- WHATS NEW IN Samba 3.0.0
- September 24, 2003
+ =================================
+ Release Notes for Samba 3.0.3pre1
+ March 19, 2004
+ =================================
+
+This is a preview release of the Samba 3.0.3 code base and is
+provided for testing only. This release is *not* intended for
+production servers. Use at your own risk.
+
+There have been several bug fixes since the 3.0.2a release that
+we feel are important to make available to the Samba community
+for wider testings. See the "Changes" section for details on
+exact updates.
+
+Common bugs fixed in this preview release include:
+
+ o Crash bugs and change notify issues in Samba's
+ printing code.
+ o Honoring secondary group membership on domain
+ member servers.
+ o TDB scalability issue surrounding the TDB_CLEAR_IF_FIRST
+ flag.
+
+New features introduced in this preview release include:
+
+ o Improved support for i18n character sets.
+ o Support for account lockout policy based on
+ bad password attempts.
+ o Improved support for long password changes (>14
+ characters) and strong password enforcement.
+ o Continued work on support Windows aliases (i.e.
+ nested groups).
+
+
+
+######################################################################
+Changes
+#######
+Changes since 3.0.2a
+--------------------
+smb.conf changes
+----------------
+
+ Parameter Name Action
+ -------------- ------
+ only user Deprecated
+ use cracklib New
+
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+
+commits
+-------
+
+o Jeremy Allison <jra@samba.org>
+ * Ensure that Kerberos mutex is always properly unlocked.
+ * Removed Heimdal "in-memory keytab" support.
+ * Fixup the 'multiple-vuids' bugs in our server code.
+ * Correct return code from lsa_lookup_sids() on unmapped
+ sids (based on work by vl@samba.org).
+ * Fix the "too many fcntl locks" scalability problem
+ raised by tridge.
+ * Fixup correct (as per W2K3) returns for lookupsids
+ as well as lookupnames.
+ * Fixups for delete-on-close semantics as per Win2k3 behavior.
+ * Make SMB_FILE_ACCESS_INFORMATION call work correctly.
+ * Fix "unable to initialize" bug when smbd hasn't been run with
+ new system and a user is being added via pdbedit/smbpasswd.
+ * Added NTrename SMB (0xA5).
+ * Fixup correct timeout values for blocking lock timeouts.
+ * Fix various bugs reported by 'gentest'.
+ * More locking fixes in the case where we own the lock.
+ * Fix up regression in IS_NAME_VALID and renames.
+ * Don't set allocation size on directories.
+ * Return correct error code on fail if file exists and target
+ is a directory.
+ * Added client "hardlink" comment to test doing NT rename with
+ hard links. Added hardlink_internals() code - UNIX extensions
+ now use this as well.
+ * Use a common function to parse all pathnames from the wire for
+ much closer emulation of Win2k3 error return codes.
+ * Implement check_path_syntax() and rewrite string sub
+ functions for better multibyte support.
+ * Ensure msdfs referrals are multibyte safe.
+ * Allow msdfs symlink syntax to be more forgiving.
+ eg. sym_link -> msdfs://server/share/path/in/share
+ or sym_link -> msdfs:\\server\share\path\in\share.
+ * Cleanup multibyte netbios name support in nmbd ( based on patch
+ by MORIYAMA Masayuki <moriyama@miraclelinux.com>).
+ * Fix check_path_syntax() for multibyte encodings which have
+ no '\' as second byte (based on work by ab@samba.org.
+ * Fix the "dfs self-referrals as anonymous user" problem
+ (based on patch from vl@samba.org).
+
+
+o Timur Bakeyev <timur@com.bat.ru>
+ * BUG 1144: only set --with-fhs when the argument is 'yes'
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Include support for linking with cracklib for enforcing strong
+ password changes.
+ * Add support for >14 character password changes from Windows
+ clients.
+ * Add 'admin set password' capability to 'net rpc'.
+ * Allow 'net rpc samdump' to work with any joined domain
+ regardless of smb.conf settings.
+ * Use an allocated buffer for count_chars.
+ * Add sanity checks for changes in the domain SID in an
+ LDAP DIT.
+ * Implement python unit tests for Samba's multibyte string
+ support.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * Fix incorrect size calculation of the directory name
+ in recycle.so.
+ * Fix problems with very long filenames in both smbd and smbclient
+ caused by truncating paths during character conversions.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix 'make installmodules' bug on True64.
+ * BUG 66: mark 'only user' deprecated.
+ * Remove corrupt tdb and shutdown (only for printing tdbs,
+ connections, sessionid & locking).
+ * decrement smbd counter in connections.tdb in smb_panic().
+ * RedHat specfile updates.
+ * Fix xattr.h build issue on Debian testing and SuSE 8.2.
+ * BUG 1147; bad pointer case in get_stored_queue_info()
+ causing seg fault.
+ * BUG 761: read the config file before initialized default
+ values for printing options; don't default to bsd printing
+ Linux.
+ * Allow the 'printing' parameter to be set on a per share basis.
+ * BUG 503: RedHat/Fedora packaging fixes regarding logrotate.
+ * BUG 848: don't create winbind local users/groups that already
+ exist in the tdb.
+ * BUG 1080: fix declaration of SMB_BIG_UINT (broke compile on
+ LynxOS/ppc).
+ * BUG 488: fix the 'show client in col 1' button and correctly
+ enumerate active connections.
+ * BUG 1007 (partial): Fix abort in smbd caused by byte ordering
+ problem when storing the updating pid for the lpq cache.
+ * BUG 1007 (partial): Fix print change notify bugs.
+ * BUG 1165, 1126: Fix bug with secondary groups (security = ads)
+ and winbind use default domain = yes. Also ensures that
+ * BUG 1151: Ensure that winbindd users are passed through
+ the username map.
+ * Fix client rpc binds for ASU derived servers (pc netlink,
+ etc...).
+
+
+o Robert Dahlem <Robert.Dahlem@gmx.net>
+ * BUG 1048: Don't return short names when when 'mangled names = no'
+
+
+o Guenther Deschner <gd@suse.com>
+ * Remove hard coded attribute name in the ads ranged retrieval
+ code.
+
+
+o Bostjan Golob <golob@gimb.org>
+ * BUG 1046: Fix getpwent_list() so that the username is not
+ overwritten by other fields.
+
+
+o Steve French <sfrench@us.ibm.com>
+ * Update mount.cifs to version 1.1.
+ * Disable dev (MS_NODEV) on user mounts from cifs vfs.
+ * Fixes to minor security bug in the mount helper.
+
+
+o SATOH Fumiyasu <fumiya@miraclelinux.com>
+ * BUG 1055; formatting fixes for 'net share'.
+ * BUG 692: correct truncation of share names and workgroup
+ names in smbclient.
+ * BUG 1088: use strchr_m() for query_host (smbclient -L).
+
+
+o Chris Hertel <crh@samba.org>
+ * fix enumeration of shares 12 characters in length via
+ smbclient.
+
+
+o John Klinger <john.klinger@lmco.com>
+ * Return NSS_SUCCESS once the max number of gids possible
+ has been found in initgroups() on Solaris.
+ * BUG 1182: Re-enable the -n 'no cache' option for winbindd.
+
+
+o Volker Lendecke <vl@samba.org>
+ * Fix success message for net groupmap modify.
+ * Fix errors when enumerating members of groups in 'net rpc'.
+ * Match Windows behavior in samr_lookup_names() by returning
+ ALIAS(4) when you search in BUILTIN.
+ * Fix server SAMR code to be able to set alias info for
+ builtin as well.
+ * Fix duplication of logic when creating groups via smbd.
+ * Ensure that the HWM values are set correctly after running
+ 'net idmap'.
+ * Add 'net rpc group add'.
+ * Implement 'net groupmap set' and 'net groupmap cleanup'.
+ * Add 'net rpc group [add|del]mem' for domain groups and aliases.
+ * Fix wb_delgrpmem (wbinfo -o).
+ * As a DC we should not reply to lsalookupnames on DCNAME\\user.
+ * Fix sambaUserWorkstations on a Samba DC.
+
+
+o Herb Lewis <herb@samba.org>
+ * Fix typo for tag in proto file.
+ * Add missing #ifdef HAVE_BICONV stuff.
+ * Truncate Samba's netbios name at the first '.' (not
+ right to left).
+
+
+o Jianliang Lu <j.lu@tiesse.com>
+ * Enforce the 'user must change password at next login' flag.
+ * Decode meaning of 'fields present' flags (improves support
+ for usrmgr.exe).
+
+
+o L. Lucius <ib@digicron.com>.
+ * type fixes.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * Add versioning support to tdbsam.
+ * Update the IBM Directory Server schema with the OpenLDAP
+ file.
+ * Various decoding fixes to improve usrmgr.exe support.
+ * Fix statfs redeclaration of statfs struct on ppc
+ * Implement support for password lockout of Samba domain
+ controllers and standalone servers.
+ * Get MungedDial attribute actually working with full TS
+ strings in it for pdb_ldap.
+
+
+o Heinrich Mislik <Heinrich.Mislik@univie.ac.at>
+ o BUG 979 -- Fix quota display on AIX.
+
+
+o James Peach <jpeach@sgi.com>
+ * Correct check for printf() format when using the SGI MIPSPro
+ compiler.
+ * BUG 1038: support backtrace for 'panic action' on IRIX.
+ * BUG 768: Accept profileing arg to IRIX init script.
+ * BUG 748: Relax arg parsing to sambalp script (IRIX).
+ * BUG 758: Fix pdma build.
+
+
+o Tim Potter <tpot@samba.org>
+ * Fix logic bug in tdb non-blocking lock routines when
+ errno == EAGAIN.
+ * BUG 1025: Include sys/acl.h in check for broken nisplus
+ include files.
+ * BUG 1066: s/printf/d_printf/g in SWAT.
+ * BUG 1098: rename internal msleep() function to fix build
+ problems on AIX.
+ * BUG 1112: Fix for writable printerdata problem in python bindings.
+ * BUG 1154: Remove reference to <sys/mman.h> in tdbdump.c.
+ * BUG 1155: enclose use of fchown() with guards.
+
+
+o Simo Source <idra@samba.org>
+ * Replace unknown_3 with fields_present in SAMR code.
+
+
+o Richard Sharpe <rsharpe@samba.org>
+ * Add support to smbclient for multiple logins on the same
+ session (based on work by abartlet@samba.org).
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Rewrote the AIX UESS backend for winbindd.
+ * Fixed compilation with --enable-dmalloc.
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Fix ETA Calculation when resuming downloads in smbget.
+ * Add -O (for writing downloaded files to standard out)
+ based on patch by Bas van Sisseren <bas@dnd.utwente.nl>.
+
+
+o TAKEDA yasuma <yasuma@miraclelinux.com>
+ * BUG 900: fix token processing in cmd_symlink, cmd_link,
+ cmd_chown, cmd_chmod smbclient functions.
+
+
+o Shiro Yamada <shiro@miraclelinux.com>
+ * BUG 1129: install image files for SWAT.
+
+
+Changes for older versions follow below:
+
+ --------------------------------------------------
+
+ ==============================
+ Release Notes for Samba 3.0.2a
+ February 13, 2004
==============================
-This is the first official release of Samba 3.0.0 code base. Work
-on the SAMBA_3_0 CVS branch continues. Please refer to the section
-on "Known Issues" for more details.
+Samba 3.0.2a is a minor patch release for the 3.0.2 code base
+to address, in particular, a problem when using pdbedit to
+sanitize (--force-initialized-passwords) Samba's tdbsam
+backend. This is the latest stable release of Samba. This
+is the version that all production Samba servers should be
+running for all current bug-fixes.
+
+******************* Attention! Achtung! Kree! *********************
+
+Beginning with Samba 3.0.2, passwords for accounts with a last
+change time (LCT-XXX in smbpasswd, sambaPwdLastSet attribute in
+ldapsam, etc...) of zero (0) will be regarded as uninitialized
+strings. This will cause authentication to fail for such
+accounts. If you have valid passwords that meet this criteria,
+you must update the last change time to a non-zero value. If you
+do not, then 'pdbedit --force-initialized-passwords' will disable
+these accounts and reset the password hashes to a string of X's.
+
+******************* Attention! Achtung! Kree! *********************
+
+
+######################################################################
+Changes
+#######
+
+Changes since 3.0.2
+-------------------
+
+commits
+-------
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+
+o Jeremy Allison <jra@samba.org>
+ * Added paranoia checks in parsing code.
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Ensure that changes to uninitialized passwords in ldapsam
+ are written to the DIT.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fixed iterator in tdbsam.
+ * Fix bug that disabled accounts with a valid NT password
+ hash, but no LanMan hash.
+
+
+o Steve French <sfrench@us.ibm.com>
+ * Added missing nosetuid and noexec options.
+
+
+o Bostjan Golob <golob@gimb.org>
+ * BUG 1046: Don't overwrite usernames of entries returned
+ by getpwent_list().
+
+
+o Sebastian Krahmer <krahmer@suse.de>
+ * Fixed potential crash bug in NTLMSSP parsing code.
+
+
+o Tim Potter <tpot@samba.org>
+ * Fixed logic in tdb_brlock error checking.
+
+
+o Urban Widmark <urban@teststation.com>
+ * Set nosuid,nodev flags in smbmnt by default.
+
+
+ --------------------------------------------------
+
+ =============================
+ Release Notes for Samba 3.0.2
+ February 9, 2004
+ =============================
+
+It has been confirmed that previous versions of Samba 3.0 are
+susceptible to a password initialization bug that could grant an
+attacker unauthorized access to a user account created by the
+mksmbpasswd.sh shell script.
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org)
+has assigned the name CAN-2004-0082 to this issue.
+
+Samba administrators not wishing to upgrade to the current
+version should download the 3.0.2 release, build the pdbedit
+tool, and run
+
+ root# pdbedit-3.0.2 --force-initialized-passwords
+
+This will disable all accounts not possessing a valid password
+(e.g. the password field has been set a string of X's).
+
+Samba servers running 3.0.2 are not vulnerable to this bug
+regardless of whether or not pdbedit has been used to sanitize
+the passdb backend.
+
+Some of the more visible bugs in 3.0.1 addressed in the 3.0.2
+release include:
+
+ o Joining a Samba domain from Pre-SP2 Windows 2000 clients.
+ o Logging onto a Samba domain from Windows XP clients.
+ o Problems with the %U and %u smb.conf variables in relation to
+ Windows 9x/ME clients.
+ o Kerberos failures due to an invalid in memory keytab detection
+ test.
+ o Updates to the ntlm_auth tool.
+ o Fixes for various SMB signing errors.
+ o Better separation of WINS and DNS queries for domain controllers.
+ o Issues with nss_winbind FreeBSD and Solaris.
+ o Several crash bugs in smbd and winbindd.
+ o Output formatting fixes for smbclient for better compatibility
+ with scripts based on the 2.2 version.
+
+
+Changes since 3.0.1
+-------------------
+
+smb.conf changes
+----------------
+
+ Parameter Name Action
+ -------------- ------
+ ldap replication sleep New
+ read size removed (unused)
+ source environment removed (unused)
+
+
+commits
+-------
+
+Please refer to the CVS log for the SAMBA_3_0 branch for complete
+details. The list of changes per contributor are as follows:
+
+o Jeremy Allison <jra@samba.org>
+ * Revert change that broke Exchange clear text samlogons.
+ * Fix gcc 3.4 warning in MS-DFS code.
+ * Tidy up of NTLMSSP code.
+ * Fixes for SMB signing errors
+ * BUG 815: Workaround NT4 bug to support plaintext
+ password logins and UNICODE.
+ * Fix SMB signing bug when copying large files.
+ * Correct error logic in mkdir_internals() (caused a panic
+ when combined with --enable-developer).
+ * BUG 830: Protect against crashes due to bad character
+ conversions.
+
+
+o Petri Asikainen <paca@sci.fi>
+ * BUG 330, 387:Fix single valued attribute updates when
+ working with Novell NDS.
+
+
+o Andrew Bartlet <abartlet@samba.org>
+ * Correctly handle per-pipe NTLMSSP inside a NULL session.
+ * Fix segfault in gencache
+ * Fix early free() of encrypted_session_key.
+ * Change DC lookup routines to more carefully separate
+ DNS names (realms) from NetBIOS domain names.
+ * Add new sid_to_dn() function for internal winbindd use.
+ * Refactor cli_ds_enum_domain_trusts().
+ * BUG 707: Implement range retrieval of ADS attributes (based
+ on work from Volker <vl@samba.org> and Guenther Deschner
+ <gd@suse.com>).
+ * Automatically initialize the signing engine if a session key
+ is available.
+ * BUG 916: Do not perform a + -> ' ' substitution for squid URL
+ encoded strings, only form input in SWAT.
+ * Resets the NTLMSSP state for new negotiate packets.
+ * Add 2-byte alignments in net_samlogon() queries to parse
+ odd-length plain text passwords.
+ * Allow Windows groups with no members in winbindd.
+ * Allow normal authentication in the absence of a server
+ generated session key.
+ * More optimizations for looking up UNIX group lists.
+ * Clean up error codes and return values for pam_winbindd
+ and winbindd PAM interface.
+ * Fix string return values in ntlm_auth tool.
+ * Fix segfault when 'security = ads' but no realm is defined.
+ * BUG 722: Allow winbindd to map machine accounts to uids.
+ * More cleanups for winbindd's find_our_domain().
+ * More clearly detect whether a domain controller is an NT4
+ or mixed-mode AD DC (additional bug fixes by jerry & jmcd).
+ * Increase separation between DNS queries for hosts and queries
+ for AD domain controllers.
+ * Include additional NT_STATUS to PAM error mappings.
+ * Password initialization fixes.
+
+
+o Justin Baugh <justin.baugh@request.com>
+ * BUG 948: Implement missing functions required for FreeBSD
+ nss_winbind support.
+
+
+o Alexander Bokovoy <ab@samba.org>
+ * BUG 922: Make sure enable fast path for strlower_m() and
+ strupper_m().
+
+
+o Luca Bolcioni <Luca.Bolcioni@yacme.com>
+ * Fix crash when using 'security = server' and 'encrypt
+ passwords = no' by always initializing the session key.
+
+
+o Dmitry Butskoj <buc@odusz.elektra.ru>
+ * Fix for special files being hidden from admins.
+
+
+o Gerald (Jerry) Carter <jerry@samba.org>
+ * Fix bug in the lanman session key generation. Caused
+ "decode_pw: incorrect password length" error messages.
+ * Save the right case for the located user name in
+ fill_sam_account(). Fixes %U/%u expansion for win9x clients.
+ * BUG 897: Add well known rid for pre win2k compatible access
+ group.
+ * BUG 887: Correct typo in delete user script example.
+ * Use short lived TALLOC_CTX* for allocating printer objects
+ from the print handle cache.
+ * BUG 912: Fix check for HAVE_MEMORY_KEYTAB.
+ * Fix several warnings reported by the SUN Forte C compiler.
+ * Fully control DNS queries for AD DC's using 'name resolve order'.
+ * BUG 770: Send the SMBjobid for UNIX jobs back to the client.
+ * BUG 972: Fix segfault in cli_ds_getprimarydominfo().
+ * BUG 936: fix bind credentials for schannel binds in smbd.
+ * BUG 446: Fix output of smbclient for better compatibility
+ with scripts based on the 2.2 version (including Amanda).
+ * BUG 891, 949: Fedora packaging fixes.
+ * Fix bug that caused rpcclient to incorrectly retrieve
+ the SID for a server (this causing all calls that required
+ this information to fail).
+ * BUG 977: Don't create a homes share for a user if a static
+ share already exists by the same name.
+ * Removed unused smb.conf options.
+ * Password initialization fixes.
+ * Set the disable flag for template accounts created by
+ mksmbpasswd.sh.
+ * Disable any account has no passwords and does not have the
+ ACB_PWNOTREQ bit set.
+
+
+o Guenther Deschner <gd@suse.com>
+ * Install smbwrapper.so should be put into the $(libdir)
+ and not $(bindir).
+ * Add the capability to specify the new user password
+ for "net ads password" on the command line.
+ * Correctly detect AFS headers on SuSE.
+
+
+o James Flemer <jflemer@uvm.edu>
+ * Fix AIX compile bug by linking HAVE_ATTR_LIST to
+ HAVE_SYS_ATTRIBUTES_H.
+
+
+o Luke Howard <lukeh@PADL.COM>
+ * Fix segfault in session setup reply caused by a early free().
+
+
+o Stoian Ivanov <sdr@bultra.com>
+ * Implement grepable output for smbclient -L.
+
+
+o LaMont Jones <lamont@debian.org>
+ * BUG 225328 (Debian): Correct false failure LFS test that resulted
+ in _GNU_SOURCE not being defined (thus resulting in strndup()
+ not being defined).
+
+
+o Volker Lendecke <vl@samba.org>
+ * BUG 583: Ensure that user names always contain the short
+ version of the domain name.
+ * Fix our parsing of the LDAP uri.
+ * Don't show the 'afs username map' in the SWAT basic view.
+ * Fix SMB signing issues in relation to failed NTLMSSP logins.
+ * BUG 924: Fix return codes in smbtorture harness.
+ * Always lower-case usernames before handing it to AFS code.
+ * Add a German translation for SWAT.
+ * Fix a segfaults in winbindd.
+ * Fix the user's domain passed to register_vuid() from
+ reply_spnego_kerberos().
+ * Add NSS example code in nss_winbind to convert UNIX
+ id's <-> Windows SIDs.
+ * Display more descriptive error messages for login via 'net'.
+ * Fix compiler warning in the net tool.
+ * Fix length bug when decoding base64 strings.
+ * Ensure we don't call getpwnam() inside a loop that is iterating
+ over users with getpwent(). This broke on glibc 2.3.2.
+
+
+o Herb Lewis <herb@samba.org>
+ * Fix bit rot in psec.
+
+
+o Jianliang Lu <j.lu@tiesse.com>
+ * Ensure we delete the group mapping before calling the delete
+ group script.
+ * Define well known RID for managing the "Power Users" group.
+ * BUG 381: check builtin (not local) group SID when updating
+ group membership.
+ * BUG 101: set the SV_TYPE_PRINTQ_SERVER flag in host announcement
+ packet.
+
+
+o John Klinger <john.klinger@lmco.com>
+ * Implement initgroups() call in nss_winbind on Solaris.
+
+
+o Jim McDonough <jmcd@us.ibm.com>
+ * Fix regression in net rpc join caused by recent changes
+ to cli_lsa_query_info_policy().
+ * BUG 964: Fix crash bug in 'net rpc join' using a preexisting
+ machine account.
+
+
+o MORIYAMA Masayuki <moriyama@miraclelinux.com>
+ * BUG 570: Ensure that configure honors the LDFLAGS variable.
+
+
+o Stefan Metzmacher <metze@samba.org>
+ * Implement LDAP rebind sleep patch.
+ * Revert to 2.2 quota code because of so many broken quota files
+ out there.
+ * Fix XFS quotas: HAVE_XFS_QUOTA -> HAVE_XFS_QUOTAS
+ XFS_USER_QUOTA -> USRQUOTA
+ XFS_GROUP_QUOTA -> GRPQUOTA
+ * Fix disk_free calculation with group quotas.
+ * Add debug class 'quota' and a lot of DEBUG()'s
+ to the quota code.
+ * Fix sys_chown() when no chown() is present.
+ * Add SIGABRT to fault handling in order to catch got a
+ backtrace if an error occurs the OpenLDAP client libs.
+
+
+o <ndb@theghet.to>
+ * Allow an existing LDAP machine account to be re-used when
+ joining an AD domain.
+
+
+o James Peach <jpeach@sgi.com>
+ * BUG 889: Change smbd to use pread/pwrite on platforms that
+ support these calls. Can lead to a significant speed increase.
+
+
+o Tim Potter <tpot@samba.org>
+ * BUG 905: Remove POBAD_CC to fix Solaris Forte compiles.
+ * BUG 924: Fix typo in RW2 torture test.
+
+
+o Richard Sharpe <shape@samba.org>
+ * Small fixes to torture.c to cleanup the error handling
+ and prevent crashes.
+
+
+o J. Tournier <jerome.tournier@IDEALX.com>
+ * Small fixes for the smbldap-tool scripts.
+
+
+o Andrew Tridgell <tridge@samba.org>
+ * Fix src len check in pull_usc2().
+
+
+o Jelmer Vernooij <jelmer@samba.org>
+ * Put functions for generating SQL queries in pdb_sql.c
+ * Add pgSQL backend (based on patch by Hamish Friedlander)
+ * BUG 908: Fix -s option to smbcontrol.
+ * Add smbget utility - a wget-clone for the SMB/CIFS protocol.
+ * Fix for libnss_wins on IRIX platforms.
+ * Fix swatdir for --with-fhs.
+
+
+ --------------------------------------------------
+
+ =============================
+ Release Notes for Samba 3.0.1
+ December 15, 2003
+ =============================
+
+Some of the more common bugs in 3.0.0 addressed in the release
+include:
+
+ o Substitution problems with smb.conf variables.
+ o Errors in return codes which caused some applications
+ to fail to open files.
+ o General Protection Faults on Windows 2000/XP clients
+ using Samba point-n-print features.
+ o Several miscellaneous crash bugs.
+ o Access problems when enumerating group mappings are
+ stored in an LDAP Directory.
+ o Several common SWAT bugs when writing changes to
+ smb.conf.
+ o Internal inconsistencies when 'winbind use default
+ domain = yes'
+
+
+
+Changes since 3.0.0
+----------------------
+
+ Parameter Name Action
+ -------------- ------
+ hide local users Removed
+ mangled map Deprecated
+ mangled stack Removed
+ passwd chat timeout New
+
+
+commits
+-------
+
+o Change the interface for init_unistr2 to not take a length
+ but a flags field. We were assuming that
+ 2*strlen(mb_string) == length of ucs2-le string. (bug 480).
+o Allow d_printf() to handle strings with escaped quotation
+ marks since the msg file includes the escape character (bug 489).
+o Fix bad html table row termination in SWAT wizard code (bug 413).
+o Fix to parse the level-2 strings.
+o Fix for "valid users = %S" in [homes]. Fix read/write
+ list as well.
+o Change AC_CHECK_LIB_EXT to prepend libraries instead of append.
+ This is the same way AC_CHECK_LIB works (bug 508).
+o Testparm output fixes for clarity.
+o Fix broken wins hook functionality -- i18n bug (bug 528).
+o Take care of condition where DOS and NT error codes must differ.
+o Default to using only built-in charsets when a working iconv
+ implementation cannot be located.
+o Wrap internals of sys_setgroups() so the sys_XX() call can
+ be done unconditionally (bug 550).
+o Remove duplicate smbspool link on SWAT's front page (bug 541).
+o Save and restore CFLAGS before/after AC_PROG_CC. Ensures that
+ --enable-debug=[yes|no] works correctly.
+o Allow ^C to interrupt smbpasswd if using our getpass
+ (e.g. smbpasswd command).
+o Support signing only on RPC's (bug 167).
+o Correct bug that prevented Excel 2000 clients from opening
+ files marked as read-only.
+o Portability fix bugs 546 - 549).
+o Explicitly initialize the value of AR for vendor makes that don't
+ do this (e.g. HPUX 11). (bug 552).
+o More i18n fixes for SWAT (bug 413).
+o Change the cwd before the postexec script to ensure that a
+ umount will succeed.
+o Correct double free that caused winbindd to crash when a DC
+ is rebooted (bug 437).
+o Fix incorrect mode sum (bug 562).
+o Canonicalize SMB_INFO_ALLOCATION in the same was as
+ SMB_FS_FULL_SIZE_INFORMATION (bug 564).
+o Add script to generate *msg files.
+o Add Dutch SWAT translation file.
+o Make sure to call get_user_groups() with the full winbindd
+ name for a user if he/she has one (bug 406).
+o Fix up error code returns from Samba4 tester. Ensure invalid
+ paths are validated the same way.
+o Allow Samba3 to pass the Samba4 RAW-READ tests.
+o Refuse to configure if --with-expsam=$BACKEND was used but no
+ libraries were found for $BACKEND.
+o Move sysquotas autoconf tests to a separate file.
+o Match W2K w.r.t. writelock and writeclose. Samba4 torture
+ tester
+o Make sure that the files that contain the static_init_$subsystem;
+ macro get recompiled after configure by removing the object
+ files.
+o Ensure canceling a blocking lock returns the correct error
+ message.
+o Match Samba 2.2 behavior; make ACB_NORMAL the default ACB value.
+o Updated Japanese welcome file in SWAT.
+o Fix to nt-time <-> unix-time functions reversible.
+o Ensure that winbindd uses the the escaped DN when querying
+ an AD ldap server.
+o Fix portability issues when compiling (bug 505, 550)
+o Compile fix for tdbbackup when Samba needs to override
+ non-C99 compliant implementations of snprintf().
+o Use @PICSUFFIX@ instead of .po in Makefile.in (bug 574).
+o Make sure we break out of samsync loop on error.
+o Ensure error code path doesn't free unmalloc()'d memory
+ (bug 628).
+o Add configure test for krb5_keytab_entry keyblock vs key
+ member (bug 636).
+o Fixed spinlocks.
+o Modified testparm so that all output so all debug output goes
+ to stderr, and all file processing goes to stdout.
+o Fix error return code for BUFFER_TOO_SMALL in smbcacls
+ and smbcquotas.
+o Fix "NULL dest in safe_strcpy()" log message by ensuring that
+ we have a devmode before copying a string to the devicename.
+o Support mapping REALM.COM\user to a local user account (without
+ running winbindd) for compatibility with 2.2.x release.
+o Ensure we don't use mmap() on blacklisted systems.
+o fixed a number of bugs and memory leaks in the AIX
+ winbindd shim
+o Call initgroups() in SWAT before becomming the user so that
+ secondary group permissions can be used when writing to
+ smb.conf.
+o Fix signing problems when reverse connecting back to a
+ client for printer notify
+o Fix signing problems caused by a miss-sequence bug.
+o Missing map in errormap for ERROR_MORE_DATA -> ERRDOS, ERRmoredata.
+ Fixes NEXUS tools running on Win9x clients (bug 64).
+o Don't leave the domain field uninitialized in cli_lsa.c if some
+ SID could not be mapped.
+o Fix segfault in mount.cifs helper when there is no options
+ specified during mount.
+o Change the \n after the password prompt to go to tty instead
+ of stdout (bug 668).
+o Stop net -P from prompting for machine account password (bug 451).
+o Change in behavior to Not only change the effective uid but also
+ the real uid when becoming unprivileged.
+o Cope with Exchange 5.5 cleartext pop password auth.
+o New files for support of initshutdown pipe. Win2k doesn't
+ respond properly to all requests on the winreg pipe, so we need
+ to handle this new pipe (bug 534).
+o Added more va_copy() checks in configure.in.
+o Include fixes for libsmbclient build problems.
+o Missing UNIX -> DOS codepage conversion in lanman.c.
+o Allow DFMS-S filenames can now have arbitrary case (bug 667).
+o Parameterize the listen backlog in smbd and make it larger by
+ default. A backlog of 5 is way too small these days.
+o Check for an invalid fid before dereferencing the fsp pointer
+ (bug 696).
+o Remove invalid memory frees and return codes in pdb_ldap.c.
+o Prompt for password when invoking --set-auth-user and no
+ password is given.
+o Bind the nmbd sending socket to the 'socket address'.
+o Re-order link command for smbd, rpcclient and smbpasswd to ensure
+ $LDFLAGS occurs before any library specification (bug 661).
+o Fix large number of printf() calls for 64-bit size_t.
+o Fix AC_CHECK_MEMBER so that SLES8 does correctly finds the
+ keyblock in the krb5 structs.
+o Remove #include <compat.h> in hopes to avoid problems with
+ apache header files.
+o Correct winbindd build problems on HP-UX 11.
+o Lowercase netgroups lookups (bug 703).
+o Use the actual size of the buffer in strftime instead of a made
+ up value which just happens to be less than sizeof(fstring).
+ (bug 713).
+o Add ldaplibs to pdbedit link line (bug 651).
+o Fix crash bug in smbclient completion (bug 659).
+o Fix packet length for browse list reply (bug 771).
+o Fix coredump in cli_get_backup_list().
+o Make sure that we expand %N (bug 612).
+o Allow rpcclient adddriver command to specify printer driver
+ version (bug 514).
+o Compile tdbdump by default.
+o Apply patches to fix iconv detection for FreeBSD.
+o Do not allow the 'guest account' to be added to a passdb backend
+ using smbpasswd or pdbedit (bug 624).
+o Save LDFLAGS during iconv detection (bug 57).
+o Run krb5 logins through the username map if the winbindd
+ lookup fails (bug 698).
+o Add const for lp_set_name_resolve_order() to avoid compiler
+ warnings (bug 471).
+o Add support for the %i macro in smb.conf to stand in for the for
+ the local IP address to which a client connected.
+o Allow winbindd to match local accounts to domain SID when
+ 'winbind trusted domains only = yes' (bug 680).
+o Remove code in idmap_ldap that searches the user suffix and group
+ suffix. It's not needed and provides inconsistent functionality
+ from the tdb backend.
+o Patch to handle munged dial string for Windows 2000 TSE.
+ Thanks to Gaz de France, Direction de la Recherche, Service
+ Informatique Métier for their supporting this work by Aurelien
+ Degrémont <adegremont@idealx.com>.
+o Correct the "smbldap_open: cannot access when not root error"
+ messages when looking up group information (bug 281).
+o Skip over the winbind separator when looking up a user.
+ This fixes the bug that prevented local users from
+ matching an AD user when not running winbindd (bug 698).
+o Fix a problem with configure on *BSD systems. Make sure
+ we add -liconv etc to LDFLAGS.
+o Fix core dump bug when "security = server" and the authentication
+ server goes away.
+o Correct crash bug due to an empty munged dial string.
+o Show files locked by a specific user (smbstatus -u 'user')
+ (bug 590).
+o Fix bug preventing print jobs from display in the queue
+ monitor used by Windows NT and later clients (bug 660).
+o Fix several reported problems with point-n-print from
+ Windows 2000/XP clients due to a bug in the EnumPrinterDataEx()
+ reply (bug 338, 527 & 643).
+o Fix a handful of potential memory leaks in the LDAP code used
+ by ldapsam[_compat] and the LDAP idmap backend.
+o Fix for pdbedit error code returns (bug 763).
+o Make sure we only enumerate group mapping entries (not
+ /etc/group) even when doing local aliases.
+o Relax check on the pipe name in a dce/rpc bind response to work
+ around issues with establishing trusts to a Windows 2003 domain.
+o Ensure we mangle names ending in '.' in hash2 mangling method.
+o Correct parsing issues with munged dial string.
+o Fix bugs in quota support for XFS.
+o Add a cleaner method for applications that need to provide
+ name->SID mappings to do this via NSS rather than having to
+ know the winbindd pipe protocol.
