diff options
| author | Jelmer Vernooij <jelmer@samba.org> | 2009-03-20 16:40:09 +0100 |
|---|---|---|
| committer | Jelmer Vernooij <jelmer@samba.org> | 2009-03-20 16:40:09 +0100 |
| commit | ca202cf464aec82e63be4b2160f394f56b8c195e (patch) | |
| tree | 58b432b7d67c5cf3b35a16c7df9b028d39e3b3a5 /source4 | |
| parent | 44787565715f0622cc1d049854427d735ca1c14b (diff) | |
| parent | 2de464a7658f91d2d01087080b984d52c3483426 (diff) | |
| download | samba-ca202cf464aec82e63be4b2160f394f56b8c195e.tar.gz | |
Merge branch 'master' of ssh://git.samba.org/data/git/samba into displaysec
Diffstat (limited to 'source4')
39 files changed, 868 insertions, 1340 deletions
diff --git a/source4/aclocal.m4 b/source4/aclocal.m4 index 240a994f9df..8ad8f47cd69 100644 --- a/source4/aclocal.m4 +++ b/source4/aclocal.m4 @@ -31,11 +31,17 @@ AC_DEFUN(LIB_REMOVE_USR_LIB,[ case [$]l[$]i in -L/usr/lib) ;; -L/usr/lib/) ;; - -Wl,-rpath,/usr/lib) ;; - -Wl,-rpath,/usr/lib/) ;; + -L/usr/lib64) ;; + -L/usr/lib64/) ;; + -Wl,-rpath,/usr/lib) l="";; + -Wl,-rpath,/usr/lib/) l="";; + -Wl,-rpath,/usr/lib64) l="";; + -Wl,-rpath,/usr/lib64/) l="";; -Wl,-rpath) l=[$]i;; -Wl,-rpath-Wl,/usr/lib) l="";; -Wl,-rpath-Wl,/usr/lib/) l="";; + -Wl,-rpath-Wl,/usr/lib64) l="";; + -Wl,-rpath-Wl,/usr/lib64/) l="";; *) s=" " if test x"[$]ac_new_flags" = x""; then diff --git a/source4/build/m4/public.m4 b/source4/build/m4/public.m4 index 732de1e20e0..2bf63f0ca69 100644 --- a/source4/build/m4/public.m4 +++ b/source4/build/m4/public.m4 @@ -82,7 +82,8 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], echo "*** Or see http://pkg-config.freedesktop.org/ to get pkg-config." ac_cv_$1_found=no else - if $PKG_CONFIG --atleast-pkgconfig-version 0.9.0; then + SAMBA_PKG_CONFIG_MIN_VERSION="0.9.0" + if $PKG_CONFIG --atleast-pkgconfig-version $SAMBA_PKG_CONFIG_MIN_VERSION; then AC_MSG_CHECKING(for $2) if $PKG_CONFIG --exists '$2' ; then @@ -116,7 +117,7 @@ AC_DEFUN([SMB_EXT_LIB_FROM_PKGCONFIG], ac_cv_$1_found=no fi else - echo "*** Your version of pkg-config is too old. You need version $PKG_CONFIG_MIN_VERSION or newer." + echo "*** Your version of pkg-config is too old. You need version $SAMBA_PKG_CONFIG_MIN_VERSION or newer." echo "*** See http://pkg-config.freedesktop.org/" ac_cv_$1_found=no fi diff --git a/source4/cldap_server/cldap_server.c b/source4/cldap_server/cldap_server.c index 240f2b1dc23..1a08cd21f90 100644 --- a/source4/cldap_server/cldap_server.c +++ b/source4/cldap_server/cldap_server.c @@ -20,8 +20,8 @@ */ #include "includes.h" +#include <talloc.h> #include "libcli/ldap/ldap.h" -#include "lib/socket/socket.h" #include "lib/messaging/irpc.h" #include "smbd/service_task.h" #include "smbd/service.h" @@ -34,50 +34,67 @@ #include "ldb_wrap.h" #include "auth/auth.h" #include "param/param.h" +#include "../lib/tsocket/tsocket.h" /* handle incoming cldap requests */ -static void cldapd_request_handler(struct cldap_socket *cldap, - struct ldap_message *ldap_msg, - struct socket_address *src) +static void cldapd_request_handler(struct cldap_socket *cldap, + void *private_data, + struct cldap_incoming *in) { + struct cldapd_server *cldapd = talloc_get_type(private_data, + struct cldapd_server); struct ldap_SearchRequest *search; - if (ldap_msg->type != LDAP_TAG_SearchRequest) { - DEBUG(0,("Invalid CLDAP request type %d from %s:%d\n", - ldap_msg->type, src->addr, src->port)); - cldap_error_reply(cldap, ldap_msg->messageid, src, + + if (in->ldap_msg->type != LDAP_TAG_SearchRequest) { + DEBUG(0,("Invalid CLDAP request type %d from %s\n", + in->ldap_msg->type, + tsocket_address_string(in->src, in))); + cldap_error_reply(cldap, in->ldap_msg->messageid, in->src, LDAP_OPERATIONS_ERROR, "Invalid CLDAP request"); + talloc_free(in); return; } - search = &ldap_msg->r.SearchRequest; + search = &in->ldap_msg->r.SearchRequest; if (strcmp("", search->basedn) != 0) { - DEBUG(0,("Invalid CLDAP basedn '%s' from %s:%d\n", - search->basedn, src->addr, src->port)); - cldap_error_reply(cldap, ldap_msg->messageid, src, + DEBUG(0,("Invalid CLDAP basedn '%s' from %s\n", + search->basedn, + tsocket_address_string(in->src, in))); + cldap_error_reply(cldap, in->ldap_msg->messageid, in->src, LDAP_OPERATIONS_ERROR, "Invalid CLDAP basedn"); + talloc_free(in); return; } if (search->scope != LDAP_SEARCH_SCOPE_BASE) { - DEBUG(0,("Invalid CLDAP scope %d from %s:%d\n", - search->scope, src->addr, src->port)); - cldap_error_reply(cldap, ldap_msg->messageid, src, + DEBUG(0,("Invalid CLDAP scope %d from %s\n", + search->scope, + tsocket_address_string(in->src, in))); + cldap_error_reply(cldap, in->ldap_msg->messageid, in->src, LDAP_OPERATIONS_ERROR, "Invalid CLDAP scope"); + talloc_free(in); return; } if (search->num_attributes == 1 && strcasecmp(search->attributes[0], "netlogon") == 0) { - cldapd_netlogon_request(cldap, ldap_msg->messageid, - search->tree, src); + cldapd_netlogon_request(cldap, + cldapd, + in, + in->ldap_msg->messageid, + search->tree, + in->src); + talloc_free(in); return; } - cldapd_rootdse_request(cldap, ldap_msg->messageid, - search, src); + cldapd_rootdse_request(cldap, cldapd, in, + in->ldap_msg->messageid, + search, in->src); + talloc_free(in); } @@ -88,28 +105,36 @@ static NTSTATUS cldapd_add_socket(struct cldapd_server *cldapd, struct loadparm_ const char *address) { struct cldap_socket *cldapsock; - struct socket_address *socket_address; + struct tsocket_address *socket_address; NTSTATUS status; - - /* listen for unicasts on the CLDAP port (389) */ - cldapsock = cldap_socket_init(cldapd, cldapd->task->event_ctx, lp_iconv_convenience(cldapd->task->lp_ctx)); - NT_STATUS_HAVE_NO_MEMORY(cldapsock); - - socket_address = socket_address_from_strings(cldapsock, cldapsock->sock->backend_name, - address, lp_cldap_port(lp_ctx)); - if (!socket_address) { - talloc_free(cldapsock); - return NT_STATUS_NO_MEMORY; + int ret; + + ret = tsocket_address_inet_from_strings(cldapd, + "ip", + address, + lp_cldap_port(lp_ctx), + &socket_address); + if (ret != 0) { + status = map_nt_error_from_unix(errno); + DEBUG(0,("invalid address %s:%d - %s:%s\n", + address, lp_cldap_port(lp_ctx), + gai_strerror(ret), nt_errstr(status))); + return status; } - status = socket_listen(cldapsock->sock, socket_address, 0, 0); + /* listen for unicasts on the CLDAP port (389) */ + status = cldap_socket_init(cldapd, + cldapd->task->event_ctx, + socket_address, + NULL, + &cldapsock); if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("Failed to bind to %s:%d - %s\n", - address, lp_cldap_port(lp_ctx), nt_errstr(status))); - talloc_free(cldapsock); + DEBUG(0,("Failed to bind to %s - %s\n", + tsocket_address_string(socket_address, socket_address), + nt_errstr(status))); + talloc_free(socket_address); return status; } - talloc_free(socket_address); cldap_set_incoming_handler(cldapsock, cldapd_request_handler, cldapd); @@ -117,7 +142,6 @@ static NTSTATUS cldapd_add_socket(struct cldapd_server *cldapd, struct loadparm_ return NT_STATUS_OK; } - /* setup our listening sockets on the configured network interfaces */ diff --git a/source4/cldap_server/netlogon.c b/source4/cldap_server/netlogon.c index 0df35be6fdd..33c0adc3b18 100644 --- a/source4/cldap_server/netlogon.c +++ b/source4/cldap_server/netlogon.c @@ -24,7 +24,6 @@ #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" #include "lib/events/events.h" -#include "lib/socket/socket.h" #include "smbd/service_task.h" #include "cldap_server/cldap_server.h" #include "librpc/gen_ndr/ndr_misc.h" @@ -36,6 +35,8 @@ #include "system/network.h" #include "lib/socket/netif.h" #include "param/param.h" +#include "../lib/tsocket/tsocket.h" + /* fill in the cldap netlogon union for a given version */ @@ -402,12 +403,13 @@ NTSTATUS fill_netlogon_samlogon_response(struct ldb_context *sam_ctx, /* handle incoming cldap requests */ -void cldapd_netlogon_request(struct cldap_socket *cldap, +void cldapd_netlogon_request(struct cldap_socket *cldap, + struct cldapd_server *cldapd, + TALLOC_CTX *tmp_ctx, uint32_t message_id, struct ldb_parse_tree *tree, - struct socket_address *src) + struct tsocket_address *src) { - struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private_data, struct cldapd_server); int i; const char *domain = NULL; const char *host = NULL; @@ -419,8 +421,6 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, struct netlogon_samlogon_response netlogon; NTSTATUS status = NT_STATUS_INVALID_PARAMETER; - TALLOC_CTX *tmp_ctx = talloc_new(cldap); - if (tree->operation != LDB_OP_AND) goto failed; /* extract the query elements */ @@ -478,24 +478,25 @@ void cldapd_netlogon_request(struct cldap_socket *cldap, domain, host, user, version, domain_guid)); status = fill_netlogon_samlogon_response(cldapd->samctx, tmp_ctx, domain, NULL, NULL, domain_guid, - user, acct_control, src->addr, + user, acct_control, + tsocket_address_inet_addr_string(src, tmp_ctx), version, cldapd->task->lp_ctx, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } - status = cldap_netlogon_reply(cldap, message_id, src, version, + status = cldap_netlogon_reply(cldap, + lp_iconv_convenience(cldapd->task->lp_ctx), + message_id, src, version, &netlogon); if (!NT_STATUS_IS_OK(status)) { goto failed; } - talloc_free(tmp_ctx); return; failed: DEBUG(2,("cldap netlogon query failed domain=%s host=%s version=%d - %s\n", domain, host, version, nt_errstr(status))); - talloc_free(tmp_ctx); - cldap_empty_reply(cldap, message_id, src); + cldap_empty_reply(cldap, message_id, src); } diff --git a/source4/cldap_server/rootdse.c b/source4/cldap_server/rootdse.c index daa5060d07c..7e867deff29 100644 --- a/source4/cldap_server/rootdse.c +++ b/source4/cldap_server/rootdse.c @@ -20,19 +20,15 @@ */ #include "includes.h" +#include <tevent.h> #include "libcli/ldap/ldap.h" #include "lib/ldb/include/ldb.h" #include "lib/ldb/include/ldb_errors.h" -#include "lib/events/events.h" -#include "lib/socket/socket.h" #include "smbd/service_task.h" #include "cldap_server/cldap_server.h" #include "librpc/gen_ndr/ndr_misc.h" #include "dsdb/samdb/samdb.h" -#include "auth/auth.h" #include "ldb_wrap.h" -#include "system/network.h" -#include "lib/socket/netif.h" static void cldapd_rootdse_fill(struct cldapd_server *cldapd, TALLOC_CTX *mem_ctx, @@ -151,15 +147,15 @@ done: handle incoming cldap requests */ void cldapd_rootdse_request(struct cldap_socket *cldap, + struct cldapd_server *cldapd, + TALLOC_CTX *tmp_ctx, uint32_t message_id, struct ldap_SearchRequest *search, - struct socket_address *src) + struct tsocket_address *src) { - struct cldapd_server *cldapd = talloc_get_type(cldap->incoming.private_data, struct cldapd_server); NTSTATUS status; struct cldap_reply reply; struct ldap_Result result; - TALLOC_CTX *tmp_ctx = talloc_new(cldap); ZERO_STRUCT(result); @@ -176,6 +172,5 @@ void cldapd_rootdse_request(struct cldap_socket *cldap, ldb_filter_from_tree(tmp_ctx, search->tree), nt_errstr(status))); } - talloc_free(tmp_ctx); return; } diff --git a/source4/dsdb/samdb/ldb_modules/objectclass.c b/source4/dsdb/samdb/ldb_modules/objectclass.c index 898d9139659..7883bccfe70 100644 --- a/source4/dsdb/samdb/ldb_modules/objectclass.c +++ b/source4/dsdb/samdb/ldb_modules/objectclass.c @@ -414,6 +414,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) struct oc_context *ac; struct ldb_dn *parent_dn; int ret; + static const char * const parent_attrs[] = { "objectGUID", NULL }; ldb = ldb_module_get_ctx(module); @@ -449,7 +450,7 @@ static int objectclass_add(struct ldb_module *module, struct ldb_request *req) ret = ldb_build_search_req(&search_req, ldb, ac, parent_dn, LDB_SCOPE_BASE, - "(objectClass=*)", NULL, + "(objectClass=*)", parent_attrs, NULL, ac, get_search_callback, req); @@ -500,7 +501,8 @@ static int objectclass_do_add(struct oc_context *ac) return LDB_ERR_UNWILLING_TO_PERFORM; } } else { - + const struct ldb_val *parent_guid; + /* Fix up the DN to be in the standard form, taking particular care to match the parent DN */ ret = fix_dn(msg, ac->req->op.add.message->dn, @@ -514,10 +516,24 @@ static int objectclass_do_add(struct oc_context *ac) return ret; } + parent_guid = ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID"); + if (parent_guid == NULL) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, parent does not have an objectGUID!", + ldb_dn_get_linearized(msg->dn)); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } + /* TODO: Check this is a valid child to this parent, * by reading the allowedChildClasses and * allowedChildClasssesEffective attributes */ - + ret = ldb_msg_add_steal_value(msg, "parentGUID", discard_const(parent_guid)); + if (ret != LDB_SUCCESS) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot add %s, failed to add parentGUID", + ldb_dn_get_linearized(msg->dn)); + talloc_free(mem_ctx); + return LDB_ERR_UNWILLING_TO_PERFORM; + } } if (schema) { @@ -974,7 +990,7 @@ static int objectclass_do_rename(struct oc_context *ac); static int objectclass_rename(struct ldb_module *module, struct ldb_request *req) { - static const char * const attrs[] = { NULL }; + static const char * const attrs[] = { "objectGUID", NULL }; struct ldb_context *ldb; struct ldb_request *search_req; struct oc_context *ac; @@ -1007,6 +1023,9 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req ldb_oom(ldb); return LDB_ERR_OPERATIONS_ERROR; } + + /* note that the results of this search are kept and used to + update the parentGUID in objectclass_rename_callback() */ ret = ldb_build_search_req(&search_req, ldb, ac, parent_dn, LDB_SCOPE_BASE, "(objectClass=*)", @@ -1022,6 +1041,66 @@ static int objectclass_rename(struct ldb_module *module, struct ldb_request *req return ldb_next_request(ac->module, search_req); } +/* + called after the rename happens. + We now need to fix the parentGUID of the object to be the objectGUID of + the new parent +*/ +static int objectclass_rename_callback(struct ldb_request *req, struct ldb_reply *ares) +{ + struct ldb_context *ldb; + struct oc_context *ac; + const struct ldb_val *parent_guid; + struct ldb_request *mod_req = NULL; + int ret; + struct ldb_message *msg; + struct ldb_message_element *el = NULL; + + ac = talloc_get_type(req->context, struct oc_context); + ldb = ldb_module_get_ctx(ac->module); + + /* make sure the rename succeeded */ + if (!ares) { + return ldb_module_done(ac->req, NULL, NULL, + LDB_ERR_OPERATIONS_ERROR); + } + if (ares->error != LDB_SUCCESS) { + return ldb_module_done(ac->req, ares->controls, + ares->response, ares->error); + } + + + /* the ac->search_res should contain the new parents objectGUID */ + parent_guid = ldb_msg_find_ldb_val(ac->search_res->message, "objectGUID"); + if (parent_guid == NULL) { + ldb_asprintf_errstring(ldb, "objectclass: Cannot rename %s, new parent does not have an objectGUID!", + ldb_dn_get_linearized(ac->req->op.rename.newdn)); + return LDB_ERR_UNWILLING_TO_PERFORM; + + } + + /* construct the modify message */ + msg = ldb_msg_new(ac); + if (msg == NULL) { + ldb_oom(ldb); + return LDB_ERR_OPERATIONS_ERROR; + } + + msg->dn = ac->req->op.rename.newdn; + + ret = ldb_msg_add_value(msg, "parentGUID", parent_guid, &el); + if (ret != LDB_SUCCESS) { + return ret; + } + + el->flags = LDB_FLAG_MOD_REPLACE; + + ret = ldb_build_mod_req(&mod_req, ldb, ac, msg, + NULL, ac, oc_op_callback, req); + + return ldb_next_request(ac->module, mod_req); +} + static int objectclass_do_rename(struct oc_context *ac) { struct ldb_context *ldb; @@ -1055,7 +1134,7 @@ static int objectclass_do_rename(struct oc_context *ac) ret = ldb_build_rename_req(&rename_req, ldb, ac, ac->req->op.rename.olddn, fixed_dn, ac->req->controls, - ac, oc_op_callback, + ac, objectclass_rename_callback, ac->req); if (ret != LDB_SUCCESS) { return ret; diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c index 56d4c4fe368..5a9926b6d18 100644 --- a/source4/dsdb/samdb/ldb_modules/password_hash.c +++ b/source4/dsdb/samdb/ldb_modules/password_hash.c @@ -1379,7 +1379,8 @@ static int setup_password_fields(struct setup_password_fields_io *io) if (io->n.cleartext_utf8) { struct samr_Password *lm_hash; char *cleartext_unix; - if (convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), + if (lp_lanman_auth(ldb_get_opaque(ldb, "loadparm")) && + convert_string_talloc_convenience(io->ac, lp_iconv_convenience(ldb_get_opaque(ldb, "loadparm")), CH_UTF8, CH_UNIX, io->n.cleartext_utf8->data, io->n.cleartext_utf8->length, (void **)&cleartext_unix, &converted_pw_len, false)) { lm_hash = talloc(io->ac, struct samr_Password); diff --git a/source4/headermap.txt b/source4/headermap.txt index 9de5b1cc0cc..280d60beb2f 100644 --- a/source4/headermap.txt +++ b/source4/headermap.txt @@ -10,6 +10,8 @@ ../lib/util/talloc_stack.h: util/talloc_stack.h ../lib/util/xfile.h: util/xfile.h ../lib/tdr/tdr.h: tdr.h +../lib/tsocket/tsocket.h: tsocket.h +../lib/tsocket/tsocket_internal.h: tsocket_internal.h librpc/rpc/dcerpc.h: dcerpc.h lib/ldb/include/ldb.h: ldb.h lib/ldb/include/ldb_errors.h: ldb_errors.h @@ -23,7 +25,7 @@ lib/registry/registry.h: registry.h libcli/util/werror.h: core/werror.h libcli/util/doserr.h: core/doserr.h libcli/util/ntstatus.h: core/ntstatus.h -libcli/cldap/cldap.h: cldap.h +../libcli/cldap/cldap.h: cldap.h auth/credentials/credentials.h: credentials.h auth/credentials/credentials_krb5.h: credentials/krb5.h rpc_server/dcerpc_server.h: dcerpc_server.h diff --git a/source4/lib/cmdline/popt_common.h b/source4/lib/cmdline/popt_common.h index 733d12a4433..2f4ab2c1786 100644 --- a/source4/lib/cmdline/popt_common.h +++ b/source4/lib/cmdline/popt_common.h @@ -28,6 +28,10 @@ extern struct poptOption popt_common_connection[]; extern struct poptOption popt_common_version[]; extern struct poptOption popt_common_credentials[]; +#ifndef POPT_TABLEEND +#define POPT_TABLEEND { NULL, '\0', 0, 0, 0, NULL, NULL } +#endif + #define POPT_COMMON_SAMBA { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_samba, 0, "Common samba options:", NULL }, #define POPT_COMMON_CONNECTION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_connection, 0, "Connection options:", NULL }, #define POPT_COMMON_VERSION { NULL, 0, POPT_ARG_INCLUDE_TABLE, popt_common_version, 0, "Common samba options:", NULL }, diff --git a/source4/lib/ldb/modules/paged_searches.c b/source4/lib/ldb/modules/paged_searches.c index 01e77cb22cc..c5430eb9bf1 100644 --- a/source4/lib/ldb/modules/paged_searches.c +++ b/source4/lib/ldb/modules/paged_searches.c @@ -2,6 +2,7 @@ ldb database library Copyright (C) Simo Sorce 2005-2008 + Copyright (C) Andrew Bartlett <abartlet@samba.org> 2009 ** NOTE! The following LGPL license applies to the ldb ** library. This does NOT imply that all of Samba is released @@ -52,23 +53,40 @@ struct ps_context { char **saved_referrals; int num_referrals; + + struct ldb_request *down_req; }; -static int check_ps_continuation(struct ldb_request *req, struct ldb_reply *ares) +static int check_ps_continuation(struct ps_context *ac, struct ldb_request *req, struct ldb_reply *ares) { - struct ps_context *ac; - struct ldb_paged_control *rep_control, *req_control; + struct ldb_context *ldb; + struct ldb_control *rep_control, *req_control; + struct ldb_paged_control *paged_rep_control = NULL, *paged_req_control = NULL; + ldb = ldb_module_get_ctx(ac->module); - ac = talloc_get_type(req->context, struct ps_context); + rep_control = ldb_reply_get_control(ares, LDB_CONTROL_PAGED_RESULTS_OID); + if (rep_control) { + paged_rep_control = talloc_get_type(rep_control->data, struct ldb_paged_control); + } - /* look up our paged control */ - if (!ares->controls || strcmp(LDB_CONTROL_PAGED_RESULTS_OID, ares->controls[0]->oid) != 0) { - /* something wrong here */ - return LDB_ERR_OPERATIONS_ERROR; + req_control = ldb_request_get_control(req, LDB_CONTROL_PAGED_RESULTS_OID); + paged_req_control = talloc_get_type(req_control->data, struct ldb_paged_control); + + if (!rep_control || !paged_rep_control) { + if (paged_req_control->cookie) { + /* something wrong here - why give us a control back befre, but not one now? */ + ldb_set_errstring(ldb, "paged_searches: ERROR: We got back a control from a previous page, but this time no control was returned!"); + return LDB_ERR_OPERATIONS_ERROR; + } else { + /* No cookie recived yet, valid to just return the full data set */ + + /* we are done */ + ac->pending = false; + return LDB_SUCCESS; + } } - rep_control = talloc_get_type(ares->controls[0]->data, struct ldb_paged_control); - if (rep_control->cookie_len == 0) { + if (paged_rep_control->cookie_len == 0) { /* we are done */ ac->pending = false; return LDB_SUCCESS; @@ -79,21 +97,14 @@ static int check_ps_continuation(struct ldb_request *req, struct ldb_reply *ares /* if there's a reply control we must find a request * control matching it */ - if (strcmp(LDB_CONTROL_PAGED_RESULTS_OID, req->controls[0]->oid) != 0) { - /* something wrong here */ - return LDB_ERR_OPERATIONS_ERROR; - } - - req_control = talloc_get_type(req->controls[0]->data, struct ldb_paged_control); - - if (req_control->cookie) { - talloc_free(req_control->cookie); + if (paged_req_control->cookie) { + talloc_free(paged_req_control->cookie); } - req_control->cookie = talloc_memdup(req_control, - rep_control->cookie, - rep_control->cookie_len); - req_control->cookie_len = rep_control->cookie_len; + paged_req_control->cookie = talloc_memdup(req_control, + paged_rep_control->cookie, + paged_rep_control->cookie_len); + paged_req_control->cookie_len = paged_rep_control->cookie_len; ac->pending = true; return LDB_SUCCESS; @@ -141,8 +152,6 @@ static int send_referrals(struct ps_context *ac) return LDB_SUCCESS; } -static int ps_next_request(struct ps_context *ac); - static int ps_callback(struct ldb_request *req, struct ldb_reply *ares) { struct ps_context *ac; @@ -176,14 +185,15 @@ static int ps_callback(struct ldb_request *req, struct ldb_reply *ares) case LDB_REPLY_DONE: - ret = check_ps_continuation(req, ares); + ret = check_ps_continuation(ac, req, ares); if (ret != LDB_SUCCESS) { return ldb_module_done(ac->req, NULL, NULL, ret); } if (ac->pending) { - ret = ps_next_request(ac); + ret = ldb_next_request(ac->module, ac->down_req); + if (ret != LDB_SUCCESS) { return ldb_module_done(ac->req, NULL, NULL, ret); @@ -214,14 +224,16 @@ static int ps_search(struct ldb_module *module, struct ldb_request *req) struct ldb_context *ldb; struct private_data *private_data; struct ps_context *ac; + struct ldb_paged_control *control; + int ret; private_data = talloc_get_type(ldb_module_get_private(module), struct private_data); ldb = ldb_module_get_ctx(module); - /* check if paging is supported and if there is a any control */ - if (!private_data || !private_data->paged_supported || req->controls) { + /* check if paging is supported */ + if (!private_data || !private_data->paged_supported) { /* do not touch this request paged controls not - * supported or explicit controls have been set or we + * supported or we * are just not setup yet */ return ldb_next_request(module, req); } @@ -238,30 +250,9 @@ static int ps_search(struct ldb_module *module, struct ldb_request *req) ac->saved_referrals = NULL; ac->num_referrals = 0; - return ps_next_request(ac); -} - -static int ps_next_request(struct ps_context *ac) { - - struct ldb_context *ldb; - struct ldb_paged_control *control; - struct ldb_control **controls; - struct ldb_request *new_req; - int ret; - ldb = ldb_module_get_ctx(ac->module); - controls = talloc_array(ac, struct ldb_control *, 2); - if (!controls) { - return LDB_ERR_OPERATIONS_ERROR; - } - - controls[0] = talloc(controls, struct ldb_control); - if (!controls[0]) { - return LDB_ERR_OPERATIONS_ERROR; - } - - control = talloc(controls[0], struct ldb_paged_control); + control = talloc(ac, struct ldb_paged_control); if (!control) { return LDB_ERR_OPERATIONS_ERROR; } @@ -270,26 +261,28 @@ static int ps_next_request(struct ps_context *ac) { control->cookie = NULL; control->cookie_len = 0; - controls[0]->oid = LDB_CONTROL_PAGED_RESULTS_OID; - controls[0]->critical = 1; - controls[0]->data = control; - controls[1] = NULL; - - ret = ldb_build_search_req_ex(&new_req, ldb, ac, + ret = ldb_build_search_req_ex(&ac->down_req, ldb, ac, ac->req->op.search.base, ac->req->op.search.scope, ac->req->op.search.tree, ac->req->op.search.attrs, - controls, + ac->req->controls, ac, ps_callback, ac->req); if (ret != LDB_SUCCESS) { return ret; } - talloc_steal(new_req, controls); - return ldb_next_request(ac->module, new_req); + ret = ldb_request_add_control(ac->down_req, LDB_CONTROL_PAGED_RESULTS_OID, + true, control); + if (ret != LDB_SUCCESS) { + return ret; + } + + talloc_steal(ac->down_req, control); + + return ldb_next_request(ac->module, ac->down_req); } static int check_supported_paged(struct ldb_request *req, diff --git a/source4/lib/ldb/pyldb.c b/source4/lib/ldb/pyldb.c index 81b960979f6..7ff4bf4aad3 100644 --- a/source4/lib/ldb/pyldb.c +++ b/source4/lib/ldb/pyldb.c @@ -469,19 +469,20 @@ static PyObject *py_ldb_get_default_basedn(PyLdbObject *self) return PyLdbDn_FromDn(dn); } -static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list) +static const char **PyList_AsStringList(TALLOC_CTX *mem_ctx, PyObject *list, + const char *paramname) { const char **ret; int i; if (!PyList_Check(list)) { - PyErr_SetString(PyExc_TypeError, "options is not a list"); + PyErr_Format(PyExc_TypeError, "%s is not a list", paramname); return NULL; } ret = talloc_array(NULL, const char *, PyList_Size(list)+1); for (i = 0; i < PyList_Size(list); i++) { PyObject *item = PyList_GetItem(list, i); if (!PyString_Check(item)) { - PyErr_SetString(PyExc_TypeError, "options should be strings"); + PyErr_Format(PyExc_TypeError, "%s should be strings", paramname); return NULL; } ret[i] = PyString_AsString(item); @@ -510,7 +511,7 @@ static int py_ldb_init(PyLdbObject *self, PyObject *args, PyObject *kwargs) if (py_options == Py_None) { options = NULL; } else { - options = PyList_AsStringList(ldb, py_options); + options = PyList_AsStringList(ldb, py_options, "options"); if (options == NULL) return -1; } @@ -563,7 +564,7 @@ static PyObject *py_ldb_connect(PyLdbObject *self, PyObject *args, PyObject *kwa if (py_options == Py_None) { options = NULL; } else { - options = PyList_AsStringList(NULL, py_options); + options = PyList_AsStringList(NULL, py_options, "options"); if (options == NULL) return NULL; } @@ -813,7 +814,7 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar if (py_attrs == Py_None) { attrs = NULL; } else { - attrs = PyList_AsStringList(ldb_ctx, py_attrs); + attrs = PyList_AsStringList(ldb_ctx, py_attrs, "attrs"); if (attrs == NULL) return NULL; } @@ -828,7 +829,7 @@ static PyObject *py_ldb_search(PyLdbObject *self, PyObject *args, PyObject *kwar if (py_controls == Py_None) { parsed_controls = NULL; } else { - const char **controls = PyList_AsStringList(ldb_ctx, py_controls); + const char **controls = PyList_AsStringList(ldb_ctx, py_controls, "controls"); parsed_controls = ldb_parse_control_strings(ldb_ctx, ldb_ctx, controls); talloc_free(controls); } @@ -1129,7 +1130,7 @@ static PyObject *py_ldb_module_search(PyLdbModuleObject *self, PyObject *args, P mod = self->mod; ret = ldb_build_search_req(&req, mod->ldb, NULL, PyLdbDn_AsDn(py_base), - scope, NULL /* expr */, py_attrs == Py_None?NULL:PyList_AsStringList(req, py_attrs), + scope, NULL /* expr */, py_attrs == Py_None?NULL:PyList_AsStringList(req, py_attrs, "attrs"), NULL /* controls */, NULL, NULL, NULL); PyErr_LDB_ERROR_IS_ERR_RAISE(ret, mod->ldb); diff --git a/source4/lib/ldb/tests/python/ldap.py b/source4/lib/ldb/tests/python/ldap.py index a30273fc668..7d2c7d05472 100755 --- a/source4/lib/ldb/tests/python/ldap.py +++ b/source4/lib/ldb/tests/python/ldap.py @@ -90,6 +90,36 @@ class BasicTests(unittest.TestCase): except LdbError, (num, _): self.assertEquals(num, ERR_NO_SUCH_OBJECT) + def test_parentGUID(self): + """Test parentGUID behaviour""" + print "Testing parentGUID behaviour\n" + + self.ldb.add({ + "dn": "cn=parentguidtest,cn=users," + self.base_dn, + "objectclass":"user", + "samaccountname":"parentguidtest"}); + res1 = ldb.search(base="cn=parentguidtest,cn=users," + self.base_dn, scope=SCOPE_BASE, + attrs=["parentGUID"]); + res2 = ldb.search(base="cn=users," + self.base_dn,scope=SCOPE_BASE, + attrs=["objectGUID"]); + self.assertEquals(res1[0]["parentGUID"], res2[0]["objectGUID"]); + + """Test parentGUID behaviour""" + print "Testing parentGUID behaviour on rename\n" + + self.ldb.add({ + "dn": "cn=testotherusers," + self.base_dn, + "objectclass":"container"}); + res1 = ldb.search(base="cn=testotherusers," + self.base_dn,scope=SCOPE_BASE, + attrs=["objectGUID"]); + ldb.rename("cn=parentguidtest,cn=users," + self.base_dn, + "cn=parentguidtest,cn=testotherusers," + self.base_dn); + res2 = ldb.search(base="cn=parentguidtest,cn=testotherusers," + self.base_dn, + scope=SCOPE_BASE, + attrs=["parentGUID"]); + self.assertEquals(res1[0]["objectGUID"], res2[0]["parentGUID"]); + + def test_all(self): """Basic tests""" diff --git a/source4/libcli/cldap/cldap.c b/source4/libcli/cldap/cldap.c deleted file mode 100644 index b18ba12b1fc..00000000000 --- a/source4/libcli/cldap/cldap.c +++ /dev/null @@ -1,738 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - cldap client library - - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -/* - see RFC1798 for details of CLDAP - - basic properties - - carried over UDP on port 389 - - request and response matched by message ID - - request consists of only a single searchRequest element - - response can be in one of two forms - - a single searchResponse, followed by a searchResult - - a single searchResult -*/ - -#include "includes.h" -#include "lib/events/events.h" -#include "../lib/util/dlinklist.h" -#include "libcli/ldap/ldap.h" -#include "libcli/ldap/ldap_ndr.h" -#include "libcli/cldap/cldap.h" -#include "lib/socket/socket.h" -#include "libcli/security/security.h" -#include "librpc/gen_ndr/ndr_nbt.h" - -/* - destroy a pending request -*/ -static int cldap_request_destructor(struct cldap_request *req) -{ - if (req->state == CLDAP_REQUEST_SEND) { - DLIST_REMOVE(req->cldap->send_queue, req); - } - if (!req->is_reply && req->message_id != 0) { - idr_remove(req->cldap->idr, req->message_id); - req->message_id = 0; - } - return 0; -} - -/* - handle recv events on a cldap socket -*/ -static void cldap_socket_recv(struct cldap_socket *cldap) -{ - TALLOC_CTX *tmp_ctx = talloc_new(cldap); - NTSTATUS status; - struct socket_address *src; - DATA_BLOB blob; - size_t nread, dsize; - struct asn1_data *asn1 = asn1_init(tmp_ctx); - struct ldap_message *ldap_msg; - struct cldap_request *req; - - if (!asn1) return; - - status = socket_pending(cldap->sock, &dsize); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); - return; - } - - blob = data_blob_talloc(tmp_ctx, NULL, dsize); - if (blob.data == NULL) { - talloc_free(tmp_ctx); - return; - } - - status = socket_recvfrom(cldap->sock, blob.data, blob.length, &nread, - tmp_ctx, &src); - if (!NT_STATUS_IS_OK(status)) { - talloc_free(tmp_ctx); - return; - } - blob.length = nread; - - DEBUG(2,("Received cldap packet of length %d from %s:%d\n", - (int)blob.length, src->addr, src->port)); - - if (!asn1_load(asn1, blob)) { - DEBUG(2,("Failed to setup for asn.1 decode\n")); - talloc_free(tmp_ctx); - return; - } - - ldap_msg = talloc(tmp_ctx, struct ldap_message); - if (ldap_msg == NULL) { - talloc_free(tmp_ctx); - return; - } - - /* this initial decode is used to find the message id */ - status = ldap_decode(asn1, NULL, ldap_msg); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("Failed to decode ldap message: %s\n", nt_errstr(status))); - talloc_free(tmp_ctx); - return; - } - - /* find the pending request */ - req = idr_find(cldap->idr, ldap_msg->messageid); - if (req == NULL) { - if (cldap->incoming.handler) { - cldap->incoming.handler(cldap, ldap_msg, src); - } else { - DEBUG(2,("Mismatched cldap reply %u from %s:%d\n", - ldap_msg->messageid, src->addr, src->port)); - } - talloc_free(tmp_ctx); - return; - } - - req->asn1 = talloc_steal(req, asn1); - req->asn1->ofs = 0; - - req->state = CLDAP_REQUEST_DONE; - talloc_free(req->te); - - talloc_free(tmp_ctx); - - if (req->async.fn) { - req->async.fn(req); - } -} - -/* - handle request timeouts -*/ -static void cldap_request_timeout(struct tevent_context *event_ctx, - struct tevent_timer *te, struct timeval t, - void *private_data) -{ - struct cldap_request *req = talloc_get_type(private_data, struct cldap_request); - - /* possibly try again */ - if (req->num_retries != 0) { - size_t len = req->encoded.length; - - req->num_retries--; - - socket_sendto(req->cldap->sock, &req->encoded, &len, - req->dest); - - req->te = event_add_timed(req->cldap->event_ctx, req, - timeval_current_ofs(req->timeout, 0), - cldap_request_timeout, req); - return; - } - - req->state = CLDAP_REQUEST_ERROR; - req->status = NT_STATUS_IO_TIMEOUT; - if (req->async.fn) { - req->async.fn(req); - } -} - -/* - handle send events on a cldap socket -*/ -static void cldap_socket_send(struct cldap_socket *cldap) -{ - struct cldap_request *req; - NTSTATUS status; - - while ((req = cldap->send_queue)) { - size_t len; - - len = req->encoded.length; - status = socket_sendto(cldap->sock, &req->encoded, &len, - req->dest); - if (NT_STATUS_IS_ERR(status)) { - DEBUG(0,("Failed to send cldap request of length %u to %s:%d\n", - (unsigned)req->encoded.length, req->dest->addr, req->dest->port)); - DLIST_REMOVE(cldap->send_queue, req); - req->state = CLDAP_REQUEST_ERROR; - req->status = status; - if (req->async.fn) { - req->async.fn(req); - } - continue; - } - - if (!NT_STATUS_IS_OK(status)) return; - - DLIST_REMOVE(cldap->send_queue, req); - - if (req->is_reply) { - talloc_free(req); - } else { - req->state = CLDAP_REQUEST_WAIT; - - req->te = event_add_timed(cldap->event_ctx, req, - timeval_current_ofs(req->timeout, 0), - cldap_request_timeout, req); - - EVENT_FD_READABLE(cldap->fde); - } - } - - EVENT_FD_NOT_WRITEABLE(cldap->fde); - return; -} - - -/* - handle fd events on a cldap_socket -*/ -static void cldap_socket_handler(struct tevent_context *ev, struct tevent_fd *fde, - uint16_t flags, void *private_data) -{ - struct cldap_socket *cldap = talloc_get_type(private_data, struct cldap_socket); - if (flags & EVENT_FD_WRITE) { - cldap_socket_send(cldap); - } - if (flags & EVENT_FD_READ) { - cldap_socket_recv(cldap); - } -} - -/* - initialise a cldap_socket. The event_ctx is optional, if provided - then operations will use that event context -*/ -struct cldap_socket *cldap_socket_init(TALLOC_CTX *mem_ctx, - struct tevent_context *event_ctx, - struct smb_iconv_convenience *iconv_convenience) -{ - struct cldap_socket *cldap; - NTSTATUS status; - - cldap = talloc(mem_ctx, struct cldap_socket); - if (cldap == NULL) goto failed; - - cldap->event_ctx = talloc_reference(cldap, event_ctx); - if (cldap->event_ctx == NULL) goto failed; - - cldap->idr = idr_init(cldap); - if (cldap->idr == NULL) goto failed; - - status = socket_create("ip", SOCKET_TYPE_DGRAM, &cldap->sock, 0); - if (!NT_STATUS_IS_OK(status)) goto failed; - - talloc_steal(cldap, cldap->sock); - - cldap->fde = event_add_fd(cldap->event_ctx, cldap, - socket_get_fd(cldap->sock), 0, - cldap_socket_handler, cldap); - - cldap->send_queue = NULL; - cldap->incoming.handler = NULL; - cldap->iconv_convenience = iconv_convenience; - - return cldap; - -failed: - talloc_free(cldap); - return NULL; -} - - -/* - setup a handler for incoming requests -*/ -NTSTATUS cldap_set_incoming_handler(struct cldap_socket *cldap, - void (*handler)(struct cldap_socket *, struct ldap_message *, - struct socket_address *), - void *private_data) -{ - cldap->incoming.handler = handler; - cldap->incoming.private_data = private_data; - EVENT_FD_READABLE(cldap->fde); - return NT_STATUS_OK; -} - -/* - queue a cldap request for send -*/ -struct cldap_request *cldap_search_send(struct cldap_socket *cldap, - struct cldap_search *io) -{ - struct ldap_message *msg; - struct cldap_request *req; - struct ldap_SearchRequest *search; - - req = talloc_zero(cldap, struct cldap_request); - if (req == NULL) goto failed; - - req->cldap = cldap; - req->state = CLDAP_REQUEST_SEND; - req->timeout = io->in.timeout; - req->num_retries = io->in.retries; - req->is_reply = false; - req->asn1 = asn1_init(req); - if (!req->asn1) { - goto failed; - } - - req->dest = socket_address_from_strings(req, cldap->sock->backend_name, - io->in.dest_address, - io->in.dest_port); - if (!req->dest) goto failed; - - req->message_id = idr_get_new_random(cldap->idr, req, UINT16_MAX); - if (req->message_id == -1) goto failed; - - talloc_set_destructor(req, cldap_request_destructor); - - msg = talloc(req, struct ldap_message); - if (msg == NULL) goto failed; - msg->messageid = req->message_id; - msg->type = LDAP_TAG_SearchRequest; - msg->controls = NULL; - search = &msg->r.SearchRequest; - - search->basedn = ""; - search->scope = LDAP_SEARCH_SCOPE_BASE; - search->deref = LDAP_DEREFERENCE_NEVER; - search->timelimit = 0; - search->sizelimit = 0; - search->attributesonly = false; - search->num_attributes = str_list_length(io->in.attributes); - search->attributes = io->in.attributes; - search->tree = ldb_parse_tree(req, io->in.filter); - if (search->tree == NULL) { - goto failed; - } - - if (!ldap_encode(msg, NULL, &req->encoded, req)) { - DEBUG(0,("Failed to encode cldap message to %s:%d\n", - req->dest->addr, req->dest->port)); - goto failed; - } - - DLIST_ADD_END(cldap->send_queue, req, struct cldap_request *); - - EVENT_FD_WRITEABLE(cldap->fde); - - return req; - -failed: - talloc_free(req); - return NULL; -} - - -/* - queue a cldap reply for send -*/ -NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io) -{ - struct ldap_message *msg; - struct cldap_request *req; - DATA_BLOB blob1, blob2; - NTSTATUS status = NT_STATUS_NO_MEMORY; - - req = talloc_zero(cldap, struct cldap_request); - if (req == NULL) goto failed; - - req->cldap = cldap; - req->state = CLDAP_REQUEST_SEND; - req->is_reply = true; - req->asn1 = asn1_init(req); - if (!req->asn1) { - goto failed; - } - - req->dest = io->dest; - if (talloc_reference(req, io->dest) == NULL) goto failed; - - talloc_set_destructor(req, cldap_request_destructor); - - msg = talloc(req, struct ldap_message); - if (msg == NULL) goto failed; - msg->messageid = io->messageid; - msg->controls = NULL; - - if (io->response) { - msg->type = LDAP_TAG_SearchResultEntry; - msg->r.SearchResultEntry = *io->response; - - if (!ldap_encode(msg, NULL, &blob1, req)) { - DEBUG(0,("Failed to encode cldap message to %s:%d\n", - req->dest->addr, req->dest->port)); - status = NT_STATUS_INVALID_PARAMETER; - goto failed; - } - } else { - blob1 = data_blob(NULL, 0); - } - - msg->type = LDAP_TAG_SearchResultDone; - msg->r.SearchResultDone = *io->result; - - if (!ldap_encode(msg, NULL, &blob2, req)) { - DEBUG(0,("Failed to encode cldap message to %s:%d\n", - req->dest->addr, req->dest->port)); - status = NT_STATUS_INVALID_PARAMETER; - goto failed; - } - - req->encoded = data_blob_talloc(req, NULL, blob1.length + blob2.length); - if (req->encoded.data == NULL) goto failed; - - memcpy(req->encoded.data, blob1.data, blob1.length); - memcpy(req->encoded.data+blob1.length, blob2.data, blob2.length); - - DLIST_ADD_END(cldap->send_queue, req, struct cldap_request *); - - EVENT_FD_WRITEABLE(cldap->fde); - - return NT_STATUS_OK; - -failed: - talloc_free(req); - return status; -} - -/* - receive a cldap reply -*/ -NTSTATUS cldap_search_recv(struct cldap_request *req, - TALLOC_CTX *mem_ctx, - struct cldap_search *io) -{ - struct ldap_message *ldap_msg; - NTSTATUS status; - - if (req == NULL) { - return NT_STATUS_NO_MEMORY; - } - - while (req->state < CLDAP_REQUEST_DONE) { - if (event_loop_once(req->cldap->event_ctx) != 0) { - talloc_free(req); - return NT_STATUS_UNEXPECTED_NETWORK_ERROR; - } - } - - if (req->state == CLDAP_REQUEST_ERROR) { - status = req->status; - talloc_free(req); - return status; - } - - ldap_msg = talloc(mem_ctx, struct ldap_message); - NT_STATUS_HAVE_NO_MEMORY(ldap_msg); - - status = ldap_decode(req->asn1, NULL, ldap_msg); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("Failed to decode cldap search reply: %s\n", nt_errstr(status))); - talloc_free(req); - return status; - } - - ZERO_STRUCT(io->out); - - /* the first possible form has a search result in first place */ - if (ldap_msg->type == LDAP_TAG_SearchResultEntry) { - io->out.response = talloc(mem_ctx, struct ldap_SearchResEntry); - NT_STATUS_HAVE_NO_MEMORY(io->out.response); - *io->out.response = ldap_msg->r.SearchResultEntry; - - /* decode the 2nd part */ - status = ldap_decode(req->asn1, NULL, ldap_msg); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(2,("Failed to decode cldap search result entry: %s\n", nt_errstr(status))); - talloc_free(req); - return status; - } - } - - if (ldap_msg->type != LDAP_TAG_SearchResultDone) { - talloc_free(req); - return NT_STATUS_LDAP(LDAP_PROTOCOL_ERROR); - } - - io->out.result = talloc(mem_ctx, struct ldap_Result); - NT_STATUS_HAVE_NO_MEMORY(io->out.result); - *io->out.result = ldap_msg->r.SearchResultDone; - - talloc_free(req); - - if (io->out.result->resultcode != LDAP_SUCCESS) { - return NT_STATUS_LDAP(io->out.result->resultcode); - } - return NT_STATUS_OK; -} - - -/* - synchronous cldap search -*/ -NTSTATUS cldap_search(struct cldap_socket *cldap, - TALLOC_CTX *mem_ctx, - struct cldap_search *io) -{ - struct cldap_request *req = cldap_search_send(cldap, io); - return cldap_search_recv(req, mem_ctx, io); -} - - - -/* - queue a cldap netlogon for send -*/ -struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap, - struct cldap_netlogon *io) -{ - struct cldap_search search; - char *filter; - struct cldap_request *req; - const char *attr[] = { "NetLogon", NULL }; - TALLOC_CTX *tmp_ctx = talloc_new(cldap); - - filter = talloc_asprintf(tmp_ctx, "(&(NtVer=%s)", - ldap_encode_ndr_uint32(tmp_ctx, io->in.version)); - if (filter == NULL) goto failed; - if (io->in.user) { - filter = talloc_asprintf_append_buffer(filter, "(User=%s)", io->in.user); - if (filter == NULL) goto failed; - } - if (io->in.host) { - filter = talloc_asprintf_append_buffer(filter, "(Host=%s)", io->in.host); - if (filter == NULL) goto failed; - } - if (io->in.realm) { - filter = talloc_asprintf_append_buffer(filter, "(DnsDomain=%s)", io->in.realm); - if (filter == NULL) goto failed; - } - if (io->in.acct_control != -1) { - filter = talloc_asprintf_append_buffer(filter, "(AAC=%s)", - ldap_encode_ndr_uint32(tmp_ctx, io->in.acct_control)); - if (filter == NULL) goto failed; - } - if (io->in.domain_sid) { - struct dom_sid *sid = dom_sid_parse_talloc(tmp_ctx, io->in.domain_sid); - if (sid == NULL) goto failed; - filter = talloc_asprintf_append_buffer(filter, "(domainSid=%s)", - ldap_encode_ndr_dom_sid(tmp_ctx, sid)); - if (filter == NULL) goto failed; - } - if (io->in.domain_guid) { - struct GUID guid; - NTSTATUS status; - status = GUID_from_string(io->in.domain_guid, &guid); - if (!NT_STATUS_IS_OK(status)) goto failed; - filter = talloc_asprintf_append_buffer(filter, "(DomainGuid=%s)", - ldap_encode_ndr_GUID(tmp_ctx, &guid)); - if (filter == NULL) goto failed; - } - filter = talloc_asprintf_append_buffer(filter, ")"); - if (filter == NULL) goto failed; - - search.in.dest_address = io->in.dest_address; - search.in.dest_port = io->in.dest_port; - search.in.filter = filter; - search.in.attributes = attr; - search.in.timeout = 2; - search.in.retries = 2; - - req = cldap_search_send(cldap, &search); - - talloc_free(tmp_ctx); - return req; -failed: - talloc_free(tmp_ctx); - return NULL; -} - - -/* - receive a cldap netlogon reply -*/ -NTSTATUS cldap_netlogon_recv(struct cldap_request *req, - TALLOC_CTX *mem_ctx, - struct cldap_netlogon *io) -{ - NTSTATUS status; - struct cldap_search search; - struct cldap_socket *cldap; - DATA_BLOB *data; - - cldap = req->cldap; - - status = cldap_search_recv(req, mem_ctx, &search); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - if (search.out.response == NULL) { - return NT_STATUS_NOT_FOUND; - } - - if (search.out.response->num_attributes != 1 || - strcasecmp(search.out.response->attributes[0].name, "netlogon") != 0 || - search.out.response->attributes[0].num_values != 1 || - search.out.response->attributes[0].values->length < 2) { - return NT_STATUS_UNEXPECTED_NETWORK_ERROR; - } - data = search.out.response->attributes[0].values; - - status = pull_netlogon_samlogon_response(data, mem_ctx, req->cldap->iconv_convenience, - &io->out.netlogon); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - if (io->in.map_response) { - map_netlogon_samlogon_response(&io->out.netlogon); - } - return NT_STATUS_OK; -} - -/* - sync cldap netlogon search -*/ -NTSTATUS cldap_netlogon(struct cldap_socket *cldap, - TALLOC_CTX *mem_ctx, struct cldap_netlogon *io) -{ - struct cldap_request *req = cldap_netlogon_send(cldap, io); - return cldap_netlogon_recv(req, mem_ctx, io); -} - - -/* - send an empty reply (used on any error, so the client doesn't keep waiting - or send the bad request again) -*/ -NTSTATUS cldap_empty_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src) -{ - NTSTATUS status; - struct cldap_reply reply; - struct ldap_Result result; - - reply.messageid = message_id; - reply.dest = src; - reply.response = NULL; - reply.result = &result; - - ZERO_STRUCT(result); - - status = cldap_reply_send(cldap, &reply); - - return status; -} - -/* - send an error reply (used on any error, so the client doesn't keep waiting - or send the bad request again) -*/ -NTSTATUS cldap_error_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src, - int resultcode, - const char *errormessage) -{ - NTSTATUS status; - struct cldap_reply reply; - struct ldap_Result result; - - reply.messageid = message_id; - reply.dest = src; - reply.response = NULL; - reply.result = &result; - - ZERO_STRUCT(result); - result.resultcode = resultcode; - result.errormessage = errormessage; - - status = cldap_reply_send(cldap, &reply); - - return status; -} - - -/* - send a netlogon reply -*/ -NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src, - uint32_t version, - struct netlogon_samlogon_response *netlogon) -{ - NTSTATUS status; - struct cldap_reply reply; - struct ldap_SearchResEntry response; - struct ldap_Result result; - TALLOC_CTX *tmp_ctx = talloc_new(cldap); - DATA_BLOB blob; - - status = push_netlogon_samlogon_response(&blob, tmp_ctx, cldap->iconv_convenience, - netlogon); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - reply.messageid = message_id; - reply.dest = src; - reply.response = &response; - reply.result = &result; - - ZERO_STRUCT(result); - - response.dn = ""; - response.num_attributes = 1; - response.attributes = talloc(tmp_ctx, struct ldb_message_element); - NT_STATUS_HAVE_NO_MEMORY(response.attributes); - response.attributes->name = "netlogon"; - response.attributes->num_values = 1; - response.attributes->values = &blob; - - status = cldap_reply_send(cldap, &reply); - - talloc_free(tmp_ctx); - - return status; -} - - diff --git a/source4/libcli/cldap/cldap.h b/source4/libcli/cldap/cldap.h deleted file mode 100644 index 8951daa775a..00000000000 --- a/source4/libcli/cldap/cldap.h +++ /dev/null @@ -1,182 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - a async CLDAP library - - Copyright (C) Andrew Tridgell 2005 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "../lib/util/asn1.h" -#include "../libcli/netlogon.h" - -struct ldap_message; - -enum cldap_request_state {CLDAP_REQUEST_SEND, - CLDAP_REQUEST_WAIT, - CLDAP_REQUEST_DONE, - CLDAP_REQUEST_ERROR}; - -/* - a cldap request packet -*/ -struct cldap_request { - struct cldap_request *next, *prev; - - struct cldap_socket *cldap; - - enum cldap_request_state state; - NTSTATUS status; - - /* where to send the request */ - struct socket_address *dest; - - /* timeout between retries (seconds) */ - int timeout; - int num_retries; - - bool is_reply; - - /* the ldap message_id */ - int message_id; - - struct tevent_timer *te; - - /* the encoded request */ - DATA_BLOB encoded; - - /* the reply data */ - struct asn1_data *asn1; - - /* information on what to do on completion */ - struct { - void (*fn)(struct cldap_request *); - void *private_data; - } async; -}; - -/* - context structure for operations on cldap packets -*/ -struct cldap_socket { - struct socket_context *sock; - struct tevent_context *event_ctx; - struct smb_iconv_convenience *iconv_convenience; - - /* the fd event */ - struct tevent_fd *fde; - - /* a queue of outgoing requests */ - struct cldap_request *send_queue; - - /* mapping from message_id to pending request */ - struct idr_context *idr; - - /* what to do with incoming request packets */ - struct { - void (*handler)(struct cldap_socket *, struct ldap_message *, - struct socket_address *); - void *private_data; - } incoming; -}; - - -/* - a general cldap search request -*/ -struct cldap_search { - struct { - const char *dest_address; - uint16_t dest_port; - const char *filter; - const char **attributes; - int timeout; - int retries; - } in; - struct { - struct ldap_SearchResEntry *response; - struct ldap_Result *result; - } out; -}; - -struct cldap_socket *cldap_socket_init(TALLOC_CTX *mem_ctx, - struct tevent_context *event_ctx, - struct smb_iconv_convenience *iconv_convenience); -NTSTATUS cldap_set_incoming_handler(struct cldap_socket *cldap, - void (*handler)(struct cldap_socket *, struct ldap_message *, - struct socket_address *), - void *private_data); -struct cldap_request *cldap_search_send(struct cldap_socket *cldap, - struct cldap_search *io); -NTSTATUS cldap_search_recv(struct cldap_request *req, TALLOC_CTX *mem_ctx, - struct cldap_search *io); -NTSTATUS cldap_search(struct cldap_socket *cldap, TALLOC_CTX *mem_ctx, - struct cldap_search *io); - - -/* - a general cldap reply -*/ -struct cldap_reply { - uint32_t messageid; - struct socket_address *dest; - struct ldap_SearchResEntry *response; - struct ldap_Result *result; -}; - -NTSTATUS cldap_reply_send(struct cldap_socket *cldap, struct cldap_reply *io); - -NTSTATUS cldap_empty_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src); -NTSTATUS cldap_error_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src, - int resultcode, - const char *errormessage); - -/* - a netlogon cldap request -*/ -struct cldap_netlogon { - struct { - const char *dest_address; - uint16_t dest_port; - const char *realm; - const char *host; - const char *user; - const char *domain_guid; - const char *domain_sid; - int acct_control; - uint32_t version; - bool map_response; - } in; - struct { - struct netlogon_samlogon_response netlogon; - } out; -}; - -struct cldap_request *cldap_netlogon_send(struct cldap_socket *cldap, - struct cldap_netlogon *io); -NTSTATUS cldap_netlogon_recv(struct cldap_request *req, - TALLOC_CTX *mem_ctx, - struct cldap_netlogon *io); -NTSTATUS cldap_netlogon(struct cldap_socket *cldap, - TALLOC_CTX *mem_ctx, struct cldap_netlogon *io); -NTSTATUS cldap_netlogon_reply(struct cldap_socket *cldap, - uint32_t message_id, - struct socket_address *src, - uint32_t version, - struct netlogon_samlogon_response *netlogon); diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk index dc3431ab9fc..5b50bdfcbec 100644 --- a/source4/libcli/config.mk +++ b/source4/libcli/config.mk @@ -96,13 +96,6 @@ LIBCLI_DGRAM_OBJ_FILES = $(addprefix $(libclisrcdir)/dgram/, \ netlogon.o \ browse.o) -[SUBSYSTEM::LIBCLI_CLDAP] -PUBLIC_DEPENDENCIES = LIBCLI_LDAP -PRIVATE_DEPENDENCIES = LIBSAMBA-UTIL LIBLDB LIBCLI_NETLOGON - -LIBCLI_CLDAP_OBJ_FILES = $(libclisrcdir)/cldap/cldap.o -# PUBLIC_HEADERS += $(libclisrcdir)/cldap/cldap.h - [SUBSYSTEM::LIBCLI_WREPL] PUBLIC_DEPENDENCIES = NDR_WINSREPL samba_socket LIBEVENTS LIBPACKET diff --git a/source4/libcli/smb2/connect.c b/source4/libcli/smb2/connect.c index 11bec42737d..b522a56239b 100644 --- a/source4/libcli/smb2/connect.c +++ b/source4/libcli/smb2/connect.c @@ -108,6 +108,7 @@ static void continue_negprot(struct smb2_request *req) transport->negotiate.system_time = state->negprot.out.system_time; transport->negotiate.server_start_time = state->negprot.out.server_start_time; transport->negotiate.security_mode = state->negprot.out.security_mode; + transport->negotiate.dialect_revision = state->negprot.out.dialect_revision; switch (transport->options.signing) { case SMB_SIGNING_OFF: @@ -161,7 +162,8 @@ static void continue_socket(struct composite_context *creq) struct smbcli_socket *sock; struct smb2_transport *transport; struct smb2_request *req; - uint16_t dialects[2]; + uint16_t dialects[3] = { SMB2_DIALECT_REVISION, SMB21_DIALECT_REVISION, + SMB2_LONGHORN_BETA_DIALECT_REVISION }; c->status = smbcli_sock_connect_recv(creq, state, &sock); if (!composite_is_ok(c)) return; @@ -170,7 +172,7 @@ static void continue_socket(struct composite_context *creq) if (composite_nomem(transport, c)) return; ZERO_STRUCT(state->negprot); - state->negprot.in.dialect_count = 2; + state->negprot.in.dialect_count = sizeof(dialects) / sizeof(dialects[0]); switch (transport->options.signing) { case SMB_SIGNING_OFF: state->negprot.in.security_mode = 0; @@ -186,8 +188,6 @@ static void continue_socket(struct composite_context *creq) } state->negprot.in.capabilities = 0; unix_to_nt_time(&state->negprot.in.start_time, time(NULL)); - dialects[0] = SMB2_DIALECT_REVISION; - dialects[1] = 0; state->negprot.in.dialects = dialects; req = smb2_negprot_send(transport, &state->negprot); diff --git a/source4/libcli/smb2/smb2.h b/source4/libcli/smb2/smb2.h index d1d5b842c33..7c07c847403 100644 --- a/source4/libcli/smb2/smb2.h +++ b/source4/libcli/smb2/smb2.h @@ -35,6 +35,7 @@ struct smb2_negotiate { NTTIME system_time; NTTIME server_start_time; uint16_t security_mode; + uint16_t dialect_revision; }; /* this is the context for the smb2 transport layer */ @@ -226,8 +227,10 @@ struct smb2_request { #define SMB2_MAGIC 0x424D53FE /* 0xFE 'S' 'M' 'B' */ -/* the dialect we support */ +/* the dialects we support */ #define SMB2_DIALECT_REVISION 0x202 +#define SMB21_DIALECT_REVISION 0x210 +#define SMB2_LONGHORN_BETA_DIALECT_REVISION 0x0 /* early beta dialect */ /* SMB2 negotiate security_mode */ #define SMB2_NEGOTIATE_SIGNING_ENABLED 0x01 diff --git a/source4/libcli/util/nterr.c b/source4/libcli/util/nterr.c index 4e7cdf5c3aa..7f544b59225 100644 --- a/source4/libcli/util/nterr.c +++ b/source4/libcli/util/nterr.c @@ -549,6 +549,7 @@ static const nt_err_code_struct nt_errs[] = { "NT_STATUS_OBJECTID_NOT_FOUND", NT_STATUS_OBJECTID_NOT_FOUND }, { "NT_STATUS_DOWNGRADE_DETECTED", NT_STATUS_DOWNGRADE_DETECTED }, { "NT_STATUS_DS_BUSY", NT_STATUS_DS_BUSY }, + { "XXX_INVALID_RANGE", NT_STATUS_WIN7_INVALID_RANGE }, { "STATUS_MORE_ENTRIES", STATUS_MORE_ENTRIES }, { "STATUS_SOME_UNMAPPED", STATUS_SOME_UNMAPPED }, { "STATUS_NOTIFY_CLEANUP", STATUS_NOTIFY_CLEANUP }, diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c index bf046745e6a..dbbabd6a6da 100644 --- a/source4/libnet/libnet_become_dc.c +++ b/source4/libnet/libnet_become_dc.c @@ -731,12 +731,12 @@ struct libnet_BecomeDC_state { struct libnet_BecomeDC_Callbacks callbacks; }; -static void becomeDC_recv_cldap(struct cldap_request *req); +static void becomeDC_recv_cldap(struct tevent_req *req); static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s) { struct composite_context *c = s->creq; - struct cldap_request *req; + struct tevent_req *req; s->cldap.io.in.dest_address = s->source_dsa.address; s->cldap.io.in.dest_port = lp_cldap_port(s->libnet->lp_ctx); @@ -749,25 +749,27 @@ static void becomeDC_send_cldap(struct libnet_BecomeDC_state *s) s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; s->cldap.io.in.map_response = true; - s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, - lp_iconv_convenience(s->libnet->lp_ctx)); - if (composite_nomem(s->cldap.sock, c)) return; + c->status = cldap_socket_init(s, s->libnet->event_ctx, + NULL, NULL, &s->cldap.sock);//TODO + if (!composite_is_ok(c)) return; - req = cldap_netlogon_send(s->cldap.sock, &s->cldap.io); + req = cldap_netlogon_send(s, s->cldap.sock, &s->cldap.io); if (composite_nomem(req, c)) return; - req->async.fn = becomeDC_recv_cldap; - req->async.private_data = s; + tevent_req_set_callback(req, becomeDC_recv_cldap, s); } static void becomeDC_connect_ldap1(struct libnet_BecomeDC_state *s); -static void becomeDC_recv_cldap(struct cldap_request *req) +static void becomeDC_recv_cldap(struct tevent_req *req) { - struct libnet_BecomeDC_state *s = talloc_get_type(req->async.private_data, + struct libnet_BecomeDC_state *s = tevent_req_callback_data(req, struct libnet_BecomeDC_state); struct composite_context *c = s->creq; - c->status = cldap_netlogon_recv(req, s, &s->cldap.io); + c->status = cldap_netlogon_recv(req, + lp_iconv_convenience(s->libnet->lp_ctx), + s, &s->cldap.io); + talloc_free(req); if (!composite_is_ok(c)) return; s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; diff --git a/source4/libnet/libnet_site.c b/source4/libnet/libnet_site.c index 4a32ab92ed5..8a002b24a4b 100644 --- a/source4/libnet/libnet_site.c +++ b/source4/libnet/libnet_site.c @@ -56,8 +56,14 @@ NTSTATUS libnet_FindSite(TALLOC_CTX *ctx, struct libnet_context *lctx, struct li search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - cldap = cldap_socket_init(tmp_ctx, lctx->event_ctx, lp_iconv_convenience(lctx->lp_ctx)); - status = cldap_netlogon(cldap, tmp_ctx, &search); + /* we want to use non async calls, so we're not passing an event context */ + status = cldap_socket_init(tmp_ctx, NULL, NULL, NULL, &cldap);//TODO + if (!NT_STATUS_IS_OK(status)) { + talloc_free(tmp_ctx); + r->out.error_string = NULL; + return status; + } + status = cldap_netlogon(cldap, lp_iconv_convenience(lctx->lp_ctx), tmp_ctx, &search); if (!NT_STATUS_IS_OK(status) || !search.out.netlogon.data.nt5_ex.client_site) { /* diff --git a/source4/libnet/libnet_unbecome_dc.c b/source4/libnet/libnet_unbecome_dc.c index 3f92daab281..e0e5e421151 100644 --- a/source4/libnet/libnet_unbecome_dc.c +++ b/source4/libnet/libnet_unbecome_dc.c @@ -250,12 +250,12 @@ struct libnet_UnbecomeDC_state { } dest_dsa; }; -static void unbecomeDC_recv_cldap(struct cldap_request *req); +static void unbecomeDC_recv_cldap(struct tevent_req *req); static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s) { struct composite_context *c = s->creq; - struct cldap_request *req; + struct tevent_req *req; s->cldap.io.in.dest_address = s->source_dsa.address; s->cldap.io.in.dest_port = lp_cldap_port(s->libnet->lp_ctx); @@ -268,25 +268,27 @@ static void unbecomeDC_send_cldap(struct libnet_UnbecomeDC_state *s) s->cldap.io.