From 4bfb8d602651f0bacbdcefef1005390277f8a056 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 1 Feb 2002 22:22:26 +0000 Subject: Sync for release. Jeremy. --- source/Doxyfile | 9 +- source/codepages/CP1251.TXT | 274 +++++++++++++++++++++ source/include/rap.h | 1 + source/libsmb/cli_dfs.c | 3 +- source/libsmb/cli_pipe_util.c | 6 +- source/libsmb/cli_reg.c | 3 +- source/libsmb/clioplock.c | 3 +- source/libsmb/clispnego.c | 9 +- source/libsmb/domain_client_validate.c | 434 +++++++++++++++++++++++++++++++++ source/libsmb/errormap.c | 3 +- source/nsswitch/.cvsignore | 1 - source/nsswitch/hp_nss_common.h | 7 +- source/nsswitch/hp_nss_dbdefs.h | 3 +- source/nsswitch/winbindd_cm.c | 84 +++---- source/nsswitch/winbindd_wins.c | 30 ++- source/rpcclient/cmd_dfs.c | 3 +- source/rpcclient/cmd_reg.c | 3 +- source/rpcclient/cmd_wkssvc.c | 3 +- source/rpcclient/display.c | 3 +- source/rpcclient/display_sec.c | 258 ++++++++++++++------ source/rpcclient/display_spool.c | 3 +- source/rpcclient/rpcclient.h | 3 +- source/rpcclient/samsync.c | 316 +++--------------------- source/rpcclient/spoolss_cmds.c | 3 +- source/script/smbadduser | 76 ++++++ source/tdb/tdbdump.c | 3 +- source/utils/nsstest.c | 302 +++++++++++++++++++++++ 27 files changed, 1382 insertions(+), 464 deletions(-) create mode 100644 source/codepages/CP1251.TXT create mode 100644 source/libsmb/domain_client_validate.c create mode 100755 source/script/smbadduser create mode 100644 source/utils/nsstest.c diff --git a/source/Doxyfile b/source/Doxyfile index fe71065c24c..c25a45ddc3d 100644 --- a/source/Doxyfile +++ b/source/Doxyfile @@ -41,8 +41,6 @@ ENABLED_SECTIONS = MAX_INITIALIZER_LINES = 30 OPTIMIZE_OUTPUT_FOR_C = YES SHOW_USED_FILES = YES -REFERENCED_RELATION = YES -REFERENCED_BY_RELATION = YES #--------------------------------------------------------------------------- # configuration options related to warning and progress messages #--------------------------------------------------------------------------- @@ -54,8 +52,7 @@ WARN_LOGFILE = #--------------------------------------------------------------------------- # configuration options related to the input files #--------------------------------------------------------------------------- -INPUT = . \ - CodingSuggestions mainpage.dox +INPUT = . FILE_PATTERNS = *.c \ *.h \ *.idl @@ -82,7 +79,7 @@ HTML_OUTPUT = html HTML_HEADER = HTML_FOOTER = HTML_STYLESHEET = -HTML_ALIGN_MEMBERS = YES +HTML_ALIGN_MEMBERS = NO GENERATE_HTMLHELP = NO GENERATE_CHI = NO BINARY_TOC = NO @@ -126,7 +123,7 @@ GENERATE_XML = NO #--------------------------------------------------------------------------- # Configuration options related to the preprocessor #--------------------------------------------------------------------------- -ENABLE_PREPROCESSING = NO +ENABLE_PREPROCESSING = YES MACRO_EXPANSION = NO EXPAND_ONLY_PREDEF = NO SEARCH_INCLUDES = YES diff --git a/source/codepages/CP1251.TXT b/source/codepages/CP1251.TXT new file mode 100644 index 00000000000..f6876e6d639 --- /dev/null +++ b/source/codepages/CP1251.TXT @@ -0,0 +1,274 @@ +# +# Name: cp1251 to Unicode table +# Unicode version: 2.0 +# Table version: 2.01 +# Table format: Format A +# Date: 04/15/98 +# +# Contact: cpxlate@microsoft.com +# +# General notes: none +# +# Format: Three tab-separated columns +# Column #1 is the cp1251 code (in hex) +# Column #2 is the Unicode (in hex as 0xXXXX) +# Column #3 is the Unicode name (follows a comment sign, '#') +# +# The entries are in cp1251 order +# +0x00 0x0000 #NULL +0x01 0x0001 #START OF HEADING +0x02 0x0002 #START OF TEXT +0x03 0x0003 #END OF TEXT +0x04 0x0004 #END OF TRANSMISSION +0x05 0x0005 #ENQUIRY +0x06 0x0006 #ACKNOWLEDGE +0x07 0x0007 #BELL +0x08 0x0008 #BACKSPACE +0x09 0x0009 #HORIZONTAL TABULATION +0x0A 0x000A #LINE FEED +0x0B 0x000B #VERTICAL TABULATION +0x0C 0x000C #FORM FEED +0x0D 0x000D #CARRIAGE RETURN +0x0E 0x000E #SHIFT OUT +0x0F 0x000F #SHIFT IN +0x10 0x0010 #DATA LINK ESCAPE +0x11 0x0011 #DEVICE CONTROL ONE +0x12 0x0012 #DEVICE CONTROL TWO +0x13 0x0013 #DEVICE CONTROL THREE +0x14 0x0014 #DEVICE CONTROL FOUR +0x15 0x0015 #NEGATIVE ACKNOWLEDGE +0x16 0x0016 #SYNCHRONOUS IDLE +0x17 0x0017 #END OF TRANSMISSION BLOCK +0x18 0x0018 #CANCEL +0x19 0x0019 #END OF MEDIUM +0x1A 0x001A #SUBSTITUTE +0x1B 0x001B #ESCAPE +0x1C 0x001C #FILE SEPARATOR +0x1D 0x001D #GROUP SEPARATOR +0x1E 0x001E #RECORD SEPARATOR +0x1F 0x001F #UNIT SEPARATOR +0x20 0x0020 #SPACE +0x21 0x0021 #EXCLAMATION MARK +0x22 0x0022 #QUOTATION MARK +0x23 0x0023 #NUMBER SIGN +0x24 0x0024 #DOLLAR SIGN +0x25 0x0025 #PERCENT SIGN +0x26 0x0026 #AMPERSAND +0x27 0x0027 #APOSTROPHE +0x28 0x0028 #LEFT PARENTHESIS +0x29 0x0029 #RIGHT PARENTHESIS +0x2A 0x002A #ASTERISK +0x2B 0x002B #PLUS SIGN +0x2C 0x002C #COMMA +0x2D 0x002D #HYPHEN-MINUS +0x2E 0x002E #FULL STOP +0x2F 0x002F #SOLIDUS +0x30 0x0030 #DIGIT ZERO +0x31 0x0031 #DIGIT ONE +0x32 0x0032 #DIGIT TWO +0x33 0x0033 #DIGIT THREE +0x34 0x0034 #DIGIT FOUR +0x35 0x0035 #DIGIT FIVE +0x36 0x0036 #DIGIT SIX +0x37 0x0037 #DIGIT SEVEN +0x38 0x0038 #DIGIT EIGHT +0x39 0x0039 #DIGIT NINE +0x3A 0x003A #COLON +0x3B 0x003B #SEMICOLON +0x3C 0x003C #LESS-THAN SIGN +0x3D 0x003D #EQUALS SIGN +0x3E 0x003E #GREATER-THAN SIGN +0x3F 0x003F #QUESTION MARK +0x40 0x0040 #COMMERCIAL AT +0x41 0x0041 #LATIN CAPITAL LETTER A +0x42 0x0042 #LATIN CAPITAL LETTER B +0x43 0x0043 #LATIN CAPITAL LETTER C +0x44 0x0044 #LATIN CAPITAL LETTER D +0x45 0x0045 #LATIN CAPITAL LETTER E +0x46 0x0046 #LATIN CAPITAL LETTER F +0x47 0x0047 #LATIN CAPITAL LETTER G +0x48 0x0048 #LATIN CAPITAL LETTER H +0x49 0x0049 #LATIN CAPITAL LETTER I +0x4A 0x004A #LATIN CAPITAL LETTER J +0x4B 0x004B #LATIN CAPITAL LETTER K +0x4C 0x004C #LATIN CAPITAL LETTER L +0x4D 0x004D #LATIN CAPITAL LETTER M +0x4E 0x004E #LATIN CAPITAL LETTER N +0x4F 0x004F #LATIN CAPITAL LETTER O +0x50 0x0050 #LATIN CAPITAL LETTER P +0x51 0x0051 #LATIN CAPITAL LETTER Q +0x52 0x0052 #LATIN CAPITAL LETTER R +0x53 0x0053 #LATIN CAPITAL LETTER S +0x54 0x0054 #LATIN CAPITAL LETTER T +0x55 0x0055 #LATIN CAPITAL LETTER U +0x56 0x0056 #LATIN CAPITAL LETTER V +0x57 0x0057 #LATIN CAPITAL LETTER W +0x58 0x0058 #LATIN CAPITAL LETTER X +0x59 0x0059 #LATIN CAPITAL LETTER Y +0x5A 0x005A #LATIN CAPITAL LETTER Z +0x5B 0x005B #LEFT SQUARE BRACKET +0x5C 0x005C #REVERSE SOLIDUS +0x5D 0x005D #RIGHT SQUARE BRACKET +0x5E 0x005E #CIRCUMFLEX ACCENT +0x5F 0x005F #LOW LINE +0x60 0x0060 #GRAVE ACCENT +0x61 0x0061 #LATIN SMALL LETTER A +0x62 0x0062 #LATIN SMALL LETTER B +0x63 0x0063 #LATIN SMALL LETTER C +0x64 0x0064 #LATIN SMALL LETTER D +0x65 0x0065 #LATIN SMALL LETTER E +0x66 0x0066 #LATIN SMALL LETTER F +0x67 0x0067 #LATIN SMALL LETTER G +0x68 0x0068 #LATIN SMALL LETTER H +0x69 0x0069 #LATIN SMALL LETTER I +0x6A 0x006A #LATIN SMALL LETTER J +0x6B 0x006B #LATIN SMALL LETTER K +0x6C 0x006C #LATIN SMALL LETTER L +0x6D 0x006D #LATIN SMALL LETTER M +0x6E 0x006E #LATIN SMALL LETTER N +0x6F 0x006F #LATIN SMALL LETTER O +0x70 0x0070 #LATIN SMALL LETTER P +0x71 0x0071 #LATIN SMALL LETTER Q +0x72 0x0072 #LATIN SMALL LETTER R +0x73 0x0073 #LATIN SMALL LETTER S +0x74 0x0074 #LATIN SMALL LETTER T +0x75 0x0075 #LATIN SMALL LETTER U +0x76 0x0076 #LATIN SMALL LETTER V +0x77 0x0077 #LATIN SMALL LETTER W +0x78 0x0078 #LATIN SMALL LETTER X +0x79 0x0079 #LATIN SMALL LETTER Y +0x7A 0x007A #LATIN SMALL LETTER Z +0x7B 0x007B #LEFT CURLY BRACKET +0x7C 0x007C #VERTICAL LINE +0x7D 0x007D #RIGHT CURLY BRACKET +0x7E 0x007E #TILDE +0x7F 0x007F #DELETE +0x80 0x0402 #CYRILLIC CAPITAL LETTER DJE +0x81 0x0403 #CYRILLIC CAPITAL LETTER GJE +0x82 0x201A #SINGLE LOW-9 QUOTATION MARK +0x83 0x0453 #CYRILLIC SMALL LETTER GJE +0x84 0x201E #DOUBLE LOW-9 QUOTATION MARK +0x85 0x2026 #HORIZONTAL ELLIPSIS +0x86 0x2020 #DAGGER +0x87 0x2021 #DOUBLE DAGGER +0x88 0x20AC #EURO SIGN +0x89 0x2030 #PER MILLE SIGN +0x8A 0x0409 #CYRILLIC CAPITAL LETTER LJE +0x8B 0x2039 #SINGLE LEFT-POINTING ANGLE QUOTATION MARK +0x8C 0x040A #CYRILLIC CAPITAL LETTER NJE +0x8D 0x040C #CYRILLIC CAPITAL LETTER KJE +0x8E 0x040B #CYRILLIC CAPITAL LETTER TSHE +0x8F 0x040F #CYRILLIC CAPITAL LETTER DZHE +0x90 0x0452 #CYRILLIC SMALL LETTER DJE +0x91 0x2018 #LEFT SINGLE QUOTATION MARK +0x92 0x2019 #RIGHT SINGLE QUOTATION MARK +0x93 0x201C #LEFT DOUBLE QUOTATION MARK +0x94 0x201D #RIGHT DOUBLE QUOTATION MARK +0x95 0x2022 #BULLET +0x96 0x2013 #EN DASH +0x97 0x2014 #EM