+o Adds a variant of the winbindd_getgroups() call called
+ winbindd_getusersids() that provides direct SID->SIDs listing of
+ a users supplementary groups. This is enough to allow non-Samba
+ applications to do ACL checking.
+o Make sure we don't append the 'ldap suffix' when writing out the
+ 'ldap XXX suffix' values in SWAT (bug 328).
+o Fix renames across file systems.
+o Ensure that items in a list of strings containing whitespace are
+ written out surrounded by single quotes. This means that both
+ double and single quotes are now used to surround strings in
+ smb.conf (bug 481).
+o Enable SWAT to correctly determine if winbindd is running (bug
+ 398).
+o Include WWW-Authenticate field in 401 response for bad auth
+ attempt (bug 629).
+o Add support for NTLM2 (NTLMv2 session security).
+o Add support for variable-length session keys.
+o More privilege fixes for group enumeration in LDAP (bug 281).
+o Use the dns name (or IP) as the originating client name when
+ using CUPS (bug 467).
+o Fix various SMB signing bugs.
+o Fix ACL propagation on a DFS root (bug 263).
+o Disable NTLM2 for RPC pipes.
+o Allow the client to specify the NTLM2 flags got NTLMSSP
+ authentication.
+o Change the name of the job passed off to cups from "Test Page"
+ to "smbprn.00000033 Test Page" so that we can get the smb
+ jobid back. This allow users to delete jobs with cups printing
+ backend (partial work on bug 770).
+o Fix build of winbindd with static pdb modules.
+o Retrieve the correct ACL group bits if the file has an ACL
+ (bug 802).
+o Implement "net rpc group members": Get members of a domain group
+ in human-readable format.
+o Add MacOSX (Darwin) specific charset module code.
+o Use samr_dispinfo(level == 1) for enumerating domain users so we
+ can include the full name in gecos field (bug 587).
+o Add support for winbind's NSS library on FeeeBSD 5.1 (bug 797).
+o Implement 'net rpc group list [global|local|builtin]*' for a
+ select listing of the respective user databases.
+o Don't automatically set NT status code flag unless client tells
+ us it can cope.
+o Add 'net status [sessions|shares] [parseable]'.
+o Don't mistake pre-existing UNIX jobs for smb jobs (remainder of
+ bug 770).
+o Add 'Replicator' and 'RAS Servers' to list of builtin SIDs
+ (bug 608).
+o Fix inverted logic in hosts allow/deny checks caused by
+ s/strcmp/strequal/ (bug 846).
+o Implement correct version SamrRemoveSidForeignDomain() (bug 252).
+o Fix typo in 'hash' mangling algorithm.
+o Support munged dial for ldapsam (bug 800).
+o Fix process_incoming_data() to return the number of bytes handled
+ this call whether we have a complete PDU or not; fixes bug
+ with multiple PDU request rpc's broken over SMBwriteX calls
+ each.
+o Fix incorrect smb flags2 for connections to pre-NT servers
+ (causes smbclient to fail to OS2 for example) (bug 821).
+o Update version string in smbldap-tools Makefile to 0.8.2.
+o Correct a problem with "net rpc vampire" mis-parsing the
+ alias member info reply.
+o Ensure the ${libdir} is created by the installclientlib script.
+o Fix detection of Windows 2003 client architecture in the smb.conf
+ %a variable.
+o Ensure that smbd calls the add user script for a missing UNIX
+ user on kerberos auth call (bug 445).
+o Fix bugs in hosts allow/deny when using a mismatched
+ network/netmask pair.
+o Protect alloc_sub_basic() from crashing when the source string
+ is NULL (partial work on bug 687).
+o Fix spinlocks on IRIX.
+o Corrected some bad destination paths when running "configure
+ --with-fhs".
+o Add packaging files for Fedora Core 1.
+o Correct bug in SWAT install script for non-english languages.
+o Support character set ISO-8859-1 internally (bug 558).
+o Fixed more LDAP access errors when looking up group mappings
+ (bug 281).
+o Fix UNISTR2 length bug in LsaQueryInfo(3) that caused SID
+ resolution to fail on local files on on domain members
+ (bug 875).
+o Fix uninitialized variable in passdb.c.
+o Fix formal parameter type in get_static() in nsswitch/wins.c.
+o Fix problem mounting directories when mount.cifs is installed
+ with the setuid bit on.
+o Fix bug that prevent --mandir from overriding the defaults
+ given in the --with-fhs macro.
+o Fix bug in in-memory Kerberos keytab detection routines
+ in configure.in
+
+
+
+######################################################################
+
+ The original 3.0.0 release notes follow
+ =======================================
+ WHATS NEW IN Samba 3.0.0
+ September 24, 2003
+ =======================================
Major new features:
License.
-######################################################################
-Changes since 3.0rc4
-####################
-
-Please refer to the CVS log for the SAMBA_3_0 branch for complete
-details:
-
-1) Fix bug that prevented restoring filenames of length
- >100 characters.
-2) Fix bug that prevented fast path code in strchr_m
- from being used.
-3) Make sure we store the desired access flag on incoming
- SAMR rpc calls.
-4) Fix smbd crash when dealing with mangled file names.
-5) Ensure that the group comment field is not overwritten
- if it already exists.
-6) Fix bug that prevented 'net rpc join' from working
- with mixed mode AD domains (bug 442).
-7) Fix crash in smbd when a Samba PDC is not able to
- enumerate trusted domains (bug 450).
-8) Fix crash bug found by the Samba4 testsuite.
-9) Fix bug that prevented smbd from returning an ACL list
- if one of the SIDs could not be resolved (bug 470).
-10) Remove -P option from smbclient printing scripts since it
- has a different meaning in Samba 3.0 (bug 473).
-11) Sync smbldap-tools with latest version
-12) Cleanup some warnings produced by the Sun C compiler.
-13) Several fixes for SWAT relating to international character
- sets.
-
-
-Changes since 3.0rc3
-####################
-
-1) Fix incorrect error message in testparm.c regarding 'map system'.
-2) Protect against core dump if ioctl for print job sends invalid
- fid.
-3) Fix bug in generic hash cacluation.
-4) Remove references to unused 'strip dot' parameter
-5) Fix CPU burn bug in multi-byte character conversion.
-6) Use opt_target_workgroup instead of lp_workgroup() in vampire
- code so we can override the value in smb.conf with the -w option.
-7) Display an error if we can't create a posix account for the
- user when running 'net rpc vampire' (bug 323).
-8) Fix UTF8 conversion bugs in LDAP passdb and idmap code (bug 296).
-9) Fix smbd crash when changing the machine trust account password
- (bug 273).
-10) Remove getpwnam() calls from init_sam_from_xxx(). This means
- that %u & %g will no longer expand in the "login ..." set of
- smb.conf options, but %U and %G still do. The payback is that
- winbindd local accounts for users work with 'wbinfo -u'
- when winbind is running on a Samba PDC.
-11) Fix unitiailized timestamp where merging print_jobs and
- lpq listing.
-12) Fix bug in debian packaging files affecting non-i386 platforms.
-
-
-Changes since 3.0rc2
-####################
-
-1) Remove Perl module dependencies in generated RedHat 8/9 RPMS.
-2) Update mount helper to take synonyms for file_mode and
- dir_mode (fmask and dmask).
-3) Fix portability bug with log2pcaphex.
-4) Use different algorithm to generate codepages source code which
- allows to take gaps into account thus making unnecessary
- extended [index] = value, syntax in to_ucs2 array (bug 380).
-5) Fix comment strings to 43 bytes as per spec.
-6) Fix pam_winbind compile bug on FreeBSD (bug 261).
-7) Support for in-memory keytabs, which are needed to make heimdal
- work properly. MIT does not support them, so this check will be
- used to decide whether to use them. (partial fix for bug 372).
-8) Disable RC4-HMAC on broken heimdal setups. (remainder of bug
- 372).
-9) Correct bug in smbclient that resulted in errors when untarring
- long filenames (bug 308).
-10) Improve autoconf checks for PAM header files and libs.
-11) Added fast path to convert_string() when dealing with
- ASCII->ASCII, UCS2-LE->ASCII, and ASCII->UCS2-LE with
- values <= 0x7F.
-12) Quiet debug messages when we don't find a module and it is not
- a critical error (bug 375).
-13) Fix UNIX passwd sync properly.
-14) Fix more transitive trust issues in winbindd (bug 305).
-15) Ensure that winbindd functions with 'disable netbios = yes'
-16) Store the real short domain name in secrets.tdb as soon as we
- know it. Also display an error message when joining an AD
- domain and the 'workgroup' parameter has not been specified.
-17) Return 0 DFS links instead of -1 when dfs support is not enabled.
-18) Update LDAP schema for Netscape DS 4.x and Novell eDirectory 8.7
-19) Ensure that name types can be specified using name#type notation
- in the 'net' command (bug 73).
-20) Add retry looks to ADS sequence number and domain SID lookups
- (bug 364).
-21) use a variant of alloc_sub_basic() for string lists such as
- 'valid users', 'write list', and 'read list' (bug 397).
-22) Fix seg fault when winbindd receives an error from the AD server
- in response to an LDAP search (bug 282).
-23) Update findsmb to use the new syntax for smbclient and nmblookup.
-24) Fix bug that prevented variables from being used in explicitly
- defined path in [homes].
-25) Only set SIDs when they're returned by the MySQL query
- (pdb_mysql.so).
-26) Include support for NTLMv2 key exchange.
-27) Revert default for 'client ntlmv2 auth' to off (bug 359).
-28) Fix crash in winbindd when the trust account password gets
- changed underneath us via 'net rpc changetrustpw' (bug 382).
-29) Use djb-algorithm string hash - faster than the tdb one we
- used to use. Does not change on disk format or hashing location.
-30) Implements some kind of improved AFS support for Samba on
- Linux with OpenAFS 1.2.10. './configure --with-fake-kaserver'
- assumes that you have OpenAFS on your machine.
-31) When enumerating dfs shares loop from 0 to lp_numservices() instead
- of relying on lp_servicename(n) to return an empty string for
- invalid service numbers (bug 403).
-32) Fix crash bug in 'net rpc samdump' (bug 334).
-33) Fix crash bug in WINS NSS module (bug 299).
-34) Fix a few minor compile errors on HP-UX.
-
-
-
-Changes since 3.0rc1
-####################
-
-1) Add levels 261 and 262 to search. Found using Samba4 tester.
-2) Correct bad error return code in session setup reply
-3) Fix bug where smbd returned DOS error codes from SMBsearch
- even when NT1 protocol was negotiated.
-4) Implement SMBexit properly.
-5) Return group lists from a Samba PDC to a Windows 9x/ME box
- in implementing user level access control (bug 314).
-6) Prevent SWAT from crashing when adding shares (bug 254)
-7) Fix various documentation issues (bugs 304 & 214)
-8) Fix wins server listing in SWAT (bug 197)
-9) Fix problem in rpcclient that caused enumerating printer
- drivers to report failure (bug 294).
-10) Use kerberos 5 authentication in our client code whenever possible
-11) Fix schannel bug that caused Active Directory DC's to downgrade our
- machine account to an NT member.
-12) Implement missing SAMR_REMOVE_USER_FOREIGN_DOMAIN call (bug 252).
-13) Implement automatic generation of include/version.h
-14) Include initial version of smbldap-tool scripts for the Samba
- 3.0 schema.
-15) Implement numerous fixes for multi-byte character strings.
-16) Enable 'unix extensions' parameter by default.
-17) Make sure we set the SID type when falling back to the rid
- algorithm (bug 245).
-18) Correct linking problems with pam_smbpass (bug 327).
-19) Add SYSV defines for Irix and Solaris to ensure the 'printing'
- parameter default to the correct value (bug 230)
-20) Fix recursion bug in alloc_string_sub() (bug 289, et. al.)
-21) Ensure that 'make install' includes the static and shared
- versions of the libsmbclient libraries.
-22) Add CP850 and CP437 internal character set support (bug 150).
-23) Add support to examples/LDAP/convertSambaAccount for generating
- LDIF modify files instead of just add (303).
-24) Fix support for -W option in smbclient (bug 39)
-25) Remove 'ldap trust ids' parameter since it could not be supported
- by the current architecture.
-26) Don't crash when no argument is given to -T in smbclient (bug 345).
-27) Ensure smbadduser contains the same paths for the smbpasswd file
- as the other Samba tools (bug 290).
-28) Port of 'available = no' fix for [homes] from SAMBA_2_2 cvs tree.
-29) Add sanity checks to DeletePrinterData[Ex]() and ensure that the
- modified printer is written to disk.
-30) Force winbindd to periodically update the trusted domain cache.
-31) Remove outdated import/export script to convert an smbpasswd file
- to and from and LDAP directory. Use the pdbedit tool instead.
-32) Ensure that %U substitution is restored on next valid packet
- if a logon fails.
-
-
-Changes since 3.0beta3
-######################
-
-1) Various memory leak fixes.
-2) Provide full support for SMB signing (server and client)
-3) Check for broken getgrouplist() in glibc.
-4) Don't get stuck in an infinite loop listing directories
- recursively if the server returns an empty directory name
- (bug 222).
-5) Idle LDAP connections after 150 seconds.
-6) Patched make uninstallmodules (bug 236).
-7) Fix bug that caused smbd to return incomplete directory listings
- when UNIX files contained MS wildcard characters.
-8) Quiet default debug messages in command line tools.
-9) Fixes to avoid panics on invalid multi-byte strings.
-10) Fix error messages when creating a new smbpasswd file (bug 198).
-11) Implemented better detection routines in autoconf scripts for
- locating ads support on the host OS.
-12) Fix bug that caused libraries in /usr/local/lib to be ignored
- (bug 174).
-13) Ensure winbindd_ads uses the correct realm or domain name when
- connecting to trusted DC.
-14) Ensure a correct prototype is created for snprintf() (bug 187)
-15) Stop files being created on read-only shares in some circumstances.
-16) Fix wbinfo -p (bug 251)
-17) Support schannel on any tcp/ip connection if necessary
-18) Correct bug in user_in_list() so that it works with winbind groups
- again.
-19) Ensure the schannel bind credentials default to the domain
- of the destination host.
-20) Default password expiration time in account_pol.tdb to never
- expire. Remove any existing account_pol.tdb file to reset
- the new default policy (bug 184).
-21) Add buttons to SWAT to change the view of smb.conf (bug 212)
-22) Fix incorrect checks that determine whether or not the 'add user
- script' has been set.
-23) More cleanup for internal character set conversions.
-24) Fixes for multi-byte strings in stat cache code.
-25) Ensure that the net command honors the 'workgroup' parameter
- in smb.conf when not overridden from the command line.
-26) Add gss-spnego support to the ntlm_auth tool.
-27) Add vfs_default_quota VFS module.
-28) Added server support for NT quota interfaces.
-29) Prevent Krb5 replay attacks by adding a replay_cache.
-30) Fix problems with winbindd and transitive trusts in AD domains.
-31) Added -S to client tools for setting SMB signing options on the
- command line.
-32) Fix bug causing the 'passwd change program' to be called as the
- connected user and not root.
-33) Fixed data corruption bug in byte-range locking (e.g. affected MS Excel).
-34) Support winbindd on FreeBSD is possible.
-35) Look at only the first OID in the security blob sent in the session
- setup request to determine the token type.
-36) Only push locks onto a blocking lock queue if the posix lock failed with
- EACCES or EAGAIN (this means another lock conflicts). Else return an
- error and don't queue the request.
-37) Fix command line argument processing for smbtar.
-38) Correct issue that caused smbd to return generic unix_user.<uid>
- for lookupsid().
-39) Default to algorithmic mapping when generating a rid for a group
- mapping.
-40) Expand %g and %G in logon script, profile path, etc... during
- a domain logon (bug 208).
-41) Make sure smbclient obeys '-s <config>'
-42) Added win2k3 shadow copy operations to VFS interface.
-43) Allow connections to samba domain member as SERVER\user (don't
- always default to DOMAIN\user).
-44) Remove checks in winbindd that caused it to attempt to use
- non-transitive trust relationships.
-45) Remove delays in winbindd caused by invalid DNS lookups.
-46) Fix supplementary group memberships on systems with slightly
- broken NSS implementations (bug 267).
-47) Correct issue that prevented smbclient from viewing shares on
- a win2k server when using a non-anonymous connection (bug 284).
-48) Add --domain=DOMAIN_NAME to wbinfo for limiting operations like
- 'wbinfo -u' to a single domain. The '.' character represents
- our domain.
-49) Fix group enumeration bug when using an LDAP directory for
- storing group mappings.
-50) Default to use NTLMv2 if available. Fallback to not use LM/NTLM
- when the extended security capability bit is not set.
-51) Fix crash in 'wbinfo -a' when using extended characters in the
- username (bug 269).
-52) Fix multi-byte strupper() panics (bug 205).
-53) Add vfs_readonly VFS module.
-54) Make sure to initialize the sambaNextUserRid and sambaNextGroupRid
- attributes when using 'idmap backend = ldap' (bug 280).
-55) Make sure that users shared between a Samba PDC and member
- samba server are seen as domain users and not local users on the
- domain member.
-56) Fix Query FS Info level 2.
-57) Allow enumeration of users and groups by win9x "file server" (bug
- 286).
-58) Create symlinks during install for modules that support mutliple
- functions (bug 91).
-59) More iconv detection fixes.
-60) Fix path length error in vfs_recycle module (bug 291).
-61) Added server support for the LSA_DS UUID on the \lsarpc pipe.
- (server DsRoleGetPrimaryDomainInfo() is currently disabled).
-62) Fix SMBseek and get/set position calls.
-62) Fix SetFileInfo level 1.
-63) Added tool to convert smbd log file to a pcap file (log2pcaphex).
-
-
-
-Changes since 3.0beta2
-######################
-
-1) Added fix for Japanese case names in statcache code;
- these can change size on upper casing.
-2) Correct issues with iconv detection in configure script
- (support needed to find iconv libraries on FreeBSD).
-3) Fix bug that caused a WINS server to be marked as dead
- incorrectly (bug #190).
-4) Removing additional deadlocks conditions that prevented
- winbindd from running on a Samba PDC (used for trust
- relationships).
-5) Add support for searching for Active Directory for
- published printers (net ads printer search).
-6) Separate UNIX username from DOMAIN\username in pipe
- credentials.
-7) Auth modules now support returning NT_STATUS_NOT_IMPLEMENTED
- for cases that they cannot handle.
-8) Flush winbindd connection cache when the machine trust account
- password is changed while a connection is open (bug #200).
-9) Add support for 'OSVersion' server printer data string
- (corrects problem with uploading printer drivers from
- WinXP clients).
-10) Numerous memory leak fixes.
-11) LDAP fixes ("passdb backend = ldapsam" & "idmap backend = ldap"):
- - Store domain SID in LDAP directory.
- - store idmap information in existing entries (use sambaSID=...
- if adding a new entry).
-12) Fix incorrect usage of primary group SID when looking up user
- groups (bug #109).
-13) Remove idmap_XX_to_XX calls from smbd. Move back to the the
- winbind_XXX and local_XXX calls used in 2.2.
-14) All uid/gid allocation must involve winbindd now (we do not
- attempt to map unknown SIDs to a UNIX identify).
-15) Add 'winbind trusted domains only' parameter to force a domain
- member. The server to use matching users names from /etc/passwd
- for its domain (needed for domain member of a Samba domain).
-16) Rename 'idmap only' to 'enable rid algorithm' for better clarity
- (defaults to "yes").
-17) Add support for multi-byte statcache code (bug #185)
-18) Fix open mode race condition.
-19) Implement winbindd local account management functions. Refer to
- the "Winbind Changes" section for details.
-20) Move RID allocation functions into idmap backend.
-21) Fix parsing error that prevented publishing printers from a
- Samba server in an AD domain.
-22) Revive NTLMSSP support for named pipes.
-23) More SCHANNEL fixes.
-24) Correct SMB signing with NTLMSSP.
-25) Fix coherency bug in print handle/printer object caching code
- that could cause XP clients to infinitely loop while updating
- their local printer cache.
-26) Make winbindd use its dual-daemon mode by default (use -Y to
- start as a single process).
-27) Add support to nmbd and winbindd for 'smbcontrol <pid>
- reload-config'.
-28) Correct problem with smbtar when dealing with files > 8Gb
- (bug #102).
-
-
-
-Changes since 3.0beta1
-######################
-
-1) Rework our smb signing code again, this factors out some of
- the common MAC calculation code, and now supports multiple
- outstanding packets (bug #40).
-2) Enforce 'client plaintext auth', 'client lanman auth' and 'client
- ntlmv2 auth'.
-3) Correct timestamp problem on 64-bit machines (bug #140).
-4) Add extra debugging statements to winbindd for tracking down
- failures.
-5) Fix bug when aliased 'winbind uid/gid' parameters are used.
- ('winbind uid/gid' are now replaced with 'idmap uid/gid').
-6) Added an auth flag that indicates if we should be allowed
- to fall back to NTLMSSP for SASL if krb5 fails.
-7) Fixed the bug that forced us not to use the winbindd cache when
- we have a primary ADS domain and a secondary (trusted) NT4
- domain.
-8) Use lp_realm() to find the default realm for 'net ads password'.
-9) Removed editreg from standard build until it is portable..
-10) Fix domain membership for servers not running winbindd.
-11) Correct race condition in determining the high water mark
- in the idmap backend (bug #181).
-12) Set the user's primary unix group from usrmgr.exe (partial
- fix for bug #45).
-13) Show comments when doing 'net group -l' (bug #3).
-14) Add trivial extension to 'net' to dump current local idmap
- and restore mappings as well.
-15) Modify 'net rpc vampire' to add new and existing users to
- both the idmap and the SAM. This code needs further testing.
-16) Fix crash bug in ADS searches.
-17) Build libnss_wins.so as part of nsswitch target (bug #160).
-18) Make net rpc vampire return an error if the sam sync RPC
- returns an error.
-19) Fail to join an NT 4 domain as a BDC if a workstation account
- using our name exists.
-20) Fix various memory leaks in server and client code
-21) Remove the short option to --set-auth-user for wbinfo (-A) to
- prevent confusion with the -a option (bug #158).
-22) Added new 'map acl inherit' parameter.
-23) Removed unused 'privileges' code from group mapping database.
-24) Don't segfault on empty passdb backend list (bug #136).
-25) Fixed acl sorting algorithm for Windows 2000 clients.
-26) Replace universal group cache with netsamlogon_cache
- from APPLIANCE_HEAD branch.
-27) Fix autoconf detection issues surrounding --with-ads=yes
- but no Krb5 header files installed (bug #152).
-28) Add LDAP lookup for domain sequence number in case we are
- joined using NT4 protocols to a native mode AD domain.
-29) Fix backend method selection for trusted NT 4 (or 2k
- mixed mode) domains.
-30) Fixed bug that caused us to enumerate domain local groups
- from native mode AD domains other than our own.
-31) Correct group enumeration for viewing in the Windows
- security tab (bug #110).
-32) Consolidate the DC location code.
-33) Moved 'ads server' functionality into 'password server' for
- backwards compatibility.
-34) Fix winbindd_idmap tdb upgrades from a 2.2 installation.
- ( if you installed beta1, be sure to
- 'mv idmap.tdb winbindd_idmap.tdb' ).
-35) Fix pdb_ldap segfaults, and wrong default values for
- ldapsam_compat.
-36) Enable negative connection cache for winbindd's ADS backend
- functions.
-37) Enable address caching for active directory DC's so we don't
- have to hit DNS so much.
-38) Fix bug in idmap code that caused mapping to randomly be
- redefined.
-39) Add tdb locking code to prevent race condition when adding a
- new mapping to idmap.
-40) Fix 'map to guest = bad user' when acting as a PDC supporting
- trust relationships.
-41) Prevent deadlock issues when running winbindd on a Samba PDC
- to handle allocating uids & gids for trusted users and groups
-42) added LOCALE patch from Steve Langasek (bug #122).
-43) Add the 'guest' passdb backend automatically to the end of
- the 'passdb backend' list if 'guest account' has a valid
- username.
-44) Remove samstrict_dc auth method. Rework 'samstrict' to only
- handle our local names (or domain name if we are a PDC).
- Move existing permissive 'sam' method to 'sam_ignoredomain'
- and make 'samstrict' the new default 'sam' auth method.
-45) Match Windows NT4/2k behavior when authenticating a user with
- and unknown domain (default to our domain if we are a DC or
- domain member; default to our local name if we are a
- standalone server).
-46) Fix Get_Pwnam() to always fall back to lookup 'user' if the
- 'DOMAIN\user' lookup fails. This matches 2.2. behavior.
-47) Fix the trustdom_cache code to update the list of trusted
- domains when operating as a domain member and not using
- winbindd.
-48) Remove 'nisplussam' passdb backend since it has suffered for
- too long without a maintainer.
-
-
-
-
######################################################################
Upgrading from a previous Samba 3.0 beta
########################################
* domain admin group
* domain guest group
* force unknown acl user
+ * hide local users
+ * mangled stack
* nt smb support
* postscript
* printer driver
* printer driver file
* printer driver location
+ * read size
+ * source environment
* status
* strip dot
* total print jobs
--------------
* auth methods
* realm
+ * passwd chat timeout
Protocol Options
----------------
* ldap idmap suffix
* ldap machine suffix
* ldap passwd sync
+ * ldap replication sleep
* ldap user suffix
General Configuration
----------
A new object class (sambaSamAccount) has been introduced to replace
-the old sambaAccount. This change aids us in the renaming of attributes
-to prevent clashes with attributes from other vendors. There is a
-conversion script (examples/LDAP/convertSambaAccount) to modify and LDIF
-file to the new schema.
+the old sambaAccount. This change aids us in the renaming of
+attributes to prevent clashes with attributes from other vendors.
+There is a conversion script (examples/LDAP/convertSambaAccount) to
+modify and LDIF file to the new schema.
Example:
- $ ldapsearch .... -b "ou=people,dc=..." > old.ldif
- $ convertSambaAccount <DOM SID> old.ldif new.ldif
+ $ ldapsearch .... -b "ou=people,dc=..." > sambaAcct.ldif
+ $ convertSambaAccount --sid=<Domain SID> \
+ --input=sambaAcct.ldif --output=sambaSamAcct.ldif \
+ --changetype=[modify|add]
-The <DOM SID> can be obtained by running 'net getlocalsid <DOMAINNAME>'
-on the Samba PDC as root.
+The <DOM SID> can be obtained by running 'net getlocalsid
+<DOMAINNAME>' on the Samba PDC as root. The changetype determines
+the format of the generated LDIF output--either create new entries
+or modify existing entries.
The old sambaAccount schema may still be used by specifying the
"ldapsam_compat" passdb backend. However, the sambaAccount and
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
- DESC 'Share Name'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
- DESC 'Option Name'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
- DESC 'A boolean option'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
- DESC 'An integer option'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
- DESC 'A string option'
- EQUALITY caseExactIA5Match
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
- DESC 'A string list option'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
DESC 'Structural Class for a SID'
MUST ( sambaSID ) )
-
-
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
- DESC 'Samba Configuration Section'
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
- DESC 'Samba Share Section'
- MUST ( sambaShareName )
- MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.1.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
- DESC 'Samba Configuration Option'
- MUST ( sambaOptionName )
- MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
attributetypes=( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-attributetypes=( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetypes=( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
attributetypes=( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
objectclasses=( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) )
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) )
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) )
-
-objectclasses=( 1.3.6.1.4.1.7165.1.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
LDFLAGS = -L/usr/lib
-all: testsmbc tree testacl testbrowse
+all: testsmbc tree testacl
testsmbc: testsmbc.o
@echo Linking testsmbc
@echo Linking testacl
@$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` -lsmbclient -lpopt $<
-testbrowse: testbrowse.o
- @echo Linking testbrowse
- @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ -lsmbclient -lpopt $<
-
clean:
@rm -f *.o *~
--- /dev/null
+/*
+ nss sample code for extended winbindd functionality
+
+ Copyright (C) Andrew Tridgell (tridge@samba.org)
+
+ you are free to use this code in any way you see fit, including
+ without restriction, using this code in your own products. You do
+ not need to give any attribution.
+*/
+
+#define _GNU_SOURCE
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <nss.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+
+#include "nss_winbind.h"
+
+/*
+ find a function in the nss library
+*/
+static void *find_fn(struct nss_state *nss, const char *name)
+{
+ void *res;
+ char *s = NULL;
+
+ asprintf(&s, "_nss_%s_%s", nss->nss_name, name);
+ if (!s) {
+ errno = ENOMEM;
+ return NULL;
+ }
+ res = dlsym(nss->dl_handle, s);
+ free(s);
+ if (!res) {
+ errno = ENOENT;
+ return NULL;
+ }
+ return res;
+}
+
+/*
+ establish a link to the nss library
+ Return 0 on success and -1 on error
+*/
+int nss_open(struct nss_state *nss, const char *nss_path)
+{
+ char *p;
+ p = strrchr(nss_path, '_');
+ if (!p) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ nss->nss_name = strdup(p+1);
+ p = strchr(nss->nss_name, '.');
+ if (p) *p = 0;
+
+ nss->dl_handle = dlopen(nss_path, RTLD_LAZY);
+ if (!nss->dl_handle) {
+ free(nss->nss_name);
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ close and cleanup a nss state
+*/
+void nss_close(struct nss_state *nss)
+{
+ free(nss->nss_name);
+ dlclose(nss->dl_handle);
+}
+
+/*
+ make a getpwnam call.
+ Return 0 on success and -1 on error
+*/
+int nss_getpwent(struct nss_state *nss, struct passwd *pwd)
+{
+ enum nss_status (*_nss_getpwent_r)(struct passwd *, char *,
+ size_t , int *);
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_getpwent_r = find_fn(nss, "getpwent_r");
+
+ if (!_nss_getpwent_r) {
+ return -1;
+ }
+
+ status = _nss_getpwent_r(pwd, nss->pwnam_buf, sizeof(nss->pwnam_buf),
+ &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ make a setpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_setpwent(struct nss_state *nss)
+{
+ enum nss_status (*_nss_setpwent)(void) = find_fn(nss, "setpwent");
+ enum nss_status status;
+ if (!_nss_setpwent) {
+ return -1;
+ }
+ status = _nss_setpwent();
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = EINVAL;
+ return -1;
+ }
+ return 0;
+}
+
+/*
+ make a endpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_endpwent(struct nss_state *nss)
+{
+ enum nss_status (*_nss_endpwent)(void) = find_fn(nss, "endpwent");
+ enum nss_status status;
+ if (!_nss_endpwent) {
+ return -1;
+ }
+ status = _nss_endpwent();
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = EINVAL;
+ return -1;
+ }
+ return 0;
+}
+
+
+/*
+ convert a name to a SID
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_nametosid(struct nss_state *nss, const char *name, char **sid)
+{
+ enum nss_status (*_nss_nametosid)(const char *, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_nametosid = find_fn(nss, "nametosid");
+
+ if (!_nss_nametosid) {
+ return -1;
+ }
+
+ status = _nss_nametosid(name, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
+/*
+ convert a SID to a name
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_sidtoname(struct nss_state *nss, const char *sid, char **name)
+{
+ enum nss_status (*_nss_sidtoname)(const char *, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_sidtoname = find_fn(nss, "sidtoname");
+
+ if (!_nss_sidtoname) {
+ return -1;
+ }
+
+ status = _nss_sidtoname(sid, name, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *name = strdup(*name);
+
+ return 0;
+}
+
+/*
+ return a list of group SIDs for a user SID
+ the returned list is NULL terminated
+ Return 0 on success and -1 on error
+*/
+int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids)
+{
+ enum nss_status (*_nss_getusersids)(const char *, char **, int *,
+ char *, size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char *s;
+ int i, num_groups = 0;
+ unsigned bufsize = 10;
+ char *buf;
+
+ _nss_getusersids = find_fn(nss, "getusersids");
+
+ if (!_nss_getusersids) {
+ return -1;
+ }
+
+again:
+ buf = malloc(bufsize);
+ if (!buf) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ status = _nss_getusersids(user_sid, &s, &num_groups, buf, bufsize,
+ &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ free(buf);
+ return -1;
+ }
+
+ if (status == NSS_STATUS_TRYAGAIN) {
+ bufsize *= 2;
+ free(buf);
+ goto again;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ free(buf);
+ errno = nss_errno;
+ return -1;
+ }
+
+ if (num_groups == 0) {
+ free(buf);
+ return 0;
+ }
+
+ *sids = (char **)malloc(sizeof(char *) * (num_groups+1));
+ if (! *sids) {
+ errno = ENOMEM;
+ free(buf);
+ return -1;
+ }
+
+ for (i=0;i<num_groups;i++) {
+ (*sids)[i] = strdup(s);
+ s += strlen(s) + 1;
+ }
+ (*sids)[i] = NULL;
+
+ free(buf);
+
+ return 0;
+}
+
+/*
+ convert a sid to a uid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtouid(struct nss_state *nss, const char *sid, uid_t *uid)
+{
+ enum nss_status (*_nss_sidtouid)(const char*, uid_t *, int*);
+
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_sidtouid = find_fn(nss, "sidtouid");
+
+ if (!_nss_sidtouid) {
+ return -1;
+ }
+
+ status = _nss_sidtouid(sid, uid, &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ convert a sid to a gid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtogid(struct nss_state *nss, const char *sid, gid_t *gid)
+{
+ enum nss_status (*_nss_sidtogid)(const char*, gid_t *, int*);
+
+ enum nss_status status;
+ int nss_errno = 0;
+
+ _nss_sidtogid = find_fn(nss, "sidtogid");
+
+ if (!_nss_sidtogid) {
+ return -1;
+ }
+
+ status = _nss_sidtogid(sid, gid, &nss_errno);
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ return 0;
+}
+
+/*
+ convert a uid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_uidtosid(struct nss_state *nss, uid_t uid, char **sid)
+{
+ enum nss_status (*_nss_uidtosid)(uid_t, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_uidtosid = find_fn(nss, "uidtosid");
+
+ if (!_nss_uidtosid) {
+ return -1;
+ }
+
+ status = _nss_uidtosid(uid, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
+/*
+ convert a gid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_gidtosid(struct nss_state *nss, gid_t gid, char **sid)
+{
+ enum nss_status (*_nss_gidtosid)(gid_t, char **, char *,
+ size_t, int *);
+ enum nss_status status;
+ int nss_errno = 0;
+ char buf[200];
+
+ _nss_gidtosid = find_fn(nss, "gidtosid");
+
+ if (!_nss_gidtosid) {
+ return -1;
+ }
+
+ status = _nss_gidtosid(gid, sid, buf, sizeof(buf), &nss_errno);
+ if (status == NSS_STATUS_NOTFOUND) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (status != NSS_STATUS_SUCCESS) {
+ errno = nss_errno;
+ return -1;
+ }
+
+ *sid = strdup(*sid);
+
+ return 0;
+}
+
--- /dev/null
+/*
+ nss sample code for extended winbindd functionality
+
+ Copyright (C) Andrew Tridgell (tridge@samba.org)
+ Copyright (C) Volker Lendecke (vl@samba.org)
+
+ you are free to use this code in any way you see fit, including
+ without restriction, using this code in your own products. You do
+ not need to give any attribution.