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; s->cldap.io.in.map_response = true; - s->cldap.sock = cldap_socket_init(s, s->libnet->event_ctx, - lp_iconv_convenience(s->libnet->lp_ctx)); - if (composite_nomem(s->cldap.sock, c)) return; + c->status = cldap_socket_init(s, s->libnet->event_ctx, + NULL, NULL, &s->cldap.sock);//TODO + if (!composite_is_ok(c)) return; - req = cldap_netlogon_send(s->cldap.sock, &s->cldap.io); + req = cldap_netlogon_send(s, s->cldap.sock, &s->cldap.io); if (composite_nomem(req, c)) return; - req->async.fn = unbecomeDC_recv_cldap; - req->async.private_data = s; + tevent_req_set_callback(req, unbecomeDC_recv_cldap, s); } static void unbecomeDC_connect_ldap(struct libnet_UnbecomeDC_state *s); -static void unbecomeDC_recv_cldap(struct cldap_request *req) +static void unbecomeDC_recv_cldap(struct tevent_req *req) { - struct libnet_UnbecomeDC_state *s = talloc_get_type(req->async.private_data, + struct libnet_UnbecomeDC_state *s = tevent_req_callback_data(req, struct libnet_UnbecomeDC_state); struct composite_context *c = s->creq; - c->status = cldap_netlogon_recv(req, s, &s->cldap.io); + c->status = cldap_netlogon_recv(req, + lp_iconv_convenience(s->libnet->lp_ctx), + s, &s->cldap.io); + talloc_free(req); if (!composite_is_ok(c)) return; s->cldap.netlogon = s->cldap.io.out.netlogon.data.nt5_ex; diff --git a/source4/main.mk b/source4/main.mk index 8ea9727ed3b..d7db0580e97 100644 --- a/source4/main.mk +++ b/source4/main.mk @@ -21,6 +21,7 @@ mkinclude ../lib/nss_wrapper/config.mk mkinclude lib/stream/config.mk mkinclude ../lib/util/config.mk mkinclude ../lib/tdr/config.mk +mkinclude ../lib/tsocket/config.mk mkinclude ../lib/crypto/config.mk mkinclude ../lib/torture/config.mk mkinclude lib/basic.mk @@ -45,6 +46,7 @@ mkinclude torture/config.mk mkinclude librpc/config.mk mkinclude client/config.mk mkinclude libcli/config.mk +mkinclude ../libcli/cldap/config.mk mkinclude scripting/python/config.mk mkinclude kdc/config.mk mkinclude ../lib/smbconf/config.mk diff --git a/source4/min_versions.m4 b/source4/min_versions.m4 index 46f45a1bf33..eaefbd5148f 100644 --- a/source4/min_versions.m4 +++ b/source4/min_versions.m4 @@ -3,4 +3,4 @@ TDB_MIN_VERSION=1.1.3 TALLOC_MIN_VERSION=1.3.0 LDB_REQUIRED_VERSION=0.9.3 -TEVENT_REQUIRED_VERSION=0.9.4 +TEVENT_REQUIRED_VERSION=0.9.5 diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c index aea5d08c3f3..4ebbaaeffc6 100644 --- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c +++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c @@ -127,44 +127,44 @@ static WERROR sptr_GetPrintServerData(struct ntptr_GenericHandle *server, TALLOC { struct dcerpc_server_info *server_info = lp_dcerpc_server_info(mem_ctx, server->ntptr->lp_ctx); if (strcmp("W3SvcInstalled", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("BeepEnabled", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("EventLog", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("NetPopup", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("NetPopupToComputer", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("MajorVersion", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 3; + *r->out.type = REG_DWORD; + r->out.data->value = 3; return WERR_OK; } else if (strcmp("MinorVersion", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 0; + *r->out.type = REG_DWORD; + r->out.data->value = 0; return WERR_OK; } else if (strcmp("DefaultSpoolDirectory", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_STRING; - r->out.data.string = "C:\\PRINTERS"; + *r->out.type = REG_SZ; + r->out.data->string = "C:\\PRINTERS"; return WERR_OK; } else if (strcmp("Architecture", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_STRING; - r->out.data.string = SPOOLSS_ARCHITECTURE_NT_X86; + *r->out.type = REG_SZ; + r->out.data->string = SPOOLSS_ARCHITECTURE_NT_X86; return WERR_OK; } else if (strcmp("DsPresent", r->in.value_name) == 0) { - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_UINT32; - r->out.data.value = 1; + *r->out.type = REG_DWORD; + r->out.data->value = 1; return WERR_OK; } else if (strcmp("OSVersion", r->in.value_name) == 0) { DATA_BLOB blob; @@ -181,8 +181,8 @@ static WERROR sptr_GetPrintServerData(struct ntptr_GenericHandle *server, TALLOC return WERR_GENERAL_FAILURE; } - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_BINARY; - r->out.data.binary = blob; + *r->out.type = REG_BINARY; + r->out.data->binary = blob; return WERR_OK; } else if (strcmp("OSVersionEx", r->in.value_name) == 0) { DATA_BLOB blob; @@ -201,17 +201,17 @@ static WERROR sptr_GetPrintServerData(struct ntptr_GenericHandle *server, TALLOC return WERR_GENERAL_FAILURE; } - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_BINARY; - r->out.data.binary = blob; + *r->out.type = REG_BINARY; + r->out.data->binary = blob; return WERR_OK; } else if (strcmp("DNSMachineName", r->in.value_name) == 0) { if (!lp_realm(server->ntptr->lp_ctx)) return WERR_INVALID_PARAM; - *r->out.type = SPOOLSS_PRINTER_DATA_TYPE_STRING; - r->out.data.string = talloc_asprintf(mem_ctx, "%s.%s", + *r->out.type = REG_SZ; + r->out.data->string = talloc_asprintf(mem_ctx, "%s.%s", lp_netbios_name(server->ntptr->lp_ctx), lp_realm(server->ntptr->lp_ctx)); - W_ERROR_HAVE_NO_MEMORY(r->out.data.string); + W_ERROR_HAVE_NO_MEMORY(r->out.data->string); return WERR_OK; } diff --git a/source4/ntvfs/unixuid/vfs_unixuid.c b/source4/ntvfs/unixuid/vfs_unixuid.c index db22a85492e..062fa41889f 100644 --- a/source4/ntvfs/unixuid/vfs_unixuid.c +++ b/source4/ntvfs/unixuid/vfs_unixuid.c @@ -26,6 +26,8 @@ #include "auth/auth.h" #include "ntvfs/ntvfs.h" #include "libcli/wbclient/wbclient.h" +#define TEVENT_DEPRECATED +#include <tevent.h> struct unixuid_private { struct wbc_context *wbc_ctx; @@ -91,6 +93,64 @@ static NTSTATUS set_unix_security(struct unix_sec_ctx *sec) return NT_STATUS_OK; } +static int unixuid_nesting_level; + +/* + called at the start and end of a tevent nesting loop. Needs to save/restore + unix security context + */ +static int unixuid_event_nesting_hook(struct tevent_context *ev, + void *private_data, + uint32_t level, + bool begin, + void *stack_ptr, + const char *location) +{ + struct unix_sec_ctx *sec_ctx; + + if (unixuid_nesting_level == 0) { + /* we don't need to do anything unless we are nested + inside of a call in this module */ + return 0; + } + + if (begin) { + sec_ctx = save_unix_security(ev); + if (sec_ctx == NULL) { + DEBUG(0,("%s: Failed to save security context\n", location)); + return -1; + } + *(struct unix_sec_ctx **)stack_ptr = sec_ctx; + if (seteuid(0) != 0 || setegid(0) != 0) { + DEBUG(0,("%s: Failed to change to root\n", location)); + return -1; + } + } else { + /* called when we come out of a nesting level */ + NTSTATUS status; + + sec_ctx = *(struct unix_sec_ctx **)stack_ptr; + if (sec_ctx == NULL) { + /* this happens the first time this function + is called, as we install the hook while + inside an event in unixuid_connect() */ + return 0; + } + + sec_ctx = talloc_get_type_abort(sec_ctx, struct unix_sec_ctx); + status = set_unix_security(sec_ctx); + talloc_free(sec_ctx); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("%s: Failed to revert security context (%s)\n", + location, nt_errstr(status))); + return -1; + } + } + + return 0; +} + + /* form a unix_sec_ctx from the current security_token */ @@ -219,7 +279,9 @@ static NTSTATUS unixuid_setup_security(struct ntvfs_module_context *ntvfs, struct unix_sec_ctx *sec; \ status = unixuid_setup_security(ntvfs, req, &sec); \ NT_STATUS_NOT_OK_RETURN(status); \ + unixuid_nesting_level++; \ status = ntvfs_next_##op args; \ + unixuid_nesting_level--; \ status2 = set_unix_security(sec); \ talloc_free(sec); \ if (!NT_STATUS_IS_OK(status2)) smb_panic("Unable to reset security context"); \ @@ -252,6 +314,10 @@ static NTSTATUS unixuid_connect(struct ntvfs_module_context *ntvfs, priv->last_sec_ctx = NULL; priv->last_token = NULL; + tevent_loop_set_nesting_hook(ntvfs->ctx->event_ctx, + unixuid_event_nesting_hook, + &unixuid_nesting_level); + /* we don't use PASS_THRU_REQ here, as the connect operation runs with root privileges. This allows the backends to setup any database links they might need during the connect. */ diff --git a/source4/rpc_server/spoolss/dcesrv_spoolss.c b/source4/rpc_server/spoolss/dcesrv_spoolss.c index 61c8009716b..7d14c0e5028 100644 --- a/source4/rpc_server/spoolss/dcesrv_spoolss.c +++ b/source4/rpc_server/spoolss/dcesrv_spoolss.c @@ -580,9 +580,15 @@ static WERROR dcesrv_spoolss_GetPrinterData(struct dcesrv_call_state *dce_call, if (!handle) return WERR_BADFID; - r->out.type = talloc_zero(mem_ctx, enum spoolss_PrinterDataType); + r->out.type = talloc_zero(mem_ctx, enum winreg_Type); W_ERROR_HAVE_NO_MEMORY(r->out.type); + r->out.needed = talloc_zero(mem_ctx, uint32_t); + W_ERROR_HAVE_NO_MEMORY(r->out.needed); + + r->out.data = talloc_zero(mem_ctx, union spoolss_PrinterData); + W_ERROR_HAVE_NO_MEMORY(r->out.data); + switch (handle->type) { case NTPTR_HANDLE_SERVER: status = ntptr_GetPrintServerData(handle, mem_ctx, r); @@ -594,8 +600,8 @@ static WERROR dcesrv_spoolss_GetPrinterData(struct dcesrv_call_state *dce_call, W_ERROR_NOT_OK_RETURN(status); - *r->out.needed = ndr_size_spoolss_PrinterData(&r->out.data, *r->out.type, ic, 0); - *r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, SPOOLSS_PRINTER_DATA_TYPE_NULL); + *r->out.needed = ndr_size_spoolss_PrinterData(r->out.data, *r->out.type, ic, 0); + *r->out.type = SPOOLSS_BUFFER_OK(*r->out.type, REG_NONE); r->out.data = SPOOLSS_BUFFER_OK(r->out.data, r->out.data); return SPOOLSS_BUFFER_OK(WERR_OK, WERR_MORE_DATA); } diff --git a/source4/script/uninstallman.sh b/source4/script/uninstallman.sh index 9b087c68bb2..edc1c47e4df 100755 --- a/source4/script/uninstallman.sh +++ b/source4/script/uninstallman.sh @@ -8,7 +8,7 @@ MANPAGES=$* for I in $MANPAGES do - SECTION=`echo -n $I | sed "s/.*\(.\)$/\1/" + SECTION=`echo -n $I | sed "s/.*\(.\)$/\1/"` FNAME=$MANDIR/man$SECTION/$I if test -f $FNAME; then echo Deleting $FNAME diff --git a/source4/scripting/bin/fullschema b/source4/scripting/bin/fullschema new file mode 100644 index 00000000000..41c45f30c8c --- /dev/null +++ b/source4/scripting/bin/fullschema @@ -0,0 +1,179 @@ +#!/usr/bin/python +# +# work out the minimal schema for a set of objectclasses +# + +import base64 +import optparse +import os +import sys + +# Find right directory when running from source tree +sys.path.insert(0, "bin/python") + +import samba +from samba import getopt as options, Ldb +from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError +import sys + +parser = optparse.OptionParser("fullschema <URL>") +sambaopts = options.SambaOptions(parser) +parser.add_option_group(sambaopts) +credopts = options.CredentialsOptions(parser) +parser.add_option_group(credopts) +parser.add_option_group(options.VersionOptions(parser)) +parser.add_option("--dump-classes", action="store_true") +parser.add_option("--dump-attributes", action="store_true") + +opts, args = parser.parse_args() +opts.dump_all = True + +if opts.dump_classes: + opts.dump_all = False +if opts.dump_attributes: + opts.dump_all = False +if opts.dump_all: + opts.dump_classes = True + opts.dump_attributes = True + +if len(args) != 1: + parser.print_usage() + sys.exit(1) + +url = args[0] + +lp_ctx = sambaopts.get_loadparm() + +creds = credopts.get_credentials(lp_ctx) +ldb = Ldb(url, credentials=creds, lp=lp_ctx, options=["modules:paged_searches"]) + +# the attributes we need for objectclasses +class_attrs = ["objectClass", + "cn", + "subClassOf", + "governsID", + "possSuperiors", + "possibleInferiors", + "mayContain", + "mustContain", + "auxiliaryClass", + "rDNAttID", + "adminDisplayName", + "adminDescription", + "objectClassCategory", + "lDAPDisplayName", + "schemaIDGUID", + "systemOnly", + "systemPossSuperiors", + "systemMayContain", + "systemMustContain", + "systemAuxiliaryClass", + "defaultSecurityDescriptor", + "systemFlags", + "defaultHidingValue", + "defaultObjectCategory", + + # this attributes are not used by w2k3 + "schemaFlagsEx", + "msDs-IntId", + "msDs-Schema-Extensions", + "classDisplayName", + "isDefunct"] + +attrib_attrs = ["objectClass", + "cn", + "attributeID", + "attributeSyntax", + "isSingleValued", + "rangeLower", + "rangeUpper", + "mAPIID", + "linkID", + "adminDisplayName", + "oMObjectClass", + "adminDescription", + "oMSyntax", + "searchFlags", + "extendedCharsAllowed", + "lDAPDisplayName", + "schemaIDGUID", + "attributeSecurityGUID", + "systemOnly", + "systemFlags", + "isMemberOfPartialAttributeSet", + + # this attributes are not used by w2k3 + "schemaFlagsEx", + "msDs-IntId", + "msDs-Schema-Extensions", + "classDisplayName", + "isEphemeral", + "isDefunct"] + +class Objectclass(dict): + + def __init__(self, ldb, name): + """create an objectclass object""" + self.name = name + + +class Attribute(dict): + + def __init__(self, ldb, name): + """create an attribute object""" + self.name = name + self["cn"] = get_object_cn(ldb, name) + + + +def fix_dn(dn): + """fix a string DN to use ${SCHEMADN}""" + return dn.replace(rootDse["schemaNamingContext"][0], "${SCHEMADN}") + + +def write_ldif_one(o, attrs): + """dump an object as ldif""" + print "dn: CN=%s,${SCHEMADN}" % o["cn"] + for a in attrs: + if not o.has_key(a): + continue + # special case for oMObjectClass, which is a binary object + v = o[a] + for j in v: + value = fix_dn(j) + if a != "cn": + if a == "oMObjectClass": + print "%s:: %s" % (a, base64.b64encode(value)) + elif a.endswith("GUID"): + print "%s: %s" % (a, ldb.schema_format_value(a, value)) + else: + print "%s: %s" % (a, value) + print "" + + +# get the rootDSE +res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"]) +rootDse = res[0] + +if opts.dump_attributes: + res = ldb.search(expression="objectClass=attributeSchema", + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE,attrs=attrib_attrs, + controls=["server_sort:1:0:cn"]) + + for msg in res: + o = Objectclass(ldb, msg["ldapDisplayName"]) + for a in msg: + o[a] = msg[a] + write_ldif_one(o, attrib_attrs) + +if opts.dump_classes: + res = ldb.search(expression="objectClass=classSchema", + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE,attrs=class_attrs, + controls=["server_sort:1:0:cn"]) + + for msg in res: + o = Objectclass(ldb, msg["ldapDisplayName"]) + for a in msg: + o[a] = msg[a] + write_ldif_one(o, class_attrs) + diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema index e7d7ed49791..c860495e965 100755 --- a/source4/scripting/bin/minschema +++ b/source4/scripting/bin/minschema @@ -3,9 +3,10 @@ # work out the minimal schema for a set of objectclasses # +import base64 import optparse - -import os, sys +import os +import sys # Find right directory when running from source tree sys.path.insert(0, "bin/python") @@ -54,10 +55,10 @@ if len(args) != 2: lp_ctx = sambaopts.get_loadparm() creds = credopts.get_credentials(lp_ctx) -ldb = Ldb(url, credentials=creds) +ldb = Ldb(url, credentials=creds, lp=lp_ctx) -objectclasses = [] -attributes = [] +objectclasses = {} +attributes = {} objectclasses_expanded = set() @@ -71,7 +72,6 @@ class_attrs = ["objectClass", "mustContain", "auxiliaryClass", "rDNAttID", - "showInAdvancedViewOnly", "adminDisplayName", "adminDescription", "objectClassCategory", @@ -103,7 +103,6 @@ attrib_attrs = ["objectClass", "rangeUpper", "mAPIID", "linkID", - "showInAdvancedViewOnly", "adminDisplayName", "oMObjectClass", "adminDescription", @@ -136,24 +135,25 @@ attrib_attrs = ["objectClass", def get_object_cn(ldb, name): attrs = ["cn"] - - res = ldb.search("(ldapDisplayName=%s)" % name, rootDse["schemaNamingContext"], SCOPE_SUBTREE, attrs) + res = ldb.search(expression="(ldapDisplayName=%s)" % name, base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, attrs=attrs) assert len(res) == 1 - return res[0]["cn"] -class Objectclass: + +class Objectclass(dict): + def __init__(self, ldb, name): """create an objectclass object""" self.name = name - self.cn = get_object_cn(ldb, name) + self["cn"] = get_object_cn(ldb, name) + +class Attribute(dict): -class Attribute: def __init__(self, ldb, name): """create an attribute object""" self.name = name - self.cn = get_object_cn(ldb, name) + self["cn"] = get_object_cn(ldb, name) syntaxmap = dict() @@ -180,36 +180,38 @@ syntaxmap['2.5.5.17'] = '1.3.6.1.4.1.1466.115.121.1.40' def map_attribute_syntax(s): """map some attribute syntaxes from some apparently MS specific syntaxes to the standard syntaxes""" - if syntaxmap.has_key(s): + if s in list(syntaxmap): return syntaxmap[s] return s def fix_dn(dn): """fix a string DN to use ${SCHEMADN}""" - return dn.replace(rootDse["schemaNamingContext"], "${SCHEMADN}") + return dn.replace(rootDse["schemaNamingContext"][0], "${SCHEMADN}") def write_ldif_one(o, attrs): """dump an object as ldif""" - print "dn: CN=%s,${SCHEMADN}\n" % o["cn"] + print "dn: CN=%s,${SCHEMADN}" % o["cn"] for a in attrs: if not o.has_key(a): continue # special case for oMObjectClass, which is a binary object - if a == "oMObjectClass": - print "%s:: %s\n" % (a, o[a]) - continue v = o[a] - if isinstance(v, str): - v = [v] for j in v: - print "%s: %s\n" % (a, fix_dn(j)) - print "\n" + value = fix_dn(j) + if a == "oMObjectClass": + print "%s:: %s" % (a, base64.b64encode(value)) + elif a.endswith("GUID"): + print "%s: %s" % (a, ldb.schema_format_value(a, value)) + else: + print "%s: %s" % (a, value) + print "" + def write_ldif(o, attrs): """dump an array of objects as ldif""" - for i in o: + for n, i in o.items(): write_ldif_one(i, attrs) @@ -225,7 +227,7 @@ def find_objectclass_properties(ldb, o): """the properties of an objectclass""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, attrs=class_attrs) + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, attrs=class_attrs) assert(len(res) == 1) msg = res[0] for a in msg: @@ -235,15 +237,11 @@ def find_attribute_properties(ldb, o): """find the properties of an attribute""" res = ldb.search( expression="(ldapDisplayName=%s)" % o.name, - base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, attrs=attrib_attrs) assert(len(res) == 1) msg = res[0] for a in msg: - # special case for oMObjectClass, which is a binary object - if a == "oMObjectClass": - o[a] = ldb.encode(msg[a]) - continue o[a] = msg[a] @@ -254,15 +252,15 @@ def find_objectclass_auto(ldb, o): return testdn = create_testdn(o.exampleDN) - print "testdn is '%s'\n" % testdn + print "testdn is '%s'" % testdn ldif = "dn: " + testdn ldif += "\nobjectClass: " + o.name try: ldb.add(ldif) except LdbError, e: - print "error adding %s: %s\n" % (o.name, e) - print "%s\n" % ldif + print "error adding %s: %s" % (o.name, e) + print "%s" % ldif return res = ldb.search(base=testdn, scope=ldb.SCOPE_BASE) @@ -280,20 +278,20 @@ def expand_objectclass(ldb, o): "subClassOf"] res = ldb.search( expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % o.name, - base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, attrs=attrs) - print "Expanding class %s\n" % o.name + print >>sys.stderr, "Expanding class %s" % o.name assert(len(res) == 1) msg = res[0] - for a in attrs: - if not msg.has_key(aname): + for aname in attrs: + if not aname in msg: continue list = msg[aname] if isinstance(list, str): list = [msg[aname]] for name in list: if not objectclasses.has_key(name): - print "Found new objectclass '%s'\n" % name + print >>sys.stderr, "Found new objectclass '%s'" % name objectclasses[name] = Objectclass(ldb, name) @@ -320,13 +318,13 @@ def walk_dn(ldb, dn): try: res = ldb.search("objectClass=*", dn, SCOPE_BASE, attrs) except LdbError, e: - print "Unable to fetch allowedAttributes for '%s' - %r\n" % (dn, e) + print >>sys.stderr, "Unable to fetch allowedAttributes for '%s' - %r" % (dn, e) return allattrs = res[0]["allowedAttributes"] try: res = ldb.search("objectClass=*", dn, SCOPE_BASE, allattrs) except LdbError, e: - print "Unable to fetch all attributes for '%s' - %s\n" % (dn, e) + print >>sys.stderr, "Unable to fetch all attributes for '%s' - %s" % (dn, e) return msg = res[0] for a in msg: @@ -339,7 +337,7 @@ def walk_naming_context(ldb, namingContext): res = ldb.search("objectClass=*", namingContext, SCOPE_DEFAULT, ["objectClass"]) except LdbError, e: - print "Unable to fetch objectClasses for '%s' - %s\n" % (namingContext, e) + print >>sys.stderr, "Unable to fetch objectClasses for '%s' - %s" % (namingContext, e) return for msg in res: msg = res.msgs[r]["objectClass"] @@ -356,12 +354,9 @@ def trim_objectclass_attributes(ldb, objectclass): if objectclass.has_key("possibleInferiors"): possinf = objectclass["possibleInferiors"] newpossinf = [] - if isinstance(possinf, str): - possinf = [possinf] for x in possinf: if objectclasses.has_key(x): - newpossinf[n] = x - n+=1 + newpossinf.append(x) objectclass["possibleInferiors"] = newpossinf # trim systemMayContain, @@ -369,8 +364,6 @@ def trim_objectclass_attributes(ldb, objectclass): if objectclass.has_key("systemMayContain"): sysmay = objectclass["systemMayContain"] newsysmay = [] - if isinstance(sysmay, str): - sysmay = [sysmay] for x in sysmay: if not x in newsysmay: newsysmay.append(x) @@ -378,7 +371,7 @@ def trim_objectclass_attributes(ldb, objectclass): # trim mayContain, # remove duplicates - if not objectclass.has_key("mayContain"): + if objectclass.has_key("mayContain"): may = objectclass["mayContain"] newmay = [] if isinstance(may, str): @@ -388,71 +381,65 @@ def trim_objectclass_attributes(ldb, objectclass): newmay.append(x) objectclass["mayContain"] = newmay + def build_objectclass(ldb, name): """load the basic attributes of an objectClass""" attrs = ["name"] - try: - res = ldb.search( - expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % name, - base=rootDse["schemaNamingContext"], scope=SCOPE_SUBTREE, - attrs=attrs) - except LdbError, e: - print "unknown class '%s'\n" % name - return None + res = ldb.search( + expression="(&(objectClass=classSchema)(ldapDisplayName=%s))" % name, + base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, + attrs=attrs) if len(res) == 0: - print "unknown class '%s'\n" % name + print >>sys.stderr, "unknown class '%s'" % name return None return Objectclass(ldb, name) + def attribute_list(objectclass, attr1, attr2): """form a coalesced attribute list""" - a1 = objectclass[attr1] - a2 = objectclass[attr2] - if isinstance(a1, str): - a1 = [a1] - if isinstance(a2, str): - a2 = [a2] + a1 = list(objectclass.get(attr1, [])) + a2 = list(objectclass.get(attr2, [])) return a1 + a2 def aggregate_list(name, list): """write out a list in aggregate form""" - if list is None: - return - print "%s ( %s )" % (name, "$ ".join(list)) + if list == []: + return "" + return " %s ( %s )" % (name, " $ ".join(list)) def write_aggregate_objectclass(objectclass): """write the aggregate record for an objectclass""" - print "objectClasses: ( %s NAME '%s' " % (objectclass.governsID, objectclass.name) + line = "objectClasses: ( %s NAME '%s' " % (objectclass["governsID"], objectclass.name) if not objectclass.has_key('subClassOf'): - print "SUP %s " % objectclass['subClassOf'] - if objectclass.objectClassCategory == 1: - print "STRUCTURAL " - elif objectclass.objectClassCategory == 2: - print "ABSTRACT " - elif objectclass.objectClassCategory == 3: - print "AUXILIARY " + line += "SUP %s" % objectclass['subClassOf'] + if objectclass["objectClassCategory"] == 1: + line += "STRUCTURAL" + elif objectclass["objectClassCategory"] == 2: + line += "ABSTRACT" + elif objectclass["objectClassCategory"] == 3: + line += "AUXILIARY" list = attribute_list(objectclass, "systemMustContain", "mustContain") - aggregate_list("MUST", list) + line += aggregate_list("MUST", list) list = attribute_list(objectclass, "systemMayContain", "mayContain") - aggregate_list("MAY", list) + line += aggregate_list("MAY", list) - print ")\n" + print line + " )" def write_aggregate_ditcontentrule(objectclass): """write the aggregate record for an ditcontentrule""" list = attribute_list(objectclass, "auxiliaryClass", "systemAuxiliaryClass") - if list is None: + if list == []: return - print "dITContentRules: ( %s NAME '%s' " % (objectclass.governsID, objectclass.name) + line = "dITContentRules: ( %s NAME '%s'" % (objectclass["governsID"], objectclass.name) - aggregate_list("AUX", list) + line += aggregate_list("AUX", list) - may_list = None - must_list = None + may_list = [] + must_list = [] for c in list: list2 = attribute_list(objectclasses[c], @@ -462,44 +449,43 @@ def write_aggregate_ditcontentrule(objectclass): "mustContain", "systemMustContain") must_list = must_list + list2 - aggregate_list("MUST", must_list) - aggregate_list("MAY", may_list) + line += aggregate_list("MUST", must_list) + line += aggregate_list("MAY", may_list) - print ")\n" + print line + " )" def write_aggregate_attribute(attrib): """write the aggregate record for an attribute""" - print "attributeTypes: ( %s NAME '%s' SYNTAX '%s' " % ( - attrib.attributeID, attrib.name, - map_attribute_syntax(attrib.attributeSyntax)) - if attrib['isSingleValued'] == "TRUE": - print "SINGLE-VALUE " - if attrib['systemOnly'] == "TRUE": - print "NO-USER-MODIFICATION " + line = "attributeTypes: ( %s NAME '%s' SYNTAX '%s' " % ( + attrib["attributeID"], attrib.name, + map_attribute_syntax(attrib["attributeSyntax"])) + if attrib.get('isSingleValued') == "TRUE": + line += "SINGLE-VALUE " + if attrib.get('systemOnly') == "TRUE": + line += "NO-USER-MODIFICATION " - print ")\n" + print line + ")" def write_aggregate(): """write the aggregate record""" - print "dn: CN=Aggregate,${SCHEMADN}\n" + print "dn: CN=Aggregate,${SCHEMADN}" print """objectClass: top objectClass: subSchema -objectCategory: CN=SubSchema,${SCHEMADN} -""" +objectCategory: CN=SubSchema,${SCHEMADN}""" if not opts.dump_subschema_auto: return - for objectclass in objectclasses: + for objectclass in objectclasses.values(): write_aggregate_objectclass(objectclass) - for attr in attributes: + for attr in attributes.values(): write_aggregate_attribute(attr) - for objectclass in objectclasses: + for objectclass in objectclasses.values(): write_aggregate_ditcontentrule(objectclass) def load_list(file): """load a list from a file""" - return open(file, 'r').readlines() + return [l.strip("\n") for l in open(file, 'r').readlines()] # get the rootDSE res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["schemaNamingContext"]) @@ -523,32 +509,32 @@ expanded = 0 # than necessary to recursively expand all classes # for inf in range(500): - for n in objectclasses: + for n, o in objectclasses.items(): if not n in objectclasses_expanded: - expand_objectclass(ldb, objectclasses[i]) + expand_objectclass(ldb, o) objectclasses_expanded.add(n) # # find objectclass properties # -for objectclass in objectclasses: +for name, objectclass in objectclasses.items(): find_objectclass_properties(ldb, objectclass) # # form the full list of attributes # -for objectclass in objectclasses: +for name, objectclass in objectclasses.items(): add_objectclass_attributes(ldb, objectclass) # and attribute properties -for attr in attributes: +for name, attr in attributes.items(): find_attribute_properties(ldb, attr) # # trim the 'may' attribute lists to those really needed # -for objectclass in objectclasses: +for name, objectclass in objectclasses.items(): trim_objectclass_attributes(ldb, objectclass) # diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py index a49e6e1eadb..c5827b96e0e 100644 --- a/source4/scripting/python/samba/__init__.py +++ b/source4/scripting/python/samba/__init__.py @@ -54,7 +54,7 @@ class Ldb(ldb.Ldb): functions see samdb.py. """ def __init__(self, url=None, session_info=None, credentials=None, - modules_dir=None, lp=None): + modules_dir=None, lp=None, options=None): """Open a Samba Ldb file. :param url: Optional LDB URL to open @@ -67,7 +67,7 @@ class Ldb(ldb.Ldb): modules-dir is used by default and that credentials and session_info can be passed through (required by some modules). """ - super(Ldb, self).