DASH +0x98 #UNDEFINED +0x99 0x2122 #TRADE MARK SIGN +0x9A 0x0459 #CYRILLIC SMALL LETTER LJE +0x9B 0x203A #SINGLE RIGHT-POINTING ANGLE QUOTATION MARK +0x9C 0x045A #CYRILLIC SMALL LETTER NJE +0x9D 0x045C #CYRILLIC SMALL LETTER KJE +0x9E 0x045B #CYRILLIC SMALL LETTER TSHE +0x9F 0x045F #CYRILLIC SMALL LETTER DZHE +0xA0 0x00A0 #NO-BREAK SPACE +0xA1 0x040E #CYRILLIC CAPITAL LETTER SHORT U +0xA2 0x045E #CYRILLIC SMALL LETTER SHORT U +0xA3 0x0408 #CYRILLIC CAPITAL LETTER JE +0xA4 0x00A4 #CURRENCY SIGN +0xA5 0x0490 #CYRILLIC CAPITAL LETTER GHE WITH UPTURN +0xA6 0x00A6 #BROKEN BAR +0xA7 0x00A7 #SECTION SIGN +0xA8 0x0401 #CYRILLIC CAPITAL LETTER IO +0xA9 0x00A9 #COPYRIGHT SIGN +0xAA 0x0404 #CYRILLIC CAPITAL LETTER UKRAINIAN IE +0xAB 0x00AB #LEFT-POINTING DOUBLE ANGLE QUOTATION MARK +0xAC 0x00AC #NOT SIGN +0xAD 0x00AD #SOFT HYPHEN +0xAE 0x00AE #REGISTERED SIGN +0xAF 0x0407 #CYRILLIC CAPITAL LETTER YI +0xB0 0x00B0 #DEGREE SIGN +0xB1 0x00B1 #PLUS-MINUS SIGN +0xB2 0x0406 #CYRILLIC CAPITAL LETTER BYELORUSSIAN-UKRAINIAN I +0xB3 0x0456 #CYRILLIC SMALL LETTER BYELORUSSIAN-UKRAINIAN I +0xB4 0x0491 #CYRILLIC SMALL LETTER GHE WITH UPTURN +0xB5 0x00B5 #MICRO SIGN +0xB6 0x00B6 #PILCROW SIGN +0xB7 0x00B7 #MIDDLE DOT +0xB8 0x0451 #CYRILLIC SMALL LETTER IO +0xB9 0x2116 #NUMERO SIGN +0xBA 0x0454 #CYRILLIC SMALL LETTER UKRAINIAN IE +0xBB 0x00BB #RIGHT-POINTING DOUBLE ANGLE QUOTATION MARK +0xBC 0x0458 #CYRILLIC SMALL LETTER JE +0xBD 0x0405 #CYRILLIC CAPITAL LETTER DZE +0xBE 0x0455 #CYRILLIC SMALL LETTER DZE +0xBF 0x0457 #CYRILLIC SMALL LETTER YI +0xC0 0x0410 #CYRILLIC CAPITAL LETTER A +0xC1 0x0411 #CYRILLIC CAPITAL LETTER BE +0xC2 0x0412 #CYRILLIC CAPITAL LETTER VE +0xC3 0x0413 #CYRILLIC CAPITAL LETTER GHE +0xC4 0x0414 #CYRILLIC CAPITAL LETTER DE +0xC5 0x0415 #CYRILLIC CAPITAL LETTER IE +0xC6 0x0416 #CYRILLIC CAPITAL LETTER ZHE +0xC7 0x0417 #CYRILLIC CAPITAL LETTER ZE +0xC8 0x0418 #CYRILLIC CAPITAL LETTER I +0xC9 0x0419 #CYRILLIC CAPITAL LETTER SHORT I +0xCA 0x041A #CYRILLIC CAPITAL LETTER KA +0xCB 0x041B #CYRILLIC CAPITAL LETTER EL +0xCC 0x041C #CYRILLIC CAPITAL LETTER EM +0xCD 0x041D #CYRILLIC CAPITAL LETTER EN +0xCE 0x041E #CYRILLIC CAPITAL LETTER O +0xCF 0x041F #CYRILLIC CAPITAL LETTER PE +0xD0 0x0420 #CYRILLIC CAPITAL LETTER ER +0xD1 0x0421 #CYRILLIC CAPITAL LETTER ES +0xD2 0x0422 #CYRILLIC CAPITAL LETTER TE +0xD3 0x0423 #CYRILLIC CAPITAL LETTER U +0xD4 0x0424 #CYRILLIC CAPITAL LETTER EF +0xD5 0x0425 #CYRILLIC CAPITAL LETTER HA +0xD6 0x0426 #CYRILLIC CAPITAL LETTER TSE +0xD7 0x0427 #CYRILLIC CAPITAL LETTER CHE +0xD8 0x0428 #CYRILLIC CAPITAL LETTER SHA +0xD9 0x0429 #CYRILLIC CAPITAL LETTER SHCHA +0xDA 0x042A #CYRILLIC CAPITAL LETTER HARD SIGN +0xDB 0x042B #CYRILLIC CAPITAL LETTER YERU +0xDC 0x042C #CYRILLIC CAPITAL LETTER SOFT SIGN +0xDD 0x042D #CYRILLIC CAPITAL LETTER E +0xDE 0x042E #CYRILLIC CAPITAL LETTER YU +0xDF 0x042F #CYRILLIC CAPITAL LETTER YA +0xE0 0x0430 #CYRILLIC SMALL LETTER A +0xE1 0x0431 #CYRILLIC SMALL LETTER BE +0xE2 0x0432 #CYRILLIC SMALL LETTER VE +0xE3 0x0433 #CYRILLIC SMALL LETTER GHE +0xE4 0x0434 #CYRILLIC SMALL LETTER DE +0xE5 0x0435 #CYRILLIC SMALL LETTER IE +0xE6 0x0436 #CYRILLIC SMALL LETTER ZHE +0xE7 0x0437 #CYRILLIC SMALL LETTER ZE +0xE8 0x0438 #CYRILLIC SMALL LETTER I +0xE9 0x0439 #CYRILLIC SMALL LETTER SHORT I +0xEA 0x043A #CYRILLIC SMALL LETTER KA +0xEB 0x043B #CYRILLIC SMALL LETTER EL +0xEC 0x043C #CYRILLIC SMALL LETTER EM +0xED 0x043D #CYRILLIC SMALL LETTER EN +0xEE 0x043E #CYRILLIC SMALL LETTER O +0xEF 0x043F #CYRILLIC SMALL LETTER PE +0xF0 0x0440 #CYRILLIC SMALL LETTER ER +0xF1 0x0441 #CYRILLIC SMALL LETTER ES +0xF2 0x0442 #CYRILLIC SMALL LETTER TE +0xF3 0x0443 #CYRILLIC SMALL LETTER U +0xF4 0x0444 #CYRILLIC SMALL LETTER EF +0xF5 0x0445 #CYRILLIC SMALL LETTER HA +0xF6 0x0446 #CYRILLIC SMALL LETTER TSE +0xF7 0x0447 #CYRILLIC SMALL LETTER CHE +0xF8 0x0448 #CYRILLIC SMALL LETTER SHA +0xF9 0x0449 #CYRILLIC SMALL LETTER SHCHA +0xFA 0x044A #CYRILLIC SMALL LETTER HARD SIGN +0xFB 0x044B #CYRILLIC SMALL LETTER YERU +0xFC 0x044C #CYRILLIC SMALL LETTER SOFT SIGN +0xFD 0x044D #CYRILLIC SMALL LETTER E +0xFE 0x044E #CYRILLIC SMALL LETTER YU +0xFF 0x044F #CYRILLIC SMALL LETTER YA diff --git a/source/include/rap.h b/source/include/rap.h index 993dfa7e335..24b70251b77 100755 --- a/source/include/rap.h +++ b/source/include/rap.h @@ -1,5 +1,6 @@ /* Samba Unix/Linux SMB client library + Version 3.0 RAP (SMB Remote Procedure Calls) defines and structures Copyright (C) Steve French 2001 (sfrench@us.ibm.com) Copyright (C) Jim McDonough 2001 (jmcd@us.ibm.com) diff --git a/source/libsmb/cli_dfs.c b/source/libsmb/cli_dfs.c index 312275926c7..83220fd1afc 100644 --- a/source/libsmb/cli_dfs.c +++ b/source/libsmb/cli_dfs.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC pipe client Copyright (C) Tim Potter 2000-2001, diff --git a/source/libsmb/cli_pipe_util.c b/source/libsmb/cli_pipe_util.c index de1c832e44f..9521d817fa5 100644 --- a/source/libsmb/cli_pipe_util.c +++ b/source/libsmb/cli_pipe_util.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC pipe client utility functions Copyright (C) Tim Potter 2001, @@ -20,9 +21,6 @@ #include "includes.h" -/** \defgroup rpc_client RPC Client routines - */ - /* Opens a SMB connection to a named pipe */ struct cli_state *cli_pipe_initialise(struct cli_state *cli, char *system_name, diff --git a/source/libsmb/cli_reg.c b/source/libsmb/cli_reg.c index c09ccabb29f..b88b3532ef7 100644 --- a/source/libsmb/cli_reg.c +++ b/source/libsmb/cli_reg.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC Pipe client Copyright (C) Andrew Tridgell 1992-1998, diff --git a/source/libsmb/clioplock.c b/source/libsmb/clioplock.c index 0ffeb1926b0..dca0e96cb4a 100644 --- a/source/libsmb/clioplock.c +++ b/source/libsmb/clioplock.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 SMB client oplock functions Copyright (C) Andrew Tridgell 2001 diff --git a/source/libsmb/clispnego.c b/source/libsmb/clispnego.c index a962953b901..784463566f3 100644 --- a/source/libsmb/clispnego.c +++ b/source/libsmb/clispnego.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 simple kerberos5/SPNEGO routines Copyright (C) Andrew Tridgell 2001 @@ -216,7 +217,7 @@ BOOL parse_negTokenTarg(DATA_BLOB blob, char *OIDs[ASN1_MAX_OIDS], DATA_BLOB *se /* generate a krb5 GSS-API wrapper packet given a ticket */ -DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket) +static DATA_BLOB spnego_gen_krb5_wrap(DATA_BLOB ticket) { ASN1_DATA data; DATA_BLOB ret; @@ -485,7 +486,9 @@ BOOL msrpc_gen(DATA_BLOB *blob, va_end(ap); /* allocate the space, then scan the format again to fill in the values */ - *blob = data_blob(NULL, head_size + data_size); + blob->data = malloc(head_size + data_size); + blob->length = head_size + data_size; + if (!blob->data) return False; head_ofs = 0; data_ofs = head_size; diff --git a/source/libsmb/domain_client_validate.c b/source/libsmb/domain_client_validate.c new file mode 100644 index 00000000000..04ce90895ae --- /dev/null +++ b/source/libsmb/domain_client_validate.c @@ -0,0 +1,434 @@ +/* + Unix SMB/Netbios implementation. + Version 1.9. + Authenticate against a remote domain + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern struct in_addr ipzero; + +extern pstring global_myname; + +/*********************************************************************** + Connect to a remote machine for domain security authentication + given a name or IP address. + ***********************************************************************/ + +static BOOL connect_to_domain_password_server(struct cli_state *pcli, + char *server, unsigned char *trust_passwd) +{ + struct in_addr dest_ip; + fstring remote_machine; + NTSTATUS result; + + if(cli_initialise(pcli) == NULL) { + DEBUG(0,("connect_to_domain_password_server: unable to initialize client connection.\n")); + return False; + } + + if (is_ipaddress(server)) { + struct in_addr to_ip; + + /* we shouldn't have 255.255.255.255 forthe IP address of + a password server anyways */ + if ((to_ip.s_addr=inet_addr(server)) == 0xFFFFFFFF) { + DEBUG (0,("connect_to_domain_password_server: inet_addr(%s) returned 0xFFFFFFFF!