+*/
+
+#define _GNU_SOURCE
+
+#include <pwd.h>
+#include <grp.h>
+
+struct nss_state {
+ void *dl_handle;
+ char *nss_name;
+ char pwnam_buf[512];
+};
+
+/*
+ establish a link to the nss library
+ Return 0 on success and -1 on error
+*/
+int nss_open(struct nss_state *nss, const char *nss_path);
+
+/*
+ close and cleanup a nss state
+*/
+void nss_close(struct nss_state *nss);
+
+/*
+ make a getpwnam call.
+ Return 0 on success and -1 on error
+*/
+int nss_getpwent(struct nss_state *nss, struct passwd *pwd);
+
+/*
+ make a setpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_setpwent(struct nss_state *nss);
+
+/*
+ make a endpwent call.
+ Return 0 on success and -1 on error
+*/
+int nss_endpwent(struct nss_state *nss);
+
+/*
+ convert a name to a SID
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_nametosid(struct nss_state *nss, const char *name, char **sid);
+
+/*
+ convert a SID to a name
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_sidtoname(struct nss_state *nss, const char *sid, char **name);
+
+/*
+ return a list of group SIDs for a user SID
+ the returned list is NULL terminated
+ Return 0 on success and -1 on error
+*/
+int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids);
+
+/*
+ convert a sid to a uid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtouid(struct nss_state *nss, const char *sid, uid_t *uid);
+
+/*
+ convert a sid to a gid
+ Return 0 on success and -1 on error
+*/
+int nss_sidtogid(struct nss_state *nss, const char *sid, gid_t *gid);
+
+/*
+ convert a uid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_uidtosid(struct nss_state *nss, uid_t uid, char **sid);
+
+/*
+ convert a gid to a sid
+ caller frees
+ Return 0 on success and -1 on error
+*/
+int nss_gidtosid(struct nss_state *nss, gid_t gid, char **sid);
/*
compile like this:
- cc -o wbtest wbtest.c -ldl
+ cc -o wbtest wbtest.c nss_winbind.c -ldl
and run like this:
#include <string.h>
#include <sys/types.h>
-typedef enum nss_status NSS_STATUS;
-
-struct nss_state {
- void *dl_handle;
- char *nss_name;
- char pwnam_buf[512];
-};
-
-/*
- find a function in the nss library
-*/
-static void *find_fn(struct nss_state *nss, const char *name)
-{
- void *res;
- char *s = NULL;
-
- asprintf(&s, "_nss_%s_%s", nss->nss_name, name);
- if (!s) {
- errno = ENOMEM;
- return NULL;
- }
- res = dlsym(nss->dl_handle, s);
- free(s);
- if (!res) {
- errno = ENOENT;
- return NULL;
- }
- return res;
-}
-
-/*
- establish a link to the nss library
- Return 0 on success and -1 on error
-*/
-int nss_open(struct nss_state *nss, const char *nss_path)
-{
- char *p;
- p = strrchr(nss_path, '_');
- if (!p) {
- errno = EINVAL;
- return -1;
- }
-
- nss->nss_name = strdup(p+1);
- p = strchr(nss->nss_name, '.');
- if (p) *p = 0;
-
- nss->dl_handle = dlopen(nss_path, RTLD_LAZY);
- if (!nss->dl_handle) {
- free(nss->nss_name);
- return -1;
- }
-
- return 0;
-}
-
-/*
- close and cleanup a nss state
-*/
-void nss_close(struct nss_state *nss)
-{
- free(nss->nss_name);
- dlclose(nss->dl_handle);
-}
-
-/*
- make a getpwnam call.
- Return 0 on success and -1 on error
-*/
-int nss_getpwent(struct nss_state *nss, struct passwd *pwd)
-{
- NSS_STATUS (*_nss_getpwent_r)(struct passwd *, char *,
- size_t , int *) = find_fn(nss, "getpwent_r");
- NSS_STATUS status;
- int nss_errno = 0;
-
- if (!_nss_getpwent_r) {
- return -1;
- }
-
- status = _nss_getpwent_r(pwd, nss->pwnam_buf, sizeof(nss->pwnam_buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- return 0;
-}
-
-/*
- make a setpwent call.
- Return 0 on success and -1 on error
-*/
-int nss_setpwent(struct nss_state *nss)
-{
- NSS_STATUS (*_nss_setpwent)(void) = find_fn(nss, "setpwent");
- NSS_STATUS status;
- if (!_nss_setpwent) {
- return -1;
- }
- status = _nss_setpwent();
- if (status != NSS_STATUS_SUCCESS) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-/*
- make a endpwent call.
- Return 0 on success and -1 on error
-*/
-int nss_endpwent(struct nss_state *nss)
-{
- NSS_STATUS (*_nss_endpwent)(void) = find_fn(nss, "endpwent");
- NSS_STATUS status;
- if (!_nss_endpwent) {
- return -1;
- }
- status = _nss_endpwent();
- if (status != NSS_STATUS_SUCCESS) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-
-/*
- convert a name to a SID
- caller frees
- Return 0 on success and -1 on error
-*/
-int nss_nametosid(struct nss_state *nss, const char *name, char **sid)
-{
- NSS_STATUS (*_nss_nametosid)(const char *, char **, char *, size_t, int *) =
- find_fn(nss, "nametosid");
- NSS_STATUS status;
- int nss_errno = 0;
- char buf[200];
-
- if (!_nss_nametosid) {
- return -1;
- }
-
- status = _nss_nametosid(name, sid, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- *sid = strdup(*sid);
-
- return 0;
-}
-
-/*
- convert a SID to a name
- caller frees
- Return 0 on success and -1 on error
-*/
-int nss_sidtoname(struct nss_state *nss, char *sid, char **name)
-{
- NSS_STATUS (*_nss_sidtoname)(const char *, char **, char *, size_t, int *) =
- find_fn(nss, "sidtoname");
- NSS_STATUS status;
- int nss_errno = 0;
- char buf[200];
-
- if (!_nss_sidtoname) {
- return -1;
- }
-
- status = _nss_sidtoname(sid, name, buf, sizeof(buf), &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- return -1;
- }
- if (status != NSS_STATUS_SUCCESS) {
- errno = nss_errno;
- return -1;
- }
-
- *name = strdup(*name);
-
- return 0;
-}
-
-/*
- return a list of group SIDs for a user SID
- the returned list is NULL terminated
- Return 0 on success and -1 on error
-*/
-int nss_getusersids(struct nss_state *nss, const char *user_sid, char ***sids)
-{
- NSS_STATUS (*_nss_getusersids)(const char *, char **, int *, char *, size_t, int *) =
- find_fn(nss, "getusersids");
- NSS_STATUS status;
- int nss_errno = 0;
- char *s;
- int i, num_groups = 0;
- unsigned bufsize = 10;
- char *buf;
-
- if (!_nss_getusersids) {
- return -1;
- }
-
-again:
- buf = malloc(bufsize);
- if (!buf) {
- errno = ENOMEM;
- return -1;
- }
-
- status = _nss_getusersids(user_sid, &s, &num_groups, buf, bufsize, &nss_errno);
- if (status == NSS_STATUS_NOTFOUND) {
- errno = ENOENT;
- free(buf);
- return -1;
- }
-
- if (status == NSS_STATUS_TRYAGAIN) {
- bufsize *= 2;
- free(buf);
- goto again;
- }
-
- if (status != NSS_STATUS_SUCCESS) {
- free(buf);
- errno = nss_errno;
- return -1;
- }
-
- if (num_groups == 0) {
- free(buf);
- return 0;
- }
-
- *sids = (char **)malloc(sizeof(char *) * (num_groups+1));
- if (! *sids) {
- errno = ENOMEM;
- free(buf);
- return -1;
- }
-
- for (i=0;i<num_groups;i++) {
- (*sids)[i] = strdup(s);
- s += strlen(s) + 1;
- }
- (*sids)[i] = NULL;
-
- free(buf);
-
- return 0;
-}
-
+#include "nss_winbind.h"
static int nss_test_users(struct nss_state *nss)
{
+++ /dev/null
-#!/bin/sh
-
-# This script is an input filter for printcap printing on a unix machine. It
-# uses the smbclient program to print the file to the specified smb-based
-# server and service.
-# For example you could have a printcap entry like this
-#
-# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint
-#
-# which would create a unix printer called "smb" that will print via this
-# script. You will need to create the spool directory /usr/spool/smb with
-# appropriate permissions and ownerships for your system.
-
-# Set these to the server and service you wish to print to
-# In this example I have a WfWg PC called "lapland" that has a printer
-# exported called "printer" with no password.
-
-#
-# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton)
-# so that the server, service, and password can be read from
-# a /usr/var/spool/lpd/PRINTNAME/.config file.
-#
-# Script further modified by Richard Sharpe to fix some things.
-# Get rid of the -x on the first line, and add parameters
-#
-# -t now causes translate to be used when sending files
-#
-# In order for this to work the /etc/printcap entry must include an
-# accounting file (af=...):
-#
-# cdcolour:\
-# :cm=CD IBM Colorjet on 6th:\
-# :sd=/var/spool/lpd/cdcolour:\
-# :af=/var/spool/lpd/cdcolour/acct:\
-# :if=/usr/local/etc/smbprint:\
-# :mx=0:\
-# :lp=/dev/null:
-#
-# The /usr/var/spool/lpd/PRINTNAME/.config file should contain:
-# server=PC_SERVER
-# service=PR_SHARENAME
-# password="password"
-#
-# E.g.
-# server=PAULS_PC
-# service=CJET_371
-# password=""
-
-#
-# Debugging log file, change to /dev/null if you like.
-#
-logfile=/tmp/smb-print.log
-# logfile=/dev/null
-
-
-#
-# The last parameter to the filter is the accounting file name.
-# Extract the directory name from the file name.
-# Concat this with /.config to get the config file.
-#
-TRANS=0
-eval acct_file=\${$#}
-spool_dir=`dirname $acct_file`
-config_file=$spool_dir/.config
-
-# Should read the following variables set in the config file:
-# server
-# service
-# password
-eval `cat $config_file`
-
-while getopts t c; do
- case $c in
- t)
- TRANS=1
- ;;
-
- '?') # Bad parameters, ignore it ...
- ;;
- esac
-done
-#
-# Some debugging help, change the >> to > if you want to same space.
-#
-echo "server $server, service $service" >> $logfile
-
-(
-# NOTE You may wish to add the line `echo translate' if you want automatic
-# CR/LF translation when printing.
- if [ $TRANS -eq 1 ]; then
- echo translate
- fi
- echo "print -"
- cat
-) | /usr/local/samba/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile
##
## Usgae: ./make-tarball.sh
+DOCSDIR=../samba-docs/
USING_SAMBA=../using_samba/
SRCDIR=`pwd`
fi
+if [ ! -d $DOCSDIR ]; then
+
+ echo Cannot find samba-docs \(assuming $DOCSDIR\).
+ echo Please set the DOCSDIR variable in this script
+ echo to the correct path.
+
+ exit 1
+
+fi
+
+
VERSION=`grep SAMBA_VERSION_OFFICIAL_STRING source/include/version.h | cut -d\" -f2 | sed 's/ /_/g'`
TARBALLDIR=/tmp/samba-$VERSION
mkdir $TARBALLDIR
rsync -aC ./ $TARBALLDIR
+/bin/rm -rf $TARBALLDIR/docs/*
+rsync -aC $DOCSDIR/ $TARBALLDIR/docs/
rsync -aC $USING_SAMBA $TARBALLDIR/docs/htmldocs/
echo Creating packaging scripts...
Building Debian packages is not as hard as some people might think.
The following instructions will allow you to build your own Samba
Debian packages. These instructions and the files in packaging/Debian/
-are current as of Samba 3.0.0, and allow you to build Debian packages
-for Debian unstable (so you need some development packages available
-only in Debian unstable.) If you are using something newer than 3.0.0
-you might want to try to follow the instructions to see if patches
-apply cleanly. If some patches don't apply cleanly please e-mail
+should be current as of Samba 3.0.2, and allow you to build Debian
+packages for Debian unstable (so you need some development packages
+available only in Debian unstable.) If you are using something newer
+than 3.0.2 you might want to try to follow the instructions to see if
+patches apply cleanly. If some patches don't apply cleanly please e-mail
samba@packages.debian.org since we might have fixed patches that we have
not yet integrated into upstream Samba.
devscripts, etc.):
autoconf
- debhelper
+ debhelper (>= 4.1.13)
libpam0g-dev
libreadline4-dev
libcupsys2-dev
build the samba packages on Debian is to look for the Build-Depends:
field in the file debian/control.
-1) cd samba[-<version>]. For example, "cd samba-3.0.0rc2".
-2) cp -a packaging/Debian/debian/ debian
+1) cd samba[-<version>]. For example, "cd samba-3.0.2".
+2) cp -a packaging/Debian/debian/ .
It's important that you copy instead of symlink because the build
tools in Potato have a problem that prevents the build to work with
- a symlink.
+ a symlink. If you are running a recent Debian distribution you don't
+ have to copy the directory and you can use a symlink instead:
+ "ln -s packaging/Debian/debian/ ."
3) dch -i (this is completely optional - only do it if you understand
Debian version numbers! Don't complain later if you can't upgrade
to official versions of the Samba packages for Debian.)
- Edit the changelog and make sure the version is right. For example,
- for Samba 3.0.0beta3, the version number should something like
- 3.0.0beta3-0.1.
-4) Run 'debian/rules binary'.
- - It is better that you prefix the above command with 'fakeroot'.
- If you have problems you might try building as root.
+ for Samba 3.0.2, the version number should something like 3.0.2-0.1.
+4) Run 'fakeroot debian/rules binary'.
5) That's it. Your new packages should be in ../. Install with dpkg.
Please e-mail samba@packages.debian.org with comments, questions or
Building Debian packages is not as hard as some people might think.
The following instructions will allow you to build your own Samba
Debian packages. These instructions and the files in packaging/Debian/
-are current as of Samba 3.0.0, and allow you to build Debian packages
-for Debian unstable (so you need some development packages available
-only in Debian unstable.) If you are using something newer than 3.0.0
-you might want to try to follow the instructions to see if patches
-apply cleanly. If some patches don't apply cleanly please e-mail
+should be current as of Samba 3.0.2, and allow you to build Debian
+packages for Debian unstable (so you need some development packages
+available only in Debian unstable.) If you are using something newer
+than 3.0.2 you might want to try to follow the instructions to see if
+patches apply cleanly. If some patches don't apply cleanly please e-mail
samba@packages.debian.org since we might have fixed patches that we have
not yet integrated into upstream Samba.
devscripts, etc.):
autoconf
- debhelper
+ debhelper (>= 4.1.13)
libpam0g-dev
libreadline4-dev
libcupsys2-dev
build the samba packages on Debian is to look for the Build-Depends:
field in the file debian/control.
-1) cd samba[-<version>]. For example, "cd samba-3.0.0rc2".
-2) cp -a packaging/Debian/debian/ debian
+1) cd samba[-<version>]. For example, "cd samba-3.0.2".
+2) cp -a packaging/Debian/debian/ .
It's important that you copy instead of symlink because the build
tools in Potato have a problem that prevents the build to work with
- a symlink.
+ a symlink. If you are running a recent Debian distribution you don't
+ have to copy the directory and you can use a symlink instead:
+ "ln -s packaging/Debian/debian/ ."
3) dch -i (this is completely optional - only do it if you understand
Debian version numbers! Don't complain later if you can't upgrade
to official versions of the Samba packages for Debian.)
- Edit the changelog and make sure the version is right. For example,
- for Samba 3.0.0beta3, the version number should something like
- 3.0.0beta3-0.1.
-4) Run 'debian/rules binary'.
- - It is better that you prefix the above command with 'fakeroot'.
- If you have problems you might try building as root.
+ for Samba 3.0.2, the version number should something like 3.0.2-0.1.
+4) Run 'fakeroot debian/rules binary'.
5) That's it. Your new packages should be in ../. Install with dpkg.
Please e-mail samba@packages.debian.org with comments, questions or
-samba (3.0.0-1) unstable; urgency=low
+samba (3.0.2-0.1) unstable; urgency=low
- * Local build.
+ * New upstream release.
+
+ -- Debian User <debian-user@somewhere.net> Wed, 4 Feb 2004 23:15:46 -0500
+
+samba (3.0.1-2) unstable; urgency=low
+
+ * Include ntlm_auth's man page.
+ * Don't create directories outside of the source directory during
+ package build time. (closes: #227221, #227238, #225862)
+ * Don't include the "Using Samba" book in the swat package, just a
+ symlink that points to the book included in the samba-doc package.
+
+ -- Eloy A. Paris <peloy@debian.org> Tue, 13 Jan 2004 13:48:13 -0500
+
+samba (3.0.1-1) unstable; urgency=low
+
+ * New upstream version (closes: #225565)
+ * Add support in the dhcp hook for netbios scope, and handle better
+ the case of multiple DHCP-using interfaces (closes: #224109).
+ * Use "tail -n 1 ..." instead of "tail -1 ..." so POSIX-compliant
+ tail works. Thanks to Paul Eggert <eggert@twinsun.com>.
+ * Include /usr/bin/ntlm_auth in the winbind package.
+ * Run configure with "--with-piddir=/var/run/samba" since the
+ default got changed to /var/run in this new upstream version.
+
+ -- Eloy A. Paris <peloy@debian.org> Tue, 30 Dec 2003 16:21:31 -0500
+
+samba (3.0.0final-1) unstable; urgency=low
+
+ * It's here, it's here, it's here, Samba 3.0.0 is here!
+ * Incorporate Japanese debconf translations; thanks to Kenshi Muto
+ <kmuto@debian.org>. (closes: #209291)
- -- Debian User <somebody@somewhere.com> Tue, 23 Sep 2003 21:50:26 -0400
+ -- Eloy A. Paris <peloy@debian.org> Thu, 25 Sep 2003 13:39:28 -0400
samba (3.0.0beta2+3.0.0rc4-1) unstable; urgency=low
samba (3.0.0beta2+3.0.0rc2-1) unstable; urgency=low
* New upstream release.
- * Incorporate Dutch debconf translations; thanks to Bart Cornelis
- <cobaco@linux.be>. (closes: #207824)
* Link against libgnutls7 instead of libgnutls5. (closes: #208151)
-- Eloy A. Paris <peloy@debian.org> Tue, 2 Sep 2003 21:37:13 -0400
--- samba_3_0/docs/manpages/swat.8.orig 2003-06-06 16:16:24.000000000 -0400
+++ samba_3_0/docs/manpages/swat.8 2003-06-06 16:25:13.000000000 -0400
-@@ -89,6 +89,13 @@
+@@ -91,6 +91,13 @@
.SH "INSTALLATION"
.PP
Swat is included as binary package with most distributions\&. The package manager in this case takes care of the installation and configuration\&. This section is only for those who have compiled swat from scratch\&.
.PP
-@@ -96,15 +103,15 @@
+@@ -98,15 +105,15 @@
.TP 3
\(bu
.LP
-@@ -114,7 +121,7 @@
+@@ -116,7 +123,7 @@
You need to edit your \fI/etc/inetd\&.conf \fR and \fI/etc/services\fR to enable SWAT to be launched via \fBinetd\fR\&.
.PP
.PP
\fBswat 901/tcp\fR
-@@ -126,10 +133,10 @@
+@@ -128,10 +135,10 @@
the choice of port number isn't really important except that it should be less than 1024 and not currently used (using a number above 1024 presents an obscure security hole depending on the implementation details of your\fBinetd\fR daemon)\&.
.PP
+In \fI/etc/inetd\&.conf\fR you should add a line like this (not needed for Debian since the maintainer scripts do it. You need to uncomment the line, though, because it is added commented out for security reasons):
.PP
--\fBswat stream tcp nowait.400 root /usr/local/samba/bin/swat swat\fR
+-\fBswat stream tcp nowait\&.400 root /usr/local/samba/bin/swat swat\fR
+\fBswat stream tcp nowait.400 root /usr/sbin/swat swat\fR
.PP
- One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill -1 PID \fR where PID is the process ID of the inetd daemon\&.
-@@ -155,8 +162,8 @@
+ One you have edited \fI/etc/services\fR and \fI/etc/inetd\&.conf\fR you need to send a HUP signal to inetd\&. To do this use \fBkill \-1 PID \fR where PID is the process ID of the inetd daemon\&.
+@@ -157,8 +164,8 @@
.TP
-\fI/usr/local/samba/lib/smb\&.conf\fR
--This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
+-This is the default location of the \fBsmb\&.conf\fR(5) server configuration file that swat edits\&. Other common places that systems install this file are \fI /usr/samba/lib/smb\&.conf\fR and \fI/etc/smb\&.conf \fR\&. This file describes all the services the server is to make available to clients\&.
+\fI/etc/samba/smb\&.conf\fR
+This is the default location of the \fBsmb.conf\fR(5) server configuration file that swat edits\&. This file describes all the services the server is to make available to clients\&.
diff -uNr samba-3.0.0beta2.orig/source/Makefile.in samba-3.0.0beta2/source/Makefile.in
--- samba-3.0.0beta2.orig/source/Makefile.in 2003-07-02 23:26:46.000000000 -0500
+++ samba-3.0.0beta2/source/Makefile.in 2003-07-02 23:19:46.000000000 -0500
-@@ -67,6 +67,7 @@
- CONFIGDIR = @configdir@
- VARDIR = @localstatedir@
- MANDIR = @mandir@
-+DATADIR = @datadir@
-
- # The permissions to give the executables
- INSTALLPERMS = 0755
-@@ -90,6 +91,13 @@
+@@ -92,6 +93,13 @@
# the directory where lock files go
LOCKDIR = @lockdir@
# the directory where pid files go
PIDDIR = @piddir@
# man pages language(s)
-@@ -114,7 +122,7 @@
+@@ -116,7 +124,7 @@
PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" -DPIDDIR=\"$(PIDDIR)\"
PATH_FLAGS5 = $(PATH_FLAGS4) -DLIBDIR=\"$(LIBDIR)\" \
-DLOGFILEBASE=\"$(LOGFILEBASE)\" -DSHLIBEXT=\"@SHLIBEXT@\"
PATH_FLAGS = $(PATH_FLAGS6) $(PASSWD_FLAGS)
# Note that all executable programs now provide for an optional executable suffix.
-@@ -1203,7 +1211,7 @@
+@@ -1234,7 +1242,7 @@
@$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(DESTDIR)$(BINDIR) $(SCRIPTS)
installdat: installdirs
installswat: installdirs
@$(SHELL) $(srcdir)/script/installswat.sh $(DESTDIR)$(SWATDIR) $(srcdir)
-diff -uNr samba-3.0.0beta2.orig/source/configure.in samba-3.0.0beta2/source/configure.in
---- samba-3.0.0beta2.orig/source/configure.in 2003-07-02 23:26:47.000000000 -0500
-+++ samba-3.0.0beta2/source/configure.in 2003-07-02 23:19:02.000000000 -0500
-@@ -17,18 +17,25 @@
+--- samba-3.0.1/source/configure.in.orig 2003-12-17 11:05:40.000000000 -0500
++++ samba-3.0.1/source/configure.in 2003-12-17 11:05:42.000000000 -0500
+@@ -17,19 +17,26 @@
AC_ARG_WITH(fhs,
[ --with-fhs Use FHS-compliant paths (default=no)],
configdir="${sysconfdir}/samba"
-- lockdir="\${VARDIR}/cache/samba"
+- lockdir="\${VARDIR}/lib/samba"
+ lockdir="\${VARDIR}/run/samba"
- piddir="\${VARDIR}/run/samba"
+ piddir="\${VARDIR}/run"
+ mandir="\${prefix}/share/man"
logfilebase="\${VARDIR}/log/samba"
privatedir="\${CONFIGDIR}/private"
libdir="\${prefix}/lib/samba"
#################################################
# set private directory location
-@@ -134,6 +141,9 @@
+@@ -154,6 +161,9 @@
AC_SUBST(swatdir)
AC_SUBST(bindir)
AC_SUBST(sbindir)
diff -uNr samba-3.0.0beta2.orig/source/intl/lang_tdb.c samba-3.0.0beta2/source/intl/lang_tdb.c
--- samba-3.0.0beta2.orig/source/intl/lang_tdb.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/intl/lang_tdb.c 2003-07-02 23:19:02.000000000 -0500
-@@ -123,7 +123,7 @@
+@@ -128,7 +128,7 @@
/* if no lang then we don't translate */
if (!lang) return True;
if (stat(msg_path, &st) != 0) {
/* the msg file isn't available */
free(msg_path);
-@@ -131,7 +131,7 @@
+@@ -136,7 +136,7 @@
}
diff -uNr samba-3.0.0beta2.orig/source/lib/util.c samba-3.0.0beta2/source/lib/util.c
--- samba-3.0.0beta2.orig/source/lib/util.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/lib/util.c 2003-07-02 23:19:02.000000000 -0500
-@@ -2190,6 +2190,61 @@
+@@ -2195,6 +2195,61 @@
}
/**
pstrcat(fname,SERVER_LIST);
--- samba-3.0.0rc2/source/nmbd/nmbd_winsserver.c.orig 2003-08-28 17:42:44.000000000 -0400
+++ samba-3.0.0rc2/source/nmbd/nmbd_winsserver.c 2003-08-31 08:09:11.000000000 -0400
-@@ -228,7 +228,7 @@
+@@ -234,7 +234,7 @@
add_samba_names_to_subnet(wins_server_subnet);
DEBUG(2,("initialise_wins: Can't open wins database file %s. Error was %s\n",
WINS_LIST, strerror(errno) ));
return True;
-@@ -1759,7 +1759,7 @@
+@@ -1765,7 +1765,7 @@
}
}
diff -uNr samba-3.0.0beta2.orig/source/nsswitch/winbindd_cache.c samba-3.0.0beta2/source/nsswitch/winbindd_cache.c
--- samba-3.0.0beta2.orig/source/nsswitch/winbindd_cache.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/nsswitch/winbindd_cache.c 2003-07-02 23:19:02.000000000 -0500
-@@ -56,7 +56,7 @@
+@@ -57,7 +57,7 @@
if (opt_nocache)
return;
diff -uNr samba-3.0.0beta2.orig/source/nsswitch/winbindd_util.c samba-3.0.0beta2/source/nsswitch/winbindd_util.c
--- samba-3.0.0beta2.orig/source/nsswitch/winbindd_util.c 2003-07-01 15:44:25.000000000 -0500
+++ samba-3.0.0beta2/source/nsswitch/winbindd_util.c 2003-07-02 23:19:02.000000000 -0500
-@@ -813,7 +813,7 @@
+@@ -874,7 +874,7 @@
SMB_STRUCT_STAT stbuf;
TDB_CONTEXT *idmap_tdb;
diff -uNr samba-3.0.0beta2.orig/source/passdb/secrets.c samba-3.0.0beta2/source/passdb/secrets.c
--- samba-3.0.0beta2.orig/source/passdb/secrets.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/passdb/secrets.c 2003-07-02 23:19:02.000000000 -0500
-@@ -37,8 +37,7 @@
+@@ -38,8 +38,7 @@
if (tdb)
return True;
diff -uNr samba-3.0.0beta2.orig/source/printing/printing.c samba-3.0.0beta2/source/printing/printing.c
--- samba-3.0.0beta2.orig/source/printing/printing.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/printing/printing.c 2003-07-02 23:19:02.000000000 -0500
-@@ -174,8 +174,8 @@
+@@ -175,8 +175,8 @@
if (local_pid == sys_getpid())
return True;
diff -uNr samba-3.0.0beta2.orig/source/printing/printing_db.c samba-3.0.0beta2/source/printing/printing_db.c
--- samba-3.0.0beta2.orig/source/printing/printing_db.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/printing/printing_db.c 2003-07-02 23:19:02.000000000 -0500
-@@ -86,7 +86,7 @@
+@@ -87,7 +87,7 @@
DLIST_ADD(print_db_head, p);
}
diff -uNr samba-3.0.0beta2.orig/source/smbd/lanman.c samba-3.0.0beta2/source/smbd/lanman.c
--- samba-3.0.0beta2.orig/source/smbd/lanman.c 2003-07-02 23:26:47.000000000 -0500
+++ samba-3.0.0beta2/source/smbd/lanman.c 2003-07-02 23:19:02.000000000 -0500
-@@ -966,9 +966,9 @@
+@@ -970,9 +970,9 @@
BOOL local_list_only;
int i;
---- samba_3_0/source/script/installswat.sh.orig 2003-08-28 18:03:10.000000000 -0400
-+++ samba_3_0/source/script/installswat.sh 2003-08-28 18:11:14.000000000 -0400
-@@ -9,7 +9,7 @@
- echo Installing the Samba Web Administration Tool
+--- samba-3.0.1/source/script/installswat.sh.orig 2004-01-13 13:43:42.000000000 -0500
++++ samba-3.0.1/source/script/installswat.sh 2004-01-13 12:56:49.000000000 -0500
+@@ -85,7 +85,11 @@
- LANGS=". `cd $SRCDIR../swat/; /bin/echo lang/??`"
--echo Installing langs are `cd $SRCDIR../swat/lang/; /bin/echo ??`
-+echo Installing the following additional langs: `cd $SRCDIR../swat/lang/; /bin/echo ??`
-
- for ln in $LANGS; do
- SWATLANGDIR=$SWATDIR/$ln
-@@ -23,21 +23,17 @@
- fi
- fi
- done
--done
--
--# Install images
--for ln in $LANGS; do
-
--for f in $SRCDIR../swat/$ln/images/*.gif; do
-+ # Install images
-+ for f in $SRCDIR../swat/$ln/images/*.gif; do
- FNAME=$SWATDIR/$ln/images/`basename $f`
- echo $FNAME
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- chmod 0644 $FNAME
--done
--
--# Install html help
-+ done
-
--for f in $SRCDIR../swat/$ln/help/*.html; do
-+ # Install html help
-+ for f in $SRCDIR../swat/$ln/help/*.html; do
- FNAME=$SWATDIR/$ln/help/`basename $f`
- echo $FNAME
- if [ "x$BOOKDIR" = "x" ]; then
-@@ -49,26 +45,24 @@
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- rm -f $f
- chmod 0644 $FNAME
--done
--
--# Install html documentation
--
--for f in $SRCDIR../docs/htmldocs/*.html; do
-- FNAME=$SWATDIR/help/`basename $f`
-- echo $FNAME
-- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
-- chmod 0644 $FNAME
--done
--
--# Install "server-side" includes
-+ done
+ # Install Using Samba book (but only if it is there)
--for f in $SRCDIR../swat/$ln/include/*.html; do
-+ # Install "server-side" includes
-+ for f in $SRCDIR../swat/$ln/include/*.html; do
- FNAME=$SWATDIR/$ln/include/`basename $f`
- echo $FNAME
- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
- chmod 0644 $FNAME
-+ done
-+
- done
+-if [ "x$BOOKDIR" != "x" -a -f $SRCDIR../docs/htmldocs/using_samba/toc.html ]; then
++# Under Debian we don't actually install the book. The book is part of
++# the samba-doc package, so we just provide a symlink that points to
++# where the book is actually installed. The symlink is created in
++# debian/rules.
++if /bin/false; then
-+# Install html documentation
-+for f in $SRCDIR../docs/htmldocs/*.html; do
-+ FNAME=$SWATDIR/help/`basename $f`
-+ echo $FNAME
-+ ln -s ../../../doc/samba-doc/htmldocs/`basename $f` $FNAME || echo Cannot install $FNAME. Does $USER have privileges?
-+ chmod 0644 $FNAME
- done
+ # Create directories
- # Install Using Samba book (but only if it is there)
}
strupper_m(username);
}
-diff -uNr samba-3.0.0beta1.orig/source/script/installbin.sh samba-3.0.0beta1/source/script/installbin.sh
---- samba-3.0.0beta1.orig/source/script/installbin.sh 2002-04-22 13:16:20.000000000 -0500
-+++ samba-3.0.0beta1/source/script/installbin.sh 2003-06-30 20:12:22.000000000 -0500
-@@ -22,9 +22,11 @@
+diff -uNr samba-3.0.0beta1.orig/source/web/diagnose.c samba-3.0.0beta1/source/web/diagnose.c
+--- samba-3.0.0beta1.orig/source/web/diagnose.c 2003-06-07 12:57:41.000000000 -0500
++++ samba-3.0.0beta1/source/web/diagnose.c 2003-06-30 20:12:22.000000000 -0500
+@@ -66,6 +66,7 @@
+ static struct cli_state cli;
+ extern struct in_addr loopback_ip;
+
++ loopback_ip.s_addr = htonl((127 << 24) + 1);
+ if (!cli_initialise(&cli))
+ return False;
+
+--- samba-3.0.1/source/script/installbin.sh.orig 2003-10-10 14:08:36.000000000 -0400
++++ samba-3.0.1/source/script/installbin.sh 2003-12-17 10:51:45.000000000 -0500
+@@ -24,12 +24,14 @@
chmod $INSTALLPERMS $BINDIR/$p2
# this is a special case, mount needs this in a specific location
- if [ $p2 = smbmount ]; then
-- ln -sf $BINDIR/$p2 /sbin/mount.smbfs
+- if [ ! -d $DESTDIR/sbin ]; then
+- mkdir $DESTDIR/sbin
+- fi
+- ln -sf $BINDIR/$p2 $DESTDIR/sbin/mount.smbfs
- fi
+# Commented out for the Debian Samba package. We take care of this
-+# important symlink in debian/rules. (peloy@debian.org)
++# important symlink in debian/rules. (peloy@debian.org)
+# if [ $p2 = smbmount ]; then
-+# ln -sf $BINDIR/$p2 /sbin/mount.smbfs
++# if [ ! -d $DESTDIR/sbin ]; then
++# mkdir $DESTDIR/sbin
++# fi
++# ln -sf $BINDIR/$p2 $DESTDIR/sbin/mount.smbfs
+# fi
done
-diff -uNr samba-3.0.0beta1.orig/source/smbd/service.c samba-3.0.0beta1/source/smbd/service.c
---- samba-3.0.0beta1.orig/source/smbd/service.c 2003-06-07 12:57:39.000000000 -0500
-+++ samba-3.0.0beta1/source/smbd/service.c 2003-06-30 20:12:57.000000000 -0500
-@@ -887,6 +887,9 @@
- file_close_conn(conn);
- dptr_closecnum(conn);
-
-+ /* make sure we leave the directory available for unmount */
-+ vfs_ChDir(conn, "/");
-+
- /* execute any "postexec = " line */
- if (*lp_postexec(SNUM(conn)) &&
- change_to_user(conn, vuid)) {
-@@ -906,8 +909,5 @@
- smbrun(cmd,NULL);
- }
-
-- /* make sure we leave the directory available for unmount */
-- vfs_ChDir(conn, "/");
--
- conn_free(conn);
- }
-diff -uNr samba-3.0.0beta1.orig/source/smbwrapper/smbsh.c samba-3.0.0beta1/source/smbwrapper/smbsh.c
---- samba-3.0.0beta1.orig/source/smbwrapper/smbsh.c 2003-06-07 12:57:40.000000000 -0500
-+++ samba-3.0.0beta1/source/smbwrapper/smbsh.c 2003-06-30 20:12:22.000000000 -0500
-@@ -36,7 +36,7 @@
- int main(int argc, char *argv[])
- {
- char *p, *u;
-- const char *libd = dyn_BINDIR;
-+ const char *libd = dyn_LIBDIR;
- pstring line, wd;
- int opt;
- extern char *optarg;
-diff -uNr samba-3.0.0beta1.orig/source/web/diagnose.c samba-3.0.0beta1/source/web/diagnose.c
---- samba-3.0.0beta1.orig/source/web/diagnose.c 2003-06-07 12:57:41.000000000 -0500
-+++ samba-3.0.0beta1/source/web/diagnose.c 2003-06-30 20:12:22.000000000 -0500
-@@ -70,6 +70,7 @@
- static struct cli_state cli;
- extern struct in_addr loopback_ip;
-
-+ loopback_ip.s_addr = htonl((127 << 24) + 1);
- if (!cli_initialise(&cli))
- return False;
-
diff -uNr samba-2.999+3.0.alpha21.orig/source/utils/status.c samba-2.999+3.0.alpha21/source/utils/status.c
--- samba-2.999+3.0.alpha21.orig/source/utils/status.c 2002-11-26 20:54:22.000000000 -0600
+++ samba-2.999+3.0.alpha21/source/utils/status.c 2002-12-16 23:37:14.000000000 -0600
-@@ -630,6 +630,16 @@
+@@ -667,6 +667,16 @@
if (!shares_only) {
int ret;
--- /dev/null
+#
+# Translators, if you are not familiar with the PO format, gettext
+# documentation is worth reading, especially sections dedicated to
+# this format, e.g. by running:
+# info -n '(gettext)PO Files'
+# info -n '(gettext)Header Entry'
+#
+# Some information specific to po-debconf are available at
+# /usr/share/doc/po-debconf/README-trans
+# or http://www.debian.org/intl/l10n/po-debconf/README-trans
+#
+# Developers do not need to manually edit POT or PO files.