__init__() + super(Ldb, self).__init__(options=options) if modules_dir is not None: self.set_modules_dir(modules_dir) @@ -90,7 +90,7 @@ class Ldb(ldb.Ldb): #self.set_debug(msg) if url is not None: - self.connect(url) + self.connect(url, options=options) def set_credentials(self, credentials): glue.ldb_set_credentials(self, credentials) diff --git a/source4/setup/schema.ldif b/source4/setup/schema.ldif index 56eb7ce0c07..a4dfaea7eb5 100644 --- a/source4/setup/schema.ldif +++ b/source4/setup/schema.ldif @@ -4096,6 +4096,21 @@ systemOnly: TRUE systemFlags: 19 isMemberOfPartialAttributeSet: TRUE +dn: CN=Parent-GUID,${SCHEMADN} +objectClass: top +objectClass: attributeSchema +cn: Parent-GUID +ldapDisplayName: parentGUID +attributeId: 1.2.840.113556.1.4.1224 +attributeSyntax: 2.5.5.10 +omSyntax: 4 +isSingleValued: TRUE +schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a +systemOnly: TRUE +searchFlags: 0 +systemFlags: 134217748 +schemaFlagsEx: 1 + dn: CN=ms-DS-Tasks-For-Az-Task-BL,${SCHEMADN} objectClass: top objectClass: attributeSchema diff --git a/source4/torture/ldap/cldap.c b/source4/torture/ldap/cldap.c index 1ddc628a5c6..98669288a8f 100644 --- a/source4/torture/ldap/cldap.c +++ b/source4/torture/ldap/cldap.c @@ -28,6 +28,7 @@ #include "torture/torture.h" #include "lib/ldb/include/ldb.h" #include "param/param.h" +#include "../lib/tsocket/tsocket.h" #define CHECK_STATUS(status, correct) torture_assert_ntstatus_equal(tctx, status, correct, "incorrect status") @@ -45,12 +46,21 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) struct netlogon_samlogon_response n1; struct GUID guid; int i; + struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); + struct tsocket_address *dest_addr; + int ret; - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + ret = tsocket_address_inet_from_strings(tctx, "ip", + dest, + lp_cldap_port(tctx->lp_ctx), + &dest_addr); + + status = cldap_socket_init(tctx, NULL, NULL, dest_addr, &cldap); + CHECK_STATUS(status, NT_STATUS_OK); ZERO_STRUCT(search); - search.in.dest_address = dest; - search.in.dest_port = lp_cldap_port(tctx->lp_ctx); + search.in.dest_address = NULL;//dest; + search.in.dest_port = 0;//lp_cldap_port(tctx->lp_ctx); search.in.acct_control = -1; search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; @@ -59,7 +69,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying without any attributes\n"); search = empty_search; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); n1 = search.out.netlogon; @@ -72,7 +82,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) for (i=0;i<256;i++) { search.in.version = i; printf("Trying netlogon level %d\n", i); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); } @@ -80,19 +90,19 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) for (i=0;i<31;i++) { search.in.version = (1<<i); printf("Trying netlogon level 0x%x\n", i); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); } search.in.version = NETLOGON_NT_VERSION_5|NETLOGON_NT_VERSION_5EX|NETLOGON_NT_VERSION_IP; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); printf("Trying with User=NULL\n"); search.in.user = NULL; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); @@ -100,20 +110,20 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with User=Administrator\n"); search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); search.in.version = NETLOGON_NT_VERSION_5; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); printf("Trying with User=NULL\n"); search.in.user = NULL; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE); @@ -121,7 +131,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with User=Administrator\n"); search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); @@ -132,7 +142,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a GUID\n"); search.in.realm = NULL; search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); CHECK_STRING(GUID_string(tctx, &search.out.netlogon.data.nt5_ex.domain_uuid), search.in.domain_guid); @@ -141,13 +151,13 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) guid = GUID_random(); search.in.user = NULL; search.in.domain_guid = GUID_string(tctx, &guid); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a AAC\n"); search.in.acct_control = ACB_WSTRUST|ACB_SVRTRUST; search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -155,7 +165,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a zero AAC\n"); search.in.acct_control = 0x0; search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -164,7 +174,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.acct_control = 0x0; search.in.user = "Administrator"; search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_USER_UNKNOWN_EX); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, "Administrator"); @@ -173,7 +183,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) search.in.user = NULL; search.in.acct_control = 0xFF00FF00; search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_VAL(search.out.netlogon.data.nt5_ex.command, LOGON_SAM_LOGON_RESPONSE_EX); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -181,14 +191,14 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a user only\n"); search = empty_search; search.in.user = "Administrator"; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); printf("Trying with just a bad username\n"); search.in.user = "___no_such_user___"; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, search.in.user); CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); @@ -197,12 +207,12 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with just a bad domain\n"); search = empty_search; search.in.realm = "___no_such_domain___"; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); printf("Trying with a incorrect domain and correct guid\n"); search.in.domain_guid = GUID_string(tctx, &n1.data.nt5_ex.domain_uuid); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -210,7 +220,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a incorrect domain and incorrect guid\n"); search.in.domain_guid = GUID_string(tctx, &guid); - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_NOT_FOUND); CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -219,7 +229,7 @@ static bool test_cldap_netlogon(struct torture_context *tctx, const char *dest) printf("Trying with a incorrect GUID and correct domain\n"); search.in.domain_guid = GUID_string(tctx, &guid); search.in.realm = n1.data.nt5_ex.dns_domain; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); CHECK_STRING(search.out.netlogon.data.nt5_ex.dns_domain, n1.data.nt5_ex.dns_domain); CHECK_STRING(search.out.netlogon.data.nt5_ex.user_name, ""); @@ -239,10 +249,12 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx, struct cldap_netlogon search; struct netlogon_samlogon_response n1; uint32_t server_type; + struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap); + CHECK_STATUS(status, NT_STATUS_OK); - printf("Printing out netlogon server type flags:\n"); + printf("Printing out netlogon server type flags: %s\n", dest); ZERO_STRUCT(search); search.in.dest_address = dest; @@ -251,7 +263,7 @@ static bool test_cldap_netlogon_flags(struct torture_context *tctx, search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); n1 = search.out.netlogon; @@ -348,10 +360,12 @@ static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx, struct cldap_netlogon search; uint32_t server_type; struct netlogon_samlogon_response n1; + struct smb_iconv_convenience *iconv_convenience = lp_iconv_convenience(tctx->lp_ctx); bool result = true; - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap); + CHECK_STATUS(status, NT_STATUS_OK); printf("Testing netlogon server type flag NBT_SERVER_DS_DNS_FOREST: "); @@ -362,7 +376,7 @@ static bool test_cldap_netlogon_flag_ds_dns_forest(struct torture_context *tctx, search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - status = cldap_netlogon(cldap, tctx, &search); + status = cldap_netlogon(cldap, iconv_convenience, tctx, &search); CHECK_STATUS(status, NT_STATUS_OK); n1 = search.out.netlogon; @@ -423,7 +437,8 @@ static bool test_cldap_generic(struct torture_context *tctx, const char *dest) const char *attrs2[] = { "currentTime", "highestCommittedUSN", "netlogon", NULL }; const char *attrs3[] = { "netlogon", NULL }; - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(tctx, NULL, NULL, NULL, &cldap); + CHECK_STATUS(status, NT_STATUS_OK); ZERO_STRUCT(search); search.in.dest_address = dest; diff --git a/source4/torture/ldap/cldapbench.c b/source4/torture/ldap/cldapbench.c index ae2cb808360..a422732b039 100644 --- a/source4/torture/ldap/cldapbench.c +++ b/source4/torture/ldap/cldapbench.c @@ -20,24 +20,28 @@ */ #include "includes.h" -#include "lib/events/events.h" +#include <tevent.h> #include "libcli/cldap/cldap.h" #include "libcli/resolve/resolve.h" #include "torture/torture.h" #include "param/param.h" struct bench_state { + struct torture_context *tctx; int pass_count, fail_count; }; -static void request_netlogon_handler(struct cldap_request *req) +static void request_netlogon_handler(struct tevent_req *req) { struct cldap_netlogon io; - struct bench_state *state = talloc_get_type(req->async.private_data, struct bench_state); + struct bench_state *state = tevent_req_callback_data(req, struct bench_state); NTSTATUS status; TALLOC_CTX *tmp_ctx = talloc_new(NULL); io.in.version = 6; - status = cldap_netlogon_recv(req, tmp_ctx, &io); + status = cldap_netlogon_recv(req, + lp_iconv_convenience(state->tctx->lp_ctx), + tmp_ctx, &io); + talloc_free(req); if (NT_STATUS_IS_OK(status)) { state->pass_count++; } else { @@ -58,10 +62,13 @@ static bool bench_cldap_netlogon(struct torture_context *tctx, const char *addre int timelimit = torture_setting_int(tctx, "timelimit", 10); struct cldap_netlogon search; struct bench_state *state; + NTSTATUS status; - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(tctx, tctx->ev, NULL, NULL, &cldap); + torture_assert_ntstatus_ok(tctx, status, "cldap_socket_init"); state = talloc_zero(tctx, struct bench_state); + state->tctx = tctx; ZERO_STRUCT(search); search.in.dest_address = address; @@ -72,11 +79,11 @@ static bool bench_cldap_netlogon(struct torture_context *tctx, const char *addre printf("Running CLDAP/netlogon for %d seconds\n", timelimit); while (timeval_elapsed(&tv) < timelimit) { while (num_sent - (state->pass_count+state->fail_count) < 10) { - struct cldap_request *req; - req = cldap_netlogon_send(cldap, &search); + struct tevent_req *req; + req = cldap_netlogon_send(state, cldap, &search); + + tevent_req_set_callback(req, request_netlogon_handler, state); - req->async.private_data = state; - req->async.fn = request_netlogon_handler; num_sent++; if (num_sent % 50 == 0) { if (torture_setting_bool(tctx, "progress", true)) { @@ -88,11 +95,11 @@ static bool bench_cldap_netlogon(struct torture_context *tctx, const char *addre } } - event_loop_once(cldap->event_ctx); + tevent_loop_once(tctx->ev); } while (num_sent != (state->pass_count + state->fail_count)) { - event_loop_once(cldap->event_ctx); + tevent_loop_once(tctx->ev); } printf("%.1f queries per second (%d failures) \n", @@ -103,13 +110,14 @@ static bool bench_cldap_netlogon(struct torture_context *tctx, const char *addre return ret; } -static void request_rootdse_handler(struct cldap_request *req) +static void request_rootdse_handler(struct tevent_req *req) { struct cldap_search io; - struct bench_state *state = talloc_get_type(req->async.private_data, struct bench_state); + struct bench_state *state = tevent_req_callback_data(req, struct bench_state); NTSTATUS status; TALLOC_CTX *tmp_ctx = talloc_new(NULL); status = cldap_search_recv(req, tmp_ctx, &io); + talloc_free(req); if (NT_STATUS_IS_OK(status)) { state->pass_count++; } else { @@ -130,8 +138,10 @@ static bool bench_cldap_rootdse(struct torture_context *tctx, const char *addres int timelimit = torture_setting_int(tctx, "timelimit", 10); struct cldap_search search; struct bench_state *state; + NTSTATUS status; - cldap = cldap_socket_init(tctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(tctx, tctx->ev, NULL, NULL, &cldap); + torture_assert_ntstatus_ok(tctx, status, "cldap_socket_init"); state = talloc_zero(tctx, struct bench_state); @@ -145,11 +155,11 @@ static bool bench_cldap_rootdse(struct torture_context *tctx, const char *addres printf("Running CLDAP/rootdse for %d seconds\n", timelimit); while (timeval_elapsed(&tv) < timelimit) { while (num_sent - (state->pass_count+state->fail_count) < 10) { - struct cldap_request *req; - req = cldap_search_send(cldap, &search); + struct tevent_req *req; + req = cldap_search_send(state, cldap, &search); + + tevent_req_set_callback(req, request_rootdse_handler, state); - req->async.private_data = state; - req->async.fn = request_rootdse_handler; num_sent++; if (num_sent % 50 == 0) { if (torture_setting_bool(tctx, "progress", true)) { diff --git a/source4/torture/rpc/dssync.c b/source4/torture/rpc/dssync.c index 847b32827b8..1aaf914ceb8 100644 --- a/source4/torture/rpc/dssync.c +++ b/source4/torture/rpc/dssync.c @@ -273,7 +273,12 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) struct