\n", server)); + return False; + } + + if (!name_status_find("*", 0x20, 0x20, to_ip, remote_machine)) { + DEBUG(0, ("connect_to_domain_password_server: Can't " + "resolve name for IP %s\n", server)); + return False; + } + } else { + fstrcpy(remote_machine, server); + } + + standard_sub_basic(remote_machine); + strupper(remote_machine); + + if(!resolve_name( remote_machine, &dest_ip, 0x20)) { + DEBUG(1,("connect_to_domain_password_server: Can't resolve address for %s\n", remote_machine)); + cli_shutdown(pcli); + return False; + } + + if (ismyip(dest_ip)) { + DEBUG(1,("connect_to_domain_password_server: Password server loop - not using password server %s\n", + remote_machine)); + cli_shutdown(pcli); + return False; + } + + if (!cli_connect(pcli, remote_machine, &dest_ip)) { + DEBUG(0,("connect_to_domain_password_server: unable to connect to SMB server on \ +machine %s. Error was : %s.\n", remote_machine, cli_errstr(pcli) )); + cli_shutdown(pcli); + return False; + } + + if (!attempt_netbios_session_request(pcli, global_myname, remote_machine, &dest_ip)) { + DEBUG(0,("connect_to_password_server: machine %s rejected the NetBIOS \ +session request. Error was : %s.\n", remote_machine, cli_errstr(pcli) )); + return False; + } + + pcli->protocol = PROTOCOL_NT1; + + if (!cli_negprot(pcli)) { + DEBUG(0,("connect_to_domain_password_server: machine %s rejected the negotiate protocol. \ +Error was : %s.\n", remote_machine, cli_errstr(pcli) )); + cli_shutdown(pcli); + return False; + } + + if (pcli->protocol != PROTOCOL_NT1) { + DEBUG(0,("connect_to_domain_password_server: machine %s didn't negotiate NT protocol.\n", + remote_machine)); + cli_shutdown(pcli); + return False; + } + + /* + * Do an anonymous session setup. + */ + + if (!cli_session_setup(pcli, "", "", 0, "", 0, "")) { + DEBUG(0,("connect_to_domain_password_server: machine %s rejected the session setup. \ +Error was : %s.\n", remote_machine, cli_errstr(pcli) )); + cli_shutdown(pcli); + return False; + } + + if (!(pcli->sec_mode & 1)) { + DEBUG(1,("connect_to_domain_password_server: machine %s isn't in user level security mode\n", + remote_machine)); + cli_shutdown(pcli); + return False; + } + + if (!cli_send_tconX(pcli, "IPC$", "IPC", "", 1)) { + DEBUG(0,("connect_to_domain_password_server: machine %s rejected the tconX on the IPC$ share. \ +Error was : %s.\n", remote_machine, cli_errstr(pcli) )); + cli_shutdown(pcli); + return False; + } + + /* + * We now have an anonymous connection to IPC$ on the domain password server. + */ + + /* + * Even if the connect succeeds we need to setup the netlogon + * pipe here. We do this as we may just have changed the domain + * account password on the PDC and yet we may be talking to + * a BDC that doesn't have this replicated yet. In this case + * a successful connect to a DC needs to take the netlogon connect + * into account also. This patch from "Bjart Kvarme" . + */ + + if(cli_nt_session_open(pcli, PIPE_NETLOGON) == False) { + DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \ +machine %s. Error was : %s.\n", remote_machine, cli_errstr(pcli))); + cli_nt_session_close(pcli); + cli_ulogoff(pcli); + cli_shutdown(pcli); + return False; + } + + result = cli_nt_setup_creds(pcli, trust_passwd); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("connect_to_domain_password_server: unable to setup the PDC credentials to machine \ +%s. Error was : %s.\n", remote_machine, get_nt_error_msg(result))); + cli_nt_session_close(pcli); + cli_ulogoff(pcli); + cli_shutdown(pcli); + return(False); + } + + return True; +} + +/*********************************************************************** + Utility function to attempt a connection to an IP address of a DC. +************************************************************************/ + +static BOOL attempt_connect_to_dc(struct cli_state *pcli, struct in_addr *ip, + unsigned char *trust_passwd) +{ + fstring dc_name; + + /* + * Ignore addresses we have already tried. + */ + + if (ip_equal(ipzero, *ip)) + return False; + + if (!lookup_dc_name(global_myname, lp_workgroup(), ip, dc_name)) + return False; + + return connect_to_domain_password_server(pcli, dc_name, trust_passwd); +} + +/*********************************************************************** + We have been asked to dynamcially determine the IP addresses of + the PDC and BDC's for this DOMAIN, and query them in turn. +************************************************************************/ +static BOOL find_connect_pdc(struct cli_state *pcli, + unsigned char *trust_passwd, + time_t last_change_time) +{ + struct in_addr *ip_list = NULL; + int count = 0; + int i; + BOOL connected_ok = False; + time_t time_now = time(NULL); + BOOL use_pdc_only = False; + + /* + * If the time the machine password has changed + * was less than an hour ago then we need to contact + * the PDC only, as we cannot be sure domain replication + * has yet taken place. Bug found by Gerald (way to go + * Gerald !). JRA. + */ + + if (time_now - last_change_time < 3600) + use_pdc_only = True; + + if (!get_dc_list(use_pdc_only, lp_workgroup(), &ip_list, &count)) + return False; + + /* + * Firstly try and contact a PDC/BDC who has the same + * network address as any of our interfaces. + */ + for(i = 0; i < count; i++) { + if(!is_local_net(ip_list[i])) + continue; + + if((connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd))) + break; + + ip_list[i] = ipzero; /* Tried and failed. */ + } + + /* + * Secondly try and contact a random PDC/BDC. + */ + if(!connected_ok) { + i = (sys_random() % count); + + if (!(connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd))) + ip_list[i] = ipzero; /* Tried and failed. */ + } + + /* + * Finally go through the IP list in turn, ignoring any addresses + * we have already tried. + */ + if(!connected_ok) { + /* + * Try and connect to any of the other IP addresses in the PDC/BDC list. + * Note that from a WINS server the #1 IP address is the PDC. + */ + for(i = 0; i < count; i++) { + if((connected_ok = attempt_connect_to_dc(pcli, &ip_list[i], trust_passwd))) + break; + } + } + + SAFE_FREE(ip_list); + + + return connected_ok; +} + +/*********************************************************************** + Do the same as security=server, but using NT Domain calls and a session + key from the machine password. If the server parameter is specified + use it, otherwise figure out a server from the 'password server' param. +************************************************************************/ + +NTSTATUS domain_client_validate(const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info, + char *server, unsigned char *trust_passwd, + time_t last_change_time) +{ + fstring remote_machine; + NET_ID_INFO_CTR ctr; + NET_USER_INFO_3 info3; + struct cli_state cli; + uint32 smb_uid_low; + BOOL connected_ok = False; + NTSTATUS status; + struct passwd *pass; + + /* + * Check that the requested domain is not our own machine name. + * If it is, we should never check the PDC here, we use our own local + * password file. + */ + + if(strequal(user_info->domain.str, global_myname)) { + DEBUG(3,("domain_client_validate: Requested domain was for this machine.\n")); + return NT_STATUS_LOGON_FAILURE; + } + + /* + * At this point, smb_apasswd points to the lanman response to + * the challenge in local_challenge, and smb_ntpasswd points to + * the NT response to the challenge in local_challenge. Ship + * these over the secure channel to a domain controller and + * see if they were valid. + */ + + ZERO_STRUCT(cli); + + while (!connected_ok && + next_token(&server,remote_machine,LIST_SEP,sizeof(remote_machine))) { + if(strequal(remote_machine, "*")) { + connected_ok = find_connect_pdc(&cli, trust_passwd, last_change_time); + } else { + connected_ok = connect_to_domain_password_server(&cli, remote_machine, trust_passwd); + } + } + + if (!connected_ok) { + DEBUG(0,("domain_client_validate: Domain password server not available.\n")); + cli_shutdown(&cli); + return NT_STATUS_LOGON_FAILURE; + } + + /* We really don't care what LUID we give the user. */ + generate_random_buffer( (unsigned char *)&smb_uid_low, 4, False); + + ZERO_STRUCT(info3); + + /* + * If this call succeeds, we now have lots of info about the user + * in the info3 structure. + */ + + status = cli_nt_login_network(&cli, user_info, smb_uid_low, + &ctr, &info3); + + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("domain_client_validate: unable to validate password " + "for user %s in domain %s to Domain controller %s. " + "Error was %s.