diff options
Diffstat (limited to 'source')
120 files changed, 1746 insertions, 14959 deletions
diff --git a/source/Makefile.in b/source/Makefile.in index 145905332ad..0c096217698 100644 --- a/source/Makefile.in +++ b/source/Makefile.in @@ -65,7 +65,6 @@ RPCLIBDIR = $(LIBDIR)/rpc IDMAPLIBDIR = $(LIBDIR)/idmap CHARSETLIBDIR = $(LIBDIR)/charset AUTHLIBDIR = $(LIBDIR)/auth -CONFIGLIBDIR = $(LIBDIR)/config CONFIGDIR = @configdir@ VARDIR = @localstatedir@ MANDIR = @mandir@ @@ -155,8 +154,7 @@ RPC_MODULES = @RPC_MODULES@ IDMAP_MODULES = @IDMAP_MODULES@ CHARSET_MODULES = @CHARSET_MODULES@ AUTH_MODULES = @AUTH_MODULES@ -CONFIG_MODULES = @CONFIG_MODULES@ -MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) $(CONFIG_MODULES) +MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) ###################################################################### # object file lists @@ -165,7 +163,7 @@ MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSE TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o -SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@ +SMBLDAP_OBJ = @SMBLDAP@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/getsmbpass.o lib/interface.o lib/md4.o \ @@ -186,8 +184,7 @@ LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \ lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \ lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \ - lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \ - lib/genparser.o lib/genparser_samba.o + lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o @@ -202,7 +199,7 @@ POPT_LIB_OBJ = lib/popt_common.o UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o -PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o param/modconf.o +PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o @@ -240,7 +237,7 @@ LIBMSRPC_OBJ = rpc_client/cli_lsarpc.o rpc_client/cli_samr.o \ rpc_client/cli_reg.o rpc_client/cli_pipe.o \ rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \ rpc_client/cli_ds.o rpc_client/cli_echo.o \ - rpc_client/cli_shutdown.o rpc_client/cli_epmapper.o + rpc_client/cli_shutdown.o REGOBJS_OBJ = registry/reg_objects.o REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \ @@ -269,8 +266,6 @@ RPC_PIPE_OBJ = rpc_server/srv_pipe_hnd.o rpc_server/srv_util.o \ RPC_ECHO_OBJ = rpc_server/srv_echo.o rpc_server/srv_echo_nt.o -RPC_EPMAPPER_OBJ = rpc_server/srv_epmapper.o rpc_server/srv_epmapper_nt.o - RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ) # this includes only the low level parse code, not stuff @@ -284,15 +279,13 @@ RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ rpc_parse/parse_wks.o rpc_parse/parse_ds.o \ rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \ rpc_parse/parse_echo.o rpc_parse/parse_shutdown.o \ - rpc_parse/parse_epmapper.o $(REGOBJS_OBJ) + $(REGOBJS_OBJ) RPC_CLIENT_OBJ = rpc_client/cli_pipe.o LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o smbd/tdbutil.o -GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o @GUMS_STATIC@ - PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \ @@ -348,8 +341,6 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/auth_compat.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o -CONFIG_LDAP_OBJ = param/config_ldap.o - SMBD_OBJ_MAIN = smbd/server.o BUILDOPT_OBJ = smbd/build_options.o @@ -452,9 +443,9 @@ SMBPASSWD_OBJ = utils/smbpasswd.o libsmb/passchange.o $(PARAM_OBJ) $(SECRETS_OBJ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ $(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) lib/dummyroot.o -PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) \ +PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \ $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \ - $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(KRBCLIENT_OBJ) $(RPC_PARSE_OBJ) lib/dummyroot.o + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) lib/dummyroot.o SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) $(SECRETS_OBJ) @@ -463,8 +454,7 @@ RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ rpcclient/display_sec.o rpcclient/cmd_ds.o \ - rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o \ - rpcclient/cmd_epmapper.o + rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \ @@ -517,7 +507,7 @@ NET_OBJ1 = utils/net.o utils/net_ads.o utils/net_ads_cldap.o utils/net_help.o \ utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \ utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \ utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \ - utils/net_status.o utils/net_privileges.o + utils/net_status.o NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \ $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \ @@ -603,10 +593,9 @@ PROTO_OBJ = $(SMBD_OBJ_MAIN) \ $(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \ $(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \ $(LIB_SMBD_OBJ) $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \ - $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \ - $(RPC_LSA_DS_OBJ) $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) \ - $(RPC_SPOOLSS_OBJ) $(RPC_ECHO_OBJ) $(RPC_EPMAPPER_OBJ) \ - $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o + $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \ + $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \ + $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \ $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) @@ -638,7 +627,6 @@ WINBINDD_OBJ1 = \ nsswitch/winbindd_wins.o \ nsswitch/winbindd_rpc.o \ nsswitch/winbindd_ads.o \ - nsswitch/winbindd_passdb.o \ nsswitch/winbindd_dual.o \ nsswitch/winbindd_acct.o @@ -880,7 +868,7 @@ bin/smbpasswd@EXEEXT@: $(SMBPASSWD_OBJ) bin/.dummy bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ - @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) $(KRB5LIBS) + @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) bin/smbget@EXEEXT@: $(SMBGET_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @@ -1043,11 +1031,6 @@ bin/librpc_echo.@SHLIBEXT@: $(RPC_ECHO_OBJ) @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_ECHO_OBJ) -lc \ @SONAMEFLAG@`basename $@` -bin/librpc_epmapper.@SHLIBEXT@: $(RPC_EPMAPPER_OBJ) - @echo "Linking $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_EPMAPPER_OBJ) -lc \ - @SONAMEFLAG@`basename $@` - bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy @echo "Linking $@" @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS) @@ -1194,11 +1177,6 @@ bin/expand_msdfs.@SHLIBEXT@: $(VFS_EXPAND_MSDFS_OBJ:.o=.@PICSUFFIX@) @$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_EXPAND_MSDFS_OBJ:.o=.@PICSUFFIX@) \ @SONAMEFLAG@`basename $@` -bin/config_ldap.@SHLIBEXT@: $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) - @echo "Building plugin $@" - @$(SHLD) $(LDSHFLAGS) -o $@ $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) \ - @SMBLDAP@ @LDAP_LIBS@ @SONAMEFLAG@`basename $@` - bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy @echo Linking $@ @$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@ -lcrypto @@ -1434,15 +1412,6 @@ utils/net_proto.h: -h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \ $(NET_OBJ1) -include/tdbsam2_parse_info.h: - @if test -n "$(PERL)"; then \ - cd $(srcdir) && @PERL@ -w script/genstruct.pl \ - -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \ - include/gums.h; \ - else \ - echo Unable to build $@, continuing; \ - fi - # "make headers" or "make proto" calls a subshell because we need to # make sure these commands are executed in sequence even for a # parallel make. @@ -1455,12 +1424,7 @@ headers: $(MAKE) nsswitch/winbindd_proto.h; \ $(MAKE) web/swat_proto.h; \ $(MAKE) client/client_proto.h; \ - $(MAKE) utils/net_proto.h; - -prebuiltheaders: - $(MAKE) include/tdbsam2_parse_info.h - -genparse: prebuiltheaders + $(MAKE) utils/net_proto.h proto: headers diff --git a/source/VERSION b/source/VERSION index d7f386ab42b..00ec36133b0 100644 --- a/source/VERSION +++ b/source/VERSION @@ -18,8 +18,8 @@ # -> "3.0.0" # ######################################################## SAMBA_VERSION_MAJOR=3 -SAMBA_VERSION_MINOR=1 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_MINOR=0 +SAMBA_VERSION_RELEASE=3 ######################################################## # If a official release has a serious bug # @@ -41,7 +41,7 @@ SAMBA_VERSION_REVISION= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # ######################################################## -SAMBA_VERSION_PRE_RELEASE= +SAMBA_VERSION_PRE_RELEASE=2 ######################################################## # For 'rc' releases the version will be # @@ -71,7 +71,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_ALPHA_RELEASE=1 # # -> "4.0.0alpha1" # ######################################################## -SAMBA_VERSION_ALPHA_RELEASE=1 +SAMBA_VERSION_ALPHA_RELEASE= ######################################################## # For 'test' releases the version will be # diff --git a/source/auth/auth_ntlmssp.c b/source/auth/auth_ntlmssp.c index a5ce101e5e7..498a7b1a39a 100644 --- a/source/auth/auth_ntlmssp.c +++ b/source/auth/auth_ntlmssp.c @@ -78,21 +78,9 @@ static NTSTATUS auth_ntlmssp_set_challenge(struct ntlmssp_state *ntlmssp_state, static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *nt_session_key, DATA_BLOB *lm_session_key) { AUTH_NTLMSSP_STATE *auth_ntlmssp_state = ntlmssp_state->auth_context; - uint32 auth_flags = AUTH_FLAG_NONE; auth_usersupplied_info *user_info = NULL; - DATA_BLOB plaintext_password = data_blob(NULL, 0); NTSTATUS nt_status; - if (auth_ntlmssp_state->ntlmssp_state->lm_resp.length) { - auth_flags |= AUTH_FLAG_LM_RESP; - } - - if (auth_ntlmssp_state->ntlmssp_state->nt_resp.length == 24) { - auth_flags |= AUTH_FLAG_NTLM_RESP; - } else if (auth_ntlmssp_state->ntlmssp_state->nt_resp.length > 24) { - auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } - /* the client has given us its machine name (which we otherwise would not get on port 445). we need to possibly reload smb.conf if smb.conf includes depend on the machine name */ @@ -108,10 +96,10 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state, auth_ntlmssp_state->ntlmssp_state->user, auth_ntlmssp_state->ntlmssp_state->domain, auth_ntlmssp_state->ntlmssp_state->workstation, - auth_ntlmssp_state->ntlmssp_state->lm_resp, - auth_ntlmssp_state->ntlmssp_state->nt_resp, - plaintext_password, - auth_flags, True); + auth_ntlmssp_state->ntlmssp_state->lm_resp.data ? &auth_ntlmssp_state->ntlmssp_state->lm_resp : NULL, + auth_ntlmssp_state->ntlmssp_state->nt_resp.data ? &auth_ntlmssp_state->ntlmssp_state->nt_resp : NULL, + NULL, NULL, NULL, + True); if (!NT_STATUS_IS_OK(nt_status)) { return nt_status; diff --git a/source/auth/auth_sam.c b/source/auth/auth_sam.c index b35cc78d6b2..5efc51b21ae 100644 --- a/source/auth/auth_sam.c +++ b/source/auth/auth_sam.c @@ -57,7 +57,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context, nt_pw = pdb_get_nt_passwd(sampass); return ntlm_password_check(mem_ctx, &auth_context->challenge, - &user_info->lm_resp, &user_info->nt_resp, + &user_info->lm_resp, &user_info->nt_resp, + &user_info->lm_interactive_pwd, &user_info->nt_interactive_pwd, username, user_info->smb_name.str, user_info->client_domain.str, diff --git a/source/auth/auth_util.c b/source/auth/auth_util.c index a823991bcad..9df58739837 100644 --- a/source/auth/auth_util.c +++ b/source/auth/auth_util.c @@ -124,9 +124,10 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, const char *client_domain, const char *domain, const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 auth_flags, BOOL encrypted) + DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd, + DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd, + DATA_BLOB *plaintext, + BOOL encrypted) { DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); @@ -183,12 +184,19 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info, DEBUG(5,("making blobs for %s's user_info struct\n", internal_username)); - (*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length); - (*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length); - (*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length); + if (lm_pwd) + (*user_info)->lm_resp = data_blob(lm_pwd->data, lm_pwd->length); + if (nt_pwd) + (*user_info)->nt_resp = data_blob(nt_pwd->data, nt_pwd->length); + if (lm_interactive_pwd) + (*user_info)->lm_interactive_pwd = data_blob(lm_interactive_pwd->data, lm_interactive_pwd->length); + if (nt_interactive_pwd) + (*user_info)->nt_interactive_pwd = data_blob(nt_interactive_pwd->data, nt_interactive_pwd->length); + + if (plaintext) + (*user_info)->plaintext_password = data_blob(plaintext->data, plaintext->length); (*user_info)->encrypted = encrypted; - (*user_info)->auth_flags = auth_flags; DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name)); @@ -203,9 +211,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, const char *smb_name, const char *client_domain, const char *wksta_name, - DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, - DATA_BLOB plaintext, - uint32 ntlmssp_flags, BOOL encrypted) + DATA_BLOB *lm_pwd, DATA_BLOB *nt_pwd, + DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd, + DATA_BLOB *plaintext, + BOOL encrypted) { const char *domain; fstring internal_username; @@ -233,8 +242,10 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info, /* we know that it is a trusted domain (and we are allowing them) or it is our domain */ return make_user_info(user_info, smb_name, internal_username, - client_domain, domain, wksta_name, lm_pwd, nt_pwd, - plaintext, ntlmssp_flags, encrypted); + client_domain, domain, wksta_name, + lm_pwd, nt_pwd, + lm_interactive_pwd, nt_interactive_pwd, + plaintext, encrypted); } /**************************************************************************** @@ -253,23 +264,14 @@ BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, NTSTATUS nt_status; DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len); DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 auth_flags = AUTH_FLAG_NONE; - - if (lm_pwd_len) - auth_flags |= AUTH_FLAG_LM_RESP; - if (nt_pwd_len == 24) { - auth_flags |= AUTH_FLAG_NTLM_RESP; - } else if (nt_pwd_len != 0) { - auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } nt_status = make_user_info_map(user_info, - smb_name, client_domain, - wksta_name, - lm_blob, nt_blob, - plaintext_blob, - auth_flags, True); + smb_name, client_domain, + wksta_name, + lm_pwd_len ? &lm_blob : NULL, + nt_pwd_len ? &nt_blob : NULL, + NULL, NULL, NULL, + True); ret = NT_STATUS_IS_OK(nt_status) ? True : False; @@ -297,7 +299,6 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, unsigned char local_lm_response[24]; unsigned char local_nt_response[24]; unsigned char key[16]; - uint32 auth_flags = AUTH_FLAG_NONE; ZERO_STRUCT(key); memcpy(key, dc_sess_key, 8); @@ -316,8 +317,11 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); - SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); + if (lm_interactive_pwd) + SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); + + if (nt_interactive_pwd) + SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); #ifdef DEBUG_PASSWORD DEBUG(100,("decrypt of lm owf password:")); @@ -327,37 +331,51 @@ BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, dump_data(100, nt_pwd, sizeof(nt_pwd)); #endif - SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response); - SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response); + if (lm_interactive_pwd) + SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response); + + if (nt_interactive_pwd) + SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response); /* Password info paranoia */ - ZERO_STRUCT(lm_pwd); - ZERO_STRUCT(nt_pwd); ZERO_STRUCT(key); { BOOL ret; NTSTATUS nt_status; - DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); - DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); + DATA_BLOB local_lm_blob; + DATA_BLOB local_nt_blob; - if (lm_interactive_pwd) - auth_flags |= AUTH_FLAG_LM_RESP; - if (nt_interactive_pwd) - auth_flags |= AUTH_FLAG_NTLM_RESP; + DATA_BLOB lm_interactive_blob; + DATA_BLOB nt_interactive_blob; + + if (lm_interactive_pwd) { + local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); + lm_interactive_blob = data_blob(lm_pwd, sizeof(lm_pwd)); + ZERO_STRUCT(lm_pwd); + } + + if (nt_interactive_pwd) { + local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); + nt_interactive_blob = data_blob(nt_pwd, sizeof(nt_pwd)); + ZERO_STRUCT(nt_pwd); + } nt_status = make_user_info_map(user_info, smb_name, client_domain, wksta_name, - local_lm_blob, - local_nt_blob, - plaintext_blob, - auth_flags, True); - + lm_interactive_pwd ? &local_lm_blob : NULL, + nt_interactive_pwd ? &local_nt_blob : NULL, + lm_interactive_pwd ? &lm_interactive_blob : NULL, + nt_interactive_pwd ? &nt_interactive_blob : NULL, + NULL, + True); + ret = NT_STATUS_IS_OK(nt_status) ? True : False; data_blob_free(&local_lm_blob); data_blob_free(&local_nt_blob); + data_blob_free(&lm_interactive_blob); + data_blob_free(&nt_interactive_blob); return ret; } } @@ -377,7 +395,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, DATA_BLOB local_lm_blob; DATA_BLOB local_nt_blob; NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - uint32 auth_flags = AUTH_FLAG_NONE; /* * Not encrypted - do so. @@ -400,7 +417,6 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, case insensitive */ local_nt_blob = data_blob(NULL, 0); - auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP); } else { local_lm_blob = data_blob(NULL, 0); local_nt_blob = data_blob(NULL, 0); @@ -409,10 +425,11 @@ BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, ret = make_user_info_map(user_info, smb_name, client_domain, get_remote_machine_name(), - local_lm_blob, - local_nt_blob, - plaintext_password, - auth_flags, False); + local_lm_blob.data ? &local_lm_blob : NULL, + local_nt_blob.data ? &local_nt_blob : NULL, + NULL, NULL, + plaintext_password.data ? &plaintext_password : NULL, + False); data_blob_free(&local_lm_blob); return NT_STATUS_IS_OK(ret) ? True : False; @@ -427,27 +444,13 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, const char *client_domain, DATA_BLOB lm_resp, DATA_BLOB nt_resp) { - uint32 auth_flags = AUTH_FLAG_NONE; - - DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); - - if (lm_resp.length == 24) { - auth_flags |= AUTH_FLAG_LM_RESP; - } - if (nt_resp.length == 0) { - } else if (nt_resp.length == 24) { - auth_flags |= AUTH_FLAG_NTLM_RESP; - } else { - auth_flags |= AUTH_FLAG_NTLMv2_RESP; - } - return make_user_info_map(user_info, smb_name, - client_domain, - get_remote_machine_name(), - lm_resp, - nt_resp, - no_plaintext_blob, - auth_flags, True); + client_domain, + get_remote_machine_name(), + lm_resp.data ? &lm_resp : NULL, + nt_resp.data ? &nt_resp : NULL, + NULL, NULL, NULL, + True); } /**************************************************************************** @@ -456,19 +459,16 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info, BOOL make_user_info_guest(auth_usersupplied_info **user_info) { - DATA_BLOB lm_blob = data_blob(NULL, 0); - DATA_BLOB nt_blob = data_blob(NULL, 0); - DATA_BLOB plaintext_blob = data_blob(NULL, 0); - uint32 auth_flags = AUTH_FLAG_NONE; NTSTATUS nt_status; nt_status = make_user_info(user_info, - "","", - "","", - "", - nt_blob, lm_blob, - plaintext_blob, - auth_flags, True); + "","", + "","", + "", + NULL, NULL, + NULL, NULL, + NULL, + True); return NT_STATUS_IS_OK(nt_status) ? True : False; } @@ -803,23 +803,6 @@ static NTSTATUS add_user_groups(auth_serversupplied_info **server_info, } /*************************************************************************** -Fill a server_info struct from a SAM_ACCOUNT with its privileges -***************************************************************************/ - -static NTSTATUS add_privileges(auth_serversupplied_info **server_info) -{ - PRIVILEGE_SET *privs = NULL; - - init_privilege(&privs); - if (!pdb_get_privilege_set((*server_info)->ptok->user_sids, (*server_info)->ptok->num_sids, privs)) - DEBUG(1, ("Could not add privileges\n")); - - (*server_info)->privs = privs; - - return NT_STATUS_OK; -} - -/*************************************************************************** Make (and fill) a user_info struct from a SAM_ACCOUNT ***************************************************************************/ @@ -855,11 +838,6 @@ NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info, return nt_status; } - if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) { - free_server_info(server_info); - return nt_status; - } - (*server_info)->sam_fill_level = SAM_FILL_ALL; DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n", pdb_get_username(sampass), @@ -1329,7 +1307,8 @@ void free_user_info(auth_usersupplied_info **user_info) SAFE_FREE((*user_info)->wksta_name.str); data_blob_free(&(*user_info)->lm_resp); data_blob_free(&(*user_info)->nt_resp); - SAFE_FREE((*user_info)->interactive_password); + data_blob_clear_free(&(*user_info)->lm_interactive_pwd); + data_blob_clear_free(&(*user_info)->nt_interactive_pwd); data_blob_clear_free(&(*user_info)->plaintext_password); ZERO_STRUCT(**user_info); } diff --git a/source/bin/.cvsignore b/source/bin/.cvsignore index 3144075134e..fd5d9372e4e 100644 --- a/source/bin/.cvsignore +++ b/source/bin/.cvsignore @@ -1,7 +1,8 @@ -debug2html +*.so .dummy -editreg .libs +debug2html +editreg locktest locktest2 log2pcap @@ -39,17 +40,16 @@ smbstatus smbtorture smbtree smbumount -*.so swat +t_push_ucs2 +t_snprintf +t_strcmp +t_stringoverflow talloctort tdbbackup tdbdump testparm testprns -t_push_ucs2 -t_snprintf -t_strcmp -t_stringoverflow vfstest wbinfo winbindd diff --git a/source/client/mount.cifs.c b/source/client/mount.cifs.c index 8c23cc22123..a2f9ebf45ca 100755 --- a/source/client/mount.cifs.c +++ b/source/client/mount.cifs.c @@ -38,12 +38,16 @@ #include <fcntl.h> #define MOUNT_CIFS_VERSION_MAJOR "1" -#define MOUNT_CIFS_VERSION_MINOR "0" +#define MOUNT_CIFS_VERSION_MINOR "2" #ifndef MOUNT_CIFS_VENDOR_SUFFIX #define MOUNT_CIFS_VENDOR_SUFFIX "" #endif +#ifndef MS_MOVE +#define MS_MOVE 8192 +#endif + char * thisprogram; int verboseflag = 0; static int got_password = 0; @@ -113,19 +117,20 @@ static int open_cred_file(char * file_name) /* eat leading white space */ for(i=0;i<4096;i++) { - if(line_buf[i] == '\0') - break; - else if((line_buf[i] != ' ') && (line_buf[i] != '\t')) + if((line_buf[i] != ' ') && (line_buf[i] != '\t')) break; + /* if whitespace - skip past it */ line_buf++; } - if (strncasecmp("username",line_buf,8) == 0) { temp_val = strchr(line_buf + i,'='); if(temp_val) { /* go past equals sign */ temp_val++; - length = strlen(temp_val); + for(length = 0;length<4087;length++) { + if(temp_val[length] == '\n') + break; + } if(length > 4086) { printf("cifs.mount failed due to malformed username in credentials file"); memset(line_buf,0,4096); @@ -146,7 +151,10 @@ static int open_cred_file(char * file_name) if(temp_val) { /* go past equals sign */ temp_val++; - length = strlen(temp_val); + for(length = 0;length<65;length++) { + if(temp_val[length] == '\n') + break; + } if(length > 64) { printf("cifs.mount failed: password in credentials file too long\n"); memset(line_buf,0, 4096); @@ -157,9 +165,11 @@ static int open_cred_file(char * file_name) } else { if(mountpassword == NULL) { mountpassword = calloc(65,1); - } + } else + memset(mountpassword,0,64); if(mountpassword) { - strncpy(mountpassword,temp_val,64); + /* BB add handling for commas in password here */ + strncpy(mountpassword,temp_val,length); got_password = 1; } } @@ -227,7 +237,7 @@ static int get_password_from_file(int file_descript, char * filename) return rc; } -static int parse_options(char * options) +static int parse_options(char * options, int * filesys_flags) { char * data; char * percent_char = 0; @@ -394,7 +404,7 @@ static int parse_options(char * options) if (strcmp (data, "fmask") == 0) { printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n"); - data = "file_mode"; + data = "file_mode"; /* BB fix this */ } } else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) { if (!value || !*value) { @@ -410,29 +420,50 @@ static int parse_options(char * options) printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n"); data = "dir_mode"; } + /* the following eight mount options should be + stripped out from what is passed into the kernel + since these eight options are best passed as the + mount flags rather than redundantly to the kernel + and could generate spurious warnings depending on the + level of the corresponding cifs vfs kernel code */ + } else if (strncmp(data, "nosuid", 6) == 0) { + *filesys_flags |= MS_NOSUID; + } else if (strncmp(data, "suid", 4) == 0) { + *filesys_flags &= ~MS_NOSUID; + } else if (strncmp(data, "nodev", 5) == 0) { + *filesys_flags |= MS_NODEV; + } else if (strncmp(data, "dev", 3) == 0) { + *filesys_flags &= ~MS_NODEV; + } else if (strncmp(data, "noexec", 6) == 0) { + *filesys_flags |= MS_NOEXEC; + } else if (strncmp(data, "exec", 4) == 0) { + *filesys_flags &= ~MS_NOEXEC; + } else if (strncmp(data, "ro", 2) == 0) { + *filesys_flags |= MS_RDONLY; + } else if (strncmp(data, "rw", 2) == 0) { + *filesys_flags &= ~MS_RDONLY; } /* else if (strnicmp(data, "port", 4) == 0) { - if (value && *value) { - vol->port = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "rsize", 5) == 0) { - if (value && *value) { - vol->rsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "wsize", 5) == 0) { - if (value && *value) { - vol->wsize = - simple_strtoul(value, &value, 0); - } - } else if (strnicmp(data, "version", 3) == 0) { - - } else if (strnicmp(data, "rw", 2) == 0) { - - } else - printf("CIFS: Unknown mount option %s\n",data); */ + if (value && *value) { + vol->port = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "rsize", 5) == 0) { + if (value && *value) { + vol->rsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "wsize", 5) == 0) { + if (value && *value) { + vol->wsize = + simple_strtoul(value, &value, 0); + } + } else if (strnicmp(data, "version", 3) == 0) { + } else { + printf("CIFS: Unknown mount option %s\n",data); + } */ /* nothing to do on those four mount options above. + Just pass to kernel and ignore them here */ - /* move to next option */ + /* move to next option */ data = next_keyword+1; /* put overwritten equals sign back */ @@ -440,7 +471,7 @@ static int parse_options(char * options) value--; *value = '='; } - + /* put previous overwritten comma back */ if(next_keyword) *next_keyword = ','; @@ -522,7 +553,9 @@ char * parse_server(char * unc_name) static struct option longopts[] = { { "all", 0, 0, 'a' }, - { "help", 0, 0, 'h' }, + { "help",0, 0, 'h' }, + { "move",0, 0, 'm' }, + { "bind",0, 0, 'b' }, { "read-only", 0, 0, 'r' }, { "ro", 0, 0, 'r' }, { "verbose", 0, 0, 'v' }, @@ -530,12 +563,11 @@ static struct option longopts[] = { { "read-write", 0, 0, 'w' }, { "rw", 0, 0, 'w' }, { "options", 1, 0, 'o' }, - { "types", 1, 0, 't' }, + { "type", 1, 0, 't' }, { "rsize",1, 0, 'R' }, { "wsize",1, 0, 'W' }, { "uid", 1, 0, '1'}, { "gid", 1, 0, '2'}, - { "uuid",1,0,'U' }, { "user",1,0,'u'}, { "username",1,0,'u'}, { "dom",1,0,'d'}, @@ -544,13 +576,14 @@ static struct option longopts[] = { { "pass",1,0,'p'}, { "credentials",1,0,'c'}, { "port",1,0,'P'}, + /* { "uuid",1,0,'U'}, */ /* BB unimplemented */ { NULL, 0, 0, 0 } }; int main(int argc, char ** argv) { int c; - int flags = MS_MANDLOCK | MS_MGC_VAL; + int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */ char * orgoptions = NULL; char * share_name = NULL; char * domain_name = NULL; @@ -615,6 +648,12 @@ int main(int argc, char ** argv) case 'n': ++nomtab; break; + case 'b': + flags |= MS_BIND; + break; + case 'm': + flags |= MS_MOVE; + break; case 'o': orgoptions = strdup(optarg); break; @@ -693,7 +732,7 @@ int main(int argc, char ** argv) ipaddr = parse_server(share_name); - if (orgoptions && parse_options(orgoptions)) + if (orgoptions && parse_options(orgoptions, &flags)) return 1; /* BB save off path and pop after mount returns? */ @@ -701,9 +740,10 @@ int main(int argc, char ** argv) if(chdir(mountpoint)) { printf("mount error: can not change directory into mount target %s\n",mountpoint); + return -1; } - if(stat (mountpoint, &statbuf)) { + if(stat (".", &statbuf)) { printf("mount error: mount point %s does not exist\n",mountpoint); return -1; } @@ -715,7 +755,11 @@ int main(int argc, char ** argv) if((getuid() != 0) && (geteuid() == 0)) { if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) { - printf("setuid mount allowed\n"); +#ifndef CIFS_ALLOW_USR_SUID + /* Do not allow user mounts to control suid flag + for mount unless explicitly built that way */ + flags |= MS_NOSUID | MS_NODEV; +#endif } else { printf("mount error: permission denied or not superuser and cifs.mount not installed SUID\n"); return -1; @@ -746,6 +790,12 @@ int main(int argc, char ** argv) optlen += strlen(mountpassword) + 6; options = malloc(optlen + 10); + if(options == NULL) { + printf("Could not allocate memory for mount options\n"); + return -1; + } + + options[0] = 0; strncat(options,"unc=",4); strcat(options,share_name); @@ -797,11 +847,32 @@ int main(int argc, char ** argv) mountent.mnt_fsname = share_name; mountent.mnt_dir = mountpoint; mountent.mnt_type = "cifs"; - mountent.mnt_opts = ""; + mountent.mnt_opts = malloc(200); + if(mountent.mnt_opts) { + memset(mountent.mnt_opts,0,200); + if(flags & MS_RDONLY) + strcat(mountent.mnt_opts,"ro"); + else + strcat(mountent.mnt_opts,"rw"); + if(flags & MS_MANDLOCK) + strcat(mountent.mnt_opts,",mand"); + else + strcat(mountent.mnt_opts,",nomand"); + if(flags & MS_NOEXEC) + strcat(mountent.mnt_opts,",noexec"); + if(flags & MS_NOSUID) + strcat(mountent.mnt_opts,",nosuid"); + if(flags & MS_NODEV) + strcat(mountent.mnt_opts,",nodev"); + if(flags & MS_SYNCHRONOUS) + strcat(mountent.mnt_opts,",synch"); + } mountent.mnt_freq = 0; mountent.mnt_passno = 0; rc = addmntent(pmntfile,&mountent); endmntent(pmntfile); + if(mountent.mnt_opts) + free(mountent.mnt_opts); } else { printf("could not update mount table\n"); } diff --git a/source/configure.in b/source/configure.in index f546069e08a..59b1d062f63 100644 --- a/source/configure.in +++ b/source/configure.in @@ -220,7 +220,6 @@ AC_SUBST(SMBWRAPPER) AC_SUBST(EXTRA_BIN_PROGS) AC_SUBST(EXTRA_SBIN_PROGS) AC_SUBST(EXTRA_ALL_TARGETS) -AC_SUBST(CONFIG_LIBS) AC_ARG_ENABLE(debug, [ --enable-debug Turn on compiler debugging information (default=no)], @@ -358,7 +357,7 @@ DYNEXP= dnl Add modules that have to be built by default here dnl These have to be built static: -default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_epmapper auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" +default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin" dnl These are preferably build shared, and static if dlopen() is not available default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs charset_CP850 charset_CP437" @@ -1686,7 +1685,7 @@ dnl Try to find iconv(3) LDFLAGS=$save_LDFLAGS LIB_ADD_DIR(LDFLAGS, "$i/lib") CFLAGS_ADD_DIR(CPPFLAGS, "$i/include") - LIBS="$save_LIBS" + LIBS="$save_LIBS" ICONV_LOCATION=$i export LDFLAGS LIBS CPPFLAGS dnl Now, check for a working iconv ... we want to do it here because @@ -2407,8 +2406,6 @@ AC_MSG_RESULT($with_ldap_support) SMBLDAP="" AC_SUBST(SMBLDAP) -SMBLDAPUTIL="" -AC_SUBST(SMBLDAPUTIL) if test x"$with_ldap_support" != x"no"; then ################################################################## @@ -2464,9 +2461,7 @@ if test x"$with_ldap_support" != x"no"; then if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available]) default_static_modules="$default_static_modules pdb_ldap idmap_ldap"; - default_shared_modules="$default_shared_modules config_ldap"; SMBLDAP="lib/smbldap.o" - SMBLDAPUTIL="lib/smbldap_util.o" with_ldap_support=yes AC_MSG_CHECKING(whether LDAP support is used) AC_MSG_RESULT(yes) @@ -4298,7 +4293,6 @@ MODULE_pdb_guest=STATIC MODULE_rpc_spoolss=STATIC MODULE_rpc_srv=STATIC MODULE_idmap_tdb=STATIC -MODULE_gums_tdbsam2=STATIC AC_ARG_WITH(static-modules, [ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in], @@ -4336,12 +4330,8 @@ SMB_MODULE(pdb_ldap, passdb/pdb_ldap.o, "bin/ldapsam.$SHLIBEXT", PDB, SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB) SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB) SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB) -SMB_MODULE(pdb_gums, [passdb/pdb_gums.o \$(GUMS_OBJ)], "bin/gums.$SHLIBEXT", PDB) SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o) -SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS) -SMB_SUBSYSTEM(GUMS) - SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC) SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC) SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC) @@ -4352,8 +4342,6 @@ SMB_MODULE(rpc_srv, \$(RPC_SVC_OBJ), "bin/librpc_srvsvc.$SHLIBEXT", RPC) SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC) SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC) SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC) -SMB_MODULE(rpc_epmapper, \$(RPC_EPMAPPER_OBJ), "bin/librpc_epmapper.$SHLIBEXT", - RPC) SMB_SUBSYSTEM(RPC,smbd/server.o) SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP) @@ -4386,9 +4374,6 @@ SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS) SMB_MODULE(vfs_expand_msdfs, \$(VFS_EXPAND_MSDFS_OBJ), "bin/expand_msdfs.$SHLIBEXT", VFS) SMB_SUBSYSTEM(VFS,smbd/vfs.o) -SMB_MODULE(config_ldap, param/config_ldap.o, "bin/config_ldap.$SHLIBEXT", CONFIG, [ CONFIG_LIBS="$CONFIG_LIBS $LDAP_LIBS" "$SMBLDAP" ]) -SMB_SUBSYSTEM(CONFIG, param/modconf.o) - AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules]) ################################################# diff --git a/source/groupdb/mapping.c b/source/groupdb/mapping.c index d476f5cac13..d10a7decb7e 100644 --- a/source/groupdb/mapping.c +++ b/source/groupdb/mapping.c @@ -28,12 +28,16 @@ static TDB_CONTEXT *tdb; /* used for driver files */ #define GROUP_PREFIX "UNIXGROUP/" -/* Alias memberships are stored reverse, as memberships. The performance - * critical operation is to determine the aliases a SID is member of, not - * listing alias members. So we store a list of alias SIDs a SID is member of - * hanging of the member as key. - */ -#define MEMBEROF_PREFIX "MEMBEROF/" +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ + {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, + {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, + {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, + {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, + {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, + {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } +}; + /**************************************************************************** dump the mapping group mapping to a text file @@ -368,7 +372,7 @@ static BOOL get_group_map_from_ntname(const char *name, GROUP_MAP *map) Remove a group mapping entry. ****************************************************************************/ -static BOOL group_map_remove(const DOM_SID *sid) +static BOOL group_map_remove(DOM_SID sid) { TDB_DATA kbuf, dbuf; pstring key; @@ -381,7 +385,7 @@ static BOOL group_map_remove(const DOM_SID *sid) /* the key is the SID, retrieving is direct */ - sid_to_string(string_sid, sid); + sid_to_string(string_sid, &sid); slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); kbuf.dptr = key; @@ -485,284 +489,6 @@ static BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, return True; } -/* This operation happens on session setup, so it should better be fast. We - * store a list of aliases a SID is member of hanging off MEMBEROF/SID. */ - -static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - fstring key, string_sid; - TDB_DATA kbuf, dbuf; - const char *p; - - *num = 0; - *sids = NULL; - - if (!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - sid_to_string(string_sid, sid); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - if (dbuf.dptr == NULL) { - return NT_STATUS_OK; - } - - p = dbuf.dptr; - - while (next_token(&p, string_sid, " ", sizeof(string_sid))) { - - DOM_SID alias; - - if (!string_to_sid(&alias, string_sid)) - continue; - - add_sid_to_array(&alias, sids, num); - - if (sids == NULL) - return NT_STATUS_NO_MEMORY; - } - - SAFE_FREE(dbuf.dptr); - return NT_STATUS_OK; -} - -static BOOL is_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - DOM_SID *sids; - int i, num; - - /* This feels the wrong way round, but the on-disk data structure - * dictates it this way. */ - if (!NT_STATUS_IS_OK(alias_memberships(member, &sids, &num))) - return False; - - for (i=0; i<num; i++) { - if (sid_compare(alias, &sids[i]) == 0) { - SAFE_FREE(sids); - return True; - } - } - SAFE_FREE(sids); - return False; -} - -static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - GROUP_MAP map; - TDB_DATA kbuf, dbuf; - pstring key; - fstring string_sid; - char *new_memberstring; - int result; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - if (is_aliasmem(alias, member)) - return NT_STATUS_MEMBER_IN_ALIAS; - - sid_to_string(string_sid, member); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, string_sid); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - dbuf = tdb_fetch(tdb, kbuf); - - sid_to_string(string_sid, alias); - - if (dbuf.dptr != NULL) { - asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr), - string_sid); - } else { - new_memberstring = strdup(string_sid); - } - - if (new_memberstring == NULL) - return NT_STATUS_NO_MEMORY; - - SAFE_FREE(dbuf.dptr); - dbuf.dsize = strlen(new_memberstring)+1; - dbuf.dptr = new_memberstring; - - result = tdb_store(tdb, kbuf, dbuf, 0); - - SAFE_FREE(new_memberstring); - - return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED); -} - -struct aliasmem_closure { - const DOM_SID *alias; - DOM_SID **sids; - int *num; -}; - -static int collect_aliasmem(TDB_CONTEXT *tdb_ctx, TDB_DATA key, TDB_DATA data, - void *state) -{ - struct aliasmem_closure *closure = (struct aliasmem_closure *)state; - const char *p; - fstring alias_string; - - if (strncmp(key.dptr, MEMBEROF_PREFIX, - strlen(MEMBEROF_PREFIX)) != 0) - return 0; - - p = data.dptr; - - while (next_token(&p, alias_string, " ", sizeof(alias_string))) { - - DOM_SID alias, member; - const char *member_string; - - - if (!string_to_sid(&alias, alias_string)) - continue; - - if (sid_compare(closure->alias, &alias) != 0) - continue; - - /* Ok, we found the alias we're looking for in the membership - * list currently scanned. The key represents the alias - * member. Add that. */ - - member_string = strchr(key.dptr, '/'); - - /* Above we tested for MEMBEROF_PREFIX which includes the - * slash. */ - - SMB_ASSERT(member_string != NULL); - member_string += 1; - - if (!string_to_sid(&member, member_string)) - continue; - - add_sid_to_array(&member, closure->sids, closure->num); - } - - return 0; -} - -static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num) -{ - GROUP_MAP map; - struct aliasmem_closure closure; - - if(!init_group_mapping()) { - DEBUG(0,("failed to initialize group mapping\n")); - return NT_STATUS_ACCESS_DENIED; - } - - if (!get_group_map_from_sid(*alias, &map)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ( (map.sid_name_use != SID_NAME_ALIAS) && - (map.sid_name_use != SID_NAME_WKN_GRP) ) - return NT_STATUS_NO_SUCH_ALIAS; - - *sids = NULL; - *num = 0; - - closure.alias = alias; - closure.sids = sids; - closure.num = num; - - tdb_traverse(tdb, collect_aliasmem, &closure); - return NT_STATUS_OK; -} - -static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - NTSTATUS result; - DOM_SID *sids; - int i, num; - BOOL found = False; - char *member_string; - TDB_DATA kbuf, dbuf; - pstring key; - fstring sid_string; - - result = alias_memberships(member, &sids, &num); - - if (!NT_STATUS_IS_OK(result)) - return result; - - for (i=0; i<num; i++) { - if (sid_compare(&sids[i], alias) == 0) { - found = True; - break; - } - } - - if (!found) { - SAFE_FREE(sids); - return NT_STATUS_MEMBER_NOT_IN_ALIAS; - } - - if (i < num) - sids[i] = sids[num-1]; - - num -= 1; - - sid_to_string(sid_string, member); - slprintf(key, sizeof(key), "%s%s", MEMBEROF_PREFIX, sid_string); - - kbuf.dsize = strlen(key)+1; - kbuf.dptr = key; - - if (num == 0) - return tdb_delete(tdb, kbuf) == 0 ? - NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - member_string = strdup(""); - - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - - for (i=0; i<num; i++) { - char *s = member_string; - - sid_to_string(sid_string, &sids[i]); - asprintf(&member_string, "%s %s", s, sid_string); - - SAFE_FREE(s); - if (member_string == NULL) { - SAFE_FREE(sids); - return NT_STATUS_NO_MEMORY; - } - } - - dbuf.dsize = strlen(member_string)+1; - dbuf.dptr = member_string; - - result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; - - SAFE_FREE(sids); - SAFE_FREE(member_string); - - return result; -} - /* * * High level functions @@ -842,8 +568,7 @@ BOOL get_local_group_from_sid(DOM_SID *sid, GROUP_MAP *map) if ( !ret ) return False; - if ( ( (map->sid_name_use != SID_NAME_ALIAS) && - (map->sid_name_use != SID_NAME_WKN_GRP) ) + if ( (map->sid_name_use != SID_NAME_ALIAS) || (map->gid == -1) || (getgrgid(map->gid) == NULL) ) { @@ -958,6 +683,129 @@ BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map) return True; } + + + +/**************************************************************************** + Get the member users of a group and + all the users who have that group as primary. + + give back an array of SIDS + return the grand number of users + + + TODO: sort the list and remove duplicate. JFM. + +****************************************************************************/ + +BOOL get_sid_list_of_group(gid_t gid, DOM_SID **sids, int *num_sids) +{ + struct group *grp; + int i=0; + char *gr; + DOM_SID *s; + + struct sys_pwent *userlist; + struct sys_pwent *user; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping\n")); + return(False); + } + + *num_sids = 0; + *sids=NULL; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + gr = grp->gr_mem[0]; + DEBUG(10, ("getting members\n")); + + while (gr && (*gr != (char)'\0')) { + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge SID list!\n")); + return False; + } + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } + + become_root(); + found_user = pdb_getsampwnam(group_member_acct, gr); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } + + pdb_free_sam(&group_member_acct); + + gr = grp->gr_mem[++i]; + } + DEBUG(10, ("got [%d] members\n", *num_sids)); + + winbind_off(); + + user = userlist = getpwent_list(); + + while (user != NULL) { + + SAM_ACCOUNT *group_member_acct = NULL; + BOOL found_user; + + if (user->pw_gid != gid) { + user = user->next; + continue; + } + + s = Realloc((*sids), sizeof(**sids)*(*num_sids+1)); + if (!s) { + DEBUG(0,("get_sid_list_of_group: unable to enlarge " + "SID list!\n")); + pwent_free(userlist); + winbind_on(); + return False; + } + else (*sids) = s; + + if (!NT_STATUS_IS_OK(pdb_init_sam(&group_member_acct))) { + continue; + } + + become_root(); + found_user = pdb_getsampwnam(group_member_acct, user->pw_name); + unbecome_root(); + + if (found_user) { + sid_copy(&(*sids)[*num_sids], + pdb_get_user_sid(group_member_acct)); + (*num_sids)++; + } else { + DEBUG(4,("get_sid_list_of_group: User %s [uid == %lu] " + "has no samba account\n", + user->pw_name, (unsigned long)user->pw_uid)); + if (algorithmic_uid_to_sid(&(*sids)[*num_sids], + user->pw_uid)) + (*num_sids)++; + } + pdb_free_sam(&group_member_acct); + + user = user->next; + } + pwent_free(userlist); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids)); + + winbind_on(); + return True; +} + /**************************************************************************** Create a UNIX group on demand. ****************************************************************************/ @@ -1168,7 +1016,7 @@ NTSTATUS pdb_default_update_group_mapping_entry(struct pdb_methods *methods, NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods, DOM_SID sid) { - return group_map_remove(&sid) ? + return group_map_remove(sid) ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } @@ -1181,178 +1029,6 @@ NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods, NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; } -NTSTATUS pdb_default_find_alias(struct pdb_methods *methods, - const char *name, DOM_SID *sid) -{ - GROUP_MAP map; - - if (!pdb_getgrnam(&map, name)) - return NT_STATUS_NO_SUCH_ALIAS; - - if ((map.sid_name_use != SID_NAME_WKN_GRP) && - (map.sid_name_use != SID_NAME_ALIAS)) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - sid_copy(sid, &map.sid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_create_alias(struct pdb_methods *methods, - const char *name, uint32 *rid) -{ - DOM_SID sid; - enum SID_NAME_USE type; - uint32 new_rid; - gid_t gid; - - GROUP_MAP map; - - if (lookup_name(get_global_sam_name(), name, &sid, &type)) - return NT_STATUS_ALIAS_EXISTS; - - if (!winbind_allocate_rid(&new_rid)) - return NT_STATUS_ACCESS_DENIED; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, new_rid); - - /* Here we allocate the gid */ - if (!winbind_sid_to_gid(&gid, &sid)) { - DEBUG(0, ("Could not get gid for new RID\n")); - return NT_STATUS_ACCESS_DENIED; - } - - map.gid = gid; - sid_copy(&map.sid, &sid); - map.sid_name_use = SID_NAME_ALIAS; - fstrcpy(map.nt_name, name); - fstrcpy(map.comment, ""); - - if (!pdb_add_group_mapping_entry(&map)) { - DEBUG(0, ("Could not add group mapping entry for alias %s\n", - name)); - return NT_STATUS_ACCESS_DENIED; - } - - *rid = new_rid; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods, - const DOM_SID *sid) -{ - return pdb_delete_group_mapping_entry(*sid) ? - NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; -} - -NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - extern DOM_SID global_sid_Builtin; - - GROUP_MAP *map; - int i, num_maps; - enum SID_NAME_USE type = SID_NAME_UNKNOWN; - - if (sid_compare(sid, get_global_sam_sid()) == 0) - type = SID_NAME_ALIAS; - - if (sid_compare(sid, &global_sid_Builtin) == 0) - type = SID_NAME_WKN_GRP; - - if (!pdb_enum_group_mapping(type, &map, &num_maps, False) || - (num_maps == 0)) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - if (start_idx > num_maps) { - *num_aliases = 0; - *info = NULL; - goto done; - } - - *num_aliases = num_maps - start_idx; - - if (*num_aliases > max_entries) - *num_aliases = max_entries; - - *info = malloc(sizeof(struct acct_info) * (*num_aliases)); - - for (i=0; i<*num_aliases; i++) { - fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name); - fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment); - sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid); - } - - done: - SAFE_FREE(map); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(&map.sid, &info->rid); - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info) -{ - GROUP_MAP map; - - if (!pdb_getgrsid(&map, *sid)) - return NT_STATUS_NO_SUCH_ALIAS; - - fstrcpy(map.comment, info->acct_desc); - - if (!pdb_update_group_mapping_entry(&map)) - return NT_STATUS_ACCESS_DENIED; - - return NT_STATUS_OK; -} - -NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return add_aliasmem(alias, member); -} - -NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member) -{ - return del_aliasmem(alias, member); -} - -NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - return enum_aliasmem(alias, members, num_members); -} - -NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - return alias_memberships(sid, aliases, num); -} - /********************************************************************** no ops for passdb backends that don't implement group mapping *********************************************************************/ @@ -1401,38 +1077,3 @@ NTSTATUS pdb_nop_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_UNSUCCESSFUL; } -/**************************************************************************** - These need to be redirected through pdb_interface.c -****************************************************************************/ -BOOL pdb_get_dom_grp_info(const DOM_SID *sid, struct acct_info *info) -{ - GROUP_MAP map; - BOOL res; - - become_root(); - res = get_domain_group_from_sid(*sid, &map); - unbecome_root(); - - if (!res) - return False; - - fstrcpy(info->acct_name, map.nt_name); - fstrcpy(info->acct_desc, map.comment); - sid_peek_rid(sid, &info->rid); - return True; -} - -BOOL pdb_set_dom_grp_info(const DOM_SID *sid, const struct acct_info *info) -{ - GROUP_MAP map; - - if (!get_domain_group_from_sid(*sid, &map)) - return False; - - fstrcpy(map.nt_name, info->acct_name); - fstrcpy(map.comment, info->acct_desc); - - return pdb_update_group_mapping_entry(&map); -} - - diff --git a/source/include/auth.h b/source/include/auth.h index 27cdc1e3f5f..8f52512e6a0 100644 --- a/source/include/auth.h +++ b/source/include/auth.h @@ -27,37 +27,17 @@ typedef struct normal_string char *str; } AUTH_STR; -/* AUTH_UNISTR - unicode string or buffer */ -typedef struct unicode_string -{ - int len; - uchar *unistr; -} AUTH_UNISTR; - -typedef struct interactive_password -{ - OWF_INFO lm_owf; /* LM OWF Password */ - OWF_INFO nt_owf; /* NT OWF Password */ -} auth_interactive_password; - -#define AUTH_FLAG_NONE 0x000000 -#define AUTH_FLAG_PLAINTEXT 0x000001 -#define AUTH_FLAG_LM_RESP 0x000002 -#define AUTH_FLAG_NTLM_RESP 0x000004 -#define AUTH_FLAG_NTLMv2_RESP 0x000008 - typedef struct auth_usersupplied_info { DATA_BLOB lm_resp; DATA_BLOB nt_resp; - auth_interactive_password * interactive_password; + DATA_BLOB lm_interactive_pwd; + DATA_BLOB nt_interactive_pwd; DATA_BLOB plaintext_password; BOOL encrypted; - uint32 auth_flags; - AUTH_STR client_domain; /* domain name string */ AUTH_STR domain; /* domain name after mapping */ AUTH_STR internal_username; /* username after mapping */ @@ -86,7 +66,6 @@ typedef struct auth_serversupplied_info /* NT group information taken from the info3 structure */ NT_USER_TOKEN *ptok; - PRIVILEGE_SET *privs; DATA_BLOB nt_session_key; DATA_BLOB lm_session_key; diff --git a/source/include/genparser.h b/source/include/genparser.h deleted file mode 100644 index f28cd78249d..00000000000 --- a/source/include/genparser.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_H -#define _GENPARSER_H - -/* these macros are needed for genstruct auto-parsers */ -#ifndef GENSTRUCT -#define GENSTRUCT -#define _LEN(x) -#define _NULLTERM -#endif - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -/* flag to mark a fixed size array as actually being null terminated */ -#define FLAG_NULLTERM 1 -#define FLAG_ALWAYS 2 - -struct enum_struct { - const char *name; - unsigned value; -}; - -/* intermediate dumps are stored in one of these */ -struct parse_string { - unsigned allocated; - unsigned length; - char *s; -}; - -typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent); -typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str); - -/* genstruct.pl generates arrays of these */ -struct parse_struct { - const char *name; - unsigned ptr_count; - unsigned size; - unsigned offset; - unsigned array_len; - const char *dynamic_len; - unsigned flags; - gen_dump_fn dump_fn; - gen_parse_fn parse_fn; -}; - -#define DUMP_PARSE_DECL(type) \ - int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \ - int gen_parse_ ## type(TALLOC_CTX *, char *, const char *); - -DUMP_PARSE_DECL(char) -DUMP_PARSE_DECL(int) -DUMP_PARSE_DECL(unsigned) -DUMP_PARSE_DECL(double) -DUMP_PARSE_DECL(float) - -#define gen_dump_unsigned_char gen_dump_char -#define gen_parse_unsigned_char gen_parse_char - -#endif /* _GENPARSER_H */ diff --git a/source/include/genparser_samba.h b/source/include/genparser_samba.h deleted file mode 100644 index 213d51da876..00000000000 --- a/source/include/genparser_samba.h +++ /dev/null @@ -1,63 +0,0 @@ -/* - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GENPARSER_SAMBA_H -#define _GENPARSER_SAMBA_H - -const struct parse_struct pinfo_security_ace_info[] = { -{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8}, -{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS}, -{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID}, -{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_acl_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_security_descriptor_info[] = { -{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16}, -{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL}, -{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_luid_attr_info[] = { -{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32}, -{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -const struct parse_struct pinfo_data_blob_info[] = { -{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int}, -{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char}, -{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}}; - -#endif /* _GENPARSER_SAMBA_H */ diff --git a/source/include/gums.h b/source/include/gums.h deleted file mode 100644 index d16a839bc4b..00000000000 --- a/source/include/gums.h +++ /dev/null @@ -1,272 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#ifndef _GUMS_H -#define _GUMS_H - -#define GUMS_VERSION_MAJOR 0 -#define GUMS_VERSION_MINOR 1 -#define GUMS_OBJECT_VERSION 1 -#define GUMS_PRIVILEGE_VERSION 1 -#define GUMS_INTERFACE_VERSION 1 - -#define GUMS_OBJ_DOMAIN 0x10 -#define GUMS_OBJ_NORMAL_USER 0x20 -#define GUMS_OBJ_GROUP 0x30 -#define GUMS_OBJ_ALIAS 0x31 - -/* define value types */ -#define GUMS_SET_PRIMARY_GROUP 0x1 -#define GUMS_SET_SEC_DESC 0x2 - -#define GUMS_SET_NAME 0x10 -#define GUMS_SET_DESCRIPTION 0x11 -#define GUMS_SET_FULL_NAME 0x12 - -/* user specific type values */ -#define GUMS_SET_LOGON_TIME 0x20 -#define GUMS_SET_LOGOFF_TIME 0x21 -#define GUMS_SET_KICKOFF_TIME 0x23 -#define GUMS_SET_PASS_LAST_SET_TIME 0x24 -#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25 -#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26 - - -#define GUMS_SET_HOME_DIRECTORY 0x31 -#define GUMS_SET_DRIVE 0x32 -#define GUMS_SET_LOGON_SCRIPT 0x33 -#define GUMS_SET_PROFILE_PATH 0x34 -#define GUMS_SET_WORKSTATIONS 0x35 -#define GUMS_SET_UNKNOWN_STRING 0x36 -#define GUMS_SET_MUNGED_DIAL 0x37 - -#define GUMS_SET_LM_PASSWORD 0x40 -#define GUMS_SET_NT_PASSWORD 0x41 -#define GUMS_SET_PLAINTEXT_PASSWORD 0x42 -#define GUMS_SET_UNKNOWN_3 0x43 -#define GUMS_SET_LOGON_DIVS 0x44 -#define GUMS_SET_HOURS_LEN 0x45 -#define GUMS_SET_HOURS 0x46 -#define GUMS_SET_BAD_PASSWORD_COUNT 0x47 -#define GUMS_SET_LOGON_COUNT 0x48 -#define GUMS_SET_UNKNOWN_6 0x49 - -#define GUMS_SET_MUST_CHANGE_PASS 0x50 -#define GUMS_SET_CANNOT_CHANGE_PASS 0x51 -#define GUMS_SET_PASS_NEVER_EXPIRE 0x52 -#define GUMS_SET_ACCOUNT_DISABLED 0x53 -#define GUMS_SET_ACCOUNT_LOCKOUT 0x54 - -/*group specific type values */ -#define GUMS_ADD_SID_LIST 0x60 -#define GUMS_DEL_SID_LIST 0x61 -#define GUMS_SET_SID_LIST 0x62 - -GENSTRUCT struct gums_user -{ - DOM_SID *group_sid; /* Primary Group SID */ - - NTTIME logon_time; /* logon time */ - NTTIME logoff_time; /* logoff time */ - NTTIME kickoff_time; /* kickoff time */ - NTTIME pass_last_set_time; /* password last set time */ - NTTIME pass_can_change_time; /* password can change time */ - NTTIME pass_must_change_time; /* password must change time */ - - char *full_name; _NULLTERM /* user's full name string */ - char *home_dir; _NULLTERM /* home directory string */ - char *dir_drive; _NULLTERM /* home directory drive string */ - char *logon_script; _NULLTERM /* logon script string */ - char *profile_path; _NULLTERM /* profile path string */ - char *workstations; _NULLTERM /* login from workstations string */ - char *unknown_str; _NULLTERM /* don't know what this is, yet. */ - char *munged_dial; _NULLTERM /* munged path name and dial-back tel number */ - - DATA_BLOB lm_pw; /* .data is Null if no password */ - DATA_BLOB nt_pw; /* .data is Null if no password */ - - uint16 acct_ctrl; /* account type & status flags */ - uint16 logon_divs; /* 168 - number of hours in a week */ - uint32 hours_len; /* normally 21 bytes */ - uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */ - - uint16 bad_password_count; /* 0 */ - uint16 logon_count; /* 0 */ - uint32 unknown_3; /* 0x00ff ffff */ - uint32 unknown_6; /* 0x0000 04ec */ - -}; - -GENSTRUCT struct gums_group -{ - uint32 count; /* Number of SIDs */ - DOM_SID *members; _LEN(count) /* SID array */ - -}; - -GENSTRUCT struct gums_domain -{ - uint32 next_rid; - -}; - -GENSTRUCT struct gums_object -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object Type */ - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - SEC_DESC *sec_desc; /* Security Descriptor */ - - DOM_SID *sid; /* Object Sid */ - char *name; _NULLTERM /* Object Name - it should be in DOMAIN\NAME format */ - char *description; _NULLTERM /* Object Description */ - - struct gums_user *user; - struct gums_group *group; - struct gums_domain *domain; - -}; - -GENSTRUCT struct gums_privilege -{ - TALLOC_CTX *mem_ctx; - - uint32 version; /* Object Version */ - uint32 seq_num; /* Object Sequence Number */ - - char *name; _NULLTERM /* Object Name */ - char *description; _NULLTERM /* Object Description */ - - LUID_ATTR *privilege; /* Privilege Type */ - - uint32 count; - DOM_SID *members; _LEN(count) - -}; - -typedef struct gums_user GUMS_USER; -typedef struct gums_group GUMS_GROUP; -typedef struct gums_domain GUMS_DOMAIN; -typedef struct gums_object GUMS_OBJECT; -typedef struct gums_privilege GUMS_PRIVILEGE; - -typedef struct gums_data_set -{ - int type; /* GUMS_SET_xxx */ - void *data; - -} GUMS_DATA_SET; - -typedef struct gums_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - DOM_SID sid; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_COMMIT_SET; - -typedef struct gums_priv_commit_set -{ - TALLOC_CTX *mem_ctx; - - uint32 type; /* Object type */ - char *name; /* Object Sid */ - uint32 count; /* number of changes */ - GUMS_DATA_SET *data; - -} GUMS_PRIV_COMMIT_SET; - - -typedef struct gums_functions -{ - /* module data */ - TALLOC_CTX *mem_ctx; - char *name; - void *private_data; - void (*free_private_data)(void **); - - /* Generic object functions */ - - NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name); - NTSTATUS (*set_domain_sid) (const DOM_SID *sid); - - NTSTATUS (*get_sequence_number) (void); - - NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type); - NTSTATUS (*delete_object) (const DOM_SID *sid); - - NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type); - NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type); - /* This function is used to get the list of all objects changed since b_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - - NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type); - NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle); - NTSTATUS (*enumerate_objects_stop) (void *handle); - - /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools. - Never use this function to update an object in the database, use set_object_values() */ - NTSTATUS (*set_object) (GUMS_OBJECT *object); - - /* set object values function */ - NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ - NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - - NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - - NTSTATUS (*lock_sid) (const DOM_SID *sid); - NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - - NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); - NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); - NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); - NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ - NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); - -} GUMS_FUNCTIONS; - -typedef NTSTATUS (*gums_init_function)( - struct gums_functions *, - const char *); - -struct gums_init_function_entry { - - const char *name; - gums_init_function init_fn; - struct gums_init_function_entry *prev, *next; -}; - -#endif /* _GUMS_H */ diff --git a/source/include/includes.h b/source/include/includes.h index dd93c813d3d..ea8eb1a3043 100644 --- a/source/include/includes.h +++ b/source/include/includes.h @@ -779,8 +779,6 @@ extern int errno; #include "version.h" -#include "privileges.h" - #include "smb.h" #include "nameserv.h" @@ -789,6 +787,8 @@ extern int errno; #include "byteorder.h" +#include "privileges.h" + #include "rpc_creds.h" #include "mapping.h" @@ -801,10 +801,6 @@ extern int errno; #include "rpc_secdes.h" -#include "genparser.h" - -#include "gums.h" - #include "nt_printing.h" #include "msdfs.h" @@ -889,7 +885,6 @@ struct smb_ldap_privates; /* forward declarations from smbldap.c */ #include "smbldap.h" -#include "modconf.h" /***** automatically generated prototypes *****/ #ifndef NO_PROTO_H diff --git a/source/include/modconf.h b/source/include/modconf.h deleted file mode 100644 index f5cc5ef4889..00000000000 --- a/source/include/modconf.h +++ /dev/null @@ -1,34 +0,0 @@ -#ifndef _MODCONF_H_ -#define _MODCONF_H_ -/* - Unix SMB/CIFS implementation. - - ModConf headers - - Copyright (C) Simo Sorce 2003 - - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -#define SAMBA_CONFIG_INTERFACE_VERSION 1 - -/* Filled out by config backends */ -struct config_functions { - NTSTATUS (*init)(char *params); - NTSTATUS (*load)(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)); - NTSTATUS (*close)(void); -}; -#endif /* _MODCONF_H_ */ diff --git a/source/include/ntdomain.h b/source/include/ntdomain.h index 4e6795a85d5..b1a4107980d 100644 --- a/source/include/ntdomain.h +++ b/source/include/ntdomain.h @@ -23,22 +23,6 @@ #ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */ #define _NT_DOMAIN_H -struct uuid -{ - uint32 time_low; - uint16 time_mid; - uint16 time_hi_and_version; - uint8 clock_seq[2]; - uint8 node[6]; -}; -#define UUID_SIZE 16 - -#define UUID_FLAT_SIZE 16 -typedef struct uuid_flat -{ - uint8 