+#
+#, fuzzy
+msgid ""
+msgstr ""
+"Project-Id-Version: PACKAGE VERSION\n"
+"Report-Msgid-Bugs-To: \n"
+"POT-Creation-Date: 2003-08-30 19:08-0500\n"
+"PO-Revision-Date: 2003-09-09 09:26+0900\n"
+"Last-Translator: Kenshi Muto <kmuto@debian.org>\n"
+"Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
+"MIME-Version: 1.0\n"
+"Content-Type: text/plain; charset=EUC-JP\n"
+"Content-Transfer-Encoding: 8bit\n"
+
+#. Description
+#: ../samba-common.templates:3
+msgid "Character Set for Unix filesystem"
+msgstr "Unix ¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¸þ¤±¤Îʸ»ú¥»¥Ã¥È"
+
+#. Description
+#: ../samba-common.templates:3
+msgid ""
+"You currently have a \"character set\" configured in your smb.conf. In "
+"Samba 3.0, this option is replaced by a new option, \"unix charset\". Please "
+"specify the character set you wish to use for theis new option, which "
+"controls how Samba interprets filenames on the file system."
+msgstr "¸½ºß¡¢smb.conf ¤ËÀßÄêºÑ¤ß¤Î \"character set\" ¤¬¤¢¤ê¤Þ¤¹¡£Samba 3.0 ¤Ç¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¿·¤·¤¤¥ª¥×¥·¥ç¥ó \"unix charset\" ¤ËÃÖ¤´¹¤¨¤é¤ì¤Æ¤¤¤Þ¤¹¡£Samba ¤¬¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥à¤Î¥Õ¥¡¥¤¥ë̾¤ò¤É¤Î¤è¤¦¤Ë²ò¼á¤¹¤ë¤«¤òÀ©¸æ¤¹¤ë¤³¤Î¿·¤·¤¤¥ª¥×¥·¥ç¥ó¤Î¤¿¤á¤Ë¡¢´õ˾¤¹¤ëʸ»ú¥»¥Ã¥È¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£"
+
+#. Description
+#: ../samba-common.templates:3
+msgid "If you leave this option blank, your smb.conf will not be changed."
+msgstr "¤³¤Î¥ª¥×¥·¥ç¥ó¤ò¶õ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤È¡¢smb.conf ¤ÏÊѹ¹¤µ¤ì¤Þ¤»¤ó¡£"
+
+#. Description
+#: ../samba-common.templates:13
+msgid "Character Set for DOS clients"
+msgstr "DOS ¥¯¥é¥¤¥¢¥ó¥È¸þ¤±¤Îʸ»ú¥»¥Ã¥È"
+
+#. Description
+#: ../samba-common.templates:13
+msgid ""
+"You currently have a \"client code page\" set in your smb.conf. In Samba "
+"3.0, this option is replaced by the option \"dos charset\". Please specify "
+"the character set you wish to use for this new option. In most cases, the "
+"default chosen for you will be sufficient. Note that this option is not "
+"needed to support Windows clients, it is only for DOS clients. If you leave "
+"this option blank, your smb.conf will not be changed."
+msgstr "¸½ºß¡¢smb.conf ¤ËÀßÄêºÑ¤ß¤Î \"client code page\" ¤¬¤¢¤ê¤Þ¤¹¡£Samba 3.0 ¤Ç¤Ï¡¢¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï¿·¤·¤¤¥ª¥×¥·¥ç¥ó \"dos charset\" ¤ËÃÖ¤´¹¤¨¤é¤ì¤Æ¤¤¤Þ¤¹¡£¤³¤Î¿·¤·¤¤¥ª¥×¥·¥ç¥ó¤Î¤¿¤á¤Ë¡¢´õ˾¤¹¤ëʸ»ú¥»¥Ã¥È¤ò»ØÄꤷ¤Æ¤¯¤À¤µ¤¤¡£¤Û¤È¤ó¤É¤Î¾ì¹ç¡¢¥Ç¥Õ¥©¥ë¥È¤ÎÁªÂò¤Î¤Þ¤Þ¤Ç½½Ê¬¤Ç¤·¤ç¤¦¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤Ï Windows ¥¯¥é¥¤¥¢¥ó¥È¥µ¥Ý¡¼¥È¤Ë¤ÏɬÍפʤ¯¡¢DOS ¥¯¥é¥¤¥¢¥ó¥È¤Î¤ß¤Î¤¿¤á¤Ç¤¢¤ë¤³¤È¤òÃí°Õ¤·¤Æ¤ª¤¤Þ¤¹¡£¤³¤Î¥ª¥×¥·¥ç¥ó¤ò¶õ¤Î¤Þ¤Þ¤Ë¤¹¤ë¤È¡¢smb.conf ¤ÏÊѹ¹¤µ¤ì¤Þ¤»¤ó¡£"
+
+#. Description
+#: ../samba-common.templates:24
+msgid "Modify smb.conf to use WINS settings from DHCP?"
+msgstr "DHCP ¤«¤é WINS ÀßÄê¤ò»È¤¦¤è¤¦ smb.conf ¤òÊѹ¹¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:24
+msgid ""
+"If your computer gets IP address information from a DHCP server on the "
+"network, the DHCP server may also provide information about WINS servers "
+"(\"NetBIOS name servers\") present on the network. This requires a change "
+"to your smb.conf file so that DHCP-provided WINS settings will automatically "
+"be read from /etc/samba/dhcp.conf."
+msgstr "¤¢¤Ê¤¿¤Î¥³¥ó¥Ô¥å¡¼¥¿¤¬¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Î DHCP ¥µ¡¼¥Ð¤«¤é IP ¥¢¥É¥ì¥¹¾ðÊó¤ò¼èÆÀ¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢DHCP ¥µ¡¼¥Ð¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¾å¤Ë¤¢¤ë WINS ¥µ¡¼¥Ð (NetBIOS ¥Í¡¼¥à¥µ¡¼¥Ð) ¤Ë¤Ä¤¤¤Æ¤Î¾ðÊó¤òÄ󶡤¹¤ë¤³¤È¤â¤Ç¤¤Þ¤¹¡£DHCP ¤ÇÄ󶡤µ¤ì¤ë WINS ÀßÄê¤Ï /etc/samba/dhcp.conf ¤«¤é¼«Æ°Åª¤ËÆɤ߹þ¤Þ¤ì¤ë¤¿¤á¡¢smb.conf ¥Õ¥¡¥¤¥ë¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:24
+msgid ""
+"You must have the dhcp3-client package installed to take advantage of this "
+"feature."
+msgstr "¤³¤Îµ¡Ç½¤ò»È¤¦¤¿¤á¤Ë¤Ï¡¢dhcp3-client ¥Ñ¥Ã¥±¡¼¥¸¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:37
+msgid "Configure smb.conf through debconf?"
+msgstr "debconf ¤òÄ̤·¤Æ smb.conf ¤òÀßÄꤷ¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:37
+msgid ""
+"The rest of the configuration of Samba deals with questions that affect "
+"parameters in /etc/samba/smb.conf, which is the file used to configure the "
+"Samba programs (nmbd and smbd.) Your current smb.conf contains an 'include' "
+"line or an option that spans multiple lines, which could confuse debconf and "
+"require you to edit your smb.conf by hand to get it working again."
+msgstr "Samba ¤ÎÀßÄê¤Î»Ä¤ê¤ÎÉôʬ¤Ï¡¢Samba ¥×¥í¥°¥é¥à (nmbd ¤ª¤è¤Ó smbd) ¤òÀßÄꤹ¤ë¤Î¤Ë»È¤¦¥Õ¥¡¥¤¥ë /etc/samba/smb.conf ¤Ë¤¢¤ë¥Ñ¥é¥á¡¼¥¿¤Ë±Æ¶Á¤¹¤ë¼ÁÌä¤Ç¤¹¡£¸½ºß¤Î smb.conf ¤Ï¡¢'include' ¹Ô¤Þ¤¿¤ÏÊ£¿ô¹Ô¤Ë¤Þ¤¿¤¬¤ë¥ª¥×¥·¥ç¥ó¤ò´Þ¤ó¤Ç¤¤¤Þ¤¹¡£¤³¤ì¤Ï debconf ¤òº®Í𤵤»¤ë²ÄǽÀ¤¬¤¢¤ê¡¢ºÆ¤Ó debconf ¤¬ºîÆ°¤¹¤ë¤è¤¦¤Ë¤¹¤Ù¤¯ smb.conf ¤Î¼êÆ°¤Ç¤Î½¤Àµ¤òɬÍפȤ·¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:37
+msgid ""
+"If you don't use debconf to configure smb.conf, you will have to handle any "
+"configuration changes yourself, and will not be able to take advantage of "
+"periodic configuration enhancements. Therefore, use of debconf is "
+"recommended if possible."
+msgstr "smb.conf ¤ÎÀßÄê¤Ë debconf ¤ò»È¤ï¤Ê¤¤¾ì¹ç¡¢¤¹¤Ù¤Æ¤ÎÀßÄê¤ÎÊѹ¹¤ò¤¢¤Ê¤¿¼«¿È¤¬ÌÌÅݤò¸«¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤ÏÄê´üŪ¤ÊÀßÄê²þÁ±¤Ë¤Ï¸þ¤¤¤Æ¤¤¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢²Äǽ¤Ê¤é debconf ¤ò»È¤¦¤Î¤¬¤ª´«¤á¤Ç¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:52
+msgid "Workgroup/Domain Name?"
+msgstr "¥ï¡¼¥¯¥°¥ë¡¼¥×/¥É¥á¥¤¥ó̾¤Ï²¿¤Ç¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:52
+msgid ""
+"This controls what workgroup your server will appear to be in when queried "
+"by clients. Note that this parameter also controls the Domain name used with "
+"the security=domain setting."
+msgstr "¤³¤ì¤Ï¥¯¥é¥¤¥¢¥ó¥È¤«¤é¾È²ñ¤µ¤ì¤¿ºÝ¤Ë¤¢¤Ê¤¿¤Î¥µ¡¼¥Ð¤¬¸½¤ì¤ë¥ï¡¼¥¯¥°¥ë¡¼¥×¤òÀ©¸æ¤·¤Þ¤¹¡£¤³¤Î¥Ñ¥é¥á¡¼¥¿¤Ï security=domain ÀßÄ꤬»È¤ï¤ì¤¿¤È¤¤Î¥É¥á¥¤¥ó̾¤âÀ©¸æ¤·¤Þ¤¹¡£"
+
+#. Description
+#: ../samba-common.templates:60
+msgid "Use password encryption?"
+msgstr "¥Ñ¥¹¥ï¡¼¥É¤Î°Å¹æ²½¤ò»È¤¤¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba-common.templates:60
+msgid ""
+"Recent Windows clients communicate with SMB servers using encrypted "
+"passwords. If you want to use clear text passwords you will need to change a "
+"parameter in your Windows registry. It is recommended that you use encrypted "
+"passwords. If you do, make sure you have a valid /etc/samba/smbpasswd file "
+"and that you set passwords in there for each user using the smbpasswd "
+"command."
+msgstr "ºÇ¶á¤Î Windows ¥¯¥é¥¤¥¢¥ó¥È¤Ï°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤Ã¤Æ SMB ¥µ¡¼¥Ð¤È¤ä¤ê¼è¤ê¤·¤Þ¤¹¡£¥¯¥ê¥¢¥Æ¥¥¹¥È¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¤¤¿¤¤¾ì¹ç¤Ï¡¢¤¢¤Ê¤¿¤Î Windows ¤Î¥ì¥¸¥¹¥È¥ê¤Î¥Ñ¥é¥á¡¼¥¿¤òÊѹ¹¤¹¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¦¤³¤È¤ò¿ä¾©¤·¤Þ¤¹¡£¤³¤¦¤¹¤ë¾ì¹ç¡¢Í¸ú¤Ê /etc/samba/smbpasswd ¥Õ¥¡¥¤¥ë¤¬¤¢¤ë¤³¤È¤ò³Îǧ¤·¡¢³Æ¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤Ï smbpasswd ¥³¥Þ¥ó¥É¤ò»È¤Ã¤ÆÀßÄꤷ¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:4
+msgid "Create samba password database, /var/lib/samba/passdb.tdb?"
+msgstr "Samba ¥Ñ¥¹¥ï¡¼¥É¥Ç¡¼¥¿¥Ù¡¼¥¹ /var/lib/samba/passdb.tdb ¤òºîÀ®¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba.templates:4
+msgid ""
+"To be compatible with the defaults in most versions of Windows, Samba must "
+"be configured to use encrypted passwords. This requires user passwords to "
+"be stored in a file separate from /etc/passwd. This file can be created "
+"automatically, but the passwords must be added manually (by you or the user) "
+"by running smbpasswd, and you must arrange to keep it up-to-date in the "
+"future. If you do not create it, you will have to reconfigure samba (and "
+"probably your client machines) to use plaintext passwords. See /usr/share/"
+"doc/samba-doc/htmldocs/ENCRYPTION.html from the samba-doc package for more "
+"details."
+msgstr "Windows ¤Î¤Û¤È¤ó¤É¤Î¥Ð¡¼¥¸¥ç¥ó¤Î¥Ç¥Õ¥©¥ë¥È¤È¸ß´¹À¤òÊݤĤ¿¤á¡¢Samba ¤Ï°Å¹æ²½¤µ¤ì¤¿¥Ñ¥¹¥ï¡¼¥É¤ò»È¤Ã¤ÆÀßÄꤵ¤ì¤Þ¤¹¡£¤³¤ì¤Ï¥æ¡¼¥¶¤Î¥Ñ¥¹¥ï¡¼¥É¤ò /etc/passwd ¤È¤ÏÊ̤Υե¡¥¤¥ë¤Ë³ÊǼ¤¹¤ë¤³¤È¤òɬÍפȤ·¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¼«Æ°Åª¤ËºîÀ®¤¹¤ë¤³¤È¤¬¤Ç¤¤Þ¤¹¤¬¡¢¥Ñ¥¹¥ï¡¼¥É¤Ï smbpasswd ¤ò¼Â¹Ô¤·¤Æ¼êÆ°¤Ç (¤¢¤Ê¤¿¤¢¤ë¤¤¤Ï¥æ¡¼¥¶¤¬) Äɲ䷤ʤ±¤ì¤Ð¤Ê¤é¤º¡¢¾Íè¤ËÅϤäƺǿ·¾õÂÖ¤òÊݤÁ³¤±¤ë¤è¤¦À°¤¨¤Æ¤ª¤¯É¬Íפ¬¤¢¤ê¤Þ¤¹¡£¤³¤Î¥Õ¥¡¥¤¥ë¤òºîÀ®¤·¤Ê¤¤¾ì¹ç¡¢¥×¥ì¥¤¥ó¥Æ¥¥¹¥È¥Ñ¥¹¥ï¡¼¥É¤ò»È¤¦¤è¤¦ Samba (¤ª¤è¤Ó¤ª¤½¤é¤¯¤¢¤Ê¤¿¤Î¥¯¥é¥¤¥¢¥ó¥È¥Þ¥·¥ó) ¤ÎºÆÀßÄ꤬ɬÍפǤ¹¡£¾ÜºÙ¤Ë¤Ä¤¤¤Æ¤Ï¡¢samba-doc ¥Ñ¥Ã¥±¡¼¥¸¤Ë¤¢¤ë /usr/share/doc/samba-doc/htmldocs/ENCRYPTION.html ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid "Samba's log files have moved."
+msgstr "Samba ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ï°ÜÆ°¤µ¤ì¤Þ¤·¤¿¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid ""
+"Starting with the first packages of Samba 2.2 for Debian the log files for "
+"both Samba daemons (nmbd and smbd) are now stored in /var/log/samba/. The "
+"names of the files are log.nmbd and log.smbd, for nmbd and smbd respectively."
+msgstr "Debian ¸þ¤±¤Î Samba 2.2 ¤Î½é´ü¥Ñ¥Ã¥±¡¼¥¸¤«¤é¡¢Î¾ Samba ¥Ç¡¼¥â¥ó (nmbd ¤ª¤è¤Ó smbd) ¤Î¥í¥°¥Õ¥¡¥¤¥ë¤Ï /var/log/samba ¤Ë³ÊǼ¤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¥Õ¥¡¥¤¥ë̾¤Ï nmbd ¤È smbd ¤ÇÊ̸Ĥˤʤë¤è¤¦¡¢log.nmbd ¤ª¤è¤Ó log.smbd ¤È¤Ê¤ê¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:17
+msgid ""
+"The old log files that were in /var/log/ will be moved to the new location "
+"for you."
+msgstr "/var/log/ ¤Ë¤¢¤Ã¤¿¸Å¤¤¥í¥°¥Õ¥¡¥¤¥ë¤Ï¿·¤·¤¤¾ì½ê¤Ë°ÜÆ°¤µ¤ì¤Þ¤¹¡£"
+
+#. Description
+#: ../samba.templates:28
+msgid "Running nmbd from inetd is no longer supported"
+msgstr "inetd ¤«¤é¤Î nmbd ¤Î¼Â¹Ô¤Ï¤â¤¦¥µ¥Ý¡¼¥È¤µ¤ì¤Þ¤»¤ó"
+
+#. Description
+#: ../samba.templates:28
+msgid ""
+"Your system was previously configured to start nmbd and smbd from inetd. As "
+"of version 2.999+3.0.alpha20-4, nmbd will no longer be started from inetd. "
+"If you have modified your /etc/init.d/samba startup script, you may need to "
+"adjust it by hand now so that nmbd will start."
+msgstr "¤¢¤Ê¤¿¤Î¥·¥¹¥Æ¥à¤Ë¤Ï inetd ¤«¤é nmbd ¤ª¤è¤Ó smbd ¤òµ¯Æ°¤¹¤ë°ÊÁ°¤ÎÀßÄ꤬¤¢¤ê¤Þ¤¹¡£¥Ð¡¼¥¸¥ç¥ó 2.999+3.0.alpha20-4 °Ê¹ß¤Ç¤Ï¡¢nmbd ¤Ï inetd ¤«¤é¤Ï¤â¤¦µ¯Æ°¤·¤Þ¤»¤ó¡£/etc/init.d/samba ¥¹¥¿¡¼¥È¥¢¥Ã¥×¥¹¥¯¥ê¥×¥È¤òÊѹ¹¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢nmbd ¤¬µ¯Æ°¤¹¤ë¤è¤¦¼êÆ°¤ÇÄ´À°¤¹¤ëɬÍפ¬¤¢¤ë¤Ç¤·¤ç¤¦¡£"
+
+#. Choices
+#: ../samba.templates:36
+msgid "daemons, inetd"
+msgstr "¥Ç¡¼¥â¥ó, inetd"
+
+#. Description
+#: ../samba.templates:38
+msgid "How do you want to run Samba?"
+msgstr "¤É¤Î¤è¤¦¤Ë Samba ¤ò¼Â¹Ô¤·¤¿¤¤¤Ç¤¹¤«?"
+
+#. Description
+#: ../samba.templates:38
+msgid ""
+"The Samba daemon smbd can run as a normal daemon or from inetd. Running as a "
+"daemon is the recommended approach."
+msgstr "Samba ¥Ç¡¼¥â¥ó smbd ¤ÏÄ̾ï¤Î¥Ç¡¼¥â¥ó¤È¤·¤Æ¤Î¼Â¹Ô¤Þ¤¿¤Ï inetd ¤«¤é¤Î¼Â¹Ô¤¬¤Ç¤¤Þ¤¹¡£¥Ç¡¼¥â¥ó¤È¤·¤Æ¼Â¹Ô¤¹¤ë¤Î¤¬¤ª´«¤á¤Î¼êÃʤǤ¹¡£"
+
+#. Description
+#: ../samba.templates:45
+msgid "Move /etc/samba/smbpasswd to /var/lib/samba/passdb.tdb?"
+msgstr "/etc/samba/smbpasswd ¤ò /var/lib/samba/passdb.tdb ¤Ë°ÜÆ°¤·¤Þ¤¹¤«?"
+
+#. Description
+#: ../samba.templates:45
+msgid ""
+"Samba 3.0 introduces a newer, more complete SAM database interface which "
+"supersedes the /etc/samba/smbpasswd file. Would you like your existing "
+"smbpasswd file to be migrated to /var/lib/samba/passdb.tdb for you? If you "
+"plan to use another pdb backend (e.g., LDAP) instead, you should answer 'no' "
+"here."
+msgstr "Samba 3.0 ¤Ç¤Ï¡¢/etc/samba/smbpasswd ¥Õ¥¡¥¤¥ë¤ËÂå¤ï¤ë¡¢¤è¤ê¿·¤·¤¤¡¢¤è¤ê´°Á´¤Ê SAM ¥Ç¡¼¥¿¥Ù¡¼¥¹¥¤¥ó¥¿¡¼¥Õ¥§¥¤¥¹¤¬Æ³Æþ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£´û¸¤Î smbpasswd ¥Õ¥¡¥¤¥ë¤ò /var/lib/samba/passdb.tdb ¤Ë°Ü¹Ô¤·¤Þ¤¹¤«? Ê̤Πpdb ¥Ð¥Ã¥¯¥¨¥ó¥É (LDAP ¤Ê¤É) ¤òÂå¤ï¤ê¤Ë·×²è¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¤³¤³¤Ç¤Ï '¤¤¤¤¤¨' ¤ÈÅú¤¨¤ë¤Ù¤¤Ç¤¹¡£"
+
+#. Description
+#: ../swat.templates:3
+msgid "Your smb.conf will be re-written!"
+msgstr "¤¢¤Ê¤¿¤Î smb.conf ¤Ï½ñ¤Ä¾¤µ¤ì¤Þ¤¹!"
+
+#. Description
+#: ../swat.templates:3
+msgid ""
+"SWAT will rewrite your smb.conf file. It will rearrange the entries and "
+"delete all comments, include= and copy= options. If you have a carefully "
+"crafted smb.conf then back it up or don't use SWAT!"
+msgstr "SWAT ¤Ï¤¢¤Ê¤¿¤Î smb.conf ¥Õ¥¡¥¤¥ë¤ò½ñ¤Ä¾¤·¤Þ¤¹¡£SWAT ¤Ï¥¨¥ó¥È¥ê¤òºÆÊÔÀ®¤·¡¢¤¹¤Ù¤Æ¤Î¥³¥á¥ó¥È¤ª¤è¤Ó include= ¤È copy= ¥ª¥×¥·¥ç¥ó¤òºï½ü¤·¤Þ¤¹¡£¿µ½Å¤ËºîÀ®¤µ¤ì¤¿ smb.conf ¤ò»ý¤Ã¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¥Ð¥Ã¥¯¥¢¥Ã¥×¤·¤Æ¤ª¤¯¤«¡¢SWAT ¤ò»È¤ï¤Ê¤¤¤Ç¤¯¤À¤µ¤¤!"
DESTDIR=`pwd`/debian/tmp
-SWATDIR=`pwd`/debian/swat
-
-IVARS = BASEDIR=$(DESTDIR)/usr \
- prefix=$(DESTDIR)/usr \
- BINDIR=$(DESTDIR)/usr/bin \
- SBINDIR=$(DESTDIR)/usr/sbin \
- MANDIR=$(DESTDIR)/usr/share/man \
- LIBDIR=$(DESTDIR)/usr/lib/samba \
- VARDIR=$(DESTDIR)/var \
- INCLUDEDIR=$(DESTDIR)/usr/include \
- SWATDIR=$(SWATDIR)/usr/share/samba/swat \
- CODEPAGEDIR=$(DESTDIR)/usr/share/samba/ \
- PRIVATEDIR=$(DESTDIR)/etc/samba \
- CONFIGDIR=$(DESTDIR)/etc/samba
patch: patch-stamp
patch-stamp:
--sysconfdir=/etc \
--libdir=/etc/samba \
--with-privatedir=/etc/samba \
+ --with-piddir=/var/run/samba \
--localstatedir=/var \
--with-netatalk \
--with-smbmount \
$(DESTDIR)/usr/lib/python2.3/site-packages
# Add here commands to install the package into debian/tmp.
- $(MAKE) -C source install $(IVARS)
+ $(MAKE) -C source install DESTDIR=$(DESTDIR)
# libsmbclient files are not installed by the standard
# 'make install' - do it manually.
- $(MAKE) -C source installclientlib $(IVARS)
+ $(MAKE) -C source installclientlib DESTDIR=$(DESTDIR)
mv $(DESTDIR)/usr/lib/libsmbclient.so $(DESTDIR)/usr/lib/libsmbclient.so.0.1
ln -s libsmbclient.so.0.1 $(DESTDIR)/usr/lib/libsmbclient.so.0
ln -s libsmbclient.so.0.1 $(DESTDIR)/usr/lib/libsmbclient.so
# right location in the libpam-smbpass package.
install -m 0644 source/bin/pam_smbpass.so $(DESTDIR)/lib/security/
- # Create the symlink that will allow us to do "mount -t smbfs ...".
- # Create also a symlink that will allow "mount -t smb ..." to
- # work too. The symlink is created in $(DESTDIR)/sbin/ but
- # will be moved by dh_movefiles to the smbfs package later on.
+ # Create the symlinks that will allow us to do "mount -t smbfs ..."
+ # and "mount -t smb ...". Note that the source/script/installbin.sh
+ # tries to create the first symlink, but we have commented
+ # that code out and do everything here. We also create
+ # symlinks for the man pages.
ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smbfs
ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smb
ln -s smbmount.8 $(DESTDIR)/usr/share/man/man8/mount.smb.8
# Install man pages for files without man pages in the upstream sources
install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8
+ # We don't provide the "Using Samba" book in the swat package.
+ # It's provided in the samba-doc package so in the swat package
+ # we just provide a symlink to the real book.
+ ln -s ../../doc/samba-doc/htmldocs/using_samba \
+ $(DESTDIR)/usr/share/samba/swat/using_samba
+
# Delete unwanted stuff leftover from "make install"
# The smbwrapper package is not being generated anymore, so we must
/^\[global\]/,/^[[:space:]]*\[/ {
s/^[[:space:]]*$1[[:space:]]*=[[:space:]]*//pi
}" $FILE \
- | tail -1
+ | tail -n 1
}
FILE=/etc/samba/smb.conf
#!/bin/sh
+SAMBA_DHCP_CONF=/etc/samba/dhcp.conf
+
netbios_setup() {
# No need to continue if we're called with an unsupported option
return
fi
+ # Nor should we continue if no settings have changed
+ if [ "$new_netbios_name_servers" = "$old_netbios_name_servers" ] \
+ && [ "$new_netbios_scope" = "$old_netbios_scope" ]
+ then
+ return
+ fi
+
+ # reparse our own file
+ local other_servers=`sed -n -e"s/[[:space:]]$interface:[^[:space:]]*//g; \
+ s/^[[:space:]]*wins server[[:space:]]*=[[:space:]]*//pi" \
+ $SAMBA_DHCP_CONF`
+
umask 022
- if [ -z "$new_netbios_name_servers" ] || [ "$reason" = FAIL ] \
- || [ "$reason" = EXPIRE ]
+ local serverlist="$other_servers"
+ for server in $new_netbios_name_servers
+ do
+ serverlist="$serverlist $interface:$server"
+ done
+
+ echo -n > $SAMBA_DHCP_CONF
+
+ # If we're updating on failure/expire, AND there are no WINS
+ # servers for other interfaces, leave the file empty.
+ if [ -z "$other_servers" ]
+ then
+ if [ "$reason" = FAIL ] || [ "$reason" = EXPIRE ]
+ then
+ return
+ fi
+ fi
+
+ if [ -n "$serverlist" ]
then
- # FIXME: add sed magic to only remove wins servers
- # associated with this interface
- echo -n > /etc/samba/dhcp.conf
- elif [ "$new_netbios_name_servers" != "$old_netbios_name_servers" ]
+ echo " wins server =$serverlist" >> $SAMBA_DHCP_CONF
+ fi
+ if [ -n "$new_netbios_scope" ]
then
- local serverlist=""
- for server in $new_netbios_name_servers
- do
- serverlist="$serverlist $interface:$server"
- done
- # FIXME: add sed magic to only update wins servers
- # associated with this interface
- echo " wins server =$serverlist" > /etc/samba/dhcp.conf
+ echo " netbios scope = $new_netbios_scope" >> $SAMBA_DHCP_CONF
fi
}
usr/share/man/man7/samba.7
usr/share/man/man8/net.8
usr/share/man/man8/smbpasswd.8
-usr/share/samba/
+usr/share/samba/lowcase.dat
+usr/share/samba/panic-action
+usr/share/samba/smb.conf
+usr/share/samba/upcase.dat
+usr/share/samba/valid.dat
/^\[global\]/,/^[[:space:]]*\[/ {
s/^[[:space:]]*$1[[:space:]]*=[[:space:]]*//pi
}" $FILE \
- | tail -1
+ | tail -n 1
}
FILE=/etc/samba/smb.conf
/^\[global\]/,/^[[:space:]]*\[/ \
s/^[[:space:]]*passdb backend[[:space:]]*=[[:space:]]*//pi" \
< /etc/samba/smb.conf \
- | tail -1`
+ | tail -n 1`
if echo "$PASSDB" | egrep -q "(^|[[:space:]])smbpasswd"; then
if ! echo "$PASSDB" | egrep -q "(^|[[:space:]])tdbsam"; then
PASSDB=`echo $PASSDB | sed -e's/\(^\|[[:space:]]\)smbpasswd/\1tdbsam/'`
usr/sbin/swat
+usr/share/samba/swat
usr/share/man/man8/swat.8
usr/sbin/winbindd
usr/bin/wbinfo
+usr/bin/ntlm_auth
usr/share/man/man1/wbinfo.1
+usr/share/man/man1/ntlm_auth.1
usr/share/man/man8/winbindd.8
lib/security/pam_winbind.so
lib/libnss_winbind.so.2
# this tells Samba to use a separate log file for each machine
# that connects
- log file = /var/log/samba/log.%m
+ #log file = /var/log/samba/log.%m
+# all information in one file
+ log file = /var/log/samba/log.smbd
# Put a capping on the size of the log files (in Kb).
max log size = 50
installman installswat installdat installmodules
cd ..
+## work around a temporary bug in the installswat script
+## copy the images
+mv docs/htmldocs/images $RPM_BUILD_ROOT/%{prefix}/share/swat/help
+
+## don't duplicate the docs. These are installed with SWAT
+rm -rf docs/htmldocs
+rm -rf docs/manpages
+( cd docs; ln -s %{prefix}/share/swat/help htmldocs )
+
+
+
# Install the nsswitch wins library
install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib
( cd $RPM_BUILD_ROOT/lib; ln -sf libnss_wins.so libnss_wins.so.2 )
# this tells Samba to use a separate log file for each machine
# that connects
- log file = /var/log/samba/log.%m
+ # log file = /var/log/samba/log.%m
+# all log information in one file
+ log file = /var/log/samba/smbd.log
# Put a capping on the size of the log files (in Kb).
max log size = 50
KILLALL=/sbin/killall
SAMBAD=/usr/samba/bin/smbd
+PROFILE_SAMBAD=/usr/samba/bin/smbd.profile
#SAMBA_OPTS=-d2
NMBD=/usr/samba/bin/nmbd
+PROFILE_NMBD=/usr/samba/bin/nmbd.profile
#NMBD_OPTS=-d1
+SMBCONTROL=/usr/samba/bin/smbcontrol
+
if test ! -x $IS_ON ; then
IS_ON=true
fi
ECHO=:
fi
+if $IS_ON sambaprofiling ; then
+ enable_profiling=yes
+fi
+
+if test "$enable_profiling" -o "$1" = "profile" ; then
+ SAMBAD=$PROFILE_SAMBAD
+ NMBD=$PROFILE_NMBD
+ enable_profiling="yes"
+fi
+
case $1 in
-'start')
+start|profile)
if $IS_ON samba && test -x $SAMBAD; then
- $KILLALL -15 smbd nmbd
+ /etc/init.d/samba stop
$ECHO "Samba:\c"
$SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c"
$NMBD $NMBD_OPTS -D; $ECHO " nmbd\c"
$ECHO "."
fi
+ if $IS_ON samba && test "$enable_profiling" ; then
+ if test -x $SMBCONTROL; then
+ $ECHO "Enabling Samba profiling."