\n", user_info->smb_name.str, + user_info->domain.str, cli.srv_name_slash, + get_nt_error_msg(status))); + } else { + char *dom_user; + + /* Check DOMAIN\username first to catch winbind users, then + just the username for local users. */ + + if (asprintf(&dom_user, "%s%s%s", user_info->domain.str, + lp_winbind_separator(), + user_info->internal_username.str) > 0) { + + if (!(pass = Get_Pwnam(dom_user))) + pass = Get_Pwnam(user_info->internal_username.str); + + SAFE_FREE(dom_user); + + if (pass) { + make_server_info_pw(server_info, pass); + if (!server_info) { + status = NT_STATUS_NO_MEMORY; + } + } else { + status = NT_STATUS_NO_SUCH_USER; + } + } else { + status = NT_STATUS_NO_MEMORY; + } + } + + /* Store the user group information in the server_info returned to the caller. */ + + if (NT_STATUS_IS_OK(status) && (info3.num_groups2 != 0)) { + DOM_SID domain_sid; + int i; + NT_USER_TOKEN *ptok; + auth_serversupplied_info *pserver_info = *server_info; + + if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { + DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n")); + status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + goto done; + } + + ptok = pserver_info->ptok; + ptok->num_sids = (size_t)info3.num_groups2; + + if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) { + DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n")); + status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + goto done; + } + + if (!secrets_fetch_domain_sid(lp_workgroup(), &domain_sid)) { + DEBUG(0, ("domain_client_validate: unable to fetch domain sid.\n")); + status = NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + free_server_info(server_info); + goto done; + } + + for (i = 0; i < ptok->num_sids; i++) { + sid_copy(&ptok->user_sids[i], &domain_sid); + sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid); + } + } + +#if 0 + /* + * We don't actually need to do this - plus it fails currently with + * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to + * send here. JRA. + */ + + if (NT_STATUS_IS_OK(status)) { + if(cli_nt_logoff(&cli, &ctr) == False) { + DEBUG(0,("domain_client_validate: unable to log off user %s in domain \ +%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); + status = NT_STATUS_LOGON_FAILURE; + } + } +#endif /* 0 */ + + done: + + /* Note - once the cli stream is shutdown the mem_ctx used + to allocate the other_sids and gids structures has been deleted - so + these pointers are no longer valid..... */ + + cli_nt_session_close(&cli); + cli_ulogoff(&cli); + cli_shutdown(&cli); + return status; +} diff --git a/source/libsmb/errormap.c b/source/libsmb/errormap.c index a4a5a8741e3..28b4cb04316 100644 --- a/source/libsmb/errormap.c +++ b/source/libsmb/errormap.c @@ -1,5 +1,6 @@ /* - * Unix SMB/CIFS implementation. + * Unix SMB/Netbios implementation. + * Version 3.0 * error mapping functions * Copyright (C) Andrew Tridgell 2001 * diff --git a/source/nsswitch/.cvsignore b/source/nsswitch/.cvsignore index 090b859b372..5f2a5c4cf75 100644 --- a/source/nsswitch/.cvsignore +++ b/source/nsswitch/.cvsignore @@ -1,3 +1,2 @@ *.po *.po32 -diffs diff --git a/source/nsswitch/hp_nss_common.h b/source/nsswitch/hp_nss_common.h index 5f39e9abb05..7ce67ed81fa 100644 --- a/source/nsswitch/hp_nss_common.h +++ b/source/nsswitch/hp_nss_common.h @@ -2,7 +2,8 @@ #define _HP_NSS_COMMON_H /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 Donated by HP to enable Winbindd to build on HPUX 11.x. Copyright (C) Jeremy Allison 2002. @@ -23,8 +24,12 @@ Boston, MA 02111-1307, USA. */ +#ifdef HAVE_SYNCH_H #include +#endif +#ifdef HAVE_PTHREAD_H #include +#endif typedef enum { NSS_SUCCESS, diff --git a/source/nsswitch/hp_nss_dbdefs.h b/source/nsswitch/hp_nss_dbdefs.h index bd24772e339..c6951277356 100644 --- a/source/nsswitch/hp_nss_dbdefs.h +++ b/source/nsswitch/hp_nss_dbdefs.h @@ -2,7 +2,8 @@ #define _HP_NSS_DBDEFS_H /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 Donated by HP to enable Winbindd to build on HPUX 11.x. Copyright (C) Jeremy Allison 2002. diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c index c1b5b27af89..af03826ad07 100644 --- a/source/nsswitch/winbindd_cm.c +++ b/source/nsswitch/winbindd_cm.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 Winbind daemon connection manager @@ -72,7 +73,7 @@ struct winbindd_cm_conn { POLICY_HND pol; }; -static struct winbindd_cm_conn *cm_conns = NULL; +struct winbindd_cm_conn *cm_conns = NULL; /* Get a domain controller name. Cache positive and negative lookups so we don't go to the network too often when something is badly broken. */ @@ -146,64 +147,38 @@ static BOOL cm_get_dc_name(char *domain, fstring srv_name) DEBUG(3, ("Could not look up dc's for domain %s\n", domain)); return False; } - - /* Pick a nice close server */ - - if (strequal(lp_passwordserver(), "*")) { - /* Look for DC on local net */ - - for (i = 0; i < count; i++) { - if (is_local_net(ip_list[i]) && - name_status_find(domain, 0x1c, 0x20, - ip_list[i], srv_name)) { - dc_ip = ip_list[i]; - goto done; - } - zero_ip(&ip_list[i]); - } - - /* Look for other DCs */ - - for (i = 0; i < count; i++) { - if (!is_zero_ip(ip_list[i]) && - name_status_find(domain, 0x1c, 0x20, - ip_list[i], srv_name)) { - dc_ip = ip_list[i]; - goto done; - } - } - - /* No-one to talk to )-: */ + /* Firstly choose a PDC/BDC who has the same network address as any + of our interfaces. */ + + for (i = 0; i < count; i++) { + if(is_local_net(ip_list[i])) + goto got_ip; + } + if (count == 0) { + DEBUG(3, ("No domain controllers for domain %s\n", domain)); return False; } + + i = (sys_random() % count); + + got_ip: + dc_ip = ip_list[i]; + SAFE_FREE(ip_list); + + /* We really should be doing a GETDC call here rather than a node + status lookup. */ - /* Return first DC that we can contact */ - - for (i = 0; i < count; i++) { - if (name_status_find(domain, 0x1c, 0x20, ip_list[i], - srv_name)) { - dc_ip = ip_list[i]; - goto done; - } + if (!name_status_find(domain, 0x1c, 0x20, dc_ip, srv_name)) { + DEBUG(3, ("Error looking up DC name for %s in domain %s\n", inet_ntoa(dc_ip), domain)); + return False; } - return False; /* Boo-hoo */ - - done: - /* We have the netbios name and IP address of a domain controller. - Ideally we should sent a SAMLOGON request to determine whether - the DC is alive and kicking. If we can catch a dead DC before - performing a cli_connect() we can avoid a 30-second timeout. */ - /* We have a name so make the cache entry positive now */ fstrcpy(dcc->srv_name, srv_name); - DEBUG(3, ("Returning DC %s (%s) for domain %s\n", srv_name, - inet_ntoa(dc_ip), domain)); - return True; } @@ -225,6 +200,7 @@ void cm_init_creds(struct ntuser_creds *creds) if (username && *username) { pwd_set_cleartext(&creds->pwd, password); + pwd_make_lm_nt_16(&creds->pwd, password); fstrcpy(creds->user_name, username); fstrcpy(creds->domain, lp_workgroup()); @@ -264,14 +240,14 @@ static BOOL cm_open_connection(char *domain, char *pipe_name, fstrcpy(new_conn->pipe_name, pipe_name); /* Look for a domain controller for this domain. Negative results - are cached so don't bother applying the caching for this - function just yet. */ + are cached so don't bother applying the caching for this + function just yet. */ if (!cm_get_dc_name(domain, new_conn->controller)) goto done; /* Return false if we have tried to look up this domain and netbios - name before and failed. */ + name before and failed. */ for (occ = open_connection_cache; occ; occ = occ->next) { @@ -287,7 +263,7 @@ static BOOL cm_open_connection(char *domain, char *pipe_name, DEBUG(10, ("cm_open_connection cache entry expired for %s, %s\n", domain, new_conn->controller)); DLIST_REMOVE(open_connection_cache, occ); - free(occ); + SAFE_FREE(occ); break; } @@ -709,7 +685,7 @@ NTSTATUS cm_get_netlogon_cli(char *domain, unsigned char *trust_passwd, return result; } - result = new_cli_nt_setup_creds(conn.cli, trust_passwd); + result = cli_nt_setup_creds(conn.cli, trust_passwd); if (!NT_STATUS_IS_OK(result)) { DEBUG(0, ("error connecting to domain password server: %s\n", diff --git a/source/nsswitch/winbindd_wins.c b/source/nsswitch/winbindd_wins.c index 0aab4ddd650..ca21ccb4853 100644 --- a/source/nsswitch/winbindd_wins.c +++ b/source/nsswitch/winbindd_wins.