info[UUID_FLAT_SIZE]; -} UUID_FLAT; - /* dce/rpc support */ #include "rpc_dce.h" @@ -382,6 +366,13 @@ typedef struct } rid_name; +struct acct_info +{ + fstring acct_name; /* account name */ + fstring acct_desc; /* account name */ + uint32 rid; /* domain-relative RID */ +}; + /* * higher order functions for use with msrpc client code */ @@ -411,7 +402,6 @@ typedef struct #include "rpc_dfs.h" #include "rpc_ds.h" #include "rpc_echo.h" -#include "rpc_epmapper.h" #include "rpc_shutdown.h" #endif /* _NT_DOMAIN_H */ diff --git a/source/include/passdb.h b/source/include/passdb.h index baf0e23a20c..75c4fd215bf 100644 --- a/source/include/passdb.h +++ b/source/include/passdb.h @@ -115,15 +115,6 @@ enum pdb_group_elements { PDB_GROUP_COUNT }; -enum pdb_trust_passwd_elements { - PDB_TRUST_PASS, - PDB_TRUST_SID, - PDB_TRUST_NAME, - PDB_TRUST_MODTIME, - PDB_TRUST_FLAGS, - - PDB_TRUST_COUNT -}; enum pdb_value_state { PDB_DEFAULT=0, @@ -233,41 +224,6 @@ typedef struct sam_group { } SAM_GROUP; -typedef struct _GROUP_INFO { - struct pdb_methods *methods; - DOM_SID sid; - enum SID_NAME_USE sid_name_use; - fstring nt_name; - fstring comment; -} GROUP_INFO; - -struct acct_info -{ - fstring acct_name; /* account name */ - fstring acct_desc; /* account name */ - uint32 rid; /* domain-relative RID */ -}; - -typedef struct sam_trust_passwd { - TALLOC_CTX *mem_ctx; - - void (*free_fn)(struct sam_trust_passwd **); - - struct pdb_methods *methods; - - struct trust_passwd_data { - uint16 flags; /* flags */ - size_t uni_name_len; /* unicode name length */ - smb_ucs2_t uni_name[32]; /* unicode domain name */ - fstring pass; /* trust password */ - time_t mod_time; /* last change time */ - DOM_SID domain_sid; /* trusted domain sid */ - } private; - -} SAM_TRUST_PASSWD; - - - /***************************************************************** Functions to be implemented by the new (v2) passdb API ****************************************************************/ @@ -277,7 +233,7 @@ typedef struct sam_trust_passwd { * this SAMBA will load. Increment this if *ANY* changes are made to the interface. */ -#define PASSDB_INTERFACE_VERSION 7 +#define PASSDB_INTERFACE_VERSION 4 typedef struct pdb_context { @@ -303,8 +259,6 @@ typedef struct pdb_context NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); - /* group mapping functions: to be removed */ - NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid); @@ -325,96 +279,6 @@ typedef struct pdb_context GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*pdb_find_alias)(struct pdb_context *context, - const char *name, DOM_SID *sid); - - NTSTATUS (*pdb_create_alias)(struct pdb_context *context, - const char *name, uint32 *rid); - - NTSTATUS (*pdb_delete_alias)(struct pdb_context *context, - const DOM_SID *sid); - - NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 num_entries, - uint32 *num_aliases, - struct acct_info **aliases); - - NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member); - - NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context, - const DOM_SID *alias, - DOM_SID **aliases, - int *num); - - /* group functions */ - - NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group); - - NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group); - - NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name); - - NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members); - - /* trust password functions */ - - NTSTATUS (*pdb_settrustpwent)(struct pdb_context *context); - - NTSTATUS (*pdb_gettrustpwent)(struct pdb_context *context, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*pdb_gettrustpwnam)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const char *dom_name); - - NTSTATUS (*pdb_gettrustpwsid)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*pdb_add_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privs); - - NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list); - void (*free_fn)(struct pdb_context **); TALLOC_CTX *mem_ctx; @@ -445,9 +309,7 @@ typedef struct pdb_methods NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass); NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username); - - /* group mapping functions: to be removed */ - + NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid); NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid); @@ -468,92 +330,9 @@ typedef struct pdb_methods GROUP_MAP **rmap, int *num_entries, BOOL unix_only); - NTSTATUS (*find_alias)(struct pdb_methods *methods, - const char *name, DOM_SID *sid); - - NTSTATUS (*create_alias)(struct pdb_methods *methods, - const char *name, uint32 *rid); - - NTSTATUS (*delete_alias)(struct pdb_methods *methods, - const DOM_SID *sid); - - NTSTATUS (*enum_aliases)(struct pdb_methods *methods, - const DOM_SID *domain_sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info); - - NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods, - const DOM_SID *sid, - struct acct_info *info); - - NTSTATUS (*add_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*del_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, const DOM_SID *member); - NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members); - NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num); - - /* group functions */ - - NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group); - - NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups); - - NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members); - - NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group); - - NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group); - - NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member); - - NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name); - - NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name); - - NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members); - void *private_data; /* Private data of some kind */ void (*free_private_data)(void **); - - /* trust password functions */ - - NTSTATUS (*settrustpwent)(struct pdb_methods *methods); - - NTSTATUS (*gettrustpwent)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust); - - NTSTATUS (*gettrustpwnam)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const char *name); - - NTSTATUS (*gettrustpwsid)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const DOM_SID *sid); - - NTSTATUS (*add_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*update_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust); - - /* privileges functions */ - - NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid); - - NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privs); - - NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list); } PDB_METHODS; diff --git a/source/include/privileges.h b/source/include/privileges.h index 289afa234ec..b7e1b44c2af 100644 --- a/source/include/privileges.h +++ b/source/include/privileges.h @@ -23,39 +23,15 @@ #ifndef PRIVILEGES_H #define PRIVILEGES_H -#define PRIV_ALL_INDEX 30 +#define PRIV_ALL_INDEX 5 -#define SE_NONE 0 -#define SE_ASSIGN_PRIMARY_TOKEN 1 -#define SE_CREATE_TOKEN 2 -#define SE_LOCK_MEMORY 3 -#define SE_INCREASE_QUOTA 4 -#define SE_UNSOLICITED_INPUT 5 -#define SE_MACHINE_ACCOUNT 6 -#define SE_TCB 7 -#define SE_SECURITY 8 -#define SE_TAKE_OWNERSHIP 9 -#define SE_LOAD_DRIVER 10 -#define SE_SYSTEM_PROFILE 11 -#define SE_SYSTEM_TIME 12 -#define SE_PROF_SINGLE_PROCESS 13 -#define SE_INC_BASE_PRIORITY 14 -#define SE_CREATE_PAGEFILE 15 -#define SE_CREATE_PERMANENT 16 -#define SE_BACKUP 17 -#define SE_RESTORE 18 -#define SE_SHUTDOWN 19 -#define SE_DEBUG 20 -#define SE_AUDIT 21 -#define SE_SYSTEM_ENVIRONMENT 22 -#define SE_CHANGE_NOTIFY 23 -#define SE_REMOTE_SHUTDOWN 24 -#define SE_UNDOCK 25 -#define SE_SYNC_AGENT 26 -#define SE_ENABLE_DELEGATION 27 -#define SE_PRINT_OPERATOR 28 -#define SE_ADD_USERS 29 -#define SE_ALL_PRIVS 0xffff +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff #define PR_NONE 0x0000 #define PR_LOG_ON_LOCALLY 0x0001 @@ -63,11 +39,6 @@ #define PR_LOG_ON_BATCH_JOB 0x0004 #define PR_LOG_ON_SERVICE 0x0010 -#ifndef _BOOL -typedef int BOOL; -#define _BOOL /* So we don't typedef BOOL again in vfs.h */ -#endif - typedef struct LUID { uint32 low; @@ -78,7 +49,7 @@ typedef struct LUID_ATTR { LUID luid; uint32 attr; -} LUID_ATTR; +} LUID_ATTR ; typedef struct privilege_set { diff --git a/source/include/rpc_dce.h b/source/include/rpc_dce.h index 8266fc861f1..52fe08d8753 100644 --- a/source/include/rpc_dce.h +++ b/source/include/rpc_dce.h @@ -87,15 +87,29 @@ enum netsec_direction /* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */ #define MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */ +/* + * Actual structure of a DCE UUID + */ + +typedef struct rpc_uuid +{ + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 remaining[8]; +} RPC_UUID; + +#define RPC_UUID_LEN 16 + /* RPC_IFACE */ typedef struct rpc_iface_info { - struct uuid uuid; /* 16 bytes of rpc interface identification */ + RPC_UUID uuid; /* 16 bytes of rpc interface identification */ uint32 version; /* the interface version number */ } RPC_IFACE; -#define RPC_IFACE_LEN (UUID_SIZE + 4) +#define RPC_IFACE_LEN (RPC_UUID_LEN + 4) struct pipe_id_info { diff --git a/source/include/rpc_ds.h b/source/include/rpc_ds.h index e06918730a4..dc1aeef464e 100644 --- a/source/include/rpc_ds.h +++ b/source/include/rpc_ds.h @@ -64,7 +64,7 @@ typedef struct uint32 dnsname_ptr; uint32 forestname_ptr; - struct uuid domain_guid; + GUID domain_guid; UNISTR2 netbios_domain; @@ -110,7 +110,7 @@ typedef struct { uint32 trust_type; uint32 trust_attributes; uint32 sid_ptr; - struct uuid guid; + GUID guid; UNISTR2 netbios_domain; UNISTR2 dns_domain; @@ -124,7 +124,7 @@ struct ds_domain_trust { uint32 parent_index; uint32 trust_type; uint32 trust_attributes; - struct uuid guid; + GUID guid; DOM_SID sid; char *netbios_domain; diff --git a/source/include/rpc_epmapper.h b/source/include/rpc_epmapper.h deleted file mode 100644 index bbca6ac1f28..00000000000 --- a/source/include/rpc_epmapper.h +++ /dev/null @@ -1,118 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Endpoint mapper data definitions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#define EPM_HANDLE_LEN 20 - -/* ordinal for the mapping interface */ - -#define EPM_MAP_PIPE_NAME 0x03 - -/* some of the different connection protocols and their IDs from Windows */ - -#define EPM_FLOOR_UUID 0x0d /* floor contains UUID */ -#define EPM_FLOOR_RPC 0x0b /* tower is for connection-oriented rpc */ -#define EPM_FLOOR_TCP 0x07 /* floor contains tcp port number */ -#define EPM_FLOOR_IP 0x09 /* floor contains IP address */ -#define EPM_FLOOR_NMPIPES 0x0f /* floor contains remote named pipe name */ -#define EPM_FLOOR_LRPC 0x10 /* floor contains local named pipe name */ -#define EPM_FLOOR_NETBIOS 0x11 /* floor contains netbios address */ -#define EPM_FLOOR_NETBEUI 0x12 /* floor contains netbeui address */ -#define EPM_FLOOR_SOCKET 0x20 - -#define EPM_PIPE_NM "epmapper" - -#define MAX_TOWERS 1 - -typedef struct -{ - uint8 data[EPM_HANDLE_LEN]; -} EPM_HANDLE; - -typedef struct -{ - struct { - uint16 length; - uint8 protocol; - struct { - struct uuid uuid; - uint16 version; - } uuid; - } lhs; - struct { - uint16 length; - uint16 unknown; - struct { - uint16 port; - } tcp; - struct { - uint8 addr[4]; - } ip; - char string[MAXHOSTNAMELEN+3]; /* hostname + \\ + null term */ - } rhs; -} EPM_FLOOR; - -typedef struct -{ - uint32 max_length; - uint32 length; - uint16 num_floors; - EPM_FLOOR *floors; - uint8 unknown; -} EPM_TOWER; - -typedef struct -{ - EPM_HANDLE handle; - uint32 tower_ref_id; - EPM_TOWER *tower; - EPM_HANDLE term_handle; /* in/out */ - uint32 max_towers; -} EPM_Q_MAP; - -typedef struct -{ - uint32 max_count; - uint32 offset; - uint32 count; - uint32 *tower_ref_ids; - EPM_TOWER *towers; -} EPM_TOWER_ARRAY; - -typedef struct -{ - EPM_HANDLE handle; - uint32 num_results; - EPM_TOWER_ARRAY *results; - uint32 status; -} EPM_R_MAP; - - -/* port mapping entries to be read */ - -typedef struct _mapper_entries{ - uint8 protocol ; - RPC_IFACE uuid_info ; /* needs to be zeroed if no specific uuid */ - uint16 port ; - char pipe_name[40] ; - char srv_name[20] ; - uint8 srv_port[4] ; - char func_name[16][16]; /* array of up to 16 functions available */ -} mapper_entries; - diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h index 29a9cd7306b..2064a38056e 100644 --- a/source/include/rpc_lsa.h +++ b/source/include/rpc_lsa.h @@ -275,7 +275,7 @@ typedef struct lsa_dns_dom_info UNIHDR hdr_dns_dom_name; UNIHDR hdr_forest_name; - struct uuid dom_guid; /* domain GUID */ + GUID dom_guid; /* domain GUID */ UNISTR2 uni_nb_dom_name; UNISTR2 uni_dns_dom_name; @@ -635,20 +635,6 @@ typedef struct lsa_r_unk_get_connuser } LSA_R_UNK_GET_CONNUSER; -typedef struct lsa_q_createaccount -{ - POLICY_HND pol; /* policy handle */ - DOM_SID2 sid; - uint32 access; /* access */ -} LSA_Q_CREATEACCOUNT; - -typedef struct lsa_r_createaccount -{ - POLICY_HND pol; /* policy handle */ - NTSTATUS status; -} LSA_R_CREATEACCOUNT; - - typedef struct lsa_q_openaccount { POLICY_HND pol; /* policy handle */ diff --git a/source/include/rpc_secdes.h b/source/include/rpc_secdes.h index 56145ac024c..5e718f8167d 100644 --- a/source/include/rpc_secdes.h +++ b/source/include/rpc_secdes.h @@ -113,6 +113,13 @@ PROTECTED_SACL_SECURITY_INFORMATION|\ PROTECTED_DACL_SECURITY_INFORMATION) +/* Globally Unique ID */ +#define GUID_SIZE 16 +typedef struct guid_info +{ + uint8 info[GUID_SIZE]; +} GUID; + /* SEC_ACCESS */ typedef struct security_info_info { @@ -131,8 +138,8 @@ typedef struct security_ace_info /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ - struct uuid obj_guid; /* object GUID */ - struct uuid inh_guid; /* inherited object GUID */ + GUID obj_guid; /* object GUID */ + GUID inh_guid; /* inherited object GUID */ /* eof object stuff */ DOM_SID trustee; diff --git a/source/include/secrets.h b/source/include/secrets.h index 8c393940586..cb4fbd043a7 100644 --- a/source/include/secrets.h +++ b/source/include/secrets.h @@ -49,13 +49,6 @@ #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN" #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD" -/* Trust password type flags */ -#define PASS_MACHINE_TRUST_NT 0x0001 -#define PASS_SERVER_TRUST_NT 0x0002 -#define PASS_DOMAIN_TRUST_NT 0x0004 -#define PASS_MACHINE_TRUST_ADS 0x0008 -#define PASS_DOMAIN_TRUST_ADS 0x0010 - /* structure for storing machine account password (ie. when samba server is member of a domain */ struct machine_acct_pass { diff --git a/source/include/smb.h b/source/include/smb.h index 6de50c8afa1..3ee6f01d34d 100644 --- a/source/include/smb.h +++ b/source/include/smb.h @@ -195,7 +195,6 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PIPE_NETDFS "\\PIPE\\netdfs" #define PIPE_ECHO "\\PIPE\\rpcecho" #define PIPE_SHUTDOWN "\\PIPE\\initshutdown" -#define PIPE_EPM "\\PIPE\\epmapper" #define PIPE_NETLOGON_PLAIN "\\NETLOGON" @@ -210,8 +209,7 @@ typedef smb_ucs2_t wfstring[FSTRING_LEN]; #define PI_NETDFS 8 #define PI_ECHO 9 #define PI_SHUTDOWN 10 -#define PI_EPM 11 -#define PI_MAX_PIPES 12 +#define PI_MAX_PIPES 11 /* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */ typedef struct nttime_info @@ -500,7 +498,6 @@ typedef struct connection_struct int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; time_t lastused; BOOL used; @@ -520,7 +517,6 @@ struct current_user int ngroups; gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; }; /* Defines for the sent_oplock_break field above. */ @@ -1558,7 +1554,6 @@ typedef struct user_struct gid_t *groups; NT_USER_TOKEN *nt_user_token; - PRIVILEGE_SET *privs; DATA_BLOB session_key; @@ -1654,7 +1649,7 @@ struct ip_service { typedef struct smb_sign_info { void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si); - BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok); + BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL must_be_ok); void (*free_signing_context)(struct smb_sign_info *si); void *signing_context; diff --git a/source/include/smbldap.h b/source/include/smbldap.h index 119479f218d..68a2c00afe0 100644 --- a/source/include/smbldap.h +++ b/source/include/smbldap.h @@ -38,7 +38,6 @@ #define LDAP_OBJ_IDPOOL "sambaUnixIdPool" #define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry" #define LDAP_OBJ_SID_ENTRY "sambaSidEntry" -#define LDAP_OBJ_PRIVILEGE "sambaPrivilege" #define LDAP_OBJ_ACCOUNT "account" #define LDAP_OBJ_POSIXACCOUNT "posixAccount" @@ -50,7 +49,6 @@ #define LDAP_ATTRIBUTE_SID "sambaSID" #define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber" #define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber" -#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList" /* attribute map table indexes */ @@ -95,7 +93,6 @@ #define LDAP_ATTR_MUNGED_DIAL 37 #define LDAP_ATTR_BAD_PASSWORD_TIME 38 #define LDAP_ATTR_MOD_TIMESTAMP 39 -#define LDAP_ATTR_SID_LIST 40 typedef struct _attrib_map_entry { int attrib; @@ -109,7 +106,6 @@ extern ATTRIB_MAP_ENTRY attrib_map_v22[]; extern ATTRIB_MAP_ENTRY attrib_map_v30[]; extern ATTRIB_MAP_ENTRY dominfo_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list[]; -extern ATTRIB_MAP_ENTRY privilege_attr_list[]; extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[]; extern ATTRIB_MAP_ENTRY idpool_attr_list[]; extern ATTRIB_MAP_ENTRY sidmap_attr_list[]; diff --git a/source/include/tdbsam2_parse_info.h b/source/include/tdbsam2_parse_info.h deleted file mode 100644 index 35eeaeb2d2c..00000000000 --- a/source/include/tdbsam2_parse_info.h +++ /dev/null @@ -1,2 +0,0 @@ -/* This is an automatically generated file - DO NOT EDIT! */ - diff --git a/source/lib/genparser.c b/source/lib/genparser.c deleted file mode 100644 index 7476b5d0aff..00000000000 --- a/source/lib/genparser.c +++ /dev/null @@ -1,783 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -/* - automatic marshalling/unmarshalling system for C structures -*/ - -#include "includes.h" - -/* see if a range of memory is all zero. Used to prevent dumping of zero elements */ -static int all_zero(const char *ptr, unsigned size) -{ - int i; - if (!ptr) return 1; - for (i=0;i<size;i++) { - if (ptr[i]) return 0; - } - return 1; -} - -/* encode a buffer of bytes into a escaped string */ -static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len) -{ - const char *hexdig = "0123456789abcdef"; - char *ret, *p; - unsigned i; - ret = talloc(mem_ctx, len*3 + 1); /* worst case size */ - if (!ret) return NULL; - for (p=ret,i=0;i<len;i++) { - if (isalnum(ptr[i]) || isspace(ptr[i]) || - (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) { - *p++ = ptr[i]; - } else { - unsigned char c = *(unsigned char *)(ptr+i); - if (c == 0 && all_zero(ptr+i, len-i)) break; - p[0] = '\\'; - p[1] = hexdig[c>>4]; - p[2] = hexdig[c&0xF]; - p += 3; - } - } - - *p = 0; - - return ret; -} - -/* decode an escaped string from encode_bytes() into a buffer */ -static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len) -{ - char *ret, *p; - unsigned i; - int slen = strlen(s) + 1; - - ret = talloc(mem_ctx, slen); /* worst case length */ - if (!ret) - return NULL; - memset(ret, 0, slen); - - if (*s == '{') s++; - - for (p=ret,i=0;s[i];i++) { - if (s[i] == '}') { - break; - } else if (s[i] == '\\') { - unsigned v; - if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) { - return NULL; - } - *(unsigned char *)p = v; - p++; - i += 2; - } else { - *p++ = s[i]; - } - } - *p = 0; - - (*len) = (unsigned)(p - ret); - - return ret; -} - -/* the add*() functions deal with adding things to a struct - parse_string */ - -/* allocate more space if needed */ -static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n) -{ - if (p->length + n <= p->allocated) return 0; - p->allocated = p->length + n + 200; - p->s = talloc_realloc(mem_ctx, p->s, p->allocated); - if (!p->s) { - errno = ENOMEM; - return -1; - } - return 0; -} - -/* add a character to the buffer */ -static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c) -{ - if (addgen_alloc(mem_ctx, p, 2) != 0) { - return -1; - } - p->s[p->length++] = c; - p->s[p->length] = 0; - return 0; -} - -/* add a string to the buffer */ -int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, len+1) != 0) { - return -1; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* add a string to the buffer with a tab prefix */ -static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent) -{ - int len = strlen(s); - if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) { - return -1; - } - while (indent--) { - p->s[p->length++] = '\t'; - } - memcpy(p->s + p->length, s, len+1); - p->length += len; - return 0; -} - -/* note! this can only be used for results up to 60 chars wide! */ -int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char buf[60]; - int n; - va_list ap; - va_start(ap, fmt); - n = vsnprintf(buf, sizeof(buf), fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - return 0; -} - -/* - this is here to make it easier for people to write dump functions - for their own types - */ -int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...) -{ - char *buf = NULL; - int n; - va_list ap; - va_start(ap, fmt); - n = vasprintf(&buf, fmt, ap); - va_end(ap); - if (addgen_alloc(mem_ctx, p, n + 1) != 0) { - if (buf) free(buf); - return -1; - } - if (n != 0) { - memcpy(p->s + p->length, buf, n); - } - p->length += n; - p->s[p->length] = 0; - if (buf) free(buf); - return 0; -} - -/* dump a enumerated type */ -int gen_dump_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - unsigned v = *(unsigned *)ptr; - int i; - for (i=0;einfo[i].name;i++) { - if (v == einfo[i].value) { - addstr(mem_ctx, p, einfo[i].name); - return 0; - } - } - /* hmm, maybe we should just fail? */ - return gen_dump_unsigned(mem_ctx, p, ptr, indent); -} - -/* dump a single non-array element, hanlding struct and enum */ -static int gen_dump_one(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - unsigned indent) -{ - if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) { - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addchar(mem_ctx, p,'{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}")) { - return -1; - } - return 0; - } - - return pinfo->dump_fn(mem_ctx, p, ptr, indent); -} - -/* handle dumping of an array of arbitrary type */ -static int gen_dump_array(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *ptr, - int array_len, - int indent) -{ - int i, count=0; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - char *s = encode_bytes(mem_ctx, ptr, array_len); - if (!s) return -1; - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = {") || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; - } - - for (i=0;i<array_len;i++) { - const char *p2 = ptr; - unsigned size = pinfo->size; - - /* generic pointer dereference */ - if (pinfo->ptr_count) { - p2 = *(const char **)ptr; - size = sizeof(void *); - } - - if ((count || pinfo->ptr_count) && - !(pinfo->flags & FLAG_ALWAYS) && - all_zero(ptr, size)) { - ptr += size; - continue; - } - if (count == 0) { - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addshort(mem_ctx, p, " = %u:", i)) { - return -1; - } - } else { - if (addshort(mem_ctx, p, ", %u:", i) != 0) { - return -1; - } - } - if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) { - return -1; - } - ptr += size; - count++; - } - if (count) { - return addstr(mem_ctx, p, "\n"); - } - return 0; -} - -/* find a variable by name in a loaded structure and return its value - as an integer. Used to support dynamic arrays */ -static int find_var(const struct parse_struct *pinfo, - const char *data, - const char *var) -{ - int i; - const char *ptr; - - /* this allows for constant lengths */ - if (isdigit(*var)) { - return atoi(var); - } - - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, var) == 0) break; - } - if (!pinfo[i].name) return -1; - - ptr = data + pinfo[i].offset; - - switch (pinfo[i].size) { - case sizeof(int): - return *(int *)ptr; - case sizeof(char): - return *(char *)ptr; - } - - return -1; -} - - -int gen_dump_struct(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - struct parse_string *p, - const char *ptr, - unsigned indent) -{ - char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1); - if (!s) return -1; - if (addstr(mem_ctx, p, "{\n") || - addstr(mem_ctx, p, s) || - addtabbed(mem_ctx, p, "}", indent)) { - return -1; - } - return 0; -} - -static int gen_dump_string(TALLOC_CTX *mem_ctx, - struct parse_string *p, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - const char *ptr = *(char **)data; - char *s = encode_bytes(mem_ctx, ptr, strlen(ptr)); - if (addtabbed(mem_ctx, p, pinfo->name, indent) || - addstr(mem_ctx, p, " = ") || - addchar(mem_ctx, p, '{') || - addstr(mem_ctx, p, s) || - addstr(mem_ctx, p, "}\n")) { - return -1; - } - return 0; -} - -/* - find the length of a nullterm array -*/ -static int len_nullterm(const char *ptr, int size, int array_len) -{ - int len; - - if (size == 1) { - len = strnlen(ptr, array_len); - } else { - for (len=0; len < array_len; len++) { - if (all_zero(ptr+len*size, size)) break; - } - } - - if (len == 0) len = 1; - - return len; -} - - -/* the generic dump routine. Scans the parse information for this structure - and processes it recursively */ -char *gen_dump(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *data, - unsigned indent) -{ - struct parse_string p; - int i; - - p.length = 0; - p.allocated = 0; - p.s = NULL; - - if (addstr(mem_ctx, &p, "") != 0) { - return NULL; - } - - for (i=0;pinfo[i].name;i++) { - const char *ptr = data + pinfo[i].offset; - unsigned size = pinfo[i].size; - - if (pinfo[i].ptr_count) { - size = sizeof(void *); - } - - /* special handling for array types */ - if (pinfo[i].array_len) { - unsigned len = pinfo[i].array_len; - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(ptr, size, len); - } - if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr, - len, indent)) { - goto failed; - } - continue; - } - - /* and dynamically sized arrays */ - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - struct parse_struct p2 = pinfo[i]; - if (len < 0) { - goto failed; - } - if (len > 0) { - if (pinfo[i].flags & FLAG_NULLTERM) { - len = len_nullterm(*(char **)ptr, - pinfo[i].size, len); - } - p2.ptr_count--; - p2.dynamic_len = NULL; - if (gen_dump_array(mem_ctx, &p, &p2, - *(char **)ptr, - len, indent) != 0) { - goto failed; - } - } - continue; - } - - /* don't dump zero elements */ - if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue; - - /* assume char* is a null terminated string */ - if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 && - pinfo[i].dump_fn == gen_dump_char) { - if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) { - goto failed; - } - continue; - } - - /* generic pointer dereference */ - if (pinfo[i].ptr_count) { - ptr = *(const char **)ptr; - } - - if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) || - addstr(mem_ctx, &p, " = ") || - gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) || - addstr(mem_ctx, &p, "\n")) { - goto failed; - } - } - return p.s; - -failed: - return NULL; -} - -/* search for a character in a string, skipping over sections within - matching braces */ -static char *match_braces(char *s, char c) -{ - int depth = 0; - while (*s) { - switch (*s) { - case '}': - depth--; - break; - case '{': - depth++; - break; - } - if (depth == 0 && *s == c) { - return s; - } - s++; - } - return s; -} - -/* parse routine for enumerated types */ -int gen_parse_enum(TALLOC_CTX *mem_ctx, - const struct enum_struct *einfo, - char *ptr, - const char *str) -{ - unsigned v; - int i; - - if (isdigit(*str)) { - if (sscanf(str, "%u", &v) != 1) { - errno = EINVAL; - return -1; - } - *(unsigned *)ptr = v; - return 0; - } - - for (i=0;einfo[i].name;i++) { - if (strcmp(einfo[i].name, str) == 0) { - *(unsigned *)ptr = einfo[i].value; - return 0; - } - } - - /* unknown enum value?? */ - return -1; -} - - -/* parse all base types */ -static int gen_parse_base(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str) -{ - if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) { - unsigned len; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s) return -1; - *(char **)ptr = s; - return 0; - } - - if (pinfo->ptr_count) { - unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size; - struct parse_struct p2 = *pinfo; - *(void **)ptr = talloc(mem_ctx, size); - if (! *(void **)ptr) { - return -1; - } - memset(*(void **)ptr, 0, size); - ptr = *(char **)ptr; - p2.ptr_count--; - return gen_parse_base(mem_ctx, &p2, ptr, str); - } - - return pinfo->parse_fn(mem_ctx, ptr, str); -} - -/* parse a generic array */ -static int gen_parse_array(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - char *ptr, - const char *str, - int array_len) -{ - char *p, *p2; - unsigned size = pinfo->size; - - /* special handling of fixed length strings */ - if (array_len != 0 && - pinfo->ptr_count == 0 && - pinfo->dump_fn == gen_dump_char) { - unsigned len = 0; - char *s = decode_bytes(mem_ctx, str, &len); - if (!s || (len > array_len)) return -1; - memset(ptr, 0, array_len); - memcpy(ptr, s, len); - return 0; - } - - if (pinfo->ptr_count) { - size = sizeof(void *); - } - - while (*str) { - unsigned idx; - int done; - - idx = atoi(str); - p = strchr(str,':'); - if (!p) break; - p++; - p2 = match_braces(p, ','); - done = (*p2 != ','); - *p2 = 0; - - if (*p == '{') { - p++; - p[strlen(p)-1] = 0; - } - - if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) { - return -1; - } - - if (done) break; - str = p2+1; - } - - return 0; -} - -/* parse one element, hanlding dynamic and static arrays */ -static int gen_parse_one(TALLOC_CTX *mem_ctx, - const struct parse_struct *pinfo, - const char *name, - char *data, - const char *str) -{ - int i; - for (i=0;pinfo[i].name;i++) { - if (strcmp(pinfo[i].name, name) == 0) { - break; - } - } - if (pinfo[i].name == NULL) { - return 0; - } - - if (pinfo[i].array_len) { - return gen_parse_array(mem_ctx, &pinfo[i], - data+pinfo[i].offset, - str, pinfo[i].array_len); - } - - if (pinfo[i].dynamic_len) { - int len = find_var(pinfo, data, pinfo[i].dynamic_len); - if (len < 0) { - errno = EINVAL; - return -1; - } - if (len > 0) { - struct parse_struct p2 = pinfo[i]; - char *ptr; - unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size; - ptr = talloc(mem_ctx, len*size); - if (!ptr) { - errno = ENOMEM; - return -1; - } - memset(ptr, 0, len*size); - *((char **)(data + pinfo[i].offset)) = ptr; - p2.ptr_count--; - p2.dynamic_len = NULL; - return gen_parse_array(mem_ctx, &p2, ptr, str, len); - } - return 0; - } - - return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str); -} - -int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str) -{ - return gen_parse(mem_ctx, pinfo, ptr, str); -} - -/* the main parse routine */ -int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s) -{ - char *str, *s0; - - s0 = talloc_strdup(mem_ctx, s); - str = s0; - - while (*str) { - char *p; - char *name; - char *value; - - /* skip leading whitespace */ - while (isspace(*str)) str++; - - p = strchr(str, '='); - if (!p) break; - value = p+1; - while (p > str && isspace(*(p-1))) { - p--; - } - - *p = 0; - name = str; - - while (isspace(*value)) value++; - - if (*value == '{') { - str = match_braces(value, '}'); - value++; - } else { - str = match_braces(value, '\n'); - } - - *str++ = 0; - - if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) { - return -1; - } - } - - return 0; -} - - - -/* for convenience supply some standard dumpers and parsers here */ - -int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned char *)ptr = atoi(str); - return 0; -} - -int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(int *)ptr = atoi(str); - return 0; -} - -int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(unsigned *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(time_t *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(double *)ptr = atof(str); - return 0; -} - -int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(float *)ptr = atof(str); - return 0; -} - -int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr)); -} - -int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%d", *(int *)(ptr)); -} - -int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr)); -} - -int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(time_t *)(ptr)); -} - -int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%lg", *(double *)(ptr)); -} - -int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%g", *(float *)(ptr)); -} diff --git a/source/lib/genparser_samba.c b/source/lib/genparser_samba.c deleted file mode 100644 index 8f469a46d6a..00000000000 --- a/source/lib/genparser_samba.c +++ /dev/null @@ -1,218 +0,0 @@ -/* - Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002 - Copyright (C) Simo Sorce <idra@samba.org> 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "genparser_samba.h" - -/* PARSE functions */ - -int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint8 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint16 *)ptr = atoi(str); - return 0; -} - -int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - *(uint32 *)ptr = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(!string_to_sid((DOM_SID *)ptr, str)) return -1; - return 0; -} - -int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10); - return 0; -} - -int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - int info[UUID_FLAT_SIZE]; - int i; - char *sc; - char *p; - char *m; - - m = strdup(str); - if (!m) return -1; - sc = m; - - memset(info, 0, sizeof(info)); - for (i = 0; i < UUID_FLAT_SIZE; i++) { - p = strchr(sc, ','); - if (p != NULL) p = '\0'; - info[i] = atoi(sc); - if (p != NULL) sc = p + 1; - } - free(m); - - for (i = 0; i < UUID_FLAT_SIZE; i++) { - ((UUID_FLAT *)ptr)->info[i] = info[i]; - } - - return 0; -} - -int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str); -} - -int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str); -} - -int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str); -} - -int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str); -} - -int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) { - errno = EINVAL; - return -1; - } - return 0; -} - -int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str); -} - -int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str) -{ - (TALLOC_CTX *)ptr = NULL; - return 0; -} - -/* DUMP functions */ - -int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr)); -} - -int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr)); -} - -int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr)); -} - -int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((NTTIME *)(ptr))->high; - low = ((NTTIME *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - fstring sidstr; - - sid_to_string(sidstr, (DOM_SID *)ptr); - return addstr(mem_ctx, p, sidstr); -} - -int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask); -} - -int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - int i, r; - - for (i = 0; i < (UUID_FLAT_SIZE - 1); i++) { - if (!(r = addshort(mem_ctx, p, "%d,", ((UUID_FLAT *)ptr)->info[i]))) return r; - } - return addshort(mem_ctx, p, "%d", ((UUID_FLAT *)ptr)->info[i]); -} - -int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent); -} - -int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent); -} - -int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent); -} - -int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent); -} - -int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - uint32 low, high; - - high = ((LUID *)(ptr))->high; - low = ((LUID *)(ptr))->low; - return addshort(mem_ctx, p, "%u,%u", high, low); -} - -int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent); -} - -int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) -{ - return addshort(mem_ctx, p, "TALLOC_CTX"); -} diff --git a/source/lib/pam_errors.c b/source/lib/pam_errors.c index 925441fb1d4..212d3831fd5 100644 --- a/source/lib/pam_errors.c +++ b/source/lib/pam_errors.c @@ -36,7 +36,7 @@ static const struct { {PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL}, {PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL}, - {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL}, + {PAM_BUF_ERR, NT_STATUS_NO_MEMORY}, {PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED}, {PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD}, {PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */ @@ -69,6 +69,8 @@ static const struct { {NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED}, {NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED}, {NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD}, + {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES}, + {NT_STATUS_NO_MEMORY, PAM_BUF_ERR}, {NT_STATUS_OK, PAM_SUCCESS} }; diff --git a/source/lib/privileges.c b/source/lib/privileges.c index abbaf112d34..b9d4df301d9 100644 --- a/source/lib/privileges.c +++ b/source/lib/privileges.c @@ -26,43 +26,6 @@ #define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) #define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0) - -PRIVS privs[] = { - {SE_NONE, "no_privs", "No privilege"}, /* this one MUST be first */ - {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"}, - {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"}, - {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"}, - {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"}, - {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"}, - {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"}, - {SE_TCB, "SeTcbPrivilege", "TCB"}, - {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"}, - {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"}, - {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"}, - {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"}, - {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"}, - {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"}, - {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"}, - {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"}, - {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"}, - {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"}, - {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"}, - {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"}, - {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"}, - {SE_AUDIT, "SeAuditPrivilege", "Audit"}, - {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"}, - {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"}, - {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"}, - {SE_UNDOCK, "SeUndockPrivilege", "Undock"}, - {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"}, - {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"}, - {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"}, - {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"}, - {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"} -}; - - - /**************************************************************************** Check if a user is a mapped group. @@ -102,10 +65,9 @@ NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) /**************************************************************************** duplicate alloc luid_attr ****************************************************************************/ -NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la, int count) +NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR *old_la) { NTSTATUS ret; - int i; /* don't crash if the source pointer is NULL (since we don't do priviledges now anyways) */ @@ -113,14 +75,12 @@ NTSTATUS dupalloc_luid_attr(TALLOC_CTX *mem_ctx, LUID_ATTR **new_la, LUID_ATTR * if ( !old_la ) return NT_STATUS_OK; - *new_la = (LUID_ATTR *)talloc(mem_ctx, count*sizeof(LUID_ATTR)); + *new_la = (LUID_ATTR *)talloc(mem_ctx, sizeof(LUID_ATTR)); ALLOC_CHECK(new_la, ret, done, "dupalloc_luid_attr"); - for (i=0; i<count; i++) { - (*new_la)[i].luid.high = old_la[i].luid.high; - (*new_la)[i].luid.low = old_la[i].luid.low; - (*new_la)[i].attr = old_la[i].attr; - } + (*new_la)->luid.high = old_la->luid.high; + (*new_la)->luid.low = old_la->luid.low; + (*new_la)->attr = old_la->attr; ret = NT_STATUS_OK; @@ -173,9 +133,6 @@ void reset_privilege(PRIVILEGE_SET *priv_set) void destroy_privilege(PRIVILEGE_SET **priv_set) { - if (priv_set == NULL || *priv_set == NULL) - return; - reset_privilege(*priv_set); if (!((*priv_set)->ext_ctx)) /* mem_ctx is local, destroy it */ @@ -213,27 +170,6 @@ done: return ret; } -NTSTATUS add_privilege_by_name(PRIVILEGE_SET *priv_set, const char *name) -{ - int e; - - for (e = 0; privs[e].se_priv != SE_ALL_PRIVS; e++) { - if (StrCaseCmp(privs[e].priv, name) == 0) { - LUID_ATTR la; - - la.attr = 0; - la.luid.high = 0; - la.luid.low = privs[e].se_priv; - - return add_privilege(priv_set, la); - } - } - - DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name)); - - return NT_STATUS_UNSUCCESSFUL; -} - /**************************************************************************** add all the privileges to a privilege array ****************************************************************************/ @@ -246,15 +182,15 @@ NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set) set.luid.high = 0; /* TODO: set a proper list of privileges */ - set.luid.low = SE_ADD_USERS; + set.luid.low = SE_PRIV_ADD_USERS; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_MACHINE_ACCOUNT; + set.luid.low = SE_PRIV_ADD_MACHINES; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); - set.luid.low = SE_PRINT_OPERATOR; + set.luid.low = SE_PRIV_PRINT_OPERATOR; result = add_privilege(priv_set, set); NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege"); @@ -378,7 +314,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) LUID_ATTR *old_set; int i; - if (new_priv_set == NULL || priv_set == NULL) + if (!new_priv_set || !priv_set) return NT_STATUS_INVALID_PARAMETER; /* special case if there are no privileges in the list */ @@ -393,7 +329,7 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) old_set = priv_set->set; - new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count) * (sizeof(LUID_ATTR))); + new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR))); ALLOC_CHECK(new_set, ret, done, "dup_priv_set"); for (i=0; i < priv_set->count; i++) { @@ -412,31 +348,3 @@ NTSTATUS dup_priv_set(PRIVILEGE_SET *new_priv_set, PRIVILEGE_SET *priv_set) done: return ret; } - - -NTSTATUS user_has_privilege(struct current_user *user, uint32 privilege) -{ - LUID_ATTR set; - - set.attr = 0; - set.luid.high = 0; - set.luid.low = privilege; - - return check_priv_in_privilege(user->privs, set); -} - -BOOL luid_to_privilege_name(const LUID *set, fstring name) -{ - int i; - - if (set->high != 0) - return False; - - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - if (set->low == privs[i].se_priv) { - fstrcpy(name, privs[i].priv); - return True; - } - } - return False; -} diff --git a/source/lib/secace.c b/source/lib/secace.c index 8c54c970433..6769f1288a2 100644 --- a/source/lib/secace.c +++ b/source/lib/secace.c @@ -48,8 +48,8 @@ void sec_ace_copy(SEC_ACE *ace_dest, SEC_ACE *ace_src) ace_dest->size = ace_src->size; ace_dest->info.mask = ace_src->info.mask; ace_dest->obj_flags = ace_src->obj_flags; - memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid)); - memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid)); + memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE); + memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE); sid_copy(&ace_dest->trustee, &ace_src->trustee); } diff --git a/source/lib/smbldap.c b/source/lib/smbldap.c index 14a46fc5fb0..18979e2f76f 100644 --- a/source/lib/smbldap.c +++ b/source/lib/smbldap.c @@ -123,7 +123,6 @@ ATTRIB_MAP_ENTRY groupmap_attr_list[] = { { LDAP_ATTR_GIDNUMBER, LDAP_ATTRIBUTE_GIDNUMBER}, { LDAP_ATTR_GROUP_SID, LDAP_ATTRIBUTE_SID }, { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, - { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, { LDAP_ATTR_CN, "cn" }, @@ -136,7 +135,6 @@ ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[] = { { LDAP_ATTR_GROUP_TYPE, "sambaGroupType" }, { LDAP_ATTR_DESC, "description" }, { LDAP_ATTR_DISPLAY_NAME, "displayName" }, - { LDAP_ATTR_SID_LIST, "sambaSIDList" }, { LDAP_ATTR_LIST_END, NULL } }; @@ -157,16 +155,6 @@ ATTRIB_MAP_ENTRY sidmap_attr_list[] = { { LDAP_ATTR_LIST_END, NULL } }; -/* privileges */ - -ATTRIB_MAP_ENTRY privilege_attr_list[] = { - { LDAP_ATTR_CN, "sambaPrivName" }, - { LDAP_ATTR_SID_LIST, LDAP_ATTRIBUTE_SID_LIST }, - { LDAP_ATTR_DESC, "description" }, - { LDAP_ATTR_OBJCLASS, "objectClass" }, - { LDAP_ATTR_LIST_END, NULL } -}; - /********************************************************************** perform a simple table lookup and return the attribute name **********************************************************************/ @@ -1212,6 +1200,181 @@ NTSTATUS smbldap_init(TALLOC_CTX *mem_ctx, const char *location, struct smbldap_ return NT_STATUS_OK; } +/********************************************************************** + Add the sambaDomain to LDAP, so we don't have to search for this stuff + again. This is a once-add operation for now. + + TODO: Add other attributes, and allow modification. +*********************************************************************/ +static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, + const char *domain_name) +{ + fstring sid_string; + fstring algorithmic_rid_base_string; + pstring filter, dn; + LDAPMod **mods = NULL; + int rc; + int ldap_op; + LDAPMessage *result = NULL; + int num_result; + char **attr_list; + uid_t u_low, u_high; + gid_t g_low, g_high; + uint32 rid_low, rid_high; + + slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, LDAP_OBJ_DOMINFO); + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + return NT_STATUS_UNSUCCESSFUL; + } + + num_result = ldap_count_entries(ldap_state->ldap_struct, result); + + if (num_result > 1) { + DEBUG (0, ("More than domain with that name exists: bailing out!\n")); + ldap_msgfree(result); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Check if we need to add an entry */ + DEBUG(3,("Adding new domain\n")); + ldap_op = LDAP_MOD_ADD; + + pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name, lp_ldap_suffix()); + + /* Free original search */ + ldap_msgfree(result); + + /* make the changes - the entry *must* not already have samba attributes */ + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + /* If we don't have an entry, then ask secrets.tdb for what it thinks. + It may choose to make it up */ + + sid_to_string(sid_string, get_global_sam_sid()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); + + slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); + smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), + algorithmic_rid_base_string); + smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); + + /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. + TODO: fix all the places where the line between idmap and normal operations + needed by smbd gets fuzzy --jerry 2003-08-11 */ + + if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) + && get_free_rid_range(&rid_low, &rid_high) ) + { + fstring rid_str; + + fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); + DEBUG(10,("setting next available user rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), + rid_str); + + fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); + DEBUG(10,("setting next available group rid [%s]\n", rid_str)); + smbldap_set_mod(&mods, LDAP_MOD_ADD, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), + rid_str); + + } + + + switch(ldap_op) + { + case LDAP_MOD_ADD: + rc = smbldap_add(ldap_state, dn, mods); + break; + case LDAP_MOD_REPLACE: + rc = smbldap_modify(ldap_state, dn, mods); + break; + default: + DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); + return NT_STATUS_INVALID_PARAMETER; + } + + if (rc!=LDAP_SUCCESS) { + char *ld_error = NULL; + ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); + DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", + ldap_op == LDAP_MOD_ADD ? "add" : "modify", + dn, ldap_err2string(rc), + ld_error?ld_error:"unknown")); + SAFE_FREE(ld_error); + + ldap_mods_free(mods, True); + return NT_STATUS_UNSUCCESSFUL; + } + + DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); + ldap_mods_free(mods, True); + return NT_STATUS_OK; +} + +/********************************************************************** +Search for the domain info entry +*********************************************************************/ +NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, + LDAPMessage ** result, const char *domain_name, + BOOL try_add) +{ + NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + pstring filter; + int rc; + char **attr_list; + int count; + + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", + LDAP_OBJ_DOMINFO, + get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), + domain_name); + + DEBUG(2, ("Searching for:[%s]\n", filter)); + + + attr_list = get_attr_list( dominfo_attr_list ); + rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); + free_attr_list( attr_list ); + + if (rc != LDAP_SUCCESS) { + DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); + DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); + } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { + DEBUG(3, ("Got no domain info entries for domain\n")); + ldap_msgfree(*result); + *result = NULL; + if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { + return smbldap_search_domain_info(ldap_state, result, domain_name, False); + } + else { + DEBUG(0, ("Adding domain info for %s failed with %s\n", + domain_name, nt_errstr(ret))); + return ret; + } + } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { + DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", + count, domain_name)); + ldap_msgfree(*result); + *result = NULL; + return ret; + } else { + return NT_STATUS_OK; + } + + return ret; +} + /******************************************************************* Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX. ********************************************************************/ @@ -1232,3 +1395,4 @@ char *smbldap_get_dn(LDAP *ld, LDAPMessage *entry) ldap_memfree(utf8_dn); return unix_dn; } + diff --git a/source/lib/smbldap_util.c b/source/lib/smbldap_util.c deleted file mode 100644 index f6097599bc5..00000000000 --- a/source/lib/smbldap_util.c +++ /dev/null @@ -1,203 +0,0 @@ -/* - Unix SMB/CIFS mplementation. - LDAP protocol helper functions for SAMBA - Copyright (C) Jean François Micouleau 1998 - Copyright (C) Gerald Carter 2001-2003 - Copyright (C) Shahms King 2001 - Copyright (C) Andrew Bartlett 2002-2003 - Copyright (C) Stefan (metze) Metzmacher 2002-2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - -*/ - -#include "includes.h" -#include "smbldap.h" - -/********************************************************************** - Add the sambaDomain to LDAP, so we don't have to search for this stuff - again. This is a once-add operation for now. - - TODO: Add other attributes, and allow modification. -*********************************************************************/ -static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state, - const char *domain_name) -{ - fstring sid_string; - fstring algorithmic_rid_base_string; - pstring filter, dn; - LDAPMod **mods = NULL; - int rc; - int ldap_op; - LDAPMessage *result = NULL; - int num_result; - char **attr_list; - uid_t u_low, u_high; - gid_t g_low, g_high; - uint32 rid_low, rid_high; - - slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))", - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, LDAP_OBJ_DOMINFO); - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - return NT_STATUS_UNSUCCESSFUL; - } - - num_result = ldap_count_entries(ldap_state->ldap_struct, result); - - if (num_result > 1) { - DEBUG (0, ("More than domain with that name exists: bailing out!\n")); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Check if we need to add an entry */ - DEBUG(3,("Adding new domain\n")); - ldap_op = LDAP_MOD_ADD; - - pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name, lp_ldap_suffix()); - - /* Free original search */ - ldap_msgfree(result); - - /* make the changes - the entry *must* not already have samba attributes */ - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - /* If we don't have an entry, then ask secrets.tdb for what it thinks. - It may choose to make it up */ - - sid_to_string(sid_string, get_global_sam_sid()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string); - - slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base()); - smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE), - algorithmic_rid_base_string); - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO); - - /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set. - TODO: fix all the places where the line between idmap and normal operations - needed by smbd gets fuzzy --jerry 2003-08-11 */ - - if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high) - && get_free_rid_range(&rid_low, &rid_high) ) - { - fstring rid_str; - - fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE ); - DEBUG(10,("setting next available user rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID), - rid_str); - - fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE ); - DEBUG(10,("setting next available group rid [%s]\n", rid_str)); - smbldap_set_mod(&mods, LDAP_MOD_ADD, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID), - rid_str); - - } - - - switch(ldap_op) - { - case LDAP_MOD_ADD: - rc = smbldap_add(ldap_state, dn, mods); - break; - case LDAP_MOD_REPLACE: - rc = smbldap_modify(ldap_state, dn, mods); - break; - default: - DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op)); - return NT_STATUS_INVALID_PARAMETER; - } - - if (rc!=LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n", - ldap_op == LDAP_MOD_ADD ? "add" : "modify", - dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - - ldap_mods_free(mods, True); - return NT_STATUS_UNSUCCESSFUL; - } - - DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name)); - ldap_mods_free(mods, True); - return NT_STATUS_OK; -} - -/********************************************************************** -Search for the domain info entry -*********************************************************************/ -NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state, - LDAPMessage ** result, const char *domain_name, - BOOL try_add) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - pstring filter; - int rc; - char **attr_list; - int count; - - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))", - LDAP_OBJ_DOMINFO, - get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN), - domain_name); - - DEBUG(2, ("Searching for:[%s]\n", filter)); - - - attr_list = get_attr_list( dominfo_attr_list ); - rc = smbldap_search_suffix(ldap_state, filter, attr_list , result); - free_attr_list( attr_list ); - - if (rc != LDAP_SUCCESS) { - DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc))); - DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter)); - } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) { - DEBUG(3, ("Got no domain info entries for domain\n")); - ldap_msgfree(*result); - *result = NULL; - if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) { - return smbldap_search_domain_info(ldap_state, result, domain_name, False); - } - else { - DEBUG(0, ("Adding domain info for %s failed with %s\n", - domain_name, nt_errstr(ret))); - return ret; - } - } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) { - DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n", - count, domain_name)); - ldap_msgfree(*result); - *result = NULL; - return ret; - } else { - return NT_STATUS_OK; - } - - return ret; -} - diff --git a/source/lib/talloc.c b/source/lib/talloc.c index 485dc28f31d..093a221fd3d 100644 --- a/source/lib/talloc.c +++ b/source/lib/talloc.c @@ -276,6 +276,24 @@ char *talloc_strdup(TALLOC_CTX *t, const char *p) return NULL; } +/** strdup_upper with a talloc */ +char *talloc_strdup_upper(TALLOC_CTX *t, const char *p) +{ + char *r; + if (p) { + char *q = strdup_upper(p); + if (q) { + r = talloc_strdup(t, q); + SAFE_FREE(q); + return r; + } else { + return NULL; + } + } else { + return NULL; + } +} + /** strdup_w with a talloc */ smb_ucs2_t *talloc_strdup_w(TALLOC_CTX *t, const smb_ucs2_t *p) { diff --git a/source/lib/util_sid.c b/source/lib/util_sid.c index 2c0bd797859..50bbb4c72c6 100644 --- a/source/lib/util_sid.c +++ b/source/lib/util_sid.c @@ -617,6 +617,23 @@ char *sid_binstring(const DOM_SID *sid) return s; } + +/***************************************************************** + Print a GUID structure for debugging. +*****************************************************************/ + +void print_guid(GUID *guid) +{ + int i; + + d_printf("%08x-%04x-%04x", + IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6)); + d_printf("-%02x%02x-", guid->info[8], guid->info[9]); + for (i=10;i<GUID_SIZE;i++) + d_printf("%02x", guid->info[i]); + d_printf("\n"); +} + /******************************************************************* Tallocs a duplicate SID. ********************************************************************/ diff --git a/source/lib/util_str.c b/source/lib/util_str.c index be1e2ffeb1b..2be8b7eb64c 100644 --- a/source/lib/util_str.c +++ b/source/lib/util_str.c @@ -2027,21 +2027,3 @@ SMB_BIG_UINT STR_TO_SMB_BIG_UINT(const char *nptr, const char **entptr) return val; } - -void string_append(char **left, const char *right) -{ - int new_len = strlen(right) + 1; - - if (*left == NULL) { - *left = malloc(new_len); - *left[0] = '\0'; - } else { - new_len += strlen(*left); - *left = Realloc(*left, new_len); - } - - if (*left == NULL) - return; - - safe_strcat(*left, right, new_len-1); -} diff --git a/source/lib/util_uuid.c b/source/lib/util_uuid.c index 4c35236c902..56f0ecd85b9 100644 --- a/source/lib/util_uuid.c +++ b/source/lib/util_uuid.c @@ -2,7 +2,7 @@ * Unix SMB/CIFS implementation. * UUID server routines * Copyright (C) Theodore Ts'o 1996, 1997, - * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002, 2003 + * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002. * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -27,47 +27,57 @@ #define TIME_OFFSET_HIGH 0x01B21DD2 #define TIME_OFFSET_LOW 0x13814000 -void smb_uuid_pack(const struct uuid uu, UUID_FLAT *ptr) -{ - SIVAL(ptr, 0, uu.time_low); - SSVAL(ptr, 4, uu.time_mid); - SSVAL(ptr, 6, uu.time_hi_and_version); - memcpy(ptr+8, uu.clock_seq, 2); - memcpy(ptr+10, uu.node, 6); -} +struct uuid { + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 clock_seq[2]; + uint8 node[6]; +}; -void smb_uuid_unpack(const UUID_FLAT in, struct uuid *uu) + +static void uuid_pack(const struct uuid *uu, GUID *ptr) { - uu->time_low = IVAL(in.info, 0); - uu->time_mid = SVAL(in.info, 4); - uu->time_hi_and_version = SVAL(in.info, 6); - memcpy(uu->clock_seq, in.info+8, 2); - memcpy(uu->node, in.info+10, 6); + uint8 *out = ptr->info; + + SIVAL(out, 0, uu->time_low); + SSVAL(out, 4, uu->time_mid); + SSVAL(out, 6, uu->time_hi_and_version); + memcpy(out+8, uu->clock_seq, 2); + memcpy(out+10, uu->node, 6); } -const struct uuid smb_uuid_unpack_static(const UUID_FLAT in) +static void uuid_unpack(const GUID in, struct uuid *uu) { - static struct uuid uu; + const uint8 *ptr = in.info; - smb_uuid_unpack(in, &uu); - return uu; + uu->time_low = IVAL(ptr, 0); + uu->time_mid = SVAL(ptr, 4); + uu->time_hi_and_version = SVAL(ptr, 6); + memcpy(uu->clock_seq, ptr+8, 2); + memcpy(uu->node, ptr+10, 6); } -void smb_uuid_generate_random(struct uuid *uu) +void smb_uuid_generate_random(GUID *out) { - UUID_FLAT tmp; + GUID tmp; + struct uuid uu; generate_random_buffer(tmp.info, sizeof(tmp.info), True); - smb_uuid_unpack(tmp, uu); + uuid_unpack(tmp, &uu); - uu->clock_seq[0] = (uu->clock_seq[0] & 0x3F) | 0x80; - uu->time_hi_and_version = (uu->time_hi_and_version & 0x0FFF) | 0x4000; + uu.clock_seq[0] = (uu.clock_seq[0] & 0x3F) | 0x80; + uu.time_hi_and_version = (uu.time_hi_and_version & 0x0FFF) | 0x4000; + uuid_pack(&uu, out); } -char *smb_uuid_to_string(const struct uuid uu) +char *smb_uuid_to_string(const GUID in) { + struct uuid uu; char *out; + uuid_unpack(in, &uu); + asprintf(&out, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -77,11 +87,13 @@ char *smb_uuid_to_string(const struct uuid uu) return out; } -const char *smb_uuid_string_static(const struct uuid uu) +const char *smb_uuid_string_static(const GUID in) { + struct uuid uu; static char out[37]; - slprintf(out, sizeof(out), + uuid_unpack(in, &uu); + slprintf(out, sizeof(out) -1, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", uu.time_low, uu.time_mid, uu.time_hi_and_version, uu.clock_seq[0], uu.clock_seq[1], @@ -89,86 +101,3 @@ const char *smb_uuid_string_static(const struct uuid uu) uu.node[3], uu.node[4], uu.node[5]); return out; } - -BOOL smb_string_to_uuid(const char *in, struct uuid* uu) -{ - BOOL ret = False; - const char *ptr = in; - char *end = (char *)in; - int i; - - if (!in || !uu) goto out; - - uu->time_low = strtoul(ptr, &end, 16); - if ((end - ptr) != 8 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_mid = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - uu->time_hi_and_version = strtoul(ptr, &end, 16); - if ((end - ptr) != 4 || *end != '-') goto out; - ptr = (end + 1); - - for (i = 0; i < 2; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->clock_seq[i] |= (*ptr - adj); - ptr++; - } - - if (*ptr != '-') goto out; - ptr++; - - for (i = 0; i < 6; i++) { - int adj = 0; - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] = (*ptr - adj) << 4; - ptr++; - - if (*ptr >= '0' && *ptr <= '9') { - adj = '0'; - } else if (*ptr >= 'a' && *ptr <= 'f') { - adj = 'a'; - } else if (*ptr >= 'A' && *ptr <= 'F') { - adj = 'A'; - } else { - goto out; - } - uu->node[i] |= (*ptr - adj); - ptr++; - } - - ret = True; -out: - return ret; -} diff --git a/source/libads/ldap.c b/source/libads/ldap.c index 20a36dfdf5c..15504a5202f 100644 --- a/source/libads/ldap.c +++ b/source/libads/ldap.c @@ -1106,14 +1106,20 @@ static void dump_binary(const char *field, struct berval **values) } } +struct uuid { + uint32 i1; + uint16 i2; + uint16 i3; + uint8 s[8]; +}; + static void dump_guid(const char *field, struct berval **values) { int i; - UUID_FLAT guid; + GUID guid; for (i=0; values[i]; i++) { memcpy(guid.info, values[i]->bv_val, sizeof(guid.info)); - printf("%s: %s\n", field, - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + printf("%s: %s\n", field, smb_uuid_string_static(guid)); } } @@ -1765,18 +1771,16 @@ BOOL ads_pull_uint32(ADS_STRUCT *ads, * @return boolean indicating success **/ BOOL ads_pull_guid(ADS_STRUCT *ads, - void *msg, struct uuid *guid) + void *msg, GUID *guid) { char **values; - UUID_FLAT flat_guid; values = ldap_get_values(ads->ld, msg, "objectGUID"); if (!values) return False; if (values[0]) { - memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT)); - smb_uuid_unpack(flat_guid, guid); + memcpy(guid, values[0], sizeof(GUID)); ldap_value_free(values); return True; } diff --git a/source/libsmb/cliconnect.c b/source/libsmb/cliconnect.c index c39044e10af..cdf58c5b913 100644 --- a/source/libsmb/cliconnect.c +++ b/source/libsmb/cliconnect.c @@ -358,7 +358,9 @@ static BOOL cli_session_setup_nt1(struct cli_state *cli, const char *user, memcpy(p,nt_response.data, nt_response.length); p += nt_response.length; } p += clistr_push(cli, p, user, -1, STR_TERMINATE); - p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE); + + /* Upper case here might help some NTLMv2 implementations */ + p += clistr_push(cli, p, workgroup, -1, STR_TERMINATE|STR_UPPER); p += clistr_push(cli, p, "Unix", -1, STR_TERMINATE); p += clistr_push(cli, p, "Samba", -1, STR_TERMINATE); cli_setup_bcc(cli, p); @@ -874,7 +876,7 @@ BOOL cli_send_tconX(struct cli_state *cli, if ((cli->sec_mode & NEGOTIATE_SECURITY_CHALLENGE_RESPONSE) && *pass && passlen != 24) { if (!lp_client_lanman_auth()) { - DEBUG(1, ("Server requested LANMAN password but 'client use lanman auth'" + DEBUG(1, ("Server requested LANMAN password (share-level security) but 'client use lanman auth'" " is disabled\n")); return False; } @@ -1091,7 +1093,7 @@ BOOL cli_negprot(struct cli_state *cli) } cli->sign_info.negotiated_smb_signing = True; cli->sign_info.mandatory_signing = True; - } else if (cli->sign_info.allow_smb_signing && cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) { + } else if (cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) { cli->sign_info.negotiated_smb_signing = True; } @@ -1610,8 +1612,8 @@ struct cli_state *get_ipc_connect(char *server, struct in_addr *server_ip, struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring workgroup, struct user_auth_info *user_info) { static fstring name; - struct cli_state *cli; - struct in_addr server_ip; + struct cli_state *cli; + struct in_addr server_ip; DEBUG(99, ("Looking up name of master browser %s\n", inet_ntoa(mb_ip->ip))); @@ -1640,14 +1642,14 @@ struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring w return NULL; } - pstrcpy(workgroup, name); + pstrcpy(workgroup, name); - DEBUG(4, ("found master browser %s, %s\n", + DEBUG(4, ("found master browser %s, %s\n", name, inet_ntoa(mb_ip->ip))); - cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); + cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info); - return cli; + return cli; } diff --git a/source/libsmb/ntlm_check.c b/source/libsmb/ntlm_check.c index 362b640f913..a7764f9e986 100644 --- a/source/libsmb/ntlm_check.c +++ b/source/libsmb/ntlm_check.c @@ -85,6 +85,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, const uchar *part_passwd, const DATA_BLOB *sec_blob, const char *user, const char *domain, + BOOL upper_case_domain, /* should the domain be transformed into upper case? */ DATA_BLOB *user_sess_key) { /* Finish the encryption of part_passwd. */ @@ -122,7 +123,7 @@ static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB *ntv2_response, memcpy(client_response, ntv2_response->data, sizeof(client_response)); - if (!ntv2_owf_gen(part_passwd, user, domain, kr)) { + if (!ntv2_owf_gen(part_passwd, user, domain, upper_case_domain, kr)) { return False; } @@ -169,6 +170,8 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, const DATA_BLOB *challenge, const DATA_BLOB *lm_response, const DATA_BLOB *nt_response, + const DATA_BLOB *lm_interactive_pwd, + const DATA_BLOB *nt_interactive_pwd, const char *username, const char *client_username, const char *client_domain, @@ -182,6 +185,47 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, username)); } + if (nt_interactive_pwd && nt_interactive_pwd->length && nt_pw) { + if (nt_interactive_pwd->length != 16) { + DEBUG(3,("ntlm_password_check: Interactive logon: Invalid NT password length (%d) supplied for user %s\n", (int)nt_interactive_pwd->length, + username)); + return NT_STATUS_WRONG_PASSWORD; + } + + if (memcmp(nt_interactive_pwd->data, nt_pw, 16) == 0) { + if (user_sess_key) { + *user_sess_key = data_blob(NULL, 16); + SMBsesskeygen_ntv1(nt_pw, NULL, user_sess_key->data); + } + return NT_STATUS_OK; + } else { + DEBUG(3,("ntlm_password_check: Interactive logon: NT password check failed for user %s\n", + username)); + return NT_STATUS_WRONG_PASSWORD; + } + + } else if (lm_interactive_pwd && lm_interactive_pwd->length && lm_pw) { + if (lm_interactive_pwd->length != 16) { + DEBUG(3,("ntlm_password_check: Interactive logon: Invalid LANMAN password length (%d) supplied for user %s\n", (int)lm_interactive_pwd->length, + username)); + return NT_STATUS_WRONG_PASSWORD; + } + + if (!lp_lanman_auth()) { + DEBUG(3,("ntlm_password_check: Interactive logon: only LANMAN password supplied for user %s, and LM passwords are disabled!