+ $SMBCONTROL smbd profile on > /dev/null 2>&1
+ $SMBCONTROL nmbd profile on > /dev/null 2>&1
+ fi
+ $KILLALL -HUP pmcd
+ fi
;;
-'stop')
+stop)
$ECHO "Stopping Samba Servers."
$KILLALL -15 smbd nmbd
+ $KILLALL -15 smbd.profile nmbd.profile
+ $KILLALL -15 pmdasamba
exit 0
;;
*)
- echo "usage: /etc/init.d/samba {start|stop}"
+ echo "usage: /etc/init.d/samba {start|stop|profile}"
;;
esac
EOF
$ENV{'PATH'} = join(':',@PATH);
-if ($#ARGV < 3) {
- print STDERR "usage: $PROG printer file user system\n";
+ print "$#ARGV ".scalar(@ARGV)."\n";
+if (scalar(@ARGV) < 2) {
+ print STDERR "usage: $PROG printer file [user] [system]\n";
exit;
}
$user = $ARGV[2];
$system = $ARGV[3];
+$user = "nobody" unless($user);
+$system = `hostname` unless($system);
+
open(LPSTAT,"/usr/bin/lpstat -t|") || die("Can't get printer list.\n");
@printers = ();
while (<LPSTAT>) {
IDMAPLIBDIR = $(LIBDIR)/idmap
CHARSETLIBDIR = $(LIBDIR)/charset
AUTHLIBDIR = $(LIBDIR)/auth
-CONFIGLIBDIR = $(LIBDIR)/config
CONFIGDIR = @configdir@
VARDIR = @localstatedir@
MANDIR = @mandir@
IDMAP_MODULES = @IDMAP_MODULES@
CHARSET_MODULES = @CHARSET_MODULES@
AUTH_MODULES = @AUTH_MODULES@
-CONFIG_MODULES = @CONFIG_MODULES@
-MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES) $(CONFIG_MODULES)
+MODULES = $(VFS_MODULES) $(PDB_MODULES) $(RPC_MODULES) $(IDMAP_MODULES) $(CHARSET_MODULES) $(AUTH_MODULES)
######################################################################
# object file lists
TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o
TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o tdb/tdbback.o
-SMBLDAP_OBJ = @SMBLDAP@ @SMBLDAPUTIL@
+SMBLDAP_OBJ = @SMBLDAP@
LIB_OBJ = lib/version.o lib/charcnv.o lib/debug.o lib/fault.o \
lib/getsmbpass.o lib/interface.o lib/md4.o \
lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \
lib/adt_tree.o lib/gencache.o $(TDB_OBJ) \
lib/module.o lib/ldap_escape.o @CHARSET_STATIC@ \
- lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o \
- lib/genparser.o lib/genparser_samba.o
+ lib/privileges.o lib/secdesc.o lib/secace.o lib/secacl.o
LIB_SMBD_OBJ = lib/system_smbd.o lib/util_smbd.o
UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \
ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o
-PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o param/modconf.o
+PARAM_OBJ = dynconfig.o param/loadparm.o param/params.o
KRBCLIENT_OBJ = libads/kerberos.o libads/ads_status.o
rpc_client/cli_reg.o rpc_client/cli_pipe.o \
rpc_client/cli_spoolss.o rpc_client/cli_spoolss_notify.o \
rpc_client/cli_ds.o rpc_client/cli_echo.o \
- rpc_client/cli_shutdown.o rpc_client/cli_epmapper.o
+ rpc_client/cli_shutdown.o
REGOBJS_OBJ = registry/reg_objects.o
REGISTRY_OBJ = registry/reg_frontend.o registry/reg_cachehook.o registry/reg_printing.o \
RPC_ECHO_OBJ = rpc_server/srv_echo.o rpc_server/srv_echo_nt.o
-RPC_EPMAPPER_OBJ = rpc_server/srv_epmapper.o rpc_server/srv_epmapper_nt.o
-
RPC_SERVER_OBJ = @RPC_STATIC@ $(RPC_PIPE_OBJ)
# this includes only the low level parse code, not stuff
rpc_parse/parse_wks.o rpc_parse/parse_ds.o \
rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o \
rpc_parse/parse_echo.o rpc_parse/parse_shutdown.o \
- rpc_parse/parse_epmapper.o $(REGOBJS_OBJ)
+ $(REGOBJS_OBJ)
RPC_CLIENT_OBJ = rpc_client/cli_pipe.o
LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o smbd/tdbutil.o
-GUMS_OBJ = sam/gums.o sam/gums_api.o sam/gums_helper.o @GUMS_STATIC@
-
PASSDB_GET_SET_OBJ = passdb/pdb_get_set.o
PASSDB_OBJ = $(PASSDB_GET_SET_OBJ) passdb/passdb.o passdb/pdb_interface.o \
MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o
-CONFIG_LDAP_OBJ = param/config_ldap.o
-
SMBD_OBJ_MAIN = smbd/server.o
BUILDOPT_OBJ = smbd/build_options.o
$(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \
$(SMBLDAP_OBJ) $(RPC_PARSE_OBJ) $(LIBMSRPC_OBJ) lib/dummyroot.o
-PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) \
+PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(PASSDB_OBJ) $(LIBSAMBA_OBJ) \
$(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) $(GROUPDB_OBJ) $(SECRETS_OBJ) \
- $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) $(KRBCLIENT_OBJ) $(RPC_PARSE_OBJ) lib/dummyroot.o
+ $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) lib/dummyroot.o
SMBGET_OBJ = utils/smbget.o $(POPT_LIB_OBJ) $(LIBSMBCLIENT_OBJ) $(SECRETS_OBJ)
rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \
rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \
rpcclient/display_sec.o rpcclient/cmd_ds.o \
- rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o \
- rpcclient/cmd_epmapper.o
+ rpcclient/cmd_echo.o rpcclient/cmd_shutdown.o
RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \
$(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_NONSMBD_OBJ) \
utils/net_rap.o utils/net_rpc.o utils/net_rpc_samsync.o \
utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \
utils/net_cache.o utils/net_groupmap.o utils/net_idmap.o \
- utils/net_status.o utils/net_privileges.o
+ utils/net_status.o
NET_OBJ = $(NET_OBJ1) $(PARAM_OBJ) $(SECRETS_OBJ) $(LIBSMB_OBJ) \
$(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ) \
$(PASSDB_OBJ) $(GROUPDB_OBJ) $(MSDFS_OBJ) \
$(READLINE_OBJ) $(PROFILE_OBJ) $(LIBADS_OBJ) $(LIBADS_SERVER_OBJ) \
$(LIB_SMBD_OBJ) $(AUTH_SAM_OBJ) $(REGISTRY_OBJ) $(POPT_LIB_OBJ) \
- $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) \
- $(RPC_LSA_DS_OBJ) $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) \
- $(RPC_SPOOLSS_OBJ) $(RPC_ECHO_OBJ) $(RPC_EPMAPPER_OBJ) \
- $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o
+ $(RPC_LSA_OBJ) $(RPC_NETLOG_OBJ) $(RPC_SAMR_OBJ) $(RPC_REG_OBJ) $(RPC_LSA_DS_OBJ) \
+ $(RPC_SVC_OBJ) $(RPC_WKS_OBJ) $(RPC_DFS_OBJ) $(RPC_SPOOLSS_OBJ) \
+ $(RPC_ECHO_OBJ) $(SMBLDAP_OBJ) $(IDMAP_OBJ) libsmb/spnego.o libsmb/passchange.o
WINBIND_WINS_NSS_OBJ = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) \
$(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ)
nsswitch/winbindd_wins.o \
nsswitch/winbindd_rpc.o \
nsswitch/winbindd_ads.o \
- nsswitch/winbindd_passdb.o \
nsswitch/winbindd_dual.o \
nsswitch/winbindd_acct.o
bin/pdbedit@EXEEXT@: $(PDBEDIT_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
- @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS) $(KRB5LIBS)
+ @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) @POPTLIBS@ $(PASSDB_LIBS) $(LDAP_LIBS)
bin/smbget@EXEEXT@: $(SMBGET_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_ECHO_OBJ) -lc \
@SONAMEFLAG@`basename $@`
-bin/librpc_epmapper.@SHLIBEXT@: $(RPC_EPMAPPER_OBJ)
- @echo "Linking $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(RPC_EPMAPPER_OBJ) -lc \
- @SONAMEFLAG@`basename $@`
-
bin/winbindd@EXEEXT@: $(WINBINDD_OBJ) @BUILD_POPT@ bin/.dummy
@echo "Linking $@"
@$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) @POPTLIBS@ $(KRB5LIBS) $(LDAP_LIBS) $(PASSDB_LIBS)
@$(SHLD) $(LDSHFLAGS) -o $@ $(VFS_CAP_OBJ:.o=.@PICSUFFIX@) \
@SONAMEFLAG@`basename $@`
-bin/config_ldap.@SHLIBEXT@: $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@)
- @echo "Building plugin $@"
- @$(SHLD) $(LDSHFLAGS) -o $@ $(CONFIG_LDAP_OBJ:.o=.@PICSUFFIX@) \
- @SMBLDAP@ @LDAP_LIBS@ @SONAMEFLAG@`basename $@`
-
bin/wbinfo@EXEEXT@: $(WBINFO_OBJ) @BUILD_POPT@ bin/.dummy
@echo Linking $@
@$(LINK) -o $@ $(WBINFO_OBJ) $(LIBS) @POPTLIBS@
-h _NET_PROTO_H_ $(builddir)/utils/net_proto.h \
$(NET_OBJ1)
-include/tdbsam2_parse_info.h:
- @if test -n "$(PERL)"; then \
- cd $(srcdir) && @PERL@ -w script/genstruct.pl \
- -o include/tdbsam2_parse_info.h $(CC) -E -O2 -g \
- include/gums.h; \
- else \
- echo Unable to build $@, continuing; \
- fi
-
# "make headers" or "make proto" calls a subshell because we need to
# make sure these commands are executed in sequence even for a
# parallel make.
$(MAKE) nsswitch/winbindd_proto.h; \
$(MAKE) web/swat_proto.h; \
$(MAKE) client/client_proto.h; \
- $(MAKE) utils/net_proto.h;
-
-prebuiltheaders:
- $(MAKE) include/tdbsam2_parse_info.h
-
-genparse: prebuiltheaders
+ $(MAKE) utils/net_proto.h
proto: headers
# -> "3.0.0" #
########################################################
SAMBA_VERSION_MAJOR=3
-SAMBA_VERSION_MINOR=1
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_MINOR=0
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
########################################################
-SAMBA_VERSION_PRE_RELEASE=
+SAMBA_VERSION_PRE_RELEASE=2
########################################################
# For 'rc' releases the version will be #
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=1
+SAMBA_VERSION_ALPHA_RELEASE=
########################################################
# For 'test' releases the version will be #
return nt_status;
}
-/***************************************************************************
-Fill a server_info struct from a SAM_ACCOUNT with its privileges
-***************************************************************************/
-
-static NTSTATUS add_privileges(auth_serversupplied_info **server_info)
-{
- PRIVILEGE_SET *privs = NULL;
-
- init_privilege(&privs);
- if (!pdb_get_privilege_set((*server_info)->ptok, privs))
- DEBUG(1, ("Could not add privileges\n"));
-
- (*server_info)->privs = privs;
-
- return NT_STATUS_OK;
-}
-
/***************************************************************************
Make (and fill) a user_info struct from a SAM_ACCOUNT
***************************************************************************/
return nt_status;
}
- if (!NT_STATUS_IS_OK(nt_status = add_privileges(server_info))) {
- free_server_info(server_info);
- return nt_status;
- }
-
(*server_info)->sam_fill_level = SAM_FILL_ALL;
DEBUG(5,("make_server_info_sam: made server info for user %s -> %s\n",
pdb_get_username(sampass),
-debug2html
+*.so
.dummy
-editreg
.libs
+debug2html
+editreg
locktest
locktest2
log2pcap
smbtorture
smbtree
smbumount
-*.so
swat
+t_push_ucs2
+t_snprintf
+t_strcmp
+t_stringoverflow
talloctort
tdbbackup
tdbdump
testparm
testprns
-t_push_ucs2
-t_snprintf
-t_strcmp
-t_stringoverflow
vfstest
wbinfo
winbindd
#include <fcntl.h>
#define MOUNT_CIFS_VERSION_MAJOR "1"
-#define MOUNT_CIFS_VERSION_MINOR "0"
+#define MOUNT_CIFS_VERSION_MINOR "1"
#ifndef MOUNT_CIFS_VENDOR_SUFFIX
#define MOUNT_CIFS_VENDOR_SUFFIX ""
#endif
+#ifndef MS_MOVE
+#define MS_MOVE 8192
+#endif
+
char * thisprogram;
int verboseflag = 0;
static int got_password = 0;
return rc;
}
-static int parse_options(char * options)
+static int parse_options(char * options, int * filesys_flags)
{
char * data;
char * percent_char = 0;
if (strcmp (data, "fmask") == 0) {
printf ("WARNING: CIFS mount option 'fmask' is deprecated. Use 'file_mode' instead.\n");
- data = "file_mode";
+ data = "file_mode"; /* BB fix this */
}
} else if (strcmp(data, "dir_mode") == 0 || strcmp(data, "dmask")==0) {
if (!value || !*value) {
printf ("WARNING: CIFS mount option 'dmask' is deprecated. Use 'dir_mode' instead.\n");
data = "dir_mode";
}
+ /* the following eight mount options should be
+ stripped out from what is passed into the kernel
+ since these eight options are best passed as the
+ mount flags rather than redundantly to the kernel
+ and could generate spurious warnings depending on the
+ level of the corresponding cifs vfs kernel code */
+ } else if (strncmp(data, "nosuid", 6) == 0) {
+ *filesys_flags |= MS_NOSUID;
+ } else if (strncmp(data, "suid", 4) == 0) {
+ *filesys_flags &= ~MS_NOSUID;
+ } else if (strncmp(data, "nodev", 5) == 0) {
+ *filesys_flags |= MS_NODEV;
+ } else if (strncmp(data, "dev", 3) == 0) {
+ *filesys_flags &= ~MS_NODEV;
+ } else if (strncmp(data, "noexec", 6) == 0) {
+ *filesys_flags |= MS_NOEXEC;
+ } else if (strncmp(data, "exec", 4) == 0) {
+ *filesys_flags &= ~MS_NOEXEC;
+ } else if (strncmp(data, "ro", 2) == 0) {
+ *filesys_flags |= MS_RDONLY;
+ } else if (strncmp(data, "rw", 2) == 0) {
+ *filesys_flags &= ~MS_RDONLY;
} /* else if (strnicmp(data, "port", 4) == 0) {
- if (value && *value) {
- vol->port =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "rsize", 5) == 0) {
- if (value && *value) {
- vol->rsize =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "wsize", 5) == 0) {
- if (value && *value) {
- vol->wsize =
- simple_strtoul(value, &value, 0);
- }
- } else if (strnicmp(data, "version", 3) == 0) {
-
- } else if (strnicmp(data, "rw", 2) == 0) {
-
- } else
- printf("CIFS: Unknown mount option %s\n",data); */
+ if (value && *value) {
+ vol->port =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "rsize", 5) == 0) {
+ if (value && *value) {
+ vol->rsize =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "wsize", 5) == 0) {
+ if (value && *value) {
+ vol->wsize =
+ simple_strtoul(value, &value, 0);
+ }
+ } else if (strnicmp(data, "version", 3) == 0) {
+ } else {
+ printf("CIFS: Unknown mount option %s\n",data);
+ } */ /* nothing to do on those four mount options above.
+ Just pass to kernel and ignore them here */
- /* move to next option */
+ /* move to next option */
data = next_keyword+1;
/* put overwritten equals sign back */
value--;
*value = '=';
}
-
+
/* put previous overwritten comma back */
if(next_keyword)
*next_keyword = ',';
static struct option longopts[] = {
{ "all", 0, 0, 'a' },
- { "help", 0, 0, 'h' },
+ { "help",0, 0, 'h' },
+ { "move",0, 0, 'm' },
+ { "bind",0, 0, 'b' },
{ "read-only", 0, 0, 'r' },
{ "ro", 0, 0, 'r' },
{ "verbose", 0, 0, 'v' },
{ "read-write", 0, 0, 'w' },
{ "rw", 0, 0, 'w' },
{ "options", 1, 0, 'o' },
- { "types", 1, 0, 't' },
+ { "type", 1, 0, 't' },
{ "rsize",1, 0, 'R' },
{ "wsize",1, 0, 'W' },
{ "uid", 1, 0, '1'},
{ "gid", 1, 0, '2'},
- { "uuid",1,0,'U' },
{ "user",1,0,'u'},
{ "username",1,0,'u'},
{ "dom",1,0,'d'},
{ "pass",1,0,'p'},
{ "credentials",1,0,'c'},
{ "port",1,0,'P'},
+ /* { "uuid",1,0,'U'}, */ /* BB unimplemented */
{ NULL, 0, 0, 0 }
};
int main(int argc, char ** argv)
{
int c;
- int flags = MS_MANDLOCK | MS_MGC_VAL;
+ int flags = MS_MANDLOCK; /* no need to set legacy MS_MGC_VAL */
char * orgoptions = NULL;
char * share_name = NULL;
char * domain_name = NULL;
case 'n':
++nomtab;
break;
+ case 'b':
+ flags |= MS_BIND;
+ break;
+ case 'm':
+ flags |= MS_MOVE;
+ break;
case 'o':
orgoptions = strdup(optarg);
break;
ipaddr = parse_server(share_name);
- if (orgoptions && parse_options(orgoptions))
+ if (orgoptions && parse_options(orgoptions, &flags))
return 1;
/* BB save off path and pop after mount returns? */
if(chdir(mountpoint)) {
printf("mount error: can not change directory into mount target %s\n",mountpoint);
+ return -1;
}
- if(stat (mountpoint, &statbuf)) {
+ if(stat (".", &statbuf)) {
printf("mount error: mount point %s does not exist\n",mountpoint);
return -1;
}
if((getuid() != 0) && (geteuid() == 0)) {
if((statbuf.st_uid == getuid()) && (S_IRWXU == (statbuf.st_mode & S_IRWXU))) {
- printf("setuid mount allowed\n");
+#ifndef CIFS_ALLOW_USR_SUID
+ /* Do not allow user mounts to control suid flag
+ for mount unless explicitly built that way */
+ flags |= MS_NOSUID | MS_NODEV;
+#endif
} else {
printf("mount error: permission denied or not superuser and cifs.mount not installed SUID\n");
return -1;
optlen += strlen(mountpassword) + 6;
options = malloc(optlen + 10);
+ if(options == NULL) {
+ printf("Could not allocate memory for mount options\n");
+ return -1;
+ }
+
+
options[0] = 0;
strncat(options,"unc=",4);
strcat(options,share_name);
AC_SUBST(EXTRA_BIN_PROGS)
AC_SUBST(EXTRA_SBIN_PROGS)
AC_SUBST(EXTRA_ALL_TARGETS)
-AC_SUBST(CONFIG_LIBS)
AC_ARG_ENABLE(debug,
[ --enable-debug Turn on compiler debugging information (default=no)],
dnl Add modules that have to be built by default here
dnl These have to be built static:
-default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss rpc_epmapper auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
+default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsa rpc_samr rpc_reg rpc_lsa_ds rpc_wks rpc_net rpc_dfs rpc_srv rpc_spoolss auth_rhosts auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin"
dnl These are preferably build shared, and static if dlopen() is not available
default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap charset_CP850 charset_CP437"
LDFLAGS=$save_LDFLAGS
LIB_ADD_DIR(LDFLAGS, "$i/lib")
CFLAGS_ADD_DIR(CPPFLAGS, "$i/include")
- LIBS="$save_LIBS"
+ LIBS="$save_LIBS"
ICONV_LOCATION=$i
export LDFLAGS LIBS CPPFLAGS
dnl Now, check for a working iconv ... we want to do it here because
SMBLDAP=""
AC_SUBST(SMBLDAP)
-SMBLDAPUTIL=""
-AC_SUBST(SMBLDAPUTIL)
if test x"$with_ldap_support" != x"no"; then
##################################################################
if test x"$ac_cv_lib_ext_ldap_ldap_init" = x"yes" -a x"$ac_cv_func_ext_ldap_domain2hostlist" = x"yes"; then
AC_DEFINE(HAVE_LDAP,1,[Whether ldap is available])
default_static_modules="$default_static_modules pdb_ldap idmap_ldap";
- default_shared_modules="$default_shared_modules config_ldap";
SMBLDAP="lib/smbldap.o"
- SMBLDAPUTIL="lib/smbldap_util.o"
with_ldap_support=yes
AC_MSG_CHECKING(whether LDAP support is used)
AC_MSG_RESULT(yes)
MODULE_rpc_spoolss=STATIC
MODULE_rpc_srv=STATIC
MODULE_idmap_tdb=STATIC
-MODULE_gums_tdbsam2=STATIC
AC_ARG_WITH(static-modules,
[ --with-static-modules=MODULES Comma-seperated list of names of modules to statically link in],
SMB_MODULE(pdb_smbpasswd, passdb/pdb_smbpasswd.o, "bin/smbpasswd.$SHLIBEXT", PDB)
SMB_MODULE(pdb_tdbsam, passdb/pdb_tdb.o, "bin/tdbsam.$SHLIBEXT", PDB)
SMB_MODULE(pdb_guest, passdb/pdb_guest.o, "bin/guest.$SHLIBEXT", PDB)
-SMB_MODULE(pdb_gums, [passdb/pdb_gums.o \$(GUMS_OBJ)], "bin/gums.$SHLIBEXT", PDB)
SMB_SUBSYSTEM(PDB,passdb/pdb_interface.o)
-SMB_MODULE(gums_tdbsam2, sam/gums_tdbsam2.o, "bin/tdbsam2.$SHLIBEXT", GUMS)
-SMB_SUBSYSTEM(GUMS)
-
SMB_MODULE(rpc_lsa, \$(RPC_LSA_OBJ), "bin/librpc_lsarpc.$SHLIBEXT", RPC)
SMB_MODULE(rpc_reg, \$(RPC_REG_OBJ), "bin/librpc_winreg.$SHLIBEXT", RPC)
SMB_MODULE(rpc_lsa_ds, \$(RPC_LSA_DS_OBJ), "bin/librpc_lsa_ds.$SHLIBEXT", RPC)
SMB_MODULE(rpc_spoolss, \$(RPC_SPOOLSS_OBJ), "bin/librpc_spoolss.$SHLIBEXT", RPC)
SMB_MODULE(rpc_samr, \$(RPC_SAMR_OBJ), "bin/librpc_samr.$SHLIBEXT", RPC)
SMB_MODULE(rpc_echo, \$(RPC_ECHO_OBJ), "bin/librpc_echo.$SHLIBEXT", RPC)
-SMB_MODULE(rpc_epmapper, \$(RPC_EPMAPPER_OBJ), "bin/librpc_epmapper.$SHLIBEXT",
- RPC)
SMB_SUBSYSTEM(RPC,smbd/server.o)
SMB_MODULE(idmap_ldap, sam/idmap_ldap.o, "bin/idmap_ldap.$SHLIBEXT", IDMAP)
SMB_MODULE(vfs_cap, \$(VFS_CAP_OBJ), "bin/cap.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
-SMB_MODULE(config_ldap, param/config_ldap.o, "bin/config_ldap.$SHLIBEXT", CONFIG, [ CONFIG_LIBS="$CONFIG_LIBS $LDAP_LIBS" "$SMBLDAP" ])
-SMB_SUBSYSTEM(CONFIG, param/modconf.o)
-
AC_DEFINE_UNQUOTED(STRING_STATIC_MODULES, "$string_static_modules", [String list of builtin modules])
#################################################
#define DATABASE_VERSION_V2 2 /* le format. */
#define GROUP_PREFIX "UNIXGROUP/"
-#define ALIASMEM_PREFIX "ALIASMEMBERS/"
+
+PRIVS privs[] = {
+ {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */
+ {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" },
+ {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" },
+ {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" },
+ {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" },
+ {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" },
+ {SE_PRIV_ALL, "SaAllPrivs", "all privileges" }
+};
+
/****************************************************************************
dump the mapping group mapping to a text file
Remove a group mapping entry.
****************************************************************************/
-static BOOL group_map_remove(const DOM_SID *sid)
+static BOOL group_map_remove(DOM_SID sid)
{
TDB_DATA kbuf, dbuf;
pstring key;
/* the key is the SID, retrieving is direct */
- sid_to_string(string_sid, sid);
+ sid_to_string(string_sid, &sid);
slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid);
kbuf.dptr = key;
return True;
}
-static NTSTATUS add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- char *new_memberstring;
- int result;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- sid_to_string(string_sid, member);
-
- if (dbuf.dptr != NULL) {
- asprintf(&new_memberstring, "%s %s", (char *)(dbuf.dptr),
- string_sid);
- } else {
- new_memberstring = strdup(string_sid);
- }
-
- if (new_memberstring == NULL)
- return NT_STATUS_NO_MEMORY;
-
- SAFE_FREE(dbuf.dptr);
- dbuf.dsize = strlen(new_memberstring)+1;
- dbuf.dptr = new_memberstring;
-
- result = tdb_store(tdb, kbuf, dbuf, 0);
-
- SAFE_FREE(new_memberstring);
-
- return (result == 0 ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED);
-}
-
-static void add_sid_to_array(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- *sids = Realloc(*sids, ((*num)+1) * sizeof(DOM_SID));
-
- if (*sids == NULL)
- return;
-
- sid_copy(&((*sids)[*num]), sid);
- *num += 1;
-
- return;
-}
-
-static NTSTATUS enum_aliasmem(const DOM_SID *alias, DOM_SID **sids, int *num)
-{
- GROUP_MAP map;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring string_sid;
- const char *p;
-
- if(!init_group_mapping()) {
- DEBUG(0,("failed to initialize group mapping\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!get_group_map_from_sid(*alias, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ( (map.sid_name_use != SID_NAME_ALIAS) &&
- (map.sid_name_use != SID_NAME_WKN_GRP) )
- return NT_STATUS_NO_SUCH_ALIAS;
-
- *sids = NULL;
- *num = 0;
-
- sid_to_string(string_sid, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, string_sid);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
-
- dbuf = tdb_fetch(tdb, kbuf);
-
- if (dbuf.dptr == NULL) {
- return NT_STATUS_OK;
- }
-
- p = dbuf.dptr;
-
- while (next_token(&p, string_sid, " ", sizeof(string_sid))) {
-
- DOM_SID sid;
-
- if (!string_to_sid(&sid, string_sid))
- continue;
-
- add_sid_to_array(&sid, sids, num);
-
- if (sids == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- SAFE_FREE(dbuf.dptr);
-
- return NT_STATUS_OK;
-}
-
-/* This is racy as hell, but hey, it's only a prototype :-) */
-
-static NTSTATUS del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- NTSTATUS result;
- DOM_SID *sids;
- int i, num;
- BOOL found = False;
- char *member_string;
- TDB_DATA kbuf, dbuf;
- pstring key;
- fstring sid_string;
-
- result = enum_aliasmem(alias, &sids, &num);
-
- if (!NT_STATUS_IS_OK(result))
- return result;
-
- for (i=0; i<num; i++) {
- if (sid_compare(&sids[i], member) == 0) {
- found = True;
- break;
- }
- }
-
- if (!found) {
- SAFE_FREE(sids);
- return NT_STATUS_MEMBER_NOT_IN_ALIAS;
- }
-
- if (i < num)
- sids[i] = sids[num-1];
-
- num -= 1;
-
- member_string = strdup("");
-
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
-
- for (i=0; i<num; i++) {
- char *s = member_string;
-
- sid_to_string(sid_string, &sids[i]);
- asprintf(&member_string, "%s %s", s, sid_string);
-
- SAFE_FREE(s);
- if (member_string == NULL) {
- SAFE_FREE(sids);
- return NT_STATUS_NO_MEMORY;
- }
- }
-
- sid_to_string(sid_string, alias);
- slprintf(key, sizeof(key), "%s%s", ALIASMEM_PREFIX, sid_string);
-
- kbuf.dsize = strlen(key)+1;
- kbuf.dptr = key;
- dbuf.dsize = strlen(member_string)+1;
- dbuf.dptr = member_string;
-
- result = tdb_store(tdb, kbuf, dbuf, 0) == 0 ?
- NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
-
- SAFE_FREE(sids);
- SAFE_FREE(member_string);
-
- return result;
-}
-
-static BOOL is_foreign_alias_member(const DOM_SID *sid, const DOM_SID *alias)
-{
- DOM_SID *members;
- int i, num;
- BOOL result = False;
-
- if (!NT_STATUS_IS_OK(enum_aliasmem(alias, &members, &num)))
- return False;
-
- for (i=0; i<num; i++) {
-
- if (sid_compare(&members[i], sid) == 0) {
- result = True;
- break;
- }
- }
-
- SAFE_FREE(members);
- return result;
-}
-
-static NTSTATUS alias_memberships(const DOM_SID *sid, DOM_SID **sids, int *num)
-{
- GROUP_MAP *maps;
- int i, num_maps;
-
- *num = 0;
- *sids = NULL;
-
- if (!enum_group_mapping(SID_NAME_WKN_GRP, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
-
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- if (!enum_group_mapping(SID_NAME_ALIAS, &maps, &num_maps, False))
- return NT_STATUS_NO_MEMORY;
-
- for (i=0; i<num_maps; i++) {
- if (is_foreign_alias_member(sid, &maps[i].sid)) {
-
- add_sid_to_array(&maps[i].sid, sids, num);
-
- if (sids == NULL) {
- SAFE_FREE(maps);
- return NT_STATUS_NO_MEMORY;
- }
- }
- }
- SAFE_FREE(maps);
-
- return NT_STATUS_OK;
-}
-
/*
*
* High level functions
if ( !ret )
return False;
- if ( ( (map->sid_name_use != SID_NAME_ALIAS) &&
- (map->sid_name_use != SID_NAME_WKN_GRP) )
+ if ( (map->sid_name_use != SID_NAME_ALIAS)
|| (map->gid == -1)
|| (getgrgid(map->gid) == NULL) )
{
int i=0;
char *gr;
DOM_SID *s;
- DOM_SID sid;
- DOM_SID *members;
- int num_members;
struct sys_pwent *userlist;
struct sys_pwent *user;
DEBUG(10, ("got primary groups, members: [%d]\n", *num_sids));
winbind_on();
-
- if ( NT_STATUS_IS_OK(gid_to_sid(&sid, gid)) &&
- NT_STATUS_IS_OK(enum_aliasmem(&sid, &members, &num_members)) ) {
-
- for (i=0; i<num_members; i++) {
- add_sid_to_array(&members[i], sids, num_sids);
-
- if (sids == NULL)
- return False;
- }
- }
-
return True;
}
NTSTATUS pdb_default_delete_group_mapping_entry(struct pdb_methods *methods,
DOM_SID sid)
{
- return group_map_remove(&sid) ?
+ return group_map_remove(sid) ?