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.0 Winbind daemon - WINS related functions @@ -125,14 +126,14 @@ static struct in_addr *lookup_byname_backend(const char *name, int *count) enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state) { char response[1024]; - int i, count, len, size; + int i, count, len, size, maxsize; struct node_status *status; DEBUG(3, ("[%5d]: wins_byip %s\n", state->pid, state->request.data.name)); *response = '\0'; - len = sizeof(response) - 2; + maxsize = len = sizeof(response) - 1; if ((status = lookup_byaddr_backend(state->request.data.name, &count))){ size = strlen(state->request.data.name) + 1; @@ -141,8 +142,8 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state) return WINBINDD_ERROR; } len -= size; - safe_strcat(response,state->request.data.name,size); - safe_strcat(response,"\t",1); + safe_strcat(response,state->request.data.name,maxsize); + safe_strcat(response,"\t",maxsize); for (i = 0; i < count; i++) { /* ignore group names */ if (status[i].flags & 0x80) continue; @@ -153,11 +154,10 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state) return WINBINDD_ERROR; } len -= size; - safe_strcat(response, status[i].name, size); - safe_strcat(response, " ", 1); + safe_strcat(response, status[i].name, maxsize); + safe_strcat(response, " ", maxsize); } } - response[strlen(response)-1] = '\n'; SAFE_FREE(status); } fstrcpy(state->response.data.name.name,response); @@ -169,7 +169,7 @@ enum winbindd_result winbindd_wins_byip(struct winbindd_cli_state *state) enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) { struct in_addr *ip_list; - int i, count, len, size; + int i, count, len, size, maxsize; char response[1024]; char * addr; @@ -177,7 +177,7 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) state->request.data.name)); *response = '\0'; - len = sizeof(response) - 2; + maxsize = len = sizeof(response) - 1; if ((ip_list = lookup_byname_backend(state->request.data.name,&count))){ for (i = count; i ; i--) { @@ -188,18 +188,16 @@ enum winbindd_result winbindd_wins_byname(struct winbindd_cli_state *state) return WINBINDD_ERROR; } len -= size; - if (i != 0) - response[strlen(response)-1] = ' '; - safe_strcat(response,addr,size); - safe_strcat(response,"\t",1); + safe_strcat(response,addr,maxsize); + safe_strcat(response," ",maxsize); } size = strlen(state->request.data.name) + 1; if (size > len) { SAFE_FREE(ip_list); return WINBINDD_ERROR; } - safe_strcat(response,state->request.data.name,size); - safe_strcat(response,"\n",1); + response[strlen(response)-1] = '\t'; + safe_strcat(response,state->request.data.name,maxsize); SAFE_FREE(ip_list); } else return WINBINDD_ERROR; diff --git a/source/rpcclient/cmd_dfs.c b/source/rpcclient/cmd_dfs.c index 8a3c3e9db33..78f68dcc86b 100644 --- a/source/rpcclient/cmd_dfs.c +++ b/source/rpcclient/cmd_dfs.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC pipe client Copyright (C) Tim Potter 2000 diff --git a/source/rpcclient/cmd_reg.c b/source/rpcclient/cmd_reg.c index c089917f9b6..787cd4f553a 100644 --- a/source/rpcclient/cmd_reg.c +++ b/source/rpcclient/cmd_reg.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1994-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 diff --git a/source/rpcclient/cmd_wkssvc.c b/source/rpcclient/cmd_wkssvc.c index 79acf35943c..52c110dbd56 100644 --- a/source/rpcclient/cmd_wkssvc.c +++ b/source/rpcclient/cmd_wkssvc.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. NT Domain Authentication SMB / MSRPC client Copyright (C) Andrew Tridgell 1994-1997 Copyright (C) Luke Kenneth Casson Leighton 1996-1997 diff --git a/source/rpcclient/display.c b/source/rpcclient/display.c index d03465206e2..345ed7d49af 100644 --- a/source/rpcclient/display.c +++ b/source/rpcclient/display.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. Samba utility functions Copyright (C) Andrew Tridgell 1992-1998 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1998 diff --git a/source/rpcclient/display_sec.c b/source/rpcclient/display_sec.c index 9d54fe2235a..a428a956863 100644 --- a/source/rpcclient/display_sec.c +++ b/source/rpcclient/display_sec.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. Samba utility functions Copyright (C) Andrew Tridgell 1992-1999 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999 @@ -22,39 +23,67 @@ #include "includes.h" #include "rpcclient.h" + /**************************************************************************** convert a security permissions into a string ****************************************************************************/ -char *get_sec_mask_str(uint32 type) +static const char *get_sec_mask_str(uint32 type) { - static fstring typestr=""; + static fstring typestr; + int i; + + switch (type) + { + case SEC_RIGHTS_FULL_CONTROL: + { + fstrcpy(typestr, "Full Control"); + return typestr; + } + + case SEC_RIGHTS_READ: + { + fstrcpy(typestr, "Read"); + return typestr; + } + default: + { + break; + } + } typestr[0] = 0; + for (i = 0; i < 32; i++) + { + if (type & (1 << i)) + { + switch (1 << i) + { + case SEC_RIGHTS_QUERY_VALUE : fstrcat(typestr, "Query " ); break; + case SEC_RIGHTS_SET_VALUE : fstrcat(typestr, "Set " ); break; + case SEC_RIGHTS_CREATE_SUBKEY : fstrcat(typestr, "Create "); break; + case SEC_RIGHTS_ENUM_SUBKEYS : fstrcat(typestr, "Enum "); break; + case SEC_RIGHTS_NOTIFY : fstrcat(typestr, "Notify "); break; + case SEC_RIGHTS_CREATE_LINK : fstrcat(typestr, "CreateLink "); break; + case DELETE_ACCESS : fstrcat(typestr, "Delete "); break; + case READ_CONTROL_ACCESS : fstrcat(typestr, "ReadControl "); break; + case WRITE_DAC_ACCESS : fstrcat(typestr, "WriteDAC "); break; + case WRITE_OWNER_ACCESS : fstrcat(typestr, "WriteOwner "); break; + } + type &= ~(1 << i); + } + } + + /* remaining bits get added on as-is */ + if (type != 0) + { + fstring tmp; + slprintf(tmp, sizeof(tmp)-1, "[%08x]", type); + fstrcat(typestr, tmp); + } - if (type & GENERIC_ALL_ACCESS) - fstrcat(typestr, "Generic all access "); - if (type & GENERIC_EXECUTE_ACCESS) - fstrcat(typestr, "Generic execute access "); - if (type & GENERIC_WRITE_ACCESS) - fstrcat(typestr, "Generic write access "); - if (type & GENERIC_READ_ACCESS) - fstrcat(typestr, "Generic read access "); - if (type & MAXIMUM_ALLOWED_ACCESS) - fstrcat(typestr, "MAXIMUM_ALLOWED_ACCESS "); - if (type & SYSTEM_SECURITY_ACCESS) - fstrcat(typestr, "SYSTEM_SECURITY_ACCESS "); - if (type & SYNCHRONIZE_ACCESS) - fstrcat(typestr, "SYNCHRONIZE_ACCESS "); - if (type & WRITE_OWNER_ACCESS) - fstrcat(typestr, "WRITE_OWNER_ACCESS "); - if (type & WRITE_DAC_ACCESS) - fstrcat(typestr, "WRITE_DAC_ACCESS "); - if (type & READ_CONTROL_ACCESS) - fstrcat(typestr, "READ_CONTROL_ACCESS "); - if (type & DELETE_ACCESS) - fstrcat(typestr, "DELETE_ACCESS "); - - printf("\t\tSpecific bits: 0x%lx\n", type&SPECIFIC_RIGHTS_MASK); + /* remove last space */ + i = strlen(typestr)-1; + if (typestr[i] == ' ') typestr[i] = 0; return typestr; } @@ -62,83 +91,152 @@ char *get_sec_mask_str(uint32 type) /**************************************************************************** display sec_access structure ****************************************************************************/ -void display_sec_access(SEC_ACCESS *info) +static void display_sec_access(FILE *out_hnd, enum action_type action, SEC_ACCESS *const info) { - printf("\t\tPermissions: 0x%x: %s\n", info->mask, get_sec_mask_str(info->mask)); + switch (action) + { + case ACTION_HEADER: + { + break; + } + case ACTION_ENUMERATE: + { + report(out_hnd, "\t\tPermissions:\t%s\n", + get_sec_mask_str(info->mask)); + } + case ACTION_FOOTER: + { + break; + } + } } /**************************************************************************** display sec_ace structure ****************************************************************************/ -void display_sec_ace(SEC_ACE *ace) +static void display_sec_ace(FILE *out_hnd, enum action_type action, SEC_ACE *const ace) { - fstring sid_str; - - printf("\tACE\n\t\ttype: "); - switch (ace->type) { - case SEC_ACE_TYPE_ACCESS_ALLOWED: - printf("ACCESS ALLOWED"); - break; - case SEC_ACE_TYPE_ACCESS_DENIED: - printf("ACCESS DENIED"); + switch (action) + { + case ACTION_HEADER: + { + report(out_hnd, "\tACE\n"); break; - case SEC_ACE_TYPE_SYSTEM_AUDIT: - printf("SYSTEM AUDIT"); - break; - case SEC_ACE_TYPE_SYSTEM_ALARM: - printf("SYSTEM ALARM"); - break; - default: - printf("????"); + } + case ACTION_ENUMERATE: + { + fstring sid_str; + + report(out_hnd, + "\t\tType:%2x Flags:%2x Perms:%04x\n", + ace->type, ace->flags, + (uint32) ace->info.mask); + + display_sec_access(out_hnd, ACTION_HEADER , &ace->info); + display_sec_access(out_hnd, ACTION_ENUMERATE, &ace->info); + display_sec_access(out_hnd, ACTION_FOOTER , &ace->info); + + sid_to_string(sid_str, &ace->sid); + report(out_hnd, "\t\tSID:\t%s\n", sid_str); + } + case ACTION_FOOTER: + { break; + } } - printf(" (%d) flags: %d\n", ace->type, ace->flags); - display_sec_access(&ace->info); - sid_to_string(sid_str, &ace->trustee); - printf("\t\tSID: %s\n\n", sid_str); } /**************************************************************************** display sec_acl structure ****************************************************************************/ -void display_sec_acl(SEC_ACL *sec_acl) +static void display_sec_acl(FILE *out_hnd, enum action_type action, SEC_ACL *const sec_acl) { - int i; - - printf("\tACL\tNum ACEs:\t%d\trevision:\t%x\n", - sec_acl->num_aces, sec_acl->revision); - printf("\t---\n"); + if (sec_acl == NULL) + { + return; + } + switch (action) + { + case ACTION_HEADER: + { + report(out_hnd, "\tACL\tNum ACEs:\t%d\trevision:\t%x\n", + sec_acl->num_aces, sec_acl->revision); + report(out_hnd, "\t---\n"); - if (sec_acl->size != 0 && sec_acl->num_aces != 0) - for (i = 0; i < sec_acl->num_aces; i++) - display_sec_ace(&sec_acl->ace[i]); + break; + } + case ACTION_ENUMERATE: + { + if (sec_acl->size != 0 && sec_acl->num_aces != 0) + { + int i; + for (i = 0; i < sec_acl->num_aces; i++) + { + display_sec_ace(out_hnd, ACTION_HEADER , &sec_acl->ace[i]); + display_sec_ace(out_hnd, ACTION_ENUMERATE, &sec_acl->ace[i]); + display_sec_ace(out_hnd, ACTION_FOOTER , &sec_acl->ace[i]); + } + } + break; + } + case ACTION_FOOTER: + { + report(out_hnd, "\n"); + break; + } + } } /**************************************************************************** display sec_desc structure ****************************************************************************/ -void display_sec_desc(SEC_DESC *sec) +void display_sec_desc(FILE *out_hnd, enum action_type action, SEC_DESC *const sec) { - fstring sid_str; - - if (sec->off_sacl != 0) { - printf("S-ACL\n"); - display_sec_acl(sec->sacl); - } + switch (action) + { + case ACTION_HEADER: + { + report(out_hnd, "\tSecurity Descriptor\trevision:\t%x\ttype:\t%x\n", + sec->revision, sec->type); + report(out_hnd, "\t-------------------\n"); - if (sec->off_dacl != 0) { - printf("D-ACL\n"); - display_sec_acl(sec->dacl); - } - - if (sec->off_owner_sid != 0) { - sid_to_string(sid_str, sec->owner_sid); - printf("\tOwner SID:\t%s\n", sid_str); - } - - if (sec->off_grp_sid != 0) { - sid_to_string(sid_str, sec->grp_sid); - printf("\tParent SID:\t%s\n", sid_str); + break; + } + case ACTION_ENUMERATE: + { + fstring sid_str; + + if (sec->off_sacl != 0) + { + display_sec_acl(out_hnd, ACTION_HEADER , sec->sacl); + display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->sacl); + display_sec_acl(out_hnd, ACTION_FOOTER , sec->sacl); + } + if (sec->off_dacl != 0) + { + display_sec_acl(out_hnd, ACTION_HEADER , sec->dacl); + display_sec_acl(out_hnd, ACTION_ENUMERATE, sec->dacl); + display_sec_acl(out_hnd, ACTION_FOOTER , sec->dacl); + } + if (sec->off_owner_sid != 0) + { + sid_to_string(sid_str, sec->owner_sid); + report(out_hnd, "\tOwner SID:\t%s\n", sid_str); + } + if (sec->off_grp_sid != 0) + { + sid_to_string(sid_str, sec->grp_sid); + report(out_hnd, "\tParent SID:\t%s\n", sid_str); + } + + break; + } + case ACTION_FOOTER: + { + report(out_hnd, "\n"); + break; + } } } + diff --git a/source/rpcclient/display_spool.c b/source/rpcclient/display_spool.c index b4baf570f17..cdca0c393dd 100644 --- a/source/rpcclient/display_spool.c +++ b/source/rpcclient/display_spool.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. Samba utility functions Copyright (C) Andrew Tridgell 1992-1999 Copyright (C) Luke Kenneth Casson Leighton 1996 - 1999 diff --git a/source/rpcclient/rpcclient.h b/source/rpcclient/rpcclient.h index 72491373d67..588d10b3e6b 100644 --- a/source/rpcclient/rpcclient.h +++ b/source/rpcclient/rpcclient.h @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC pipe client Copyright (C) Tim Potter 2000 diff --git a/source/rpcclient/samsync.c b/source/rpcclient/samsync.c index 3a0bc2d6f69..15efc1d42bc 100644 --- a/source/rpcclient/samsync.c +++ b/source/rpcclient/samsync.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 2.2 RPC pipe client Copyright (C) Tim Potter 2001 @@ -21,249 +22,17 @@ #include "includes.h" -static void decode_domain_info(SAM_DOMAIN_INFO *a) -{ - fstring temp; - printf("Domain Information\n"); - printf("------------------\n"); - - unistr2_to_ascii(temp, &a->uni_dom_name, sizeof(temp)-1); - printf("\tDomain :%s\n", temp); - printf("\tMin password len :%d\n", a->min_pwd_len); - printf("\tpassword history len:%d\n", a->pwd_history_len); - printf("\tcreation time :%s\n", http_timestring(nt_time_to_unix(&a->creation_time))); -} - -static void decode_sam_group_info(SAM_GROUP_INFO *a) -{ - fstring temp; - printf("\nDomain Group Information\n"); - printf("------------------------\n"); - - unistr2_to_ascii(temp, &a->uni_grp_name, sizeof(temp)-1); - printf("\tGroup name :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_grp_desc, sizeof(temp)-1); - printf("\tGroup description :%s\n", temp); - printf("\trid :%d\n", a->gid.g_rid); - printf("\tattribute :%d\n", a->gid.attr); -} - -static void decode_sam_account_info(SAM_ACCOUNT_INFO *a) -{ - fstring temp; - printf("\nUser Information\n"); - printf("----------------\n"); - - unistr2_to_ascii(temp, &a->uni_acct_name, sizeof(temp)-1); - printf("\tUser name :%s\n", temp); - printf("\tuser's rid :%d\n", a->user_rid); - printf("\tuser's primary gid :%d\n", a->group_rid); - unistr2_to_ascii(temp, &a->uni_full_name, sizeof(temp)-1); - printf("\tfull name :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_home_dir, sizeof(temp)-1); - printf("\thome directory :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_dir_drive, sizeof(temp)-1); - printf("\tdrive :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_logon_script, sizeof(temp)-1); - printf("\tlogon script :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_acct_desc, sizeof(temp)-1); - printf("\tdescription :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_workstations, sizeof(temp)-1); - printf("\tworkstations :%s\n", temp); -} - -static void decode_sam_grp_mem_info(SAM_GROUP_MEM_INFO *a) -{ - int i; - printf("\nGroup members information\n"); - printf("-------------------------\n"); - printf("\tnum members :%d\n", a->num_members); - - for (i=0; inum_members; i++) { - printf("\trid, attr:%d, %d\n", a->rids[i], a->attribs[i]); - } -} - -static void decode_sam_alias_info(SAM_ALIAS_INFO *a) -{ - fstring temp; - printf("\nAlias Information\n"); - printf("-----------------\n"); - - unistr2_to_ascii(temp, &a->uni_als_name, sizeof(temp)-1); - printf("\tname :%s\n", temp); - unistr2_to_ascii(temp, &a->uni_als_desc, sizeof(temp)-1); - printf("\tdescription :%s\n", temp); - printf("\trid :%d\n", a->als_rid); -} - -static void decode_sam_als_mem_info(SAM_ALIAS_MEM_INFO *a) -{ - int i; - fstring temp; - printf("\nAlias members Information\n"); - printf("-------------------------\n"); - printf("\tnum members :%d\n", a->num_members); - printf("\tnum sids :%d\n", a->num_sids); - for (i=0; inum_sids; i++) { - printf("\tsid :%s\n", sid_to_string(temp, &a->sids[i].sid)); - } - - -} - -static void decode_sam_dom_info(SAM_DELTA_DOM *a) -{ - fstring temp; - printf("\nDomain information\n"); - printf("------------------\n"); - - unistr2_to_ascii(temp, &a->domain_name, sizeof(temp)-1); - printf("\tdomain name :%s\n", temp); - printf("\tsid :%s\n", sid_to_string(temp, &a->domain_sid.sid)); -} - -static void decode_sam_unk0e_info(SAM_DELTA_UNK0E *a) -{ - fstring temp; - printf("\nTrust information\n"); - printf("-----------------\n"); - - unistr2_to_ascii(temp, &a->domain, sizeof(temp)-1); - printf("\tdomain name :%s\n", temp); - printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid)); - display_sec_desc(a->sec_desc); -} - -static void decode_sam_privs_info(SAM_DELTA_PRIVS *a) -{ - int i; - fstring temp; - printf("\nSID and privileges