diff options
| -rw-r--r-- | packaging/Mandrake/samba-3.0-smbmount-sbin.patch | 11 | ||||
| -rw-r--r-- | source/libsmb/trustdom_cache.c | 215 | ||||
| -rw-r--r-- | source/passdb/privileges.c | 341 |
3 files changed, 0 insertions, 567 deletions
diff --git a/packaging/Mandrake/samba-3.0-smbmount-sbin.patch b/packaging/Mandrake/samba-3.0-smbmount-sbin.patch deleted file mode 100644 index 586fb3cff9c..00000000000 --- a/packaging/Mandrake/samba-3.0-smbmount-sbin.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- samba-3.0alpha1/source/client/smbmount.c.orig Fri Nov 30 02:29:22 2001 -+++ samba-3.0alpha1/source/client/smbmount.c Thu Dec 6 00:48:57 2001 -@@ -468,7 +468,7 @@ - if (sys_fork() == 0) { - char *smbmnt_path; - -- asprintf(&smbmnt_path, "%s/smbmnt", dyn_BINDIR); -+ asprintf(&smbmnt_path, "%s/smbmnt", dyn_SBINDIR); - - if (file_exist(smbmnt_path, NULL)) { - execv(smbmnt_path, args); diff --git a/source/libsmb/trustdom_cache.c b/source/libsmb/trustdom_cache.c deleted file mode 100644 index cddbb2daa61..00000000000 --- a/source/libsmb/trustdom_cache.c +++ /dev/null @@ -1,215 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Trusted domain names cache on top of gencache. - - Copyright (C) Rafal Szczesniak 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_ALL /* there's no proper class yet */ - -#define TDOMKEY_FMT "TDOM/%s" - - -/** - * @file trustdom_cache.c - * - * Implementation of trusted domain names cache useful when - * samba acts as domain member server. In such case, caching - * domain names currently trusted gives a performance gain - * because there's no need to query PDC each time we need - * list of trusted domains - **/ - - -/** - * Initialise trustdom name caching system. Call gencache - * initialisation routine to perform necessary activities. - * - * @return true upon successful cache initialisation or - * false if cache init failed - **/ - -BOOL trustdom_cache_enable(void) -{ - /* Init trustdom cache by calling gencache initialisation */ - if (!gencache_init()) { - DEBUG(2, ("trustdomcache_enable: Couldn't initialise trustdom cache on top of gencache.\n")); - return False; - } - - return True; -} - - -/** - * Shutdown trustdom name caching system. Calls gencache - * shutdown function. - * - * @return true upon successful cache close or - * false if it failed - **/ - -BOOL trustdom_cache_shutdown(void) -{ - /* Close trustdom cache by calling gencache shutdown */ - if (!gencache_shutdown()) { - DEBUG(2, ("trustdomcache_shutdown: Couldn't shutdown trustdom cache on top of gencache.\n")); - return False; - } - - return True; -} - - -/** - * Form up trustdom name key. It is based only - * on domain name now. - * - * @param name trusted domain name - * @return cache key for use in gencache mechanism - **/ - -static char* trustdom_cache_key(const char* name) -{ - char* keystr; - asprintf(&keystr, TDOMKEY_FMT, strupper_static(name)); - - return keystr; -} - - -/** - * Store trusted domain in gencache as the domain name (key) - * and ip address of domain controller (value) - * - * @param name trusted domain name - * @param alt_name alternative trusted domain name (used in ADS domains) - * @param sid trusted domain's SID - * @param timeout cache entry expiration time - * @return true upon successful value storing or - * false if store attempt failed - **/ - -BOOL trustdom_cache_store(char* name, char* alt_name, const DOM_SID *sid, - time_t timeout) -{ - char *key, *alt_key; - fstring sid_string; - - /* - * we use gecache call to avoid annoying debug messages - * about initialised trustdom - */ - if (!gencache_init()) return False; - - DEBUG(5, ("trustdom_store: storing SID %s of domain %s\n", - sid_string_static(sid), name)); - - key = trustdom_cache_key(name); - alt_key = alt_name ? trustdom_cache_key(alt_name) : NULL; - - /* Generate string representation domain SID */ - sid_to_string(sid_string, sid); - - /* - * try to put the names in the cache - */ - if (alt_key) { - return (gencache_set(alt_key, sid_string, timeout) - && gencache_set(key, sid_string, timeout)); - } - - return gencache_set(key, sid_string, timeout); -} - - -/** - * Fetch trusted domain's dc from the gencache. - * This routine can also be used to check whether given - * domain is currently trusted one. - * - * @param name trusted domain name - * @param sid trusted domain's SID to be returned - * @return true if entry is found or - * false if has expired/doesn't exist - **/ - -BOOL trustdom_cache_fetch(const char* name, DOM_SID* sid) -{ - char *key, *value; - time_t timeout; - - /* init the cache */ - if (!gencache_init()) return False; - - /* exit now if null pointers were passed as they're required further */ - if (!sid) return False; - - /* prepare a key and get the value */ - key = trustdom_cache_key(name); - - if (!gencache_get(key, &value, &timeout)) { - DEBUG(5, ("no entry for trusted domain %s found.