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-NTSTATUS pdb_default_find_alias(struct pdb_methods *methods,
- const char *name, DOM_SID *sid)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_ntname(name, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- if ((map.sid_name_use != SID_NAME_WKN_GRP) &&
- (map.sid_name_use != SID_NAME_ALIAS))
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- sid_copy(sid, &map.sid);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
- const char *name, uint32 *rid)
-{
- DOM_SID sid;
- enum SID_NAME_USE type;
- uint32 new_rid;
- gid_t gid;
-
- if (lookup_name(get_global_sam_name(), name, &sid, &type))
- return NT_STATUS_ALIAS_EXISTS;
-
- if (!winbind_allocate_rid(&new_rid))
- return NT_STATUS_ACCESS_DENIED;
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
-
- /* Here we allocate the gid */
- if (!winbind_sid_to_gid(&gid, &sid)) {
- DEBUG(0, ("Could not get gid for new RID\n"));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- if (!add_initial_entry(gid, sid_string_static(&sid), SID_NAME_ALIAS,
- name, "")) {
- DEBUG(0, ("Could not add group mapping entry for alias %s\n",
- name));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- *rid = new_rid;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_delete_alias(struct pdb_methods *methods,
- const DOM_SID *sid)
-{
- if (!group_map_remove(sid))
- return NT_STATUS_ACCESS_DENIED;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_enum_aliases(struct pdb_methods *methods,
- const DOM_SID *sid,
- uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases,
- struct acct_info **info)
-{
- extern DOM_SID global_sid_Builtin;
-
- GROUP_MAP *map;
- int i, num_maps;
- enum SID_NAME_USE type = SID_NAME_UNKNOWN;
-
- if (sid_compare(sid, get_global_sam_sid()) == 0)
- type = SID_NAME_ALIAS;
-
- if (sid_compare(sid, &global_sid_Builtin) == 0)
- type = SID_NAME_WKN_GRP;
-
- if (!enum_group_mapping(type, &map, &num_maps, False) ||
- (num_maps == 0)) {
- *num_aliases = 0;
- *info = NULL;
- goto done;
- }
-
- if (start_idx > num_maps) {
- *num_aliases = 0;
- *info = NULL;
- goto done;
- }
-
- *num_aliases = num_maps - start_idx;
-
- if (*num_aliases > max_entries)
- *num_aliases = max_entries;
-
- *info = malloc(sizeof(struct acct_info) * (*num_aliases));
-
- for (i=0; i<*num_aliases; i++) {
- fstrcpy((*info)[i].acct_name, map[i+start_idx].nt_name);
- fstrcpy((*info)[i].acct_desc, map[i+start_idx].comment);
- sid_peek_rid(&map[i].sid, &(*info)[i+start_idx].rid);
- }
-
- done:
- SAFE_FREE(map);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_get_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_sid(*sid, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- fstrcpy(info->acct_name, map.nt_name);
- fstrcpy(info->acct_desc, map.comment);
- sid_peek_rid(&map.sid, &info->rid);
- return NT_STATUS_OK;
-}
-
-NTSTATUS pdb_default_set_aliasinfo(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- GROUP_MAP map;
-
- if (!get_group_map_from_sid(*sid, &map))
- return NT_STATUS_NO_SUCH_ALIAS;
-
- fstrcpy(map.comment, info->acct_desc);
-
- if (!add_mapping_entry(&map, TDB_REPLACE))
- return NT_STATUS_ACCESS_DENIED;
-
- return NT_STATUS_OK;
-}
-
NTSTATUS pdb_default_enum_group_mapping(struct pdb_methods *methods,
enum SID_NAME_USE sid_name_use,
GROUP_MAP **rmap, int *num_entries,
NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
}
-NTSTATUS pdb_default_add_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
-{
- return add_aliasmem(alias, member);
-}
-
-NTSTATUS pdb_default_del_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member)
-{
- return del_aliasmem(alias, member);
-}
-
-NTSTATUS pdb_default_enum_aliasmem(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **members,
- int *num_members)
-{
- return enum_aliasmem(alias, members, num_members);
-}
-
-NTSTATUS pdb_default_alias_memberships(struct pdb_methods *methods,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num)
-{
- return alias_memberships(sid, aliases, num);
-}
-
/**********************************************************************
no ops for passdb backends that don't implement group mapping
*********************************************************************/
/* NT group information taken from the info3 structure */
NT_USER_TOKEN *ptok;
- PRIVILEGE_SET *privs;
DATA_BLOB nt_session_key;
DATA_BLOB lm_session_key;
+++ /dev/null
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_H
-#define _GENPARSER_H
-
-/* these macros are needed for genstruct auto-parsers */
-#ifndef GENSTRUCT
-#define GENSTRUCT
-#define _LEN(x)
-#define _NULLTERM
-#endif
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-/* flag to mark a fixed size array as actually being null terminated */
-#define FLAG_NULLTERM 1
-#define FLAG_ALWAYS 2
-
-struct enum_struct {
- const char *name;
- unsigned value;
-};
-
-/* intermediate dumps are stored in one of these */
-struct parse_string {
- unsigned allocated;
- unsigned length;
- char *s;
-};
-
-typedef int (*gen_dump_fn)(TALLOC_CTX *, struct parse_string *, const char *ptr, unsigned indent);
-typedef int (*gen_parse_fn)(TALLOC_CTX *, char *ptr, const char *str);
-
-/* genstruct.pl generates arrays of these */
-struct parse_struct {
- const char *name;
- unsigned ptr_count;
- unsigned size;
- unsigned offset;
- unsigned array_len;
- const char *dynamic_len;
- unsigned flags;
- gen_dump_fn dump_fn;
- gen_parse_fn parse_fn;
-};
-
-#define DUMP_PARSE_DECL(type) \
- int gen_dump_ ## type(TALLOC_CTX *, struct parse_string *, const char *, unsigned); \
- int gen_parse_ ## type(TALLOC_CTX *, char *, const char *);
-
-DUMP_PARSE_DECL(char)
-DUMP_PARSE_DECL(int)
-DUMP_PARSE_DECL(unsigned)
-DUMP_PARSE_DECL(double)
-DUMP_PARSE_DECL(float)
-
-#define gen_dump_unsigned_char gen_dump_char
-#define gen_parse_unsigned_char gen_parse_char
-
-#endif /* _GENPARSER_H */
+++ /dev/null
-/*
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GENPARSER_SAMBA_H
-#define _GENPARSER_SAMBA_H
-
-const struct parse_struct pinfo_security_ace_info[] = {
-{"type", 0, sizeof(uint8), offsetof(struct security_ace_info, type), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"flags", 0, sizeof(uint8), offsetof(struct security_ace_info, flags), 0, NULL, 0, gen_dump_uint8, gen_parse_uint8},
-{"size", 0, sizeof(uint16), offsetof(struct security_ace_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"info", 0, sizeof(char), offsetof(struct security_ace_info, info), 0, NULL, 0, gen_dump_SEC_ACCESS, gen_parse_SEC_ACCESS},
-{"obj_flags", 0, sizeof(uint32), offsetof(struct security_ace_info, obj_flags), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"obj_guid", 0, sizeof(char), offsetof(struct security_ace_info, obj_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"inh_guid", 0, sizeof(char), offsetof(struct security_ace_info, inh_guid), 0, NULL, 0, gen_dump_GUID, gen_parse_GUID},
-{"trustee", 0, sizeof(char), offsetof(struct security_ace_info, trustee), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_acl_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_acl_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"size", 0, sizeof(uint16), offsetof(struct security_acl_info, size), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"num_aces", 0, sizeof(uint32), offsetof(struct security_acl_info, num_aces), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"ace", 1, sizeof(struct security_ace_info), offsetof(struct security_acl_info, ace), 0, "size", 0, gen_dump_SEC_ACE, gen_parse_SEC_ACE},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_security_descriptor_info[] = {
-{"revision", 0, sizeof(uint16), offsetof(struct security_descriptor_info, revision), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"type", 0, sizeof(uint16), offsetof(struct security_descriptor_info, type), 0, NULL, 0, gen_dump_uint16, gen_parse_uint16},
-{"off_owner_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_owner_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_grp_sid", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_grp_sid), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_sacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_sacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"off_dacl", 0, sizeof(uint32), offsetof(struct security_descriptor_info, off_dacl), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"dacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, dacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"sacl", 1, sizeof(struct security_acl_info), offsetof(struct security_descriptor_info, sacl), 0, NULL, 0, gen_dump_SEC_ACL, gen_parse_SEC_ACL},
-{"owner_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, owner_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{"grp_sid", 1, sizeof(char), offsetof(struct security_descriptor_info, grp_sid), 0, NULL, 0, gen_dump_DOM_SID, gen_parse_DOM_SID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_luid_attr_info[] = {
-{"attr", 0, sizeof(uint32), offsetof(struct LUID_ATTR, attr), 0, NULL, 0, gen_dump_uint32, gen_parse_uint32},
-{"luid", 1, sizeof(LUID), offsetof(struct LUID_ATTR, luid), 0, NULL, 0, gen_dump_LUID, gen_parse_LUID},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-const struct parse_struct pinfo_data_blob_info[] = {
-{"length", 0, sizeof(int), offsetof(DATA_BLOB, length), 0, NULL, 0, gen_dump_int, gen_parse_int},
-{"data", 1, sizeof(char), offsetof(DATA_BLOB, data), 0, "length", 0, gen_dump_char, gen_parse_char},
-{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};
-
-#endif /* _GENPARSER_SAMBA_H */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#ifndef _GUMS_H
-#define _GUMS_H
-
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
-#define GUMS_OBJECT_VERSION 1
-#define GUMS_PRIVILEGE_VERSION 1
-#define GUMS_INTERFACE_VERSION 1
-
-#define GUMS_OBJ_DOMAIN 0x10
-#define GUMS_OBJ_NORMAL_USER 0x20
-#define GUMS_OBJ_GROUP 0x30
-#define GUMS_OBJ_ALIAS 0x31
-
-/* define value types */
-#define GUMS_SET_PRIMARY_GROUP 0x1
-#define GUMS_SET_SEC_DESC 0x2
-
-#define GUMS_SET_NAME 0x10
-#define GUMS_SET_DESCRIPTION 0x11
-#define GUMS_SET_FULL_NAME 0x12
-
-/* user specific type values */
-#define GUMS_SET_LOGON_TIME 0x20
-#define GUMS_SET_LOGOFF_TIME 0x21
-#define GUMS_SET_KICKOFF_TIME 0x23
-#define GUMS_SET_PASS_LAST_SET_TIME 0x24
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
-
-
-#define GUMS_SET_HOME_DIRECTORY 0x31
-#define GUMS_SET_DRIVE 0x32
-#define GUMS_SET_LOGON_SCRIPT 0x33
-#define GUMS_SET_PROFILE_PATH 0x34
-#define GUMS_SET_WORKSTATIONS 0x35
-#define GUMS_SET_UNKNOWN_STRING 0x36
-#define GUMS_SET_MUNGED_DIAL 0x37
-
-#define GUMS_SET_LM_PASSWORD 0x40
-#define GUMS_SET_NT_PASSWORD 0x41
-#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
-#define GUMS_SET_UNKNOWN_3 0x43
-#define GUMS_SET_LOGON_DIVS 0x44
-#define GUMS_SET_HOURS_LEN 0x45
-#define GUMS_SET_HOURS 0x46
-#define GUMS_SET_BAD_PASSWORD_COUNT 0x47
-#define GUMS_SET_LOGON_COUNT 0x48
-#define GUMS_SET_UNKNOWN_6 0x49
-
-#define GUMS_SET_MUST_CHANGE_PASS 0x50
-#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
-#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
-#define GUMS_SET_ACCOUNT_DISABLED 0x53
-#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
-
-/*group specific type values */
-#define GUMS_ADD_SID_LIST 0x60
-#define GUMS_DEL_SID_LIST 0x61
-#define GUMS_SET_SID_LIST 0x62
-
-GENSTRUCT struct gums_user
-{
- DOM_SID *group_sid; /* Primary Group SID */
-
- NTTIME logon_time; /* logon time */
- NTTIME logoff_time; /* logoff time */
- NTTIME kickoff_time; /* kickoff time */
- NTTIME pass_last_set_time; /* password last set time */
- NTTIME pass_can_change_time; /* password can change time */
- NTTIME pass_must_change_time; /* password must change time */
-
- char *full_name; _NULLTERM /* user's full name string */
- char *home_dir; _NULLTERM /* home directory string */
- char *dir_drive; _NULLTERM /* home directory drive string */
- char *logon_script; _NULLTERM /* logon script string */
- char *profile_path; _NULLTERM /* profile path string */
- char *workstations; _NULLTERM /* login from workstations string */
- char *unknown_str; _NULLTERM /* don't know what this is, yet. */
- char *munged_dial; _NULLTERM /* munged path name and dial-back tel number */
-
- DATA_BLOB lm_pw; /* .data is Null if no password */
- DATA_BLOB nt_pw; /* .data is Null if no password */
-
- uint16 acct_ctrl; /* account type & status flags */
- uint16 logon_divs; /* 168 - number of hours in a week */
- uint32 hours_len; /* normally 21 bytes */
- uint8 *hours; _LEN(hours_len) /* normally 21 bytes (depends on hours_len) */
-
- uint16 bad_password_count; /* 0 */
- uint16 logon_count; /* 0 */
- uint32 unknown_3; /* 0x00ff ffff */
- uint32 unknown_6; /* 0x0000 04ec */
-
-};
-
-GENSTRUCT struct gums_group
-{
- uint32 count; /* Number of SIDs */
- DOM_SID *members; _LEN(count) /* SID array */
-
-};
-
-GENSTRUCT struct gums_domain
-{
- uint32 next_rid;
-
-};
-
-GENSTRUCT struct gums_object
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object Type */
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- SEC_DESC *sec_desc; /* Security Descriptor */
-
- DOM_SID *sid; /* Object Sid */
- char *name; _NULLTERM /* Object Name - it should be in DOMAIN\NAME format */
- char *description; _NULLTERM /* Object Description */
-
- struct gums_user *user;
- struct gums_group *group;
- struct gums_domain *domain;
-
-};
-
-GENSTRUCT struct gums_privilege
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 version; /* Object Version */
- uint32 seq_num; /* Object Sequence Number */
-
- char *name; _NULLTERM /* Object Name */
- char *description; _NULLTERM /* Object Description */
-
- LUID_ATTR *privilege; /* Privilege Type */
-
- uint32 count;
- DOM_SID *members; _LEN(count)
-
-};
-
-typedef struct gums_user GUMS_USER;
-typedef struct gums_group GUMS_GROUP;
-typedef struct gums_domain GUMS_DOMAIN;
-typedef struct gums_object GUMS_OBJECT;
-typedef struct gums_privilege GUMS_PRIVILEGE;
-
-typedef struct gums_data_set
-{
- int type; /* GUMS_SET_xxx */
- void *data;
-
-} GUMS_DATA_SET;
-
-typedef struct gums_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- DOM_SID sid; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET *data;
-
-} GUMS_COMMIT_SET;
-
-typedef struct gums_priv_commit_set
-{
- TALLOC_CTX *mem_ctx;
-
- uint32 type; /* Object type */
- char *name; /* Object Sid */
- uint32 count; /* number of changes */
- GUMS_DATA_SET *data;
-
-} GUMS_PRIV_COMMIT_SET;
-
-
-typedef struct gums_functions
-{
- /* module data */
- TALLOC_CTX *mem_ctx;
- char *name;
- void *private_data;
- void (*free_private_data)(void **);
-
- /* Generic object functions */
-
- NTSTATUS (*get_domain_sid) (DOM_SID *sid, const char* name);
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid);
-
- NTSTATUS (*get_sequence_number) (void);
-
- NTSTATUS (*new_object) (DOM_SID *sid, const char *name, const int obj_type);
- NTSTATUS (*delete_object) (const DOM_SID *sid);
-
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
- NTSTATUS (*enumerate_objects_start) (void **handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
-
- /* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
- Never use this function to update an object in the database, use set_object_values() */
- NTSTATUS (*set_object) (GUMS_OBJECT *object);
-
- /* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
- NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
- NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
- NTSTATUS (*lock_sid) (const DOM_SID *sid);
- NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
- NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name);
- NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members);
- NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members);
- NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members);
- NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs);
-
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
- NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-
-} GUMS_FUNCTIONS;
-
-typedef NTSTATUS (*gums_init_function)(
- struct gums_functions *,
- const char *);
-
-struct gums_init_function_entry {
-
- const char *name;
- gums_init_function init_fn;
- struct gums_init_function_entry *prev, *next;
-};
-
-#endif /* _GUMS_H */
#include "version.h"
-#include "privileges.h"
-
#include "smb.h"
#include "nameserv.h"
#include "byteorder.h"
+#include "privileges.h"
+
#include "rpc_creds.h"
#include "mapping.h"
#include "rpc_secdes.h"
-#include "genparser.h"
-
-#include "gums.h"
-
#include "nt_printing.h"
#include "msdfs.h"
/* forward declarations from smbldap.c */
#include "smbldap.h"
-#include "modconf.h"
/***** automatically generated prototypes *****/
#ifndef NO_PROTO_H
enum SID_NAME_USE sid_name_use;
fstring nt_name;
fstring comment;
-
- /* Here we store SIDs that we can be sure of to be of type
- * SID_NAME_DOM_GRP, so it's a Domain Group which can not be
- * represented via /etc/group memberships. */
-
- int num_member;
- DOM_SID *alias_members;
} GROUP_MAP;
+++ /dev/null
-#ifndef _MODCONF_H_
-#define _MODCONF_H_
-/*
- Unix SMB/CIFS implementation.
-
- ModConf headers
-
- Copyright (C) Simo Sorce 2003
-
- This library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public
- License as published by the Free Software Foundation; either
- version 2 of the License, or (at your option) any later version.
-
- This library is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
-
- You should have received a copy of the GNU Library General Public
- License along with this library; if not, write to the
- Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA.
-*/
-
-#define SAMBA_CONFIG_INTERFACE_VERSION 1
-
-/* Filled out by config backends */
-struct config_functions {
- NTSTATUS (*init)(char *params);
- NTSTATUS (*load)(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *));
- NTSTATUS (*close)(void);
-};
-#endif /* _MODCONF_H_ */
#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */
#define _NT_DOMAIN_H
-struct uuid
-{
- uint32 time_low;
- uint16 time_mid;
- uint16 time_hi_and_version;
- uint8 clock_seq[2];
- uint8 node[6];
-};
-#define UUID_SIZE 16
-
-#define UUID_FLAT_SIZE 16
-typedef struct uuid_flat
-{
- uint8 info[UUID_FLAT_SIZE];
-} UUID_FLAT;
-
/* dce/rpc support */
#include "rpc_dce.h"
} rid_name;
+struct acct_info
+{
+ fstring acct_name; /* account name */
+ fstring acct_desc; /* account name */
+ uint32 rid; /* domain-relative RID */
+};
+
/*
* higher order functions for use with msrpc client code
*/
#include "rpc_dfs.h"
#include "rpc_ds.h"
#include "rpc_echo.h"
-#include "rpc_epmapper.h"
#include "rpc_shutdown.h"
#endif /* _NT_DOMAIN_H */
PDB_GROUP_COUNT
};
-enum pdb_trust_passwd_elements {
- PDB_TRUST_PASS,
- PDB_TRUST_SID,
- PDB_TRUST_NAME,
- PDB_TRUST_MODTIME,
- PDB_TRUST_FLAGS,
-
- PDB_TRUST_COUNT
-};
enum pdb_value_state {
PDB_DEFAULT=0,
} SAM_GROUP;
-typedef struct _GROUP_INFO {
- struct pdb_methods *methods;
- DOM_SID sid;
- enum SID_NAME_USE sid_name_use;
- fstring nt_name;
- fstring comment;
-} GROUP_INFO;
-
-struct acct_info
-{
- fstring acct_name; /* account name */
- fstring acct_desc; /* account name */
- uint32 rid; /* domain-relative RID */
-};
-
-typedef struct sam_trust_passwd {
- TALLOC_CTX *mem_ctx;
-
- void (*free_fn)(struct sam_trust_passwd **);
-
- struct pdb_methods *methods;
-
- struct trust_passwd_data {
- uint16 flags; /* flags */
- size_t uni_name_len; /* unicode name length */
- smb_ucs2_t uni_name[32]; /* unicode domain name */
- fstring pass; /* trust password */
- time_t mod_time; /* last change time */
- DOM_SID domain_sid; /* trusted domain sid */
- } private;
-
-} SAM_TRUST_PASSWD;
-
-
-
/*****************************************************************
Functions to be implemented by the new (v2) passdb API
****************************************************************/
* this SAMBA will load. Increment this if *ANY* changes are made to the interface.
*/
-#define PASSDB_INTERFACE_VERSION 7
+#define PASSDB_INTERFACE_VERSION 4
typedef struct pdb_context
{
NTSTATUS (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username);
- /* group mapping functions: to be removed */
-
NTSTATUS (*pdb_getgrsid)(struct pdb_context *context, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*pdb_getgrgid)(struct pdb_context *context, GROUP_MAP *map, gid_t gid);
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
- NTSTATUS (*pdb_find_alias)(struct pdb_context *context,
- const char *name, DOM_SID *sid);
-
- NTSTATUS (*pdb_create_alias)(struct pdb_context *context,
- const char *name, uint32 *rid);
-
- NTSTATUS (*pdb_delete_alias)(struct pdb_context *context,
- const DOM_SID *sid);
-
- NTSTATUS (*pdb_enum_aliases)(struct pdb_context *context,
- const DOM_SID *domain_sid,
- uint32 start_idx, uint32 num_entries,
- uint32 *num_aliases,
- struct acct_info **aliases);
-
- NTSTATUS (*pdb_get_aliasinfo)(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*pdb_set_aliasinfo)(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*pdb_add_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member);
-
- NTSTATUS (*pdb_del_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member);
-
- NTSTATUS (*pdb_enum_aliasmem)(struct pdb_context *context,
- const DOM_SID *alias,
- DOM_SID **members, int *num_members);
-
- NTSTATUS (*pdb_enum_alias_memberships)(struct pdb_context *context,
- const DOM_SID *alias,
- DOM_SID **aliases,
- int *num);
-
- /* group functions */
-
- NTSTATUS (*pdb_get_group_info_by_sid)(struct pdb_context *context, GROUP_INFO *info, const DOM_SID *group);
-
- NTSTATUS (*pdb_get_group_list)(struct pdb_context *context, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
-
- NTSTATUS (*pdb_get_group_sids)(struct pdb_context *context, const DOM_SID *group, DOM_SID **members, int *num_members);
-
- NTSTATUS (*pdb_add_group)(struct pdb_context *context, const SAM_GROUP *group);
-
- NTSTATUS (*pdb_update_group)(struct pdb_context *context, const SAM_GROUP *group);
-
- NTSTATUS (*pdb_delete_group)(struct pdb_context *context, const DOM_SID *group);
-
- NTSTATUS (*pdb_add_sid_to_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*pdb_remove_sid_from_group)(struct pdb_context *context, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*pdb_get_group_info_by_name)(struct pdb_context *context, GROUP_INFO *info, const char *name);
-
- NTSTATUS (*pdb_get_group_info_by_nt_name)(struct pdb_context *context, GROUP_INFO *info, const char *nt_name);
-
- NTSTATUS (*pdb_get_group_uids)(struct pdb_context *context, const DOM_SID *group, uid_t **members, int *num_members);
-
- /* trust password functions */
-
- NTSTATUS (*pdb_settrustpwent)(struct pdb_context *context);
-
- NTSTATUS (*pdb_gettrustpwent)(struct pdb_context *context, SAM_TRUST_PASSWD *trust);
-
- NTSTATUS (*pdb_gettrustpwnam)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const char *dom_name);
-
- NTSTATUS (*pdb_gettrustpwsid)(struct pdb_context *context, SAM_TRUST_PASSWD *trust, const DOM_SID *sid);
-
- NTSTATUS (*pdb_add_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*pdb_update_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*pdb_delete_trust_passwd)(struct pdb_context *context, SAM_TRUST_PASSWD* trust);
-
- /* privileges functions */
-
- NTSTATUS (*pdb_add_sid_to_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*pdb_remove_sid_from_privilege)(struct pdb_context *context, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*pdb_get_privilege_set)(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
-
- NTSTATUS (*pdb_get_privilege_entry)(struct pdb_context *context, const char *privname, char **sid_list);
-
void (*free_fn)(struct pdb_context **);
TALLOC_CTX *mem_ctx;
NTSTATUS (*update_sam_account)(struct pdb_methods *, SAM_ACCOUNT *sampass);
NTSTATUS (*delete_sam_account)(struct pdb_methods *, SAM_ACCOUNT *username);
-
- /* group mapping functions: to be removed */
-
+
NTSTATUS (*getgrsid)(struct pdb_methods *methods, GROUP_MAP *map, DOM_SID sid);
NTSTATUS (*getgrgid)(struct pdb_methods *methods, GROUP_MAP *map, gid_t gid);
GROUP_MAP **rmap, int *num_entries,
BOOL unix_only);
- NTSTATUS (*find_alias)(struct pdb_methods *methods,
- const char *name, DOM_SID *sid);
-
- NTSTATUS (*create_alias)(struct pdb_methods *methods,
- const char *name, uint32 *rid);
-
- NTSTATUS (*delete_alias)(struct pdb_methods *methods,
- const DOM_SID *sid);
-
- NTSTATUS (*enum_aliases)(struct pdb_methods *methods,
- const DOM_SID *domain_sid,
- uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases, struct acct_info **info);
-
- NTSTATUS (*get_aliasinfo)(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*set_aliasinfo)(struct pdb_methods *methods,
- const DOM_SID *sid,
- struct acct_info *info);
-
- NTSTATUS (*add_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member);
- NTSTATUS (*del_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, const DOM_SID *member);
- NTSTATUS (*enum_aliasmem)(struct pdb_methods *methods,
- const DOM_SID *alias, DOM_SID **members,
- int *num_members);
- NTSTATUS (*enum_alias_memberships)(struct pdb_methods *methods,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num);
-
- /* group functions */
-
- NTSTATUS (*get_group_info_by_sid)(struct pdb_methods *methods, GROUP_INFO *info, const DOM_SID *group);
-
- NTSTATUS (*get_group_list)(struct pdb_methods *methods, GROUP_INFO **info, const enum SID_NAME_USE sid_name_use, int *num_groups);
-
- NTSTATUS (*get_group_sids)(struct pdb_methods *methods, const DOM_SID *group, DOM_SID **members, int *num_members);
-
- NTSTATUS (*add_group)(struct pdb_methods *methods, const SAM_GROUP *group);
-
- NTSTATUS (*update_group)(struct pdb_methods *methods, const SAM_GROUP *group);
-
- NTSTATUS (*delete_group)(struct pdb_methods *methods, const DOM_SID *group);
-
- NTSTATUS (*add_sid_to_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*remove_sid_from_group)(struct pdb_methods *methods, const DOM_SID *group, const DOM_SID *member);
-
- NTSTATUS (*get_group_info_by_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *name);
-
- NTSTATUS (*get_group_info_by_nt_name)(struct pdb_methods *methods, GROUP_INFO *info, const char *nt_name);
-
- NTSTATUS (*get_group_uids)(struct pdb_methods *methods, const DOM_SID *group, uid_t **members, int *num_members);
-
void *private_data; /* Private data of some kind */
void (*free_private_data)(void **);
-
- /* trust password functions */
-
- NTSTATUS (*settrustpwent)(struct pdb_methods *methods);
-
- NTSTATUS (*gettrustpwent)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust);
-
- NTSTATUS (*gettrustpwnam)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const char *name);
-
- NTSTATUS (*gettrustpwsid)(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust, const DOM_SID *sid);
-
- NTSTATUS (*add_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*update_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- NTSTATUS (*delete_trust_passwd)(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust);
-
- /* privileges functions */
-
- NTSTATUS (*add_sid_to_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*remove_sid_from_privilege)(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid);
-
- NTSTATUS (*get_privilege_set)(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privs);
-
- NTSTATUS (*get_privilege_entry)(struct pdb_methods *methods, const char *privname, char **sid_list);
} PDB_METHODS;
#ifndef PRIVILEGES_H
#define PRIVILEGES_H
-#define PRIV_ALL_INDEX 30
+#define PRIV_ALL_INDEX 5
-#define SE_NONE 0
-#define SE_ASSIGN_PRIMARY_TOKEN 1
-#define SE_CREATE_TOKEN 2
-#define SE_LOCK_MEMORY 3
-#define SE_INCREASE_QUOTA 4
-#define SE_UNSOLICITED_INPUT 5
-#define SE_MACHINE_ACCOUNT 6
-#define SE_TCB 7
-#define SE_SECURITY 8
-#define SE_TAKE_OWNERSHIP 9
-#define SE_LOAD_DRIVER 10
-#define SE_SYSTEM_PROFILE 11
-#define SE_SYSTEM_TIME 12
-#define SE_PROF_SINGLE_PROCESS 13
-#define SE_INC_BASE_PRIORITY 14
-#define SE_CREATE_PAGEFILE 15
-#define SE_CREATE_PERMANENT 16
-#define SE_BACKUP 17
-#define SE_RESTORE 18
-#define SE_SHUTDOWN 19
-#define SE_DEBUG 20
-#define SE_AUDIT 21
-#define SE_SYSTEM_ENVIRONMENT 22
-#define SE_CHANGE_NOTIFY 23
-#define SE_REMOTE_SHUTDOWN 24
-#define SE_UNDOCK 25
-#define SE_SYNC_AGENT 26
-#define SE_ENABLE_DELEGATION 27
-#define SE_PRINT_OPERATOR 28
-#define SE_ADD_USERS 29
-#define SE_ALL_PRIVS 0xffff
+#define SE_PRIV_NONE 0x0000
+#define SE_PRIV_ADD_MACHINES 0x0006
+#define SE_PRIV_SEC_PRIV 0x0008
+#define SE_PRIV_TAKE_OWNER 0x0009
+#define SE_PRIV_ADD_USERS 0xff01
+#define SE_PRIV_PRINT_OPERATOR 0xff03
+#define SE_PRIV_ALL 0xffff
#define PR_NONE 0x0000
#define PR_LOG_ON_LOCALLY 0x0001
#define PR_LOG_ON_BATCH_JOB 0x0004
#define PR_LOG_ON_SERVICE 0x0010
-#ifndef _BOOL
-typedef int BOOL;
-#define _BOOL /* So we don't typedef BOOL again in vfs.h */
-#endif
-
typedef struct LUID
{
uint32 low;
{
LUID luid;
uint32 attr;
-} LUID_ATTR;
+} LUID_ATTR ;
typedef struct privilege_set
{
+++ /dev/null
-#ifndef _RPC_CLIENT_PROTO_H_
-#define _RPC_CLIENT_PROTO_H_
-/* This file is automatically generated with "make proto". DO NOT EDIT */
-
-
-/*The following definitions come from lib/util_list.c */
-
-BOOL copy_policy_hnd (POLICY_HND *dest, const POLICY_HND *src);
-BOOL compare_rpc_hnd_node(const RPC_HND_NODE *x,
- const RPC_HND_NODE *y);
-BOOL RpcHndList_set_connection(const POLICY_HND *hnd,
- struct cli_connection *con);
-BOOL RpcHndList_del_connection(const POLICY_HND *hnd);
-struct cli_connection* RpcHndList_get_connection(const POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_connect.c */
-
-void init_connections(void);
-void free_connections(void);
-void cli_connection_free(struct cli_connection *con);
-void cli_connection_unlink(struct cli_connection *con);
-BOOL cli_connection_init(const char *srv_name, char *pipe_name,
- struct cli_connection **con);
-BOOL cli_connection_init_auth(const char *srv_name, char *pipe_name,
- struct cli_connection **con,
- cli_auth_fns * auth, void *auth_creds);
-struct _cli_auth_fns *cli_conn_get_authfns(struct cli_connection *con);
-void *cli_conn_get_auth_creds(struct cli_connection *con);
-BOOL rpc_hnd_pipe_req(const POLICY_HND * hnd, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_pipe_req(struct cli_connection *con, uint8 op_num,
- prs_struct * data, prs_struct * rdata);
-BOOL rpc_con_ok(struct cli_connection *con);
-
-/*The following definitions come from rpc_client/cli_login.c */
-
-BOOL cli_nt_setup_creds(struct cli_state *cli, unsigned char mach_pwd[16]);
-BOOL cli_nt_srv_pwset(struct cli_state *cli, unsigned char *new_hashof_mach_pwd);
-BOOL cli_nt_login_interactive(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char *password,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_login_network(struct cli_state *cli, char *domain, char *username,
- uint32 smb_userid_low, char lm_chal[8],
- char *lm_chal_resp, char *nt_chal_resp,
- NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_lsarpc.c */
-
-BOOL do_lsa_open_policy(struct cli_state *cli,
- char *system_name, POLICY_HND *hnd,
- BOOL sec_qos);
-BOOL do_lsa_query_info_pol(struct cli_state *cli,
- POLICY_HND *hnd, uint16 info_class,
- fstring domain_name, DOM_SID *domain_sid);
-BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
-BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
-
-/*The following definitions come from rpc_client/cli_netlogon.c */
-
-BOOL cli_net_logon_ctrl2(struct cli_state *cli, uint32 status_level);
-BOOL cli_net_auth2(struct cli_state *cli, uint16 sec_chan,
- uint32 neg_flags, DOM_CHAL *srv_chal);
-BOOL cli_net_req_chal(struct cli_state *cli, DOM_CHAL *clnt_chal, DOM_CHAL *srv_chal);
-BOOL cli_net_srv_pwset(struct cli_state *cli, uint8 hashed_mach_pwd[16]);
-BOOL cli_net_sam_logon(struct cli_state *cli, NET_ID_INFO_CTR *ctr, NET_USER_INFO_3 *user_info3);
-BOOL cli_net_sam_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
-BOOL change_trust_account_password( char *domain, char *remote_machine_list);
-
-/*The following definitions come from rpc_client/cli_pipe.c */
-
-BOOL rpc_api_pipe_req(struct cli_state *cli, uint8 op_num,
- prs_struct *data, prs_struct *rdata);
-BOOL rpc_pipe_bind(struct cli_state *cli, char *pipe_name, char *my_name);
-void cli_nt_set_ntlmssp_flgs(struct cli_state *cli, uint32 ntlmssp_flgs);
-BOOL cli_nt_session_open(struct cli_state *cli, char *pipe_name);
-void cli_nt_session_close(struct cli_state *cli);
-
-/*The following definitions come from rpc_client/cli_reg.c */
-
-BOOL do_reg_connect(struct cli_state *cli, char *full_keyname, char *key_name,
- POLICY_HND *reg_hnd);
-BOOL do_reg_open_hklm(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_open_hku(struct cli_state *cli, uint16 unknown_0, uint32 level,
- POLICY_HND *hnd);
-BOOL do_reg_flush_key(struct cli_state *cli, POLICY_HND *hnd);
-BOOL do_reg_query_key(struct cli_state *cli, POLICY_HND *hnd,
- char *class, uint32 *class_len,
- uint32 *num_subkeys, uint32 *max_subkeylen,
- uint32 *max_subkeysize, uint32 *num_values,
- uint32 *max_valnamelen, uint32 *max_valbufsize,
- uint32 *sec_desc, NTTIME *mod_time);
-BOOL do_reg_unknown_1a(struct cli_state *cli, POLICY_HND *hnd, uint32 *unk);
-BOOL do_reg_query_info(struct cli_state *cli, POLICY_HND *hnd,
- char *key_value, uint32* key_type);
-BOOL do_reg_set_key_sec(struct cli_state *cli, POLICY_HND *hnd, SEC_DESC_BUF *sec_desc_buf);
-BOOL do_reg_get_key_sec(struct cli_state *cli, POLICY_HND *hnd, uint32 *sec_buf_size, SEC_DESC_BUF **ppsec_desc_buf);
-BOOL do_reg_delete_val(struct cli_state *cli, POLICY_HND *hnd, char *val_name);
-BOOL do_reg_delete_key(struct cli_state *cli, POLICY_HND *hnd, char *key_name);
-BOOL do_reg_create_key(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, char *key_class,
- SEC_ACCESS *sam_access,
- POLICY_HND *key);
-BOOL do_reg_enum_key(struct cli_state *cli, POLICY_HND *hnd,
- int key_index, char *key_name,
- uint32 *unk_1, uint32 *unk_2,
- time_t *mod_time);
-BOOL do_reg_create_val(struct cli_state *cli, POLICY_HND *hnd,
- char *val_name, uint32 type, BUFFER3 *data);
-BOOL do_reg_enum_val(struct cli_state *cli, POLICY_HND *hnd,
- int val_index, int max_valnamelen, int max_valbufsize,