\n", + username)); + return NT_STATUS_WRONG_PASSWORD; + } + + if (memcmp(lm_interactive_pwd->data, lm_pw, 16) == 0) { + return NT_STATUS_OK; + } else { + DEBUG(3,("ntlm_password_check: Interactive logon: LANMAN password check failed for user %s\n", + username)); + return NT_STATUS_WRONG_PASSWORD; + } + } + /* Check for cleartext netlogon. Used by Exchange 5.5. */ if (challenge->length == sizeof(zeros) && (memcmp(challenge->data, zeros, challenge->length) == 0 )) { @@ -235,13 +279,24 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, if (nt_response->length >= 24 && nt_pw) { if (nt_response->length > 24) { /* We have the NT MD4 hash challenge available - see if we can - use it (ie. does it exist in the smbpasswd file). + use it */ DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with domain [%s]\n", client_domain)); if (smb_pwd_check_ntlmv2( nt_response, nt_pw, challenge, - client_username, + client_username, + client_domain, + False, + user_sess_key)) { + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking NTLMv2 password with uppercased version of domain [%s]\n", client_domain)); + if (smb_pwd_check_ntlmv2( nt_response, + nt_pw, challenge, + client_username, client_domain, + True, user_sess_key)) { return NT_STATUS_OK; } @@ -251,6 +306,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, "", + False, user_sess_key)) { return NT_STATUS_OK; } else { @@ -334,6 +390,17 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, client_domain, + False, + NULL)) { + return NT_STATUS_OK; + } + + DEBUG(4,("ntlm_password_check: Checking LMv2 password with upper-cased version of domain %s\n", client_domain)); + if (smb_pwd_check_ntlmv2( lm_response, + nt_pw, challenge, + client_username, + client_domain, + True, NULL)) { return NT_STATUS_OK; } @@ -343,6 +410,7 @@ NTSTATUS ntlm_password_check(TALLOC_CTX *mem_ctx, nt_pw, challenge, client_username, "", + False, NULL)) { return NT_STATUS_OK; } diff --git a/source/libsmb/ntlmssp.c b/source/libsmb/ntlmssp.c index 60523ddf9d0..ddc2e0325fd 100644 --- a/source/libsmb/ntlmssp.c +++ b/source/libsmb/ntlmssp.c @@ -168,7 +168,9 @@ NTSTATUS ntlmssp_set_password(NTLMSSP_STATE *ntlmssp_state, const char *password */ NTSTATUS ntlmssp_set_domain(NTLMSSP_STATE *ntlmssp_state, const char *domain) { - ntlmssp_state->domain = talloc_strdup(ntlmssp_state->mem_ctx, domain); + /* Possibly make our NTLMv2 client more robust by always having + an uppercase domain */ + ntlmssp_state->domain = talloc_strdup_upper(ntlmssp_state->mem_ctx, domain); if (!ntlmssp_state->domain) { return NT_STATUS_NO_MEMORY; } @@ -1020,16 +1022,19 @@ static NTSTATUS ntlmssp_client_challenge(struct ntlmssp_state *ntlmssp_state, /* Key exchange encryptes a new client-generated session key with the password-derived key */ if (ntlmssp_state->neg_flags & NTLMSSP_NEGOTIATE_KEY_EXCH) { + /* Make up a new session key */ uint8 client_session_key[16]; - - generate_random_buffer(client_session_key, sizeof(client_session_key), False); + generate_random_buffer(client_session_key, sizeof(client_session_key), False); + + /* Encrypt the new session key with the old one */ encrypted_session_key = data_blob(client_session_key, sizeof(client_session_key)); dump_data_pw("KEY_EXCH session key:\n", encrypted_session_key.data, encrypted_session_key.length); - SamOEMhash(encrypted_session_key.data, session_key.data, encrypted_session_key.length); + dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length); + + /* Mark the new session key as the 'real' session key */ data_blob_free(&session_key); session_key = data_blob_talloc(ntlmssp_state->mem_ctx, client_session_key, sizeof(client_session_key)); - dump_data_pw("KEY_EXCH session key (enc):\n", encrypted_session_key.data, encrypted_session_key.length); } /* this generates the actual auth packet */ diff --git a/source/libsmb/smb_signing.c b/source/libsmb/smb_signing.c index 28ff0e0c2e9..7130453c0c9 100644 --- a/source/libsmb/smb_signing.c +++ b/source/libsmb/smb_signing.c @@ -150,7 +150,7 @@ static void null_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - NULL implementation - check a MAC sent by server. ************************************************************/ -static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL must_be_ok) { return True; } @@ -197,7 +197,7 @@ static void free_signing_context(struct smb_sign_info *si) } -static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq, BOOL expected_ok) +static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq, BOOL must_be_ok) { if (good) { @@ -212,18 +212,18 @@ static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint3 } else { if (!si->mandatory_signing && !si->seen_valid) { - if (!expected_ok) { + if (!must_be_ok) { return True; } /* Non-mandatory signing - just turn off if this is the first bad packet.. */ - DEBUG(5, ("signing_good: signing negotiated but not required and the other side \ -isn't sending correct signatures. Turning signatures off.\n")); + DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and peer\n" + "isn't sending correct signatures. Turning off.\n")); si->negotiated_smb_signing = False; si->allow_smb_signing = False; si->doing_signing = False; free_signing_context(si); return True; - } else if (!expected_ok) { + } else if (!must_be_ok) { /* This packet is known to be unsigned */ return True; } else { @@ -337,7 +337,7 @@ static void client_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - Client implementation - check a MAC sent by server. ************************************************************/ -static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL must_be_ok) { BOOL good; uint32 reply_seq_number; @@ -395,7 +395,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number)); dump_data(10, (const char *)server_sent_mac, 8); } - return signing_good(inbuf, si, good, saved_seq, expected_ok); + return signing_good(inbuf, si, good, saved_seq, must_be_ok); } /*********************************************************** @@ -549,7 +549,7 @@ static void temp_sign_outgoing_message(char *outbuf, struct smb_sign_info *si) SMB signing - TEMP implementation - check a MAC sent by server. ************************************************************/ -static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL foo) { return True; } @@ -611,9 +611,9 @@ void cli_calculate_sign_mac(struct cli_state *cli) * which had a bad checksum, True otherwise. */ -BOOL cli_check_sign_mac(struct cli_state *cli, BOOL expected_ok) +BOOL cli_check_sign_mac(struct cli_state *cli, BOOL must_be_ok) { - if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, expected_ok)) { + if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, must_be_ok)) { free_signing_context(&cli->sign_info); return False; } @@ -702,7 +702,7 @@ static BOOL is_oplock_break(char *inbuf) SMB signing - Server implementation - check a MAC sent by server. ************************************************************/ -static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok) +static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL must_be_ok) { BOOL good; struct smb_basic_signing_context *data = si->signing_context; @@ -776,7 +776,7 @@ We were expecting seq %u\n", reply_seq_number, saved_seq )); dump_data(10, (const char *)server_sent_mac, 8); } - return (signing_good(inbuf, si, good, saved_seq, expected_ok)); + return (signing_good(inbuf, si, good, saved_seq, must_be_ok)); } /*********************************************************** @@ -809,13 +809,13 @@ BOOL srv_oplock_set_signing(BOOL onoff) Called to validate an incoming packet from the client. ************************************************************/ -BOOL srv_check_sign_mac(char *inbuf, BOOL expected_ok) +BOOL srv_check_sign_mac(char *inbuf, BOOL must_be_ok) { /* Check if it's a session keepalive. */ if(CVAL(inbuf,0) == SMBkeepalive) return True; - return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, expected_ok); + return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, must_be_ok); } /*********************************************************** @@ -915,8 +915,7 @@ BOOL srv_is_signing_negotiated(void) } /*********************************************************** - Returns whether signing is negotiated. We can't use it unless it was - in the negprot. + Returns whether signing is actually happening ************************************************************/ BOOL srv_signing_started(void) diff --git a/source/libsmb/smbencrypt.c b/source/libsmb/smbencrypt.c index c5acedae51c..270a659e57f 100644 --- a/source/libsmb/smbencrypt.c +++ b/source/libsmb/smbencrypt.c @@ -127,7 +127,9 @@ void nt_lm_owf_gen(const char *pwd, uchar nt_p16[16], uchar p16[16]) /* Does both the NTLMv2 owfs of a user's password */ BOOL ntv2_owf_gen(const uchar owf[16], - const char *user_in, const char *domain_in, uchar kr_buf[16]) + const char *user_in, const char *domain_in, + BOOL upper_case_domain, /* Transform the domain into UPPER case */ + uchar kr_buf[16]) { smb_ucs2_t *user; smb_ucs2_t *domain; @@ -150,7 +152,9 @@ BOOL ntv2_owf_gen(const uchar owf[16], } strupper_w(user); - strupper_w(domain); + + if (upper_case_domain) + strupper_w(domain); SMB_ASSERT(user_byte_len >= 2); SMB_ASSERT(domain_byte_len >= 2); @@ -426,7 +430,7 @@ BOOL SMBNTLMv2encrypt(const char *user, const char *domain, const char *password the username and domain. This prevents username swapping during the auth exchange */ - if (!ntv2_owf_gen(nt_hash, user, domain, ntlm_v2_hash)) { + if (!ntv2_owf_gen(nt_hash, user, domain, True, ntlm_v2_hash)) { return False; } diff --git a/source/modules/developer.c b/source/modules/developer.c deleted file mode 100644 index 7ffc3ff50d2..00000000000 --- a/source/modules/developer.c +++ /dev/null @@ -1,132 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba module with developer tools - Copyright (C) Andrew Tridgell 2001 - Copyright (C) Jelmer Vernooij 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -static struct { - char from; - char *to; - int len; -} weird_table[] = { - {'q', "^q^", 3}, - {'Q', "^Q^", 3}, - {0, NULL} -}; - -static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - while (*inbytesleft >= 1 && *outbytesleft >= 2) { - int i; - int done = 0; - for (i=0;weird_table[i].from;i++) { - if (strncmp((*inbuf), - weird_table[i].to, - weird_table[i].len) == 0) { - if (*inbytesleft < weird_table[i].len) { - DEBUG(0,("ERROR: truncated weird string\n")); - /* smb_panic("weird_pull"); */ - - } else { - (*outbuf)[0] = weird_table[i].from; - (*outbuf)[1] = 0; - (*inbytesleft) -= weird_table[i].len; - (*outbytesleft) -= 2; - (*inbuf) += weird_table[i].len; - (*outbuf) += 2; - done = 1; - break; - } - } - } - if (done) continue; - (*outbuf)[0] = (*inbuf)[0]; - (*outbuf)[1] = 0; - (*inbytesleft) -= 1; - (*outbytesleft) -= 2; - (*inbuf) += 1; - (*outbuf) += 2; - } - - if (*inbytesleft > 0) { - errno = E2BIG; - return -1; - } - - return 0; -} - -static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft, - char **outbuf, size_t *outbytesleft) -{ - int ir_count=0; - - while (*inbytesleft >= 2 && *outbytesleft >= 1) { - int i; - int done=0; - for (i=0;weird_table[i].from;i++) { - if ((*inbuf)[0] == weird_table[i].from && - (*inbuf)[1] == 0) { - if (*outbytesleft < weird_table[i].len) { - DEBUG(0,("No room for weird character\n")); - /* smb_panic("weird_push"); */ - } else { - memcpy(*outbuf, weird_table[i].to, - weird_table[i].len); - (*inbytesleft) -= 2; - (*outbytesleft) -= weird_table[i].len; - (*inbuf) += 2; - (*outbuf) += weird_table[i].len; - done = 1; - break; - } - } - } - if (done) continue; - - (*outbuf)[0] = (*inbuf)[0]; - if ((*inbuf)[1]) ir_count++; - (*inbytesleft) -= 2; - (*outbytesleft) -= 1; - (*inbuf) += 2; - (*outbuf) += 1; - } - - if (*inbytesleft == 1) { - errno = EINVAL; - return -1; - } - - if (*inbytesleft > 1) { - errno = E2BIG; - return -1; - } - - return ir_count; -} - -struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push}; - -int charset_weird_init(void) -{ - smb_register_charset(&weird_functions); - return True; -} diff --git a/source/nmbd/nmbd_processlogon.c b/source/nmbd/nmbd_processlogon.c index da93224043c..1d1fe75d9c6 100644 --- a/source/nmbd/nmbd_processlogon.c +++ b/source/nmbd/nmbd_processlogon.c @@ -313,8 +313,7 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", } #ifdef HAVE_ADS else { - struct uuid domain_guid; - UUID_FLAT flat_guid; + GUID domain_guid; pstring domain; pstring hostname; char *component, *dc, *q1; @@ -341,10 +340,8 @@ reporting %s domain %s 0x%x ntversion=%x lm_nt token=%x lm_20 token=%x\n", DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain)); return; } - - smb_uuid_pack(domain_guid, &flat_guid); - memcpy(q, &flat_guid.info, UUID_FLAT_SIZE); - q += UUID_FLAT_SIZE; + memcpy(q, &domain_guid, sizeof(domain_guid)); + q += sizeof(domain_guid); /* Forest */ str_offset = q - q_orig; diff --git a/source/nmbd/nmbd_winsserver.c b/source/nmbd/nmbd_winsserver.c index 0f0190adb61..8a638402391 100644 --- a/source/nmbd/nmbd_winsserver.c +++ b/source/nmbd/nmbd_winsserver.c @@ -440,8 +440,8 @@ static void send_wins_name_registration_response(int rcode, int ttl, struct pack Deal with a name refresh request to a WINS server. ************************************************************************/ -void wins_process_name_refresh_request( struct subnet_record *subrec, - struct packet_struct *p ) +void wins_process_name_refresh_request(struct subnet_record *subrec, + struct packet_struct *p) { struct nmb_packet *nmb = &p->packet.nmb; struct nmb_name *question = &nmb->question.question_name; @@ -453,36 +453,28 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, struct in_addr from_ip; struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0"); - putip( (char *)&from_ip, &nmb->additional->rdata[2] ); + putip((char *)&from_ip,&nmb->additional->rdata[2]); if(bcast) { /* * We should only get unicast name refresh packets here. - * Anyone trying to refresh broadcast should not be going - * to a WINS server. Log an error here. + * Anyone trying to refresh broadcast should not be going to a WINS + * server. Log an error here. */ - if( DEBUGLVL( 0 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Broadcast name refresh request received " ); - dbgtext( "for name %s ", nmb_namestr(question) ); - dbgtext( "from IP %s ", inet_ntoa(from_ip) ); - dbgtext( "on subnet %s. ", subrec->subnet_name ); - dbgtext( "Error - Broadcasts should not be sent " ); - dbgtext( "to a WINS server\n" ); - } + + DEBUG(0,("wins_process_name_refresh_request: broadcast name refresh request \ +received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n", + nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name)); return; } - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s IP %s\n", - nmb_namestr(question), inet_ntoa(from_ip) ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s \ +IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) )); /* * See if the name already exists. - * If not, handle it as a name registration and return. */ + namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME); /* @@ -490,62 +482,48 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, * treat it like a registration request. This allows us to recover * from errors (tridge) */ + if(namerec == NULL) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s ", - nmb_namestr( question ) ); - dbgtext( "and the name does not exist. Treating " ); - dbgtext( "as registration.\n" ); - } + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s and \ +the name does not exist. Treating as registration.\n", nmb_namestr(question) )); wins_process_name_registration_request(subrec,p); return; } /* - * if the name is present but not active, simply remove it - * and treat the refresh request as a registration & return. + * if the name is present but not active, + * simply remove it and treat the request + * as a registration */ if (namerec != NULL && !WINS_STATE_ACTIVE(namerec)) { - if( DEBUGLVL( 5 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name (%s) in WINS ", nmb_namestr(question) ); - dbgtext( "was not active - removing it.\n" ); - } + DEBUG(5,("wins_process_name_refresh_request: Name (%s) in WINS was \ +not active - removing it.\n", nmb_namestr(question) )); remove_name_from_namelist( subrec, namerec ); namerec = NULL; - wins_process_name_registration_request( subrec, p ); + wins_process_name_registration_request(subrec,p); return; } /* * Check that the group bits for the refreshing name and the - * name in our database match. If not, refuse the refresh. - * [crh: Why RFS_ERR instead of ACT_ERR? Is this what MS does?] + * name in our database match. */ - if( (namerec != NULL) && - ( (group && !NAME_GROUP(namerec)) - || (!group && NAME_GROUP(namerec)) ) ) { - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name %s ", nmb_namestr(question) ); - dbgtext( "group bit = %s does not match ", - group ? "True" : "False" ); - dbgtext( "group bit in WINS for this name.\n" ); - } + + if((namerec != NULL) && ((group && !NAME_GROUP(namerec)) || (!group && NAME_GROUP(namerec))) ) { + DEBUG(3,("wins_process_name_refresh_request: Name %s group bit = %s \ +does not match group bit in WINS for this name.\n", nmb_namestr(question), group ? "True" : "False" )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } /* - * For a unique name check that the person refreshing the name is - * one of the registered IP addresses. If not - fail the refresh. - * Do the same for group names with a type of 0x1c. - * Just return success for unique 0x1d refreshes. For normal group - * names update the ttl and return success. + * For a unique name check that the person refreshing the name is one of the registered IP + * addresses. If not - fail the refresh. Do the same for group names with a type of 0x1c. + * Just return success for unique 0x1d refreshes. For normal group names update the ttl + * and return success. */ - if( (!group || (group && (question->name_type == 0x1c))) - && find_ip_in_name_record(namerec, from_ip) ) { + + if((!group || (group && (question->name_type == 0x1c))) && find_ip_in_name_record(namerec, from_ip )) { /* * Update the ttl. */ @@ -563,26 +541,11 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, send_wins_name_registration_response(0, ttl, p); wins_hook("refresh", namerec, ttl); return; - } else if((group && (question->name_type == 0x1c))) { - /* - * Added by crh for bug #1079. - * Fix from Bert Driehuis - */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s, ", - nmb_namestr(question) ); - dbgtext( "but IP address %s ", inet_ntoa(from_ip) ); - dbgtext( "is not yet associated with " ); - dbgtext( "that name. Treating as registration.\n" ); - } - wins_process_name_registration_request(subrec,p); - return; } else if(group) { /* - * Normal groups are all registered with an IP address of - * 255.255.255.255 so we can't search for the IP address. - */ + * Normal groups are all registered with an IP address of 255.255.255.255 + * so we can't search for the IP address. + */ update_name_ttl(namerec, ttl); send_wins_name_registration_response(0, ttl, p); return; @@ -596,12 +559,9 @@ void wins_process_name_refresh_request( struct subnet_record *subrec, /* * Fail the refresh. */ - if( DEBUGLVL( 3 ) ) { - dbgtext( "wins_process_name_refresh_request: " ); - dbgtext( "Name refresh for name %s with IP %s ", - nmb_namestr(question), inet_ntoa(from_ip) ); - dbgtext( "and is IP is not known to the name.\n" ); - } + + DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s with IP %s and \ +is IP is not known to the name.\n", nmb_namestr(question), inet_ntoa(from_ip) )); send_wins_name_registration_response(RFS_ERR, 0, p); return; } diff --git a/source/nsswitch/wb_client.c b/source/nsswitch/wb_client.c index 32dfc8decac..90e4584daba 100644 --- a/source/nsswitch/wb_client.c +++ b/source/nsswitch/wb_client.c @@ -235,30 +235,6 @@ BOOL winbind_gid_to_sid(DOM_SID *sid, gid_t gid) return (result == NSS_STATUS_SUCCESS); } -BOOL winbind_allocate_rid(uint32 *rid) -{ - struct winbindd_request request; - struct winbindd_response response; - int result; - - /* Initialise request */ - - ZERO_STRUCT(request); - ZERO_STRUCT(response); - - /* Make request */ - - result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response); - - if (result != NSS_STATUS_SUCCESS) - return False; - - /* Copy out result */ - *rid = response.data.rid; - - return True; -} - /* Fetch the list of groups a user is a member of from winbindd. This is used by winbind_getgroups. */ @@ -619,6 +595,8 @@ BOOL winbind_delete_group( const char *group ) } /***********************************************************************/ +#if 0 /* not needed currently since winbindd_acct was added -- jerry */ + /* Call winbindd to convert SID to uid. Do not allocate */ BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid) @@ -689,5 +667,7 @@ BOOL winbind_sid_to_gid_query(gid_t *pgid, const DOM_SID *sid) return (result == NSS_STATUS_SUCCESS); } +#endif /* JERRY */ + /***********************************************************************/ diff --git a/source/nsswitch/wbinfo.c b/source/nsswitch/wbinfo.c index 5c1722dcaa5..2cea4130adc 100644 --- a/source/nsswitch/wbinfo.c +++ b/source/nsswitch/wbinfo.c @@ -436,18 +436,6 @@ static BOOL wbinfo_sid_to_gid(char *sid) return True; } -static BOOL wbinfo_allocate_rid(void) -{ - uint32 rid; - - if (!winbind_allocate_rid(&rid)) - return False; - - d_printf("New rid: %d\n", rid); - - return True; -} - /* Convert sid to string */ static BOOL wbinfo_lookupsid(char *sid) @@ -916,18 +904,19 @@ static BOOL print_domain_groups(const char *domain) static BOOL wbinfo_set_auth_user(char *username) { - char *password; + const char *password; + char *p; fstring user, domain; /* Separate into user and password */ parse_wbinfo_domain_user(username, domain, user); - password = strchr(user, '%'); + p = strchr(user, '%'); - if (password) { - *password = 0; - password++; + if (p != NULL) { + *p = 0; + password = p+1; } else { char *thepass = getpass("Password: "); if (thepass) { @@ -1053,7 +1042,6 @@ int main(int argc, char **argv) { "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" }, { "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" }, { "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" }, - { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" }, { "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" }, { "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" }, { "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" }, @@ -1176,12 +1164,6 @@ int main(int argc, char **argv) goto done; } break; - case 'A': - if (!wbinfo_allocate_rid()) { - d_printf("Could not allocate a RID\n"); - goto done; - } - break; case 't': if (!wbinfo_check_secret()) { d_printf("Could not check secret\n"); diff --git a/source/nsswitch/winbind_nss_solaris.c b/source/nsswitch/winbind_nss_solaris.c index 8f03eb4cd6e..1afa5677462 100644 --- a/source/nsswitch/winbind_nss_solaris.c +++ b/source/nsswitch/winbind_nss_solaris.c @@ -270,10 +270,13 @@ _nss_winbind_getgroupsbymember_solwrap(nss_backend_t* be, void* args) &errnop); /* - * Always return NOTFOUND so nsswitch will get info from all - * the database backends specified in the nsswitch.conf file. - */ - return NSS_STATUS_NOTFOUND; + * If the maximum number of gids have been found, return + * SUCCESS so the switch engine will stop searching. Otherwise + * return NOTFOUND so nsswitch will continue to get groups + * from the remaining database backends specified in the + * nsswitch.conf file. + */ + return (gmem->numgids == gmem->maxgids ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND); } static NSS_STATUS diff --git a/source/nsswitch/winbindd.c b/source/nsswitch/winbindd.c index 283b2e4a89c..b55ea297b49 100644 --- a/source/nsswitch/winbindd.c +++ b/source/nsswitch/winbindd.c @@ -255,7 +255,6 @@ static struct dispatch_table dispatch_table[] = { { WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" }, { WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" }, { WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" }, - { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" }, /* Miscellaneous */ diff --git a/source/nsswitch/winbindd.h b/source/nsswitch/winbindd.h index 5c05a1b0457..0087d58195d 100644 --- a/source/nsswitch/winbindd.h +++ b/source/nsswitch/winbindd.h @@ -97,7 +97,6 @@ struct winbindd_domain { BOOL native_mode; /* is this a win2k domain in native mode ? */ BOOL active_directory; /* is this a win2k active directory ? */ BOOL primary; /* is this our primary domain ? */ - BOOL internal; /* BUILTIN and member SAM */ /* Lookup methods for this domain (LDAP or RPC) */ struct winbindd_methods *methods; diff --git a/source/nsswitch/winbindd_group.c b/source/nsswitch/winbindd_group.c index 94037e39200..3ee8c0877b5 100644 --- a/source/nsswitch/winbindd_group.c +++ b/source/nsswitch/winbindd_group.c @@ -106,15 +106,6 @@ static BOOL fill_grent_mem(struct winbindd_domain *domain, DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid))); *num_gr_mem = 0; - - /* HACK ALERT!! This whole routine does not cope with group members - * from more than one domain, ie aliases. Thus we have to work it out - * ourselves in a special routine. */ - - if (domain->internal) - return fill_passdb_alias_grmem(domain, group_sid, - num_gr_mem, - gr_mem, gr_mem_len); if ( !((group_name_type==SID_NAME_DOM_GRP) || ((group_name_type==SID_NAME_ALIAS) && domain->primary)) ) @@ -252,11 +243,14 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) /* if no domain or our local domain, then do a local tdb search */ - if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) && - ((grp = wb_getgrnam(name_group)) != NULL) ) { - + if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { char *buffer = NULL; + if ( !(grp=wb_getgrnam(name_group)) ) { + DEBUG(5,("winbindd_getgrnam: lookup for %s\\%s failed\n", + name_domain, name_group)); + return WINBINDD_ERROR; + } memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) ); gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem ); @@ -268,13 +262,6 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) return WINBINDD_OK; } - /* if no domain or our local domain and no local tdb group, default to - * our local domain for aliases */ - - if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) { - fstrcpy(name_domain, get_global_sam_name()); - } - /* Get info for the domain */ if ((domain = find_domain_from_name(name_domain)) == NULL) { @@ -300,8 +287,7 @@ enum winbindd_result winbindd_getgrnam(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary)) ) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", name_group, name_type)); @@ -392,8 +378,7 @@ enum winbindd_result winbindd_getgrgid(struct winbindd_cli_state *state) } if ( !((name_type==SID_NAME_DOM_GRP) || - ((name_type==SID_NAME_ALIAS) && domain->primary) || - ((name_type==SID_NAME_ALIAS) && domain->internal)) ) + ((name_type==SID_NAME_ALIAS) && domain->primary) )) { DEBUG(1, ("name '%s' is not a local or domain group: %d\n", group_name, name_type)); @@ -556,8 +541,8 @@ static BOOL get_sam_group_entries(struct getent_state *ent) /* get the domain local groups if we are a member of a native win2k domain and are not using LDAP to get the groups */ - if ( ( lp_security() != SEC_ADS && domain->native_mode - && domain->primary) || domain->internal ) + if ( lp_security() != SEC_ADS && domain->native_mode + && domain->primary ) { DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n")); @@ -913,53 +898,6 @@ enum winbindd_result winbindd_list_groups(struct winbindd_cli_state *state) return WINBINDD_OK; } -static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num) -{ - int i; - - if ((*num) >= groups_max()) - return; - - for (i=0; i<*num; i++) { - if ((*gids)[i] == gid) - return; - } - - *gids = Realloc(*gids, (*num+1) * sizeof(gid_t)); - - if (*gids == NULL) - return; - - (*gids)[*num] = gid; - *num += 1; -} - -static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num) -{ - gid_t gid; - DOM_SID *aliases; - int j, num_aliases; - - DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid))); - - if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0))) - add_gid_to_array_unique(gid, gids, num); - - /* Add nested group memberships */ - - if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases)) - return; - - for (j=0; j<num_aliases; j++) { - - if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid))) - continue; - - add_gid_to_array_unique(gid, gids, num); - } - SAFE_FREE(aliases); -} - /* Get user supplementary groups. This is much quicker than trying to invert the groups database. We merge the groups from the gids and other_sids info3 fields as trusted domain, universal group @@ -977,7 +915,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) DOM_SID **user_grpsids; struct winbindd_domain *domain; enum winbindd_result result = WINBINDD_ERROR; - gid_t *gid_list = NULL; + gid_t *gid_list; unsigned int i; TALLOC_CTX *mem_ctx; NET_USER_INFO_3 *info3 = NULL; @@ -1025,8 +963,6 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) goto done; } - add_gids_from_sid(&user_sid, &gid_list, &num_gids); - /* Treat the info3 cache as authoritative as the lookup_usergroups() function may return cached data. */ @@ -1036,6 +972,7 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) info3->num_groups2, info3->num_other_sids)); num_groups = info3->num_other_sids + info3->num_groups2; + gid_list = calloc(sizeof(gid_t), num_groups); /* Go through each other sid and convert it to a gid */ @@ -1069,11 +1006,23 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) continue; } - add_gids_from_sid(&info3->other_sids[i].sid, - &gid_list, &num_gids); + /* Map to a gid */ - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) ) + { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&info3->other_sids[i].sid))); + continue; + } + + /* We've jumped through a lot of hoops to get here */ + + DEBUG(10, ("winbindd_getgroups: mapped other sid %s to " + "gid %lu\n", sid_string_static( + &info3->other_sids[i].sid), + (unsigned long)gid_list[num_gids])); + + num_gids++; } for (i = 0; i < info3->num_groups2; i++) { @@ -1083,10 +1032,12 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) sid_copy( &group_sid, &domain->sid ); sid_append_rid( &group_sid, info3->gids[i].g_rid ); - add_gids_from_sid(&group_sid, &gid_list, &num_gids); + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) { + DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n", + sid_string_static(&group_sid))); + } - if (gid_list == NULL) - goto done; + num_gids++; } SAFE_FREE(info3); @@ -1098,15 +1049,18 @@ enum winbindd_result winbindd_getgroups(struct winbindd_cli_state *state) if (!NT_STATUS_IS_OK(status)) goto done; + gid_list = malloc(sizeof(gid_t) * num_groups); + if (state->response.extra_data) goto done; for (i = 0; i < num_groups; i++) { - add_gids_from_sid(user_grpsids[i], - &gid_list, &num_gids); - - if (gid_list == NULL) - goto done; + if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) { + DEBUG(1, ("unable to convert group sid %s to gid\n", + sid_string_static(user_grpsids[i]))); + continue; + } + num_gids++; } } diff --git a/source/nsswitch/winbindd_nss.h b/source/nsswitch/winbindd_nss.h index 43c9e68cd9f..c8fe5c826c1 100644 --- a/source/nsswitch/winbindd_nss.h +++ b/source/nsswitch/winbindd_nss.h @@ -36,7 +36,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 10 +#define WINBIND_INTERFACE_VERSION 9 /* Socket commands */ @@ -84,7 +84,6 @@ enum winbindd_cmd { WINBINDD_SID_TO_GID, WINBINDD_UID_TO_SID, WINBINDD_GID_TO_SID, - WINBINDD_ALLOCATE_RID, /* Miscellaneous other stuff */ @@ -268,7 +267,7 @@ struct winbindd_response { char nt_session_key[16]; char first_8_lm_hash[8]; } auth; - uint32 rid; /* create user or group or allocate rid */ + uint32 rid; /* create user or group */ struct { fstring name; fstring alt_name; diff --git a/source/nsswitch/winbindd_passdb.c b/source/nsswitch/winbindd_passdb.c deleted file mode 100644 index 36f5297efeb..00000000000 --- a/source/nsswitch/winbindd_passdb.c +++ /dev/null @@ -1,339 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind rpc backend functions - - Copyright (C) Tim Potter 2000-2001,2003 - Copyright (C) Simo Sorce 2003 - Copyright (C) Volker Lendecke 2004 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "winbindd.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_WINBIND - -static void -add_member(const char *domain, const char *user, - char **members, int *num_members) -{ - fstring name; - - fill_domain_username(name, domain, user); - safe_strcat(name, ",", sizeof(name)-1); - string_append(members, name); - *num_members += 1; -} - -/********************************************************************** - Add member users resulting from sid. Expand if it is a domain group. -**********************************************************************/ - -static void -add_expanded_sid(const DOM_SID *sid, char **members, int *num_members) -{ - DOM_SID dom_sid; - uint32 rid; - struct winbindd_domain *domain; - int i; - - char *name = NULL; - enum SID_NAME_USE type; - - uint32 num_names; - DOM_SID **sid_mem; - char **names; - uint32 *types; - - NTSTATUS result; - - TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid"); - - if (mem_ctx == NULL) { - DEBUG(1, ("talloc_init failed\n")); - return; - } - - sid_copy(&dom_sid, sid); - sid_split_rid(&dom_sid, &rid); - - domain = find_domain_from_sid(&dom_sid); - - if (domain == NULL) { - DEBUG(3, ("Could not find domain for sid %s\n", - sid_string_static(sid))); - goto done; - } - - result = domain->methods->sid_to_name(domain, mem_ctx, sid, - &name, &type); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(3, ("sid_to_name failed for sid %s\n", - sid_string_static(sid))); - goto done; - } - - DEBUG(10, ("Found name %s, type %d\n", name, type)); - - if (type == SID_NAME_USER) { - add_member(domain->name, name, members, num_members); - goto done; - } - - if (type != SID_NAME_DOM_GRP) { - DEBUG(10, ("Alias member %s neither user nor group, ignore\n", - name)); - goto done; - } - - /* Expand the domain group */ - - result = domain->methods->lookup_groupmem(domain, mem_ctx, - sid, &num_names, - &sid_mem, &names, - &types); - - if (!NT_STATUS_IS_OK(result)) { - DEBUG(10, ("Could not lookup group members for %s: %s\n", - name, nt_errstr(result))); - goto done; - } - - for (i=0; i<num_names; i++) { - DEBUG(10, ("Adding group member SID %s\n", - sid_string_static(sid_mem[i]))); - - if (types[i] != SID_NAME_USER) { - DEBUG(1, ("Hmmm. Member %s of group %s is no user. " - "Ignoring.\n", names[i], name)); - continue; - } - - add_member(domain->name, names[i], members, num_members); - } - - done: - talloc_destroy(mem_ctx); - return; -} - -BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain, - DOM_SID *group_sid, - int *num_gr_mem, char **gr_mem, int *gr_mem_len) -{ - DOM_SID *members; - int i, num_members; - - *num_gr_mem = 0; - *gr_mem = NULL; - *gr_mem_len = 0; - - if (!pdb_enum_aliasmem(group_sid, &members, &num_members)) - return True; - - for (i=0; i<num_members; i++) { - add_expanded_sid(&members[i], gr_mem, num_gr_mem); - } - - SAFE_FREE(members); - - if (*gr_mem != NULL) { - int len; - - /* We have at least one member, strip off the last "," */ - len = strlen(*gr_mem); - (*gr_mem)[len-1] = '\0'; - *gr_mem_len = len; - } - - return True; -} - -/* Query display info for a domain. This returns enough information plus a - bit extra to give an overview of domain users for the User Manager - application. */ -static NTSTATUS query_user_list(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - WINBIND_USERINFO **info) -{ - /* We don't have users */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* list all domain groups */ -static NTSTATUS enum_dom_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - /* We don't have domain groups */ - *num_entries = 0; - *info = NULL; - return NT_STATUS_OK; -} - -/* List all domain groups */ - -static NTSTATUS enum_local_groups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_entries, - struct acct_info **info) -{ - struct acct_info *talloced_info; - - /* Hmm. One billion aliases should be enough for a start */ - - if (!pdb_enum_aliases(&domain->sid, 0, 1000000000, - num_entries, info)) { - /* Nothing to report, just exit. */ - return NT_STATUS_OK; - } - - talloced_info = (struct acct_info *) - talloc_memdup(mem_ctx, *info, - *num_entries * sizeof(struct acct_info)); - - SAFE_FREE(*info); - *info = talloced_info; - - return NT_STATUS_OK; -} - -/* convert a single name to a sid in a domain */ -static NTSTATUS name_to_sid(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const char *name, - DOM_SID *sid, - enum SID_NAME_USE *type) -{ - DEBUG(10, ("Finding name %s\n", name)); - - if (!pdb_find_alias(name, sid)) - return NT_STATUS_NONE_MAPPED; - - *type = SID_NAME_ALIAS; - return NT_STATUS_OK; -} - -/* - convert a domain SID to a user or group name -*/ -static NTSTATUS sid_to_name(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *sid, - char **name, - enum SID_NAME_USE *type) -{ - struct acct_info info; - - DEBUG(10, ("Converting SID %s\n", sid_string_static(sid))); - - if (!pdb_get_aliasinfo(sid, &info)) - return NT_STATUS_NONE_MAPPED; - - *name = talloc_strdup(mem_ctx, info.acct_name); - *type = SID_NAME_ALIAS; - - return NT_STATUS_OK; -} - -/* Lookup user information from a rid or username. */ -static NTSTATUS query_user(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - WINBIND_USERINFO *user_info) -{ - return NT_STATUS_NO_SUCH_USER; -} - -/* Lookup groups a user is a member of. I wish Unix had a call like this! */ -static NTSTATUS lookup_usergroups(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *user_sid, - uint32 *num_groups, DOM_SID ***user_gids) -{ - return NT_STATUS_NO_SUCH_USER; -} - - -/* Lookup group membership given a rid. */ -static NTSTATUS lookup_groupmem(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - const DOM_SID *group_sid, uint32 *num_names, - DOM_SID ***sid_mem, char ***names, - uint32 **name_types) -{ - return NT_STATUS_OK; -} - -/* find the sequence number for a domain */ -static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq) -{ - *seq = 1; - return NT_STATUS_OK; -} - -/* get a list of trusted domains */ -static NTSTATUS trusted_domains(struct winbindd_domain *domain, - TALLOC_CTX *mem_ctx, - uint32 *num_domains, - char ***names, - char ***alt_names, - DOM_SID **dom_sids) -{ - return NT_STATUS_OK; -} - -/* find the domain sid for a domain */ -static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid) -{ - sid_copy(sid, &domain->sid); - return NT_STATUS_OK; -} - -/* find alternate names list for the domain - * should we look for netbios aliases?? - SSS */ -static NTSTATUS alternate_name(struct winbindd_domain *domain) -{ - DEBUG(3,("pdb: alternate_name\n")); - - return NT_STATUS_OK; -} - - -/* the rpc backend methods are exposed via this structure */ -struct winbindd_methods passdb_methods = { - False, - query_user_list, - enum_dom_groups, - enum_local_groups, - name_to_sid, - sid_to_name, - query_user, - lookup_usergroups, - lookup_groupmem, - sequence_number, - trusted_domains, - domain_sid, - alternate_name -}; diff --git a/source/nsswitch/winbindd_sid.c b/source/nsswitch/winbindd_sid.c index d4206558c5e..9fbf47046d6 100644 --- a/source/nsswitch/winbindd_sid.c +++ b/source/nsswitch/winbindd_sid.c @@ -30,8 +30,10 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) { + extern DOM_SID global_sid_Builtin; enum SID_NAME_USE type; - DOM_SID sid; + DOM_SID sid, tmp_sid; + uint32 rid; fstring name; fstring dom_name; @@ -48,6 +50,15 @@ enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state) return WINBINDD_ERROR; } + /* Don't look up BUILTIN sids */ + + sid_copy(&tmp_sid, &sid); + sid_split_rid(&tmp_sid, &rid); + + if (sid_equal(&tmp_sid, &global_sid_Builtin)) { + return WINBINDD_ERROR; + } + /* Lookup the sid */ if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) { @@ -434,23 +445,3 @@ done: return WINBINDD_OK; } - -enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state) -{ - if ( !state->privileged ) { - DEBUG(2, ("winbindd_allocate_rid: non-privileged access " - "denied!\n")); - return WINBINDD_ERROR; - } - - /* We tell idmap to always allocate a user RID. There might be a good - * reason to keep RID allocation for users to even and groups to - * odd. This needs discussion I think. For now only allocate user - * rids. */ - - if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid, - USER_RID_TYPE))) - return WINBINDD_ERROR; - - return WINBINDD_OK; -} diff --git a/source/nsswitch/winbindd_util.c b/source/nsswitch/winbindd_util.c index 1aa4923e96f..403ba399c88 100644 --- a/source/nsswitch/winbindd_util.c +++ b/source/nsswitch/winbindd_util.c @@ -83,20 +83,6 @@ void free_domain_list(void) } } -static BOOL is_internal_domain(const DOM_SID *sid) -{ - DOM_SID tmp_sid; - - if (sid_equal(sid, get_global_sam_sid())) - return True; - - string_to_sid(&tmp_sid, "S-1-5-32"); - if (sid_equal(sid, &tmp_sid)) - return True; - - return False; -} - /* Add a trusted domain to our list of domains */ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const char *alt_name, @@ -157,7 +143,6 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const domain->methods = methods; domain->backend = NULL; - domain->internal = is_internal_domain(sid); domain->sequence_number = DOM_SEQUENCE_NONE; domain->last_seq_check = 0; if (sid) { @@ -165,9 +150,8 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const } /* set flags about native_mode, active_directory */ - - if (!domain->internal) - set_dc_type_and_flags( domain ); + + set_dc_type_and_flags( domain ); DEBUG(3,("add_trusted_domain: %s is an %s %s domain\n", domain->name, domain->active_directory ? "ADS" : "NT4", @@ -319,24 +303,6 @@ BOOL init_domain_list(void) /* do an initial scan for trusted domains */ add_trusted_domains(domain); - - /* Add our local SAM domains */ - { - DOM_SID sid; - extern struct winbindd_methods passdb_methods; - struct winbindd_domain *dom; - - string_to_sid(&sid, "S-1-5-32"); - - dom = add_trusted_domain("BUILTIN", NULL, &passdb_methods, - &sid); - dom->internal = True; - - dom = add_trusted_domain(get_global_sam_name(), NULL, - &passdb_methods, - get_global_sam_sid()); - dom->internal = True; - } /* avoid rescanning this right away */ last_trustdom_scan = time(NULL); diff --git a/source/param/config_ldap.c b/source/param/config_ldap.c deleted file mode 100644 index fe4693fb583..00000000000 --- a/source/param/config_ldap.c +++ /dev/null @@ -1,351 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - ModConfig LDAP backend - - Copyright (C) Simo Sorce 2003 - Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 - Copyright (C) Gerald Carter 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*#undef DBGC_CLASS -#define DBGC_CLASS DBGC_CONFIG -*/ - -#include <lber.h> -#include <ldap.h> - -#include "smbldap.h" - -#define LDAP_OBJ_SAMBA_CONFIG "sambaConfig" -#define LDAP_OBJ_SAMBA_SHARE "sambaShare" -#define LDAP_OBJ_SAMBA_OPTION "sambaConfigOption" - -#define LDAP_ATTR_LIST_END 0 -#define LDAP_ATTR_BOOL 1 -#define LDAP_ATTR_INTEGER 2 -#define LDAP_ATTR_STRING 3 -#define LDAP_ATTR_LIST 4 -#define LDAP_ATTR_NAME 5 - - -struct ldap_config_state { - struct smbldap_state *smbldap_state; - TALLOC_CTX *mem_ctx; -}; - -ATTRIB_MAP_ENTRY option_attr_list[] = { - { LDAP_ATTR_NAME, "sambaOptionName" }, - { LDAP_ATTR_LIST, "sambaListOption" }, - { LDAP_ATTR_STRING, "sambaStringOption" }, - { LDAP_ATTR_INTEGER, "sambaIntegerOption" }, - { LDAP_ATTR_BOOL, "sambaBoolOption" }, - { LDAP_ATTR_LIST_END, NULL } -}; - -static struct ldap_config_state ldap_state; -static char *config_base_dn; - -static NTSTATUS ldap_config_close(void); - -/* -TODO: - search each section - start with global, then with others - for each section parse all options -*/ - -static NTSTATUS parse_section( - const char *dn, - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring option_name; - pstring option_value; - char **attr_list = NULL; - int rc; - int count; - - mem_ctx = talloc_init("parse_section"); - - /* search for the options */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_OPTION); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - attr_list = get_attr_list(option_attr_list); - rc = smbldap_search(ldap_state.smbldap_state, - dn, LDAP_SCOPE_ONELEVEL, - filter, attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("parse_section: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - while (entry) { - int o; - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaOptionName", option_name)) { - goto done; - } - - option_value[0] = '\0'; - for (o = 1; option_attr_list[o].name != NULL; o++) { - if (smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, option_attr_list[o].name, option_value)) { - break; - } - } - if (option_value[0] != '\0') { - if (!pfunc(option_name, option_value)) { - goto done; - } - } else { - DEBUG(0,("parse_section: Missing value for option: %s\n", option_name)); - goto done; - } - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - talloc_destroy(mem_ctx); - free_attr_list(attr_list); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - load configuration from ldap -*****************************************************************************/ - -static NTSTATUS ldap_config_load( - BOOL (*sfunc)(const char *), - BOOL (*pfunc)(const char *, const char *)) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - pstring filter; - pstring attr_text; - char *config_dn = NULL; - char *temp; - int rc; - int count; - const char *config_attr_list[] = {"description", NULL}; - const char *share_attr_list[] = {"sambaShareName", "description", NULL}; - char **share_dn; - char **share_name; - - mem_ctx = talloc_init("ldap_config_load"); - - /* search for the base config dn */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_CONFIG); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_base_dn, LDAP_SCOPE_SUBTREE, - filter, config_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - if (count != 1) { - DEBUG(0,("ldap_config_load: single %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, result))) { - goto done; - } - config_dn = talloc_strdup(mem_ctx, temp); - SAFE_FREE(temp); - if (!config_dn) { - goto done; - } - - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "description", attr_text)) { - DEBUG(0, ("ldap_config_load: no description field in %s object\n", LDAP_OBJ_SAMBA_CONFIG)); - } - - if (result) ldap_msgfree(result); -/* TODO: finish up the last section, see loadparm's lp_load()*/ - - /* retrive the section list */ - pstr_sprintf(filter, "objectClass=%s", - LDAP_OBJ_SAMBA_SHARE); - - DEBUG(0, ("Searching for:[%s]\n", filter)); - - rc = smbldap_search(ldap_state.smbldap_state, - config_dn, LDAP_SCOPE_SUBTREE, - filter, share_attr_list, 0, &result); - - if (rc != LDAP_SUCCESS) { - DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG)); - goto done; - } - - count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result); - DEBUG(0, ("config_ldap: Found %d shares\n", count)); - if (count) { - int i; - - share_dn = talloc(mem_ctx, (count + 1) * sizeof(char *)); - share_name = talloc(mem_ctx, (count) * sizeof(char *)); - if (!share_dn || !share_name) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result); - i = 0; - while (entry) { - if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, entry))) { - goto done; - } - if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaShareName", attr_text)) { - goto done; - } - share_dn[i] = talloc_strdup(mem_ctx, temp); - share_name[i] = talloc_strdup(mem_ctx, attr_text); - if (!share_dn[i] || !share_name[i]) { - DEBUG(0,("config_ldap: Out of memory!\n")); - goto done; - } - - DEBUG(0, ("config_ldap: Found share [%s] (%s)\n", attr_text, temp)); - SAFE_FREE(temp); - - entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry); - i++; - if (entry && (count == i)) { - DEBUG(0, ("Error too many entryes in ldap result\n")); - goto done; - } - } - share_dn[i] = NULL; - } - - /* parse global section*/ - if (!sfunc("global")) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(config_dn, pfunc))) { - goto done; - } else { /* parse shares */ - int i; - - for (i = 0; share_dn[i] != NULL; i++) { - if (!sfunc(share_name[i])) { - goto done; - } - if (!NT_STATUS_IS_OK(parse_section(share_dn[i], pfunc))) { - goto done; - } - } - } - -done: - talloc_destroy(mem_ctx); - if (result) ldap_msgfree(result); - - return ret; -} - -/***************************************************************************** - Initialise config_ldap module -*****************************************************************************/ - -static NTSTATUS ldap_config_init(char *params) -{ - NTSTATUS nt_status; - const char *location; - const char *basedn; - - ldap_state.mem_ctx = talloc_init("config_ldap"); - if (!ldap_state.mem_ctx) { - return NT_STATUS_NO_MEMORY; - } - - /* we assume only location is passed through an inline parameter - * other options go via parametrical options */ - if (params) { - location = params; - } else { - location = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "url", "ldap://localhost"); - } - DEBUG(0,("config_ldap: location=%s\n", location)); - basedn = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "basedn", NULL); - if (basedn) config_base_dn = smb_xstrdup(basedn); - - if (!NT_STATUS_IS_OK(nt_status = - smbldap_init(ldap_state.mem_ctx, location, - &ldap_state.smbldap_state))) { - talloc_destroy(ldap_state.mem_ctx); - DEBUG(0,("config_ldap: smbldap_init failed!\n")); - return nt_status; - } - - return NT_STATUS_OK; -} - -/***************************************************************************** - End the LDAP session -*****************************************************************************/ - -static NTSTATUS ldap_config_close(void) -{ - - smbldap_free_struct(&(ldap_state).smbldap_state); - talloc_destroy(ldap_state.mem_ctx); - - DEBUG(5,("The connection to the LDAP server was closed\n")); - /* maybe free the results here --metze */ - - return NT_STATUS_OK; -} - -static struct config_functions functions = { - ldap_config_init, - ldap_config_load, - ldap_config_close -}; - -NTSTATUS config_ldap_init(void) -{ - return smb_register_config(SAMBA_CONFIG_INTERFACE_VERSION, "ldap", &functions); -} diff --git a/source/param/loadparm.c b/source/param/loadparm.c index b92fa64ee0c..6b09faf7bf9 100644 --- a/source/param/loadparm.c +++ b/source/param/loadparm.c @@ -95,7 +95,6 @@ struct _param_opt_struct { */ typedef struct { - char *szConfigBackend; char *smb_ports; char *dos_charset; char *unix_charset; @@ -123,7 +122,6 @@ typedef struct char *szSMBPasswdFile; char *szPrivateDir; char **szPassdbBackend; - char *szGumsBackend; char **szPreloadModules; char *szPasswordServer; char *szSocketOptions; @@ -224,7 +222,6 @@ typedef struct char *szLdapUserSuffix; char *szLdapIdmapSuffix; char *szLdapGroupSuffix; - char *szLdapPrivilegeSuffix; #ifdef WITH_LDAP_SAMCONFIG int ldap_port; char *szLdapServer; @@ -283,7 +280,6 @@ typedef struct BOOL bDebugPid; BOOL bDebugUid; BOOL bHostMSDfs; - BOOL bUnicode; BOOL bUseMmap; BOOL bHostnameLookups; BOOL bUnixExtensions; @@ -762,7 +758,6 @@ static const struct enum_list enum_map_to_guest[] = { static struct parm_struct parm_table[] = { {N_("Base Options"), P_SEP, P_SEPARATOR}, - {"config backend", P_STRING, P_GLOBAL, &Globals.szConfigBackend, NULL, NULL, FLAG_ADVANCED}, {"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, handle_charset, NULL, FLAG_ADVANCED}, {"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, handle_charset, NULL, FLAG_ADVANCED}, {"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, handle_charset, NULL, FLAG_ADVANCED}, @@ -800,7 +795,6 @@ static struct parm_struct parm_table[] = { {"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED}, {"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED}, {"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, - {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD}, {"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED}, {"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED}, {"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE}, @@ -889,7 +883,6 @@ static struct parm_struct parm_table[] = { {"large readwrite", P_BOOL, P_GLOBAL, &Globals.bLargeReadwrite, NULL, NULL, FLAG_ADVANCED}, {"max protocol", P_ENUM, P_GLOBAL, &Globals.maxprotocol, NULL, enum_protocol, FLAG_ADVANCED}, {"min protocol", P_ENUM, P_GLOBAL, &Globals.minprotocol, NULL, enum_protocol, FLAG_ADVANCED}, - {"unicode", P_BOOL, P_GLOBAL, &Globals.bUnicode, NULL, NULL, FLAG_ADVANCED}, {"read bmpx", P_BOOL, P_GLOBAL, &Globals.bReadbmpx, NULL, NULL, FLAG_ADVANCED}, {"read raw", P_BOOL, P_GLOBAL, &Globals.bReadRaw, NULL, NULL, FLAG_ADVANCED}, {"write raw", P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, FLAG_ADVANCED}, @@ -1081,7 +1074,6 @@ static struct parm_struct parm_table[] = { {"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED}, - {"ldap privilege suffix", P_STRING, P_GLOBAL, &Globals.szLdapPrivilegeSuffix, NULL, NULL, FLAG_ADVANCED}, {"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED}, {"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED}, {"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED}, @@ -1316,8 +1308,6 @@ static void init_globals(void) DEBUG(3, ("Initialising global parameters\n")); - string_set(&Globals.szConfigBackend, NULL); - string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE); string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR); @@ -1434,7 +1424,6 @@ static void init_globals(void) Globals.bPamPasswordChange = False; Globals.bPasswdChatDebug = False; Globals.iPasswdChatTimeout = 2; /* 2 second default. */ - Globals.bUnicode = True; /* Do unicode on the wire by default */ Globals.bNTPipeSupport = True; /* Do NT pipes by default. */ Globals.bNTStatusSupport = True; /* Use NT status by default. */ Globals.bStatCache = True; /* use stat cache by default */ @@ -1471,7 +1460,6 @@ static void init_globals(void) #else Globals.szPassdbBackend = str_list_make("smbpasswd", NULL); #endif /* WITH_LDAP_SAMCONFIG */ - string_set(&Globals.szGumsBackend, "tdbsam2"); string_set(&Globals.szLdapSuffix, ""); string_set(&Globals.szLdapFilter, "(uid=%u)"); @@ -1479,7 +1467,6 @@ static void init_globals(void) string_set(&Globals.szLdapUserSuffix, ""); string_set(&Globals.szLdapGroupSuffix, ""); string_set(&Globals.szLdapIdmapSuffix, ""); - string_set(&Globals.szLdapPrivilegeSuffix, ""); string_set(&Globals.szLdapAdminDn, ""); Globals.ldap_ssl = LDAP_SSL_ON; @@ -1622,7 +1609,6 @@ static char *lp_string(const char *s) #define FN_LOCAL_INTEGER(fn_name,val) \ int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);} -FN_GLOBAL_STRING(lp_config_backend, &Globals.szConfigBackend) FN_GLOBAL_STRING(lp_smb_ports, &Globals.smb_ports) FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset) FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset) @@ -1657,7 +1643,7 @@ FN_GLOBAL_STRING(lp_passwd_chat, &Globals.szPasswdChat) FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer) FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder) FN_GLOBAL_STRING(lp_realm, &Globals.szRealm) -FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) +FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap) FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap) FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript) FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath) @@ -1672,7 +1658,6 @@ FN_GLOBAL_STRING(lp_nis_home_map_name, &Globals.szNISHomeMapName) static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion) FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases) FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend) -FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend) FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules) FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction) FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript) @@ -1753,7 +1738,6 @@ FN_GLOBAL_BOOL(lp_pam_password_change, &Globals.bPamPasswordChange) FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync) FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug) FN_GLOBAL_INTEGER(lp_passwd_chat_timeout, &Globals.iPasswdChatTimeout) -FN_GLOBAL_BOOL(lp_unicode, &Globals.bUnicode) FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport) FN_GLOBAL_BOOL(lp_nt_status_support, &Globals.bNTStatusSupport) FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache) @@ -2981,14 +2965,6 @@ char *lp_ldap_idmap_suffix(void) return lp_string(Globals.szLdapSuffix); } -char *lp_ldap_privilege_suffix(void) -{ - if (Globals.szLdapPrivilegeSuffix[0]) - return append_ldap_suffix(Globals.szLdapPrivilegeSuffix); - - return lp_string(Globals.szLdapSuffix); -} - /*************************************************************************** ***************************************************************************/ @@ -3897,11 +3873,6 @@ BOOL lp_load(const char *pszFname, BOOL global_only, BOOL save_defaults, if (iServiceIndex >= 0) bRetval = service_ok(iServiceIndex); - if (*(lp_config_backend())) { - modconf_init(lp_config_backend()); - modconf_load(do_section, do_parameter); - } - lp_add_auto_services(lp_auto_services()); if (add_ipc) { diff --git a/source/param/modconf.c b/source/param/modconf.c deleted file mode 100644 index a9ab6f9b4a2..00000000000 --- a/source/param/modconf.c +++ /dev/null @@ -1,96 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Configuration Modules Support - Copyright (C) Simo Sorce 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_IDMAP - -struct modconf_struct { - char *name; - struct config_functions *fns; -}; - -static struct modconf_struct module; - -NTSTATUS smb_register_config(int version, const char *name, struct config_functions *fns) -{ - if ((version != SAMBA_CONFIG_INTERFACE_VERSION)) { - DEBUG(0, ("smb_register_config: Failed to register config module.