information\n"); - printf("------------------------------\n"); - printf("\tsid :%s\n", sid_to_string(temp, &a->sid.sid)); - display_sec_desc(a->sec_desc); - printf("\tprivileges count :%d\n", a->privlist_count); - for (i=0; iprivlist_count; i++) { - unistr2_to_ascii(temp, &a->uni_privslist[i], sizeof(temp)-1); - printf("\tprivilege name :%s\n", temp); - printf("\tattribute :%d\n", a->attributes[i]); - } -} - -static void decode_sam_unk12_info(SAM_DELTA_UNK12 *a) -{ - fstring temp; - printf("\nTrusted information\n"); - printf("-------------------\n"); - - unistr2_to_ascii(temp, &a->secret, sizeof(temp)-1); - printf("\tsecret name :%s\n", temp); - display_sec_desc(a->sec_desc); - - printf("\ttime 1 :%s\n", http_timestring(nt_time_to_unix(&a->time1))); - printf("\ttime 2 :%s\n", http_timestring(nt_time_to_unix(&a->time2))); - - display_sec_desc(a->sec_desc2); -} - -static void decode_sam_stamp(SAM_DELTA_STAMP *a) -{ - printf("\nStamp information\n"); - printf("-----------------\n"); - printf("\tsequence number :%d\n", a->seqnum); -} - -static void decode_sam_deltas(uint32 num_deltas, SAM_DELTA_HDR *hdr_deltas, SAM_DELTA_CTR *deltas) -{ - int i; - for (i = 0; i < num_deltas; i++) { - switch (hdr_deltas[i].type) { - case SAM_DELTA_DOMAIN_INFO: { - SAM_DOMAIN_INFO *a; - a = &deltas[i].domain_info; - decode_domain_info(a); - break; - } - case SAM_DELTA_GROUP_INFO: { - SAM_GROUP_INFO *a; - a = &deltas[i].group_info; - decode_sam_group_info(a); - break; - } - case SAM_DELTA_ACCOUNT_INFO: { - SAM_ACCOUNT_INFO *a; - a = &deltas[i].account_info; - decode_sam_account_info(a); - break; - } - case SAM_DELTA_GROUP_MEM: { - SAM_GROUP_MEM_INFO *a; - a = &deltas[i].grp_mem_info; - decode_sam_grp_mem_info(a); - break; - } - case SAM_DELTA_ALIAS_INFO: { - SAM_ALIAS_INFO *a; - a = &deltas[i].alias_info; - decode_sam_alias_info(a); - break; - } - case SAM_DELTA_ALIAS_MEM: { - SAM_ALIAS_MEM_INFO *a; - a = &deltas[i].als_mem_info; - decode_sam_als_mem_info(a); - break; - } - case SAM_DELTA_DOM_INFO: { - SAM_DELTA_DOM *a; - a = &deltas[i].dom_info; - decode_sam_dom_info(a); - break; - } - case SAM_DELTA_UNK0E_INFO: { - SAM_DELTA_UNK0E *a; - a = &deltas[i].unk0e_info; - decode_sam_unk0e_info(a); - break; - } - case SAM_DELTA_PRIVS_INFO: { - SAM_DELTA_PRIVS *a; - a = &deltas[i].privs_info; - decode_sam_privs_info(a); - break; - } - case SAM_DELTA_UNK12_INFO: { - SAM_DELTA_UNK12 *a; - a = &deltas[i].unk12_info; - decode_sam_unk12_info(a); - break; - } - case SAM_DELTA_SAM_STAMP: { - SAM_DELTA_STAMP *a; - a = &deltas[i].stamp; - decode_sam_stamp(a); - break; - } - default: - DEBUG(0,("unknown delta type: %d\n", hdr_deltas[i].type)); - break; - } - } -} - /* Synchronise sam database */ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16], - BOOL do_smbpasswd_output, BOOL verbose) + BOOL do_smbpasswd_output) { TALLOC_CTX *mem_ctx; - SAM_DELTA_HDR *hdr_deltas_0, *hdr_deltas_1, *hdr_deltas_2; - SAM_DELTA_CTR *deltas_0, *deltas_1, *deltas_2; - uint32 num_deltas_0, num_deltas_1, num_deltas_2; + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + uint32 database_id = 0, num_deltas; NTSTATUS result = NT_STATUS_UNSUCCESSFUL; - DOM_CRED ret_creds; /* Initialise */ if (!(mem_ctx = talloc_init())) { @@ -283,55 +52,31 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16], goto done; } - /* on first call the returnAuthenticator is empty */ - memset(&ret_creds, 0, sizeof(ret_creds)); - - /* Do sam synchronisation on the SAM database*/ + /* Do sam synchronisation */ - result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 0, &num_deltas_0, &hdr_deltas_0, &deltas_0); + result = cli_netlogon_sam_sync(cli, mem_ctx, database_id, + &num_deltas, &hdr_deltas, &deltas); - if (!NT_STATUS_IS_OK(result)) - goto done; - - /* verbose mode */ - if (verbose) - decode_sam_deltas(num_deltas_0, hdr_deltas_0, deltas_0); - - - /* - * we can't yet do several sam_sync in a raw, it's a credential problem - * we must chain the credentials - */ - -#if 1 - /* Do sam synchronisation on the LSA database */ - - result = cli_netlogon_sam_sync(cli, mem_ctx, &ret_creds, 2, &num_deltas_2, &hdr_deltas_2, &deltas_2); - - if (!NT_STATUS_IS_OK(result)) + if (!NT_STATUS_IS_OK(result)) { goto done; - - /* verbose mode */ - if (verbose) - decode_sam_deltas(num_deltas_2, hdr_deltas_2, deltas_2); -#endif + } /* Produce smbpasswd output - good for migrating from NT! */ if (do_smbpasswd_output) { int i; - for (i = 0; i < num_deltas_0; i++) { + for (i = 0; i < num_deltas; i++) { SAM_ACCOUNT_INFO *a; fstring acct_name, hex_nt_passwd, hex_lm_passwd; uchar lm_passwd[16], nt_passwd[16]; /* Skip non-user accounts */ - if (hdr_deltas_0[i].type != SAM_DELTA_ACCOUNT_INFO) + if (hdr_deltas[i].type != SAM_DELTA_ACCOUNT_INFO) continue; - a = &deltas_0[i].account_info; + a = &deltas[i].account_info; unistr2_to_ascii(acct_name, &a->uni_acct_name, sizeof(acct_name) - 1); @@ -354,7 +99,8 @@ static NTSTATUS sam_sync(struct cli_state *cli, unsigned char trust_passwd[16], printf("%s:%d:%s:%s:%s:LCT-0\n", acct_name, a->user_rid, hex_lm_passwd, hex_nt_passwd, - smbpasswd_encode_acb_info(a->acb_info)); + smbpasswd_encode_acb_info( + deltas[i].account_info.acb_info)); } goto done; @@ -392,7 +138,6 @@ static void usage(void) printf("\t-R replicate sam deltas\n"); printf("\t-U username username and password\n"); printf("\t-p produce smbpasswd output\n"); - printf("\t-V verbose output\n"); printf("\n"); } @@ -449,8 +194,8 @@ static struct cli_state *init_connection(struct cli_state *cli, return NULL; } - if (!lookup_dc_name(global_myname, lp_workgroup(), dest_ip, - dest_host)) { + if (!lookup_pdc_name(global_myname, lp_workgroup(), dest_ip, + dest_host)) { DEBUG(0, ("Could not lookup up PDC name for domain %s\n", lp_workgroup())); return NULL; @@ -477,12 +222,12 @@ static struct cli_state *init_connection(struct cli_state *cli, int main(int argc, char **argv) { BOOL do_sam_sync = False, do_sam_repl = False; + pstring servicesf = CONFIGFILE; struct cli_state cli; NTSTATUS result; int opt; pstring logfile; BOOL interactive = False, do_smbpasswd_output = False; - BOOL verbose = False; uint32 low_serial = 0; unsigned char trust_passwd[16]; fstring username, domain, password; @@ -498,10 +243,10 @@ static struct cli_state *init_connection(struct cli_state *cli, /* Parse command line options */ - while((opt = getopt(argc, argv, "s:d:SR:hiU:W:pV")) != EOF) { + while((opt = getopt(argc, argv, "s:d:SR:hiU:W:p")) != EOF) { switch (opt) { case 's': - pstrcpy(dyn_CONFIGFILE, optarg); + pstrcpy(servicesf, optarg); break; case 'd': DEBUGLEVEL = atoi(optarg); @@ -520,10 +265,10 @@ static struct cli_state *init_connection(struct cli_state *cli, char *lp; fstrcpy(username,optarg); - if ((lp=strchr_m(username,'%'))) { + if ((lp=strchr(username,'%'))) { *lp = 0; fstrcpy(password,lp+1); - memset(strchr_m(optarg, '%') + 1, 'X', + memset(strchr(optarg, '%') + 1, 'X', strlen(password)); } break; @@ -534,10 +279,7 @@ static struct cli_state *init_connection(struct cli_state *cli, case 'p': do_smbpasswd_output = True; break; - case 'V': - verbose = True; - break; - case 'h': + case 'h': default: usage(); exit(1); @@ -553,7 +295,7 @@ static struct cli_state *init_connection(struct cli_state *cli, /* Initialise samba */ - slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", dyn_LOGFILEBASE, + slprintf(logfile, sizeof(logfile) - 1, "%s/log.%s", LOGFILEBASE, "samsync"); lp_set_logfile(logfile); @@ -562,12 +304,14 @@ static struct cli_state *init_connection(struct cli_state *cli, if (!interactive) reopen_logs(); - if (!lp_load(dyn_CONFIGFILE, True, False, False)) { - fprintf(stderr, "Can't load %s\n", dyn_CONFIGFILE); + if (!lp_load(servicesf, True, False, False)) { + fprintf(stderr, "Can't load %s\n", servicesf); } load_interfaces(); + TimeInit(); + /* Check arguments make sense */ if (do_sam_sync && do_sam_repl) { @@ -605,7 +349,7 @@ static struct cli_state *init_connection(struct cli_state *cli, return 1; if (do_sam_sync) - result = sam_sync(&cli, trust_passwd, do_smbpasswd_output, verbose); + result = sam_sync(&cli, trust_passwd, do_smbpasswd_output); if (do_sam_repl) result = sam_repl(&cli, trust_passwd, low_serial); diff --git a/source/rpcclient/spoolss_cmds.c b/source/rpcclient/spoolss_cmds.c index 1c999119008..b010aa4874c 100644 --- a/source/rpcclient/spoolss_cmds.c +++ b/source/rpcclient/spoolss_cmds.