- fstring val_name,
- uint32 *val_type, BUFFER2 *value);
-BOOL do_reg_open_entry(struct cli_state *cli, POLICY_HND *hnd,
- char *key_name, uint32 unk_0,
- POLICY_HND *key_hnd);
-BOOL do_reg_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_samr.c */
-
-BOOL get_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol_open_domain, uint32 user_rid,
- uint32 *num_groups, DOM_GID *gid);
-BOOL get_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol_open_domain,
- uint32 info_level,
- uint32 user_rid, SAM_USER_INFO_21 *usr);
-BOOL do_samr_chgpasswd_user(struct cli_state *cli,
- char *srv_name, char *user_name,
- char nt_newpass[516], uchar nt_oldhash[16],
- char lm_newpass[516], uchar lm_oldhash[16]);
-BOOL do_samr_unknown_38(struct cli_state *cli, char *srv_name);
-BOOL do_samr_query_dom_info(struct cli_state *cli,
- POLICY_HND *domain_pol, uint16 switch_value);
-BOOL do_samr_enum_dom_users(struct cli_state *cli,
- POLICY_HND *pol, uint16 num_entries, uint16 unk_0,
- uint16 acb_mask, uint16 unk_1, uint32 size,
- struct acct_info **sam,
- int *num_sam_users);
-BOOL do_samr_connect(struct cli_state *cli,
- char *srv_name, uint32 unknown_0,
- POLICY_HND *connect_pol);
-BOOL do_samr_open_user(struct cli_state *cli,
- POLICY_HND *pol, uint32 unk_0, uint32 rid,
- POLICY_HND *user_pol);
-BOOL do_samr_open_domain(struct cli_state *cli,
- POLICY_HND *connect_pol, uint32 rid, DOM_SID *sid,
- POLICY_HND *domain_pol);
-BOOL do_samr_query_unknown_12(struct cli_state *cli,
- POLICY_HND *pol, uint32 rid, uint32 num_gids, uint32 *gids,
- uint32 *num_aliases,
- fstring als_names [MAX_LOOKUP_SIDS],
- uint32 num_als_users[MAX_LOOKUP_SIDS]);
-BOOL do_samr_query_usergroups(struct cli_state *cli,
- POLICY_HND *pol, uint32 *num_groups, DOM_GID *gid);
-BOOL do_samr_query_userinfo(struct cli_state *cli,
- POLICY_HND *pol, uint16 switch_value, void* usr);
-BOOL do_samr_close(struct cli_state *cli, POLICY_HND *hnd);
-
-/*The following definitions come from rpc_client/cli_spoolss_notify.c */
-
-BOOL spoolss_disconnect_from_client( struct cli_state *cli);
-BOOL spoolss_connect_to_client( struct cli_state *cli, char *remote_machine);
-BOOL cli_spoolss_reply_open_printer(struct cli_state *cli, char *printer, uint32 localprinter, uint32 type, uint32 *status, POLICY_HND *handle);
-BOOL cli_spoolss_reply_rrpcn(struct cli_state *cli, POLICY_HND *handle,
- uint32 change_low, uint32 change_high, uint32 *status);
-BOOL cli_spoolss_reply_close_printer(struct cli_state *cli, POLICY_HND *handle, uint32 *status);
-
-/*The following definitions come from rpc_client/cli_srvsvc.c */
-
-BOOL do_srv_net_srv_conn_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_CONN_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_sess_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_SESS_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_share_enum(struct cli_state *cli,
- char *server_name,
- uint32 switch_value, SRV_R_NET_SHARE_ENUM *r_o,
- uint32 preferred_len, ENUM_HND *hnd);
-BOOL do_srv_net_srv_file_enum(struct cli_state *cli,
- char *server_name, char *qual_name,
- uint32 switch_value, SRV_FILE_INFO_CTR *ctr,
- uint32 preferred_len,
- ENUM_HND *hnd);
-BOOL do_srv_net_srv_get_info(struct cli_state *cli,
- char *server_name, uint32 switch_value, SRV_INFO_CTR *ctr);
-
-/*The following definitions come from rpc_client/cli_use.c */
-
-void init_cli_use(void);
-void free_cli_use(void);
-struct cli_state *cli_net_use_add(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL reuse, BOOL *is_new);
-BOOL cli_net_use_del(const char *srv_name,
- const struct ntuser_creds *usr_creds,
- BOOL force_close, BOOL *connection_closed);
-void cli_net_use_enum(uint32 *num_cons, struct use_info ***use);
-void cli_use_wait_keyboard(void);
-
-/*The following definitions come from rpc_client/cli_wkssvc.c */
-
-BOOL do_wks_query_info(struct cli_state *cli,
- char *server_name, uint32 switch_value,
- WKS_INFO_100 *wks100);
-
-/*The following definitions come from rpc_client/ncacn_np_use.c */
-
-BOOL ncacn_np_use_del(const char *srv_name, const char *pipe_name,
- const vuser_key * key,
- BOOL force_close, BOOL *connection_closed);
-struct ncacn_np *ncacn_np_initialise(struct ncacn_np *msrpc,
- const vuser_key * key);
-struct ncacn_np *ncacn_np_use_add(const char *pipe_name,
- const vuser_key * key,
- const char *srv_name,
- const struct ntuser_creds *ntc,
- BOOL reuse, BOOL *is_new_connection);
-#endif /* _PROTO_H_ */
/* #define MAX_PDU_FRAG_LEN 0x1630 this is what wnt sets */
#define MAX_PDU_FRAG_LEN 0x10b8 /* this is what w2k sets */
+/*
+ * Actual structure of a DCE UUID
+ */
+
+typedef struct rpc_uuid
+{
+ uint32 time_low;
+ uint16 time_mid;
+ uint16 time_hi_and_version;
+ uint8 remaining[8];
+} RPC_UUID;
+
+#define RPC_UUID_LEN 16
+
/* RPC_IFACE */
typedef struct rpc_iface_info
{
- struct uuid uuid; /* 16 bytes of rpc interface identification */
+ RPC_UUID uuid; /* 16 bytes of rpc interface identification */
uint32 version; /* the interface version number */
} RPC_IFACE;
-#define RPC_IFACE_LEN (UUID_SIZE + 4)
+#define RPC_IFACE_LEN (RPC_UUID_LEN + 4)
struct pipe_id_info
{
uint32 dnsname_ptr;
uint32 forestname_ptr;
- struct uuid domain_guid;
+ GUID domain_guid;
UNISTR2 netbios_domain;
uint32 trust_type;
uint32 trust_attributes;
uint32 sid_ptr;
- struct uuid guid;
+ GUID guid;
UNISTR2 netbios_domain;
UNISTR2 dns_domain;
uint32 parent_index;
uint32 trust_type;
uint32 trust_attributes;
- struct uuid guid;
+ GUID guid;
DOM_SID sid;
char *netbios_domain;
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Endpoint mapper data definitions
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#define EPM_HANDLE_LEN 20
-
-/* ordinal for the mapping interface */
-
-#define EPM_MAP_PIPE_NAME 0x03
-
-/* some of the different connection protocols and their IDs from Windows */
-
-#define EPM_FLOOR_UUID 0x0d /* floor contains UUID */
-#define EPM_FLOOR_RPC 0x0b /* tower is for connection-oriented rpc */
-#define EPM_FLOOR_TCP 0x07 /* floor contains tcp port number */
-#define EPM_FLOOR_IP 0x09 /* floor contains IP address */
-#define EPM_FLOOR_NMPIPES 0x0f /* floor contains remote named pipe name */
-#define EPM_FLOOR_LRPC 0x10 /* floor contains local named pipe name */
-#define EPM_FLOOR_NETBIOS 0x11 /* floor contains netbios address */
-#define EPM_FLOOR_NETBEUI 0x12 /* floor contains netbeui address */
-#define EPM_FLOOR_SOCKET 0x20
-
-#define EPM_PIPE_NM "epmapper"
-
-#define MAX_TOWERS 1
-
-typedef struct
-{
- uint8 data[EPM_HANDLE_LEN];
-} EPM_HANDLE;
-
-typedef struct
-{
- struct {
- uint16 length;
- uint8 protocol;
- struct {
- struct uuid uuid;
- uint16 version;
- } uuid;
- } lhs;
- struct {
- uint16 length;
- uint16 unknown;
- struct {
- uint16 port;
- } tcp;
- struct {
- uint8 addr[4];
- } ip;
- char string[MAXHOSTNAMELEN+3]; /* hostname + \\ + null term */
- } rhs;
-} EPM_FLOOR;
-
-typedef struct
-{
- uint32 max_length;
- uint32 length;
- uint16 num_floors;
- EPM_FLOOR *floors;
- uint8 unknown;
-} EPM_TOWER;
-
-typedef struct
-{
- EPM_HANDLE handle;
- uint32 tower_ref_id;
- EPM_TOWER *tower;
- EPM_HANDLE term_handle; /* in/out */
- uint32 max_towers;
-} EPM_Q_MAP;
-
-typedef struct
-{
- uint32 max_count;
- uint32 offset;
- uint32 count;
- uint32 *tower_ref_ids;
- EPM_TOWER *towers;
-} EPM_TOWER_ARRAY;
-
-typedef struct
-{
- EPM_HANDLE handle;
- uint32 num_results;
- EPM_TOWER_ARRAY *results;
- uint32 status;
-} EPM_R_MAP;
-
-
-/* port mapping entries to be read */
-
-typedef struct _mapper_entries{
- uint8 protocol ;
- RPC_IFACE uuid_info ; /* needs to be zeroed if no specific uuid */
- uint16 port ;
- char pipe_name[40] ;
- char srv_name[20] ;
- uint8 srv_port[4] ;
- char func_name[16][16]; /* array of up to 16 functions available */
-} mapper_entries;
-
UNIHDR hdr_dns_dom_name;
UNIHDR hdr_forest_name;
- struct uuid dom_guid; /* domain GUID */
+ GUID dom_guid; /* domain GUID */
UNISTR2 uni_nb_dom_name;
UNISTR2 uni_dns_dom_name;
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
+/* Globally Unique ID */
+#define GUID_SIZE 16
+typedef struct guid_info
+{
+ uint8 info[GUID_SIZE];
+} GUID;
+
/* SEC_ACCESS */
typedef struct security_info_info
{
/* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */
uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */
- struct uuid obj_guid; /* object GUID */
- struct uuid inh_guid; /* inherited object GUID */
+ GUID obj_guid; /* object GUID */
+ GUID inh_guid; /* inherited object GUID */
/* eof object stuff */
DOM_SID trustee;
#define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
-/* Trust password type flags */
-#define PASS_MACHINE_TRUST_NT 0x0001
-#define PASS_SERVER_TRUST_NT 0x0002
-#define PASS_DOMAIN_TRUST_NT 0x0004
-#define PASS_MACHINE_TRUST_ADS 0x0008
-#define PASS_DOMAIN_TRUST_ADS 0x0010
-
/* structure for storing machine account password
(ie. when samba server is member of a domain */
struct machine_acct_pass {
#define PIPE_NETDFS "\\PIPE\\netdfs"
#define PIPE_ECHO "\\PIPE\\rpcecho"
#define PIPE_SHUTDOWN "\\PIPE\\initshutdown"
-#define PIPE_EPM "\\PIPE\\epmapper"
#define PIPE_NETLOGON_PLAIN "\\NETLOGON"
#define PI_NETDFS 8
#define PI_ECHO 9
#define PI_SHUTDOWN 10
-#define PI_EPM 11
-#define PI_MAX_PIPES 12
+#define PI_MAX_PIPES 11
/* 64 bit time (100usec) since ????? - cifs6.txt, section 3.5, page 30 */
typedef struct nttime_info
int ngroups;
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
time_t lastused;
BOOL used;
int ngroups;
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
};
/* Defines for the sent_oplock_break field above. */
gid_t *groups;
NT_USER_TOKEN *nt_user_token;
- PRIVILEGE_SET *privs;
DATA_BLOB session_key;
typedef struct smb_sign_info {
void (*sign_outgoing_message)(char *outbuf, struct smb_sign_info *si);
- BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si, BOOL expected_ok);
+ BOOL (*check_incoming_message)(char *inbuf, struct smb_sign_info *si);
void (*free_signing_context)(struct smb_sign_info *si);
void *signing_context;
BOOL allow_smb_signing;
BOOL doing_signing;
BOOL mandatory_signing;
- BOOL seen_valid; /* Have I ever seen a validly signed packet? */
} smb_sign_info;
#endif /* _SMB_H */
#define LDAP_OBJ_IDPOOL "sambaUnixIdPool"
#define LDAP_OBJ_IDMAP_ENTRY "sambaIdmapEntry"
#define LDAP_OBJ_SID_ENTRY "sambaSidEntry"
-#define LDAP_OBJ_PRIVILEGE "sambaPrivilege"
#define LDAP_OBJ_ACCOUNT "account"
#define LDAP_OBJ_POSIXACCOUNT "posixAccount"
#define LDAP_ATTRIBUTE_SID "sambaSID"
#define LDAP_ATTRIBUTE_UIDNUMBER "uidNumber"
#define LDAP_ATTRIBUTE_GIDNUMBER "gidNumber"
-#define LDAP_ATTRIBUTE_SID_LIST "sambaSIDList"
/* attribute map table indexes */
#define LDAP_ATTR_MUNGED_DIAL 37
#define LDAP_ATTR_BAD_PASSWORD_TIME 38
#define LDAP_ATTR_MOD_TIMESTAMP 39
-#define LDAP_ATTR_SID_LIST 40
typedef struct _attrib_map_entry {
int attrib;
extern ATTRIB_MAP_ENTRY attrib_map_v30[];
extern ATTRIB_MAP_ENTRY dominfo_attr_list[];
extern ATTRIB_MAP_ENTRY groupmap_attr_list[];
-extern ATTRIB_MAP_ENTRY privilege_attr_list[];
extern ATTRIB_MAP_ENTRY groupmap_attr_list_to_delete[];
extern ATTRIB_MAP_ENTRY idpool_attr_list[];
extern ATTRIB_MAP_ENTRY sidmap_attr_list[];
+++ /dev/null
-/* This is an automatically generated file - DO NOT EDIT! */
-
+++ /dev/null
-/*
- Unix SMB/Netbios implementation.
- Version 1.9.
- Groupname handling
- Copyright (C) Jeremy Allison 1998.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- * UNIX gid and Local or Domain SID resolution. This module resolves
- * only those entries in the map files, it is *NOT* responsible for
- * resolving UNIX groups not listed: that is an entirely different
- * matter, altogether...
- */
-
-/*
- *
- *
-
- format of the file is:
-
- unixname NT Group name
- unixname Domain Admins (well-known Domain Group)
- unixname DOMAIN_NAME\NT Group name
- unixname OTHER_DOMAIN_NAME\NT Group name
- unixname DOMAIN_NAME\Domain Admins (well-known Domain Group)
- ....
-
- if the DOMAIN_NAME\ component is left off, then your own domain is assumed.
-
- *
- *
- */
-
-
-#include "includes.h"
-extern int DEBUGLEVEL;
-
-extern fstring global_myworkgroup;
-extern DOM_SID global_member_sid;
-extern fstring global_sam_name;
-extern DOM_SID global_sam_sid;
-extern DOM_SID global_sid_S_1_5_20;
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uid_t pwdb_user_rid_to_uid(uint32 user_rid)
-{
- return ((user_rid & (~RID_TYPE_USER))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_group_rid_to_gid(uint32 group_rid)
-{
- return ((group_rid & (~RID_TYPE_GROUP))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Alias RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_alias_rid_to_gid(uint32 alias_rid)
-{
- return ((alias_rid & (~RID_TYPE_ALIAS))- 1000)/RID_MULTIPLIER;
-}
-
-/*******************************************************************
- converts NT Group RID to a UNIX uid. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_group_rid(uint32 gid)
-{
- uint32 grp_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_GROUP);
- return grp_rid;
-}
-
-/******************************************************************
- converts UNIX gid to an NT Alias RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_gid_to_alias_rid(uint32 gid)
-{
- uint32 alias_rid = ((((gid)*RID_MULTIPLIER) + 1000) | RID_TYPE_ALIAS);
- return alias_rid;
-}
-
-/*******************************************************************
- converts UNIX uid to an NT User RID. NOTE: IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_uid_to_user_rid(uint32 uid)
-{
- uint32 user_rid = ((((uid)*RID_MULTIPLIER) + 1000) | RID_TYPE_USER);
- return user_rid;
-}
-
-/******************************************************************
- converts SID + SID_NAME_USE type to a UNIX id. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_sam_sid_to_unixid(DOM_SID *sid, uint8 type, uint32 *id)
-{
- DOM_SID tmp_sid;
- uint32 rid;
-
- sid_copy(&tmp_sid, sid);
- sid_split_rid(&tmp_sid, &rid);
- if (!sid_equal(&global_sam_sid, &tmp_sid))
- {
- return False;
- }
-
- switch (type)
- {
- case SID_NAME_USER:
- {
- *id = pwdb_user_rid_to_uid(rid);
- return True;
- }
- case SID_NAME_ALIAS:
- {
- *id = pwdb_alias_rid_to_gid(rid);
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- *id = pwdb_group_rid_to_gid(rid);
- return True;
- }
- }
- return False;
-}
-
-/******************************************************************
- converts UNIX gid + SID_NAME_USE type to a SID. the Domain SID is,
- and can only be, our own SID.
- ********************************************************************/
-static BOOL pwdb_unixid_to_sam_sid(uint32 id, uint8 type, DOM_SID *sid)
-{
- sid_copy(sid, &global_sam_sid);
- switch (type)
- {
- case SID_NAME_USER:
- {
- sid_append_rid(sid, pwdb_uid_to_user_rid(id));
- return True;
- }
- case SID_NAME_ALIAS:
- {
- sid_append_rid(sid, pwdb_gid_to_alias_rid(id));
- return True;
- }
- case SID_NAME_DOM_GRP:
- case SID_NAME_WKN_GRP:
- {
- sid_append_rid(sid, pwdb_gid_to_group_rid(id));
- return True;
- }
- }
- return False;
-}
-
-/*******************************************************************
- Decides if a RID is a well known RID.
- ********************************************************************/
-static BOOL pwdb_rid_is_well_known(uint32 rid)
-{
- return (rid < 1000);
-}
-
-/*******************************************************************
- determines a rid's type. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-static uint32 pwdb_rid_type(uint32 rid)
-{
- /* lkcl i understand that NT attaches an enumeration to a RID
- * such that it can be identified as either a user, group etc
- * type: SID_ENUM_TYPE.
- */
- if (pwdb_rid_is_well_known(rid))
- {
- /*
- * The only well known user RIDs are DOMAIN_USER_RID_ADMIN
- * and DOMAIN_USER_RID_GUEST.
- */
- if (rid == DOMAIN_USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)
- {
- return RID_TYPE_USER;
- }
- if (DOMAIN_GROUP_RID_ADMINS <= rid && rid <= DOMAIN_GROUP_RID_GUESTS)
- {
- return RID_TYPE_GROUP;
- }
- if (BUILTIN_ALIAS_RID_ADMINS <= rid && rid <= BUILTIN_ALIAS_RID_REPLICATOR)
- {
- return RID_TYPE_ALIAS;
- }
- }
- return (rid & RID_TYPE_MASK);
-}
-
-/*******************************************************************
- checks whether rid is a user rid. NOTE: THIS IS SOMETHING SPECIFIC TO SAMBA
- ********************************************************************/
-BOOL pwdb_rid_is_user(uint32 rid)
-{
- return pwdb_rid_type(rid) == RID_TYPE_USER;
-}
-
-/**************************************************************************
- Groupname map functionality. The code loads a groupname map file and
- (currently) loads it into a linked list. This is slow and memory
- hungry, but can be changed into a more efficient storage format
- if the demands on it become excessive.
-***************************************************************************/
-
-typedef struct name_map
-{
- ubi_slNode next;
- DOM_NAME_MAP grp;
-
-} name_map_entry;
-
-static ubi_slList groupname_map_list;
-static ubi_slList aliasname_map_list;
-static ubi_slList ntusrname_map_list;
-
-static void delete_name_entry(name_map_entry *gmep)
-{
- if (gmep->grp.nt_name)
- {
- free(gmep->grp.nt_name);
- }
- if (gmep->grp.nt_domain)
- {
- free(gmep->grp.nt_domain);
- }
- if (gmep->grp.unix_name)
- {
- free(gmep->grp.unix_name);
- }
- free((char*)gmep);
-}
-
-/**************************************************************************
- Delete all the entries in the name map list.
-***************************************************************************/
-
-static void delete_map_list(ubi_slList *map_list)
-{
- name_map_entry *gmep;
-
- while ((gmep = (name_map_entry *)ubi_slRemHead(map_list )) != NULL)
- {
- delete_name_entry(gmep);
- }
-}
-
-
-/**************************************************************************
- makes a group sid out of a domain sid and a _unix_ gid.
-***************************************************************************/
-static BOOL make_mydomain_sid(DOM_NAME_MAP *grp, DOM_MAP_TYPE type)
-{
- int ret = False;
- fstring sid_str;
-
- if (!map_domain_name_to_sid(&grp->sid, &(grp->nt_domain)))
- {
- DEBUG(0,("make_mydomain_sid: unknown domain %s\n",
- grp->nt_domain));
- return False;
- }
-
- if (sid_equal(&grp->sid, &global_sid_S_1_5_20))
- {
- /*
- * only builtin aliases are recognised in S-1-5-20
- */
- DEBUG(10,("make_mydomain_sid: group %s in builtin domain\n",
- grp->nt_name));
-
- if (lookup_builtin_alias_name(grp->nt_name, "BUILTIN", &grp->sid, &grp->type) != 0x0)
- {
- DEBUG(0,("unix group %s mapped to an unrecognised BUILTIN domain name %s\n",
- grp->unix_name, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_user_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_USER)
- {
- DEBUG(0,("well-known NT user %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else if (lookup_wk_group_name(grp->nt_name, grp->nt_domain, &grp->sid, &grp->type) == 0x0)
- {
- if (type != DOM_MAP_DOMAIN)
- {
- DEBUG(0,("well-known NT group %s\\%s listed in wrong map file\n",
- grp->nt_domain, grp->nt_name));
- return False;
- }
- ret = True;
- }
- else
- {
- switch (type)
- {
- case DOM_MAP_USER:
- {
- grp->type = SID_NAME_USER;
- break;
- }
- case DOM_MAP_DOMAIN:
- {
- grp->type = SID_NAME_DOM_GRP;
- break;
- }
- case DOM_MAP_LOCAL:
- {
- grp->type = SID_NAME_ALIAS;
- break;
- }
- }
-
- ret = pwdb_unixid_to_sam_sid(grp->unix_id, grp->type, &grp->sid);
- }
-
- sid_to_string(sid_str, &grp->sid);
- DEBUG(10,("nt name %s\\%s gid %d mapped to %s\n",
- grp->nt_domain, grp->nt_name, grp->unix_id, sid_str));
- return ret;
-}
-
-/**************************************************************************
- makes a group sid out of an nt domain, nt group name or a unix group name.
-***************************************************************************/
-static BOOL unix_name_to_nt_name_info(DOM_NAME_MAP *map, DOM_MAP_TYPE type)
-{
- /*
- * Attempt to get the unix gid_t for this name.
- */
-
- DEBUG(5,("unix_name_to_nt_name_info: unix_name:%s\n", map->unix_name));
-
- if (type == DOM_MAP_USER)
- {
- const struct passwd *pwptr = Get_Pwnam(map->unix_name, False);
- if (pwptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: Get_Pwnam for user %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)pwptr->pw_uid;
- }
- else
- {
- struct group *gptr = getgrnam(map->unix_name);
- if (gptr == NULL)
- {
- DEBUG(0,("unix_name_to_nt_name_info: getgrnam for group %s\
-failed. Error was %s.\n", map->unix_name, strerror(errno) ));
- return False;
- }
-
- map->unix_id = (uint32)gptr->gr_gid;
- }
-
- DEBUG(5,("unix_name_to_nt_name_info: unix gid:%d\n", map->unix_id));
-
- /*
- * Now map the name to an NT SID+RID.
- */
-
- if (map->nt_domain != NULL && !strequal(map->nt_domain, global_sam_name))
- {
- /* Must add client-call lookup code here, to
- * resolve remote domain's sid and the group's rid,
- * in that domain.
- *
- * NOTE: it is _incorrect_ to put code here that assumes
- * we are responsible for lookups for foriegn domains' RIDs.
- *
- * for foriegn domains for which we are *NOT* the PDC, all
- * we can be responsible for is the unix gid_t to which
- * the foriegn SID+rid maps to, on this _local_ machine.
- * we *CANNOT* make any short-cuts or assumptions about
- * RIDs in a foriegn domain.
- */
-
- if (!map_domain_name_to_sid(&map->sid, &(map->nt_domain)))
- {
- DEBUG(0,("unix_name_to_nt_name_info: no known sid for %s\n",
- map->nt_domain));
- return False;
- }
- }
-
- return make_mydomain_sid(map, type);
-}
-
-static BOOL make_name_entry(name_map_entry **new_ep,
- char *nt_domain, char *nt_group, char *unix_group,
- DOM_MAP_TYPE type)
-{
- /*
- * Create the list entry and add it onto the list.
- */
-
- DEBUG(5,("make_name_entry:%s,%s,%s\n", nt_domain, nt_group, unix_group));
-
- (*new_ep) = (name_map_entry *)malloc(sizeof(name_map_entry));
- if ((*new_ep) == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for name_map_entry.\n"));
- return False;
- }
-
- ZERO_STRUCTP(*new_ep);
-
- (*new_ep)->grp.nt_name = strdup(nt_group );
- (*new_ep)->grp.nt_domain = strdup(nt_domain );
- (*new_ep)->grp.unix_name = strdup(unix_group);
-
- if ((*new_ep)->grp.nt_name == NULL ||
- (*new_ep)->grp.unix_name == NULL)
- {
- DEBUG(0,("make_name_entry: malloc fail for names in name_map_entry.\n"));
- delete_name_entry((*new_ep));
- return False;
- }
-
- /*
- * look up the group names, make the Group-SID and unix gid
- */
-
- if (!unix_name_to_nt_name_info(&(*new_ep)->grp, type))
- {
- delete_name_entry((*new_ep));
- return False;
- }
-
- return True;
-}
-
-/**************************************************************************
- Load a name map file. Sets last accessed timestamp.
-***************************************************************************/
-static ubi_slList *load_name_map(DOM_MAP_TYPE type)
-{
- static time_t groupmap_file_last_modified = (time_t)0;
- static time_t aliasmap_file_last_modified = (time_t)0;
- static time_t ntusrmap_file_last_modified = (time_t)0;
- static BOOL initialised_group = False;
- static BOOL initialised_alias = False;
- static BOOL initialised_ntusr = False;
- char *groupname_map_file = lp_groupname_map();
- char *aliasname_map_file = lp_aliasname_map();
- char *ntusrname_map_file = lp_ntusrname_map();
-
- FILE *fp;
- char *s;
- pstring buf;
- name_map_entry *new_ep;
-
- time_t *file_last_modified = NULL;
- int *initialised = NULL;
- char *map_file = NULL;
- ubi_slList *map_list = NULL;
-
- switch (type)
- {
- case DOM_MAP_DOMAIN:
- {
- file_last_modified = &groupmap_file_last_modified;
- initialised = &initialised_group;
- map_file = groupname_map_file;
- map_list = &groupname_map_list;
-
- break;
- }
- case DOM_MAP_LOCAL:
- {
- file_last_modified = &aliasmap_file_last_modified;
- initialised = &initialised_alias;
- map_file = aliasname_map_file;
- map_list = &aliasname_map_list;
-
- break;
- }
- case DOM_MAP_USER:
- {
- file_last_modified = &ntusrmap_file_last_modified;
- initialised = &initialised_ntusr;
- map_file = ntusrname_map_file;
- map_list = &ntusrname_map_list;
-
- break;
- }
- }
-
- if (!(*initialised))
- {
- DEBUG(10,("initialising map %s\n", map_file));
- ubi_slInitList(map_list);
- (*initialised) = True;
- }
-
- if (!*map_file)
- {
- return map_list;
- }
-
- /*
- * Load the file.
- */
-
- fp = open_file_if_modified(map_file, "r", file_last_modified);
- if (!fp)
- {
- return map_list;
- }
-
- /*
- * Throw away any previous list.
- */
- delete_map_list(map_list);
-
- DEBUG(4,("load_name_map: Scanning name map %s\n",map_file));
-
- while ((s = fgets_slash(buf, sizeof(buf), fp)) != NULL)
- {
- pstring unixname;
- pstring nt_name;
- fstring nt_domain;
- fstring ntname;
- char *p;
-
- DEBUG(10,("Read line |%s|\n", s));
-
- memset(nt_name, 0, sizeof(nt_name));
-
- if (!*s || strchr("#;",*s))
- continue;
-
- if (!next_token(&s,unixname, "\t\n\r=", sizeof(unixname)))
- continue;
-
- if (!next_token(&s,nt_name, "\t\n\r=", sizeof(nt_name)))
- continue;
-
- trim_string(unixname, " ", " ");
- trim_string(nt_name, " ", " ");
-
- if (!*nt_name)
- continue;
-
- if (!*unixname)
- continue;
-
- p = strchr(nt_name, '\\');
-
- if (p == NULL)
- {
- memset(nt_domain, 0, sizeof(nt_domain));
- fstrcpy(ntname, nt_name);
- }
- else
- {
- *p = 0;
- p++;
- fstrcpy(nt_domain, nt_name);
- fstrcpy(ntname , p);
- }
-
- if (make_name_entry(&new_ep, nt_domain, ntname, unixname, type))
- {
- ubi_slAddTail(map_list, (ubi_slNode *)new_ep);
- DEBUG(5,("unixname = %s, ntname = %s\\%s type = %d\n",
- new_ep->grp.unix_name,
- new_ep->grp.nt_domain,
- new_ep->grp.nt_name,
- new_ep->grp.type));
- }
- }
-
- DEBUG(10,("load_name_map: Added %ld entries to name map.\n",
- ubi_slCount(map_list)));
-
- fclose(fp);
-
- return map_list;
-}
-
-static void copy_grp_map_entry(DOM_NAME_MAP *grp, const DOM_NAME_MAP *from)
-{
- sid_copy(&grp->sid, &from->sid);
- grp->unix_id = from->unix_id;
- grp->nt_name = from->nt_name;
- grp->nt_domain = from->nt_domain;
- grp->unix_name = from->unix_name;
- grp->type = from->type;
-}
-
-#if 0
-/***********************************************************
- Lookup unix name.
-************************************************************/
-static BOOL map_unixname(DOM_MAP_TYPE type,
- char *unixname, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.unix_name, unixname))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixname: Mapping unix name %s to nt group %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-#endif
-
-/***********************************************************
- Lookup nt name.
-************************************************************/
-static BOOL map_ntname(DOM_MAP_TYPE type, char *ntname, char *ntdomain,
- DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (strequal(gmep->grp.nt_name , ntname) &&
- strequal(gmep->grp.nt_domain, ntdomain))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_ntname: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-
-/***********************************************************
- Lookup by SID
-************************************************************/
-static BOOL map_sid(DOM_MAP_TYPE type,
- DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- if (sid_equal(&gmep->grp.sid, psid))
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_sid: Mapping unix name %s to nt name %s.\n",
- gmep->grp.unix_name, gmep->grp.nt_name ));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- Lookup by gid_t.
-************************************************************/
-static BOOL map_unixid(DOM_MAP_TYPE type, uint32 unix_id, DOM_NAME_MAP *grp_info)
-{
- name_map_entry *gmep;
- ubi_slList *map_list;
-
- /*
- * Initialise and load if not already loaded.
- */
- map_list = load_name_map(type);
-
- for (gmep = (name_map_entry *)ubi_slFirst(map_list);
- gmep != NULL;
- gmep = (name_map_entry *)ubi_slNext(gmep ))
- {
- fstring sid_str;
- sid_to_string(sid_str, &gmep->grp.sid);
- DEBUG(10,("map_unixid: enum entry unix group %s %d nt %s %s\n",
- gmep->grp.unix_name, gmep->grp.unix_id, gmep->grp.nt_name, sid_str));
- if (gmep->grp.unix_id == unix_id)
- {
- copy_grp_map_entry(grp_info, &gmep->grp);
- DEBUG(7,("map_unixid: Mapping unix name %s to nt name %s type %d\n",
- gmep->grp.unix_name, gmep->grp.nt_name, gmep->grp.type));
- return True;
- }
- }
-
- return False;
-}
-
-/***********************************************************
- *
- * Call four functions to resolve unix group ids and either
- * local group SIDs or domain group SIDs listed in the local group
- * or domain group map files.
- *
- * Note that it is *NOT* the responsibility of these functions to
- * resolve entries that are not in the map files.
- *
- * Any SID can be in the map files (i.e from any Domain).
- *
- ***********************************************************/
-
-#if 0
-
-/***********************************************************
- Lookup a UNIX Group entry by name.
-************************************************************/
-BOOL map_unix_group_name(char *group_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_DOMAIN, group_name, grp_info);
-}
-
-/***********************************************************
- Lookup a UNIX Alias entry by name.
-************************************************************/
-BOOL map_unix_alias_name(char *alias_name, DOM_NAME_MAP *grp_info)
-{
- return map_unixname(DOM_MAP_LOCAL, alias_name, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias name entry
-************************************************************/
-BOOL map_nt_alias_name(char *ntalias_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_LOCAL, ntalias_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry
-************************************************************/
-BOOL map_nt_group_name(char *ntgroup_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_DOMAIN, ntgroup_name, nt_domain, grp_info);
-}
-
-#endif
-
-/***********************************************************
- Lookup a Username entry by name.
-************************************************************/
-static BOOL map_nt_username(char *nt_name, char *nt_domain, DOM_NAME_MAP *grp_info)
-{
- return map_ntname(DOM_MAP_USER, nt_name, nt_domain, grp_info);
-}
-
-/***********************************************************
- Lookup a Username entry by SID.
-************************************************************/
-static BOOL map_username_sid(DOM_SID *sid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_USER, sid, grp_info);
-}
-
-/***********************************************************
- Lookup a Username SID entry by uid.
-************************************************************/
-static BOOL map_username_uid(uid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_USER, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by name.
-************************************************************/
-BOOL map_alias_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_LOCAL, psid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group entry by sid.
-************************************************************/
-BOOL map_group_sid(DOM_SID *psid, DOM_NAME_MAP *grp_info)
-{
- return map_sid(DOM_MAP_DOMAIN, psid, grp_info);
-}
-
-/***********************************************************
- Lookup an Alias SID entry by gid_t.
-************************************************************/
-static BOOL map_alias_gid(gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_LOCAL, (uint32)gid, grp_info);
-}
-
-/***********************************************************
- Lookup a Group SID entry by gid_t.
-************************************************************/
-static BOOL map_group_gid( gid_t gid, DOM_NAME_MAP *grp_info)
-{
- return map_unixid(DOM_MAP_DOMAIN, (uint32)gid, grp_info);
-}
-
-
-/************************************************************************
- Routine to look up User details by UNIX name
-*************************************************************************/
-BOOL lookupsmbpwnam(const char *unix_usr_name, DOM_NAME_MAP *grp)
-{
- uid_t uid;
- DEBUG(10,("lookupsmbpwnam: unix user name %s\n", unix_usr_name));
- if (nametouid(unix_usr_name, &uid))
- {
- return lookupsmbpwuid(uid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL lookup_remote_ntname(const char *ntname, DOM_SID *sid, uint8 *type)
-{
- struct cli_state cli;
- POLICY_HND lsa_pol;
- fstring srv_name;
- extern struct ntuser_creds *usr_creds;
- struct ntuser_creds usr;
-
- BOOL res3 = True;
- BOOL res4 = True;
- uint32 num_sids;
- DOM_SID *sids;
- uint8 *types;
- char *names[1];
-
- usr_creds = &usr;
-
- ZERO_STRUCT(usr);
- pwd_set_nullpwd(&usr.pwd);
-
- DEBUG(5,("lookup_remote_ntname: %s\n", ntname));
-
- if (!cli_connect_serverlist(&cli, lp_passwordserver()))
- {
- return False;
- }
-
- names[0] = ntname;
-
- fstrcpy(srv_name, "\\\\");
- fstrcat(srv_name, cli.desthost);
- strupper(srv_name);
-
- /* lookup domain controller; receive a policy handle */
- res3 = res3 ? lsa_open_policy( srv_name,
- &lsa_pol, True) : False;
-
- /* send lsa lookup sids call */
- res4 = res3 ? lsa_lookup_names( &lsa_pol,
- 1, names,
- &sids, &types, &num_sids) : False;
-
- res3 = res3 ? lsa_close(&lsa_pol) : False;
-
- if (res4 && res3 && sids != NULL && types != NULL)
- {
- sid_copy(sid, &sids[0]);
- *type = types[0];
- }
- else
- {
- res3 = False;
- }
- if (types != NULL)
- {
- free(types);
- }
-
- if (sids != NULL)
- {
- free(sids);
- }
-
- return res3 && res4;
-}
-
-/************************************************************************
- Routine to look up a remote nt name
-*************************************************************************/
-static BOOL get_sid_and_type(const char *fullntname, uint8 expected_type,
- DOM_NAME_MAP *gmep)
-{
- /*
- * check with the PDC to see if it owns the name. if so,
- * the SID is resolved with the PDC database.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- if (lookup_remote_ntname(fullntname, &gmep->sid, &gmep->type))
- {
- if (sid_front_equal(&gmep->sid, &global_member_sid) &&
- strequal(gmep->nt_domain, global_myworkgroup) &&
- gmep->type == expected_type)
- {
- return True;
- }
- return False;
- }
- }
-
- /*
- * ... otherwise, it's one of ours. map the sid ourselves,
- * which can only happen in our own SAM database.