\n" - "The module has been compiled with a different interface version (%d).\n" - "The supported version is: %d\n", - version, SAMBA_CONFIG_INTERFACE_VERSION)); - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !name[0]) { - DEBUG(0,("smb_register_config: Name missing!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - module.name = smb_xstrdup(name); - module.fns = fns; - DEBUG(5, ("smb_register_config: Successfully registeres config backend '%s'\n", name)); - return NT_STATUS_OK; -} - -/********************************************************************** - * Init the configuration module - *********************************************************************/ - -BOOL modconf_init(const char *config_backend) -{ - NTSTATUS ret; - BOOL bret = False; - char *name; - char *params; - - /* nothing to do */ - if (!config_backend) - return True; - - name = smb_xstrdup(config_backend); - if ((params = strchr(name, ':')) != NULL ) { - *params = '\0'; - params++; - } - - ret = smb_probe_module("config", name); - - if (NT_STATUS_IS_OK(ret) && NT_STATUS_IS_OK(module.fns->init(params))) - bret = True; - - SAFE_FREE(name); - return bret; -} - -BOOL modconf_load(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *)) -{ - if (module.fns) { - if (NT_STATUS_IS_OK(module.fns->load(sfunc, pfunc))) { - return True; - } - } - return False; -} - -NTSTATUS modconf_close(void) -{ - return module.fns->close(); -} diff --git a/source/passdb/lookup_sid.c b/source/passdb/lookup_sid.c index a365cba0082..842db8de5dc 100644 --- a/source/passdb/lookup_sid.c +++ b/source/passdb/lookup_sid.c @@ -105,44 +105,6 @@ BOOL lookup_sid(const DOM_SID *sid, fstring dom_name, fstring name, enum SID_NAM return True; } -BOOL sid_to_local_user_name(const DOM_SID *sid, fstring username) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_USER) - return False; - - fstrcpy(username, name); - return True; -} - -BOOL sid_to_local_dom_grp_name(const DOM_SID *sid, fstring groupname) -{ - fstring dom_name; - fstring name; - enum SID_NAME_USE type; - - if (!sid_check_is_in_our_domain(sid)) - return False; - - if (!lookup_sid(sid, dom_name, name, &type)) - return False; - - if (type != SID_NAME_DOM_GRP) - return False; - - fstrcpy(groupname, name); - return True; -} - /***************************************************************** Id mapping cache. This is to avoid Winbind mappings already diff --git a/source/passdb/passdb.c b/source/passdb/passdb.c index 73f613535d9..04e41b79707 100644 --- a/source/passdb/passdb.c +++ b/source/passdb/passdb.c @@ -800,6 +800,8 @@ BOOL local_lookup_sid(const DOM_SID *sid, char *name, enum SID_NAME_USE *psid_na gid = pdb_group_rid_to_gid(rid); gr = getgrgid(gid); + *psid_name_use = SID_NAME_ALIAS; + DEBUG(5,("local_lookup_sid: looking up gid %u %s\n", (unsigned int)gid, gr ? "succeeded" : "failed" )); @@ -1890,8 +1892,6 @@ BOOL init_sam_from_buffer_v1(SAM_ACCOUNT *sampass, uint8 *buf, uint32 buflen) done: - SAFE_FREE(lm_pw_ptr); - SAFE_FREE(nt_pw_ptr); SAFE_FREE(username); SAFE_FREE(domain); SAFE_FREE(nt_username); @@ -2339,50 +2339,3 @@ BOOL pdb_increment_bad_password_count(SAM_ACCOUNT *sampass) return True; } - -BOOL get_sids_from_priv(const char *privname, DOM_SID **sids, int *num) -{ - char *sids_string; - char *s; - fstring tok; - - if (!pdb_get_privilege_entry(privname, &sids_string)) - return False; - - s = sids_string; - - while (next_token(&s, tok, ",", sizeof(tok))) { - DOM_SID sid; - DEBUG(10, ("converting SID %s\n", tok)); - - if (!string_to_sid(&sid, tok)) { - DEBUG(3, ("Could not convert SID\n")); - continue; - } - - add_sid_to_array(&sid, sids, num); - } - - SAFE_FREE(sids_string); - return True; -} - -BOOL get_priv_for_sid(const DOM_SID *sid, PRIVILEGE_SET *priv) -{ - extern PRIVS privs[]; - int i; - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - DOM_SID *sids; - int j, num; - - if (!get_sids_from_priv(privs[i].priv, &sids, &num)) - continue; - - for (j=0; j<num; j++) { - if (sid_compare(sid, &sids[j]) == 0) - add_privilege_by_name(priv, privs[i].priv); - } - SAFE_FREE(sids); - } - return True; -} diff --git a/source/passdb/pdb_get_set.c b/source/passdb/pdb_get_set.c index 908588c8988..e69dac524f0 100644 --- a/source/passdb/pdb_get_set.c +++ b/source/passdb/pdb_get_set.c @@ -314,6 +314,14 @@ const char* pdb_get_munged_dial (const SAM_ACCOUNT *sampass) return (NULL); } +uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass) +{ + if (sampass) + return (sampass->private.fields_present); + else + return (-1); +} + uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass) { if (sampass) @@ -1001,6 +1009,16 @@ BOOL pdb_set_plaintext_pw_only (SAM_ACCOUNT *sampass, const char *password, enum return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag); } +BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag) +{ + if (!sampass) + return False; + + sampass->private.fields_present = fields_present; + + return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag); +} + BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag) { if (!sampass) @@ -1155,4 +1173,3 @@ uint32 pdb_build_fields_present (SAM_ACCOUNT *sampass) /* value set to all for testing */ return 0x00ffffff; } - diff --git a/source/passdb/pdb_guest.c b/source/passdb/pdb_guest.c index 8c1d4c7b0fe..510cf6abc8b 100644 --- a/source/passdb/pdb_guest.c +++ b/source/passdb/pdb_guest.c @@ -152,21 +152,6 @@ NTSTATUS pdb_init_guestsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, c (*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping; - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid; - (*pdb_method)->get_group_list = pdb_nop_get_group_list; - (*pdb_method)->get_group_sids = pdb_nop_get_group_sids; - (*pdb_method)->add_group = pdb_nop_add_group; - (*pdb_method)->update_group = pdb_nop_update_group; - (*pdb_method)->delete_group = pdb_nop_delete_group; - (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = pdb_nop_get_group_uids; -*/ - /* There's not very much to initialise here */ return NT_STATUS_OK; diff --git a/source/passdb/pdb_gums.c b/source/passdb/pdb_gums.c deleted file mode 100644 index f34d3a94b5a..00000000000 --- a/source/passdb/pdb_gums.c +++ /dev/null @@ -1,464 +0,0 @@ -/* - * GUMS password backend for samba - * Copyright (C) Simo Sorce 2003-2004 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" - -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) -#define BOOL_SET_OR_FAIL(func, label) do { if (!func) { DEBUG(0, ("%s: Setting sam object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - -struct gums_gw_data { - GUMS_FUNCTIONS *fns; - void *handle; -}; - -static NTSTATUS gums_object_to_sam_account(SAM_ACCOUNT *sa, GUMS_OBJECT *go) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; -/* - if (!NT_STATUS_IS_OK(ret = pdb_init_sam(sa))) { - DEBUG(0, ("gums_object_to_sam_account: error occurred while creating sam_account object!\n")); - goto error; - } -*/ - if (gums_get_object_type(go) != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - BOOL_SET_OR_FAIL(pdb_set_acct_ctrl(sa, gums_get_user_acct_ctrl(go), PDB_SET), error); - - /* domain */ - /* unix_homedir ? */ - - nt_time = gums_get_user_logon_time(go); - BOOL_SET_OR_FAIL(pdb_set_logon_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_logoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_logoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_kickoff_time(go); - BOOL_SET_OR_FAIL(pdb_set_kickoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_last_set_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_last_set_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_can_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_can_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - nt_time = gums_get_user_pass_must_change_time(go); - BOOL_SET_OR_FAIL(pdb_set_pass_must_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours_len(sa, gums_get_user_hours_len(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_divs(sa, gums_get_user_logon_divs(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_user_sid(sa, gums_get_object_sid(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_group_sid(sa, gums_get_user_pri_group(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_nt_username(sa, gums_get_object_name(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_fullname(sa, gums_get_user_fullname(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_logon_script(sa, gums_get_user_logon_script(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_profile_path(sa, gums_get_user_profile_path(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_dir_drive(sa, gums_get_user_dir_drive(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_homedir(sa, gums_get_user_homedir(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_acct_desc(sa, gums_get_object_description(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_workstations(sa, gums_get_user_workstations(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_str(sa, gums_get_user_unknown_str(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_munged_dial(sa, gums_get_user_munged_dial(go), PDB_SET), error); - - pwd = gums_get_user_nt_pwd(go); - if (!pdb_set_nt_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set nt password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - pwd = gums_get_user_lm_pwd(go); - if (!pdb_set_lanman_passwd(sa, pwd.data, PDB_SET)) { - DEBUG(5, ("gums_object_to_sam_account: unable to set lanman password")); - data_blob_clear_free(&pwd); - ret = NT_STATUS_UNSUCCESSFUL; - goto error; - } - data_blob_clear_free(&pwd); - - BOOL_SET_OR_FAIL(pdb_set_bad_password_count(sa, gums_get_user_bad_password_count(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_unknown_6(sa, gums_get_user_unknown_6(go), PDB_SET), error); - BOOL_SET_OR_FAIL(pdb_set_hours(sa, gums_get_user_hours(go), PDB_SET), error); - - return NT_STATUS_OK; - -error: - if (sa && (sa->free_fn)) { - sa->free_fn(&sa); - } - - return ret; -} - -static NTSTATUS sam_account_to_gums_object(GUMS_OBJECT *go, SAM_ACCOUNT *sa) -{ - NTSTATUS ret; - NTTIME nt_time; - DATA_BLOB pwd; - - if (!go || !sa) - return NT_STATUS_INVALID_PARAMETER; - -/* - ret = gums_create_object(go, GUMS_OBJ_NORMAL_USER); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("sam_account_to_gums_object: error occurred while creating gums object!\n")); - goto error; - } -*/ - - /* sec_desc */ - - SET_OR_FAIL(gums_set_object_name(go, pdb_get_username(sa)), error); - - SET_OR_FAIL(gums_set_object_sid(go, pdb_get_user_sid(sa)), error); - SET_OR_FAIL(gums_set_user_pri_group(go, pdb_get_group_sid(sa)), error); - - if (pdb_get_acct_desc(sa)) - SET_OR_FAIL(gums_set_object_description(go, pdb_get_acct_desc(sa)), error); - if (pdb_get_fullname(sa)) - SET_OR_FAIL(gums_set_user_fullname(go, pdb_get_fullname(sa)), error); - if (pdb_get_homedir(sa)) - SET_OR_FAIL(gums_set_user_homedir(go, pdb_get_homedir(sa)), error); - if (pdb_get_dir_drive(sa)) - SET_OR_FAIL(gums_set_user_dir_drive(go, pdb_get_dir_drive(sa)), error); - if (pdb_get_logon_script(sa)) - SET_OR_FAIL(gums_set_user_logon_script(go, pdb_get_logon_script(sa)), error); - if (pdb_get_profile_path(sa)) - SET_OR_FAIL(gums_set_user_profile_path(go, pdb_get_profile_path(sa)), error); - if (pdb_get_workstations(sa)) - SET_OR_FAIL(gums_set_user_workstations(go, pdb_get_workstations(sa)), error); - if (pdb_get_unknown_str(sa)) - SET_OR_FAIL(gums_set_user_unknown_str(go, pdb_get_unknown_str(sa)), error); - if (pdb_get_munged_dial(sa)) - SET_OR_FAIL(gums_set_user_munged_dial(go, pdb_get_munged_dial(sa)), error); - SET_OR_FAIL(gums_set_user_logon_divs(go, pdb_get_logon_divs(sa)), error); - if (pdb_get_hours(sa)) - SET_OR_FAIL(gums_set_user_hours(go, pdb_get_hours_len(sa), pdb_get_hours(sa)), error); - SET_OR_FAIL(gums_set_user_bad_password_count(go, pdb_get_bad_password_count(sa)), error); - SET_OR_FAIL(gums_set_user_unknown_6(go, pdb_get_unknown_6(sa)), error); - - unix_to_nt_time(&nt_time, pdb_get_logon_time(sa)); - SET_OR_FAIL(gums_set_user_logon_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_logoff_time(sa)); - SET_OR_FAIL(gums_set_user_logoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_kickoff_time(sa)); - SET_OR_FAIL(gums_set_user_kickoff_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_last_set_time(sa)); - SET_OR_FAIL(gums_set_user_pass_last_set_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_can_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_can_change_time(go, nt_time), error); - unix_to_nt_time(&nt_time, pdb_get_pass_must_change_time(sa)); - SET_OR_FAIL(gums_set_user_pass_must_change_time(go, nt_time), error); - - pwd = data_blob(pdb_get_nt_passwd(sa), NT_HASH_LEN); - ret = gums_set_user_nt_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set nt password!\n")); - goto error; - } - pwd = data_blob(pdb_get_lanman_passwd(sa), LM_HASH_LEN); - ret = gums_set_user_lm_pwd(go, pwd); - data_blob_clear_free(&pwd); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(5, ("sam_account_to_gums_object: failed to set lanman password!\n")); - goto error; - } - - SET_OR_FAIL(gums_set_user_acct_ctrl(go, pdb_get_acct_ctrl(sa)), error); - - return NT_STATUS_OK; - -error: - gums_reset_object(go); - return ret; -} - -static NTSTATUS gums_setsampwent(struct pdb_methods *methods, BOOL update) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - return ggwd->fns->enumerate_objects_start(&(ggwd->handle), NULL, GUMS_OBJ_NORMAL_USER); -} - -static NTSTATUS gums_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->enumerate_objects_get_next(&go, ggwd->handle))) { - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -static void gums_endsampwent(struct pdb_methods *methods) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - ggwd->fns->enumerate_objects_stop(ggwd->handle); -} - -/****************************************************************** - Lookup a name in the SAM database - ******************************************************************/ - -static NTSTATUS gums_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *account, const char *name) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_name(&go, global_myname(), name, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwnam: unable to find account with name %s", name)); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by SID - **************************************************************************/ - -static NTSTATUS gums_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT *account, const DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, sid, GUMS_OBJ_NORMAL_USER))) { - DEBUG(10, ("gums_getsampwsid: unable to find account with sid %s", sid_string_static(sid))); - return ret; - } - - ret = gums_object_to_sam_account(account, go); - - gums_destroy_object(&go); - return ret; -} - -/*************************************************************************** - Search by rid - **************************************************************************/ - -#if 0 - -static NTSTATUS gums_getsampwrid (struct pdb_methods *methods, - SAM_ACCOUNT *account, uint32 rid) -{ - DOM_SID sid; - - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - gums_getsampwsid(methods, account, &sid); - - return NT_STATUS_OK; -} - -#endif - -/*************************************************************************** - Updates a SAM_ACCOUNT - - This isn't a particulary practical option for pdb_guest. We certainly don't - want to twidde the filesystem, so what should we do? - - Current plan is to transparently add the account. It should appear - as if the pdb_guest version was modified, but its actually stored somehwere. - ****************************************************************************/ - -static NTSTATUS gums_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_add_sam_account: error occurred while creating gums object!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_add_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, pdb_get_user_sid(account), GUMS_OBJ_NORMAL_USER))) { - DEBUG(0, ("gums_update_sam_account: update on invalid account!\n")); - return ret; - } - - if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) { - DEBUG(0, ("gums_update_sam_account: error occurred while converting object!\n")); - goto done; - } - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) { - DEBUG(0, ("gums_update_sam_account: unable to store account!\n")); - goto done; - } - -done: - gums_destroy_object(&go); - return ret; -} - -static NTSTATUS gums_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data); - - if (!account) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = ggwd->fns->delete_object(pdb_get_user_sid(account)))) { - DEBUG(0, ("gums_add_sam_account: unable to store account!\n")); - } - - return ret; -} - - -static void free_gw_private_data(void **vp) -{ - struct gums_gw_data *ggwd = (struct gums_gw_data *)vp; - ggwd->fns->free_private_data(&(ggwd->fns->private_data)); - ggwd->fns = NULL; - ggwd->handle = NULL; - SAFE_FREE(vp); -} - -NTSTATUS pdb_init_gums_gateway(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) -{ - NTSTATUS ret; - struct gums_gw_data *ggwd; - - if (!pdb_context) { - DEBUG(0, ("invalid pdb_context specified\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(ret = gums_setup_backend(lp_gums_backend()))) { - DEBUG(0, ("pdb_init_gums_gateway: initialization error!\n")); - return ret; - } - - ggwd = (struct gums_gw_data *)malloc(sizeof(struct gums_gw_data)); - if (!ggwd) - return NT_STATUS_NO_MEMORY; - memset(ggwd, 0, sizeof(struct gums_gw_data)); - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&(ggwd->fns)))) { - goto error; - } - - if (!NT_STATUS_IS_OK(ret = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { - goto error; - } - - (*pdb_method)->name = "gums_gateway"; - - (*pdb_method)->setsampwent = gums_setsampwent; - (*pdb_method)->getsampwent = gums_getsampwent; - (*pdb_method)->endsampwent = gums_endsampwent; - (*pdb_method)->getsampwnam = gums_getsampwnam; - (*pdb_method)->getsampwsid = gums_getsampwsid; - (*pdb_method)->add_sam_account = gums_add_sam_account; - (*pdb_method)->update_sam_account = gums_update_sam_account; - (*pdb_method)->delete_sam_account = gums_delete_sam_account; - - /* we should do no group mapping here */ -/* (*pdb_method)->getgrsid = gums_getgrsid; - (*pdb_method)->getgrgid = gums_getgrgid; - (*pdb_method)->getgrnam = gums_getgrnam; - (*pdb_method)->add_group_mapping_entry = gums_add_group_mapping_entry; - (*pdb_method)->update_group_mapping_entry = gums_update_group_mapping_entry; - (*pdb_method)->delete_group_mapping_entry = gums_delete_group_mapping_entry; - (*pdb_method)->enum_group_mapping = gums_enum_group_mapping;*/ - - /* we do not handle groups in guest backend */ -/* FIXME - (*pdb_method)->get_group_info_by_sid = gums_get_group_info_by_sid; - (*pdb_method)->get_group_list = gums_get_group_list; - (*pdb_method)->get_group_sids = gums_get_group_sids; - (*pdb_method)->add_group = gums_add_group; - (*pdb_method)->update_group = gums_update_group; - (*pdb_method)->delete_group = gums_delete_group; - (*pdb_method)->add_sid_to_group = gums_add_sid_to_group; - (*pdb_method)->remove_sid_from_group = gums_remove_sid_from_group; - (*pdb_method)->get_group_info_by_name = gums_get_group_info_by_name; - (*pdb_method)->get_group_info_by_nt_name = gums_get_group_info_by_nt_name; - (*pdb_method)->get_group_uids = gums_get_group_uids; -*/ - - (*pdb_method)->private_data = ggwd; - (*pdb_method)->free_private_data = free_gw_private_data; - - return NT_STATUS_OK; - -error: - SAFE_FREE(ggwd); - return ret; -} - -NTSTATUS pdb_gums_init(void) -{ - return smb_register_passdb(PASSDB_INTERFACE_VERSION, "gums", pdb_init_gums_gateway); -} - diff --git a/source/passdb/pdb_interface.c b/source/passdb/pdb_interface.c index b1620aa9eb6..06097d3557b 100644 --- a/source/passdb/pdb_interface.c +++ b/source/passdb/pdb_interface.c @@ -232,12 +232,25 @@ static NTSTATUS context_getsampwsid(struct pdb_context *context, SAM_ACCOUNT *sa static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if ((!context) || (!context->pdb_methods)) { DEBUG(0, ("invalid pdb_context specified!\n")); return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on add' should be done */ /* We now add a new account to the first database listed. * Should we? */ @@ -248,6 +261,8 @@ static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct) { NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; + const char *lm_pw, *nt_pw; + uint16 acb_flags; if (!context) { DEBUG(0, ("invalid pdb_context specified!\n")); @@ -259,6 +274,17 @@ static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCO return ret; } + /* disable acccounts with no passwords (that has not + been allowed by the ACB_PWNOTREQ bit */ + + lm_pw = pdb_get_lanman_passwd( sam_acct ); + nt_pw = pdb_get_nt_passwd( sam_acct ); + acb_flags = pdb_get_acct_ctrl( sam_acct ); + if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { + acb_flags |= ACB_DISABLED; + pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); + } + /** @todo This is where a 're-read on update' should be done */ return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct); @@ -426,388 +452,6 @@ static NTSTATUS context_enum_group_mapping(struct pdb_context *context, num_entries, unix_only); } -static NTSTATUS context_find_alias(struct pdb_context *context, - const char *name, DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->find_alias(context->pdb_methods, - name, sid); -} - -static NTSTATUS context_create_alias(struct pdb_context *context, - const char *name, uint32 *rid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->create_alias(context->pdb_methods, - name, rid); -} - -static NTSTATUS context_delete_alias(struct pdb_context *context, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->delete_alias(context->pdb_methods, sid); -} - -static NTSTATUS context_enum_aliases(struct pdb_context *context, - const DOM_SID *sid, - uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, - struct acct_info **info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliases(context->pdb_methods, - sid, start_idx, max_entries, - num_aliases, info); -} - -static NTSTATUS context_get_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->get_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_set_aliasinfo(struct pdb_context *context, - const DOM_SID *sid, - struct acct_info *info) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->set_aliasinfo(context->pdb_methods, - sid, info); -} - -static NTSTATUS context_add_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_del_aliasmem(struct pdb_context *context, - const DOM_SID *alias, - const DOM_SID *member) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->del_aliasmem(context->pdb_methods, - alias, member); -} - -static NTSTATUS context_enum_aliasmem(struct pdb_context *context, - const DOM_SID *alias, DOM_SID **members, - int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->enum_aliasmem(context->pdb_methods, - alias, members, num); -} - -static NTSTATUS context_enum_alias_memberships(struct pdb_context *context, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if ((!context) || (!context->pdb_methods)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods-> - enum_alias_memberships(context->pdb_methods, sid, aliases, - num); -} - -static NTSTATUS context_settrustpwent(struct pdb_context *context) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->settrustpwent(cur_methods); - if (NT_STATUS_IS_OK(ret)) { - context->pdb_methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwent(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwent(cur_methods, trust); - if (!NT_STATUS_IS_ERR(ret)) { - /* prevent from segfaulting when gettrustpwent - was called just to rewind enumeration */ - if (trust) trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwnam(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwnam(cur_methods, trust, name); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_gettrustpwsid(struct pdb_context *context, - SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - struct pdb_methods *cur_methods; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - cur_methods = context->pdb_methods; - - while (cur_methods) { - ret = cur_methods->gettrustpwsid(cur_methods, trust, sid); - if (NT_STATUS_IS_OK(ret)) { - trust->methods = cur_methods; - return ret; - } - cur_methods = cur_methods->next; - } - - return ret; -} - -static NTSTATUS context_add_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust); -} - -static NTSTATUS context_update_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->update_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_delete_trust_passwd(struct pdb_context *context, - SAM_TRUST_PASSWD *trust) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - if (!context) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - - if (!trust || !trust->methods) { - DEBUG(0, ("invalid trust pointer specified!\n")); - return ret; - } - - return trust->methods->delete_trust_passwd(trust->methods, trust); -} - -static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_set(struct pdb_context *context, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, sid_list, num_sids, privset))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - -static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - struct pdb_methods *curmethods; - if ((!context)) { - DEBUG(0, ("invalid pdb_context specified!\n")); - return ret; - } - curmethods = context->pdb_methods; - while (curmethods){ - if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) { - return ret; - } - curmethods = curmethods->next; - } - - return ret; -} - /****************************************************************** Free and cleanup a pdb context, any associated data and anything that the attached modules might have associated. @@ -923,27 +567,6 @@ static NTSTATUS make_pdb_context(struct pdb_context **context) (*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry; (*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry; (*context)->pdb_enum_group_mapping = context_enum_group_mapping; - (*context)->pdb_find_alias = context_find_alias; - (*context)->pdb_create_alias = context_create_alias; - (*context)->pdb_delete_alias = context_delete_alias; - (*context)->pdb_enum_aliases = context_enum_aliases; - (*context)->pdb_get_aliasinfo = context_get_aliasinfo; - (*context)->pdb_set_aliasinfo = context_set_aliasinfo; - (*context)->pdb_add_aliasmem = context_add_aliasmem; - (*context)->pdb_del_aliasmem = context_del_aliasmem; - (*context)->pdb_enum_aliasmem = context_enum_aliasmem; - (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships; - (*context)->pdb_settrustpwent = context_settrustpwent; - (*context)->pdb_gettrustpwent = context_gettrustpwent; - (*context)->pdb_gettrustpwnam = context_gettrustpwnam; - (*context)->pdb_gettrustpwsid = context_gettrustpwsid; - (*context)->pdb_add_trust_passwd = context_add_trust_passwd; - (*context)->pdb_update_trust_passwd = context_update_trust_passwd; - (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd; - (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege; - (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege; - (*context)->pdb_get_privilege_set = context_get_privilege_set; - (*context)->pdb_get_privilege_entry = context_get_privilege_entry; (*context)->free_fn = free_pdb_context; @@ -1111,48 +734,22 @@ BOOL pdb_getsampwsid(SAM_ACCOUNT *sam_acct, const DOM_SID *sid) BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct)); } BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct) { struct pdb_context *pdb_context = pdb_get_static_context(False); - const char *lm_pw, *nt_pw; - uint16 acb_flags; if (!pdb_context) { return False; } - /* disable acccounts with no passwords (that has not - been allowed by the ACB_PWNOTREQ bit */ - - lm_pw = pdb_get_lanman_passwd( sam_acct ); - nt_pw = pdb_get_nt_passwd( sam_acct ); - acb_flags = pdb_get_acct_ctrl( sam_acct ); - if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) { - acb_flags |= ACB_DISABLED; - pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED ); - } - return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct)); } @@ -1253,183 +850,6 @@ BOOL pdb_enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, rmap, num_entries, unix_only)); } -BOOL pdb_find_alias(const char *name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context, - name, sid)); -} - -BOOL pdb_create_alias(const char *name, uint32 *rid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_create_alias(pdb_context, - name, rid)); -} - -BOOL pdb_delete_alias(const DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context, - sid)); - -} - -BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries, - uint32 *num_aliases, struct acct_info **info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid, - start_idx, - max_entries, - num_aliases, - info)); -} - -BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid, - info)); -} - -BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_del_aliasmem(pdb_context, alias, member)); -} - -BOOL pdb_enum_aliasmem(const DOM_SID *alias, - DOM_SID **members, int *num_members) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_aliasmem(pdb_context, alias, - members, num_members)); -} - -BOOL pdb_enum_alias_memberships(const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_enum_alias_memberships(pdb_context, sid, - aliases, num)); -} - -BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_add_sid_to_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_remove_sid_from_privilege(pdb_context, priv_name, sid)); -} - -BOOL pdb_get_privilege_set(DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_set(pdb_context, sid_list, num_sids, privset)); -} - -BOOL pdb_get_privilege_entry(const char *privname, char **sid_list) -{ - struct pdb_context *pdb_context = pdb_get_static_context(False); - - if (!pdb_context) { - return False; - } - - return NT_STATUS_IS_OK(pdb_context-> - pdb_get_privilege_entry(pdb_context, privname, sid_list)); -} - /*************************************************************** Initialize the static context (at smbd startup etc). @@ -1487,66 +907,6 @@ static void pdb_default_endsampwent(struct pdb_methods *methods) return; /* NT_STATUS_NOT_IMPLEMENTED; */ } -static NTSTATUS pdb_default_settrustpwent(struct pdb_methods *methods) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const char* name) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust, - const DOM_SID* sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - -static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, DOM_SID *sid_list, int num_sids, PRIVILEGE_SET *privset) -{ - /* by default return the empty privilege set as otherwise login will - * be denied if a backend does not support privilege sets */ - return NT_STATUS_OK; -} - -static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list) -{ - return NT_STATUS_NOT_IMPLEMENTED; -} - - NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) { *methods = talloc(mem_ctx, sizeof(struct pdb_methods)); @@ -1573,29 +933,6 @@ NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods) (*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry; (*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry; (*methods)->enum_group_mapping = pdb_default_enum_group_mapping; - (*methods)->find_alias = pdb_default_find_alias; - (*methods)->create_alias = pdb_default_create_alias; - (*methods)->delete_alias = pdb_default_delete_alias; - (*methods)->enum_aliases = pdb_default_enum_aliases; - (*methods)->get_aliasinfo = pdb_default_get_aliasinfo; - (*methods)->set_aliasinfo = pdb_default_set_aliasinfo; - (*methods)->add_aliasmem = pdb_default_add_aliasmem; - (*methods)->del_aliasmem = pdb_default_del_aliasmem; - (*methods)->enum_aliasmem = pdb_default_enum_aliasmem; - (*methods)->enum_alias_memberships = pdb_default_alias_memberships; - - (*methods)->settrustpwent = pdb_default_settrustpwent; - (*methods)->gettrustpwent = pdb_default_gettrustpwent; - (*methods)->gettrustpwnam = pdb_default_gettrustpwnam; - (*methods)->gettrustpwsid = pdb_default_gettrustpwsid; - (*methods)->add_trust_passwd = pdb_default_add_trust_passwd; - (*methods)->update_trust_passwd = pdb_default_update_trust_passwd; - (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd; - - (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege; - (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege; - (*methods)->get_privilege_set = pdb_default_get_privilege_set; - (*methods)->get_privilege_entry = pdb_default_get_privilege_entry; return NT_STATUS_OK; } diff --git a/source/passdb/pdb_ldap.c b/source/passdb/pdb_ldap.c index 23ab0f9965d..689c7010418 100644 --- a/source/passdb/pdb_ldap.c +++ b/source/passdb/pdb_ldap.c @@ -1990,8 +1990,8 @@ static int ldapsam_search_one_group_by_gid(struct ldapsam_privates *ldap_state, { pstring filter; - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%lu))", - LDAP_OBJ_POSIXGROUP, LDAP_OBJ_IDMAP_ENTRY, + pstr_sprintf(filter, "(&(objectClass=%s)(%s=%lu))", + LDAP_OBJ_POSIXGROUP, get_attr_key2string(groupmap_attr_list, LDAP_ATTR_GIDNUMBER), (unsigned long)gid); @@ -2033,37 +2033,6 @@ static NTSTATUS ldapsam_add_group_mapping_entry(struct pdb_methods *methods, count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); if ( count == 0 ) { - /* There's no posixGroup account, let's try to find an - * appropriate idmap entry for aliases */ - - pstring suffix; - pstring filter; - char **attr_list; - - ldap_msgfree(result); - - pstrcpy( suffix, lp_ldap_idmap_suffix() ); - pstr_sprintf(filter, "(&(objectClass=%s)(%s=%u))", - LDAP_OBJ_IDMAP_ENTRY, LDAP_ATTRIBUTE_GIDNUMBER, - map->gid); - - attr_list = get_attr_list( sidmap_attr_list ); - rc = smbldap_search(ldap_state->smbldap_state, suffix, - LDAP_SCOPE_SUBTREE, filter, attr_list, - 0, &result); - - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(3,("Failure looking up entry (%s)\n", - ldap_err2string(rc) )); - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - } - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, result); - if ( count == 0 ) { ldap_msgfree(result); return NT_STATUS_UNSUCCESSFUL; } @@ -2338,560 +2307,6 @@ static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, return NT_STATUS_OK; } -static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member, - int modop) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - char *dn; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - LDAPMod **mods = NULL; - int rc; - - pstring filter; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - smbldap_set_mod(&mods, modop, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), - sid_string_static(member)); - - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - ldap_mods_free(mods, True); - ldap_msgfree(result); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - ldap_get_option(ldap_state->smbldap_state->ldap_struct, - LDAP_OPT_ERROR_STRING,&ld_error); - - DEBUG(0, ("ldapsam_delete_entry: Could not delete attributes " - "for %s, error: %s (%s)\n", dn, ldap_err2string(rc), - ld_error?ld_error:"unknown")); - SAFE_FREE(ld_error); - SAFE_FREE(dn); - return NT_STATUS_UNSUCCESSFUL; - } - - SAFE_FREE(dn); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, - const DOM_SID *member) -{ - return ldapsam_modify_aliasmem(methods, alias, member, - LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, - const DOM_SID *alias, DOM_SID **members, - int *num_members) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - char **values; - int i; - pstring filter; - - *members = NULL; - *num_members = 0; - - pstr_sprintf(filter, "(&(|(objectClass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_GROUP_SID), - sid_string_static(alias)); - - if (ldapsam_search_one_group(ldap_state, filter, - &result) != LDAP_SUCCESS) - return NT_STATUS_NO_SUCH_ALIAS; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - DEBUG(4, ("ldapsam_add_aliasmem: Did not find alias\n")); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - if (count > 1) { - DEBUG(1, ("ldapsam_getgroup: Duplicate entries for filter %s: " - "count=%d\n", filter, count)); - ldap_msgfree(result); - return NT_STATUS_NO_SUCH_ALIAS; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - - if (!entry) { - ldap_msgfree(result); - return NT_STATUS_UNSUCCESSFUL; - } - - values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST)); - - if (values == NULL) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - count = ldap_count_values(values); - - for (i=0; i<count; i++) { - DOM_SID member; - - if (!string_to_sid(&member, values[i])) - continue; - - add_sid_to_array(&member, members, num_members); - } - - ldap_value_free(values); - ldap_msgfree(result); - - return NT_STATUS_OK; -} - -static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, - const DOM_SID *sid, - DOM_SID **aliases, int *num) -{ - struct ldapsam_privates *ldap_state = - (struct ldapsam_privates *)methods->private_data; - - fstring sid_string; - const char *attrs[] = { LDAP_ATTRIBUTE_SID, NULL }; - - LDAPMessage *result = NULL; - LDAPMessage *entry = NULL; - int count; - int rc; - pstring filter; - - sid_to_string(sid_string, sid); - pstr_sprintf(filter, "(&(|(objectclass=%s)(objectclass=%s))(%s=%s))", - LDAP_OBJ_GROUPMAP, LDAP_OBJ_IDMAP_ENTRY, - get_attr_key2string(groupmap_attr_list, - LDAP_ATTR_SID_LIST), sid_string); - - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_group_suffix(), - LDAP_SCOPE_SUBTREE, filter, attrs, 0, &result); - - if (rc != LDAP_SUCCESS) - return NT_STATUS_UNSUCCESSFUL; - - *aliases = NULL; - *num = 0; - - count = ldap_count_entries(ldap_state->smbldap_state->ldap_struct, - result); - - if (count < 1) { - ldap_msgfree(result); - return NT_STATUS_OK; - } - - - for (entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, - result); - entry != NULL; - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, - entry)) - { - DOM_SID alias; - char **vals; - vals = ldap_get_values(ldap_state->smbldap_state->ldap_struct, - entry, LDAP_ATTRIBUTE_SID); - - if (vals == NULL) - continue; - - if (vals[0] == NULL) { - ldap_value_free(vals); - continue; - } - - if (!string_to_sid(&alias, vals[0])) { - ldap_value_free(vals); - continue; - } - - add_sid_to_array(&alias, aliases, num); - ldap_value_free(vals); - } - - ldap_msgfree(result); - return NT_STATUS_OK; -} - -/********************************************************************** - Privileges related functions - *********************************************************************/ - -static NTSTATUS ldapsam_modify_sid_list_for_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid, int ldap_op) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - LDAPMod **mods = NULL; - fstring sid_str; - fstring filter; - char **attr_list, *dn; - int rc; - - if ((sid == NULL) || (!sid_to_string(sid_str, sid))) { - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Invalid SID\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - /* if the privilege does not exist and we are adding then - * create it */ - if (ldap_op == LDAP_MOD_ADD) { - - DEBUG(3, ("Privilege not found on ldap tree, creating a new entry\n")); - if (asprintf(&dn, "sambaPrivName=%s,%s", privname, lp_ldap_privilege_suffix()) < 0) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: Out of memory\n")); - goto done; - } - - smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaPrivName", privname); - - smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_PRIVILEGE); - - rc = smbldap_add(ldap_state->smbldap_state, dn, mods); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to add privilege (%s) dn= %s with: %s\n\t%s\n", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - - SAFE_FREE(ld_error); - goto done; - } - - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - } else { - goto done; - } - } - /* entry found */ - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - /* retrieve the dn */ - dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry); - if (!dn) { - goto done; - } - - /* prepare the modification */ - smbldap_set_mod(&mods, ldap_op, "sambaSIDList", sid_str); - - /* modify the privilege */ - rc = smbldap_modify(ldap_state->smbldap_state, dn, mods); - - /* free used structures */ - ldap_mods_free(mods, True); - - if (rc != LDAP_SUCCESS) { - char *ld_error = NULL; - - ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error); - DEBUG(1, - ("ldapsam_modify_sid_list_for_privilege:" - "Failed to %s sid for privilege (%s) dn= %s with: %s\n\t%s\n", - (ldap_op == LDAP_MOD_ADD) ? "add" : "remove", - privname, - dn, ldap_err2string(rc), - ld_error ? ld_error : "unknown") - ); - SAFE_FREE(ld_error); - goto done; - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -static NTSTATUS ldapsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_ADD); -} - -static NTSTATUS ldapsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid) -{ - return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_DELETE); -} - -static NTSTATUS ldapsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring sid_str; - fstring filter; - char **sid_list; - char **attr_list; - int rc, i; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pstr_sprintf(filter, "(objectclass=%s)", LDAP_OBJ_PRIVILEGE); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_set: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_set: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_set: No privileges in ldap tree\n")); - ret = NT_STATUS_OK; - goto done; - } - - DEBUG(2, ("ldapsam_get_privilege_set: %d entries in the base!\n", - ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result))); - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - while (entry != NULL) { - char **values = NULL; - - for(i=0; sid_list[i] != NULL; i++) { - pstring privname; - int j; - - if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "sambaPrivName", privname, sizeof(pstring))) { - goto loop; - } - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_set: SID List not found skipping privilege\n")); - goto loop; - } - - j = 0; - while (values[j] != 0) { - if (strcmp(values[j], sid_list[i]) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", privname)); - add_privilege_by_name(privset, privname); - goto loop; - } - j++; - } - - if (values) { - ldap_value_free(values); - values = NULL; - } - } - loop: - if (values) { - ldap_value_free(values); - } - - entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry); - } - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - return ret; -} - -static NTSTATUS ldapsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, - char **sid_list) -{ - struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - LDAPMessage *entry = NULL; - fstring filter; - char **attr_list, **values; - int rc, i, len; - - *sid_list = NULL; - pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname); - attr_list = get_attr_list(privilege_attr_list); - rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(), - LDAP_SCOPE_SUBTREE, filter, - attr_list, 0, &ldap_state->result); - free_attr_list(attr_list); - - if (rc != LDAP_SUCCESS) { - DEBUG(0, ("ldapsam_get_privilege_entry: LDAP search failed: %s\n", ldap_err2string(rc))); - DEBUG(3, ("ldapsam_get_privilege_entry: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter)); - ldap_msgfree(ldap_state->result); - ldap_state->result = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) { - DEBUG(3, ("ldapsam_get_privilege_entry: No such privilege (%s) in ldap tree\n", privname)); - goto done; - } - - entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result); - - if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) { - DEBUG(10, ("ldapsam_get_privilege_entry: SID List not found skipping privilege\n")); - ret = NT_STATUS_OK; - goto done; - } - - for (i = 0, len = 0; values[i] != 0; i++ ) { - len = len + strlen(values[i]) + 1; - } - - *sid_list = (char *)malloc(len); - if ((*sid_list) == NULL) { - DEBUG(0, ("ldapsam_get_privilege_entry: Out of memory!\n")); - ldap_value_free(values); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - (*sid_list)[0] = '\0'; - - for (i = 0; values[i] != 0; i++ ) { - if (i != 0) { - strlcat(*sid_list, ",", len); - } - strlcat(*sid_list, values[i], len); - } - - ldap_value_free(values); - ret = NT_STATUS_OK; -done: - return ret; -} - - /********************************************************************** Housekeeping *********************************************************************/ @@ -2945,11 +2360,6 @@ static NTSTATUS pdb_init_ldapsam_common(PDB_CONTEXT *pdb_context, PDB_METHODS ** (*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry; (*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping; - (*pdb_method)->add_sid_to_privilege = ldapsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = ldapsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = ldapsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = ldapsam_get_privilege_entry; - /* TODO: Setup private data and free */ ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state)); @@ -3035,11 +2445,6 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met (*pdb_method)->name = "ldapsam"; - (*pdb_method)->add_aliasmem = ldapsam_add_aliasmem; - (*pdb_method)->del_aliasmem = ldapsam_del_aliasmem; - (*pdb_method)->enum_aliasmem = ldapsam_enum_aliasmem; - (*pdb_method)->enum_alias_memberships = ldapsam_alias_memberships; - ldap_state = (*pdb_method)->private_data; ldap_state->schema_ver = SCHEMAVER_SAMBASAMACCOUNT; diff --git a/source/passdb/pdb_tdb.c b/source/passdb/pdb_tdb.c index 2af6609ef6c..9bfb10c4009 100644 --- a/source/passdb/pdb_tdb.c +++ b/source/passdb/pdb_tdb.c @@ -42,7 +42,6 @@ static int tdbsam_debug_level = DBGC_ALL; #define PASSDB_FILE_NAME "passdb.tdb" #define USERPREFIX "USER_" #define RIDPREFIX "RID_" -#define PRIVPREFIX "PRIV_" #define tdbsamver_t int32 struct tdbsam_privates { @@ -698,620 +697,6 @@ static void free_private_data(void **vp) /* No need to free any further, as it is talloc()ed */ } -/** - * Start trust passwords enumeration. This function is a simple - * wrapper for calling gettrustpwent with null pointer passed. - * - * @param methods methods belonging in pdb context (module) - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods) -{ - /* rewind enumeration from beginning */ - return methods->gettrustpwent(methods, NULL); -} - - -/** - * Enumerate across trust passwords (machine and interdomain nt/ads) - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - struct trust_passwd_data t; - TALLOC_CTX *mem_ctx; - - TRUSTDOM **trustdom; - static int enum_ctx; - int num_domains = 0; - unsigned int max_domains = 1; - char *dom_name, *dom_pass; - - smb_ucs2_t *uni_dom_name; - uint8 mach_pass[16]; - uint32 sec_chan; - - if (!methods) return NT_STATUS_UNSUCCESSFUL; - - /* - * NT domain trust passwords - */ - - /* rewind enumeration when passed NULL pointer as a trust */ - if (!trust) { - enum_ctx = 0; - return NT_STATUS_OK; - } - - mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration"); - - /* fetch next trusted domain (one at a time) and its full information */ - nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains, - &trustdom); - if (num_domains) { - pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name); - if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid, - &t.mod_time)) { - - t.uni_name_len = strnlen_w(trustdom[0]->name, 32); - strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len); - safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1); - t.flags = PASS_DOMAIN_TRUST_NT; - - SAFE_FREE(dom_pass); - talloc_destroy(mem_ctx); - trust->private = t; - return nt_status; - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* - * NT machine trust password - */ - - if (secrets_lock_trust_account_password(lp_workgroup(), True)) { - sec_chan = get_default_sec_channel(); - if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time, - &sec_chan)) { - - t.uni_name_len = strlen(lp_workgroup()); - push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup()); - strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len); - safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1); - t.flags = PASS_MACHINE_TRUST_NT; - if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - talloc_destroy(mem_ctx); - trust->private = t; - return NT_STATUS_NO_MORE_ENTRIES; - } - secrets_lock_trust_account_password(lp_workgroup(), False); - } else { - talloc_destroy(mem_ctx); - return NT_STATUS_UNSUCCESSFUL; - } - - /* - * ADS machine trust password (TODO) - */ - - - /* - * if nothing is to be returned then reset domain name - * and return "no more entries" - */ - nt_status = NT_STATUS_NO_MORE_ENTRIES; - trust->private.uni_name_len = 0; - trust->private.uni_name[t.uni_name_len] = 0; - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Get trust password by trusted party name - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party name - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const char *name) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - char domain_name[32]; - - if (!methods || !trust || !name) return nt_status; - - do { - /* get trust password (next in turn) */ - nt_status = tdbsam_gettrustpwent(methods, trust); - - /* convert unicode name and do case insensitive compare */ - pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name), - trust->private.uni_name_len, STR_TERMINATE); - if (!StrnCaseCmp(domain_name, name, sizeof(domain_name))) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Get trust password by trusted party sid - * - * @param methods methods belonging to pdb context (module) - * @param trust trust password structure - * @param sid trusted party sid - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, - const DOM_SID *sid) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - if (!methods || !trust || !sid) return nt_status; - - do { - nt_status = tdbsam_gettrustpwent(methods, trust); - - if (sid_equal(&trust->private.domain_sid, sid)) - return NT_STATUS_OK; - - } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES)); - - return nt_status; -} - - -/** - * Add new trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - BOOL status = False; - TALLOC_CTX *mem_ctx; - - char* domain = NULL; - struct trust_passwd_data t = trust->private; - uint32 sec_chan; - - mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password"); - - /* convert unicode name to char* (used to form the key) */ - pull_ucs2_talloc(mem_ctx, &domain, t.uni_name); - - /* add nt machine trust password */ - if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) { - sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC; - status = secrets_store_machine_password(t.pass, domain, sec_chan); - if (status) - status = secrets_store_domain_sid(domain, &t.domain_sid); - - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add nt domain trust password */ - } else if (t.flags & PASS_DOMAIN_TRUST_NT) { - status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len, - t.pass, t.domain_sid); - nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; - - /* add ads machine trust password (TODO) */ - } else if (t.flags & PASS_MACHINE_TRUST_ADS) { - } - - talloc_destroy(mem_ctx); - return nt_status; -} - - -/** - * Update trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/** - * Delete trust password. - * - * @param methods methods belonging in pdb context (module) - * @param trust trust password structure - * - * @return nt status of performed operation - **/ - -static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust) -{ - NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED; - return nt_status; -} - - -/*************************************************************************** - Add sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - size_t str_size; - int flag; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - if (data.dptr) { - /* check the list is not empty */ - if (*(data.dptr)) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - goto done; - } - } - SAFE_FREE(data.dptr); - - flag = TDB_MODIFY; - } else { - /* if privilege does not exist create one */ - flag = TDB_INSERT; - } - - /* add the given sid */ - sid_to_string(sid_str, sid); - - if (sid_list) { - str_size = strlen(sid_list) + strlen(sid_str) + 2; - s = realloc(sid_list, str_size); - if (!s) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - sid_list = s; - s = &sid_list[strlen(sid_list)]; - snprintf(s, strlen(sid_str) + 2, ",%s", sid_str); - - } else { - sid_list = strdup(sid_str); - if (!sid_list) { - DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n")); - ret = NT_STATUS_NO_MEMORY; - goto done; - } - - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - Reomve sid to privilege -****************************************************************************/ - -static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring keystr; - fstring name; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - fstring sid_str; - char *sid_list = NULL, *s = NULL; - - /* invalidate the existing TDB iterator if it is open */ - - if (tdb_state->passwd_tdb) { - tdb_close(tdb_state->passwd_tdb); - tdb_state->passwd_tdb = NULL; - } - - /* open the account TDB passwd*/ - - pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT); - - if (!pwd_tdb) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n", - tdb_state->tdbsam_location)); - return NT_STATUS_UNSUCCESSFUL; - } - - /* setup the PRIV index key */ - fstrcpy(name, priv_name); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - /* check if the privilege already exist in the database */ - - /* get the record */ - data = tdb_fetch (pwd_tdb, key); - - /* if privilege does not exist, just leave */ - if (!data.dptr) { - ret = NT_STATUS_OK; - goto done; - } - - if (data.dptr) { - sid_list = strdup(data.dptr); - if (!sid_list) { - DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n")); - goto done; - } - SAFE_FREE(data.dptr); - } - - /* remove the given sid */ - sid_to_string(sid_str, sid); - - s = strstr(sid_list, sid_str); - if (s) { - char *p; - p = strstr(s, ","); - if (p) { - size_t l = strlen(sid_list) + 1 - (s - sid_list); - memmove(s, ++p, l); - } else { - if (s != sid_list) - s--; - *s = '\0'; - } - } else { - /* sid not found */ - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* copy the PRIVILEGE struct into a BYTE buffer for storage */ - data.dsize = strlen(sid_list) + 1; - data.dptr = sid_list; - - /* add the account */ - if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) { - DEBUG(0, ("Unable to modify passwd TDB!")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb))); - DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr)); - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* cleanup */ - tdb_close (pwd_tdb); - SAFE_FREE(sid_list); - - return (ret); -} - -/*************************************************************************** - get the privilege list for the given token -****************************************************************************/ - -struct priv_traverse { - char **sid_list; - PRIVILEGE_SET *privset; -}; - -static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state) -{ - struct priv_traverse *pt = (struct priv_traverse *)state; - int prefixlen = strlen(PRIVPREFIX); - - if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) { - - /* add to privilege_set if any of the sid in the token - * is contained in the privilege */ - int i; - - for(i=0; pt->sid_list[i] != NULL; i++) { - char *c, *s; - int len; - - s = data.dptr; - while ((c=strchr(s, ',')) !=NULL) { - len = MAX((c - s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - s = c + 1; - } - len = MAX(strlen(s), strlen(pt->sid_list[i])); - if (strncmp(s, pt->sid_list[i], len) == 0) { - DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i])); - DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen]))); - add_privilege_by_name(pt->privset, &(key.dptr[prefixlen])); - return 0; - } - } - } - - return 0; -} - -static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, DOM_SID *user_sids, int num_sids, PRIVILEGE_SET *privset) -{ - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - struct priv_traverse pt; - fstring sid_str; - char **sid_list; - int i; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY ))) - return NT_STATUS_UNSUCCESSFUL; - - sid_list = (char **)malloc(sizeof(char *) * (num_sids + 1)); - for (i = 0; i < num_sids; i++) { - sid_to_string(sid_str, &user_sids[i]); - sid_list[i] = strdup(sid_str); - if ( ! sid_list[i]) { - ret = NT_STATUS_NO_MEMORY; - goto done; - } - } - sid_list[i] = NULL; - - pt.sid_list = sid_list; - pt.privset = privset; - tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt); - - ret = NT_STATUS_OK; - -done: - i = 0; - while (sid_list[i]) { - free(sid_list[i]); - i++; - } - free(sid_list); - - tdb_close(pwd_tdb); - - return ret; -} - -static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list) -{ - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_CONTEXT *pwd_tdb = NULL; - TDB_DATA key, data; - fstring name; - fstring keystr; - - struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data; - - if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY))) - return ret; - - /* setup the PRIV index key */ - fstrcpy(name, privname); - strlower_m(name); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(pwd_tdb, key); - if (!data.dptr) - goto done; - - *sid_list = strdup(data.dptr); - SAFE_FREE(data.dptr); - - if (!*sid_list) - goto done; - - ret = NT_STATUS_OK; -done: - tdb_close(pwd_tdb); - return ret; -} - - - - - - static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) { @@ -1332,17 +717,6 @@ static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_meth (*pdb_method)->add_sam_account = tdbsam_add_sam_account; (*pdb_method)->update_sam_account = tdbsam_update_sam_account; (*pdb_method)->delete_sam_account = tdbsam_delete_sam_account; - (*pdb_method)->settrustpwent = tdbsam_settrustpwent; - (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent; - (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam; - (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid; - (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd; - (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd; - (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd; - (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege; - (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege; - (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set; - (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry; tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates)); @@ -1372,3 +746,4 @@ NTSTATUS pdb_tdbsam_init(void) { return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam); } + diff --git a/source/passdb/pdb_xml.c b/source/passdb/pdb_xml.c index 2738ad40e2a..64cb73ba5a4 100644 --- a/source/passdb/pdb_xml.c +++ b/source/passdb/pdb_xml.c @@ -534,17 +534,13 @@ static NTSTATUS xmlsam_init(PDB_CONTEXT * pdb_context, PDB_METHODS ** pdb_method (*pdb_method)->getsampwsid = NULL; (*pdb_method)->update_sam_account = NULL; (*pdb_method)->delete_sam_account = NULL; - (*pdb_method)->get_group_info_by_sid = NULL; - (*pdb_method)->get_group_list = NULL; - (*pdb_method)->get_group_sids = NULL; - (*pdb_method)->add_group = NULL; - (*pdb_method)->update_group = NULL; - (*pdb_method)->delete_group = NULL; - (*pdb_method)->add_sid_to_group = NULL; - (*pdb_method)->remove_sid_from_group = NULL; - (*pdb_method)->get_group_info_by_name = NULL; - (*pdb_method)->get_group_info_by_nt_name = NULL; - (*pdb_method)->get_group_uids = NULL; + (*pdb_method)->getgrsid = NULL; + (*pdb_method)->getgrgid = NULL; + (*pdb_method)->getgrnam = NULL; + (*pdb_method)->add_group_mapping_entry = NULL; + (*pdb_method)->update_group_mapping_entry = NULL; + (*pdb_method)->delete_group_mapping_entry = NULL; + (*pdb_method)->enum_group_mapping = NULL; data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml)); data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml")); diff --git a/source/passdb/secrets.c b/source/passdb/secrets.c index 7531435e84f..308f95f395b 100644 --- a/source/passdb/secrets.c +++ b/source/passdb/secrets.c @@ -4,7 +4,7 @@ Copyright (C) Andrew Bartlett 2002 Copyright (C) Rafal Szczesniak 2002 Copyright (C) Tim Potter 2001 - + This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or @@ -135,38 +135,39 @@ BOOL secrets_fetch_domain_sid(const char *domain, DOM_SID *sid) return True; } -BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_store_domain_guid(const char *domain, GUID *guid) { fstring key; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - return secrets_store(key, guid, sizeof(struct uuid)); + return secrets_store(key, guid, sizeof(GUID)); } -BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid) +BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid) { - struct uuid *dyn_guid; + GUID *dyn_guid; fstring key; size_t size; - struct uuid new_guid; + GUID new_guid; slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain); strupper_m(key); - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); + + DEBUG(6,("key is %s, size is %d\n", key, (int)size)); - if ((!dyn_guid) && (lp_server_role() == ROLE_DOMAIN_PDC)) { + if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) { smb_uuid_generate_random(&new_guid); if (!secrets_store_domain_guid(domain, &new_guid)) return False; - dyn_guid = (struct uuid *)secrets_fetch(key, &size); + dyn_guid = (GUID *)secrets_fetch(key, &size); if (dyn_guid == NULL) return False; } - if (size != sizeof(struct uuid)) + if (size != sizeof(GUID)) { - DEBUG(1,("UUID size %d is wrong!