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 1.9. SMB client Copyright (C) Andrew Tridgell 1994-2000 Copyright (C) Luke Kenneth Casson Leighton 1996-2000 diff --git a/source/script/smbadduser b/source/script/smbadduser new file mode 100755 index 00000000000..57ef7091ba9 --- /dev/null +++ b/source/script/smbadduser @@ -0,0 +1,76 @@ +#!/bin/csh +# +# smbadduser - Written by Mike Zakharoff +# +unalias * +set path = ($path /usr/local/samba/bin) + +set smbpasswd = /usr/local/samba/private/smbpasswd +#set smbpasswd = /etc/samba.d/smbpasswd +set user_map = /usr/local/samba/lib/users.map +#set user_map = /etc/samba.d/smbusers +# +# Set to site specific passwd command +# +set passwd = "cat /etc/passwd" +#set passwd = "niscat passwd.org_dir" +#set passwd = "ypcat passwd" + +set line = "----------------------------------------------------------" +if ($#argv == 0) then + echo $line + echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com" + echo "" + echo " 1) Updates $smbpasswd" + echo " 2) Updates $user_map" + echo " 3) Executes smbpasswd for each new user" + echo "" + echo "smbadduser unixid:ntid unixid:ntid ..." + echo "" + echo "Example: smbadduser zak:zakharoffm johns:smithj" + echo $line + exit 1 +endif + +touch $smbpasswd $user_map +set new = () +foreach one ($argv) + echo $one | grep ':' >& /dev/null + if ($status != 0) then + echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm" + continue + endif + set unix = `echo $one | awk -F: '{print $1}'` + set ntid = `echo $one | awk -F: '{print $2}'` + + set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#usr != 1) then + echo "ERROR: $unix Not in passwd database SKIPPING..." + continue + endif + set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#tmp != 0) then + echo "ERROR: $unix is already in $smbpasswd SKIPPING..." + continue + endif + + echo "Adding: $unix to $smbpasswd" +# eval $passwd | \ +# awk -F: '$1==USR { \ +# printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd + /usr/bin/smbpasswd -a -n $unix + if ($unix != $ntid) then + echo "Adding: {$unix = $ntid} to $user_map" + echo "$unix = $ntid" >> $user_map + endif + set new = ($new $unix) +end + +# +# Enter password for new users +# +foreach one ($new) + echo $line + echo "ENTER password for $one" + smbpasswd $one +end diff --git a/source/tdb/tdbdump.c b/source/tdb/tdbdump.c index 66642132093..ddaff162091 100644 --- a/source/tdb/tdbdump.c +++ b/source/tdb/tdbdump.c @@ -1,5 +1,6 @@ /* - Unix SMB/CIFS implementation. + Unix SMB/Netbios implementation. + Version 3.0 simple tdb dump util Copyright (C) Andrew Tridgell 2001 diff --git a/source/utils/nsstest.c b/source/utils/nsstest.c new file mode 100644 index 00000000000..76108876dff --- /dev/null +++ b/source/utils/nsstest.c @@ -0,0 +1,302 @@ +/* + Unix SMB/Netbios implementation. + Version 3.0 + nss tester for winbindd + Copyright (C) Andrew Tridgell 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +static char *so_path = "/lib/libnss_winbind.so"; +static int nss_errno; + +static void *find_fn(const char *name) +{ + static void *h; + void *res; + if (!h) { + h = dlopen(so_path, RTLD_LAZY); + } + if (!h) { + printf("Can't open shared library %s\n", so_path); + exit(1); + } + res = dlsym(h, name); + if (!res) { + printf("Can't find function %s\n", name); + exit(1); + } + return res; +} + +static void report_nss_error(NSS_STATUS status) +{ + if (status >= NSS_STATUS_SUCCESS) return; + printf("NSS_STATUS=%d %d\n", status, NSS_STATUS_SUCCESS); +} + +static struct passwd *nss_getpwent(void) +{ + NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *, + size_t , int *) = find_fn("_nss_winbind_getpwent_r"); + static struct passwd pwd; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getpwent_r(&pwd, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &pwd; +} + +static struct passwd *nss_getpwnam(const char *name) +{ + NSS_STATUS (*_nss_getpwnam_r)(const char *, struct passwd *, char *, + size_t , int *) = find_fn("_nss_winbind_getpwnam_r"); + static struct passwd pwd; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getpwnam_r(name, &pwd, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &pwd; +} + +static struct passwd *nss_getpwuid(uid_t uid) +{ + NSS_STATUS (*_nss_getpwuid_r)(uid_t , struct passwd *, char *, + size_t , int *) = find_fn("_nss_winbind_getpwuid_r"); + static struct passwd pwd; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getpwuid_r(uid, &pwd, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &pwd; +} + +static void nss_setpwent(void) +{ + NSS_STATUS (*_nss_setpwent)(void) = find_fn("_nss_winbind_setpwent"); + + report_nss_error(_nss_setpwent()); +} + +static void nss_endpwent(void) +{ + NSS_STATUS (*_nss_endpwent)(void) = find_fn("_nss_winbind_endpwent"); + + report_nss_error(_nss_endpwent()); +} + + +static struct group *nss_getgrent(void) +{ + NSS_STATUS (*_nss_getgrent_r)(struct group *, char *, + size_t , int *) = find_fn("_nss_winbind_getgrent_r"); + static struct group grp; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getgrent_r(&grp, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &grp; +} + +static struct group *nss_getgrnam(const char *name) +{ + NSS_STATUS (*_nss_getgrnam_r)(const char *, struct group *, char *, + size_t , int *) = find_fn("_nss_winbind_getgrnam_r"); + static struct group grp; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getgrnam_r(name, &grp, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &grp; +} + +static struct group *nss_getgrgid(gid_t gid) +{ + NSS_STATUS (*_nss_getgrgid_r)(gid_t , struct group *, char *, + size_t , int *) = find_fn("_nss_winbind_getgrgid_r"); + static struct group grp; + static char buf[1000]; + NSS_STATUS status; + + status = _nss_getgrgid_r(gid, &grp, buf, sizeof(buf), &nss_errno); + if (status == NSS_STATUS_NOTFOUND) { + return NULL; + } + if (status == NSS_STATUS_RETURN) { + report_nss_error(status); + return NULL; + } + return &grp; +} + +static void nss_setgrent(void) +{ + NSS_STATUS (*_nss_setgrent)(void) = find_fn("_nss_winbind_setgrent"); + + report_nss_error(_nss_setgrent()); +} + +static void nss_endgrent(void) +{ + NSS_STATUS (*_nss_endgrent)(void) = find_fn("_nss_winbind_endgrent"); + + report_nss_error(_nss_endgrent()); +} + +static int nss_initgroups(char *user, gid_t group, gid_t **groups, long int *start, long int *size) +{ + NSS_STATUS (*_nss_initgroups)(char *, gid_t , long int *, + long int *, gid_t **, long int , int *) = + find_fn("_nss_winbind_initgroups_dyn"); + NSS_STATUS status; + + status = _nss_initgroups(user, group, start, size, groups, 0, &nss_errno); + report_nss_error(status); + return status; +} + +static void print_passwd(struct passwd *pwd) +{ + printf("%s:%s:%d:%d:%s:%s:%s\n", + pwd->pw_name, + pwd->pw_passwd, + pwd->pw_uid, + pwd->pw_gid, + pwd->pw_gecos, + pwd->pw_dir, + pwd->pw_shell); +} + +static void print_group(struct group *grp) +{ + int i; + printf("%s:%s:%d: ", + grp->gr_name, + grp->gr_passwd, + grp->gr_gid); + + if (!grp->gr_mem[0]) { + printf("\n"); + return; + } + + for (i=0; grp->gr_mem[i+1]; i++) { + printf("%s, ", grp->gr_mem[i]); + } + printf("%s\n", grp->gr_mem[i]); +} + +static void nss_test_initgroups(char *name, gid_t gid) +{ + long int size = 16; + long int start = 1; + gid_t *groups = NULL; + int i; + + groups = (gid_t *)malloc(size * sizeof(gid_t)); + groups[0] = gid; + + nss_initgroups(name, gid, &groups, &start, &size); + for (i=0; ipw_name); + printf("getpwent: "); print_passwd(pwd); + pwd = nss_getpwnam(pwd->pw_name); + printf("getpwnam: "); print_passwd(pwd); + pwd = nss_getpwuid(pwd->pw_uid); + printf("getpwuid: "); print_passwd(pwd); + printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid); + printf("\n"); + } + nss_endpwent(); +} + +static void nss_test_groups(void) +{ + struct group *grp; + + nss_setgrent(); + /* loop over all groups */ + while ((grp = nss_getgrent())) { + printf("Testing group %s\n", grp->gr_name); + printf("getgrent: "); print_group(grp); + grp = nss_getgrnam(grp->gr_name); + printf("getgrnam: "); print_group(grp); + grp = nss_getgrgid(grp->gr_gid); + printf("getgrgid: "); print_group(grp); + printf("\n"); + } + nss_endgrent(); +} + + + int main(int argc, char *argv[]) +{ + if (argc > 1) so_path = argv[1]; + + nss_test_users(); + nss_test_groups(); + + return 0; +} -- cgit v1.2.1