bool o_is_stream; + bool n_is_stream; + ssize_t oret; + ssize_t nret; + struct ea_struct ea; + + o_is_stream = is_ntfs_stream_name(oldname); + n_is_stream = is_ntfs_stream_name(newname); + + if (!o_is_stream && !n_is_stream) { + return SMB_VFS_NEXT_RENAME(handle, oldname, newname); + } + + if (!(o_is_stream && n_is_stream)) { + errno = ENOSYS; + goto fail; + } + + frame = talloc_stackframe(); + if (!frame) { + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), oldname, &obase, &ostream); + if (!NT_STATUS_IS_OK(status)) { + errno = EINVAL; + goto fail; + } + + status = split_ntfs_stream_name(talloc_tos(), newname, &nbase, &nstream); + if (!NT_STATUS_IS_OK(status)) { + errno = EINVAL; + goto fail; + } + + /*TODO: maybe call SMB_VFS_NEXT_RENAME() both streams are NULL (::$DATA) */ + if (ostream == NULL) { + errno = ENOSYS; + goto fail; + } + + if (nstream == NULL) { + errno = ENOSYS; + goto fail; + } + + /* the new base should be empty */ + if (StrCaseCmp(obase, nbase) != 0) { + errno = ENOSYS; + goto fail; + } + + if (StrCaseCmp(ostream, nstream) == 0) { + goto done; + } + + base = obase; + + oxattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, ostream); + if (oxattr_name == NULL) { + errno = ENOMEM; + goto fail; + } + + nxattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, nstream); + if (nxattr_name == NULL) { + errno = ENOMEM; + goto fail; + } + + /* read the old stream */ + status = get_ea_value(talloc_tos(), handle->conn, NULL, + base, oxattr_name, &ea); + if (!NT_STATUS_IS_OK(status)) { + errno = ENOENT; + goto fail; + } + + /* (over)write the new stream */ + nret = SMB_VFS_SETXATTR(handle->conn, base, nxattr_name, + ea.value.data, ea.value.length, 0); + if (nret < 0) { + if (errno == ENOATTR) { + errno = ENOENT; + } + goto fail; + } + + /* remove the old stream */ + oret = SMB_VFS_REMOVEXATTR(handle->conn, base, oxattr_name); + if (oret < 0) { + if (errno == ENOATTR) { + errno = ENOENT; + } + goto fail; + } + + done: + errno = 0; + ret = 0; + fail: + TALLOC_FREE(frame); + return ret; +} + static NTSTATUS walk_xattr_streams(connection_struct *conn, files_struct *fsp, const char *fname, bool (*fn)(struct ea_struct *ea, @@ -761,6 +900,8 @@ static vfs_op_tuple streams_xattr_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_xattr_rename), SMB_VFS_OP_RENAME, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_ftruncate), SMB_VFS_OP_FTRUNCATE, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_xattr_streaminfo), SMB_VFS_OP_STREAMINFO, -- cgit From ce310f666d4896ab2cc13514fc5eb55157028cd0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 13:59:21 -0800 Subject: s3:streams_depot: map 'file::$DATA' to just 'file' metze --- source3/modules/vfs_streams_depot.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 0d6e0e02c1..80c693190c 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -271,6 +271,11 @@ static char *stream_name(vfs_handle_struct *handle, const char *fname, goto fail; } + /* if it's the ::$DATA stream just return the base file name */ + if (!sname) { + return base; + } + dirname = stream_dir(handle, base, NULL, create_dir); if (dirname == NULL) { @@ -410,6 +415,7 @@ static int streams_depot_open(vfs_handle_struct *handle, const char *fname, { TALLOC_CTX *frame; char *base = NULL; + char *sname = NULL; SMB_STRUCT_STAT base_sbuf; char *stream_fname; int ret = -1; @@ -421,11 +427,16 @@ static int streams_depot_open(vfs_handle_struct *handle, const char *fname, frame = talloc_stackframe(); if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), fname, - &base, NULL))) { + &base, &sname))) { errno = ENOMEM; goto done; } + if (!sname) { + ret = SMB_VFS_NEXT_OPEN(handle, base, fsp, flags, mode); + goto done; + } + ret = SMB_VFS_NEXT_STAT(handle, base, &base_sbuf); if (ret == -1) { -- cgit From 549c2cb7a88340be4069a4d60a413627818aee9f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:10:04 -0800 Subject: s3:streams_depot: add support for stream renames metze --- source3/modules/vfs_streams_depot.c | 74 +++++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 80c693190c..f8a8d97743 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -498,6 +498,78 @@ static int streams_depot_unlink(vfs_handle_struct *handle, const char *fname) return SMB_VFS_NEXT_UNLINK(handle, fname); } +static int streams_depot_rename(vfs_handle_struct *handle, + const char *oldname, + const char *newname) +{ + TALLOC_CTX *frame = NULL; + int ret = -1; + bool old_is_stream; + bool new_is_stream; + char *obase = NULL; + char *osname = NULL; + char *nbase = NULL; + char *nsname = NULL; + char *ostream_fname = NULL; + char *nstream_fname = NULL; + + DEBUG(10, ("streams_depot_rename called for %s => %s\n", + oldname, newname)); + + old_is_stream = is_ntfs_stream_name(oldname); + new_is_stream = is_ntfs_stream_name(newname); + + if (!old_is_stream && !new_is_stream) { + return SMB_VFS_NEXT_RENAME(handle, oldname, newname); + } + + if (!