\n", (int)size)); SAFE_FREE(dyn_guid); return False; } @@ -244,7 +245,7 @@ uint32 get_default_sec_channel(void) /************************************************************************ Routine to get the trust account password for a domain. The user of this function must have locked the trust password file using - the above secrets_lock_trust_account_password(). + the above call. ************************************************************************/ BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16], @@ -332,6 +333,19 @@ BOOL secrets_fetch_trusted_domain_password(const char *domain, char** pwd, return True; } +/************************************************************************ + Routine to set the trust account password for a domain. +************************************************************************/ + +BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16]) +{ + struct machine_acct_pass pass; + + pass.mod_time = time(NULL); + memcpy(pass.hash, new_pwd, 16); + + return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass)); +} /** * Routine to store the password for trusted domain @@ -555,8 +569,7 @@ BOOL secrets_store_ldap_pw(const char* dn, char* pw) * @return nt status code of rpc response **/ -NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, - int *num_domains, TRUSTDOM ***domains) +NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains) { TDB_LIST_NODE *keys, *k; TRUSTDOM *dom = NULL; diff --git a/source/passdb/util_sam_sid.c b/source/passdb/util_sam_sid.c index 3617498eec1..f6cc2491a8b 100644 --- a/source/passdb/util_sam_sid.c +++ b/source/passdb/util_sam_sid.c @@ -305,28 +305,3 @@ BOOL map_name_to_wellknown_sid(DOM_SID *sid, enum SID_NAME_USE *use, const char return False; } - -void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID)); - - if (*sids == NULL) - return; - - sid_copy(&((*sids)[*num]), sid); - *num += 1; - - return; -} - -void add_sid_to_array_unique(const DOM_SID *sid, DOM_SID **sids, int *num) -{ - int i; - - for (i=0; i<*num; i++) { - if (sid_compare(sid, &(*sids)[i]) == 0) - return; - } - - add_sid_to_array(sid, sids, num); -} diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 3c860fc5650..449b0e83edc 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -2576,8 +2576,7 @@ static BOOL map_nt_printer_info2_to_dsspooler(NT_PRINTER_INFO_LEVEL_2 *info2) return True; } -static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, - struct uuid guid) +static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, GUID guid) { int i; REGVAL_CTR *ctr=NULL; @@ -2589,7 +2588,7 @@ static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, regval_ctr_delvalue(ctr, "objectGUID"); regval_ctr_addvalue(ctr, "objectGUID", REG_BINARY, - (char *) &guid, sizeof(struct uuid)); + (char *) &guid, sizeof(GUID)); } static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) @@ -2602,7 +2601,7 @@ static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer) void *res = NULL; ADS_STRUCT *ads; const char *attrs[] = {"objectGUID", NULL}; - struct uuid guid; + GUID guid; WERROR win_rc = WERR_OK; ZERO_STRUCT(guid); @@ -2786,8 +2785,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) return win_rc; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { NT_PRINTER_INFO_LEVEL *printer = NULL; REGVAL_CTR *ctr; @@ -2815,8 +2813,8 @@ BOOL is_printer_published(Printer_entry *print_hnd, int snum, return False; } - if (regval_size(guid_val) == sizeof(struct uuid)) - memcpy(guid, regval_data_p(guid_val), sizeof(struct uuid)); + if (regval_size(guid_val) == sizeof(GUID)) + memcpy(guid, regval_data_p(guid_val), sizeof(GUID)); return True; } @@ -2826,8 +2824,7 @@ WERROR nt_printer_publish(Printer_entry *print_hnd, int snum, int action) { return WERR_OK; } -BOOL is_printer_published(Printer_entry *print_hnd, int snum, - struct uuid *guid) +BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid) { return False; } diff --git a/source/rpc_client/cli_epmapper.c b/source/rpc_client/cli_epmapper.c deleted file mode 100644 index 66362f16209..00000000000 --- a/source/rpc_client/cli_epmapper.c +++ /dev/null @@ -1,61 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -NTSTATUS cli_epm_map(struct cli_state *cli, TALLOC_CTX *mem_ctx, - EPM_HANDLE *handle, EPM_TOWER **tower, - EPM_HANDLE *entry_handle, uint32 *num_towers) -{ - prs_struct qbuf, rbuf; - EPM_Q_MAP q; - EPM_R_MAP r; - BOOL result = False; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Marshall data and send request */ - - init_epm_q_map(mem_ctx, &q, *tower, *num_towers); - - if (!epm_io_q_map("map_query", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, EPM_MAP_PIPE_NAME, &qbuf, &rbuf)) - goto done; - - /* Unmarshall response */ - - if (!epm_io_r_map("map_reply", &r, &rbuf, 0)) - goto done; - - result = True; - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL; -} diff --git a/source/rpc_client/cli_lsarpc.c b/source/rpc_client/cli_lsarpc.c index 980a681387f..eaf3109381e 100644 --- a/source/rpc_client/cli_lsarpc.c +++ b/source/rpc_client/cli_lsarpc.c @@ -538,7 +538,7 @@ NTSTATUS cli_lsa_query_info_policy(struct cli_state *cli, TALLOC_CTX *mem_ctx, NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, POLICY_HND *pol, uint16 info_class, char **domain_name, char **dns_name, - char **forest_name, struct uuid **domain_guid, + char **forest_name, GUID **domain_guid, DOM_SID **domain_sid) { prs_struct qbuf, rbuf; @@ -602,7 +602,7 @@ NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx, *domain_guid = talloc(mem_ctx, sizeof(**domain_guid)); memcpy(*domain_guid, &r.info.dns_dom_info.dom_guid, - sizeof(struct uuid)); + sizeof(GUID)); } if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) { @@ -935,64 +935,6 @@ NTSTATUS cli_lsa_enum_sids(struct cli_state *cli, TALLOC_CTX *mem_ctx, return result; } -/** Create a LSA user handle - * - * @param cli Handle on an initialised SMB connection - * - * FIXME: The code is actually identical to open account - * TODO: Check and code what the function should exactly do - * - * */ - -NTSTATUS cli_lsa_create_account(struct cli_state *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *dom_pol, DOM_SID *sid, uint32 desired_access, - POLICY_HND *user_pol) -{ - prs_struct qbuf, rbuf; - LSA_Q_CREATEACCOUNT q; - LSA_R_CREATEACCOUNT r; - NTSTATUS result; - - ZERO_STRUCT(q); - ZERO_STRUCT(r); - - /* Initialise parse structures */ - - prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL); - prs_init(&rbuf, 0, mem_ctx, UNMARSHALL); - - /* Initialise input parameters */ - - init_lsa_q_create_account(&q, dom_pol, sid, desired_access); - - /* Marshall data and send request */ - - if (!lsa_io_q_create_account("", &q, &qbuf, 0) || - !rpc_api_pipe_req(cli, LSA_CREATEACCOUNT, &qbuf, &rbuf)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Unmarshall response */ - - if (!lsa_io_r_create_account("", &r, &rbuf, 0)) { - result = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - /* Return output parameters */ - - if (NT_STATUS_IS_OK(result = r.status)) { - *user_pol = r.pol; - } - - done: - prs_mem_free(&qbuf); - prs_mem_free(&rbuf); - - return result; -} - /** Open a LSA user handle * * @param cli Handle on an initialised SMB connection */ diff --git a/source/rpc_parse/parse_ds.c b/source/rpc_parse/parse_ds.c index 8d894b6c6ad..26dcdb34b8b 100644 --- a/source/rpc_parse/parse_ds.c +++ b/source/rpc_parse/parse_ds.c @@ -48,8 +48,8 @@ static BOOL ds_io_dominfobasic( const char *desc, prs_struct *ps, int depth, DSR return False; if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) ) return False; - - if ( !smb_io_uuid("domain_guid", &p->domain_guid, ps, depth) ) + + if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) ) return False; if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) ) @@ -179,7 +179,7 @@ static BOOL ds_io_domain_trusts( const char *desc, prs_struct *ps, int depth, DS if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) ) return False; - if ( !smb_io_uuid("guid", &trust->guid, ps, depth) ) + if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) ) return False; return True; diff --git a/source/rpc_parse/parse_epmapper.c b/source/rpc_parse/parse_epmapper.c deleted file mode 100644 index bc2cd175034..00000000000 --- a/source/rpc_parse/parse_epmapper.c +++ /dev/null @@ -1,482 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Samba end point mapper functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003. - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_RPC_PARSE - -static uint32 internal_referent_id = 0; - - -/******************************************************************* - Reads or writes a handle. -********************************************************************/ -BOOL epm_io_handle(const char *desc, EPM_HANDLE *handle, prs_struct *ps, - int depth) -{ - if (!prs_align(ps)) - return False; - - if (!prs_uint8s(False, "data", ps, depth, handle->data, - sizeof(handle->data))) - return False; - - return True; -} - -/******************************************************************* - inits an EPM_FLOOR structure. -********************************************************************/ -NTSTATUS init_epm_floor(EPM_FLOOR *efloor, uint8 protocol) -{ - /* handle lhs */ - efloor->lhs.protocol = protocol; - efloor->lhs.length = sizeof(efloor->lhs.protocol); - - switch(efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - efloor->lhs.length += sizeof(efloor->lhs.uuid.uuid); - efloor->lhs.length += sizeof(efloor->lhs.uuid.version); - break; - default: - break; - } - - /* handle rhs */ - switch(efloor->lhs.protocol) { - case EPM_FLOOR_RPC: - case EPM_FLOOR_UUID: - efloor->rhs.length = sizeof(efloor->rhs.unknown); - break; - case EPM_FLOOR_TCP: - efloor->rhs.length = sizeof(efloor->rhs.tcp.port); - break; - case EPM_FLOOR_IP: - efloor->rhs.length = sizeof(efloor->rhs.ip.addr); - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - efloor->rhs.length = strlen(efloor->rhs.string) + 1; - break; - default: - break; - } - - return NT_STATUS_OK; -} - -/******************************************************************* - inits an EPM_FLOOR structure with a UUID -********************************************************************/ -NTSTATUS init_epm_floor_uuid(EPM_FLOOR *efloor, - const struct uuid uuid, uint16 version) -{ - memcpy(&efloor->lhs.uuid.uuid, &uuid, sizeof(uuid)); - efloor->lhs.uuid.version = version; - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_UUID); -} - -/******************************************************************* - inits an EPM_FLOOR structure for RPC -********************************************************************/ -NTSTATUS init_epm_floor_rpc(EPM_FLOOR *efloor) -{ - efloor->rhs.unknown = 0; - return init_epm_floor(efloor, EPM_FLOOR_RPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for TCP -********************************************************************/ -NTSTATUS init_epm_floor_tcp(EPM_FLOOR *efloor, uint16 port) -{ - efloor->rhs.tcp.port = htons(port); - return init_epm_floor(efloor, EPM_FLOOR_TCP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for IP -********************************************************************/ -NTSTATUS init_epm_floor_ip(EPM_FLOOR *efloor, uint8 addr[4]) -{ - memcpy(&efloor->rhs.ip.addr, addr, sizeof(addr)); - return init_epm_floor(efloor, EPM_FLOOR_IP); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_np(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NMPIPES); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_lrpc(EPM_FLOOR *efloor, const char *pipe_name) -{ - safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_LRPC); -} - -/******************************************************************* - inits an EPM_FLOOR structure for named pipe -********************************************************************/ -NTSTATUS init_epm_floor_nb(EPM_FLOOR *efloor, char *host_name) -{ - safe_strcpy(efloor->rhs.string, host_name, sizeof(efloor->rhs.string)-1); - return init_epm_floor(efloor, EPM_FLOOR_NETBIOS); -} - -/******************************************************************* - reads and writes EPM_FLOOR. -********************************************************************/ -BOOL epm_io_floor(const char *desc, EPM_FLOOR *efloor, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_floor"); - depth++; - - if (!prs_uint16("lhs_length", ps, depth, &efloor->lhs.length)) - return False; - if (!prs_uint8("protocol", ps, depth, &efloor->lhs.protocol)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - if (!smb_io_uuid("uuid", &efloor->lhs.uuid.uuid, ps, depth)) - return False; - if (!prs_uint16("version", ps, depth, - &efloor->lhs.uuid.version)) - return False; - break; - } - - if (!prs_uint16("rhs_length", ps, depth, &efloor->rhs.length)) - return False; - - switch (efloor->lhs.protocol) { - case EPM_FLOOR_UUID: - case EPM_FLOOR_RPC: - if (!prs_uint16("unknown", ps, depth, &efloor->rhs.unknown)) - return False; - break; - case EPM_FLOOR_TCP: - if (!prs_uint16("tcp_port", ps, depth, &efloor->rhs.tcp.port)) - return False; - break; - case EPM_FLOOR_IP: - if (!prs_uint8s(False, "ip_addr", ps, depth, - efloor->rhs.ip.addr, - sizeof(efloor->rhs.ip.addr))) - return False; - break; - case EPM_FLOOR_NMPIPES: - case EPM_FLOOR_LRPC: - case EPM_FLOOR_NETBIOS: - if (!prs_uint8s(False, "string", ps, depth, - efloor->rhs.string, - efloor->rhs.length)) - return False; - break; - default: - break; - } - - return True; -} - -/******************************************************************* - Inits a EPM_TOWER structure. -********************************************************************/ -NTSTATUS init_epm_tower(TALLOC_CTX *ctx, EPM_TOWER *tower, - const EPM_FLOOR *floors, int num_floors) -{ - int size = 0; - int i; - - DEBUG(5, ("init_epm_tower\n")); - - size += sizeof(uint16); /* number of floors is in tower length */ - for (i = 0; i < num_floors; i++) { - size += (sizeof(uint16) * 2); - size += floors[i].lhs.length; - size += floors[i].rhs.length; - } - - tower->max_length = tower->length = size; - tower->num_floors = num_floors; - tower->floors = talloc(ctx, sizeof(EPM_FLOOR) * num_floors); - if (!tower->floors) { - return NT_STATUS_NO_MEMORY; - } - memcpy(tower->floors, floors, sizeof(EPM_FLOOR) * num_floors); - tower->unknown = 0x7e; - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER structure. -********************************************************************/ -BOOL epm_io_tower(const char *desc, EPM_TOWER *tower, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower"); - depth++; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("max_length", ps, depth, &tower->max_length)) - return False; - if (!prs_uint32("length", ps, depth, &tower->length)) - return False; - if (!prs_uint16("num_floors", ps, depth, &tower->num_floors)) - return False; - - if (UNMARSHALLING(ps)) { - tower->floors = talloc(ps->mem_ctx, - sizeof(EPM_FLOOR) * tower->num_floors); - if (!tower->floors) - return False; - } - - for (i = 0; i < tower->num_floors; i++) { - if (!epm_io_floor("floor", tower->floors + i, ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize an EPM_TOWER_ARRAY structure -********************************************************************/ -NTSTATUS init_epm_tower_array(TALLOC_CTX *ctx, EPM_TOWER_ARRAY *array, - const EPM_TOWER *towers, int num_towers) -{ - int i; - - array->max_count = num_towers; - array->offset = 0; - array->count = num_towers; - array->tower_ref_ids = talloc(ctx, sizeof(uint32) * num_towers); - if (!array->tower_ref_ids) { - return NT_STATUS_NO_MEMORY; - } - for (i=0;i<num_towers;i++) - array->tower_ref_ids[i] = ++internal_referent_id; - - array->towers = talloc(ctx, sizeof(EPM_TOWER) * num_towers); - if (!array->towers) { - return NT_STATUS_NO_MEMORY; - } - memcpy(array->towers, towers, sizeof(EPM_TOWER) * num_towers); - - return NT_STATUS_OK; -} - -/******************************************************************* - Reads or writes an EPM_TOWER_ARRAY structure. -********************************************************************/ -BOOL epm_io_tower_array(const char *desc, EPM_TOWER_ARRAY *array, - prs_struct *ps, int depth) -{ - int i; - - prs_debug(ps, depth, desc, "epm_io_tower_array"); - depth++; - - if (!prs_uint32("max_count", ps, depth, &array->max_count)) - return False; - if (!prs_uint32("offset", ps, depth, &array->offset)) - return False; - if (!prs_uint32("count", ps, depth, &array->count)) - return False; - - - if (UNMARSHALLING(ps)) { - array->tower_ref_ids = talloc(ps->mem_ctx, - sizeof(uint32) * array->count); - if (!array->tower_ref_ids) { - return False; - } - } - for (i=0; i < array->count; i++) { - if (!prs_uint32("ref_id", ps, depth, &array->tower_ref_ids[i])) { - return False; - } else { - if (array->tower_ref_ids[i] > internal_referent_id) { - internal_referent_id = array->tower_ref_ids[i]; - } - } - } - - - - if (!prs_set_offset(ps, prs_offset(ps) + array->offset)) - return False; - - if (UNMARSHALLING(ps)) { - array->towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * array->count); - if (!array->towers) { - return False; - } - } - - for (i = 0; i < array->count; i++) { - if (!epm_io_tower("tower", &array->towers[i], ps, depth)) - return False; - } - - return True; -} - -/******************************************************************* - Initialize EPM_R_MAP structure -******************************************************************/ -NTSTATUS init_epm_r_map(TALLOC_CTX *ctx, EPM_R_MAP *r_map, - const EPM_HANDLE *handle, const EPM_TOWER_ARRAY *array, - int num_elements, uint32 status) -{ - memcpy(&r_map->handle, handle, sizeof(*handle)); - r_map->num_results = num_elements; - r_map->results = talloc(ctx, sizeof(EPM_TOWER_ARRAY) * num_elements); - if (!r_map->results) { - return NT_STATUS_NO_MEMORY; - } - memcpy(r_map->results, array, sizeof(EPM_TOWER_ARRAY) * num_elements); - r_map->status = status; - return NT_STATUS_OK; -} - -/************************************************************************* - Inits a EPM_Q_MAP structure. -************************************************************************** -* We attempt to hide the ugliness of the wire format by taking a EPM_TOWER -* array with a defined size -**************************************************************************/ -NTSTATUS init_epm_q_map(TALLOC_CTX *ctx, EPM_Q_MAP *q_map, - const EPM_TOWER *towers, int num_towers) -{ - static uint32 handle = 1; - - ZERO_STRUCTP(q_map); - - DEBUG(5, ("init_epm_q_map\n")); - q_map->handle.data[0] = (handle >> 0) & 0xFF; - q_map->handle.data[1] = (handle >> 8) & 0xFF; - q_map->handle.data[2] = (handle >> 16) & 0xFF; - q_map->handle.data[3] = (handle >> 24) & 0xFF; - - q_map->tower = talloc(ctx, sizeof(EPM_TOWER) * (num_towers + 1)); - if (!q_map->tower) { - return NT_STATUS_NO_MEMORY; - } - - memcpy(q_map->tower, towers, sizeof(EPM_TOWER) * num_towers); - - ZERO_STRUCT(q_map->tower[num_towers]); - - /* For now let's not take more than 4 towers per result */ - q_map->max_towers = num_towers * 4; - - q_map->tower_ref_id = ++internal_referent_id; - - handle++; - - return NT_STATUS_OK; -} - -/***************************************************************** - epm_io_q_map - read or write EPM_Q_MAP structure -******************************************************************/ -BOOL epm_io_q_map(const char *desc, EPM_Q_MAP *io_map, prs_struct *ps, - int depth) -{ - prs_debug(ps, depth, desc, "epm_io_q_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - - if (!prs_uint32("referent_id", ps, 0, &io_map->tower_ref_id)) - return False; - if (io_map->tower_ref_id > internal_referent_id) - internal_referent_id = io_map->tower_ref_id; - - /* HACK: We need a more elegant way of doing this */ - if (UNMARSHALLING(ps)) { - io_map->tower = talloc(ps->mem_ctx, sizeof(EPM_TOWER)); - if (!io_map->tower) - return False; - } - if (!epm_io_tower("tower", io_map->tower, ps, depth)) - return False; - if (!epm_io_handle("term_handle", &io_map->term_handle, ps, depth)) - return False; - - if (!prs_uint32("max_towers", ps, 0, &io_map->max_towers)) - return False; - - return True; -} - -/******************************************************************* - epm_io_r_map - Read/Write EPM_R_MAP structure -******************************************************************/ -BOOL epm_io_r_map(const char *desc, EPM_R_MAP *io_map, - prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "epm_io_r_map"); - depth++; - - if (!epm_io_handle("handle", &io_map->handle, ps, depth)) - return False; - if (!prs_uint32("num_results", ps, depth, &io_map->num_results)) - return False; - - if (UNMARSHALLING(ps)) { - io_map->results = talloc(ps->mem_ctx, - sizeof(EPM_TOWER_ARRAY) * - io_map->num_results); - if (!io_map->results) - return False; - } - if (!epm_io_tower_array("results", io_map->results, ps, depth)) - return False; - - if (!prs_align(ps)) - return False; - - if (!prs_uint32("status", ps, depth, &io_map->status)) - return False; - - return True; -} diff --git a/source/rpc_parse/parse_lsa.c b/source/rpc_parse/parse_lsa.c index 50fd3beb48e..d29b7bc5803 100644 --- a/source/rpc_parse/parse_lsa.c +++ b/source/rpc_parse/parse_lsa.c @@ -1662,61 +1662,6 @@ BOOL lsa_io_r_unk_get_connuser(const char *desc, LSA_R_UNK_GET_CONNUSER *r_c, pr return True; } -void init_lsa_q_create_account(LSA_Q_CREATEACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access) -{ - memcpy(&trn->pol, hnd, sizeof(trn->pol)); - - init_dom_sid2(&trn->sid, sid); - trn->access = desired_access; -} - - -/******************************************************************* - Reads or writes an LSA_Q_CREATEACCOUNT structure. -********************************************************************/ - -BOOL lsa_io_q_create_account(const char *desc, LSA_Q_CREATEACCOUNT *r_c, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_q_create_account"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth)) - return False; - - if(!smb_io_dom_sid2("sid", &r_c->sid, ps, depth)) /* domain SID */ - return False; - - if(!prs_uint32("access", ps, depth, &r_c->access)) - return False; - - return True; -} - -/******************************************************************* - Reads or writes an LSA_R_CREATEACCOUNT structure. -********************************************************************/ - -BOOL lsa_io_r_create_account(const char *desc, LSA_R_CREATEACCOUNT *r_c, prs_struct *ps, int depth) -{ - prs_debug(ps, depth, desc, "lsa_io_r_open_account"); - depth++; - - if(!prs_align(ps)) - return False; - - if(!smb_io_pol_hnd("pol", &r_c->pol, ps, depth)) - return False; - - if(!prs_ntstatus("status", ps, depth, &r_c->status)) - return False; - - return True; -} - - void init_lsa_q_open_account(LSA_Q_OPENACCOUNT *trn, POLICY_HND *hnd, DOM_SID *sid, uint32 desired_access) { memcpy(&trn->pol, hnd, sizeof(trn->pol)); @@ -1873,13 +1818,11 @@ NTSTATUS init_lsa_r_enum_privsaccount(TALLOC_CTX *mem_ctx, LSA_R_ENUMPRIVSACCOUN if (!NT_STATUS_IS_OK(ret = init_priv_with_ctx(mem_ctx, &(r_u->set)))) return ret; - - r_u->set->count = count; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(r_u->set->mem_ctx, &(r_u->set->set), set, count))) + if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(r_u->set->mem_ctx, &(r_u->set->set), set))) return ret; - DEBUG(10,("init_lsa_r_enum_privsaccount: %d privileges\n", r_u->count)); + DEBUG(10,("init_lsa_r_enum_privsaccount: %d %d privileges\n", r_u->count, r_u->set->count)); return ret; } @@ -2199,7 +2142,7 @@ BOOL lsa_io_dns_dom_info(const char *desc, LSA_DNS_DOM_INFO *info, if(!prs_align(ps)) return False; - if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) ) + if (!prs_uint8s(False, "dom_guid", ps, depth, info->dom_guid.info, GUID_SIZE)) return False; if(!prs_align(ps)) diff --git a/source/rpc_parse/parse_misc.c b/source/rpc_parse/parse_misc.c index cea31c88a80..efb2bfa97ff 100644 --- a/source/rpc_parse/parse_misc.c +++ b/source/rpc_parse/parse_misc.c @@ -323,34 +323,6 @@ BOOL smb_io_dom_sid2(const char *desc, DOM_SID2 *sid, prs_struct *ps, int depth) } /******************************************************************* - Reads or writes a struct uuid -********************************************************************/ - -BOOL smb_io_uuid(const char *desc, struct uuid *uuid, - prs_struct *ps, int depth) -{ - if (uuid == NULL) - return False; - - prs_debug(ps, depth, desc, "smb_io_uuid"); - depth++; - - if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) - return False; - if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) - return False; - - if(!prs_uint8s (False, "data ", ps, depth, uuid->clock_seq, sizeof(uuid->clock_seq))) - return False; - if(!prs_uint8s (False, "data ", ps, depth, uuid->node, sizeof(uuid->node))) - return False; - - return True; -} - -/******************************************************************* creates a STRHDR structure. ********************************************************************/ diff --git a/source/rpc_parse/parse_rpc.c b/source/rpc_parse/parse_rpc.c index 696f258e5de..e2781b20088 100644 --- a/source/rpc_parse/parse_rpc.c +++ b/source/rpc_parse/parse_rpc.c @@ -34,9 +34,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -44,9 +43,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } \ + { 0x9f, 0xe8, 0x08, 0x00, \ + 0x2b, 0x10, 0x48, 0x60 } \ }, 0x02 \ } @@ -54,9 +52,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x6bffd098, 0xa112, 0x3610, \ - { 0x98, 0x33 }, \ - { 0x46, 0xc3, \ - 0xf8, 0x7e, 0x34, 0x5a } \ + { 0x98, 0x33, 0x46, 0xc3, \ + 0xf8, 0x7e, 0x34, 0x5a } \ }, 0x01 \ } @@ -64,9 +61,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x4b324fc8, 0x1670, 0x01d3, \ - { 0x12, 0x78 }, \ - { 0x5a, 0x47, \ - 0xbf, 0x6e, 0xe1, 0x88 } \ + { 0x12, 0x78, 0x5a, 0x47, \ + 0xbf, 0x6e, 0xe1, 0x88 } \ }, 0x03 \ } @@ -74,9 +70,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x00 \ } @@ -84,9 +79,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x3919286a, 0xb10c, 0x11d0, \ - { 0x9b, 0xa8 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xd9, 0x2e, 0xf5 } \ + { 0x9b, 0xa8, 0x00, 0xc0, \ + 0x4f, 0xd9, 0x2e, 0xf5 } \ }, 0x00 \ } @@ -94,9 +88,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345778, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xac } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xac } \ }, 0x01 \ } @@ -104,9 +97,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0xcf, 0xfb } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0xcf, 0xfb } \ }, 0x01 \ } @@ -114,9 +106,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x338cd001, 0x2244, 0x31f1, \ - { 0xaa, 0xaa }, \ - { 0x90, 0x00, \ - 0x38, 0x00, 0x10, 0x03 } \ + { 0xaa, 0xaa, 0x90, 0x00, \ + 0x38, 0x00, 0x10, 0x03 } \ }, 0x01 \ } @@ -124,9 +115,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x12345678, 0x1234, 0xabcd, \ - { 0xef, 0x00 }, \ - { 0x01, 0x23, \ - 0x45, 0x67, 0x89, 0xab } \ + { 0xef, 0x00, 0x01, 0x23, \ + 0x45, 0x67, 0x89, 0xab } \ }, 0x01 \ } @@ -134,9 +124,8 @@ interface/version dce/rpc pipe identification { \ { \ 0x0, 0x0, 0x0, \ - { 0x00, 0x00 }, \ - { 0x00, 0x00, \ - 0x00, 0x00, 0x00, 0x00 } \ + { 0x00, 0x00, 0x00, 0x00, \ + 0x00, 0x00, 0x00, 0x00 } \ }, 0x00 \ } @@ -144,8 +133,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x4fc742e0, 0x4a10, 0x11cf, \ - { 0x82, 0x73 }, \ - { 0x00, 0xaa, \ + { 0x82, 0x73, 0x00, 0xaa, \ 0x00, 0x4a, 0xe6, 0x73 } \ }, 0x03 \ } @@ -154,8 +142,7 @@ interface/version dce/rpc pipe identification { \ { \ 0x60a15ec5, 0x4de8, 0x11d7, \ - { 0xa6, 0x37 }, \ - { 0x00, 0x50, \ + { 0xa6, 0x37, 0x00, 0x50, \ 0x56, 0xa2, 0x01, 0x82 } \ }, 0x01 \ } @@ -164,22 +151,11 @@ interface/version dce/rpc pipe identification { \ { \ 0x894de0c0, 0x0d55, 0x11d3, \ - { 0xa3, 0x22 }, \ - { 0x00, 0xc0, \ + { 0xa3, 0x22, 0x00, 0xc0, \ 0x4f, 0xa3, 0x21, 0xa1 } \ }, 0x01 \ } -#define SYNT_EPM_V3 \ -{ \ - { \ - 0xe1af8308, 0x5d1f, 0x11c9, \ - { 0x91, 0xa4 }, \ - { 0x08, 0x00, \ - 0x2b, 0x14, 0xa0, 0xfa } \ - }, 0x03 \ -} - /* * IMPORTANT!! If you update this structure, make sure to * update the index #defines in smb.h. @@ -199,7 +175,6 @@ const struct pipe_id_info pipe_names [] = { PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 }, { PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 }, { PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 }, - { PIPE_EPM , SYNT_EPM_V3 , PIPE_EPM , TRANS_SYNT_V2 }, { NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 } }; @@ -278,6 +253,34 @@ BOOL smb_io_rpc_hdr(const char *desc, RPC_HDR *rpc, prs_struct *ps, int depth) } /******************************************************************* + Reads or writes an RPC_UUID structure. +********************************************************************/ + +static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth) +{ + if (uuid == NULL) + return False; + + prs_debug(ps, depth, desc, "smb_io_rpc_uuid"); + depth++; + + if(!prs_align(ps)) + return False; + + if(!prs_uint32 ("data ", ps, depth, &uuid->time_low)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid)) + return False; + if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version)) + return False; + + if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining))) + return False; + + return True; +} + +/******************************************************************* Reads or writes an RPC_IFACE structure. ********************************************************************/ @@ -289,10 +292,7 @@ static BOOL smb_io_rpc_iface(const char *desc, RPC_IFACE *ifc, prs_struct *ps, i prs_debug(ps, depth, desc, "smb_io_rpc_iface"); depth++; - if (!prs_align(ps)) - return False; - - if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth)) + if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth)) return False; if(!prs_uint32 ("version", ps, depth, &ifc->version)) diff --git a/source/rpc_parse/parse_samr.c b/source/rpc_parse/parse_samr.c index 287dc3bd7f2..34b0cf28481 100644 --- a/source/rpc_parse/parse_samr.c +++ b/source/rpc_parse/parse_samr.c @@ -5315,6 +5315,10 @@ static BOOL sam_io_user_info11(const char *desc, SAM_USER_INFO_11 * usr, /************************************************************************* init_sam_user_infoa + + unknown_5 = 0x0001 0000 + unknown_6 = 0x0000 04ec + *************************************************************************/ void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len) diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index a78627650ad..bf43ef288ae 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -83,11 +83,11 @@ BOOL sec_io_ace(const char *desc, SEC_ACE *psa, prs_struct *ps, int depth) return False; if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT) - if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth)) + if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE)) return False; if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT) - if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth)) + if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE)) return False; if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth)) diff --git a/source/rpc_server/srv_epmapper.c b/source/rpc_server/srv_epmapper.c deleted file mode 100644 index 70de092850b..00000000000 --- a/source/rpc_server/srv_epmapper.c +++ /dev/null @@ -1,88 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/***************************************************************** - api_handle_map_req - handles standard epm mapping request -******************************************************************/ -static BOOL api_handle_map_req(pipes_struct * p) -{ - - EPM_Q_MAP q_in; - EPM_R_MAP q_out; - - prs_struct *in_data = &p->in_data.data; - prs_struct *ret_data = &p->out_data.rdata; - - ZERO_STRUCT(q_in); - ZERO_STRUCT(q_out); - - /* process input request and parse packet */ - - if (!epm_io_q_map("", &q_in, in_data, 0)) { - DEBUG(0, - ("api_handle_map_request: unable to unmarshall EPMD_MAP\n")); - return False; - } - - _epm_map(p, &q_in, &q_out); - - if (!epm_io_r_map("", &q_out, ret_data, 0)) { - DEBUG(0, - ("api_handle_map_req: unable to marshall EPMD_MAP\n")); - return False; - } - - return True; -} - -/*******************************************************************/ -/* \pipe\epmapper commands */ -/*******************************************************************/ -/* opnum is 3 on map request */ - -struct api_struct api_epmapper_cmds[] = { - {"MAP_PIPE_NAME", EPM_MAP_PIPE_NAME, api_handle_map_req}, -}; - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -void epm_get_pipe_fns(struct api_struct **funcs, int *n_funcs) -{ - *funcs = api_epmapper_cmds; - *n_funcs = sizeof(api_epmapper_cmds) / sizeof(struct api_struct); -} - -/*******************************************************************/ -/* */ -/*******************************************************************/ - -NTSTATUS rpc_epmapper_init(void) -{ - return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION, - EPM_PIPE_NM, EPM_PIPE_NM, - api_epmapper_cmds, - sizeof(api_epmapper_cmds) / - sizeof(struct api_struct)); -} diff --git a/source/rpc_server/srv_epmapper_nt.c b/source/rpc_server/srv_epmapper_nt.c deleted file mode 100644 index e82484af4af..00000000000 --- a/source/rpc_server/srv_epmapper_nt.c +++ /dev/null @@ -1,70 +0,0 @@ - -/* - Unix SMB/CIFS implementation. - Samba end point mapper utility and mapping functions - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/*******************************************************************/ -/* _epm_map - fill out mapping on input and output structs */ -/*******************************************************************/ -void _epm_map(pipes_struct *ps, const EPM_Q_MAP *q_u, EPM_R_MAP *r_u) -{ - int i; - uint8 target_address[] = { 9, 53, 95, 27 }; - EPM_FLOOR *floors = talloc(ps->mem_ctx, sizeof(EPM_FLOOR) * - q_u->tower->num_floors); - EPM_TOWER *towers = talloc(ps->mem_ctx, - sizeof(EPM_TOWER) * MAX_TOWERS); - EPM_TOWER_ARRAY array; - - if (!floors || !towers) { - DEBUG(0, ("_epm_map: talloc failed!\n")); - return; - } - - for (i = 0; i < q_u->tower->num_floors; i++) { - switch (q_u->tower->floors[i].lhs.protocol) { - case EPM_FLOOR_UUID: - init_epm_floor_uuid(&floors[i], - q_u->tower->floors[i]. - lhs.uuid.uuid, - q_u->tower->floors[i]. - lhs.uuid.version); - break; - case EPM_FLOOR_RPC: - init_epm_floor_rpc(&floors[i]); - break; - case EPM_FLOOR_TCP: - /* for now map all requests to port 135 */ - init_epm_floor_tcp(&floors[i], 135); - break; - case EPM_FLOOR_IP: - init_epm_floor_ip(&floors[i], target_address); - break; - } - } - - init_epm_tower(ps->mem_ctx, &towers[0], floors, 5); - init_epm_tower_array(ps->mem_ctx, &array, towers, 1); - init_epm_r_map(ps->mem_ctx, r_u, &q_u->term_handle, &array, 1, 0); - - return; - -} diff --git a/source/rpc_server/srv_lsa.c b/source/rpc_server/srv_lsa.c index 63e74ec8911..5d6c1551c91 100644 --- a/source/rpc_server/srv_lsa.c +++ b/source/rpc_server/srv_lsa.c @@ -393,37 +393,6 @@ static BOOL api_lsa_unk_get_connuser(pipes_struct *p) } /*************************************************************************** - api_lsa_create_user - ***************************************************************************/ - -static BOOL api_lsa_create_account(pipes_struct *p) -{ - LSA_Q_CREATEACCOUNT q_u; - LSA_R_CREATEACCOUNT r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - if(!lsa_io_q_create_account("", &q_u, data, 0)) { - DEBUG(0,("api_lsa_create_account: failed to unmarshall LSA_Q_CREATEACCOUNT.\n")); - return False; - } - - r_u.status = _lsa_create_account(p, &q_u, &r_u); - - /* store the response in the SMB stream */ - if(!lsa_io_r_create_account("", &r_u, rdata, 0)) { - DEBUG(0,("api_lsa_create_account: Failed to marshall LSA_R_CREATEACCOUNT.\n")); - return False; - } - - return True; -} - -/*************************************************************************** api_lsa_open_user ***************************************************************************/ @@ -690,7 +659,6 @@ static struct api_struct api_lsa_cmds[] = { "LSA_PRIV_GET_DISPNAME",LSA_PRIV_GET_DISPNAME,api_lsa_priv_get_dispname}, { "LSA_ENUM_ACCOUNTS" , LSA_ENUM_ACCOUNTS , api_lsa_enum_accounts }, { "LSA_UNK_GET_CONNUSER", LSA_UNK_GET_CONNUSER, api_lsa_unk_get_connuser }, - { "LSA_CREATEACCOUNT" , LSA_CREATEACCOUNT , api_lsa_create_account }, { "LSA_OPENACCOUNT" , LSA_OPENACCOUNT , api_lsa_open_account }, { "LSA_ENUMPRIVSACCOUNT", LSA_ENUMPRIVSACCOUNT, api_lsa_enum_privsaccount}, { "LSA_GETSYSTEMACCOUNT", LSA_GETSYSTEMACCOUNT, api_lsa_getsystemaccount }, diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index f2fe3235a60..07c024e1ca9 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -165,11 +165,6 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, status = lookup_name(dom_name, user, &sid, &name_type); - if (name_type == SID_NAME_WKN_GRP) { - /* BUILTIN aliases are still aliases :-) */ - name_type = SID_NAME_ALIAS; - } - DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); @@ -344,7 +339,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, const char *dns_name, const char *forest_name, - struct uuid *dom_guid, DOM_SID *dom_sid) + GUID *dom_guid, DOM_SID *dom_sid) { if (nb_name && *nb_name) { init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE); @@ -369,7 +364,7 @@ static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name, /* how do we init the guid ? probably should write an init fn */ if (dom_guid) { - memcpy(&r_l->dom_guid, dom_guid, sizeof(struct uuid)); + memcpy(&r_l->dom_guid, dom_guid, sizeof(GUID)); } if (dom_sid) { @@ -405,12 +400,9 @@ NTSTATUS _lsa_open_policy2(pipes_struct *p, LSA_Q_OPEN_POL2 *q_u, LSA_R_OPEN_POL DEBUG(4,("ACCESS should be DENIED (granted: %#010x; required: %#010x)\n", acc_granted, des_access)); DEBUGADD(4,("but overwritten by euid == 0\n")); + acc_granted = des_access; } - /* This is needed for lsa_open_account and rpcclient .... :-) */ - - if (geteuid() == 0) - acc_granted = POLICY_ALL_ACCESS; /* associate the domain SID with the (unique) handle. */ if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) @@ -760,7 +752,7 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV LSA_PRIV_ENTRY *entry; LSA_PRIV_ENTRY *entries=NULL; - if (enum_context >= PRIV_ALL_INDEX-2) + if (enum_context >= PRIV_ALL_INDEX) return NT_STATUS_NO_MORE_ENTRIES; entries = (LSA_PRIV_ENTRY *)talloc_zero(p->mem_ctx, sizeof(LSA_PRIV_ENTRY) * (PRIV_ALL_INDEX)); @@ -782,22 +774,22 @@ NTSTATUS _lsa_enum_privs(pipes_struct *p, LSA_Q_ENUM_PRIVS *q_u, LSA_R_ENUM_PRIV DEBUG(10,("_lsa_enum_privs: enum_context:%d total entries:%d\n", enum_context, PRIV_ALL_INDEX)); - for (i = 1; i < PRIV_ALL_INDEX-1; i++, entry++) { + for (i = 0; i < PRIV_ALL_INDEX; i++, entry++) { if( i<enum_context) { init_unistr2(&entry->name, NULL, UNI_FLAGS_NONE); init_uni_hdr(&entry->hdr_name, &entry->name); entry->luid_low = 0; entry->luid_high = 0; } else { - init_unistr2(&entry->name, privs[i].priv, UNI_FLAGS_NONE); + init_unistr2(&entry->name, privs[i+1].priv, UNI_FLAGS_NONE); init_uni_hdr(&entry->hdr_name, &entry->name); - entry->luid_low = privs[i].se_priv; + entry->luid_low = privs[i+1].se_priv; entry->luid_high = 0; } } - enum_context = PRIV_ALL_INDEX-2; - init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX-2, entries); + enum_context = PRIV_ALL_INDEX; + init_lsa_r_enum_privs(r_u, enum_context, PRIV_ALL_INDEX, entries); return NT_STATUS_OK; } @@ -827,10 +819,10 @@ NTSTATUS _lsa_priv_get_dispname(pipes_struct *p, LSA_Q_PRIV_GET_DISPNAME *q_u, L DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc)); - while (privs[i].se_priv!=SE_ALL_PRIVS && strcmp(name_asc, privs[i].priv)) + while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv)) i++; - if (privs[i].se_priv!=SE_ALL_PRIVS) { + if (privs[i].se_priv!=SE_PRIV_ALL) { DEBUG(10,(": %s\n", privs[i].description)); init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE); init_uni_hdr(&r_u->hdr_desc, &r_u->desc); @@ -852,36 +844,32 @@ _lsa_enum_accounts. NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u) { struct lsa_info *handle; - DOM_SID *sid_list; - int i, j, num_entries; + GROUP_MAP *map=NULL; + int num_entries=0; LSA_SID_ENUM *sids=&r_u->sids; + int i=0,j=0; + BOOL ret; if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) return NT_STATUS_INVALID_HANDLE; + /* check if the user have enough rights */ + + /* + * I don't know if it's the right one. not documented. + */ if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION)) return NT_STATUS_ACCESS_DENIED; - sid_list = NULL; - num_entries = 0; - - /* The only way we can currently find out all the SIDs that have been - privileged is to scan all privileges */ - - for (i=1; i<PRIV_ALL_INDEX-1; i++) { - DOM_SID *priv_sids = NULL; - int num_priv_sids = 0; - - if (!get_sids_from_priv(privs[i].priv, &priv_sids, - &num_priv_sids)) - continue; - - for (j=0; j<num_priv_sids; j++) { - add_sid_to_array_unique(&priv_sids[j], &sid_list, - &num_entries); - } - SAFE_FREE(priv_sids); + /* get the list of mapped groups (domain, local, builtin) */ + become_root(); + ret = pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED); + unbecome_root(); + if( !ret ) { + DEBUG(3,("_lsa_enum_accounts: enumeration of groups failed!\n")); + return NT_STATUS_OK; } + if (q_u->enum_context >= num_entries) return NT_STATUS_NO_MORE_ENTRIES; @@ -890,19 +878,19 @@ NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENU sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2)); if (sids->ptr_sid==NULL || sids->sid==NULL) { - SAFE_FREE(sid_list); + SAFE_FREE(map); return NT_STATUS_NO_MEMORY; } for (i=q_u->enum_context, j=0; i<num_entries; i++) { - init_dom_sid2( &(*sids).sid[j], &sid_list[i]); + init_dom_sid2( &(*sids).sid[j], &map[i].sid); (*sids).ptr_sid[j]=1; j++; } - SAFE_FREE(sid_list); + SAFE_FREE(map); - init_lsa_r_enum_accounts(r_u, num_entries); + init_lsa_r_enum_accounts(r_u, j); return NT_STATUS_OK; } @@ -935,50 +923,7 @@ NTSTATUS _lsa_unk_get_connuser(pipes_struct *p, LSA_Q_UNK_GET_CONNUSER *q_u, LSA } /*************************************************************************** - Lsa Create Account - - FIXME: Actually the code is just a copy of lsa_open_account - TODO: Check and code what this function should exactly do - ***************************************************************************/ - -NTSTATUS _lsa_create_account(pipes_struct *p, LSA_Q_CREATEACCOUNT *q_u, LSA_R_CREATEACCOUNT *r_u) -{ - struct lsa_info *handle; - struct lsa_info *info; - - r_u->status = NT_STATUS_OK; - - /* find the connection policy handle. */ - if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle)) - return NT_STATUS_INVALID_HANDLE; - - /* check if the user have enough rights */ - - /* - * I don't know if it's the right one. not documented. - * but guessed with rpcclient. - */ - if (!(handle->access & POLICY_GET_PRIVATE_INFORMATION)) - return NT_STATUS_ACCESS_DENIED; - - /* associate the user/group SID with the (unique) handle. */ - if ((info = (struct lsa_info *)malloc(sizeof(struct lsa_info))) == NULL) - return NT_STATUS_NO_MEMORY; - - ZERO_STRUCTP(info); - info->sid = q_u->sid.sid; - info->access = q_u->access; - - /* get a (unique) handle. open a policy on it. */ - if (!create_policy_hnd(p, &r_u->pol, free_lsa_info, (void *)info)) - return NT_STATUS_OBJECT_NAME_NOT_FOUND; - - return r_u->status; -} - - -/*************************************************************************** - Lsa Open Account + ***************************************************************************/ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENACCOUNT *r_u) @@ -1023,8 +968,8 @@ NTSTATUS _lsa_open_account(pipes_struct *p, LSA_Q_OPENACCOUNT *q_u, LSA_R_OPENAC NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVSACCOUNT *q_u, LSA_R_ENUMPRIVSACCOUNT *r_u) { struct lsa_info *info=NULL; + GROUP_MAP map; LUID_ATTR *set=NULL; - PRIVILEGE_SET *priv; r_u->status = NT_STATUS_OK; @@ -1032,36 +977,33 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - init_privilege(&priv); - - if (!get_priv_for_sid(&info->sid, priv)) { - /* This is probably wrong... */ - return NT_STATUS_INVALID_HANDLE; - } - - DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", priv->count)); + if (!pdb_getgrsid(&map, info->sid)) + return NT_STATUS_NO_SUCH_GROUP; - if (priv->count > 0) { - int i; - set=(LUID_ATTR *)talloc(ps->mem_ctx, - priv->count*sizeof(LUID_ATTR)); +#if 0 /* privileges currently not implemented! */ + DEBUG(10,("_lsa_enum_privsaccount: %d privileges\n", map.priv_set->count)); + if (map.priv_set->count!=0) { + + set=(LUID_ATTR *)talloc(map.priv_set->mem_ctx, map.priv_set.count*sizeof(LUID_ATTR)); if (set == NULL) { - destroy_privilege(&priv); + destroy_privilege(&map.priv_set); return NT_STATUS_NO_MEMORY; } - for (i = 0; i < priv->count; i++) { - set[i].luid.low = priv->set[i].luid.low; - set[i].luid.high = priv->set[i].luid.high; - set[i].attr = priv->set[i].attr; - DEBUG(10,("_lsa_enum_privsaccount: %d: %d:%d:%d\n", i, - set[i].luid.high, set[i].luid.low, - set[i].attr)); + for (i = 0; i < map.priv_set.count; i++) { + set[i].luid.low = map.priv_set->set[i].luid.low; + set[i].luid.high = map.priv_set->set[i].luid.high; + set[i].attr = map.priv_set->set[i].attr; + DEBUG(10,("_lsa_enum_privsaccount: priv %d: %d:%d:%d\n", i, + set[i].luid.high, set[i].luid.low, set[i].attr)); } } - init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, priv->count, 0); - destroy_privilege(&priv); + init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, map.priv_set->count, 0); + destroy_privilege(&map.priv_set); +#endif + + init_lsa_r_enum_privsaccount(ps->mem_ctx, r_u, set, 0, 0); return r_u->status; } @@ -1073,16 +1015,15 @@ NTSTATUS _lsa_enum_privsaccount(pipes_struct *p, prs_struct *ps, LSA_Q_ENUMPRIVS NTSTATUS _lsa_getsystemaccount(pipes_struct *p, LSA_Q_GETSYSTEMACCOUNT *q_u, LSA_R_GETSYSTEMACCOUNT *r_u) { struct lsa_info *info=NULL; + GROUP_MAP map; r_u->status = NT_STATUS_OK; - fstring name, dom_name; - enum SID_NAME_USE type; /* find the connection policy handle. */ if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - if (!lookup_sid(&info->sid, dom_name, name, &type)) - return NT_STATUS_INVALID_HANDLE; + if (!pdb_getgrsid(&map, info->sid)) + return NT_STATUS_NO_SUCH_GROUP; /* 0x01 -> Log on locally @@ -1288,7 +1229,7 @@ NTSTATUS _lsa_query_info2(pipes_struct *p, LSA_Q_QUERY_INFO2 *q_u, LSA_R_QUERY_I char *dns_name = NULL; char *forest_name = NULL; DOM_SID *sid = NULL; - struct uuid guid; + GUID guid; fstring dnsdomname; ZERO_STRUCT(guid); diff --git a/source/rpc_server/srv_netlog.c b/source/rpc_server/srv_netlog.c index f06a2002e3c..9c10d86379d 100644 --- a/source/rpc_server/srv_netlog.c +++ b/source/rpc_server/srv_netlog.c @@ -317,42 +317,6 @@ static BOOL api_net_logon_ctrl(pipes_struct *p) return True; } -/************************************************************************* - api_ds_enum_dom_trusts: - *************************************************************************/ - -#if 0 /* JERRY */ -static BOOL api_ds_enum_dom_trusts(pipes_struct *p) -{ - DS_Q_ENUM_DOM_TRUSTS q_u; - DS_R_ENUM_DOM_TRUSTS r_u; - - prs_struct *data = &p->in_data.data; - prs_struct *rdata = &p->out_data.rdata; - - ZERO_STRUCT(q_u); - ZERO_STRUCT(r_u); - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n")); - return False; - } - - r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u); - - if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) { - DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n")); - return False; - } - - DEBUG(6,("api_ds_enum_dom_trusts\n")); - - return True; -} -#endif /* JERRY */ - /******************************************************************* array of \PIPE\NETLOGON operations ********************************************************************/ @@ -366,10 +330,7 @@ static struct api_struct api_net_cmds [] = { "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff }, { "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 }, { "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list }, - { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl }, -#if 0 /* JERRY */ - { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts } -#endif /* JERRY */ + { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl } }; void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns ) diff --git a/source/rpc_server/srv_netlog_nt.c b/source/rpc_server/srv_netlog_nt.c index 51ed79980c7..bf0e81f5c82 100644 --- a/source/rpc_server/srv_netlog_nt.c +++ b/source/rpc_server/srv_netlog_nt.c @@ -775,21 +775,4 @@ NTSTATUS _net_sam_logon(pipes_struct *p, NET_Q_SAM_LOGON *q_u, NET_R_SAM_LOGON * return status; } -/************************************************************************* - _ds_enum_dom_trusts - *************************************************************************/ -#if 0 /* JERRY -- not correct */ -NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u, - DS_R_ENUM_DOM_TRUSTS *r_u) -{ - NTSTATUS status = NT_STATUS_OK; - /* TODO: According to MSDN, the can only be executed against a - DC or domain member running Windows 2000 or later. Need - to test against a standalone 2k server and see what it - does. A windows 2000 DC includes its own domain in the - list. --jerry */ - - return status; -} -#endif /* JERRY */ diff --git a/source/rpc_server/srv_pipe.c b/source/rpc_server/srv_pipe.c index 90c20a97fa6..fa24efe589b 100644 --- a/source/rpc_server/srv_pipe.c +++ b/source/rpc_server/srv_pipe.c @@ -737,9 +737,9 @@ BOOL check_bind_req(struct pipes_struct *p, RPC_IFACE* abstract, { if ( strequal(pipe_names[i].client_pipe, pname) && (abstract->version == pipe_names[i].abstr_syntax.version) - && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0) + && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0) && (transfer->version == pipe_names[i].trans_syntax.version) - && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) ) + && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) ) { struct api_struct *fns = NULL; int n_fns = 0; @@ -1609,9 +1609,6 @@ void get_pipe_fns( int idx, struct api_struct **fns, int *n_fns ) echo_get_pipe_fns( &cmds, &n_cmds ); break; #endif - case PI_EPM: - epm_get_pipe_fns( &cmds, &n_cmds ); - break; default: DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx)); } diff --git a/source/rpc_server/srv_pipe_hnd.c b/source/rpc_server/srv_pipe_hnd.c index 64ca8388d77..514c22d471e 100644 --- a/source/rpc_server/srv_pipe_hnd.c +++ b/source/rpc_server/srv_pipe_hnd.c @@ -344,8 +344,6 @@ static void *make_internal_rpc_pipe_p(char *pipe_name, if (vuser) { p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length); p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token); - init_privilege(&p->pipe_user.privs); - dup_priv_set(p->pipe_user.privs, vuser->privs); } /* diff --git a/source/rpc_server/srv_samr_nt.c b/source/rpc_server/srv_samr_nt.c index 642c10e26fe..70ae4d170e4 100644 --- a/source/rpc_server/srv_samr_nt.c +++ b/source/rpc_server/srv_samr_nt.c @@ -40,7 +40,6 @@ extern rid_name domain_group_rids[]; extern rid_name domain_alias_rids[]; extern rid_name builtin_alias_rids[]; -extern PRIVS privs[]; typedef struct _disp_info { BOOL user_dbloaded; @@ -76,12 +75,10 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd level of access for further checks. ********************************************************************/ -NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_access, - uint32 *acc_granted, uint32 *priv_list, const char *debug) +NTSTATUS access_check_samr_object(SEC_DESC *psd, NT_USER_TOKEN *nt_user_token, uint32 des_access, + uint32 *acc_granted, const char *debug) { NTSTATUS status = NT_STATUS_ACCESS_DENIED; - NT_USER_TOKEN *nt_user_token = p->pipe_user.nt_user_token; - int i; if (!se_access_check(psd, nt_user_token, des_access, acc_granted, &status)) { *acc_granted = des_access; @@ -89,18 +86,12 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_acc DEBUG(4,("%s: ACCESS should be DENIED (requested: %#010x)\n", debug, des_access)); DEBUGADD(4,("but overritten by euid == sec_initial_uid()\n")); - return NT_STATUS_OK; + status = NT_STATUS_OK; } - if (priv_list != NULL) { - for (i = 0; priv_list[i] != SE_NONE; i++) { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), priv_list[i]))) { - DEBUG(3, ("%s: User should be denied access but was overridden by %s\n", debug, privs[priv_list[i]].priv)); - return NT_STATUS_OK; - } - } + else { + DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", + debug, des_access)); } - - DEBUG(2,("%s: ACCESS DENIED (requested: %#010x)\n", debug, des_access)); } return status; } @@ -109,10 +100,8 @@ NTSTATUS access_check_samr_object(SEC_DESC *psd, pipes_struct *p, uint32 des_acc Checks if access to a function can be granted ********************************************************************/ -NTSTATUS access_check_samr_function(pipes_struct *p, uint32 acc_granted, uint32 acc_required, uint32 *priv_list, const char *debug) +NTSTATUS access_check_samr_function(uint32 acc_granted, uint32 acc_required, const char *debug) { - int i; - DEBUG(5,("%s: access check ((granted: %#010x; required: %#010x)\n", debug, acc_granted, acc_required)); if ((acc_granted & acc_required) != acc_required) { @@ -122,15 +111,6 @@ NTSTATUS access_check_samr_function(pipes_struct *p, uint32 acc_granted, uint32 DEBUGADD(4,("but overwritten by euid == 0\n")); return NT_STATUS_OK; } - if (priv_list != NULL) { - for (i = 0; priv_list[i] != SE_NONE; i++) { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), priv_list[i]))) { - DEBUG(3, ("%s: User should be denied access but was overridden by %s\n", debug, privs[priv_list[i]].priv)); - return NT_STATUS_OK; - } - } - } - DEBUG(2,("%s: ACCESS DENIED (granted: %#010x; required: %#010x)\n", debug, acc_granted, acc_required)); return NT_STATUS_ACCESS_DENIED; @@ -392,7 +372,6 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN uint32 des_access = q_u->flags; size_t sd_size; NTSTATUS status; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_NONE}; r_u->status = NT_STATUS_OK; @@ -400,7 +379,7 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN, priv_list, "_samr_open_domain"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_OPEN_DOMAIN,"_samr_open_domain"))) { return status; } @@ -409,8 +388,8 @@ NTSTATUS _samr_open_domain(pipes_struct *p, SAMR_Q_OPEN_DOMAIN *q_u, SAMR_R_OPEN se_map_generic(&des_access,&dom_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_open_domain"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_domain"))) { return status; } @@ -789,8 +768,8 @@ NTSTATUS _samr_enum_dom_users(pipes_struct *p, SAMR_Q_ENUM_DOM_USERS *q_u, domain_sid = info->sid; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, - SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_users"))) { return r_u->status; } @@ -900,7 +879,7 @@ static void make_group_sam_entry_list(TALLOC_CTX *ctx, SAM_ENTRY **sam_pp, UNIST Get the group entries - similar to get_sampwd_entries(). ******************************************************************/ -static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, +static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx, uint32 *p_num_entries, uint32 max_entries ) { @@ -915,8 +894,7 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, needed for some passdb backends to enumerate groups */ become_root(); - pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries, - ENUM_ONLY_MAPPED); + pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED); unbecome_root(); num_entries=group_entries-start_idx; @@ -937,57 +915,51 @@ static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name); fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment); sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid); - (*d_grp)[i].attr=SID_NAME_DOM_GRP; + (*d_grp)[i].attr=type; } SAFE_FREE(map); *p_num_entries = num_entries; - DEBUG(10,("get_group_domain_entries: returning %d entries\n", - *p_num_entries)); + DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries)); return NT_STATUS_OK; } /******************************************************************* - Wrapper for enumerating local groups + Wrapper for enuemrating domain groups ******************************************************************/ -static NTSTATUS get_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, - const DOM_SID *sid, uint32 start_idx, - uint32 *p_num_entries, uint32 max_entries ) +static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries ) { - struct acct_info *info; - int i; - BOOL res; - - become_root(); - res = pdb_enum_aliases(sid, start_idx, max_entries, - p_num_entries, &info); - unbecome_root(); - - if (!res) - return NT_STATUS_ACCESS_DENIED; - - if (*p_num_entries == 0) - return NT_STATUS_OK; + return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx, + p_num_entries, max_entries ); +} - *d_grp = talloc(ctx, sizeof(DOMAIN_GRP) * (*p_num_entries)); +/******************************************************************* + Wrapper for enumerating local groups + ******************************************************************/ - if (*d_grp == NULL) { - SAFE_FREE(info); - return NT_STATUS_NO_MEMORY; +static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp, + DOM_SID *sid, uint32 start_idx, + uint32 *p_num_entries, uint32 max_entries) +{ + if ( sid_equal(sid, &global_sid_Builtin) ) { + return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - - for (i=0; i<*p_num_entries; i++) { - fstrcpy((*d_grp)[i].name, info[i].acct_name); - fstrcpy((*d_grp)[i].comment, info[i].acct_desc); - (*d_grp)[i].rid = info[i].rid; - (*d_grp)[i].attr = SID_NAME_ALIAS; + else if ( sid_equal(sid, get_global_sam_sid()) ) { + return get_group_entries( SID_NAME_ALIAS, ctx, d_grp, + sid, start_idx, p_num_entries, max_entries ); } - SAFE_FREE(info); + /* can't do anything with this SID */ + + *p_num_entries = 0; + return NT_STATUS_OK; } @@ -1007,7 +979,7 @@ NTSTATUS _samr_enum_dom_groups(pipes_struct *p, SAMR_Q_ENUM_DOM_GROUPS *q_u, SAM if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, "_samr_enum_dom_groups"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_groups"))) { return r_u->status; } @@ -1046,16 +1018,16 @@ NTSTATUS _samr_enum_dom_aliases(pipes_struct *p, SAMR_Q_ENUM_DOM_ALIASES *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, NULL, "_samr_enum_dom_aliases"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_ENUM_ACCOUNTS, "_samr_enum_dom_aliases"))) { return r_u->status; } sid_to_string(sid_str, &sid); DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str)); - status = get_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, - &num_entries, MAX_SAM_ENTRIES); - if (!NT_STATUS_IS_OK(status)) return status; + status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx, + &num_entries, MAX_SAM_ENTRIES); + if (NT_STATUS_IS_ERR(status)) return status; make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp); @@ -1272,7 +1244,7 @@ NTSTATUS _samr_query_dispinfo(pipes_struct *p, SAMR_Q_QUERY_DISPINFO *q_u, NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u) { DOM_SID sid; - struct acct_info info; + GROUP_MAP map; uint32 acc_granted; BOOL ret; @@ -1283,12 +1255,16 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM /* find the policy handle. open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, NULL, "_samr_query_aliasinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_LOOKUP_INFO, "_samr_query_aliasinfo"))) { return r_u->status; } + if (!sid_check_is_in_our_domain(&sid) && + !sid_check_is_in_builtin(&sid)) + return NT_STATUS_OBJECT_TYPE_MISMATCH; + become_root(); - ret = pdb_get_aliasinfo(&sid, &info); + ret = pdb_getgrsid(&map, sid); unbecome_root(); if ( !ret ) @@ -1298,13 +1274,12 @@ NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAM case 1: r_u->ptr = 1; r_u->ctr.switch_value1 = 1; - init_samr_alias_info1(&r_u->ctr.alias.info1, - info.acct_name, 1, info.acct_desc); + init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment); break; case 3: r_u->ptr = 1; r_u->ctr.switch_value1 = 3; - init_samr_alias_info3(&r_u->ctr.alias.info3, info.acct_desc); + init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -1403,7 +1378,7 @@ NTSTATUS _samr_lookup_names(pipes_struct *p, SAMR_Q_LOOKUP_NAMES *q_u, SAMR_R_LO return r_u->status; } - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, 0, NULL, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, 0, "_samr_lookup_names"))) { /* Don't know the acc_bits yet */ return r_u->status; } @@ -1625,7 +1600,6 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE size_t sd_size; BOOL ret; NTSTATUS nt_status; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; r_u->status = NT_STATUS_OK; @@ -1633,7 +1607,7 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, priv_list, "_samr_open_user"))) { + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_user"))) { return nt_status; } @@ -1650,8 +1624,8 @@ NTSTATUS _samr_open_user(pipes_struct *p, SAMR_Q_OPEN_USER *q_u, SAMR_R_OPEN_USE samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); se_map_generic(&des_access, &usr_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_open_user"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_user"))) { return nt_status; } @@ -1974,7 +1948,7 @@ NTSTATUS _samr_query_usergroups(pipes_struct *p, SAMR_Q_QUERY_USERGROUPS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_USER_GET_GROUPS, NULL, "_samr_query_usergroups"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_USER_GET_GROUPS, "_samr_query_usergroups"))) { return r_u->status; } @@ -2157,13 +2131,12 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA uint32 new_rid = 0; /* check this, when giving away 'add computer to domain' privs */ uint32 des_access = GENERIC_RIGHTS_USER_ALL_ACCESS; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; /* Get the domain SID stored in the domain policy */ if (!get_lsa_policy_samr_sid(p, &dom_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, priv_list, "_samr_create_user"))) { + if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) { return nt_status; } @@ -2227,33 +2200,6 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* the passdb lookup has failed; check to see if we need to run the add user/machine script */ - - /* - * we can't check both the ending $ and the acb_info. - * - * UserManager creates trust accounts (ending in $, - * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. - * JFM, 11/29/2001 - */ - if (account[strlen(account)-1] == '$') { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Machines privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_addmachine_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Machines privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } else { - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS)) || geteuid() == 0) { - DEBUG(3, ("user [%s] has been granted Add Users privilege!