cldap_socket *cldap; struct cldap_netlogon search; - cldap = cldap_socket_init(ctx, tctx->ev, lp_iconv_convenience(tctx->lp_ctx)); + status = cldap_socket_init(ctx, NULL, NULL, NULL, &cldap); + if (!NT_STATUS_IS_OK(status)) { + printf("failed to setup cldap socket - %s\n", + nt_errstr(status)); + return false; + } r.in.bind_handle = &ctx->admin.drsuapi.bind_handle; r.in.level = 1; @@ -311,7 +316,7 @@ static bool test_GetInfo(struct torture_context *tctx, struct DsSyncTest *ctx) search.in.acct_control = -1; search.in.version = NETLOGON_NT_VERSION_5 | NETLOGON_NT_VERSION_5EX; search.in.map_response = true; - status = cldap_netlogon(cldap, ctx, &search); + status = cldap_netlogon(cldap, lp_iconv_convenience(tctx->lp_ctx), ctx, &search); if (!NT_STATUS_IS_OK(status)) { const char *errstr = nt_errstr(status); ctx->site_name = talloc_asprintf(ctx, "%s", "Default-First-Site-Name"); diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index f8029b246b9..2bdcc3fdaf7 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -1337,13 +1337,15 @@ static bool test_GetPrinterData(struct torture_context *tctx, NTSTATUS status; struct spoolss_GetPrinterData r; uint32_t needed; - enum spoolss_PrinterDataType type; + enum winreg_Type type; + union spoolss_PrinterData data; r.in.handle = handle; r.in.value_name = value_name; r.in.offered = 0; r.out.needed = &needed; r.out.type = &type; + r.out.data = &data; torture_comment(tctx, "Testing GetPrinterData\n"); @@ -1370,7 +1372,7 @@ static bool test_GetPrinterDataEx(struct torture_context *tctx, { NTSTATUS status; struct spoolss_GetPrinterDataEx r; - uint32_t type; + enum winreg_Type type; uint32_t needed; r.in.handle = handle; @@ -1417,16 +1419,15 @@ static bool test_EnumPrinterData(struct torture_context *tctx, struct dcerpc_pip do { uint32_t value_size = 0; uint32_t data_size = 0; - uint32_t printerdata_type = 0; - DATA_BLOB data = data_blob(NULL,0); + enum winreg_Type type = 0; r.in.value_offered = value_size; r.out.value_needed = &value_size; r.in.data_offered = data_size; r.out.data_needed = &data_size; - r.out.printerdata_type = &printerdata_type; - r.out.buffer = &data; + r.out.type = &type; + r.out.data = talloc_zero_array(tctx, uint8_t, 0); torture_comment(tctx, "Testing EnumPrinterData\n"); @@ -1435,7 +1436,9 @@ static bool test_EnumPrinterData(struct torture_context *tctx, struct dcerpc_pip torture_assert_ntstatus_ok(tctx, status, "EnumPrinterData failed"); r.in.value_offered = value_size; + r.out.value_name = talloc_zero_array(tctx, const char, value_size); r.in.data_offered = data_size; + r.out.data = talloc_zero_array(tctx, uint8_t, data_size); status = dcerpc_spoolss_EnumPrinterData(p, tctx, &r); @@ -1460,6 +1463,7 @@ static bool test_EnumPrinterDataEx(struct torture_context *tctx, { NTSTATUS status; struct spoolss_EnumPrinterDataEx r; + struct spoolss_PrinterEnumValues *info; uint32_t needed; uint32_t count; @@ -1468,6 +1472,7 @@ static bool test_EnumPrinterDataEx(struct torture_context *tctx, r.in.offered = 0; r.out.needed = &needed; r.out.count = &count; + r.out.info = &info; torture_comment(tctx, "Testing EnumPrinterDataEx\n"); @@ -1475,7 +1480,6 @@ static bool test_EnumPrinterDataEx(struct torture_context *tctx, torture_assert_ntstatus_ok(tctx, status, "EnumPrinterDataEx failed"); r.in.offered = needed; - r.out.buffer = talloc_array(tctx, uint8_t, needed); status = dcerpc_spoolss_EnumPrinterDataEx(p, tctx, &r); @@ -1515,7 +1519,7 @@ static bool test_SetPrinterData(struct torture_context *tctx, r.in.handle = handle; r.in.value_name = value_name; - r.in.type = SPOOLSS_PRINTER_DATA_TYPE_STRING; + r.in.type = REG_SZ; r.in.data.string = "dog"; torture_comment(tctx, "Testing SetPrinterData\n"); diff --git a/source4/torture/rpc/spoolss_notify.c b/source4/torture/rpc/spoolss_notify.c index 048f255ffc8..b7f2d3c4101 100644 --- a/source4/torture/rpc/spoolss_notify.c +++ b/source4/torture/rpc/spoolss_notify.c @@ -252,15 +252,15 @@ static bool test_RFFPCNEx(struct torture_context *tctx, t1.flags = 0; t1.count = 2; t1.types = talloc_zero_array(tctx, struct spoolss_NotifyOptionType, 2); - t1.types[0].type = SPOOLSS_NOTIFY_PRINTER; + t1.types[0].type = PRINTER_NOTIFY_TYPE; t1.types[0].count = 1; - t1.types[0].fields = talloc_array(t1.types, enum spoolss_Field, 1); - t1.types[0].fields[0] = SPOOLSS_FIELD_SERVER_NAME; + t1.types[0].fields = talloc_array(t1.types, union spoolss_Field, 1); + t1.types[0].fields[0].field = PRINTER_NOTIFY_FIELD_SERVER_NAME; - t1.types[1].type = SPOOLSS_NOTIFY_JOB; + t1.types[1].type = JOB_NOTIFY_TYPE; t1.types[1].count = 1; - t1.types[1].fields = talloc_array(t1.types, enum spoolss_Field, 1); - t1.types[1].fields[0] = SPOOLSS_FIELD_PRINTER_NAME; + t1.types[1].fields = talloc_array(t1.types, union spoolss_Field, 1); + t1.types[1].fields[0].field = PRINTER_NOTIFY_FIELD_PRINTER_NAME; r.in.notify_options = &t1; r.in.handle = &handle; diff --git a/source4/torture/rpc/spoolss_win.c b/source4/torture/rpc/spoolss_win.c index add06522c61..c50cbfbaee3 100644 --- a/source4/torture/rpc/spoolss_win.c +++ b/source4/torture/rpc/spoolss_win.c @@ -33,7 +33,7 @@ struct test_spoolss_win_context { union spoolss_PrinterInfo *current_info; /* EnumPrinterKeys */ - char *printer_keys; + const char **printer_keys; }; /* This is a convenience function for all OpenPrinterEx calls */ @@ -156,7 +156,8 @@ static bool test_GetPrinterData(struct torture_context *tctx, NTSTATUS status; struct spoolss_GetPrinterData gpd; uint32_t needed; - enum spoolss_PrinterDataType type; + enum winreg_Type type; + union spoolss_PrinterData data; torture_comment(tctx, "Testing GetPrinterData(%s).\n", value_name); gpd.in.handle = handle; @@ -164,6 +165,7 @@ static bool test_GetPrinterData(struct torture_context *tctx, gpd.in.offered = 4; gpd.out.needed = &needed; gpd.out.type = &type; + gpd.out.data = &data; status = dcerpc_spoolss_GetPrinterData(p, tctx, &gpd); torture_assert_ntstatus_ok(tctx, status, "GetPrinterData failed."); @@ -171,7 +173,7 @@ static bool test_GetPrinterData(struct torture_context *tctx, "GetPrinterData did not return expected error value."); if (W_ERROR_IS_OK(expected_werr)) { - torture_assert_int_equal(tctx, gpd.out.data.value, + torture_assert_int_equal(tctx, data.value, expected_value, "GetPrinterData did not return expected value."); } @@ -364,22 +366,22 @@ static bool test_EnumPrinterKey(struct torture_context *tctx, NTSTATUS status; struct spoolss_EnumPrinterKey epk; uint32_t needed = 0; + const char **key_buffer = NULL; torture_comment(tctx, "Testing EnumPrinterKey(%s)\n", key); epk.in.handle = handle; epk.in.key_name = talloc_strdup(tctx, key); - epk.in.key_buffer_size = 0; + epk.in.offered = 0; epk.out.needed = &needed; - epk.out.key_buffer = talloc_array(tctx, uint16_t, 0); + epk.out.key_buffer = &key_buffer; status = dcerpc_spoolss_EnumPrinterKey(p, tctx, &epk); torture_assert_ntstatus_ok(tctx, status, "EnumPrinterKey failed"); if (W_ERROR_EQUAL(epk.out.result, WERR_MORE_DATA)) { - epk.in.key_buffer_size = needed; - epk.out.key_buffer = talloc_array(tctx, uint16_t, needed/2); + epk.in.offered = needed; status = dcerpc_spoolss_EnumPrinterKey(p, tctx, &epk); torture_assert_ntstatus_ok(tctx, status, "EnumPrinterKey failed"); @@ -387,9 +389,7 @@ static bool test_EnumPrinterKey(struct torture_context *tctx, torture_assert_werr_ok(tctx, epk.out.result, "EnumPrinterKey failed"); - convert_string_talloc_convenience(ctx, lp_iconv_convenience(tctx->lp_ctx), CH_UTF16, - CH_UNIX, epk.out.key_buffer, *epk.out.needed, - (void**)&ctx->printer_keys, NULL, false); + ctx->printer_keys = key_buffer; return true; } @@ -403,6 +403,7 @@ static bool test_EnumPrinterDataEx(struct torture_context *tctx, { NTSTATUS status; struct spoolss_EnumPrinterDataEx epde; + struct spoolss_PrinterEnumValues *info; uint32_t needed; uint32_t count; @@ -413,13 +414,12 @@ static bool test_EnumPrinterDataEx(struct torture_context *tctx, epde.in.offered = 0; epde.out.needed = &needed; epde.out.count = &count; - epde.out.buffer = talloc_array(tctx, uint8_t, 0); + epde.out.info = &info; status = dcerpc_spoolss_EnumPrinterDataEx(p, tctx, &epde); torture_assert_ntstatus_ok(tctx, status, "EnumPrinterDataEx failed."); if (W_ERROR_EQUAL(epde.out.result, WERR_MORE_DATA)) { epde.in.offered = needed; - epde.out.buffer = talloc_array(tctx, uint8_t, needed); status = dcerpc_spoolss_EnumPrinterDataEx(p, tctx, &epde); torture_assert_ntstatus_ok(tctx, status, "EnumPrinterDataEx failed."); @@ -456,7 +456,7 @@ static bool test_WinXP(struct torture_context *tctx, struct dcerpc_pipe *p) * code, the unused_handle structures are used for that. */ struct policy_handle unused_handle1, unused_handle2; char *server_name; - char *key_pointer; + uint32_t i; ntvfs_init(tctx->lp_ctx); @@ -531,24 +531,15 @@ static bool test_WinXP(struct torture_context *tctx, struct dcerpc_pipe *p) ret &= test_EnumForms(tctx, p, &handle03, 0); ret &= test_EnumPrinterKey(tctx, p, &handle03, "", ctx); - key_pointer = ctx->printer_keys; - while(*key_pointer != '\0') { - char *end_pointer; - char *key_name; - - for(end_pointer = key_pointer; *end_pointer != '\0'; - ++end_pointer) { - /* Do nothing, just move the pointer */ - } - key_name = talloc_strndup(tctx, key_pointer, - end_pointer - key_pointer); - - ret &= test_EnumPrinterKey(tctx, p, &handle03, key_name, - tmp_ctx); - ret &= test_EnumPrinterDataEx(tctx, p, &handle03, key_name, 0, - WERR_OK); - - key_pointer = ++end_pointer; + + for (i=0; ctx->printer_keys[i] != NULL; i++) { + + ret &= test_EnumPrinterKey(tctx, p, &handle03, + ctx->printer_keys[i], + tmp_ctx); + ret &= test_EnumPrinterDataEx(tctx, p, &handle03, + ctx->printer_keys[i], 0, + WERR_OK); } ret &= test_EnumPrinterDataEx(tctx, p, &handle03, "", 0, diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c index 6d898a128cf..febfbe03ec4 100644 --- a/source4/torture/smb2/create.c +++ b/source4/torture/smb2/create.c @@ -43,6 +43,8 @@ return false; \ }} while (0) +#define TARGET_IS_WIN7(_tctx) (torture_setting_bool(_tctx, "win7", false)) + /* test some interesting combinations found by gentest */ @@ -160,7 +162,11 @@ static bool test_create_gentest(struct torture_context *torture, struct smb2_tre } } - CHECK_EQUAL(access_mask, 0x0df0fe00); + if (TARGET_IS_WIN7(torture)) { + CHECK_EQUAL(access_mask, 0x0de0fe00); + } else { + CHECK_EQUAL(access_mask, 0x0df0fe00); + } io.in.create_disposition = NTCREATEX_DISP_OPEN_IF; io.in.desired_access = SEC_FLAG_MAXIMUM_ALLOWED; diff --git a/source4/torture/smb2/lock.c b/source4/torture/smb2/lock.c index d820983022b..5f0293c6810 100644 --- a/source4/torture/smb2/lock.c +++ b/source4/torture/smb2/lock.c @@ -28,6 +28,9 @@ #include "librpc/gen_ndr/ndr_security.h" +#define TARGET_IS_WINDOWS(_tctx) (torture_setting_bool(_tctx, "win7", false) || torture_setting_bool(torture, "windows", false)) +#define TARGET_IS_WIN7(_tctx) (torture_setting_bool(_tctx, "win7", false)) + #define CHECK_STATUS(status, correct) do { \ if (!NT_STATUS_EQUAL(status, correct)) { \ printf("(%s) Incorrect status %s - should be %s\n", \ @@ -97,16 +100,26 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree el[0].reserved = 0x00000000; el[0].flags = SMB2_LOCK_FLAG_EXCLUSIVE|SMB2_LOCK_FLAG_FAIL_IMMEDIATELY; status = smb2_lock(tree, &lck); - CHECK_STATUS(status, NT_STATUS_OK); + if (TARGET_IS_WIN7(torture)) { + CHECK_STATUS(status, NT_STATUS_WIN7_INVALID_RANGE); + } else { + CHECK_STATUS(status, NT_STATUS_OK); + } CHECK_VALUE(lck.out.reserved, 0); lck.in.reserved = 0x123ab2; status = smb2_lock(tree, &lck); - CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); + if (TARGET_IS_WIN7(torture)) { + CHECK_STATUS(status, NT_STATUS_WIN7_INVALID_RANGE); + } else { + CHECK_STATUS(status, NT_STATUS_OK); + } lck.in.reserved = 0x123ab3; status = smb2_lock(tree, &lck); - if (torture_setting_bool(torture, "windows", false)) { + if (TARGET_IS_WIN7(torture)) { + CHECK_STATUS(status, NT_STATUS_WIN7_INVALID_RANGE); + } else if (TARGET_IS_WINDOWS(torture)) { CHECK_STATUS(status, NT_STATUS_OK); } else { CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); @@ -115,11 +128,17 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree lck.in.reserved = 0x123ab4; status = smb2_lock(tree, &lck); - CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); + if (TARGET_IS_WIN7(torture)) { + CHECK_STATUS(status, NT_STATUS_WIN7_INVALID_RANGE); + } else { + CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); + } lck.in.reserved = 0x123ab5; status = smb2_lock(tree, &lck); - if (torture_setting_bool(torture, "windows", false)) { + if (TARGET_IS_WIN7(torture)) { + CHECK_STATUS(status, NT_STATUS_WIN7_INVALID_RANGE); + } else if (TARGET_IS_WINDOWS(torture)) { CHECK_STATUS(status, NT_STATUS_OK); } else { CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); @@ -141,7 +160,7 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); status = smb2_lock(tree, &lck); - if (torture_setting_bool(torture, "windows", false)) { + if (TARGET_IS_WINDOWS(torture)) { CHECK_STATUS(status, NT_STATUS_OK); } else { CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); @@ -152,7 +171,7 @@ static bool test_valid_request(struct torture_context *torture, struct smb2_tree CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); status = smb2_lock(tree, &lck); - if (torture_setting_bool(torture, "windows", false)) { + if (TARGET_IS_WINDOWS(torture)) { CHECK_STATUS(status, NT_STATUS_OK); } else { CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); @@ -481,7 +500,6 @@ static bool test_lock_rw_exclusiv(struct torture_context *torture, struct smb2_t return test_lock_read_write(torture, tree, &s); } - static bool test_lock_auto_unlock(struct torture_context *torture, struct smb2_tree *tree) { bool ret = true; @@ -513,13 +531,14 @@ static bool test_lock_auto_unlock(struct torture_context *torture, struct smb2_t CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); status = smb2_lock(tree, &lck); - if (torture_setting_bool(torture, "windows", false)) { + if (TARGET_IS_WINDOWS(torture)) { CHECK_STATUS(status, NT_STATUS_OK); } else { CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); } - + status = smb2_lock(tree, &lck); + CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED); done: return ret; |