(old_is_stream && new_is_stream)) { + errno = ENOSYS; + return -1; + } + + frame = talloc_stackframe(); + + if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), oldname, + &obase, &osname))) { + errno = ENOMEM; + goto done; + } + + if (!NT_STATUS_IS_OK(split_ntfs_stream_name(talloc_tos(), oldname, + &nbase, &nsname))) { + errno = ENOMEM; + goto done; + } + + /* for now don't allow renames from or to the default stream */ + if (!osname || !nsname) { + errno = ENOSYS; + goto done; + } + + if (StrCaseCmp(obase, nbase) != 0) { + errno = ENOSYS; + goto done; + } + + ostream_fname = stream_name(handle, oldname, false); + if (ostream_fname == NULL) { + return -1; + } + + nstream_fname = stream_name(handle, newname, false); + if (nstream_fname == NULL) { + return -1; + } + + ret = SMB_VFS_NEXT_RENAME(handle, ostream_fname, nstream_fname); + +done: + TALLOC_FREE(frame); + return ret; +} + static bool add_one_stream(TALLOC_CTX *mem_ctx, unsigned int *num_streams, struct stream_struct **streams, const char *name, SMB_OFF_T size, @@ -648,6 +720,8 @@ static vfs_op_tuple streams_depot_ops[] = { SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_depot_unlink), SMB_VFS_OP_UNLINK, SMB_VFS_LAYER_TRANSPARENT}, + {SMB_VFS_OP(streams_depot_rename), SMB_VFS_OP_RENAME, + SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(streams_depot_streaminfo), SMB_VFS_OP_STREAMINFO, SMB_VFS_LAYER_OPAQUE}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} -- cgit From d53f82a1cf9a369ae3e657fea845f19313f06eb4 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:11:33 -0800 Subject: s3:streams_depot: fix valgrind bug lp_parm_const_string() doesn't talloc the default value metze --- source3/modules/vfs_streams_depot.c | 1 - 1 file changed, 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index f8a8d97743..9e0a5895ea 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -128,7 +128,6 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, rootdir = lp_parm_const_string( SNUM(handle->conn), "streams_depot", "directory", tmp); - TALLOC_FREE(tmp); if (base_sbuf == NULL) { if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) { -- cgit From b0c0b949feb7646d4c4077a04de2c0acd7720e44 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:20:21 -0800 Subject: s3:streams_depot: add an option to disable the xattr checks streams_depot:check_valid=no is useful when the filesystem has no xattr support and files are only published via samba. metze --- source3/modules/vfs_streams_depot.c | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c index 9e0a5895ea..69d34940fd 100644 --- a/source3/modules/vfs_streams_depot.c +++ b/source3/modules/vfs_streams_depot.c @@ -67,10 +67,15 @@ static uint32_t hash_fn(DATA_BLOB key) #define SAMBA_XATTR_MARKER "user.SAMBA_STREAMS" -static bool file_is_valid(vfs_handle_struct *handle, const char *path) +static bool file_is_valid(vfs_handle_struct *handle, const char *path, + bool check_valid) { char buf; + if (!check_valid) { + return true; + } + DEBUG(10, ("file_is_valid (%s) called\n", path)); if (SMB_VFS_NEXT_GETXATTR(handle, path, SAMBA_XATTR_MARKER, @@ -87,11 +92,16 @@ static bool file_is_valid(vfs_handle_struct *handle, const char *path) return true; } -static bool mark_file_valid(vfs_handle_struct *handle, const char *path) +static bool mark_file_valid(vfs_handle_struct *handle, const char *path, + bool check_valid) { char buf = '1'; int ret; + if (!check_valid) { + return true; + } + DEBUG(10, ("marking file %s as valid\n", path)); ret = SMB_VFS_NEXT_SETXATTR(handle, path, SAMBA_XATTR_MARKER, @@ -116,8 +126,12 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, char *id_hex; struct file_id id; uint8 id_buf[16]; + bool check_valid; const char *rootdir; + check_valid = lp_parm_bool(SNUM(handle->conn), + "streams_depot", "check_valid", true); + tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath); if (tmp == NULL) { @@ -174,7 +188,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - if (file_is_valid(handle, base_path)) { + if (file_is_valid(handle, base_path, check_valid)) { return result; } @@ -244,7 +258,7 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path, goto fail; } - if (!mark_file_valid(handle, base_path)) { + if (!mark_file_valid(handle, base_path, check_valid)) { goto fail; } -- cgit From 0b169748ce879ce7a1b6b9d9d4f4bc9b1b7045e0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:21:34 -0800 Subject: s3:vfs: fix FCHMOD_ACL macros metze --- source3/include/vfs_macros.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'source3') diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 7b3aeaa2c7..8fbc21b12d 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -92,7 +92,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_CHMOD_ACL(conn, name, mode) ((conn)->vfs.ops.chmod_acl((conn)->vfs.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs.ops.fchmod_acl((fsp)->conn->vfs.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs.ops.sys_acl_get_entry((conn)->vfs.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs.ops.sys_acl_get_tag_type((conn)->vfs.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) @@ -217,7 +217,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_OPAQUE_CHMOD_ACL(conn, name, mode) ((conn)->vfs_opaque.ops.chmod_acl((conn)->vfs_opaque.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_OPAQUE_FCHMOD_ACL(fsp, mode) ((fsp)->conn->vfs_opaque.ops.fchmod_acl((fsp)->conn->vfs_opaque.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_OPAQUE_SYS_ACL_GET_ENTRY(conn, theacl, entry_id, entry_p) ((conn)->vfs_opaque.ops.sys_acl_get_entry((conn)->vfs_opaque.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_OPAQUE_SYS_ACL_GET_TAG_TYPE(conn, entry_d, tag_type_p) ((conn)->vfs_opaque.ops.sys_acl_get_tag_type((conn)->vfs_opaque.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) @@ -343,7 +343,7 @@ /* POSIX ACL operations. */ #define SMB_VFS_NEXT_CHMOD_ACL(handle, name, mode) ((handle)->vfs_next.ops.chmod_acl((handle)->vfs_next.handles.chmod_acl, (name), (mode))) -#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.chmod_acl, (fsp), (mode))) +#define SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode) ((handle)->vfs_next.ops.fchmod_acl((handle)->vfs_next.handles.fchmod_acl, (fsp), (mode))) #define SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id, entry_p) ((handle)->vfs_next.ops.sys_acl_get_entry((handle)->vfs_next.handles.sys_acl_get_entry, (theacl), (entry_id), (entry_p))) #define SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d, tag_type_p) ((handle)->vfs_next.ops.sys_acl_get_tag_type((handle)->vfs_next.handles.sys_acl_get_tag_type, (entry_d), (tag_type_p))) -- cgit From e6a2ce970bf24a1ff588ee2f492e47b88145992f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:23:30 -0800 Subject: s3:smbd: give the correct error when trying to replace a stream metze --- source3/smbd/reply.c | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'source3') diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index a1833b55df..11c713ab4a 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -5496,6 +5496,12 @@ NTSTATUS rename_internals_fsp(connection_struct *conn, return NT_STATUS_OBJECT_NAME_COLLISION; } + if(replace_if_exists && dst_exists) { + if (is_ntfs_stream_name(newname)) { + return NT_STATUS_INVALID_PARAMETER; + } + } + if (dst_exists) { struct file_id fileid = vfs_file_id_from_sbuf(conn, &sbuf1); files_struct *dst_fsp = file_find_di_first(fileid); -- cgit From a8004a4ef5713a2005ae6ead1d510f30080ecb6f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:25:20 -0800 Subject: s3:streams_xattr: recheck fsp->fsp_name after a rename metze --- source3/modules/vfs_streams_xattr.c | 65 +++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index e96f616e31..6530a1813b 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -29,6 +29,9 @@ struct stream_io { char *base; char *xattr_name; + void *fsp_name_ptr; + files_struct *fsp; + vfs_handle_struct *handle; }; static SMB_INO_T stream_inode(const SMB_STRUCT_STAT *sbuf, const char *sname) @@ -85,6 +88,49 @@ static ssize_t get_xattr_size(connection_struct *conn, return result; } +static bool streams_xattr_recheck(struct stream_io *sio) +{ + NTSTATUS status; + char *base = NULL; + char *sname = NULL; + char *xattr_name = NULL; + + if (sio->fsp->fsp_name == sio->fsp_name_ptr) { + return true; + } + + status = split_ntfs_stream_name(talloc_tos(), sio->fsp->fsp_name, + &base, &sname); + if (!NT_STATUS_IS_OK(status)) { + return false; + } + + if (sname == NULL) { + /* how can this happen */ + errno = EINVAL; + return false; + } + + xattr_name = talloc_asprintf(talloc_tos(), "%s%s", + SAMBA_XATTR_DOSSTREAM_PREFIX, sname); + if (xattr_name == NULL) { + return false; + } + + TALLOC_FREE(sio->xattr_name); + TALLOC_FREE(sio->base); + sio->xattr_name = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(sio->handle, sio->fsp), + xattr_name); + sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(sio->handle, sio->fsp), + base); + sio->fsp_name_ptr = sio->fsp->fsp_name; + + if ((sio->xattr_name == NULL) || (sio->base == NULL)) { + return false; + } + + return true; +} static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, SMB_STRUCT_STAT *sbuf) @@ -98,6 +144,10 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf); } + if (!streams_xattr_recheck(io)) { + return -1; + } + if (SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf) == -1) { return -1; } @@ -365,6 +415,9 @@ static int streams_xattr_open(vfs_handle_struct *handle, const char *fname, xattr_name); sio->base = talloc_strdup(VFS_MEMCTX_FSP_EXTENSION(handle, fsp), base); + sio->fsp_name_ptr = fsp->fsp_name; + sio->handle = handle; + sio->fsp = fsp; if ((sio->xattr_name == NULL) || (sio->base == NULL)) { errno = ENOMEM; @@ -739,6 +792,10 @@ static ssize_t streams_xattr_pwrite(vfs_handle_struct *handle, return SMB_VFS_NEXT_PWRITE(handle, fsp, data, n, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -795,6 +852,10 @@ static ssize_t streams_xattr_pread(vfs_handle_struct *handle, return SMB_VFS_NEXT_PREAD(handle, fsp, data, n, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { @@ -835,6 +896,10 @@ static int streams_xattr_ftruncate(struct vfs_handle_struct *handle, return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset); } + if (!streams_xattr_recheck(sio)) { + return -1; + } + status = get_ea_value(talloc_tos(), handle->conn, fsp->base_fsp, sio->base, sio->xattr_name, &ea); if (!NT_STATUS_IS_OK(status)) { -- cgit From 65169a43b321cd06d2f9474183ca8195c6182333 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:26:58 -0800 Subject: s3:streams_xattr: fstat should do a stat on the base file The behavior of stat and fstat should be the same. metze --- source3/modules/vfs_streams_xattr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c index 6530a1813b..ecfc31970d 100644 --- a/source3/modules/vfs_streams_xattr.c +++ b/source3/modules/vfs_streams_xattr.c @@ -148,7 +148,7 @@ static int streams_xattr_fstat(vfs_handle_struct *handle, files_struct *fsp, return -1; } - if (SMB_VFS_NEXT_FSTAT(handle, fsp, sbuf) == -1) { + if (SMB_VFS_STAT(handle->conn, io->base, sbuf) == -1) { return -1; } -- cgit From e605fdc81c64eeb37a9d77493df42c0bb010f41f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:28:27 -0800 Subject: s3:smbd: close the low level fd of the base_fsp, if the file was created metze --- source3/smbd/open.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'source3') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 420a65b562..f98415ee33 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2852,6 +2852,8 @@ NTSTATUS create_file_unixpath(connection_struct *conn, "%s\n", base, nt_errstr(status))); goto fail; } + /* we don't need to low level fd */ + fd_close(base_fsp); } /* -- cgit From a8595bf506ca43e7060d696f182982703885fa08 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Mon, 1 Dec 2008 14:37:13 -0800 Subject: s3:selftest: test the streams_depot module as it passes make test The streams_xattr module only passes sometimes on my laptop. metze --- source3/script/tests/selftest.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3') diff --git a/source3/script/tests/selftest.sh b/source3/script/tests/selftest.sh index d41d0f36cf..3b65aaa760 100755 --- a/source3/script/tests/selftest.sh +++ b/source3/script/tests/selftest.sh @@ -205,7 +205,7 @@ cat >$SERVERCONFFILE<