\n", p->user_name)); - become_root(); - pstrcpy(add_script, lp_adduser_script()); - } else { - DEBUG(3, ("user [%s] doesn't have Add Users privilege!\n", p->user_name)); - return NT_STATUS_ACCESS_DENIED; - } - } pw = Get_Pwnam(account); @@ -2269,16 +2215,27 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA *********************************************************************/ if ( !pw ) { + /* + * we can't check both the ending $ and the acb_info. + * + * UserManager creates trust accounts (ending in $, + * normal that hidden accounts) with the acb_info equals to ACB_NORMAL. + * JFM, 11/29/2001 + */ + if (account[strlen(account)-1] == '$') + pstrcpy(add_script, lp_addmachine_script()); + else + pstrcpy(add_script, lp_adduser_script()); - if (add_script[0] != '\0') { + if (*add_script) { int add_ret; all_string_sub(add_script, "%u", account, sizeof(account)); add_ret = smbrun(add_script,NULL); + DEBUG(3,("_samr_create_user: Running the command `%s' gave %d\n", add_script, add_ret)); } else /* no add user script -- ask winbindd to do it */ { - DEBUG(0, ("_samr_create_user: lp_adduser_script() = %s add_script = %s\n", lp_adduser_script(), add_script)); - if (!winbind_create_user(account, &new_rid)) { + if ( !winbind_create_user( account, &new_rid ) ) { DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n", account)); } @@ -2289,16 +2246,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* implicit call to getpwnam() next. we have a valid SID coming out of this call */ if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) ) - goto done; + return nt_status; pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED); if (!pdb_add_sam_account(sam_pass)) { pdb_free_sam(&sam_pass); - DEBUG(0, ("could not add user/computer %s to passdb !?\n", + DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n", account)); - nt_status = NT_STATUS_ACCESS_DENIED; - goto done; + return NT_STATUS_ACCESS_DENIED; } /* Get the user's SID */ @@ -2307,16 +2263,15 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA samr_make_usr_obj_sd(p->mem_ctx, &psd, &sd_size, &sid); se_map_generic(&des_access, &usr_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - priv_list, "_samr_create_user"))) { - goto done; + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_create_user"))) { + return nt_status; } /* associate the user's SID with the new handle. */ if ((info = get_samr_info_by_sid(&sid)) == NULL) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_NO_MEMORY; - goto done; + return NT_STATUS_NO_MEMORY; } ZERO_STRUCTP(info); @@ -2326,8 +2281,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA /* get a (unique) handle. open a policy on it. */ if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) { pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OBJECT_NAME_NOT_FOUND; - goto done; + return NT_STATUS_OBJECT_NAME_NOT_FOUND; } r_u->user_rid=pdb_get_user_rid(sam_pass); @@ -2336,11 +2290,7 @@ NTSTATUS _samr_create_user(pipes_struct *p, SAMR_Q_CREATE_USER *q_u, SAMR_R_CREA pdb_free_sam(&sam_pass); - nt_status = NT_STATUS_OK; - -done: - unbecome_root(); - return nt_status; + return NT_STATUS_OK; } /******************************************************************* @@ -2411,8 +2361,8 @@ NTSTATUS _samr_connect(pipes_struct *p, SAMR_Q_CONNECT *q_u, SAMR_R_CONNECT *r_u samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access, &sam_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_connect"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { return nt_status; } @@ -2461,8 +2411,8 @@ NTSTATUS _samr_connect4(pipes_struct *p, SAMR_Q_CONNECT4 *q_u, SAMR_R_CONNECT4 * samr_make_sam_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access, &sam_generic_mapping); if (!NT_STATUS_IS_OK(nt_status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_connect"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_connect"))) { return nt_status; } @@ -2499,8 +2449,8 @@ NTSTATUS _samr_lookup_domain(pipes_struct *p, SAMR_Q_LOOKUP_DOMAIN *q_u, SAMR_R_ if (!find_policy_by_hnd(p, &q_u->connect_pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, - SA_RIGHT_SAM_ENUM_DOMAINS, NULL, "_samr_lookup_domain"))) + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, + SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_lookup_domain"))) { return r_u->status; } @@ -2572,7 +2522,7 @@ NTSTATUS _samr_enum_domains(pipes_struct *p, SAMR_Q_ENUM_DOMAINS *q_u, SAMR_R_EN if (!find_policy_by_hnd(p, &q_u->pol, (void**)&info)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, NULL, "_samr_enum_domains"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(info->acc_granted, SA_RIGHT_SAM_ENUM_DOMAINS, "_samr_enum_domains"))) { return r_u->status; } @@ -2613,7 +2563,7 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A if (!get_lsa_policy_samr_sid(p, &domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_open_alias"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_alias"))) { return status; } @@ -2625,8 +2575,8 @@ NTSTATUS _samr_open_alias(pipes_struct *p, SAMR_Q_OPEN_ALIAS *q_u, SAMR_R_OPEN_A samr_make_ali_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access,&ali_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_open_alias"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_alias"))) { return status; } @@ -2999,8 +2949,6 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE SAM_USERINFO_CTR *ctr = q_u->ctr; uint32 acc_granted; uint32 acc_required; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; - BOOL priv_to_root = False; DEBUG(5, ("_samr_set_userinfo: %d\n", __LINE__)); @@ -3011,65 +2959,34 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_INVALID_HANDLE; acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, acc_required, priv_list, "_samr_set_userinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo"))) { return r_u->status; } - - if (geteuid() != sec_initial_uid()) { - SAM_ACCOUNT *pwd = NULL; - - pdb_init_sam(&pwd); - - become_root(); - if (!pdb_getsampwsid(pwd, &sid)) { - unbecome_root(); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) { - priv_to_root = True; - - } else if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) { - if (pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) { - priv_to_root = True; - } - } else { - unbecome_root(); - return NT_STATUS_ACCESS_DENIED; - } - } - + DEBUG(5, ("_samr_set_userinfo: sid:%s, level:%d\n", sid_string_static(&sid), switch_value)); if (ctr == NULL) { DEBUG(5, ("_samr_set_userinfo: NULL info level\n")); - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 0x12: - if (!set_user_info_12(ctr->info.id12, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 24: if (!p->session_key.length) { - if (priv_to_root) unbecome_root(); return NT_STATUS_NO_USER_SESSION_KEY; } SamOEMhashBlob(ctr->info.id24->pass, 516, &p->session_key); dump_data(100, (char *)ctr->info.id24->pass, 516); - if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_pw((char *)ctr->info.id24->pass, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 25: @@ -3093,30 +3010,24 @@ NTSTATUS _samr_set_userinfo(pipes_struct *p, SAMR_Q_SET_USERINFO *q_u, SAMR_R_SE return NT_STATUS_ACCESS_DENIED; break; #endif - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; case 23: if (!p->session_key.length) { - if (priv_to_root) unbecome_root(); return NT_STATUS_NO_USER_SESSION_KEY; } SamOEMhashBlob(ctr->info.id23->pass, 516, &p->session_key); dump_data(100, (char *)ctr->info.id23->pass, 516); - if (!set_user_info_23(ctr->info.id23, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_23(ctr->info.id23, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; default: - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } - if (priv_to_root) unbecome_root(); return r_u->status; } @@ -3132,8 +3043,6 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ uint16 switch_value = q_u->switch_value; uint32 acc_granted; uint32 acc_required; - uint32 priv_list[3] = {SE_MACHINE_ACCOUNT, SE_ADD_USERS, SE_NONE}; - BOOL priv_to_root = False; DEBUG(5, ("samr_reply_set_userinfo2: %d\n", __LINE__)); @@ -3144,40 +3053,14 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ return NT_STATUS_INVALID_HANDLE; acc_required = SA_RIGHT_USER_SET_LOC_COM | SA_RIGHT_USER_SET_ATTRIBUTES; /* This is probably wrong */ - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, acc_required, priv_list, "_samr_set_userinfo2"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, acc_required, "_samr_set_userinfo2"))) { return r_u->status; } - if (geteuid() != sec_initial_uid()) { - SAM_ACCOUNT *pwd = NULL; - - pdb_init_sam(&pwd); - - become_root(); - if (!pdb_getsampwsid(pwd, &sid)) { - unbecome_root(); - pdb_free_sam(&pwd); - return NT_STATUS_ACCESS_DENIED; - } - - if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) { - priv_to_root = True; - - } else if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) { - if (pdb_get_acct_ctrl(pwd) & ACB_WSTRUST) { - priv_to_root = True; - } - } else { - unbecome_root(); - return NT_STATUS_ACCESS_DENIED; - } - } - DEBUG(5, ("samr_reply_set_userinfo2: sid:%s\n", sid_string_static(&sid))); if (ctr == NULL) { DEBUG(5, ("samr_reply_set_userinfo2: NULL info level\n")); - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } @@ -3186,36 +3069,26 @@ NTSTATUS _samr_set_userinfo2(pipes_struct *p, SAMR_Q_SET_USERINFO2 *q_u, SAMR_R_ /* ok! user info levels (lots: see MSDEV help), off we go... */ switch (switch_value) { case 21: - if (!set_user_info_21(ctr->info.id21, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_21(ctr->info.id21, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 20: - if (!set_user_info_20(ctr->info.id20, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_20(ctr->info.id20, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 16: - if (!set_user_info_10(ctr->info.id10, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_10(ctr->info.id10, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; case 18: /* Used by AS/U JRA. */ - if (!set_user_info_12(ctr->info.id12, &sid)) { - if (priv_to_root) unbecome_root(); + if (!set_user_info_12(ctr->info.id12, &sid)) return NT_STATUS_ACCESS_DENIED; - } break; default: - if (priv_to_root) unbecome_root(); return NT_STATUS_INVALID_INFO_CLASS; } - if (priv_to_root) unbecome_root(); return r_u->status; } @@ -3258,8 +3131,8 @@ NTSTATUS _samr_query_useraliases(pipes_struct *p, SAMR_Q_QUERY_USERALIASES *q_u, if (!find_policy_by_hnd(p, &q_u->pol, (void **)&info)) return NT_STATUS_INVALID_HANDLE; - ntstatus1 = access_check_samr_function(p, info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, NULL, "_samr_query_useraliases"); - ntstatus2 = access_check_samr_function(p, info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_query_useraliases"); + ntstatus1 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_LOOKUP_ALIAS_BY_MEM, "_samr_query_useraliases"); + ntstatus2 = access_check_samr_function(info->acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_query_useraliases"); if (!NT_STATUS_IS_OK(ntstatus1) || !NT_STATUS_IS_OK(ntstatus2)) { if (!(NT_STATUS_EQUAL(ntstatus1,NT_STATUS_ACCESS_DENIED) && NT_STATUS_IS_OK(ntstatus2)) && @@ -3318,11 +3191,15 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ { int i; + GROUP_MAP map; int num_sids = 0; DOM_SID2 *sid; DOM_SID *sids=NULL; DOM_SID alias_sid; + DOM_SID als_sid; + uint32 alias_rid; + fstring alias_sid_str; uint32 acc_granted; @@ -3331,15 +3208,38 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return NT_STATUS_INVALID_HANDLE; if (!NT_STATUS_IS_OK(r_u->status = - access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, NULL, "_samr_query_aliasmem"))) { + access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) { return r_u->status; } + + sid_copy(&als_sid, &alias_sid); + sid_to_string(alias_sid_str, &alias_sid); + sid_split_rid(&alias_sid, &alias_rid); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids)) + if (sid_equal(&alias_sid, &global_sid_Builtin)) { + DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n")); + if(!get_builtin_group_from_sid(&als_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + } else { + if (sid_equal(&alias_sid, get_global_sam_sid())) { + DEBUG(10, ("lookup on Server SID\n")); + if(!get_local_group_from_sid(&als_sid, &map)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s not found\n", sid_to_string(alias_sid_string, &als_sid))); + return NT_STATUS_NO_SUCH_ALIAS; + } + } + } + + if (!get_sid_list_of_group(map.gid, &sids, &num_sids)) { + fstring alias_sid_string; + DEBUG(10, ("Alias %s found, but member list unavailable\n", sid_to_string(alias_sid_string, &als_sid))); return NT_STATUS_NO_SUCH_ALIAS; + } + DEBUG(10, ("sid is %s\n", alias_sid_str)); sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_sids); if (num_sids!=0 && sid == NULL) { SAFE_FREE(sids); @@ -3350,6 +3250,7 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ init_dom_sid2(&sid[i], &sids[i]); } + DEBUG(10, ("sid is %s\n", alias_sid_str)); init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK); SAFE_FREE(sids); @@ -3357,89 +3258,20 @@ NTSTATUS _samr_query_aliasmem(pipes_struct *p, SAMR_Q_QUERY_ALIASMEM *q_u, SAMR_ return NT_STATUS_OK; } -static void add_uid_to_array_unique(uid_t uid, uid_t **uids, int *num) -{ - int i; - - if ((*num) >= groups_max()) - return; - - for (i=0; i<*num; i++) { - if ((*uids)[i] == uid) - return; - } - - *uids = Realloc(*uids, (*num+1) * sizeof(uid_t)); - - if (*uids == NULL) - return; - - (*uids)[*num] = uid; - *num += 1; -} - - -static BOOL get_memberuids(gid_t gid, uid_t **uids, int *num) -{ - struct group *grp; - char **gr; - struct sys_pwent *userlist, *user; - - *uids = NULL; - *num = 0; - - /* We only look at our own sam, so don't care about imported stuff */ - - winbind_off(); - - if ((grp = getgrgid(gid)) == NULL) { - winbind_on(); - return False; - } - - /* Primary group members */ - - userlist = getpwent_list(); - - for (user = userlist; user != NULL; user = user->next) { - if (user->pw_gid != gid) - continue; - add_uid_to_array_unique(user->pw_uid, uids, num); - } - - pwent_free(userlist); - - /* Secondary group members */ - - gr = grp->gr_mem; - while ((*gr != NULL) && ((*gr)[0] != '\0')) { - struct passwd *pw = getpwnam(*gr); - - if (pw == NULL) - continue; - - add_uid_to_array_unique(pw->pw_uid, uids, num); - - gr += 1; - } - - winbind_on(); - - return True; -} - /********************************************************************* _samr_query_groupmem *********************************************************************/ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_R_QUERY_GROUPMEM *r_u) { - int final_num_rids, i; + int num_sids = 0; + int final_num_sids = 0; + int i; DOM_SID group_sid; fstring group_sid_str; - uid_t *uids; - int num; - gid_t gid; + DOM_SID *sids=NULL; + + GROUP_MAP map; uint32 *rid=NULL; uint32 *attr=NULL; @@ -3450,7 +3282,7 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, NULL, "_samr_query_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_GET_MEMBERS, "_samr_query_groupmem"))) { return r_u->status; } @@ -3464,46 +3296,35 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ DEBUG(10, ("lookup on Domain SID\n")); - if (!NT_STATUS_IS_OK(sid_to_gid(&group_sid, &gid))) + if(!get_domain_group_from_sid(group_sid, &map)) return NT_STATUS_NO_SUCH_GROUP; - if(!get_memberuids(gid, &uids, &num)) + if(!get_sid_list_of_group(map.gid, &sids, &num_sids)) return NT_STATUS_NO_SUCH_GROUP; - rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num); - attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num); + rid=talloc_zero(p->mem_ctx, sizeof(uint32)*num_sids); + attr=talloc_zero(p->mem_ctx, sizeof(uint32)*num_sids); - if (num!=0 && (rid==NULL || attr==NULL)) + if (num_sids!=0 && (rid==NULL || attr==NULL)) return NT_STATUS_NO_MEMORY; - final_num_rids = 0; + for (i=0; i<num_sids; i++) { + uint32 urid; - for (i=0; i<num; i++) { - DOM_SID sid; - - if (!NT_STATUS_IS_OK(uid_to_sid(&sid, uids[i]))) { - DEBUG(1, ("Could not map member uid to SID\n")); - continue; - } - - if (!sid_check_is_in_our_domain(&sid)) { - DEBUG(1, ("Inconsistent SAM -- group member uid not " - "in our domain\n")); - continue; + if (sid_peek_check_rid(get_global_sam_sid(), &sids[i], &urid)) { + rid[final_num_sids] = urid; + attr[final_num_sids] = SID_NAME_USER; + final_num_sids++; + } else { + fstring user_sid_str, domain_sid_str; + DEBUG(1, ("_samr_query_groupmem: SID %s in group %s is not in our domain %s\n", + sid_to_string(user_sid_str, &sids[i]), + sid_to_string(group_sid_str, &group_sid), + sid_to_string(domain_sid_str, get_global_sam_sid()))); } - - sid_peek_rid(&sid, &rid[final_num_rids]); - - /* Hmm. In a trace I got the constant 7 here from NT. */ - attr[final_num_rids] = SID_NAME_USER; - - final_num_rids += 1; } - SAFE_FREE(uids); - - init_samr_r_query_groupmem(r_u, final_num_rids, rid, attr, - NT_STATUS_OK); + init_samr_r_query_groupmem(r_u, final_num_sids, rid, attr, NT_STATUS_OK); return NT_STATUS_OK; } @@ -3515,21 +3336,93 @@ NTSTATUS _samr_query_groupmem(pipes_struct *p, SAMR_Q_QUERY_GROUPMEM *q_u, SAMR_ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user = NULL; + BOOL check; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, NULL, "_samr_add_aliasmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_ADD_MEMBER, "_samr_add_aliasmem"))) { return r_u->status; } - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!pdb_add_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; + if (sid_compare(&alias_sid, get_global_sam_sid())>0) { + DEBUG(10, ("adding member on Server SID\n")); + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else { + if (sid_compare(&alias_sid, &global_sid_Builtin)>0) { + DEBUG(10, ("adding member on BUILTIN SID\n")); + if( !get_builtin_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + } else + return NT_STATUS_NO_SUCH_ALIAS; + } + + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &q_u->sid.sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + /* check a real user exist before we run the script to add a user to a group */ + if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { + return NT_STATUS_NO_SUCH_USER; + } + + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_ALIAS; + } + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* if the user is already in the group */ + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_IN_ALIAS; + } + + /* + * ok, the group exist, the user exist, the user is not in the group, + * we can (finally) add it to the group ! + */ + smb_add_user_group(grp_name, pwd->pw_name); + /* check if the user has been added then ... */ + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + passwd_free(&pwd); return NT_STATUS_OK; } @@ -3540,22 +3433,62 @@ NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_AD NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u) { DOM_SID alias_sid; + fstring alias_sid_str; + struct group *grp; + fstring grp_name; + GROUP_MAP map; + SAM_ACCOUNT *sam_pass=NULL; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, NULL, "_samr_del_aliasmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_REMOVE_MEMBER, "_samr_del_aliasmem"))) { return r_u->status; } - DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", - sid_string_static(&alias_sid))); + sid_to_string(alias_sid_str, &alias_sid); + DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str)); - if (!pdb_del_aliasmem(&alias_sid, &q_u->sid.sid)) - return NT_STATUS_ACCESS_DENIED; - + if (!sid_check_is_in_our_domain(&alias_sid) && + !sid_check_is_in_builtin(&alias_sid)) { + DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n")); + return NT_STATUS_NO_SUCH_ALIAS; + } + + if( !get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) { + DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); + return NT_STATUS_NO_SUCH_USER; + } + + /* if the user is not in the group */ + if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; + } + + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); + + /* check if the user has been removed then ... */ + if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */ + } + + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -3567,35 +3500,73 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD { DOM_SID group_sid; DOM_SID user_sid; + fstring group_sid_str; + uid_t uid; + struct passwd *pwd; + struct group *grp; fstring grp_name; - fstring usr_name; + GROUP_MAP map; + NTSTATUS ret; + SAM_ACCOUNT *sam_user=NULL; + BOOL check; uint32 acc_granted; /* Find the policy handle. Open a policy on it. */ if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, NULL, "_samr_add_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_ADD_MEMBER, "_samr_add_groupmem"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + sid_to_string(group_sid_str, &group_sid); + DEBUG(10, ("sid is %s\n", group_sid_str)); + + if (sid_compare(&group_sid, get_global_sam_sid())<=0) + return NT_STATUS_NO_SUCH_GROUP; + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) return NT_STATUS_NO_SUCH_GROUP; - } sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); - if (!sid_to_local_user_name(&user_sid, usr_name)) { - DEBUG(1, ("Could not find user for SID %s\n", - sid_string_static(&user_sid))); + ret = pdb_init_sam(&sam_user); + if (!NT_STATUS_IS_OK(ret)) + return ret; + + check = pdb_getsampwsid(sam_user, &user_sid); + + if (check != True) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + /* check a real user exist before we run the script to add a user to a group */ + if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) { + pdb_free_sam(&sam_user); + return NT_STATUS_NO_SUCH_USER; + } + + pdb_free_sam(&sam_user); + + if ((pwd=getpwuid_alloc(uid)) == NULL) { return NT_STATUS_NO_SUCH_USER; } + if ((grp=getgrgid(map.gid)) == NULL) { + passwd_free(&pwd); + return NT_STATUS_NO_SUCH_GROUP; + } + + /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */ + fstrcpy(grp_name, grp->gr_name); + /* if the user is already in the group */ - if(user_in_unix_group_list(usr_name, grp_name)) { + if(user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); return NT_STATUS_MEMBER_IN_GROUP; } @@ -3605,13 +3576,15 @@ NTSTATUS _samr_add_groupmem(pipes_struct *p, SAMR_Q_ADD_GROUPMEM *q_u, SAMR_R_AD * we can (finally) add it to the group ! */ - smb_add_user_group(grp_name, usr_name); + smb_add_user_group(grp_name, pwd->pw_name); /* check if the user has been added then ... */ - if(!user_in_unix_group_list(usr_name, grp_name)) { - return NT_STATUS_ACCESS_DENIED; + if(!user_in_unix_group_list(pwd->pw_name, grp_name)) { + passwd_free(&pwd); + return NT_STATUS_MEMBER_NOT_IN_GROUP; /* don't know what to reply else */ } + passwd_free(&pwd); return NT_STATUS_OK; } @@ -3623,8 +3596,10 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE { DOM_SID group_sid; DOM_SID user_sid; + SAM_ACCOUNT *sam_pass=NULL; + GROUP_MAP map; fstring grp_name; - fstring usr_name; + struct group *grp; uint32 acc_granted; /* @@ -3637,38 +3612,48 @@ NTSTATUS _samr_del_groupmem(pipes_struct *p, SAMR_Q_DEL_GROUPMEM *q_u, SAMR_R_DE if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, NULL, "_samr_del_groupmem"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_REMOVE_MEMBER, "_samr_del_groupmem"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + if (!sid_check_is_in_our_domain(&group_sid)) return NT_STATUS_NO_SUCH_GROUP; - } sid_copy(&user_sid, get_global_sam_sid()); sid_append_rid(&user_sid, q_u->rid); - if (!sid_to_local_user_name(&user_sid, usr_name)) { - DEBUG(1, ("Could not find user for SID %s\n", - sid_string_static(&user_sid))); + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + if ((grp=getgrgid(map.gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* we need to copy the name otherwise it's overloaded in user_in_group_list */ + fstrcpy(grp_name, grp->gr_name); + + /* check if the user exists before trying to remove it from the group */ + pdb_init_sam(&sam_pass); + if (!pdb_getsampwsid(sam_pass, &user_sid)) { + DEBUG(5,("User %s doesn't exist.\n", pdb_get_username(sam_pass))); + pdb_free_sam(&sam_pass); return NT_STATUS_NO_SUCH_USER; } /* if the user is not in the group */ - if (!user_in_unix_group_list(usr_name, grp_name)) { + if (!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); return NT_STATUS_MEMBER_NOT_IN_GROUP; } - smb_delete_user_group(grp_name, usr_name); + smb_delete_user_group(grp_name, pdb_get_username(sam_pass)); /* check if the user has been removed then ... */ - if(user_in_unix_group_list(usr_name, grp_name)) { - /* don't know what to reply else */ - return NT_STATUS_ACCESS_DENIED; + if (user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) { + pdb_free_sam(&sam_pass); + return NT_STATUS_ACCESS_DENIED; /* don't know what to reply else */ } + pdb_free_sam(&sam_pass); return NT_STATUS_OK; } @@ -3720,7 +3705,7 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM if (!get_lsa_policy_samr_sid(p, &q_u->user_pol, &user_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_user"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_user"))) { return r_u->status; } @@ -3766,8 +3751,12 @@ NTSTATUS _samr_delete_dom_user(pipes_struct *p, SAMR_Q_DELETE_DOM_USER *q_u, SAM NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, SAMR_R_DELETE_DOM_GROUP *r_u) { DOM_SID group_sid; - fstring grp_name; + DOM_SID dom_sid; + uint32 group_rid; + fstring group_sid_str; + gid_t gid; struct group *grp; + GROUP_MAP map; uint32 acc_granted; DEBUG(5, ("samr_delete_dom_group: %d\n", __LINE__)); @@ -3776,23 +3765,43 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->group_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_group"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_group"))) { return r_u->status; } - if (!sid_to_local_dom_grp_name(&group_sid, grp_name)) { - DEBUG(1, ("Could not find group for SID %s\n", - sid_string_static(&group_sid))); + sid_copy(&dom_sid, &group_sid); + sid_to_string(group_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &group_rid); + + DEBUG(10, ("sid is %s\n", group_sid_str)); + + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_GROUP; - } + + DEBUG(10, ("lookup on Domain SID\n")); + + if(!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_GROUP; + + /* delete mapping first */ + if(!pdb_delete_group_mapping_entry(group_sid)) + return NT_STATUS_ACCESS_DENIED; /* we can delete the UNIX group */ - smb_delete_group(grp_name); + smb_delete_group(grp->gr_name); /* check if the group has been successfully deleted */ - if ( (grp=getgrnam(grp_name)) != NULL) + if ( (grp=getgrgid(gid)) != NULL) return NT_STATUS_ACCESS_DENIED; + if (!close_policy_hnd(p, &q_u->group_pol)) return NT_STATUS_OBJECT_NAME_INVALID; @@ -3806,6 +3815,12 @@ NTSTATUS _samr_delete_dom_group(pipes_struct *p, SAMR_Q_DELETE_DOM_GROUP *q_u, S NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u) { DOM_SID alias_sid; + DOM_SID dom_sid; + uint32 alias_rid; + fstring alias_sid_str; + gid_t gid; + struct group *grp; + GROUP_MAP map; uint32 acc_granted; DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__)); @@ -3814,21 +3829,41 @@ NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, NULL, "_samr_delete_dom_alias"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) { return r_u->status; } + + sid_copy(&dom_sid, &alias_sid); + sid_to_string(alias_sid_str, &dom_sid); + sid_split_rid(&dom_sid, &alias_rid); - DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid))); + DEBUG(10, ("sid is %s\n", alias_sid_str)); - if (!sid_check_is_in_our_domain(&alias_sid)) + /* we check if it's our SID before deleting */ + if (!sid_equal(&dom_sid, get_global_sam_sid())) return NT_STATUS_NO_SUCH_ALIAS; - + DEBUG(10, ("lookup on Local SID\n")); - /* Have passdb delete the alias */ - if (!pdb_delete_alias(&alias_sid)) + if(!get_local_group_from_sid(&alias_sid, &map)) + return NT_STATUS_NO_SUCH_ALIAS; + + gid=map.gid; + + /* check if group really exists */ + if ( (grp=getgrgid(gid)) == NULL) + return NT_STATUS_NO_SUCH_ALIAS; + + /* we can delete the UNIX group */ + smb_delete_group(grp->gr_name); + + /* check if the group has been successfully deleted */ + if ( (grp=getgrgid(gid)) != NULL) return NT_STATUS_ACCESS_DENIED; + /* don't check if we removed it as it could be an un-mapped group */ + pdb_delete_group_mapping_entry(alias_sid); + if (!close_policy_hnd(p, &q_u->alias_pol)) return NT_STATUS_OBJECT_NAME_INVALID; @@ -3854,7 +3889,7 @@ NTSTATUS _samr_create_dom_group(pipes_struct *p, SAMR_Q_CREATE_DOM_GROUP *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, NULL, "_samr_create_dom_group"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_GROUP, "_samr_create_dom_group"))) { return r_u->status; } @@ -3906,6 +3941,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S DOM_SID dom_sid; DOM_SID info_sid; fstring name; + fstring sid_string; struct group *grp; struct samr_info *info; uint32 acc_granted; @@ -3915,7 +3951,7 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &dom_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, NULL, "_samr_create_alias"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_ALIAS, "_samr_create_alias"))) { return r_u->status; } @@ -3926,20 +3962,28 @@ NTSTATUS _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, S unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1); - /* Have passdb create the alias */ - if (!pdb_create_alias(name, &r_u->rid)) - return NT_STATUS_ACCESS_DENIED; + /* check if group already exists */ + if ( (grp=getgrnam(name)) != NULL) + return NT_STATUS_ALIAS_EXISTS; - sid_copy(&info_sid, get_global_sam_sid()); - sid_append_rid(&info_sid, r_u->rid); - - if (!NT_STATUS_IS_OK(sid_to_gid(&info_sid, &gid))) + /* we can create the UNIX group */ + if (smb_create_group(name, &gid) != 0) return NT_STATUS_ACCESS_DENIED; /* check if the group has been successfully created */ if ((grp=getgrgid(gid)) == NULL) return NT_STATUS_ACCESS_DENIED; + r_u->rid=pdb_gid_to_group_rid(grp->gr_gid); + + sid_copy(&info_sid, get_global_sam_sid()); + sid_append_rid(&info_sid, r_u->rid); + sid_to_string(sid_string, &info_sid); + + /* add the group to the mapping table */ + if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL)) + return NT_STATUS_ACCESS_DENIED; + if ((info = get_samr_info_by_sid(&info_sid)) == NULL) return NT_STATUS_NO_MEMORY; @@ -3960,24 +4004,24 @@ level 1 send also the number of users of that group NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u) { DOM_SID group_sid; - gid_t gid; - uid_t *uids; - int num=0; + GROUP_MAP map; + DOM_SID *sids=NULL; + int num_sids=0; GROUP_INFO_CTR *ctr; uint32 acc_granted; - struct acct_info info; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, NULL, "_samr_query_groupinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_LOOKUP_INFO, "_samr_query_groupinfo"))) { return r_u->status; } - if (!pdb_get_dom_grp_info(&group_sid, &info)) - return NT_STATUS_NO_SUCH_GROUP; - - if (!NT_STATUS_IS_OK(sid_to_gid(&group_sid, &gid))) + become_root(); + ret = get_domain_group_from_sid(group_sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_INVALID_HANDLE; ctr=(GROUP_INFO_CTR *)talloc_zero(p->mem_ctx, sizeof(GROUP_INFO_CTR)); @@ -3987,12 +4031,10 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM switch (q_u->switch_level) { case 1: ctr->switch_value1 = 1; - if(!get_memberuids(gid, &uids, &num)) + if(!get_sid_list_of_group(map.gid, &sids, &num_sids)) return NT_STATUS_NO_SUCH_GROUP; - SAFE_FREE(uids); - init_samr_group_info1(&ctr->group.info1, - info.acct_name, info.acct_desc, - num); + init_samr_group_info1(&ctr->group.info1, map.nt_name, map.comment, num_sids); + SAFE_FREE(sids); break; case 3: ctr->switch_value1 = 3; @@ -4000,8 +4042,7 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM break; case 4: ctr->switch_value1 = 4; - init_samr_group_info4(&ctr->group.info4, - info.acct_desc); + init_samr_group_info4(&ctr->group.info4, map.comment); break; default: return NT_STATUS_INVALID_INFO_CLASS; @@ -4021,39 +4062,36 @@ NTSTATUS _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAM NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u) { DOM_SID group_sid; + GROUP_MAP map; GROUP_INFO_CTR *ctr; uint32 acc_granted; - struct acct_info info; if (!get_lsa_policy_samr_sid(p, &q_u->pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_GROUP_SET_INFO, NULL, "_samr_set_groupinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_GROUP_SET_INFO, "_samr_set_groupinfo"))) { return r_u->status; } - if (!pdb_get_dom_grp_info(&group_sid, &info)) - return NT_STATUS_INVALID_HANDLE; + if (!get_domain_group_from_sid(group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; ctr=q_u->ctr; switch (ctr->switch_value1) { case 1: - unistr2_to_ascii(info.acct_desc, - &(ctr->group.info1.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->group.info1.uni_acct_desc), sizeof(map.comment)-1); break; case 4: - unistr2_to_ascii(info.acct_desc, - &(ctr->group.info4.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->group.info4.uni_acct_desc), sizeof(map.comment)-1); break; default: return NT_STATUS_INVALID_INFO_CLASS; } - if (!pdb_set_dom_grp_info(&group_sid, &info)) - return NT_STATUS_ACCESS_DENIED; + if(!pdb_update_group_mapping_entry(&map)) { + return NT_STATUS_NO_SUCH_GROUP; + } return NT_STATUS_OK; } @@ -4067,31 +4105,33 @@ NTSTATUS _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_ NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u) { DOM_SID group_sid; - struct acct_info info; + GROUP_MAP map; ALIAS_INFO_CTR *ctr; uint32 acc_granted; if (!get_lsa_policy_samr_sid(p, &q_u->alias_pol, &group_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(p, acc_granted, SA_RIGHT_ALIAS_SET_INFO, NULL, "_samr_set_aliasinfo"))) { + if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_SET_INFO, "_samr_set_aliasinfo"))) { return r_u->status; } + if (!get_local_group_from_sid(&group_sid, &map) && + !get_builtin_group_from_sid(&group_sid, &map)) + return NT_STATUS_NO_SUCH_GROUP; + ctr=&q_u->ctr; switch (ctr->switch_value1) { case 3: - unistr2_to_ascii(info.acct_desc, - &(ctr->alias.info3.uni_acct_desc), - sizeof(info.acct_desc)-1); + unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1); break; default: return NT_STATUS_INVALID_INFO_CLASS; } - if(!pdb_set_aliasinfo(&group_sid, &info)) { - return NT_STATUS_ACCESS_DENIED; + if(!pdb_update_group_mapping_entry(&map)) { + return NT_STATUS_NO_SUCH_GROUP; } return NT_STATUS_OK; @@ -4126,7 +4166,7 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G { DOM_SID sid; DOM_SID info_sid; - fstring grp_name; + GROUP_MAP map; struct samr_info *info; SEC_DESC *psd = NULL; uint32 acc_granted; @@ -4134,11 +4174,12 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G size_t sd_size; NTSTATUS status; fstring sid_string; + BOOL ret; if (!get_lsa_policy_samr_sid(p, &q_u->domain_pol, &sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - if (!NT_STATUS_IS_OK(status = access_check_samr_function(p, acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, NULL, "_samr_open_group"))) { + if (!NT_STATUS_IS_OK(status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_OPEN_ACCOUNT, "_samr_open_group"))) { return status; } @@ -4146,8 +4187,8 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G samr_make_grp_obj_sd(p->mem_ctx, &psd, &sd_size); se_map_generic(&des_access,&grp_generic_mapping); if (!NT_STATUS_IS_OK(status = - access_check_samr_object(psd, p, des_access, &acc_granted, - NULL, "_samr_open_group"))) { + access_check_samr_object(psd, p->pipe_user.nt_user_token, + des_access, &acc_granted, "_samr_open_group"))) { return status; } @@ -4167,7 +4208,11 @@ NTSTATUS _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_G DEBUG(10, ("_samr_open_group:Opening SID: %s\n", sid_string)); - if (!sid_to_local_dom_grp_name(&info->sid, grp_name)) + /* check if that group really exists */ + become_root(); + ret = get_domain_group_from_sid(info->sid, &map); + unbecome_root(); + if (!ret) return NT_STATUS_NO_SUCH_GROUP; /* get a (unique) handle. open a policy on it. */ @@ -4203,8 +4248,8 @@ NTSTATUS _samr_remove_sid_foreign_domain(pipes_struct *p, if (!get_lsa_policy_samr_sid(p, &q_u->dom_pol, &alias_sid, &acc_granted)) return NT_STATUS_INVALID_HANDLE; - result = access_check_samr_function(p, acc_granted, STD_RIGHT_DELETE_ACCESS, - NULL, "_samr_remove_sid_foreign_domain"); + result = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, + "_samr_remove_sid_foreign_domain"); if (!NT_STATUS_IS_OK(result)) return result; diff --git a/source/rpc_server/srv_samr_util.c b/source/rpc_server/srv_samr_util.c index ae0fe84e029..dd92e0d90a3 100644 --- a/source/rpc_server/srv_samr_util.c +++ b/source/rpc_server/srv_samr_util.c @@ -280,25 +280,7 @@ void copy_id21_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_21 *from) DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { - pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } + pdb_set_pass_must_change_time(to,0, PDB_CHANGED); } DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2)); @@ -528,24 +510,6 @@ void copy_id23_to_sam_passwd(SAM_ACCOUNT *to, SAM_USER_INFO_23 *from) DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange)); if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) { pdb_set_pass_must_change_time(to,0, PDB_CHANGED); - } else { - uint32 expire; - time_t new_time; - if (pdb_get_pass_must_change_time(to) == 0) { - if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire) - || expire == (uint32)-1) { - new_time = get_time_t_max(); - } else { - time_t old_time = pdb_get_pass_last_set_time(to); - new_time = old_time + expire; - if ((new_time) < time(0)) { - new_time = time(0) + expire; - } - } - if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) { - DEBUG (0, ("pdb_set_pass_must_change_time failed!\n")); - } - } } DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2)); diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index edd62fa8f62..c971ff3631f 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -4283,11 +4283,10 @@ static BOOL construct_printer_info_5(Printer_entry *print_hnd, PRINTER_INFO_5 *p static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum) { char *guid_str = NULL; - UUID_FLAT guid; + GUID guid; if (is_printer_published(print_hnd, snum, &guid)) { - asprintf(&guid_str, "{%s}", - smb_uuid_string_static(smb_uuid_unpack_static(guid))); + asprintf(&guid_str, "{%s}", smb_uuid_string_static(guid)); strupper_m(guid_str); init_unistr(&printer->guid, guid_str); printer->action = SPOOL_DS_PUBLISH; diff --git a/source/rpc_server/srv_srvsvc_nt.c b/source/rpc_server/srv_srvsvc_nt.c index 9d56e1b3858..77b9be99660 100644 --- a/source/rpc_server/srv_srvsvc_nt.c +++ b/source/rpc_server/srv_srvsvc_nt.c @@ -1405,7 +1405,10 @@ WERROR _srv_net_share_get_info(pipes_struct *p, SRV_Q_NET_SHARE_GET_INFO *q_u, S static char *valid_share_pathname(char *dos_pathname) { + pstring saved_pathname; + pstring unix_pathname; char *ptr; + int ret; /* Convert any '\' paths to '/' */ unix_format(dos_pathname); @@ -1420,29 +1423,21 @@ static char *valid_share_pathname(char *dos_pathname) if (*ptr != '/') return NULL; - return ptr; -} - -static BOOL exist_share_pathname(char *unix_pathname) -{ - pstring saved_pathname; - int ret; - /* Can we cd to it ? */ /* First save our current directory. */ if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL) return False; + pstrcpy(unix_pathname, ptr); + ret = chdir(unix_pathname); /* We *MUST* be able to chdir back. Abort if we can't. */ if (chdir(saved_pathname) == -1) smb_panic("valid_share_pathname: Unable to restore current directory.\n"); - if (ret == -1) return False; - - return True; + return (ret != -1) ? ptr : NULL; } /******************************************************************* @@ -1459,7 +1454,7 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__)); @@ -1554,12 +1549,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); DEBUG(10,("_srv_net_share_set_info: change share command = %s\n", @@ -1567,12 +1562,12 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S /* Only call modify function if something changed. */ - if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { + if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) { if (!lp_change_share_cmd() || !*lp_change_share_cmd()) return WERR_ACCESS_DENIED; slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1580,12 +1575,6 @@ WERROR _srv_net_share_set_info(pipes_struct *p, SRV_Q_NET_SHARE_SET_INFO *q_u, S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_set_info: change share command was ok but path (%s) has not been created!\n", path)); - return WERR_OBJECT_PATH_INVALID; - } - /* Tell everyone we updated smb.conf. */ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); @@ -1626,7 +1615,7 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S int type; int snum; int ret; - char *path; + char *ptr; SEC_DESC *psd = NULL; DEBUG(5,("_srv_net_share_add: %d\n", __LINE__)); @@ -1700,16 +1689,16 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; /* Check if the pathname is valid. */ - if (!(path = valid_share_pathname( pathname ))) + if (!(ptr = valid_share_pathname( pathname ))) return WERR_OBJECT_PATH_INVALID; /* Ensure share name, pathname and comment don't contain '"' characters. */ string_replace(share_name, '"', ' '); - string_replace(path, '"', ' '); + string_replace(ptr, '"', ' '); string_replace(comment, '"', ' '); slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment); + lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment); DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); if ((ret = smbrun(command, NULL)) != 0) { @@ -1717,33 +1706,10 @@ WERROR _srv_net_share_add(pipes_struct *p, SRV_Q_NET_SHARE_ADD *q_u, SRV_R_NET_S return WERR_ACCESS_DENIED; } - /* Check if the new share pathname exist, if not try to delete the - * share and return an error */ - if (!exist_share_pathname(path)) { - DEBUG(1, ("_srv_net_share_add: add share command was ok but path (%s) has not been created!\n", path)); - DEBUG(1, ("_srv_net_share_add: trying to rollback and delete the share\n")); - - if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) { - DEBUG(1, ("_srv_net_share_add: Error! delete share command is not defined! Please check share (%s) in the config file\n", share_name)); - return WERR_OBJECT_PATH_INVALID; - } - - slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", - lp_delete_share_cmd(), dyn_CONFIGFILE, share_name); - - DEBUG(10,("_srv_net_share_add: Running [%s]\n", command )); - if ((ret = smbrun(command, NULL)) != 0) { - DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret )); - DEBUG(1, ("_srv_net_share_add: Error! delete share command failed! Please check share (%s) in the config file\n", share_name)); - } - - return WERR_OBJECT_PATH_INVALID; - } - if (psd) { - if (!set_share_security(p->mem_ctx, share_name, psd)) { - DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name )); - } + if (!set_share_security(p->mem_ctx, share_name, psd)) + DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", + share_name )); } /* Tell everyone we updated smb.conf. */ diff --git a/source/rpcclient/cmd_epmapper.c b/source/rpcclient/cmd_epmapper.c deleted file mode 100644 index 4998286194c..00000000000 --- a/source/rpcclient/cmd_epmapper.c +++ /dev/null @@ -1,76 +0,0 @@ -/* - Unix SMB/CIFS implementation. - RPC pipe client - - Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" -#include "rpcclient.h" - - -static NTSTATUS cmd_epm_map(struct cli_state *cli, - TALLOC_CTX *mem_ctx, - int argc, const char **argv) -{ - EPM_HANDLE handle, entry_handle; - EPM_TOWER *towers; - EPM_FLOOR floors[5]; - uint8 addr[4] = {0,0,0,0}; - uint32 numtowers; - /* need to allow all this stuff to be passed in, but - for now, it demonstrates the call */ - struct uuid if_uuid = {0xe3514235, 0x4b06, 0x11d1, \ - { 0xab, 0x04 }, \ - { 0x00, 0xc0, \ - 0x4f, 0xc2, 0xdc, 0xd2 } }, - syn_uuid = {0x8a885d04, 0x1ceb, 0x11c9, \ - { 0x9f, 0xe8 }, \ - { 0x08, 0x00, \ - 0x2b, 0x10, 0x48, 0x60 } }; - - NTSTATUS result; - - ZERO_STRUCT(handle); - numtowers = 1; - init_epm_floor_uuid(&floors[0], if_uuid, 4); - init_epm_floor_uuid(&floors[1], syn_uuid, 2); - init_epm_floor_rpc(&floors[2]); - - /* sample for netbios named pipe query - init_epm_floor_np(&floors[3], "\\PIPE\\lsass"); - init_epm_floor_nb(&floors[4], "\\\\psflinux"); - */ - init_epm_floor_tcp(&floors[3], 135); - init_epm_floor_ip(&floors[4], addr); - towers = talloc(mem_ctx, sizeof(EPM_TOWER)); - init_epm_tower(mem_ctx, towers, floors, 5); - - result = cli_epm_map(cli, mem_ctx, &handle, &towers, &entry_handle, &numtowers); - - return result; -} - -struct cmd_set epm_commands[] = { - - { "EPMAPPER" }, - - { "map", RPC_RTYPE_NTSTATUS, cmd_epm_map, NULL, PI_EPM, "map endpoint", "" }, - { NULL } -}; - - diff --git a/source/rpcclient/cmd_lsarpc.c b/source/rpcclient/cmd_lsarpc.c index 5a646a10460..1b1ea31c96f 100644 --- a/source/rpcclient/cmd_lsarpc.c +++ b/source/rpcclient/cmd_lsarpc.c @@ -69,7 +69,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, POLICY_HND pol; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; DOM_SID *dom_sid; - struct uuid *dom_guid; + GUID *dom_guid; fstring sid_str; char *domain_name = NULL; char *dns_name = NULL; @@ -128,7 +128,7 @@ static NTSTATUS cmd_lsa_query_info_policy(struct cli_state *cli, if (info_class == 12) { printf("domain GUID is "); - smb_uuid_string_static(*dom_guid); + print_guid(&dom_guid); } done: return result; @@ -445,48 +445,6 @@ static NTSTATUS cmd_lsa_enum_sids(struct cli_state *cli, return result; } -/* Create a new account */ - -static NTSTATUS cmd_lsa_create_account(struct cli_state *cli, - TALLOC_CTX *mem_ctx, int argc, - const char **argv) -{ - POLICY_HND dom_pol; - POLICY_HND user_pol; - NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - uint32 des_access = 0x000f000f; - - DOM_SID sid; - - if (argc != 2 ) { - printf("Usage: %s SID\n", argv[0]); - return NT_STATUS_OK; - } - - result = name_to_sid(cli, mem_ctx, &sid, argv[1]); - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_open_policy2(cli, mem_ctx, True, - SEC_RIGHTS_MAXIMUM_ALLOWED, - &dom_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - result = cli_lsa_create_account(cli, mem_ctx, &dom_pol, &sid, des_access, &user_pol); - - if (!NT_STATUS_IS_OK(result)) - goto done; - - printf("Account for SID %s successfully created\n\n", argv[1]); - result = NT_STATUS_OK; - - done: - return result; -} - - /* Enumerate the privileges of an SID */ static NTSTATUS cmd_lsa_enum_privsaccounts(struct cli_state *cli, @@ -750,7 +708,6 @@ struct cmd_set lsarpc_commands[] = { { "enumprivs", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privilege, NULL, PI_LSARPC, "Enumerate privileges", "" }, { "getdispname", RPC_RTYPE_NTSTATUS, cmd_lsa_get_dispname, NULL, PI_LSARPC, "Get the privilege name", "" }, { "lsaenumsid", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_sids, NULL, PI_LSARPC, "Enumerate the LSA SIDS", "" }, - { "lsacreateaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_create_account, NULL, PI_LSARPC, "Create a new lsa account", "" }, { "lsaenumprivsaccount", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_privsaccounts, NULL, PI_LSARPC, "Enumerate the privileges of an SID", "" }, { "lsaenumacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_enum_acct_rights, NULL, PI_LSARPC, "Enumerate the rights of an SID", "" }, { "lsaaddacctrights", RPC_RTYPE_NTSTATUS, cmd_lsa_add_acct_rights, NULL, PI_LSARPC, "Add rights to an account", "" }, diff --git a/source/rpcclient/rpcclient.c b/source/rpcclient/rpcclient.c index 8372b75b4bd..bac11f7435f 100644 --- a/source/rpcclient/rpcclient.c +++ b/source/rpcclient/rpcclient.c @@ -465,7 +465,6 @@ extern struct cmd_set reg_commands[]; extern struct cmd_set ds_commands[]; extern struct cmd_set echo_commands[]; extern struct cmd_set shutdown_commands[]; -extern struct cmd_set epm_commands[]; static struct cmd_set *rpcclient_command_list[] = { rpcclient_commands, @@ -479,7 +478,6 @@ static struct cmd_set *rpcclient_command_list[] = { reg_commands, echo_commands, shutdown_commands, - epm_commands, NULL }; diff --git a/source/sam/account.c b/source/sam/account.c deleted file mode 100644 index b8336146cda..00000000000 --- a/source/sam/account.c +++ /dev/null @@ -1,305 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Jeremy Allison 1996-2001 - Copyright (C) Luke Kenneth Casson Leighton 1996-1998 - Copyright (C) Gerald (Jerry) Carter 2000-2001 - Copyright (C) Andrew Bartlett 2001-2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_ACCOUNT_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account) -{ - ZERO_STRUCT(account->private); /* Don't touch the talloc context */ - - /* Don't change these timestamp settings without a good reason. - They are important for NT member server compatibility. */ - - /* FIXME: We should actually call get_nt_time_max() or sthng - * here */ - unix_to_nt_time(&(account->private.logoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max()); - unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max()); - account->private.unknown_1 = 0x00ffffff; /* don't know */ - account->private.logon_divs = 168; /* hours per week */ - account->private.hours_len = 21; /* 21 times 8 bits = 168 */ - memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */ - account->private.unknown_2 = 0x00000000; /* don't know */ - account->private.unknown_3 = 0x000004ec; /* don't know */ -} - -static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account) -{ - if (*account) { - data_blob_clear_free(&((*account)->private.lm_pw)); - data_blob_clear_free(&((*account)->private.nt_pw)); - if((*account)->private.plaintext_pw!=NULL) - memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw)); - - talloc_destroy((*account)->mem_ctx); - *account = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE)); - - if (*account==NULL) { - DEBUG(0,("sam_init_account_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*account)->mem_ctx = mem_ctx; - - (*account)->free_fn = NULL; - - sam_fill_default_account(*account); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct sam_passwd. - ************************************************************/ - -NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_account: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*account)->free_fn = destroy_sam_talloc; - - return NT_STATUS_OK; -} - -/** - * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure. - * - * Also wipes the LM and NT hashes and plaintext password from - * memory. - * - * @param account SAM_ACCOUNT_HANDLE to free members of. - **/ - -static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account) -{ - - /* Kill off sensitive data. Free()ed by the - talloc mechinism */ - - data_blob_clear_free(&(account->private.lm_pw)); - data_blob_clear_free(&(account->private.nt_pw)); - if (account->private.plaintext_pw) - memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw)); -} - - -/************************************************************ - Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes. - ***********************************************************/ - -NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account) -{ - SMB_ASSERT(account != NULL); - - sam_free_account_contents(account); - - sam_fill_default_account(account); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_ACCOUNT_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account) -{ - SMB_ASSERT(*account != NULL); - - sam_free_account_contents(*account); - - if ((*account)->free_fn) { - (*account)->free_fn(account); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the account control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length) -{ - static fstring acct_str; - size_t i = 0; - - acct_str[i++] = '['; - - if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N'; - if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D'; - if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H'; - if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T'; - if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U'; - if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M'; - if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W'; - if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S'; - if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L'; - if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X'; - if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I'; - - for ( ; i < length - 2 ; i++ ) - acct_str[i] = ' '; - - i = length - 2; - acct_str[i++] = ']'; - acct_str[i++] = '\0'; - - return acct_str; -} - -/********************************************************** - Decode the account control bits from a string. - **********************************************************/ - -uint16 sam_decode_acct_ctrl(const char *p) -{ - uint16 acct_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ } - case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ } - case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ } - case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ } - case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ } - case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ } - case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ } - case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ } - case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ } - case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ } - case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ } - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return acct_ctrl; -} - -/************************************************************* - Routine to set 32 hex password characters from a 16 byte array. -**************************************************************/ - -void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl) -{ - if (pwd != NULL) { - int i; - for (i = 0; i < 16; i++) - slprintf(&p[i*2], 3, "%02X", pwd[i]); - } else { - if (acct_ctrl & ACB_PWNOTREQ) - safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33); - else - safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33); - } -} - -/************************************************************* - Routine to get the 32 hex characters and turn them - into a 16 byte array. -**************************************************************/ - -BOOL sam_gethexpwd(const char *p, unsigned char *pwd) -{ - int i; - unsigned char lonybble, hinybble; - char *hexchars = "0123456789ABCDEF"; - char *p1, *p2; - - if (!p) - return (False); - - for (i = 0; i < 32; i += 2) { - hinybble = toupper(p[i]); - lonybble = toupper(p[i + 1]); - - p1 = strchr(hexchars, hinybble); - p2 = strchr(hexchars, lonybble); - - if (!p1 || !p2) - return (False); - - hinybble = PTR_DIFF(p1, hexchars); - lonybble = PTR_DIFF(p2, hexchars); - - pwd[i / 2] = (hinybble << 4) | lonybble; - } - return (True); -} diff --git a/source/sam/group.c b/source/sam/group.c deleted file mode 100644 index 101e3dd7ce1..00000000000 --- a/source/sam/group.c +++ /dev/null @@ -1,193 +0,0 @@ -/* - Unix SMB/CIFS implementation. - SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers - - Copyright (C) Stefan (metze) Metzmacher 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -/************************************************************ - Fill the SAM_GROUP_HANDLE with default values. - ***********************************************************/ - -static void sam_fill_default_group(SAM_GROUP_HANDLE *group) -{ - ZERO_STRUCT(group->private); /* Don't touch the talloc context */ - -} - -static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group) -{ - if (*group) { - - talloc_destroy((*group)->mem_ctx); - *group = NULL; - } -} - - -/********************************************************************** - Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx. -***********************************************************************/ - -NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE)); - - if (*group==NULL) { - DEBUG(0,("sam_init_group_talloc: error while allocating memory\n")); - return NT_STATUS_NO_MEMORY; - } - - (*group)->mem_ctx = mem_ctx; - - (*group)->free_fn = NULL; - - sam_fill_default_group(*group); - - return NT_STATUS_OK; -} - - -/************************************************************* - Alloc memory and initialises a struct SAM_GROUP_HANDLE. - ************************************************************/ - -NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group) -{ - TALLOC_CTX *mem_ctx; - NTSTATUS nt_status; - - mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation"); - - if (!mem_ctx) { - DEBUG(0,("sam_init_group: error while doing talloc_init()\n")); - return NT_STATUS_NO_MEMORY; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) { - talloc_destroy(mem_ctx); - return nt_status; - } - - (*group)->free_fn = destroy_sam_group_handle_talloc; - - return NT_STATUS_OK; -} - - -/************************************************************ - Reset the SAM_GROUP_HANDLE. - ***********************************************************/ - -NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group) -{ - SMB_ASSERT(group != NULL); - - sam_fill_default_group(group); - - return NT_STATUS_OK; -} - - -/************************************************************ - Free the SAM_GROUP_HANDLE and the member pointers. - ***********************************************************/ - -NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group) -{ - SMB_ASSERT(*group != NULL); - - if ((*group)->free_fn) { - (*group)->free_fn(group); - } - - return NT_STATUS_OK; -} - - -/********************************************************** - Encode the group control bits into a string. - length = length of string to encode into (including terminating - null). length *MUST BE MORE THAN 2* ! - **********************************************************/ - -char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length) -{ - static fstring group_str; - size_t i = 0; - - group_str[i++] = '['; - - if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L'; - if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G'; - - for ( ; i < length - 2 ; i++ ) - group_str[i] = ' '; - - i = length - 2; - group_str[i++] = ']'; - group_str[i++] = '\0'; - - return group_str; -} - -/********************************************************** - Decode the group control bits from a string. - **********************************************************/ - -uint16 sam_decode_group_ctrl(const char *p) -{ - uint16 group_ctrl = 0; - BOOL finished = False; - - /* - * Check if the account type bits have been encoded after the - * NT password (in the form [NDHTUWSLXI]). - */ - - if (*p != '[') - return 0; - - for (p++; *p && !finished; p++) { - switch (*p) { - case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ } - case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ } - - case ' ': { break; } - case ':': - case '\n': - case '\0': - case ']': - default: { finished = True; } - } - } - - return group_ctrl; -} - diff --git a/source/sam/gums.c b/source/sam/gums.c deleted file mode 100644 index b7191535845..00000000000 --- a/source/sam/gums.c +++ /dev/null @@ -1,173 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Grops and Users Management System initializations. - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -#define GMV_MAJOR 0 -#define GMV_MINOR 1 - -static GUMS_FUNCTIONS *gums_backend = NULL; - -static struct gums_init_function_entry *backends = NULL; - -static void lazy_initialize_gums(void) -{ - static BOOL initialized = False; - - if (initialized) - return; - - static_init_gums; - initialized = True; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name); - -NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn) -{ - struct gums_init_function_entry *entry = backends; - - if (version != GUMS_INTERFACE_VERSION) { - DEBUG(0,("Can't register gums backend!