\n", name)); - return False; - } else { - DEBUG(5, ("trusted domain %s found (%s)\n", name, value)); - } - - /* convert ip string representation into in_addr structure */ - if(! string_to_sid(sid, value)) { - sid = NULL; - return False; - } - - return True; -} - - -/** - * Delete single trustdom entry. Look at the - * gencache_iterate definition. - * - **/ - -static void flush_trustdom_name(const char* key, const char *value, time_t timeout, void* dptr) -{ - gencache_del(key); - DEBUG(5, ("Deleting entry %s\n", key)); -} - - -/** - * Flush all the trusted domains entries from the cache. - **/ - -void trustdom_cache_flush(void) -{ - if (!gencache_init()) - return; - - /* - * iterate through each TDOM cache's entry and flush it - * by flush_trustdom_name function - */ - gencache_iterate(flush_trustdom_name, NULL, trustdom_cache_key("*")); - DEBUG(5, ("Trusted domains cache flushed\n")); -} - diff --git a/source/passdb/privileges.c b/source/passdb/privileges.c deleted file mode 100644 index 688053674b9..00000000000 --- a/source/passdb/privileges.c +++ /dev/null @@ -1,341 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * - * default privileges backend for passdb - * - * Copyright (C) Andrew Tridgell 2003 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -/* - this is a local implementation of a privileges backend, with - privileges stored in a tdb. Most passdb implementations will - probably use this backend, although some (such as pdb_ldap) will - store the privileges in another manner. - - The basic principle is that the backend should store a list of SIDs - associated with each right, where a right is a string name such as - 'SeTakeOwnershipPrivilege'. The SIDs can be of any type, and do not - need to belong to the local domain. - - The way this is used is that certain places in the code which - require access control will ask the privileges backend 'does this - user have the following privilege'. The 'user' will be a NT_TOKEN, - which is essentially just a list of SIDs. If any of those SIDs are - listed in the list of SIDs for that privilege then the answer will - be 'yes'. That will usually mean that the user gets unconditional - access to that functionality, regradless of any ACLs. In this way - privileges act in a similar fashion to unix setuid bits. -*/ - -/* - The terms 'right' and 'privilege' are used interchangably in this - file. This follows MSDN convention where the LSA calls are calls on - 'rights', which really means privileges. My apologies for the - confusion. -*/ - - -/* 15 seconds seems like an ample time for timeouts on the privileges db */ -#define LOCK_TIMEOUT 15 - - -/* the tdb handle for the privileges database */ -static TDB_CONTEXT *tdb; - - -/* initialise the privilege database */ -BOOL privilege_init(void) -{ - tdb = tdb_open_log(lock_path("privilege.tdb"), 0, TDB_DEFAULT, - O_RDWR|O_CREAT, 0600); - if (!tdb) { - DEBUG(0,("Failed to open privilege database\n")); - return False; - } - - return True; -} - -/* - lock the record for a particular privilege (write lock) -*/ -static NTSTATUS privilege_lock_right(const char *right) -{ - if (tdb_lock_bystring(tdb, right, LOCK_TIMEOUT) != 0) { - return NT_STATUS_INTERNAL_ERROR; - } - return NT_STATUS_OK; -} - -/* - unlock the record for a particular privilege (write lock) -*/ -static void privilege_unlock_right(const char *right) -{ - tdb_unlock_bystring(tdb, right); -} - - -/* - return a list of SIDs that have a particular right -*/ -NTSTATUS privilege_enum_account_with_right(const char *right, - uint32 *count, - DOM_SID **sids) -{ - TDB_DATA data; - char *p; - int i; - - if (!tdb) { - return NT_STATUS_INTERNAL_ERROR; - } - - data = tdb_fetch_by_string(tdb, right); - if (!data.dptr) { - *count = 0; - *sids = NULL; - return NT_STATUS_OK; - } - - /* count them */ - for (i=0, p=data.dptr; p<data.dptr+data.dsize; i++) { - p += strlen(p) + 1; - } - *count = i; - - /* allocate and parse */ - *sids = malloc(sizeof(DOM_SID) * *count); - if (! *sids) { - return NT_STATUS_NO_MEMORY; - } - for (i=0, p=data.dptr; p<data.dptr+data.dsize; i++) { - if (!string_to_sid(&(*sids)[i], p)) { - free(data.dptr); - return NT_STATUS_INTERNAL_DB_CORRUPTION; - } - p += strlen(p) + 1; - } - - free(data.dptr); - - return NT_STATUS_OK; -} - -/* - set what accounts have a given right - this is an internal interface -*/ -static NTSTATUS privilege_set_accounts_with_right(const char *right, - uint32 count, - DOM_SID *sids) -{ - TDB_DATA data; - char *p; - int i; - - if (!tdb) { - return NT_STATUS_INTERNAL_ERROR; - } - - /* allocate the maximum size that we might use */ - data.dptr = malloc(count * ((MAXSUBAUTHS*11) + 30)); - if (!data.dptr) { - return NT_STATUS_NO_MEMORY; - } - - p = data.dptr; - - for (i=0;i<count;i++) { - sid_to_string(p, &sids[i]); - p += strlen(p) + 1; - } - - data.dsize = PTR_DIFF(p, data.dptr); - - if (tdb_store_by_string(tdb, right, data, TDB_REPLACE) != 0) { - free(data.dptr); - return NT_STATUS_INTERNAL_ERROR; - } - - free(data.dptr); - return NT_STATUS_OK; -} - - -/* - add a SID to the list of SIDs for a right -*/ -NTSTATUS privilege_add_account_right(const char *right, - DOM_SID *sid) -{ - NTSTATUS status; - DOM_SID *current_sids; - uint32 current_count; - int i; - - status = privilege_lock_right(right); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = privilege_enum_account_with_right(right, ¤t_count, ¤t_sids); - if (!NT_STATUS_IS_OK(status)) { - privilege_unlock_right(right); - return status; - } - - /* maybe that SID is already listed? this is not an error */ - for (i=0;i<current_count;i++) { - if (sid_equal(¤t_sids[i], sid)) { - privilege_unlock_right(right); - free(current_sids); - return NT_STATUS_OK; - } - } - - /* add it in */ - current_sids = Realloc(current_sids, sizeof(current_sids[0]) * (current_count+1)); - if (!current_sids) { - privilege_unlock_right(right); - return NT_STATUS_NO_MEMORY; - } - - sid_copy(¤t_sids[current_count], sid); - current_count++; - - status = privilege_set_accounts_with_right(right, current_count, current_sids); - - free(current_sids); - privilege_unlock_right(right); - - return status; -} - - -/* - remove a SID from the list of SIDs for a right -*/ -NTSTATUS privilege_remove_account_right(const char *right, - DOM_SID *sid) -{ - NTSTATUS status; - DOM_SID *current_sids; - uint32 current_count; - int i; - - status = privilege_lock_right(right); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - status = privilege_enum_account_with_right(right, ¤t_count, ¤t_sids); - if (!NT_STATUS_IS_OK(status)) { - privilege_unlock_right(right); - return status; - } - - for (i=0;i<current_count;i++) { - if (sid_equal(¤t_sids[i], sid)) { - /* found it - so remove it */ - if (current_count-i > 1) { - memmove(¤t_sids[i], ¤t_sids[i+1], - sizeof(current_sids[0]) * ((current_count-i)-1)); - } - current_count--; - status = privilege_set_accounts_with_right(right, - current_count, - current_sids); - free(current_sids); - privilege_unlock_right(right); - return status; - } - } - - /* removing a right that you don't have is not an error */ - - safe_free(current_sids); - privilege_unlock_right(right); - return NT_STATUS_OK; -} - - -/* - an internal function for checking if a SID has a right -*/ -static BOOL privilege_sid_has_right(DOM_SID *sid, const char *right) -{ - NTSTATUS status; - uint32 count; - DOM_SID *sids; - int i; - - status = privilege_enum_account_with_right(right, &count, &sids); - if (!NT_STATUS_IS_OK(status)) { - return False; - } - for (i=0;i<count;i++) { - if (sid_equal(sid, &sids[i])) { - free(sids); - return True; - } - } - - safe_free(sids); - return False; -} - -/* - list the rights for an account. This involves traversing the database -*/ -NTSTATUS privilege_enum_account_rights(DOM_SID *sid, - uint32 *count, - char ***rights) -{ - TDB_DATA key, nextkey; - char *right; - - if (!tdb) { - return NT_STATUS_INTERNAL_ERROR; - } - - *rights = NULL; - *count = 0; - - for (key = tdb_firstkey(tdb); key.dptr; key = nextkey) { - nextkey = tdb_nextkey(tdb, key); - - right = key.dptr; - - if (privilege_sid_has_right(sid, right)) { - (*rights) = (char **)Realloc(*rights,sizeof(char *) * ((*count)+1)); - if (! *rights) { - safe_free(nextkey.dptr); - free(key.dptr); - return NT_STATUS_NO_MEMORY; - } - - (*rights)[*count] = strdup(right); - (*count)++; - } - - free(key.dptr); - } - - return NT_STATUS_OK; -} |