\n" - "You tried to register a gums module with" - "GUMS_INTERFACE_VERSION %d, while this version" - "of samba uses version %d\n", version, - GUMS_INTERFACE_VERSION)); - - return NT_STATUS_OBJECT_TYPE_MISMATCH; - } - - if (!name || !init_fn) { - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Attempting to register gums backend %s\n", name)); - - /* Check for duplicates */ - if (gums_find_backend_entry(name)) { - DEBUG(0,("There already is a gums backend registered" - "with the name %s!\n", name)); - return NT_STATUS_OBJECT_NAME_COLLISION; - } - - entry = smb_xmalloc(sizeof(struct gums_init_function_entry)); - entry->name = smb_xstrdup(name); - entry->init_fn = init_fn; - - DLIST_ADD(backends, entry); - DEBUG(5,("Successfully added gums backend '%s'\n", name)); - return NT_STATUS_OK; -} - -static struct gums_init_function_entry *gums_find_backend_entry(const char *name) -{ - struct gums_init_function_entry *entry = backends; - - while (entry) { - if (strcmp(entry->name, name) == 0) - return entry; - entry = entry->next; - } - - return NULL; -} - -NTSTATUS gums_setup_backend(const char *backend) -{ - - TALLOC_CTX *mem_ctx; - char *module_name = smb_xstrdup(backend); - char *p, *module_data = NULL; - struct gums_init_function_entry *entry; - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - - lazy_initialize_gums(); - - p = strchr(module_name, ':'); - if (p) { - *p = 0; - module_data = p+1; - trim_string(module_data, " ", " "); - } - - trim_string(module_name, " ", " "); - - DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name)); - - entry = gums_find_backend_entry(module_name); - - /* Try to find a module that contains this module */ - if (!entry) { - DEBUG(2,("No builtin backend found, trying to load plugin\n")); - if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) { - DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_UNSUCCESSFUL; - } - } - - /* No such backend found */ - if(!entry) { - DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name)); - SAFE_FREE(module_name); - return NT_STATUS_INVALID_PARAMETER; - } - - DEBUG(5,("Found gums backend %s\n", module_name)); - - /* free current functions structure if any */ - if (gums_backend) { - gums_backend->free_private_data(gums_backend->private_data); - talloc_destroy(gums_backend->mem_ctx); - gums_backend = NULL; - } - - /* allocate a new GUMS_FUNCTIONS structure and memory context */ - mem_ctx = talloc_init("gums_backend (%s)", module_name); - if (!mem_ctx) - return NT_STATUS_NO_MEMORY; - gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS)); - if (!gums_backend) - return NT_STATUS_NO_MEMORY; - gums_backend->mem_ctx = mem_ctx; - - /* init the requested backend module */ - if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) { - DEBUG(5,("gums backend %s has a valid init\n", backend)); - } else { - DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret))); - } - SAFE_FREE(module_name); - return ret; -} - -NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns) -{ - if (gums_backend != NULL) { - *fns = gums_backend; - return NT_STATUS_OK; - } - - DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n")); - return NT_STATUS_UNSUCCESSFUL; -} diff --git a/source/sam/gums_api.c b/source/sam/gums_api.c deleted file mode 100644 index 5aafa7695f6..00000000000 --- a/source/sam/gums_api.c +++ /dev/null @@ -1,1426 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS structures - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -/* Functions to get/set info from a GUMS object */ - -NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type) -{ - TALLOC_CTX *mem_ctx; - GUMS_OBJECT *go; - NTSTATUS ret; - - mem_ctx = talloc_init("gums_create_object"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - if (!go) { - DEBUG(0, ("gums_create_object: Out of memory!\n")); - talloc_destroy(mem_ctx); - *obj = NULL; - return NT_STATUS_NO_MEMORY; - } - - go->mem_ctx = mem_ctx; - go->type = type; - go->version = GUMS_OBJECT_VERSION; - - switch(type) { - case GUMS_OBJ_DOMAIN: - go->domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN)); - if (!(go->domain)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - go->user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER)); - if (!(go->user)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - gums_set_user_acct_ctrl(go, ACB_NORMAL); - gums_set_user_hours(go, 0, NULL); - - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - go->group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP)); - if (!(go->group)) { - ret = NT_STATUS_NO_MEMORY; - DEBUG(0, ("gums_create_object: Out of memory!\n")); - goto error; - } - - break; - - default: - /* TODO: throw error */ - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto error; - } - - *obj = go; - return NT_STATUS_OK; - -error: - talloc_destroy(go->mem_ctx); - *obj = NULL; - return ret; -} - -NTSTATUS gums_create_privilege(GUMS_PRIVILEGE **priv) -{ - TALLOC_CTX *mem_ctx; - GUMS_PRIVILEGE *pri; - - mem_ctx = talloc_init("gums_create_privilege"); - if (!mem_ctx) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri = talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - if (!pri) { - DEBUG(0, ("gums_create_privilege: Out of memory!\n")); - talloc_destroy(mem_ctx); - *priv = NULL; - return NT_STATUS_NO_MEMORY; - } - - pri->mem_ctx = mem_ctx; - pri->version = GUMS_PRIVILEGE_VERSION; - - *priv = pri; - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_object(GUMS_OBJECT **obj) -{ - if (!obj || !(*obj)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*obj)->mem_ctx) - talloc_destroy((*obj)->mem_ctx); - *obj = NULL; - - return NT_STATUS_OK; -} - -NTSTATUS gums_destroy_privilege(GUMS_PRIVILEGE **priv) -{ - if (!priv || !(*priv)) - return NT_STATUS_INVALID_PARAMETER; - - if ((*priv)->mem_ctx) - talloc_destroy((*priv)->mem_ctx); - *priv = NULL; - - return NT_STATUS_OK; -} - -void gums_reset_object(GUMS_OBJECT *go) -{ - go->seq_num = 0; - go->sid = NULL; - go->name = NULL; - go->description = NULL; - - switch(go->type) { - case GUMS_OBJ_DOMAIN: - memset(go->domain, 0, sizeof(GUMS_DOMAIN)); - break; - -/* - case GUMS_OBJ_WORKSTATION_TRUST: - case GUMS_OBJ_SERVER_TRUST: - case GUMS_OBJ_DOMAIN_TRUST: -*/ - case GUMS_OBJ_NORMAL_USER: - memset(go->user, 0, sizeof(GUMS_USER)); - gums_set_user_acct_ctrl(go, ACB_NORMAL); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - memset(go->group, 0, sizeof(GUMS_GROUP)); - break; - - default: - return; - } -} - -uint32 gums_get_object_type(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->type; -} - -uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->seq_num; -} - -uint32 gums_get_object_version(const GUMS_OBJECT *obj) -{ - if (!obj) - return 0; - - return obj->version; -} - -const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sec_desc; -} - -const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->sid; -} - -const char *gums_get_object_name(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->name; -} - -const char *gums_get_object_description(const GUMS_OBJECT *obj) -{ - if (!obj) - return NULL; - - return obj->description; -} - -NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->seq_num = seq_num; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - obj->version = version; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc) -{ - if (!obj || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc); - if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - obj->sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name) -{ - if (!obj || !name) - return NT_STATUS_INVALID_PARAMETER; - - obj->name = (char *)talloc_strdup(obj->mem_ctx, name); - if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description) -{ - if (!obj || !description) - return NT_STATUS_INVALID_PARAMETER; - - obj->description = (char *)talloc_strdup(obj->mem_ctx, description); - if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL; - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj) -{ - if (!priv_set) - return NT_STATUS_INVALID_PARAMETER; - - *priv_set = obj->priv_set; - return NT_STATUS_OK; -} -*/ - -uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj) -{ - if (obj->type != GUMS_OBJ_DOMAIN) - return -1; - - return obj->domain->next_rid; -} - -NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_DOMAIN) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->domain->next_rid = rid; - return NT_STATUS_OK; -} - -/* User specific functions */ - -const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->group_sid; -} - -const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->nt_pw.data), 0); - DEBUG(100, ("Reading NT Password=[%s]\n", p)); - - return obj->user->nt_pw; -} - -const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj) -{ - fstring p; - - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return data_blob(NULL, 0); - - pdb_sethexpwd(p, (unsigned char *)(obj->user->lm_pw.data), 0); - DEBUG(100, ("Reading LM Password=[%s]\n", p)); - - return obj->user->lm_pw; -} - -const char *gums_get_user_fullname(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->full_name; -} - -const char *gums_get_user_homedir(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->home_dir; -} - -const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->dir_drive; -} - -const char *gums_get_user_profile_path(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->profile_path; -} - -const char *gums_get_user_logon_script(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->logon_script; -} - -const char *gums_get_user_workstations(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->workstations; -} - -const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->unknown_str; -} - -const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->munged_dial; -} - -NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logon_time; -} - -NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->logoff_time; -} - -NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->kickoff_time; -} - -NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_last_set_time; -} - -NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_can_change_time; -} - -NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) { - NTTIME null_time; - init_nt_time(&null_time); - return null_time; - } - - return obj->user->pass_must_change_time; -} - -uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->acct_ctrl; -} - -uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_divs; -} - -uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->hours_len; -} - -const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return NULL; - - return obj->user->hours; -} - -uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_3; -} - -uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->bad_password_count; -} - -uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->logon_count; -} - -uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj) -{ - if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) - return 0; - - return obj->user->unknown_6; -} - -NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid) -{ - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->group_sid = sid_dup_talloc(obj->mem_ctx, sid); - if (!(obj->user->group_sid)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length); - - memcpy(r, nt_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting NT Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd) -{ - fstring p; - unsigned char r[16]; - - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length); - - memcpy(r, lm_pwd.data, 16); - pdb_sethexpwd(p, r, 0); - DEBUG(100, ("Setting LM Password=[%s]\n", p)); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname) -{ - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname); - if (!(obj->user->full_name)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir) -{ - if (!obj || !homedir) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir); - if (!(obj->user->home_dir)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive) -{ - if (!obj || !dir_drive) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive); - if (!(obj->user->dir_drive)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script) -{ - if (!obj || !logon_script) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script); - if (!(obj->user->logon_script)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path) -{ - if (!obj || !profile_path) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path); - if (!(obj->user->profile_path)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations) -{ - if (!obj || !workstations) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations); - if (!(obj->user->workstations)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str) -{ - if (!obj || !unknown_str) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str); - if (!(obj->user->unknown_str)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial) -{ - if (!obj || !munged_dial) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial); - if (!(obj->user->munged_dial)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_time = logon_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logoff_time = logoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->kickoff_time = kickoff_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_last_set_time = pass_last_set_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_can_change_time = pass_can_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->pass_must_change_time = pass_must_change_time; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->acct_ctrl = acct_ctrl; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_divs = logon_divs; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours) -{ - if (!obj || !hours) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->hours_len = hours_len; - if (hours_len == 0) - DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n")); - - obj->user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN); - if (!(obj->user->hours)) - return NT_STATUS_NO_MEMORY; - if (hours_len) - memcpy(obj->user->hours, hours, hours_len); - - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_3 = unknown_3; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->bad_password_count = bad_password_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->logon_count = logon_count; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6) -{ - if (!obj) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->user->unknown_6 = unknown_6; - return NT_STATUS_OK; -} - -/* Group specific functions */ - -const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj) -{ - if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) { - *count = -1; - return NULL; - } - - *count = obj->group->count; - return obj->group->members; -} - -NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!obj || ((count > 0) && !members)) - return NT_STATUS_INVALID_PARAMETER; - - if (obj->type != GUMS_OBJ_GROUP && - obj->type != GUMS_OBJ_ALIAS) - return NT_STATUS_OBJECT_TYPE_MISMATCH; - - obj->group->count = count; - - if (count) { - obj->group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID)); - if (!(obj->group->members)) { - return NT_STATUS_NO_MEMORY; - } - - - n = 0; - do { - sid_copy(&(obj->group->members[n]), &(members[n])); - n++; - } while (n < count); - } else { - obj->group->members = 0; - } - - return NT_STATUS_OK; -} - -/* Privilege specific functions */ - -const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_PRIVILEGE *priv) -{ - if (!priv) { - return NULL; - } - - return priv->privilege; -} - -const DOM_SID *gums_get_priv_members(int *count, const GUMS_PRIVILEGE *priv) -{ - if (!count || !priv) { - *count = -1; - return NULL; - } - - *count = priv->count; - return priv->members; -} - -NTSTATUS gums_set_priv_luid_attr(GUMS_PRIVILEGE *priv, LUID_ATTR *luid_attr) -{ - if (!luid_attr || !priv) - return NT_STATUS_INVALID_PARAMETER; - - priv->privilege = (LUID_ATTR *)talloc_memdup(priv->mem_ctx, luid_attr, sizeof(LUID_ATTR)); - if (!(priv->privilege)) return NT_STATUS_NO_MEMORY; - return NT_STATUS_OK; -} - -NTSTATUS gums_set_priv_members(GUMS_PRIVILEGE *priv, uint32 count, DOM_SID *members) -{ - uint32 n; - - if (!priv || !members || !members) - return NT_STATUS_INVALID_PARAMETER; - - priv->count = count; - priv->members = (DOM_SID *)talloc(priv->mem_ctx, count * sizeof(DOM_SID)); - if (!(priv->members)) - return NT_STATUS_NO_MEMORY; - - n = 0; - do { - sid_copy(&(priv->members[n]), &(members[n])); - n++; - } while (n < count); - - return NT_STATUS_OK; -} - -/* data_store set functions */ - -NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("commit_set"); - if (mem_ctx == NULL) - return NT_STATUS_NO_MEMORY; - - *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET)); - if (*com_set == NULL) { - talloc_destroy(mem_ctx); - return NT_STATUS_NO_MEMORY; - } - - (*com_set)->mem_ctx = mem_ctx; - (*com_set)->type = type; - sid_copy(&((*com_set)->sid), sid); - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size) -{ - GUMS_DATA_SET *data_set; - - com_set->count = com_set->count + size; - if (com_set->count == size) { /* data set is empty*/ - data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET)); - } else { - data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count); - } - if (data_set == NULL) - return NT_STATUS_NO_MEMORY; - - com_set->data = data_set; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - SEC_DESC *new_sec_desc; - - if (!com_set || !sec_desc) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SEC_DESC; - new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc); - if (new_sec_desc == NULL) - return NT_STATUS_NO_MEMORY; - - (SEC_DESC *)(data_set->data) = new_sec_desc; - - return NT_STATUS_OK; -} - -/* -NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - LUID_ATTR *new_priv; - - if (!com_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - PRIVILEGE_SET *new_priv_set; - - if (!com_set || !priv_set) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1))) - return ret; - - data_set = ((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_PRIVILEGE; - if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set))) - return ret; - - if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set))) - return ret; - - (SEC_DESC *)(data_set->data) = new_priv_set; - - return NT_STATUS_OK; -} -*/ - -NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - char *new_str; - - if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_str = talloc_strdup(com_set->mem_ctx, str); - if (new_str == NULL) - return NT_STATUS_NO_MEMORY; - - (char *)(data_set->data) = new_str; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name) -{ - return gums_cs_set_string(com_set, GUMS_SET_NAME, name); -} - -NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc) -{ - return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc); -} - -NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name); -} - -NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir); -} - -NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, drive); -} - -NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script); -} - -NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path); -} - -NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, wks); -} - -NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str); -} - -NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial); -} - -NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - NTTIME *new_time; - - if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = type; - new_time = talloc(com_set->mem_ctx, sizeof(NTTIME)); - if (new_time == NULL) - return NT_STATUS_NO_MEMORY; - - new_time->low = nttime->low; - new_time->high = nttime->high; - (char *)(data_set->data) = new_time; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time); -} - -NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time); -} - -NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time); -} - -NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time); -} - -NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time); -} - -NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time) -{ - if (com_set->type != GUMS_OBJ_NORMAL_USER) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time); -} - -NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_ADD_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - return gums_cs_add_sids_to_group(com_set, sids, count); -} - -NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_DEL_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count) -{ - NTSTATUS ret; - GUMS_DATA_SET *data_set; - DOM_SID **new_sids; - int i; - - if (!com_set || !sids) - return NT_STATUS_INVALID_PARAMETER; - if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1))) - return ret; - - data_set = &((com_set->data)[com_set->count - 1]); - - data_set->type = GUMS_SET_SID_LIST; - new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count)); - if (new_sids == NULL) - return NT_STATUS_NO_MEMORY; - for (i = 0; i < count; i++) { - new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]); - if (new_sids[i] == NULL) - return NT_STATUS_NO_MEMORY; - } - - (SEC_DESC *)(data_set->data) = new_sids; - - return NT_STATUS_OK; -} - -NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set) -{ - NTSTATUS ret; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) { - DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n")); - return ret; - } - return fns->set_object_values(&(set->sid), set->count, set->data); -} - -NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set) -{ - talloc_destroy((*com_set)->mem_ctx); - *com_set = NULL; - - return NT_STATUS_OK; -} - diff --git a/source/sam/gums_helper.c b/source/sam/gums_helper.c deleted file mode 100644 index fcb9366cda8..00000000000 --- a/source/sam/gums_helper.c +++ /dev/null @@ -1,383 +0,0 @@ -/* - Unix SMB/CIFS implementation. - GUMS backends helper functions - Copyright (C) Simo Sorce 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -extern DOM_SID global_sid_World; -extern DOM_SID global_sid_Builtin; -extern DOM_SID global_sid_Builtin_Administrators; -extern DOM_SID global_sid_Builtin_Power_Users; -extern DOM_SID global_sid_Builtin_Account_Operators; -extern DOM_SID global_sid_Builtin_Server_Operators; -extern DOM_SID global_sid_Builtin_Print_Operators; -extern DOM_SID global_sid_Builtin_Backup_Operators; -extern DOM_SID global_sid_Builtin_Replicator; -extern DOM_SID global_sid_Builtin_Users; -extern DOM_SID global_sid_Builtin_Guests; - - -/* defines */ - -#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0) - -/**************************************************************************** - Check if a user is a mapped group. - - This function will check if the group SID is mapped onto a - system managed gid or onto a winbind manged sid. - In the first case it will be threated like a mapped group - and the backend should take the member list with a getgrgid - and ignore any user that have been possibly set into the group - object. - - In the second case, the group is a fully SAM managed group - served back to the system through winbind. In this case the - members of a Local group are "unrolled" to cope with the fact - that unix cannot contain groups inside groups. - The backend MUST never call any getgr* / getpw* function or - loops with winbind may happen. - ****************************************************************************/ - -#if 0 -NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid) -{ - NTSTATUS result; - gid_t id; - - /* look if mapping exist, do not make idmap alloc an uid if SID is not found */ - result = idmap_get_gid_from_sid(&id, sid, False); - if (NT_STATUS_IS_OK(result)) { - *mapped = gid_is_in_winbind_range(id); - } else { - *mapped = False; - } - - return result; -} -#endif - -#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013 -#define ALIAS_DEFAULT_DACL_SA_RIGHTS \ - (READ_CONTROL_ACCESS | \ - SA_RIGHT_ALIAS_LOOKUP_INFO | \ - SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */ - -#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */ - - -NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx) -{ - DOM_SID *world = &global_sid_World; - DOM_SID *admins = &global_sid_Builtin_Administrators; - SEC_ACCESS sa; - SEC_ACE sacl_ace; - SEC_ACE dacl_aces[2]; - SEC_ACL *sacl = NULL; - SEC_ACL *dacl = NULL; - size_t psize; - - init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS); - init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG); - - sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS); - init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS); - init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); - - dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces); - if (!sacl) { - DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n")); - return NT_STATUS_NO_MEMORY; - } - - *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize); - if (!(*sec_desc)) { - DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n")); - return NT_STATUS_NO_MEMORY; - } - - return NT_STATUS_OK; -} - -NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask) -{ - NTSTATUS result; - SEC_ACE *new_aces; - unsigned num_aces; - int i; - - num_aces = sec_desc->dacl->num_aces + 1; - result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask); - if (NT_STATUS_IS_OK(result)) { - sec_desc->dacl->ace = new_aces; - sec_desc->dacl->num_aces = num_aces; - sec_desc->dacl->size = SEC_ACL_HEADER_SIZE; - for (i = 0; i < num_aces; i++) { - sec_desc->dacl->size += sec_desc->dacl->ace[i].size; - } - } - return result; -} - -NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - GUMS_FUNCTIONS *fns; - - if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) - return ret; - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS))) - return ret; - - ret = gums_set_object_sid(go, sid); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!"); - - ret = gums_set_object_name(go, name); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!"); - - if (description) { - ret = gums_set_object_description(go, description); - NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!"); - } - - /* make security descriptor * / - ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx); - NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc"); - */ - - ret = fns->set_object(go); - - gums_destroy_object(&go); - return ret; -} - -NTSTATUS gums_init_domain(DOM_SID *sid, const char *name, const char * description) -{ - NTSTATUS ret; - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - sid, - name, - description - ))) { - return ret; - } - - /* Add default users and groups */ - /* Administrator - Guest - Domain Administrators - Domain Users - Domain Guests - */ - - return ret; -} - -NTSTATUS gums_init_builtin_domain(void) -{ - NTSTATUS ret; - - generate_wellknown_sids(); - - /* Add the weelknown Builtin Domain */ - if (!NT_STATUS_IS_OK(ret = gums_make_domain( - &global_sid_Builtin, - "BUILTIN", - "Builtin Domain" - ))) { - return ret; - } - - /* Add the well known Builtin Local Groups */ - - /* Administrators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Administrators, - "Administrators", - "Members can fully administer the computer/domain" - ))) { - return ret; - } - /* Administrator privilege set */ - /* From BDC join trace: - SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege, - SeSystemtimePrivilege, SeShutdownPrivilege, - SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege, - SeDebugPrivilege, SeSystemEnvironmentPrivilege, - SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, - SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege, - SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege - */ - - /* Power Users */ - /* Domain Controllers Does NOT have Power Users (?) */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Power_Users, - "Power Users", - "Power Users" - ))) { - return ret; - } - - /* Power Users privilege set */ - /* (?) */ - - /* Account Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Account_Operators, - "Account Operators", - "Members can administer domain user and group accounts" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Server Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Server_Operators, - "Server Operators", - "Members can administer domain servers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege, - SeShutdownPrivilege, SeRemoteShutdownPrivilege - */ - - /* Print Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Print_Operators, - "Print Operators", - "Members can administer domain printers" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeShutdownPrivilege - */ - - /* Backup Operators */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Backup_Operators, - "Backup Operators", - "Members can bypass file security to backup files" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Replicator */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Replicator, - "Replicator", - "Supports file replication in a domain" - ))) { - return ret; - } - - /* make privilege set */ - /* From BDC join trace: - SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege - */ - - /* Users */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Users, - "Users", - "Ordinary users" - ))) { - return ret; - } - - /* Users specific ACEs * / - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS); - sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS); - */ - - /* Guests */ - if (!NT_STATUS_IS_OK(ret = gums_make_alias( - &global_sid_Builtin_Guests, - "Guests", - "Users granted guest access to the computer/domain" - ))) { - return ret; - } - - return ret; -} - diff --git a/source/sam/gums_tdbsam2.c b/source/sam/gums_tdbsam2.c deleted file mode 100644 index 7fb9a1a997f..00000000000 --- a/source/sam/gums_tdbsam2.c +++ /dev/null @@ -1,1220 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * tdbsam2 - sam backend - * Copyright (C) Simo Sorce 2002-2003 - * - * This program is free software; you can redistribute it and/or modify it under - * the terms of the GNU General Public License as published by the Free - * Software Foundation; either version 2 of the License, or (at your option) - * any later version. - * - * This program is distributed in the hope that it will be useful, but WITHOUT - * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or - * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for - * more details. - * - * You should have received a copy of the GNU General Public License along with - * this program; if not, write to the Free Software Foundation, Inc., 675 - * Mass Ave, Cambridge, MA 02139, USA. - */ - -#include "includes.h" -#include "tdbsam2_parse_info.h" - -#if 0 -static int gums_tdbsam2_debug_class = DBGC_ALL; -#endif -/* -#undef DBGC_CLASS -#define DBGC_CLASS gums_tdbsam2_debug_class -*/ - -#define TDBSAM_VERSION 20021215 -#define TDB_FILE_NAME "tdbsam2.tdb" -#define NAMEPREFIX "NAME_" -#define SIDPREFIX "SID_" -#define PRIVILEGEPREFIX "PRIV_" - -#define TDB_BASIC_OBJ_STRING "ddd" -#define TDB_FORMAT_STRING "dddB" -#define TDB_PRIV_FORMAT_STRING "ddB" - -#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0) -#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0) - - - -struct tdbsam2_enum_objs { - uint32 type; - DOM_SID *dom_sid; - TDB_CONTEXT *db; - TDB_DATA key; - struct tdbsam2_enum_objs *next; -}; - -struct tdbsam2_private_data { - - const char *storage; - struct tdbsam2_enum_objs *teo_handlers; -}; - -static struct tdbsam2_private_data *ts2_privs; - -static NTSTATUS init_object_from_buffer(GUMS_OBJECT **go, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, type, seqnum; - int len; - - mem_ctx = talloc_init("init_object_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_object_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_object_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *go = (GUMS_OBJECT *)talloc_zero(mem_ctx, sizeof(GUMS_OBJECT)); - TALLOC_CHECK(*go, ret, done); - - switch (type) { - - case GUMS_OBJ_DOMAIN: - iret = gen_parse(mem_ctx, pinfo_gums_domain, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - iret = gen_parse(mem_ctx, pinfo_gums_group, (char *)(*go), obj_data); - break; - - case GUMS_OBJ_NORMAL_USER: - iret = gen_parse(mem_ctx, pinfo_gums_user, (char *)(*go), obj_data); - break; - - default: - DEBUG(3,("init_object_from_buffer: Error, wrong object type number!\n")); - goto done; - } - - if (iret != 0) { - DEBUG(0, ("init_object_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_object_from_buffer: DB Corrupt ?")); - goto done; - } - - (*go)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_privilege_from_buffer(GUMS_PRIVILEGE **priv, char *buffer, int size) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TALLOC_CTX *mem_ctx; - int iret; - char *obj_data = NULL; - int data_size = 0; - int version, seqnum; - int len; - - mem_ctx = talloc_init("init_privilege_from_buffer"); - if (!mem_ctx) { - DEBUG(0, ("init_privilege_from_buffer: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - len = tdb_unpack (buffer, size, TDB_PRIV_FORMAT_STRING, - &version, - &seqnum, - &data_size, &obj_data); - - if (len == -1 || data_size <= 0) - goto done; - - /* version is checked inside this function so that backward - compatibility code can be called eventually. - This way we can easily handle database format upgrades */ - if (version != TDBSAM_VERSION) { - DEBUG(3,("init_privilege_from_buffer: Error, db object has wrong tdbsam version!\n")); - goto done; - } - - /* be sure the string is terminated before trying to parse it */ - if (obj_data[data_size - 1] != '\0') - obj_data[data_size - 1] = '\0'; - - *priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE)); - TALLOC_CHECK(*priv, ret, done); - - iret = gen_parse(mem_ctx, pinfo_gums_privilege, (char *)(*priv), obj_data); - - if (iret != 0) { - DEBUG(0, ("init_privilege_from_buffer: Fatal Error! Unable to parse object!\n")); - DEBUG(0, ("init_privilege_from_buffer: DB Corrupt ?")); - goto done; - } - - (*priv)->mem_ctx = mem_ctx; - - ret = NT_STATUS_OK; -done: - SAFE_FREE(obj_data); - return ret; -} - -static NTSTATUS init_buffer_from_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_OBJECT *object) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer) - return NT_STATUS_INVALID_PARAMETER; - - switch (gums_get_object_type(object)) { - - case GUMS_OBJ_DOMAIN: - genbuf = gen_dump(mem_ctx, pinfo_gums_domain, (char *)object, 0); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - genbuf = gen_dump(mem_ctx, pinfo_gums_group, (char *)object, 0); - break; - - case GUMS_OBJ_NORMAL_USER: - genbuf = gen_dump(mem_ctx, pinfo_gums_user, (char *)object, 0); - break; - - default: - DEBUG(3,("init_buffer_from_object: Error, wrong object type number!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_object: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING, - TDBSAM_VERSION, - object->type, - object->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_object: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS init_buffer_from_privilege(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_PRIVILEGE *priv) -{ - - NTSTATUS ret; - char *genbuf = NULL; - size_t buflen; - - if (!buffer || !len || !mem_ctx || !priv) - return NT_STATUS_INVALID_PARAMETER; - - genbuf = gen_dump(mem_ctx, pinfo_gums_privilege, (char *)priv, 0); - - if (genbuf == NULL) { - DEBUG(0, ("init_buffer_from_privilege: Fatal Error! Unable to dump object!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - buflen = tdb_pack(NULL, 0, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - *buffer = talloc(mem_ctx, buflen); - TALLOC_CHECK(*buffer, ret, done); - - *len = tdb_pack(*buffer, buflen, TDB_PRIV_FORMAT_STRING, - TDBSAM_VERSION, - priv->seq_num, - strlen(genbuf) + 1, genbuf); - - if (*len != buflen) { - DEBUG(0, ("init_buffer_from_privilege: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n", - buflen, *len)); - *buffer = NULL; - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; -done: - return ret; -} - -static NTSTATUS opentdb(TDB_CONTEXT **tdb, BOOL readonly) -{ - if (!tdb) - return NT_STATUS_INVALID_PARAMETER; - - *tdb = tdb_open_log(ts2_privs->storage, 0, TDB_DEFAULT, readonly?(O_RDONLY):(O_RDWR | O_CREAT), 0600); - if (!(*tdb)) - { - DEBUG(0, ("opentdb: Unable to open database (%s)!\n", ts2_privs->storage)); - return NT_STATUS_UNSUCCESSFUL; - } - - return NT_STATUS_OK; -} - -static NTSTATUS get_object_by_sid(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const DOM_SID *sid) -{ - NTSTATUS ret; - TDB_DATA data, key; - fstring keystr; - - if (!obj || !sid) - return NT_STATUS_INVALID_PARAMETER; - - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_sid: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(obj, data.dptr, data.dsize))) { - DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS make_full_object_name(TDB_CONTEXT *tdb, fstring objname, GUMS_OBJECT *object) -{ - NTSTATUS ret; - - objname[0] = '\0'; - - if (gums_get_object_type(object) == GUMS_OBJ_DOMAIN) { - - fstrcpy(objname, gums_get_object_name(object)); - - } else { - GUMS_OBJECT *domain_object; - DOM_SID domain_sid; - uint32 *discard_rid; - - sid_copy(&domain_sid, gums_get_object_sid(object)); - sid_split_rid(&domain_sid, discard_rid); - - if (!NT_STATUS_IS_OK(get_object_by_sid(tdb, - &domain_object, - &domain_sid))) { - - DEBUG(3, ("Object's domain not found!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - fstrcpy(objname, gums_get_object_name(domain_object)); - fstrcat(objname, "\\"); - fstrcat(objname, gums_get_object_name(object)); - } - - ret = NT_STATUS_OK; - -done: - return ret; -} - -/* name should be in DOMAIN\NAME format */ -static NTSTATUS get_object_by_name(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const char *fullname) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, key; - fstring keystr; - fstring objname; - DOM_SID sid; - fstring sidstr; - int sidstr_len; - - if (!obj || !fullname) - return NT_STATUS_INVALID_PARAMETER; - - /* Data is stored in all lower-case */ - fstrcpy(objname, fullname); - strlower_m(objname); - - slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_by_name: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - fstrcpy(sidstr, data.dptr); - sidstr_len = data.dsize; - - SAFE_FREE(data.dptr); - - if (sidstr_len <= 0) { - DEBUG(5, ("get_object_by_name: Error unpacking database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!string_to_sid(&sid, sidstr)) { - DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -done: - if (NT_STATUS_IS_OK(ret)) - return get_object_by_sid(tdb, obj, &sid); - return ret; -} - -/* Get object's sequence number */ - -static NTSTATUS get_object_seq_num(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int *seq_num) -{ - - NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; - TDB_DATA data, key; - fstring keystr; - fstring sidstr; - int version, type, seqnum; - - if (!object || !seq_num) - return NT_STATUS_INVALID_PARAMETER; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("get_object_seq_num: Entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_NOT_FOUND; - goto done; - } - - if (tdb_unpack (data.dptr, data.dsize, TDB_BASIC_OBJ_STRING, &version, &type, &seqnum) == -1) - goto done; - - *seq_num = seqnum; - ret = NT_STATUS_OK; - -done: - SAFE_FREE(data.dptr); - return ret; -} - -/* store a gums object - * flag: TDB_REPLACE or TDB_MODIFY or TDB_INSERT - */ - -static NTSTATUS store_object(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int flag) -{ - NTSTATUS ret = NT_STATUS_OK; - TDB_DATA data, data2, key, key2; - TALLOC_CTX *mem_ctx; - fstring keystr; - fstring sidstr; - fstring namestr; - fstring objname; - int r; - - /* TODO: on object renaming/replacing this function should - * check name->sid record and delete the old one - */ - - mem_ctx = talloc_init("store_object"); - if (!mem_ctx) { - DEBUG(0, ("store_object: Out of memory!\n")); - return NT_STATUS_NO_MEMORY; - } - - make_full_object_name(tdb, objname, object); - - /* Data is stored in all lower-case */ - strlower_m(objname); - - if (flag == TDB_MODIFY) { - if (!NT_STATUS_IS_OK(ret = get_object_seq_num(tdb, object, &(object->seq_num)))) - goto done; - object->seq_num += 1; - } - - if (!NT_STATUS_IS_OK(ret = init_buffer_from_object(&(data.dptr), &(data.dsize), mem_ctx, object))) - goto done; - - fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object))); - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sidstr); - slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, objname); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if ((r = tdb_store(tdb, key, data, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing sid record (%s)\n", keystr)); - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - data2.dptr = sidstr; - data2.dsize = strlen(sidstr) + 1; - key2.dptr = namestr; - key2.dsize = strlen(namestr) + 1; - - if ((r = tdb_store(tdb, key2, data2, flag)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to modify TDBSAM!\n")); - DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb))); - DEBUGADD(0, (" occured while storing name record (%s)\n", keystr)); - DEBUGADD(0, (" attempting rollback operation.\n")); - if ((tdb_delete(tdb, key)) != TDB_SUCCESS) { - DEBUG(0, ("store_object: Unable to rollback! Check database consitency!\n")); - } - if (r == TDB_ERR_EXISTS) - ret = NT_STATUS_UNSUCCESSFUL; - else - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - -/* TODO: update the general database counter */ -/* TODO: update this entry counter too */ - -done: - talloc_destroy(mem_ctx); - return ret; -} - -/* GUMM object functions */ - -static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name) -{ - - NTSTATUS ret; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - fstring domname; - - if (!sid || !name) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - /* Data is stored in all lower-case */ - fstrcpy(domname, name); - strlower_m(domname); - - if (!NT_STATUS_IS_OK(ret = get_object_by_name(tdb, &go, domname))) { - go = NULL; - DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n")); - goto done; - } - - if (gums_get_object_type(go) != GUMS_OBJ_DOMAIN) { - DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n")); - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - sid_copy(sid, gums_get_object_sid(go)); - - ret = NT_STATUS_OK; - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -static NTSTATUS get_next_sid(TDB_CONTEXT *tdb, DOM_SID *sid) -{ - NTSTATUS ret; - GUMS_OBJECT *go; - DOM_SID dom_sid; - TDB_DATA dom_sid_key; - fstring dom_sid_str; - uint32 new_rid; - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - DEBUG(0, ("get_next_sid: cannot found the domain sid!!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Lock the domain record */ - sid_to_string(dom_sid_str, &dom_sid); - dom_sid_key.dptr = dom_sid_str; - dom_sid_key.dsize = strlen(dom_sid_key.dptr) + 1; - - if(tdb_chainlock(tdb, dom_sid_key) != 0) { - DEBUG(0, ("get_next_sid: unable to lock domain record!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - /* Get the domain object */ - ret = get_object_by_sid(tdb, &go, &dom_sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to get root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - new_rid = gums_get_domain_next_rid(go); - - /* Increment the RID Counter */ - gums_set_domain_next_rid(go, new_rid+1); - - /* Store back Domain object */ - ret = store_object(tdb, go, TDB_MODIFY); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("get_next_sid: unable to update root Domain object!\n")); - ret = NT_STATUS_INTERNAL_DB_ERROR; - goto done; - } - - /* Build the Domain SID to return */ - sid_copy(sid, &dom_sid); - - if (!sid_append_rid(sid, new_rid)) { - DEBUG(0, ("get_next_sid: unable to build new SID !?!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - ret = NT_STATUS_OK; - -done: - /* Unlock the Domain object */ - tdb_chainunlock(tdb, dom_sid_key); - - return ret; -} - -/* TODO */ - NTSTATUS (*get_sequence_number) (void); - - -extern DOM_SID global_sid_NULL; - -static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type) -{ - - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - NTTIME null_time; - DATA_BLOB pw; - const char *defpw = "NOPASSWORDXXXXXX"; - uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255}; - - if (!name) { - DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, obj_type))) { - go = NULL; - goto done; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - sid_copy(sid, get_global_sam_sid()); - } else { - if (!NT_STATUS_IS_OK(ret = get_next_sid(tdb, sid))) - goto done; - } - - gums_set_object_sid(go, sid); - gums_set_object_name(go, name); - gums_set_object_seq_num(go, 1); - - /*obj.domain->sec_desc*/ - - switch (obj_type) { - case GUMS_OBJ_NORMAL_USER: - - init_nt_time(&null_time); - - gums_set_user_logon_time(go, null_time); - gums_set_user_logoff_time(go, null_time); - gums_set_user_kickoff_time(go, null_time); - gums_set_user_pass_last_set_time(go, null_time); - gums_set_user_pass_can_change_time(go, null_time); - gums_set_user_pass_must_change_time(go, null_time); - - pw = data_blob(defpw, NT_HASH_LEN); - gums_set_user_nt_pwd(go, pw); - gums_set_user_lm_pwd(go, pw); - data_blob_free(&pw); - - gums_set_user_logon_divs(go, 168); - gums_set_user_hours(go, 21, defhours); - - gums_set_user_bad_password_count(go, 0); - gums_set_user_logon_count(go, 0); - gums_set_user_unknown_6(go, 0x000004ec); - break; - - case GUMS_OBJ_GROUP: - case GUMS_OBJ_ALIAS: - - break; - - case GUMS_OBJ_DOMAIN: - - gums_set_domain_next_rid(go, 0x3e9); - - break; - - default: - ret = NT_STATUS_OBJECT_TYPE_MISMATCH; - goto done; - } - - ret = store_object(tdb, go, TDB_INSERT); - -done: - if (go) - gums_destroy_object(&go); - tdb_close(tdb); - return ret; -} - -/* TODO: handle privileges objects */ - -static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) -{ - /* TODO: need to address privilege deletion */ - NTSTATUS ret = NT_STATUS_OK; - TDB_CONTEXT *tdb; - GUMS_OBJECT *go; - TDB_DATA data, key; - fstring keystr; - - if (!sid) { - DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(sid)); - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - data = tdb_fetch(tdb, key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - if (!NT_STATUS_IS_OK(init_object_from_buffer(&go, data.dptr, data.dsize))) { - DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, gums_get_object_name(go)); - - key.dptr = keystr; - key.dsize = strlen(keystr) + 1; - - if (tdb_delete(tdb, key) != TDB_SUCCESS) { - DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb))); - DEBUGADD(5, (" Key: %s\n", keystr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - -/* TODO: update the general database counter */ - -done: - gums_destroy_object(&go); - SAFE_FREE(data.dptr); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!object || !sid) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - ret = get_object_by_sid(tdb, object, sid); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_sid: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_sid: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - -static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - fstring objname; - - if (!object || !name) { - DEBUG(0, ("tdbsam2_get_object_from_name: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) { - return ret; - } - - if (obj_type == GUMS_OBJ_DOMAIN) { - fstrcpy(objname, name); - } else { - if (!domain) { - domain = global_myname(); - } - fstrcpy(objname, domain); - fstrcat(objname, "\\"); - fstrcat(objname, name); - } - - *object = NULL; - ret = get_object_by_name(tdb, object, name); - if (!NT_STATUS_IS_OK(ret)) { - DEBUG(0, ("tdbsam2_get_object_from_name: %s\n", nt_errstr(ret))); - goto error; - } - if (obj_type && gums_get_object_type(*object) != obj_type) { - DEBUG(0, ("tdbsam2_get_object_from_name: the object is not of the rerquested type!\n")); - goto error; - } - - tdb_close(tdb); - return NT_STATUS_OK; - -error: - gums_destroy_object(object); - tdb_close(tdb); - return ret; -} - - /* This function is used to get the list of all objects changed since base_time, it is - used to support PDC<->BDC synchronization */ - NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time); - -static NTSTATUS tdbsam2_enumerate_objects_start(void **handle, const DOM_SID *sid, const int obj_type) -{ - struct tdbsam2_enum_objs *teo, *t; - - teo = (struct tdbsam2_enum_objs *)malloc(sizeof(struct tdbsam2_enum_objs)); - if (!teo) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - memset(teo, 0, sizeof(struct tdbsam2_enum_objs)); - - teo->type = obj_type; - if (sid) { - teo->dom_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - if (!teo->dom_sid) { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n")); - return NT_STATUS_NO_MEMORY; - } - sid_copy(teo->dom_sid, sid); - } - - if (!NT_STATUS_IS_OK(opentdb(&(teo->db), True))) - { - DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", ts2_privs->storage)); - SAFE_FREE(teo); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!ts2_privs->teo_handlers) { - ts2_privs->teo_handlers = teo; - } else { - t = ts2_privs->teo_handlers; - while (t->next) { - t = t->next; - } - t->next = teo; - } - - *handle = teo; - - teo->key = tdb_firstkey(teo->db); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle) -{ - NTSTATUS ret; - TDB_DATA data; - struct tdbsam2_enum_objs *teo; - const char *prefix = SIDPREFIX; - const int preflen = strlen(prefix); - fstring dom_sid_str; - int dom_sid_str_len = 0; - - if (!object || !handle) { - DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - teo = (struct tdbsam2_enum_objs *)handle; - - if (teo->dom_sid) { - sid_to_string(dom_sid_str, teo->dom_sid); - dom_sid_str_len = strlen(dom_sid_str); - } - - while ((teo->key.dptr != NULL)) { - int len, version, type, size, seqnum; - char *ptr; - - if (strncmp(teo->key.dptr, prefix, preflen)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - if (dom_sid_str_len != 0) { - if (strncmp(&(teo->key.dptr[preflen]), dom_sid_str, dom_sid_str_len)) { - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - } - - data = tdb_fetch(teo->db, teo->key); - if (!data.dptr) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n")); - DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db))); - DEBUGADD(5, (" Key: %s\n", teo->key.dptr)); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - - len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING, - &version, - &type, - &seqnum, - &size, &ptr); - - if (len == -1) { - DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(ptr); - - if (teo->type && type != teo->type) { - SAFE_FREE(data.dptr); - data.dsize = 0; - teo->key = tdb_nextkey(teo->db, teo->key); - continue; - } - - break; - } - - if (teo->key.dptr == NULL) { /* no more objs */ - ret = NT_STATUS_NO_MORE_ENTRIES; - goto done; - } - - if (!NT_STATUS_IS_OK(ret = init_object_from_buffer(object, data.dptr, data.dsize))) { - SAFE_FREE(data.dptr); - DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n")); - ret = NT_STATUS_UNSUCCESSFUL; - goto done; - } - SAFE_FREE(data.dptr); - - /* prepare next run */ - teo->key = tdb_nextkey(teo->db, teo->key); - -done: - return ret; -} - -static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle) -{ - struct tdbsam2_enum_objs *teo, *t, *p; - - teo = (struct tdbsam2_enum_objs *)handle; - - if (ts2_privs->teo_handlers == teo) { - ts2_privs->teo_handlers = teo->next; - } else { - t = ts2_privs->teo_handlers; - while (t != teo) { - p = t; - t = t->next; - if (t == NULL) { - DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n")); - return NT_STATUS_UNSUCCESSFUL; - } - } - p = t->next; - } - - tdb_close(teo->db); - SAFE_FREE(teo->dom_sid); - SAFE_FREE(teo); - - return NT_STATUS_OK; -} - -static NTSTATUS tdbsam2_set_object(GUMS_OBJECT *go) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - - if (!go) - return NT_STATUS_INVALID_PARAMETER; - - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - - ret = store_object(tdb, go, TDB_REPLACE); - - tdb_close(tdb); - return ret; -} - -#if 0 - /* set object values function */ -static NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set); - - /* Group related functions */ -static NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members); - NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members); -static NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type); - -static NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid); - -static NTSTATUS (*lock_sid) (const DOM_SID *sid); -static NTSTATUS (*unlock_sid) (const DOM_SID *sid); - - /* privileges related functions */ - -static NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name); -static NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members); -static NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members); -static NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs); - - /* warning!: set_privilege will overwrite a prior existing privilege if such exist */ -static NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv); -#endif - -static void free_tdbsam2_private_data(void **vp) -{ - struct tdbsam2_private_data **tdb_privs = (struct tdbsam2_private_data **)vp; - while (ts2_privs->teo_handlers) - tdbsam2_enumerate_objects_stop(ts2_privs->teo_handlers); - *tdb_privs = NULL; - /* No need to free any further, as it is talloc()ed */ -} - -static NTSTATUS init_tdbsam2(GUMS_FUNCTIONS *fns, const char *storage) -{ - NTSTATUS ret; - TDB_CONTEXT *tdb; - DOM_SID dom_sid; - - fns->name = talloc_strdup(fns->mem_ctx, "tdbsam2"); - - fns->get_domain_sid = tdbsam2_get_domain_sid; - /* fns->get_sequence_number = tdbsam2_get_sequence_number; */ - fns->new_object = tdbsam2_new_object; - fns->delete_object = tdbsam2_delete_object; - fns->get_object_from_sid = tdbsam2_get_object_from_sid; - fns->get_object_from_name = tdbsam2_get_object_from_name; - /* fns->get_updated_objects = tdbsam2_get_updated_objects; */ - fns->enumerate_objects_start = tdbsam2_enumerate_objects_start; - fns->enumerate_objects_get_next = tdbsam2_enumerate_objects_get_next; - fns->enumerate_objects_stop = tdbsam2_enumerate_objects_stop; - fns->set_object = tdbsam2_set_object; - /* fns->set_object_values = tdbsam2_set_object_values; - fns->add_members_to_group = tdbsam2_add_members_to_group; - fns->delete_members_from_group = tdbsam2_delete_members_from_group; - fns->enumerate_group_members = tdbsam2_enumerate_group_members; - fns->get_sid_groups = tdbsam2_get_sid_groups; - fns->lock_sid = tdbsam2_lock_sid; - fns->unlock_sid = tdbsam2_unlock_sid; - fns->get_privilege = tdbsam2_get_privilege; - fns->add_members_to_privilege = tdbsam2_add_members_to_privilege; - fns->delete_members_from_privilege = tdbsam2_delete_members_from_privilege; - fns->enumerate_privilege_members = tdbsam2_enumerate_privilege_members; - fns->get_sid_privileges = tdbsam2_get_sid_privileges; - fns->set_privilege = tdbsam2_set_privilege; */ - - ts2_privs = talloc_zero(fns->mem_ctx, sizeof(struct tdbsam2_private_data)); - if (!ts2_privs) { - DEBUG(0, ("talloc() failed for tdbsam2 private_data!\n")); - return NT_STATUS_NO_MEMORY; - } - - if (storage) { - ts2_privs->storage = talloc_strdup(fns->mem_ctx, storage); - } else { - pstring tdbfile; - get_private_directory(tdbfile); - pstrcat(tdbfile, "/"); - pstrcat(tdbfile, TDB_FILE_NAME); - ts2_privs->storage = talloc_strdup(fns->mem_ctx, tdbfile); - } - - /* check tdb exist (or create it) */ - - /* Find the domain SID */ - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) { - /* db file does not exist or it is not inited */ - /* make the tdb file */ - if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) { - return ret; - } - tdb_close(tdb); - - if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, "BUILTIN"))) { - gums_init_builtin_domain(); - } - - gums_init_domain(get_global_sam_sid(), global_myname(), "The Domain"); - } - - fns->private_data = &ts2_privs; - fns->free_private_data = free_tdbsam2_private_data; - - return NT_STATUS_OK; -} - -NTSTATUS gums_tdbsam2_init(void) -{ - /* - if ((gums_tdbsam2_debug_class = debug_add_class("gums_tdbsam2")) == -1) { - DEBUG(0, ("gums_tdbsam2: unable to register my own debug class! going on ...\n")); - gums_tdbsam2_debug_class = DBGC_ALL; - } - */ - return gums_register_module(GUMS_INTERFACE_VERSION, "tdbsam2", init_tdbsam2); -} diff --git a/source/sam/interface.c b/source/sam/interface.c deleted file mode 100644 index 51ae561999c..00000000000 --- a/source/sam/interface.c +++ /dev/null @@ -1,1338 +0,0 @@ -/* - Unix SMB/CIFS implementation. - Password and authentication handling - Copyright (C) Andrew Bartlett 2002 - Copyright (C) Jelmer Vernooij 2002 - Copyright (C) Stefan (metze) Metzmacher 2002 - Copyright (C) Kai Krüger 2002 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. -*/ - -#include "includes.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_SAM - -extern DOM_SID global_sid_Builtin; - -/** List of various built-in sam modules */ - -const struct sam_init_function_entry builtin_sam_init_functions[] = { - { "plugin", sam_init_plugin }, -#ifdef HAVE_LDAP - { "ads", sam_init_ads }, -#endif - { "skel", sam_init_skel }, - { NULL, NULL} -}; - - -static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (sid_equal(domainsid, &(tmp_methods->domain_sid))) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid))); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname) -{ - SAM_METHODS *tmp_methods; - - DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__)); - - /* invalid sam_context specified */ - SAM_ASSERT(context && context->methods); - - tmp_methods = context->methods; - - while (tmp_methods) { - if (strequal(domainname, tmp_methods->domain_name)) - { - (*sam_method) = tmp_methods; - return NT_STATUS_OK; - } - tmp_methods = tmp_methods->next; - } - - DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname)); - - return NT_STATUS_NO_SUCH_DOMAIN; -} - -static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods) -{ - *methods = talloc(mem_ctx, sizeof(SAM_METHODS)); - - if (!*methods) { - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*methods); - - return NT_STATUS_OK; -} - -/****************************************************************** - Free and cleanup a sam context, any associated data and anything - that the attached modules might have associated. - *******************************************************************/ - -void free_sam_context(SAM_CONTEXT **context) -{ - SAM_METHODS *sam_selected = (*context)->methods; - - while (sam_selected) { - if (sam_selected->free_private_data) { - sam_selected->free_private_data(&(sam_selected->private_data)); - } - sam_selected = sam_selected->next; - } - - talloc_destroy((*context)->mem_ctx); - *context = NULL; -} - -/****************************************************************** - Make a backend_entry from scratch - *******************************************************************/ - -static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string) -{ - char *tmp = NULL; - char *tmp_string = sam_backend_string; - - DEBUG(5,("make_backend_entry: %d\n", __LINE__)); - - SAM_ASSERT(sam_backend_string && backend_entry); - - backend_entry->module_name = sam_backend_string; - - DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name)); - - if ((tmp = strrchr(tmp_string, '|')) != NULL) { - DEBUGADD(20,("a domain name has been specified\n")); - *tmp = 0; - backend_entry->domain_name = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if ((tmp = strchr(tmp_string, ':')) != NULL) { - DEBUG(20,("options for the backend have been specified\n")); - *tmp = 0; - backend_entry->module_params = smb_xstrdup(tmp + 1); - tmp_string = tmp + 1; - } - - if (backend_entry->domain_name == NULL) { - DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n", - backend_entry->module_name, lp_workgroup())); - backend_entry->domain_name = smb_xstrdup(lp_workgroup()); - } - - if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) { - DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n")); - return NT_STATUS_NO_MEMORY; - } - - DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name)); - - if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) { - DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n", - backend_entry->domain_name)); - DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__)); - ZERO_STRUCTP(backend_entry->domain_sid); - } - - DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n", - backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid))); - - return NT_STATUS_OK; -} - -/****************************************************************** - create sam_methods struct based on sam_backend_entry - *****************************************************************/ - -static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry) -{ - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - SAM_METHODS *methods; - int i; - - DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__)); - - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) { - return nt_status; - } - - methods = *methods_ptr; - methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name); - methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name); - sid_copy(&methods->domain_sid, backend_entry->domain_sid); - methods->parent = context; - - DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name)); - for (i = 0; builtin_sam_init_functions[i].module_name; i++) - { - if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name)) - { - DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i)); - DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid))); - nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params); - if (NT_STATUS_IS_OK(nt_status)) { - DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name)); - } else { - DEBUG(2,("sam backend %s did not correctly init (error was %s)\n", - backend_entry->module_name, nt_errstr(nt_status))); - } - return nt_status; - } - } - - DEBUG(2,("could not find backend %s\n", backend_entry->module_name)); - - return NT_STATUS_INVALID_PARAMETER; -} - -static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context) -{ - SAM_BACKEND_ENTRY entry; - DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */ - SAM_METHODS *methods, *tmpmethods; - NTSTATUS ntstatus; - - DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__)); - - /* Make sure domain lp_workgroup() is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n", - lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND)); - - SAM_ASSERT(global_sam_sid); - - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = lp_workgroup(); - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, global_sam_sid); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup())); - return ntstatus; - } - - /* Make sure the BUILTIN domain is available */ - - ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid); - - if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) { - DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n", - SAM_DEFAULT_BACKEND)); - entry.module_name = SAM_DEFAULT_BACKEND; - entry.module_params = NULL; - entry.domain_name = "BUILTIN"; - entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy(entry.domain_sid, &global_sid_Builtin); - - if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - return ntstatus; - } - - DLIST_ADD_END(context->methods, methods, tmpmethods); - } else if (!NT_STATUS_IS_OK(ntstatus)) { - DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n")); - return ntstatus; - } - - return NT_STATUS_OK; -} - -static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends) -{ - int i, j; - - DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__)); - - for (i = 0; i < *nBackends; i++) { - for (j = i + 1; j < *nBackends; j++) { - if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) { - DEBUG(0,("two backend modules claim the same domain %s\n", - sid_string_static((*backend_entries)[j].domain_sid))); - return NT_STATUS_INVALID_PARAMETER; - } - } - } - - return NT_STATUS_OK; -} - -NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param) -{ - int i = 0, j = 0; - SAM_METHODS *curmethods, *tmpmethods; - int nBackends = 0; - SAM_BACKEND_ENTRY *backends = NULL; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - - DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__)); - - if (!sam_backends_param) { - DEBUG(1, ("no SAM backeds specified!\n")); - return NT_STATUS_INVALID_PARAMETER; - } - - if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) { - DEBUG(4,("make_sam_context failed\n")); - return nt_status; - } - - while (sam_backends_param[nBackends]) - nBackends++; - - DEBUG(6,("There are %d domains listed with their backends\n", nBackends)); - - if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) { - DEBUG(0,("make_sam_context_list: failed to allocate backends\n")); - return NT_STATUS_NO_MEMORY; - } - - memset(backends, '\0', sizeof(*backends)*nBackends); - - for (i = 0; i < nBackends; i++) { - DEBUG(8,("processing %s\n",sam_backends_param[i])); - if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) { - DEBUG(4,("make_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - } - - if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) { - DEBUG(4,("check_duplicate_backend_entries failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - - for (i = 0; i < nBackends; i++) { - if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) { - DEBUG(4,("make_sam_methods_backend_entry failed\n")); - for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid); - SAFE_FREE(backends); - free_sam_context(context); - return nt_status; - } - DLIST_ADD_END((*context)->methods, curmethods, tmpmethods); - } - - for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid); - - SAFE_FREE(backends); - return NT_STATUS_OK; -} - -/****************************************************************** - Make a sam_context from scratch. - *******************************************************************/ - -NTSTATUS make_sam_context(SAM_CONTEXT **context) -{ - TALLOC_CTX *mem_ctx; - - mem_ctx = talloc_init("sam_context internal allocation context"); - - if (!mem_ctx) { - DEBUG(0, ("make_sam_context: talloc init failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - *context = talloc(mem_ctx, sizeof(**context)); - if (!*context) { - DEBUG(0, ("make_sam_context: talloc failed!\n")); - return NT_STATUS_NO_MEMORY; - } - - ZERO_STRUCTP(*context); - - (*context)->mem_ctx = mem_ctx; - - (*context)->free_fn = free_sam_context; - - return NT_STATUS_OK; -} - -/****************************************************************** - Return an already initialised sam_context, to facilitate backward - compatibility (see functions below). - *******************************************************************/ - -static struct sam_context *sam_get_static_context(BOOL reload) -{ - static SAM_CONTEXT *sam_context = NULL; - - if ((sam_context) && (reload)) { - sam_context->free_fn(&sam_context); - sam_context = NULL; - } - - if (!sam_context) { - if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) { - DEBUG(4,("make_sam_context_list failed\n")); - return NULL; - } - - /* Make sure the required domains (default domain, builtin) are available */ - if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) { - DEBUG(4,("sam_context_check_default_backends failed\n")); - return NULL; - } - } - - return sam_context; -} - -/*************************************************************** - Initialize the static context (at smbd startup etc). - - If uninitialised, context will auto-init on first use. - ***************************************************************/ - -BOOL initialize_sam(BOOL reload) -{ - return (sam_get_static_context(reload) != NULL); -} - - -/************************************************************** - External API. This is what the rest of the world calls... -***************************************************************/ - -/****************************************************************** - sam_* functions are used to link the external SAM interface - with the internal backends. These functions lookup the appropriate - backends for the domain and pass on to the function in sam_methods - in the selected backend - - When the context parmater is NULL, the default is used. - *******************************************************************/ - -#define SAM_SETUP_CONTEXT if (!context) \ - context = sam_get_static_context(False);\ - if (!context) {\ - return NT_STATUS_UNSUCCESSFUL; \ - }\ - - - -NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_sec_desc) { - DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_set_sec_desc) { - DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) { - DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_lookup_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_name) { - DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) { - DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n", - tmp_methods->domain_name, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_lookup_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - sid_copy(&domainsid, sid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_lookup_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_lookup_sid) { - DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) { - DEBUG(4,("sam_lookup_name for %s in backend %s failed\n", - sid_string_static(sid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid domain specified */ - SAM_ASSERT(domain && domain->current_sam_methods); - - tmp_methods = domain->current_sam_methods; - - if (!tmp_methods->sam_update_domain) { - DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){ - DEBUG(4,("sam_update_domain in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - int i = 0; - - DEBUG(5,("sam_enum_domains: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters specified */ - SAM_ASSERT(domain_count && domains && domain_names); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) { - DEBUG(3,("sam_enum_domains: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - *domain_count = 0; - - while (tmp_methods) { - (*domain_count)++; - tmp_methods= tmp_methods->next; - } - - DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count))); - - tmp_methods = context->methods; - - if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n")); - return NT_STATUS_NO_MEMORY; - } - - if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) { - DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n")); - SAFE_FREE((*domains)); - return NT_STATUS_NO_MEMORY; - } - - while (tmp_methods) { - DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid))); - sid_copy(domains[i],&tmp_methods->domain_sid); - *domain_names[i] = smb_xstrdup(tmp_methods->domain_name); - i++; - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SEC_DESC *sd; - size_t sd_size; - uint32 acc_granted; - - DEBUG(5,("sam_lookup_domain: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid paramters */ - SAM_ASSERT(access_token && domain && domainsid); - - if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) { - DEBUG(4,("samr_make_sam_obj_sd failed\n")); - return nt_status; - } - - if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) { - DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n")); - return nt_status; - } - - tmp_methods= context->methods; - - while (tmp_methods) { - if (strcmp(domain, tmp_methods->domain_name) == 0) { - (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID)); - sid_copy((*domainsid), &tmp_methods->domain_sid); - return NT_STATUS_OK; - } - tmp_methods= tmp_methods->next; - } - - return NT_STATUS_NO_SUCH_DOMAIN; -} - - -NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && domain); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_domain_handle) { - DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) { - DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n", - sid_string_static(domainsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(access_token && domainsid && account_name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_account) { - DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) { - DEBUG(4,("sam_create_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - DOM_SID domainsid; - const DOM_SID *accountsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid parmaters */ - SAM_ASSERT(account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) { - DEBUG(0,("Can't get account SID\n")); - return nt_status; - } - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_account) { - DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){ - DEBUG(4,("sam_add_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_update_account) { - DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){ - DEBUG(4,("sam_update_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_account: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid account specified */ - SAM_ASSERT(account && account->current_sam_methods); - - tmp_methods = account->current_sam_methods; - - if (!tmp_methods->sam_delete_account) { - DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){ - DEBUG(4,("sam_delete_account in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_accounts: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && account_count && accounts); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) { - DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - - -NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - DOM_SID domainsid; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && accountsid && account); - - sid_copy(&domainsid, accountsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_sid) { - DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) { - DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n", - sid_string_static(accountsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && account); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_account_by_name) { - DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) { - DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_create_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && group_name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_create_group) { - DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n")); - return NT_STATUS_UNSUCCESSFUL; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) { - DEBUG(4,("sam_create_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - DOM_SID domainsid; - const DOM_SID *groupsid; - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - - DEBUG(5,("sam_add_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) { - DEBUG(0,("Can't get group SID\n")); - return nt_status; - } - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_add_group) { - DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){ - DEBUG(4,("sam_add_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_update_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_update_group) { - DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){ - DEBUG(4,("sam_update_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_delete_group: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_group) { - DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){ - DEBUG(4,("sam_delete_group in backend %s failed\n", - tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_enum_groups: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domainsid && groups_count && groups); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_enum_accounts) { - DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) { - DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n", - tmp_methods->domain_name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - uint32 rid; - NTSTATUS nt_status; - DOM_SID domainsid; - - DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && groupsid && group); - - sid_copy(&domainsid, groupsid); - if (!sid_split_rid(&domainsid, &rid)) { - DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n")); - return NT_STATUS_INVALID_SID; - } - - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) { - DEBUG(4,("sam_get_methods_by_sid failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_sid) { - DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) { - DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n", - sid_string_static(groupsid), tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - SAM_ASSERT(access_token && domain && name && group); - - if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) { - DEBUG(4,("sam_get_methods_by_name failed\n")); - return nt_status; - } - - if (!tmp_methods->sam_get_group_by_name) { - DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) { - DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n", - domain, name, tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_add_member_to_group) { - DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) { - DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; - -} - -NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group or member specified */ - SAM_ASSERT(group && group->current_sam_methods && member); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_delete_member_from_group) { - DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) { - DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members) -{ - const SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - SAM_SETUP_CONTEXT; - - /* invalid group specified */ - SAM_ASSERT(group && group->current_sam_methods && members_count && members); - - tmp_methods = group->current_sam_methods; - - if (!tmp_methods->sam_enum_groupmembers) { - DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n")); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) { - DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname)); - return nt_status; - } - - return NT_STATUS_OK; -} - -NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups) -{ - SAM_METHODS *tmp_methods; - NTSTATUS nt_status; - - uint32 tmp_group_count; - SAM_GROUP_ENUM *tmp_groups; - - DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__)); - - SAM_SETUP_CONTEXT; - - /* invalid sam_context specified */ - SAM_ASSERT(access_token && sids && context && context->methods); - - *group_count = 0; - - *groups = NULL; - - tmp_methods= context->methods; - - while (tmp_methods) { - DEBUG(5,("getting groups from domain \n")); - if (!tmp_methods->sam_get_groups_of_sid) { - DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n")); - SAFE_FREE(*groups); - return NT_STATUS_NOT_IMPLEMENTED; - } - - if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) { - DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname)); - SAFE_FREE(*groups); - return nt_status; - } - - *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM)); - - memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count); - - SAFE_FREE(tmp_groups); - - *group_count += tmp_group_count; - - tmp_methods = tmp_methods->next; - } - - return NT_STATUS_OK; -} - - diff --git a/source/script/genstruct.pl b/source/script/genstruct.pl deleted file mode 100755 index a6abd718c95..00000000000 --- a/source/script/genstruct.pl +++ /dev/null @@ -1,299 +0,0 @@ -#!/usr/bin/perl -w -# a simple system for generating C parse info -# this can be used to write generic C structer load/save routines -# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net> -# released under the GNU General Public License v2 or later - -use strict; - -my(%enum_done) = (); -my(%struct_done) = (); - -################################################### -# general handler -sub handle_general($$$$$$$$) -{ - my($name) = shift; - my($ptr_count) = shift; - my($size) = shift; - my($element) = shift; - my($flags) = shift; - my($dump_fn) = shift; - my($parse_fn) = shift; - my($tflags) = shift; - my($array_len) = 0; - my($dynamic_len) = "NULL"; - - # handle arrays, currently treat multidimensional arrays as 1 dimensional - while ($element =~ /(.*)\[(.*?)\]$/) { - $element = $1; - if ($array_len == 0) { - $array_len = $2; - } else { - $array_len = "$2 * $array_len"; - } - } - - if ($flags =~ /_LEN\((\w*?)\)/) { - $dynamic_len = "\"$1\""; - } - - if ($flags =~ /_NULLTERM/) { - $tflags = "FLAG_NULLTERM"; - } - - print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n"; -} - - -#################################################### -# parse one element -sub parse_one($$$$) -{ - my($name) = shift; - my($type) = shift; - my($element) = shift; - my($flags) = shift; - my($ptr_count) = 0; - my($size) = "sizeof($type)"; - my($tflags) = "0"; - - # enums get the FLAG_ALWAYS flag - if ($type =~ /^enum /) { - $tflags = "FLAG_ALWAYS"; - } - - - # make the pointer part of the base type - while ($element =~ /^\*(.*)/) { - $ptr_count++; - $element = $1; - } - - # convert spaces to _ - $type =~ s/ /_/g; - - my($dump_fn) = "gen_dump_$type"; - my($parse_fn) = "gen_parse_$type"; - - handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags); -} - -#################################################### -# parse one element -sub parse_element($$$) -{ - my($name) = shift; - my($element) = shift; - my($flags) = shift; - my($type); - my($data); - - # pull the base type - if ($element =~ /^struct (\S*) (.*)/) { - $type = "struct $1"; - $data = $2; - } elsif ($element =~ /^enum (\S*) (.*)/) { - $type = "enum $1"; - $data = $2; - } elsif ($element =~ /^unsigned (\S*) (.*)/) { - $type = "unsigned $1"; - $data = $2; - } elsif ($element =~ /^(\S*) (.*)/) { - $type = $1; - $data = $2; - } else { - die "Can't parse element '$element'"; - } - - # handle comma separated lists - while ($data =~ /(\S*),[\s]?(.*)/) { - parse_one($name, $type, $1, $flags); - $data = $2; - } - parse_one($name, $type, $data, $flags); -} - - -my($first_struct) = 1; - -#################################################### -# parse the elements of one structure -sub parse_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_struct) { - $first_struct = 0; - print "Parsing structs: $name"; - } else { - print ", $name"; - } - - print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n"; - print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n"; - - print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n"; - - - while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) { - my($element) = $1; - my($flags) = $2; - $elements = $3; - parse_element($name, $element, $flags); - } - - print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n"; - - print OFILE " -int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent); -} -int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) { - return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str); -} - -"; -} - -my($first_enum) = 1; - -#################################################### -# parse out the enum declarations -sub parse_enum_elements($$) -{ - my($name) = shift; - my($elements) = shift; - - if ($first_enum) { - $first_enum = 0; - print "Parsing enums: $name"; - } else { - print ", $name"; - } - - print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n"; - - my(@enums) = split(/,/s, $elements); - for (my($i)=0; $i <= $#{@enums}; $i++) { - my($enum) = $enums[$i]; - if ($enum =~ /\s*(\w*)/) { - my($e) = $1; - print OFILE "{\"$e\", $e},\n"; - } - } - - print OFILE "{NULL, 0}};\n"; - - print OFILE " -int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) { - return gen_dump_enum(einfo_$name, p, ptr, indent); -} - -int gen_parse_enum_$name(char *ptr, const char *str) { - return gen_parse_enum(einfo_$name, ptr, str); -} - -"; -} - -#################################################### -# parse out the enum declarations -sub parse_enums($) -{ - my($data) = shift; - - while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - - if (!defined($enum_done{$name})) { - $enum_done{$name} = 1; - parse_enum_elements($name, $elements); - } - } - - if (! $first_enum) { - print "\n"; - } -} - -#################################################### -# parse all the structures -sub parse_structs($) -{ - my($data) = shift; - - # parse into structures - while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) { - my($name) = $1; - my($elements) = $2; - $data = $3; - if (!defined($struct_done{$name})) { - $struct_done{$name} = 1; - parse_elements($name, $elements); - } - } - - if (! $first_struct) { - print "\n"; - } else { - print "No GENSTRUCT structures found?\n"; - } -} - - -#################################################### -# parse a header file, generating a dumper structure -sub parse_data($) -{ - my($data) = shift; - - # collapse spaces - $data =~ s/[\t ]+/ /sg; - $data =~ s/\s*\n\s+/\n/sg; - # strip debug lines - $data =~ s/^\#.*?\n//smg; - - parse_enums($data); - parse_structs($data); -} - - -######################################### -# display help text -sub ShowHelp() -{ - print " -generator for C structure dumpers -Copyright Andrew Tridgell <genstruct\@tridgell.net> - -Sample usage: - genstruct -o output.h gcc -E -O2 -g test.h - -Options: - --help this help page - -o OUTPUT place output in OUTPUT -"; - exit(0); -} - -######################################## -# main program -if ($ARGV[0] ne "-o" || $#ARGV < 2) { - ShowHelp(); -} - -shift; -my($opt_ofile)=shift; - -print "creating $opt_ofile\n"; - -open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile"; - -print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n"; - -parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`); -exit(0); diff --git a/source/smbd/chgpasswd.c b/source/smbd/chgpasswd.c index 4192cc3a239..d928445d94e 100644 --- a/source/smbd/chgpasswd.c +++ b/source/smbd/chgpasswd.c @@ -991,7 +991,7 @@ NTSTATUS change_oem_password(SAM_ACCOUNT *hnd, char *old_passwd, char *new_passw if (!push_sec_ctx()) return NT_STATUS_UNSUCCESSFUL; - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); set_re_uid(); } diff --git a/source/smbd/conn.c b/source/smbd/conn.c index 0805f8e6902..9bac0acdb9f 100644 --- a/source/smbd/conn.c +++ b/source/smbd/conn.c @@ -249,14 +249,6 @@ void conn_free(connection_struct *conn) conn->ngroups = 0; } - if (conn->nt_user_token) { - delete_nt_token(&(conn->nt_user_token)); - } - - if (conn->privs) { - destroy_privilege(&(conn->privs)); - } - free_namearray(conn->veto_list); free_namearray(conn->hide_list); free_namearray(conn->veto_oplock_list); diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index d715ab4ddc3..c4df84e76c7 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -1557,87 +1557,87 @@ static BOOL api_RNetShareAdd(connection_struct *conn,uint16 vuid, char *param,ch char **rdata,char **rparam, int *rdata_len,int *rparam_len) { - char *str1 = param+2; - char *str2 = skip_string(str1,1); - char *p = skip_string(str2,1); - int uLevel = SVAL(p,0); - fstring sharename; - fstring comment; - pstring pathname; - char *command, *cmdname; - unsigned int offset; - int snum; - int res = ERRunsup; + char *str1 = param+2; + char *str2 = skip_string(str1,1); + char *p = skip_string(str2,1); + int uLevel = SVAL(p,0); + fstring sharename; + fstring comment; + pstring pathname; + char *command, *cmdname; + unsigned int offset; + int snum; + int res = ERRunsup; - /* check it's a supported varient */ - if (!prefix_ok(str1, RAP_WShareAdd_REQ)) return False; - if (!check_share_info(uLevel, str2)) return False; - if (uLevel != 2) return False; - - pull_ascii_fstring(sharename, data); - snum = find_service(sharename); - if (snum >= 0) { /* already exists */ - res = ERRfilexists; - goto error_exit; - } + /* check it's a supported varient */ + if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False; + if (!check_share_info(uLevel,str2)) return False; + if (uLevel != 2) return False; - /* only support disk share adds */ - if (SVAL(data,14) != STYPE_DISKTREE) return False; + pull_ascii_fstring(sharename,data); + snum = find_service(sharename); + if (snum >= 0) { /* already exists */ + res = ERRfilexists; + goto error_exit; + } - offset = IVAL(data, 16); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_fstring(comment, offset? (data+offset) : ""); + /* only support disk share adds */ + if (SVAL(data,14)!=STYPE_DISKTREE) return False; - offset = IVAL(data, 26); - if (offset >= mdrcnt) { - res = ERRinvalidparam; - goto error_exit; - } - pull_ascii_pstring(pathname, offset? (data+offset) : ""); + offset = IVAL(data, 16); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_fstring(comment, offset? (data+offset) : ""); - string_replace(sharename, '"', ' '); - string_replace(pathname, '"', ' '); - string_replace(comment, '"', ' '); + offset = IVAL(data, 26); + if (offset >= mdrcnt) { + res = ERRinvalidparam; + goto error_exit; + } + pull_ascii_pstring(pathname, offset? (data+offset) : ""); - cmdname = lp_add_share_cmd(); + string_replace(sharename, '"', ' '); + string_replace(pathname, '"', ' '); + string_replace(comment, '"', ' '); - if (!cmdname || *cmdname == '\0') return False; + cmdname = lp_add_share_cmd(); - asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", - lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); + if (!cmdname || *cmdname == '\0') return False; - if (command) { - DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); - if ((res = smbrun(command, NULL)) != 0) { - DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); - SAFE_FREE(command); - res = ERRnoaccess; - goto error_exit; - } else { - SAFE_FREE(command); - message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); - } - } else return False; + asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"", + lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment); - *rparam_len = 6; - *rparam = REALLOC(*rparam, *rparam_len); - SSVAL(*rparam, 0, NERR_Success); - SSVAL(*rparam, 2, 0); /* converter word */ - SSVAL(*rparam, 4, *rdata_len); - *rdata_len = 0; + if (command) { + DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command )); + if ((res = smbrun(command, NULL)) != 0) { + DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res )); + SAFE_FREE(command); + res = ERRnoaccess; + goto error_exit; + } else { + SAFE_FREE(command); + message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL); + } + } else return False; + + *rparam_len = 6; + *rparam = REALLOC(*rparam,*rparam_len); + SSVAL(*rparam,0,NERR_Success); + SSVAL(*rparam,2,0); /* converter word */ + SSVAL(*rparam,4,*rdata_len); + *rdata_len = 0; - return True; + return True; -error_exit: - *rparam_len = 4; - *rparam = REALLOC(*rparam, *rparam_len); - *rdata_len = 0; - SSVAL(*rparam, 0, res); - SSVAL(*rparam, 2, 0); - return True; + error_exit: + *rparam_len = 4; + *rparam = REALLOC(*rparam,*rparam_len); + *rdata_len = 0; + SSVAL(*rparam,0,res); + SSVAL(*rparam,2,0); + return True; } diff --git a/source/smbd/negprot.c b/source/smbd/negprot.c index 96961368fb1..1843c174bb5 100644 --- a/source/smbd/negprot.c +++ b/source/smbd/negprot.c @@ -251,7 +251,7 @@ static int reply_nt1(char *inbuf, char *outbuf) capabilities |= CAP_EXTENDED_SECURITY; } - capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS; + capabilities |= CAP_NT_SMBS|CAP_RPC_REMOTE_APIS|CAP_UNICODE; if (lp_unix_extensions()) { capabilities |= CAP_UNIX; @@ -266,10 +266,6 @@ static int reply_nt1(char *inbuf, char *outbuf) if (lp_readraw() && lp_writeraw()) capabilities |= CAP_RAW_MODE; - /* allow for disabling unicode */ - if (lp_unicode()) - capabilities |= CAP_UNICODE; - if (lp_nt_status_support()) capabilities |= CAP_STATUS32; diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index 018f6bbbece..c9cc44627db 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -43,7 +43,6 @@ static const char *known_nt_pipes[] = { "\\spoolss", "\\netdfs", "\\rpcecho", - "\\epmapper", NULL }; diff --git a/source/smbd/password.c b/source/smbd/password.c index 9f6dad423ad..ef5d0a97ac7 100644 --- a/source/smbd/password.c +++ b/source/smbd/password.c @@ -87,7 +87,6 @@ void invalidate_vuid(uint16 vuid) SAFE_FREE(vuser->groups); delete_nt_token(&vuser->nt_user_token); - destroy_privilege(&vuser->privs); SAFE_FREE(vuser); num_validated_vuids--; } @@ -235,11 +234,6 @@ int register_vuid(auth_serversupplied_info *server_info, DATA_BLOB session_key, return UID_FIELD_INVALID; } - if (server_info->privs) { - init_privilege(&(vuser->privs)); - dup_priv_set(vuser->privs, server_info->privs); - } - /* use this to keep tabs on all our info from the authentication */ vuser->server_info = server_info; diff --git a/source/smbd/sec_ctx.c b/source/smbd/sec_ctx.c index fee71b5ec96..8a85792ead5 100644 --- a/source/smbd/sec_ctx.c +++ b/source/smbd/sec_ctx.c @@ -28,7 +28,6 @@ struct sec_ctx { int ngroups; gid_t *groups; NT_USER_TOKEN *token; - PRIVILEGE_SET *privs; }; /* A stack of security contexts. We include the current context as being @@ -272,14 +271,6 @@ BOOL push_sec_ctx(void) ctx_p->groups = NULL; } - init_privilege(&ctx_p->privs); - if (! NT_STATUS_IS_OK(dup_priv_set(ctx_p->privs, sec_ctx_stack[sec_ctx_stack_ndx-1].privs))) { - DEBUG(0, ("Out of memory on dup_priv_set() in push_sec_ctx()\n")); - delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); - return False; - } - return True; } @@ -287,7 +278,7 @@ BOOL push_sec_ctx(void) Set the current security context to a given user. ****************************************************************************/ -void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token, PRIVILEGE_SET *privs) +void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token) { struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx]; @@ -312,14 +303,9 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN smb_panic("DUPLICATE_TOKEN"); delete_nt_token(&ctx_p->token); - if (ctx_p->privs) - reset_privilege(ctx_p->privs); - else - init_privilege(&ctx_p->privs); ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups); ctx_p->token = dup_nt_token(token); - dup_priv_set(ctx_p->privs, privs); become_id(uid, gid); @@ -333,7 +319,6 @@ void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN current_user.ngroups = ngroups; current_user.groups = groups; current_user.nt_user_token = ctx_p->token; - current_user.privs = ctx_p->privs; } /**************************************************************************** @@ -344,7 +329,7 @@ void set_root_sec_ctx(void) { /* May need to worry about supplementary groups at some stage */ - set_sec_ctx(0, 0, 0, NULL, NULL, NULL); + set_sec_ctx(0, 0, 0, NULL, NULL); } /**************************************************************************** @@ -374,7 +359,6 @@ BOOL pop_sec_ctx(void) ctx_p->ngroups = 0; delete_nt_token(&ctx_p->token); - destroy_privilege(&ctx_p->privs); /* Pop back previous user */ @@ -397,7 +381,6 @@ BOOL pop_sec_ctx(void) current_user.ngroups = prev_ctx_p->ngroups; current_user.groups = prev_ctx_p->groups; current_user.nt_user_token = prev_ctx_p->token; - current_user.privs = prev_ctx_p->privs; DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n", (unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx)); @@ -430,7 +413,6 @@ void init_sec_ctx(void) get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups); ctx_p->token = NULL; /* Maps to guest user. */ - ctx_p->privs = NULL; /* Initialise current_user global */ @@ -445,5 +427,4 @@ void init_sec_ctx(void) current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; current_user.nt_user_token = NULL; - current_user.privs = NULL; } diff --git a/source/smbd/service.c b/source/smbd/service.c index 1910ef9b72b..08b66482496 100644 --- a/source/smbd/service.c +++ b/source/smbd/service.c @@ -363,7 +363,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, string_set(&conn->dirpath,""); string_set(&conn->user,user); conn->nt_user_token = NULL; - conn->privs = NULL; conn->read_only = lp_readonly(conn->service); conn->admin_user = False; @@ -472,9 +471,6 @@ static connection_struct *make_connection_snum(int snum, user_struct *vuser, conn->nt_user_token = create_nt_token(conn->uid, conn->gid, conn->ngroups, conn->groups, guest); - - init_privilege(&(conn->privs)); - pdb_get_privilege_set(conn->nt_user_token->user_sids, conn->nt_user_token->num_sids, conn->privs); } /* diff --git a/source/smbd/uid.c b/source/smbd/uid.c index ff3dd1a56ef..3859298055b 100644 --- a/source/smbd/uid.c +++ b/source/smbd/uid.c @@ -44,7 +44,7 @@ BOOL change_to_guest(void) initgroups(pass->pw_name, pass->pw_gid); #endif - set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL); + set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL); current_user.conn = NULL; current_user.vuid = UID_FIELD_INVALID; @@ -161,9 +161,8 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) gid_t gid; uid_t uid; char group_c; - BOOL must_free_token_priv = False; + BOOL must_free_token = False; NT_USER_TOKEN *token = NULL; - PRIVILEGE_SET *privs = NULL; if (!conn) { DEBUG(2,("change_to_user: Connection not open\n")); @@ -196,14 +195,12 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) current_user.groups = conn->groups; current_user.ngroups = conn->ngroups; token = conn->nt_user_token; - privs = conn->privs; } else if ((vuser) && check_user_ok(conn, vuser, snum)) { uid = conn->admin_user ? 0 : vuser->uid; gid = vuser->gid; current_user.ngroups = vuser->n_groups; current_user.groups = vuser->groups; token = vuser->nt_user_token; - privs = vuser->privs; } else { DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid)); return False; @@ -251,20 +248,17 @@ BOOL change_to_user(connection_struct *conn, uint16 vuid) DEBUG(1, ("change_to_user: create_nt_token failed!\n")); return False; } - pdb_get_privilege_set(token->user_sids, token->num_sids, privs); - must_free_token_priv = True; + must_free_token = True; } - set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token, privs); + set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token); /* * Free the new token (as set_sec_ctx copies it). */ - if (must_free_token_priv) { + if (must_free_token) delete_nt_token(&token); - destroy_privilege(&privs); - } current_user.conn = conn; current_user.vuid = vuid; @@ -305,7 +299,7 @@ BOOL become_authenticated_pipe_user(pipes_struct *p) return False; set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid, - p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token, p->pipe_user.privs); + p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token); return True; } diff --git a/source/torture/torture.c b/source/torture/torture.c index 86bdca62a86..17a2ee00a8d 100644 --- a/source/torture/torture.c +++ b/source/torture/torture.c @@ -3326,7 +3326,7 @@ static BOOL run_rename(int dummy) const char *fname = "\\test.txt"; const char *fname1 = "\\test1.txt"; BOOL correct = True; - int fnum1, fnum2; + int fnum1; printf("starting rename test\n"); diff --git a/source/utils/net.c b/source/utils/net.c index e4484488b61..f6d6de0a74f 100644 --- a/source/utils/net.c +++ b/source/utils/net.c @@ -647,7 +647,6 @@ static struct functable net_func[] = { #ifdef WITH_FAKE_KASERVER {"AFSKEY", net_afskey}, #endif - {"PRIV", net_priv}, {"HELP", net_help}, {NULL, NULL} diff --git a/source/utils/net_ads_cldap.c b/source/utils/net_ads_cldap.c index 1903172cf75..44de9cb8911 100644 --- a/source/utils/net_ads_cldap.c +++ b/source/utils/net_ads_cldap.c @@ -29,7 +29,7 @@ struct cldap_netlogon_reply { uint32 type; uint32 flags; - UUID_FLAT guid; + GUID guid; char forest[MAX_DNS_LABEL]; char domain[MAX_DNS_LABEL]; @@ -241,8 +241,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) reply->type = IVAL(p, 0); p += 4; reply->flags = IVAL(p, 0); p += 4; - memcpy(&reply->guid.info, p, UUID_FLAT_SIZE); - p += UUID_FLAT_SIZE; + memcpy(&reply->guid.info, p, GUID_SIZE); + p += GUID_SIZE; p += pull_netlogon_string(reply->forest, p, (const char *)os3.data); p += pull_netlogon_string(reply->domain, p, (const char *)os3.data); @@ -316,8 +316,8 @@ int ads_cldap_netlogon(ADS_STRUCT *ads) d_printf("0x%x\n", reply.type); break; } - d_printf("GUID: %s\n", - smb_uuid_string_static(smb_uuid_unpack_static(reply.guid))); + d_printf("GUID: "); + print_guid(&reply.guid); d_printf("Flags:\n" "\tIs a PDC: %s\n" "\tIs a GC of the forest: %s\n" diff --git a/source/utils/net_groupmap.c b/source/utils/net_groupmap.c index 78e763e1818..2b487ef17b4 100644 --- a/source/utils/net_groupmap.c +++ b/source/utils/net_groupmap.c @@ -608,102 +608,6 @@ static int net_groupmap_cleanup(int argc, const char **argv) return 0; } -static int net_groupmap_addmem(int argc, const char **argv) -{ - DOM_SID alias, member; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap addmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_add_aliasmem(&alias, &member)) { - d_printf("Could not add sid %s to alias %s\n", - argv[1], argv[0]); - return -1; - } - - return 0; -} - -static int net_groupmap_delmem(int argc, const char **argv) -{ - DOM_SID alias, member; - - if ( (argc != 2) || - !string_to_sid(&alias, argv[0]) || - !string_to_sid(&member, argv[1]) ) { - d_printf("Usage: net groupmap delmem alias-sid member-sid\n"); - return -1; - } - - if (!pdb_del_aliasmem(&alias, &member)) { - d_printf("Could not delete sid %s from alias %s\n", - argv[1], argv[0]); - return -1; - } - - return 0; -} - -static int net_groupmap_listmem(int argc, const char **argv) -{ - DOM_SID alias; - DOM_SID *members; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&alias, argv[0]) ) { - d_printf("Usage: net groupmap listmem alias-sid\n"); - return -1; - } - - if (!pdb_enum_aliasmem(&alias, &members, &num)) { - d_printf("Could not list members for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(members[i]))); - } - - SAFE_FREE(members); - - return 0; -} - -static int net_groupmap_memberships(int argc, const char **argv) -{ - DOM_SID member; - DOM_SID *aliases; - int i, num; - NTSTATUS result; - - if ( (argc != 1) || - !string_to_sid(&member, argv[0]) ) { - d_printf("Usage: net groupmap memberof sid\n"); - return -1; - } - - if (!pdb_enum_alias_memberships(&member, &aliases, &num)) { - d_printf("Could not list memberships for sid %s: %s\n", - argv[0], nt_errstr(result)); - return -1; - } - - for (i = 0; i < num; i++) { - printf("%s\n", sid_string_static(&(aliases[i]))); - } - - SAFE_FREE(aliases); - - return 0; -} - int net_help_groupmap(int argc, const char **argv) { d_printf("net groupmap add"\ @@ -712,14 +616,6 @@ int net_help_groupmap(int argc, const char **argv) "\n Update a group mapping\n"); d_printf("net groupmap delete"\ "\n Remove a group mapping\n"); - d_printf("net groupmap addmember"\ - "\n Add a foreign alias member\n"); - d_printf("net groupmap delmember"\ - "\n Delete a foreign alias member\n"); - d_printf("net groupmap listmembers"\ - "\n List foreign group members\n"); - d_printf("net groupmap memberships"\ - "\n List foreign group memberships\n"); d_printf("net groupmap list"\ "\n List current group map\n"); d_printf("net groupmap set"\ @@ -742,22 +638,16 @@ int net_groupmap(int argc, const char **argv) {"delete", net_groupmap_delete}, {"set", net_groupmap_set}, {"cleanup", net_groupmap_cleanup}, - {"addmem", net_groupmap_addmem}, - {"delmem", net_groupmap_delmem}, - {"listmem", net_groupmap_listmem}, - {"memberships", net_groupmap_memberships}, {"list", net_groupmap_list}, {"help", net_help_groupmap}, {NULL, NULL} }; /* we shouldn't have silly checks like this */ -#if 0 if (getuid() != 0) { d_printf("You must be root to edit group mappings.\nExiting...\n"); return -1; } -#endif if ( argc ) return net_run_function(argc, argv, func, net_help_groupmap); diff --git a/source/utils/net_privileges.c b/source/utils/net_privileges.c deleted file mode 100644 index 95a3326ce3e..00000000000 --- a/source/utils/net_privileges.c +++ /dev/null @@ -1,362 +0,0 @@ -/* - * Unix SMB/CIFS implementation. - * RPC Pipe client / server routines - * Copyright (C) Andrew Tridgell 1992-2000, - * Copyright (C) Jean François Micouleau 1998-2001. - * Copyright (C) Gerald Carter 2003. - * Copyright (C) Simo Sorce 2003. - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - */ - - -#include "includes.h" -#include "../utils/net.h" - -extern PRIVS privs[]; - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static uint32 get_int_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return 0; - - return atoi(p+1); -} - -/********************************************************* - utility function to parse an integer parameter from - "parameter = value" -**********************************************************/ -static char* get_string_param( const char* param ) -{ - char *p; - - p = strchr( param, '=' ); - if ( !p ) - return NULL; - - return (p+1); -} - -/********************************************************* - Dump a GROUP_MAP entry to stdout (long or short listing) -**********************************************************/ - -static void print_priv_entry(const char *privname, const char *description, const char *sid_list) -{ - d_printf("%s\n", privname); - - if (description) { - d_printf("\tdescription: %s\n", description); - } - - if (sid_list) { - d_printf("\tSIDs: %s\n", sid_list); - } else { - d_printf("\tNo SIDs in this privilege\n"); - } -} - -/********************************************************* - List the groups. -**********************************************************/ -static int net_priv_list(int argc, const char **argv) -{ - fstring privname = ""; - fstring sid_string = ""; - int i; - BOOL verbose = False; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "privname", strlen("privname")) == 0) { - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "verbose", strlen("verbose")) == 0) { - verbose = True; - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (sid_string[0] != '\0') { - /* list all privileges of a single sid */ - - } else { - char *sid_list = NULL; - - if (privname[0] != '\0') { - const char *description = NULL; - - BOOL found = False; - - for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - if (StrCaseCmp(privs[i].priv, privname) == 0) { - description = privs[i].description; - found = True; - break; - } - } - if (!found) { - d_printf("No such privilege!\n"); - return -1; - } - - /* Get the current privilege from the database */ - pdb_get_privilege_entry(privname, &sid_list); - print_priv_entry(privname, description, sid_list); - - SAFE_FREE(sid_list); - - } else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) { - - if (!pdb_get_privilege_entry(privs[i].priv, &sid_list)) { - if (!verbose) - continue; - - sid_list = NULL; - } - - print_priv_entry(privs[i].priv, privs[i].description, sid_list); - - SAFE_FREE(sid_list); - } - } - - return 0; -} - -/********************************************************* - Add a sid to a privilege entry -**********************************************************/ - -static int net_priv_add(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "rid", strlen("rid")) == 0) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "privilege", strlen("privilege")) == 0) { - BOOL found = False; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (StrCaseCmp(privs[j].priv, privname) == 0) { - found = True; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (privname[0] == '\0') { - d_printf("Usage: net priv add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net priv add {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (sid_string[0] == '\0') { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } else { - string_to_sid(&sid, sid_string); - } - - if (!pdb_add_sid_to_privilege(privname, &sid)) { - d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully added SID %s to privilege %s\n", sid_string, privname); - return 0; -} - -/********************************************************* - Remove a SID froma privilege entry -**********************************************************/ - -static int net_priv_remove(int argc, const char **argv) -{ - DOM_SID sid; - fstring privname = ""; - fstring sid_string = ""; - uint32 rid = 0; - int i; - - /* get the options */ - for ( i=0; i<argc; i++ ) { - if (StrnCaseCmp(argv[i], "rid", strlen("rid")) == 0) { - rid = get_int_param(argv[i]); - if (rid < DOMAIN_GROUP_RID_ADMINS) { - d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "privilege", strlen("privilege")) == 0) { - BOOL found = False; - int j; - - fstrcpy(privname, get_string_param(argv[i])); - if (!privname[0]) { - d_printf("must supply a name\n"); - return -1; - } - for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) { - if (StrCaseCmp(privs[j].priv, privname) == 0) { - found = True; - } - } - if (!found) { - d_printf("unknown privilege name"); - return -1; - } - } - else if (StrnCaseCmp(argv[i], "sid", strlen("sid")) == 0) { - fstrcpy(sid_string, get_string_param(argv[i])); - if (!sid_string[0]) { - d_printf("must supply a SID\n"); - return -1; - } - } - else { - d_printf("Bad option: %s\n", argv[i]); - return -1; - } - } - - if (privname[0] == '\0') { - d_printf("Usage: net priv remove {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - if ((rid == 0) && (sid_string[0] == '\0')) { - d_printf("No rid or sid specified\n"); - d_printf("Usage: net priv remove {rid=<int>|sid=<string>} privilege=<string>\n"); - return -1; - } - - /* append the rid to our own domain/machine SID if we don't have a full SID */ - if (sid_string[0] == '\0') { - sid_copy(&sid, get_global_sam_sid()); - sid_append_rid(&sid, rid); - sid_to_string(sid_string, &sid); - } else { - string_to_sid(&sid, sid_string); - } - - if (!pdb_remove_sid_from_privilege(privname, &sid)) { - d_printf("removing sid %s from privilege %s failed!\n", sid_string, privname); - return -1; - } - - d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname); - return 0; -} - -int net_help_priv(int argc, const char **argv) -{ - d_printf("net priv add sid\n" \ - " Add sid to privilege\n"); - d_printf("net priv remove sid\n"\ - " Remove sid from privilege\n"); - d_printf("net priv list\n"\ - " List sids per privilege\n"); - - return -1; -} - - -/*********************************************************** - migrated functionality from smbgroupedit - **********************************************************/ -int net_priv(int argc, const char **argv) -{ - struct functable func[] = { - {"add", net_priv_add}, - {"remove", net_priv_remove}, - {"list", net_priv_list}, - {"help", net_help_priv}, - {NULL, NULL} - }; - - /* we shouldn't have silly checks like this */ - if (getuid() != 0) { - d_printf("You must be root to edit privilege mappings.\nExiting...\n"); - return -1; - } - - if ( argc ) - return net_run_function(argc, argv, func, net_help_priv); - - return net_help_priv(argc, argv); -} - diff --git a/source/utils/ntlm_auth.c b/source/utils/ntlm_auth.c index 2213a9bae37..e33bca363bf 100644 --- a/source/utils/ntlm_auth.c +++ b/source/utils/ntlm_auth.c @@ -366,6 +366,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *n &ntlmssp_state->chal, &ntlmssp_state->lm_resp, &ntlmssp_state->nt_resp, + NULL, NULL, ntlmssp_state->user, ntlmssp_state->user, ntlmssp_state->domain, diff --git a/source/utils/pdbedit.c b/source/utils/pdbedit.c index af96413c5ae..3f7aba83668 100644 --- a/source/utils/pdbedit.c +++ b/source/utils/pdbedit.c @@ -49,10 +49,6 @@ #define BIT_EXPORT 0x02000000 #define BIT_FIX_INIT 0x04000000 #define BIT_BADPWRESET 0x08000000 -#define BIT_TRUSTDOM 0x10000000 -#define BIT_TRUSTPW 0x20000000 -#define BIT_TRUSTSID 0x40000000 -#define BIT_TRUSTFLAGS 0x80000000 #define MASK_ALWAYS_GOOD 0x0000001F #define MASK_USER_GOOD 0x00401F00 @@ -228,121 +224,6 @@ static int print_user_info (struct pdb_context *in, const char *username, BOOL v return ret; } - - -/** - * Trust password flag name to flag conversion - * - * @param flag_name SAM_TRUST_PASSWD structure flag name - * @return flag value - **/ - -static int trustpw_flag(const char* flag_name) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (!StrCaseCmp(flags[i].name, flag_name)) { - return flags[i].val; - } - } - - return 0; -} - - -/** - * Trust password flag to flag name conversion - * - * @param val SAM_TRUST_PASSWD structure flag - * @return passed flag name - **/ - -static char* trustpw_flag_name(const int val) -{ - const int flag_num = 5; - typedef struct { const char *name; int val; } flag_conv; - flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT }, - { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT }, - { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT }, - { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS }, - { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }}; - int i; - - for (i = 0; i < flag_num; i++) { - if (flags[i].val == val) { - return strdup(flags[i].name); - } - } - - return strdup("unknown flag"); -} - - -/** - * Print trust password structure information - * - * @param mem_ctx memory context (for unicode name conversion) - * @param trust SAM_TRUST_PASSWD structure - * @param verbose verbose mode on/off - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_info(TALLOC_CTX *mem_ctx, SAM_TRUST_PASSWD *trust, BOOL verbose) -{ - char *dom_name; - if (!mem_ctx || !trust) return -1; - - /* convert unicode domain name to char* */ - if (!pull_ucs2_talloc(mem_ctx, &dom_name, trust->private.uni_name)) return -1; - dom_name[trust->private.uni_name_len] = 0; - - /* different output depending on level of verbosity */ - if (verbose) { - printf("Domain name: %s\n", dom_name); - printf("Domain SID: %s\n", sid_string_static(&trust->private.domain_sid)); - printf("Trust password %s\n", trust->private.pass); - printf("Trust type: %s\n", trustpw_flag_name(trust->private.flags)); - printf("Last modified %s\n", trust->private.mod_time ? http_timestring(trust->private.mod_time) : "0"); - - } else { - printf("%s:%s\n", dom_name, sid_string_static(&trust->private.domain_sid)); - } - - return 0; -} - - -/** - * Print trust password information by given name - * - * @param in initialised pdb_context - * @param name domain name of the trust password - * @param verbose verbose mode on/off - * @param smbpwdstyle smbpassword-style output (ignored here) - * @return 0 on success, otherwise failure - **/ - -static int print_trust_info(struct pdb_context *in, const char *name, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - if (NT_STATUS_IS_OK(in->pdb_gettrustpwnam(in, &trust, name))) { - return print_trustpw_info(mem_ctx, &trust, verbose); - } - - return -1; -} /********************************************************* List Users @@ -373,47 +254,6 @@ static int print_users_list (struct pdb_context *in, BOOL verbosity, BOOL smbpwd return 0; } - -/** - * List trust passwords - * - * @param in initialised pdb context - * @param verbose turn on/off verbose mode - * @param smbpwdstyle ignored here (there was no trust passwords in smbpasswd file) - * @return 0 on success, otherwise failure - **/ - -static int print_trustpw_list(struct pdb_context *in, BOOL verbose, BOOL smbpwdstyle) -{ - SAM_TRUST_PASSWD trust; - TALLOC_CTX *mem_ctx = NULL; - NTSTATUS status = NT_STATUS_UNSUCCESSFUL; - - /* start enumeration and initialise memory context */ - status = in->pdb_settrustpwent(in); - if (NT_STATUS_IS_ERR(status)) return -1; - mem_ctx = talloc_init("pdbedit: trust passwords listing"); - - /* small separation to make it clear these are not regular accounts */ - if (!verbose) printf("---\n"); - - do { - /* fetch next trust password */ - status = in->pdb_gettrustpwent(in, &trust); - - if (trust.private.uni_name_len) { - /* print trust password info */ - if (verbose) printf ("---------------\n"); - print_trustpw_info(mem_ctx, &trust, verbose); - } - - } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(status, NT_STATUS_OK)); - - talloc_destroy(mem_ctx); - return 0; -} - - /********************************************************* Fix a list of Users for uninitialised passwords **********************************************************/ @@ -698,129 +538,6 @@ static int new_machine (struct pdb_context *in, const char *machine_in) return 0; } - -/** - * Add new trusting domain account - * - * @param in initialised pdb_context - * @param dom_name trusted domain name given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustdom(struct pdb_context *in, const char *dom_name) -{ - /* TODO */ - return -1; -} - - -/** - * Add new trust relationship password - * - * @param in initialised pdb_context - * @param dom_name trusting domain name given in command line - * @param dom_sid domain sid given in command line - * @param flag trust password type flag given in command line - * - * @return 0 on success, -1 otherwise - **/ - -static int new_trustpw(struct pdb_context *in, const char *dom_name, - const char *dom_sid, const char* flag) -{ - TALLOC_CTX *mem_ctx = NULL; - SAM_TRUST_PASSWD trust; - NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; - POLICY_HND connect_hnd; - DOM_SID *domain_sid = NULL; - smb_ucs2_t *uni_name = NULL; - char *givenpass, *domain_name = NULL; - struct in_addr srv_ip; - fstring srv_name, myname; - struct cli_state *cli; - time_t lct; - - if (!dom_name) return -1; - - mem_ctx = talloc_init("pdbedit: adding new trust password"); - - /* unicode name */ - trust.private.uni_name_len = strnlen(dom_name, 32); - push_ucs2_talloc(mem_ctx, &uni_name, dom_name); - strncpy_w(trust.private.uni_name, uni_name, 32); - - /* flags */ - trust.private.flags = trustpw_flag(flag); - - /* trusting SID */ - if (!dom_sid) { - /* if sid is not specified in command line, do our best - to establish it */ - - /* find domain PDC */ - if (!get_pdc_ip(dom_name, &srv_ip)) - return -1; - if (is_zero_ip(srv_ip)) - return -1; - if (!name_status_find(dom_name, 0x1b, 0x20, srv_ip, srv_name)) - return -1; - - get_myname(myname); - - /* Connect the domain pdc... */ - nt_status = cli_full_connection(&cli, myname, srv_name, &srv_ip, 139, - "IPC$", "IPC", "", "", "", 0, Undefined, NULL); - if (NT_STATUS_IS_ERR(nt_status)) - return -1; - if (!cli_nt_session_open(cli, PI_LSARPC)) - return -1; - - /* ...and query the domain sid */ - nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE, - &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd, - 5, &domain_name, &domain_sid); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd); - if (NT_STATUS_IS_ERR(nt_status)) return -1; - - cli_nt_session_close(cli); - cli_shutdown(cli); - - /* copying sid to trust password structure */ - sid_copy(&trust.private.domain_sid, domain_sid); - - } else { - if (!string_to_sid(&trust.private.domain_sid, dom_sid)) { - printf("Error: wrong SID specified !\n"); - return -1; - } - } - - /* password */ - givenpass = getpass("password:"); - memset(trust.private.pass, '\0', FSTRING_LEN); - strncpy(trust.private.pass, givenpass, FSTRING_LEN); - - /* last change time */ - lct = time(NULL); - trust.private.mod_time = lct; - - /* store trust password in passdb */ - nt_status = in->pdb_add_trust_passwd(in, &trust); - - talloc_destroy(mem_ctx); - if (NT_STATUS_IS_OK(nt_status)) - return 0; - - return -1; -} - - /********************************************************* Delete user entry **********************************************************/ @@ -886,7 +603,6 @@ int main (int argc, char **argv) static BOOL verbose = False; static BOOL spstyle = False; static BOOL machine = False; - static BOOL trustdom = False; static BOOL add_user = False; static BOOL delete_user = False; static BOOL modify_user = False; @@ -910,10 +626,6 @@ int main (int argc, char **argv) static long int account_policy_value = 0; BOOL account_policy_value_set = False; static BOOL badpw_reset = False; - /* trust password parameters */ - static char *trustpw = NULL; - static char *trustsid = NULL; - static char *trustflags = NULL; struct pdb_context *bin; struct pdb_context *bout; @@ -934,12 +646,8 @@ int main (int argc, char **argv) {"group SID", 'G', POPT_ARG_STRING, &group_sid, 0, "set group SID or RID", NULL}, {"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL}, {"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL}, - {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL}, - {"trustdom", 'I', POPT_ARG_NONE, &trustdom, 0, "account is a domain trust account", NULL}, - {"trustpw", 'N', POPT_ARG_STRING, &trustpw, 0, "trust password's domain name", NULL}, - {"trustsid", 'T', POPT_ARG_STRING, &trustsid, 0, "trust password's domain sid", NULL}, - {"trustflags", 'F', POPT_ARG_STRING, &trustflags, 0, "trust password flags", NULL}, + {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL}, {"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL}, {"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL}, {"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL}, @@ -991,10 +699,6 @@ int main (int argc, char **argv) (logon_script ? BIT_LOGSCRIPT : 0) + (profile_path ? BIT_PROFILE : 0) + (machine ? BIT_MACHINE : 0) + - (trustdom ? BIT_TRUSTDOM : 0) + - (trustpw ? BIT_TRUSTPW : 0) + - (trustsid ? BIT_TRUSTSID : 0) + - (trustflags ? BIT_TRUSTFLAGS : 0) + (user_name ? BIT_USER : 0) + (list_users ? BIT_LIST : 0) + (force_initialised_password ? BIT_FIX_INIT : 0) + @@ -1094,14 +798,10 @@ int main (int argc, char **argv) /* list users operations */ if (checkparms & BIT_LIST) { if (!(checkparms & ~BIT_LIST)) { - print_users_list (bdef, verbose, spstyle); - return print_trustpw_list(bdef, verbose, spstyle); + return print_users_list (bdef, verbose, spstyle); } if (!(checkparms & ~(BIT_USER + BIT_LIST))) { return print_user_info (bdef, user_name, verbose, spstyle); - - } else if (!(checkparms & ~(BIT_TRUSTPW + BIT_LIST))) { - return print_trust_info(bdef, trustpw, verbose, spstyle); } } @@ -1117,21 +817,15 @@ int main (int argc, char **argv) /* account operation */ if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { /* check use of -u option */ - if (!(checkparms & (BIT_USER + BIT_TRUSTPW))) { + if (!(checkparms & BIT_USER)) { fprintf (stderr, "Username not specified! (use -u option)\n"); return -1; } /* account creation operations */ - if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE + BIT_TRUSTDOM))) { - /* machine trust account */ + if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) { if (checkparms & BIT_MACHINE) { return new_machine (bdef, user_name); - /* interdomain trust account */ - } else if (checkparms & BIT_TRUSTDOM) { - return new_trustdom(bdef, user_name); - - /* ordinary user account */ } else { return new_user (bdef, user_name, full_name, home_dir, home_drive, logon_script, @@ -1160,15 +854,6 @@ int main (int argc, char **argv) } } - /* trust password operation */ - if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) { - /* trust password creation */ - if (!(checkparms & ~(BIT_CREATE + BIT_TRUSTPW + BIT_TRUSTSID + BIT_TRUSTFLAGS))) { - return new_trustpw(bdef, trustpw, trustsid, trustflags); - } - } - - if (setparms >= 0x20) { fprintf (stderr, "Incompatible or insufficient options on command line!\n"); } @@ -1176,4 +861,3 @@ int main (int argc, char **argv) return 1; } - |