- */
-
- if (!strequal(gmep->nt_domain, global_sam_name))
- {
- return False;
- }
- if (!pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid))
- {
- return False;
- }
-
- return True;
-}
-
-/*
- * used by lookup functions below
- */
-
-static fstring nt_name;
-static fstring unix_name;
-static fstring nt_domain;
-
-/*************************************************************************
- looks up a uid, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwuid(uid_t uid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwuid: unix uid %d\n", uid));
- if (map_username_uid(uid, gmep))
- {
- return True;
- }
-#if 0
- if (lp_server_role() != ROLE_DOMAIN_NONE)
-#endif
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)uid;
-
- /*
- * ok, assume it's one of ours. then double-check it
- * if we are a member of a domain
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->nt_name, uidtoname(uid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
-#endif
- }
-
- /*
- * ok, it's one of ours.
- */
-
- gmep->nt_domain = global_sam_name;
- pwdb_unixid_to_sam_sid(gmep->unix_id, gmep->type, &gmep->sid);
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by NT name, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwntnam(const char *fullntname, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbpwntnam: nt user name %s\n", fullntname));
-
- if (!split_domain_name(fullntname, nt_domain, nt_name))
- {
- return False;
- }
-
- if (map_nt_username(nt_name, nt_domain, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- uid_t uid;
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- fstrcpy(gmep->unix_name, gmep->nt_name);
- if (!nametouid(gmep->unix_name, &uid))
- {
- return False;
- }
- gmep->unix_id = (uint32)uid;
-
- return get_sid_and_type(fullntname, gmep->type, gmep);
- }
-
- /* oops. */
-
- return False;
-}
-
-/*************************************************************************
- looks up by RID, returns User Information.
-*************************************************************************/
-BOOL lookupsmbpwsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbpwsid: nt sid %s\n", sid_str));
-
- if (map_username_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lookup_remote_sid(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt user named
- * after the unix user. this is the point where "appliance mode"
- * should get its teeth in, as unix users won't really exist,
- * they will only be numbers...
- */
-
- gmep->type = SID_NAME_USER;
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, uidtoname((uid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops. */
-
- return False;
-}
-
-/************************************************************************
- Routine to look up group / alias / well-known group RID by UNIX name
-*************************************************************************/
-BOOL lookupsmbgrpnam(const char *unix_grp_name, DOM_NAME_MAP *grp)
-{
- gid_t gid;
- DEBUG(10,("lookupsmbgrpnam: unix user group %s\n", unix_grp_name));
- if (nametogid(unix_grp_name, &gid))
- {
- return lookupsmbgrpgid(gid, grp);
- }
- else
- {
- return False;
- }
-}
-
-/*************************************************************************
- looks up a SID, returns name map entry
-*************************************************************************/
-BOOL lookupsmbgrpsid(DOM_SID *sid, DOM_NAME_MAP *gmep)
-{
- fstring sid_str;
- sid_to_string(sid_str, sid);
- DEBUG(10,("lookupsmbgrpsid: nt sid %s\n", sid_str));
-
- if (map_alias_sid(sid, gmep))
- {
- return True;
- }
- if (map_group_sid(sid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- lsa_lookup_sids(global_myworkgroup, gmep->sid, gmep->nt_name, gmep->nt_domain...);
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
-
- sid_copy(&gmep->sid, sid);
- if (!pwdb_sam_sid_to_unixid(&gmep->sid, gmep->type, &gmep->unix_id))
- {
- return False;
- }
- fstrcpy(gmep->nt_name, gidtoname((gid_t)gmep->unix_id));
- fstrcpy(gmep->unix_name, gmep->nt_name);
- gmep->nt_domain = global_sam_name;
-
- return True;
- }
-
- /* oops */
- return False;
-}
-
-/*************************************************************************
- looks up a gid, returns RID and type local, domain or well-known domain group
-*************************************************************************/
-BOOL lookupsmbgrpgid(gid_t gid, DOM_NAME_MAP *gmep)
-{
- DEBUG(10,("lookupsmbgrpgid: unix gid %d\n", (int)gid));
- if (map_alias_gid(gid, gmep))
- {
- return True;
- }
- if (map_group_gid(gid, gmep))
- {
- return True;
- }
- if (lp_server_role() != ROLE_DOMAIN_NONE)
- {
- gmep->nt_name = nt_name;
- gmep->unix_name = unix_name;
- gmep->nt_domain = nt_domain;
-
- gmep->unix_id = (uint32)gid;
-
- /*
- * here we should do a LsaLookupNames() call
- * to check the status of the name with the PDC.
- * if the PDC know nothing of the name, it's ours.
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
-#if 0
- if (lsa_lookup_names(global_myworkgroup, gmep->nt_name, &gmep->sid...);
- {
- return True;
- }
-#endif
- }
-
- /*
- * ok, it's one of ours. we therefore "create" an nt group or
- * alias name named after the unix group. this is the point
- * where "appliance mode" should get its teeth in, as unix
- * groups won't really exist, they will only be numbers...
- */
-
- /* name is not explicitly mapped
- * with map files or the PDC
- * so we are responsible for it...
- */
-
- if (lp_server_role() == ROLE_DOMAIN_MEMBER)
- {
- /* ... as a LOCAL group. */
- gmep->type = SID_NAME_ALIAS;
- }
- else
- {
- /* ... as a DOMAIN group. */
- gmep->type = SID_NAME_DOM_GRP;
- }
- fstrcpy(gmep->nt_name, gidtoname(gid));
- fstrcpy(gmep->unix_name, gmep->nt_name);
-
- return get_sid_and_type(gmep->nt_name, gmep->type, gmep);
- }
-
- /* oops */
- return False;
-}
-
+++ /dev/null
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-/*
- automatic marshalling/unmarshalling system for C structures
-*/
-
-#include "includes.h"
-
-/* see if a range of memory is all zero. Used to prevent dumping of zero elements */
-static int all_zero(const char *ptr, unsigned size)
-{
- int i;
- if (!ptr) return 1;
- for (i=0;i<size;i++) {
- if (ptr[i]) return 0;
- }
- return 1;
-}
-
-/* encode a buffer of bytes into a escaped string */
-static char *encode_bytes(TALLOC_CTX *mem_ctx, const char *ptr, unsigned len)
-{
- const char *hexdig = "0123456789abcdef";
- char *ret, *p;
- unsigned i;
- ret = talloc(mem_ctx, len*3 + 1); /* worst case size */
- if (!ret) return NULL;
- for (p=ret,i=0;i<len;i++) {
- if (isalnum(ptr[i]) || isspace(ptr[i]) ||
- (ispunct(ptr[i]) && !strchr("\\{}", ptr[i]))) {
- *p++ = ptr[i];
- } else {
- unsigned char c = *(unsigned char *)(ptr+i);
- if (c == 0 && all_zero(ptr+i, len-i)) break;
- p[0] = '\\';
- p[1] = hexdig[c>>4];
- p[2] = hexdig[c&0xF];
- p += 3;
- }
- }
-
- *p = 0;
-
- return ret;
-}
-
-/* decode an escaped string from encode_bytes() into a buffer */
-static char *decode_bytes(TALLOC_CTX *mem_ctx, const char *s, unsigned *len)
-{
- char *ret, *p;
- unsigned i;
- int slen = strlen(s) + 1;
-
- ret = talloc(mem_ctx, slen); /* worst case length */
- if (!ret)
- return NULL;
- memset(ret, 0, slen);
-
- if (*s == '{') s++;
-
- for (p=ret,i=0;s[i];i++) {
- if (s[i] == '}') {
- break;
- } else if (s[i] == '\\') {
- unsigned v;
- if (sscanf(&s[i+1], "%02x", &v) != 1 || v > 255) {
- return NULL;
- }
- *(unsigned char *)p = v;
- p++;
- i += 2;
- } else {
- *p++ = s[i];
- }
- }
- *p = 0;
-
- (*len) = (unsigned)(p - ret);
-
- return ret;
-}
-
-/* the add*() functions deal with adding things to a struct
- parse_string */
-
-/* allocate more space if needed */
-static int addgen_alloc(TALLOC_CTX *mem_ctx, struct parse_string *p, int n)
-{
- if (p->length + n <= p->allocated) return 0;
- p->allocated = p->length + n + 200;
- p->s = talloc_realloc(mem_ctx, p->s, p->allocated);
- if (!p->s) {
- errno = ENOMEM;
- return -1;
- }
- return 0;
-}
-
-/* add a character to the buffer */
-static int addchar(TALLOC_CTX *mem_ctx, struct parse_string *p, char c)
-{
- if (addgen_alloc(mem_ctx, p, 2) != 0) {
- return -1;
- }
- p->s[p->length++] = c;
- p->s[p->length] = 0;
- return 0;
-}
-
-/* add a string to the buffer */
-int addstr(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, len+1) != 0) {
- return -1;
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* add a string to the buffer with a tab prefix */
-static int addtabbed(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *s, unsigned indent)
-{
- int len = strlen(s);
- if (addgen_alloc(mem_ctx, p, indent+len+1) != 0) {
- return -1;
- }
- while (indent--) {
- p->s[p->length++] = '\t';
- }
- memcpy(p->s + p->length, s, len+1);
- p->length += len;
- return 0;
-}
-
-/* note! this can only be used for results up to 60 chars wide! */
-int addshort(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char buf[60];
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- return 0;
-}
-
-/*
- this is here to make it easier for people to write dump functions
- for their own types
- */
-int gen_addgen(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *fmt, ...)
-{
- char *buf = NULL;
- int n;
- va_list ap;
- va_start(ap, fmt);
- n = vasprintf(&buf, fmt, ap);
- va_end(ap);
- if (addgen_alloc(mem_ctx, p, n + 1) != 0) {
- if (buf) free(buf);
- return -1;
- }
- if (n != 0) {
- memcpy(p->s + p->length, buf, n);
- }
- p->length += n;
- p->s[p->length] = 0;
- if (buf) free(buf);
- return 0;
-}
-
-/* dump a enumerated type */
-int gen_dump_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- unsigned v = *(unsigned *)ptr;
- int i;
- for (i=0;einfo[i].name;i++) {
- if (v == einfo[i].value) {
- addstr(mem_ctx, p, einfo[i].name);
- return 0;
- }
- }
- /* hmm, maybe we should just fail? */
- return gen_dump_unsigned(mem_ctx, p, ptr, indent);
-}
-
-/* dump a single non-array element, hanlding struct and enum */
-static int gen_dump_one(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- unsigned indent)
-{
- if (pinfo->dump_fn == gen_dump_char && pinfo->ptr_count == 1) {
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addchar(mem_ctx, p,'{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}")) {
- return -1;
- }
- return 0;
- }
-
- return pinfo->dump_fn(mem_ctx, p, ptr, indent);
-}
-
-/* handle dumping of an array of arbitrary type */
-static int gen_dump_array(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *ptr,
- int array_len,
- int indent)
-{
- int i, count=0;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- char *s = encode_bytes(mem_ctx, ptr, array_len);
- if (!s) return -1;
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = {") ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- return 0;
- }
-
- for (i=0;i<array_len;i++) {
- const char *p2 = ptr;
- unsigned size = pinfo->size;
-
- /* generic pointer dereference */
- if (pinfo->ptr_count) {
- p2 = *(const char **)ptr;
- size = sizeof(void *);
- }
-
- if ((count || pinfo->ptr_count) &&
- !(pinfo->flags & FLAG_ALWAYS) &&
- all_zero(ptr, size)) {
- ptr += size;
- continue;
- }
- if (count == 0) {
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addshort(mem_ctx, p, " = %u:", i)) {
- return -1;
- }
- } else {
- if (addshort(mem_ctx, p, ", %u:", i) != 0) {
- return -1;
- }
- }
- if (gen_dump_one(mem_ctx, p, pinfo, p2, indent) != 0) {
- return -1;
- }
- ptr += size;
- count++;
- }
- if (count) {
- return addstr(mem_ctx, p, "\n");
- }
- return 0;
-}
-
-/* find a variable by name in a loaded structure and return its value
- as an integer. Used to support dynamic arrays */
-static int find_var(const struct parse_struct *pinfo,
- const char *data,
- const char *var)
-{
- int i;
- const char *ptr;
-
- /* this allows for constant lengths */
- if (isdigit(*var)) {
- return atoi(var);
- }
-
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, var) == 0) break;
- }
- if (!pinfo[i].name) return -1;
-
- ptr = data + pinfo[i].offset;
-
- switch (pinfo[i].size) {
- case sizeof(int):
- return *(int *)ptr;
- case sizeof(char):
- return *(char *)ptr;
- }
-
- return -1;
-}
-
-
-int gen_dump_struct(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- struct parse_string *p,
- const char *ptr,
- unsigned indent)
-{
- char *s = gen_dump(mem_ctx, pinfo, ptr, indent+1);
- if (!s) return -1;
- if (addstr(mem_ctx, p, "{\n") ||
- addstr(mem_ctx, p, s) ||
- addtabbed(mem_ctx, p, "}", indent)) {
- return -1;
- }
- return 0;
-}
-
-static int gen_dump_string(TALLOC_CTX *mem_ctx,
- struct parse_string *p,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- const char *ptr = *(char **)data;
- char *s = encode_bytes(mem_ctx, ptr, strlen(ptr));
- if (addtabbed(mem_ctx, p, pinfo->name, indent) ||
- addstr(mem_ctx, p, " = ") ||
- addchar(mem_ctx, p, '{') ||
- addstr(mem_ctx, p, s) ||
- addstr(mem_ctx, p, "}\n")) {
- return -1;
- }
- return 0;
-}
-
-/*
- find the length of a nullterm array
-*/
-static int len_nullterm(const char *ptr, int size, int array_len)
-{
- int len;
-
- if (size == 1) {
- len = strnlen(ptr, array_len);
- } else {
- for (len=0; len < array_len; len++) {
- if (all_zero(ptr+len*size, size)) break;
- }
- }
-
- if (len == 0) len = 1;
-
- return len;
-}
-
-
-/* the generic dump routine. Scans the parse information for this structure
- and processes it recursively */
-char *gen_dump(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *data,
- unsigned indent)
-{
- struct parse_string p;
- int i;
-
- p.length = 0;
- p.allocated = 0;
- p.s = NULL;
-
- if (addstr(mem_ctx, &p, "") != 0) {
- return NULL;
- }
-
- for (i=0;pinfo[i].name;i++) {
- const char *ptr = data + pinfo[i].offset;
- unsigned size = pinfo[i].size;
-
- if (pinfo[i].ptr_count) {
- size = sizeof(void *);
- }
-
- /* special handling for array types */
- if (pinfo[i].array_len) {
- unsigned len = pinfo[i].array_len;
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(ptr, size, len);
- }
- if (gen_dump_array(mem_ctx, &p, &pinfo[i], ptr,
- len, indent)) {
- goto failed;
- }
- continue;
- }
-
- /* and dynamically sized arrays */
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- struct parse_struct p2 = pinfo[i];
- if (len < 0) {
- goto failed;
- }
- if (len > 0) {
- if (pinfo[i].flags & FLAG_NULLTERM) {
- len = len_nullterm(*(char **)ptr,
- pinfo[i].size, len);
- }
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- if (gen_dump_array(mem_ctx, &p, &p2,
- *(char **)ptr,
- len, indent) != 0) {
- goto failed;
- }
- }
- continue;
- }
-
- /* don't dump zero elements */
- if (!(pinfo[i].flags & FLAG_ALWAYS) && all_zero(ptr, size)) continue;
-
- /* assume char* is a null terminated string */
- if (pinfo[i].size == 1 && pinfo[i].ptr_count == 1 &&
- pinfo[i].dump_fn == gen_dump_char) {
- if (gen_dump_string(mem_ctx, &p, &pinfo[i], ptr, indent) != 0) {
- goto failed;
- }
- continue;
- }
-
- /* generic pointer dereference */
- if (pinfo[i].ptr_count) {
- ptr = *(const char **)ptr;
- }
-
- if (addtabbed(mem_ctx, &p, pinfo[i].name, indent) ||
- addstr(mem_ctx, &p, " = ") ||
- gen_dump_one(mem_ctx, &p, &pinfo[i], ptr, indent) ||
- addstr(mem_ctx, &p, "\n")) {
- goto failed;
- }
- }
- return p.s;
-
-failed:
- return NULL;
-}
-
-/* search for a character in a string, skipping over sections within
- matching braces */
-static char *match_braces(char *s, char c)
-{
- int depth = 0;
- while (*s) {
- switch (*s) {
- case '}':
- depth--;
- break;
- case '{':
- depth++;
- break;
- }
- if (depth == 0 && *s == c) {
- return s;
- }
- s++;
- }
- return s;
-}
-
-/* parse routine for enumerated types */
-int gen_parse_enum(TALLOC_CTX *mem_ctx,
- const struct enum_struct *einfo,
- char *ptr,
- const char *str)
-{
- unsigned v;
- int i;
-
- if (isdigit(*str)) {
- if (sscanf(str, "%u", &v) != 1) {
- errno = EINVAL;
- return -1;
- }
- *(unsigned *)ptr = v;
- return 0;
- }
-
- for (i=0;einfo[i].name;i++) {
- if (strcmp(einfo[i].name, str) == 0) {
- *(unsigned *)ptr = einfo[i].value;
- return 0;
- }
- }
-
- /* unknown enum value?? */
- return -1;
-}
-
-
-/* parse all base types */
-static int gen_parse_base(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str)
-{
- if (pinfo->parse_fn == gen_parse_char && pinfo->ptr_count==1) {
- unsigned len;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s) return -1;
- *(char **)ptr = s;
- return 0;
- }
-
- if (pinfo->ptr_count) {
- unsigned size = pinfo->ptr_count>1?sizeof(void *):pinfo->size;
- struct parse_struct p2 = *pinfo;
- *(void **)ptr = talloc(mem_ctx, size);
- if (! *(void **)ptr) {
- return -1;
- }
- memset(*(void **)ptr, 0, size);
- ptr = *(char **)ptr;
- p2.ptr_count--;
- return gen_parse_base(mem_ctx, &p2, ptr, str);
- }
-
- return pinfo->parse_fn(mem_ctx, ptr, str);
-}
-
-/* parse a generic array */
-static int gen_parse_array(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- char *ptr,
- const char *str,
- int array_len)
-{
- char *p, *p2;
- unsigned size = pinfo->size;
-
- /* special handling of fixed length strings */
- if (array_len != 0 &&
- pinfo->ptr_count == 0 &&
- pinfo->dump_fn == gen_dump_char) {
- unsigned len = 0;
- char *s = decode_bytes(mem_ctx, str, &len);
- if (!s || (len > array_len)) return -1;
- memset(ptr, 0, array_len);
- memcpy(ptr, s, len);
- return 0;
- }
-
- if (pinfo->ptr_count) {
- size = sizeof(void *);
- }
-
- while (*str) {
- unsigned idx;
- int done;
-
- idx = atoi(str);
- p = strchr(str,':');
- if (!p) break;
- p++;
- p2 = match_braces(p, ',');
- done = (*p2 != ',');
- *p2 = 0;
-
- if (*p == '{') {
- p++;
- p[strlen(p)-1] = 0;
- }
-
- if (gen_parse_base(mem_ctx, pinfo, ptr + idx*size, p) != 0) {
- return -1;
- }
-
- if (done) break;
- str = p2+1;
- }
-
- return 0;
-}
-
-/* parse one element, hanlding dynamic and static arrays */
-static int gen_parse_one(TALLOC_CTX *mem_ctx,
- const struct parse_struct *pinfo,
- const char *name,
- char *data,
- const char *str)
-{
- int i;
- for (i=0;pinfo[i].name;i++) {
- if (strcmp(pinfo[i].name, name) == 0) {
- break;
- }
- }
- if (pinfo[i].name == NULL) {
- return 0;
- }
-
- if (pinfo[i].array_len) {
- return gen_parse_array(mem_ctx, &pinfo[i],
- data+pinfo[i].offset,
- str, pinfo[i].array_len);
- }
-
- if (pinfo[i].dynamic_len) {
- int len = find_var(pinfo, data, pinfo[i].dynamic_len);
- if (len < 0) {
- errno = EINVAL;
- return -1;
- }
- if (len > 0) {
- struct parse_struct p2 = pinfo[i];
- char *ptr;
- unsigned size = pinfo[i].ptr_count>1?sizeof(void*):pinfo[i].size;
- ptr = talloc(mem_ctx, len*size);
- if (!ptr) {
- errno = ENOMEM;
- return -1;
- }
- memset(ptr, 0, len*size);
- *((char **)(data + pinfo[i].offset)) = ptr;
- p2.ptr_count--;
- p2.dynamic_len = NULL;
- return gen_parse_array(mem_ctx, &p2, ptr, str, len);
- }
- return 0;
- }
-
- return gen_parse_base(mem_ctx, &pinfo[i], data + pinfo[i].offset, str);
-}
-
-int gen_parse_struct(TALLOC_CTX * mem_ctx, const struct parse_struct *pinfo, char *ptr, const char *str)
-{
- return gen_parse(mem_ctx, pinfo, ptr, str);
-}
-
-/* the main parse routine */
-int gen_parse(TALLOC_CTX *mem_ctx, const struct parse_struct *pinfo, char *data, const char *s)
-{
- char *str, *s0;
-
- s0 = talloc_strdup(mem_ctx, s);
- str = s0;
-
- while (*str) {
- char *p;
- char *name;
- char *value;
-
- /* skip leading whitespace */
- while (isspace(*str)) str++;
-
- p = strchr(str, '=');
- if (!p) break;
- value = p+1;
- while (p > str && isspace(*(p-1))) {
- p--;
- }
-
- *p = 0;
- name = str;
-
- while (isspace(*value)) value++;
-
- if (*value == '{') {
- str = match_braces(value, '}');
- value++;
- } else {
- str = match_braces(value, '\n');
- }
-
- *str++ = 0;
-
- if (gen_parse_one(mem_ctx, pinfo, name, data, value) != 0) {
- return -1;
- }
- }
-
- return 0;
-}
-
-
-
-/* for convenience supply some standard dumpers and parsers here */
-
-int gen_parse_char(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned char *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_int(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(int *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_unsigned(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(unsigned *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_time_t(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(time_t *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_double(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(double *)ptr = atof(str);
- return 0;
-}
-
-int gen_parse_float(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(float *)ptr = atof(str);
- return 0;
-}
-
-int gen_dump_char(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned char *)(ptr));
-}
-
-int gen_dump_int(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%d", *(int *)(ptr));
-}
-
-int gen_dump_unsigned(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(unsigned *)(ptr));
-}
-
-int gen_dump_time_t(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(time_t *)(ptr));
-}
-
-int gen_dump_double(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%lg", *(double *)(ptr));
-}
-
-int gen_dump_float(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%g", *(float *)(ptr));
-}
+++ /dev/null
-/*
- Copyright (C) Andrew Tridgell <genstruct@tridgell.net> 2002
- Copyright (C) Simo Sorce <idra@samba.org> 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "genparser_samba.h"
-
-/* PARSE functions */
-
-int gen_parse_uint8(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint8 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint16(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint16 *)ptr = atoi(str);
- return 0;
-}
-
-int gen_parse_uint32(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- *(uint32 *)ptr = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_NTTIME(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((NTTIME *)(ptr))->high), &(((NTTIME *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-int gen_parse_DOM_SID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(!string_to_sid((DOM_SID *)ptr, str)) return -1;
- return 0;
-}
-
-int gen_parse_SEC_ACCESS(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- ((SEC_ACCESS *)ptr)->mask = strtoul(str, NULL, 10);
- return 0;
-}
-
-int gen_parse_GUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- int info[UUID_FLAT_SIZE];
- int i;
- char *sc;
- char *p;
- char *m;
-
- m = strdup(str);
- if (!m) return -1;
- sc = m;
-
- memset(info, 0, sizeof(info));
- for (i = 0; i < UUID_FLAT_SIZE; i++) {
- p = strchr(sc, ',');
- if (p != NULL) p = '\0';
- info[i] = atoi(sc);
- if (p != NULL) sc = p + 1;
- }
- free(m);
-
- for (i = 0; i < UUID_FLAT_SIZE; i++) {
- ((UUID_FLAT *)ptr)->info[i] = info[i];
- }
-
- return 0;
-}
-
-int gen_parse_SEC_ACE(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_ace_info, ptr, str);
-}
-
-int gen_parse_SEC_ACL(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_acl_info, ptr, str);
-}
-
-int gen_parse_SEC_DESC(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_security_descriptor_info, ptr, str);
-}
-
-int gen_parse_LUID_ATTR(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_luid_attr_info, ptr, str);
-}
-
-int gen_parse_LUID(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- if(sscanf(str, "%u,%u", &(((LUID *)(ptr))->high), &(((LUID *)(ptr))->low)) != 2) {
- errno = EINVAL;
- return -1;
- }
- return 0;
-}
-
-int gen_parse_DATA_BLOB(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- return gen_parse_struct(mem_ctx, pinfo_data_blob_info, ptr, str);
-}
-
-int gen_parse_TALLOC_CTX(TALLOC_CTX *mem_ctx, char *ptr, const char *str)
-{
- (TALLOC_CTX *)ptr = NULL;
- return 0;
-}
-
-/* DUMP functions */
-
-int gen_dump_uint8(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint8 *)(ptr));
-}
-
-int gen_dump_uint16(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint16 *)(ptr));
-}
-
-int gen_dump_uint32(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", *(uint32 *)(ptr));
-}
-
-int gen_dump_NTTIME(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((NTTIME *)(ptr))->high;
- low = ((NTTIME *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
-int gen_dump_DOM_SID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- fstring sidstr;
-
- sid_to_string(sidstr, (DOM_SID *)ptr);
- return addstr(mem_ctx, p, sidstr);
-}
-
-int gen_dump_SEC_ACCESS(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "%u", ((SEC_ACCESS *)ptr)->mask);
-}
-
-int gen_dump_GUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- int i, r;
-
- for (i = 0; i < (UUID_FLAT_SIZE - 1); i++) {
- if (!(r = addshort(mem_ctx, p, "%d,", ((UUID_FLAT *)ptr)->info[i]))) return r;
- }
- return addshort(mem_ctx, p, "%d", ((UUID_FLAT *)ptr)->info[i]);
-}
-
-int gen_dump_SEC_ACE(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_ace_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_ACL(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_acl_info, p, ptr, indent);
-}
-
-int gen_dump_SEC_DESC(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_security_descriptor_info, p, ptr, indent);
-}
-
-int gen_dump_LUID_ATTR(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_luid_attr_info, p, ptr, indent);
-}
-
-int gen_dump_LUID(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- uint32 low, high;
-
- high = ((LUID *)(ptr))->high;
- low = ((LUID *)(ptr))->low;
- return addshort(mem_ctx, p, "%u,%u", high, low);
-}
-
-int gen_dump_DATA_BLOB(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return gen_dump_struct(mem_ctx, pinfo_data_blob_info, p, ptr, indent);
-}
-
-int gen_dump_TALLOC_CTX(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent)
-{
- return addshort(mem_ctx, p, "TALLOC_CTX");
-}
{PAM_SYMBOL_ERR, NT_STATUS_UNSUCCESSFUL},
{PAM_SERVICE_ERR, NT_STATUS_UNSUCCESSFUL},
{PAM_SYSTEM_ERR, NT_STATUS_UNSUCCESSFUL},
- {PAM_BUF_ERR, NT_STATUS_UNSUCCESSFUL},
+ {PAM_BUF_ERR, NT_STATUS_NO_MEMORY},
{PAM_PERM_DENIED, NT_STATUS_ACCESS_DENIED},
{PAM_AUTH_ERR, NT_STATUS_WRONG_PASSWORD},
{PAM_CRED_INSUFFICIENT, NT_STATUS_INSUFFICIENT_LOGON_INFO}, /* FIXME: Is this correct? */
{NT_STATUS_ACCOUNT_EXPIRED, PAM_ACCT_EXPIRED},
{NT_STATUS_PASSWORD_EXPIRED, PAM_AUTHTOK_EXPIRED},
{NT_STATUS_PASSWORD_MUST_CHANGE, PAM_NEW_AUTHTOK_REQD},
+ {NT_STATUS_ACCOUNT_LOCKED_OUT, PAM_MAXTRIES},
+ {NT_STATUS_NO_MEMORY, PAM_BUF_ERR},
{NT_STATUS_OK, PAM_SUCCESS}
};
#define ALLOC_CHECK(ptr, err, label, str) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
#define NTSTATUS_CHECK(err, label, str1, str2) do { if (!NT_STATUS_IS_OK(err)) { DEBUG(0, ("%s: %s failed!\n", str1, str2)); } } while(0)
-
-PRIVS privs[] = {
- {SE_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
- {SE_CREATE_TOKEN, "SeCreateTokenPrivilege", "Create Token"},
- {SE_ASSIGN_PRIMARY_TOKEN, "SeAssignPrimaryTokenPrivilege", "Assign Primary Token"},
- {SE_LOCK_MEMORY, "SeLockMemoryPrivilege", "Lock Memory"},
- {SE_INCREASE_QUOTA, "SeIncreaseQuotaPrivilege", "Increase Quota"},
- {SE_UNSOLICITED_INPUT, "SeUnsolicitedInputPrivilege", "Unsolicited Input"},
- {SE_MACHINE_ACCOUNT, "SeMachineAccountPrivilege", "Can add Machine Accounts to the Domain"},
- {SE_TCB, "SeTcbPrivilege", "TCB"},
- {SE_SECURITY, "SeSecurityPrivilege", "Security Privilege"},
- {SE_TAKE_OWNERSHIP, "SeTakeOwnershipPrivilege", "Take Ownership Privilege"},
- {SE_LOAD_DRIVER, "SeLocalDriverPrivilege", "Local Driver Privilege"},
- {SE_SYSTEM_PROFILE, "SeSystemProfilePrivilege", "System Profile Privilege"},
- {SE_SYSTEM_TIME, "SeSystemtimePrivilege", "System Time"},
- {SE_PROF_SINGLE_PROCESS, "SeProfileSingleProcessPrivilege", "Profile Single Process Privilege"},
- {SE_INC_BASE_PRIORITY, "SeIncreaseBasePriorityPrivilege", "Increase Base Priority Privilege"},
- {SE_CREATE_PAGEFILE, "SeCreatePagefilePrivilege", "Create Pagefile Privilege"},
- {SE_CREATE_PERMANENT, "SeCreatePermanentPrivilege", "Create Permanent"},
- {SE_BACKUP, "SeBackupPrivilege", "Backup Privilege"},
- {SE_RESTORE, "SeRestorePrivilege", "Restore Privilege"},
- {SE_SHUTDOWN, "SeShutdownPrivilege", "Shutdown Privilege"},
- {SE_DEBUG, "SeDebugPrivilege", "Debug Privilege"},
- {SE_AUDIT, "SeAuditPrivilege", "Audit"},
- {SE_SYSTEM_ENVIRONMENT, "SeSystemEnvironmentPrivilege", "System Environment Privilege"},
- {SE_CHANGE_NOTIFY, "SeChangeNotifyPrivilege", "Change Notify"},
- {SE_REMOTE_SHUTDOWN, "SeRemoteShutdownPrivilege", "Remote Shutdown Privilege"},
- {SE_UNDOCK, "SeUndockPrivilege", "Undock"},
- {SE_SYNC_AGENT, "SeSynchronizationAgentPrivilege", "Synchronization Agent"},
- {SE_ENABLE_DELEGATION, "SeEnableDelegationPrivilege", "Enable Delegation"},
- {SE_PRINT_OPERATOR, "SePrintOperatorPrivilege", "Printer Operator"},
- {SE_ADD_USERS, "SeAddUsersPrivilege", "Add Users"},
- {SE_ALL_PRIVS, "SeAllPrivileges", "All Privileges"}
-};
-
-
-
/****************************************************************************
Check if a user is a mapped group.
void destroy_privilege(PRIVILEGE_SET **priv_set)
{
- if (priv_set == NULL || *priv_set == NULL)
- return;
-
reset_privilege(*priv_set);
if (!((*priv_set)->ext_ctx))
/* mem_ctx is local, destroy it */
return ret;
}
-NTSTATUS add_privilege_by_name(PRIVILEGE_SET *priv_set, const char *name)
-{
- int e;
-
- for (e = 0; privs[e].se_priv != SE_ALL_PRIVS; e++) {
- if (StrCaseCmp(privs[e].priv, name) == 0) {
- LUID_ATTR la;
-
- la.attr = 0;
- la.luid.high = 0;
- la.luid.low = privs[e].se_priv;
-
- return add_privilege(priv_set, la);
- }
- }
-
- DEBUG(1, ("add_privilege_by_name: No Such Privilege Found (%s)\n", name));
-
- return NT_STATUS_UNSUCCESSFUL;
-}
-
/****************************************************************************
add all the privileges to a privilege array
****************************************************************************/
set.luid.high = 0;
/* TODO: set a proper list of privileges */
- set.luid.low = SE_ADD_USERS;
+ set.luid.low = SE_PRIV_ADD_USERS;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
- set.luid.low = SE_MACHINE_ACCOUNT;
+ set.luid.low = SE_PRIV_ADD_MACHINES;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
- set.luid.low = SE_PRINT_OPERATOR;
+ set.luid.low = SE_PRIV_PRINT_OPERATOR;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
LUID_ATTR *old_set;
int i;
- if (new_priv_set == NULL || priv_set == NULL)
+ if (!new_priv_set || !priv_set)
return NT_STATUS_INVALID_PARAMETER;
/* special case if there are no privileges in the list */
old_set = priv_set->set;
- new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count) * (sizeof(LUID_ATTR)));
+ new_set = (LUID_ATTR *)talloc(new_priv_set->mem_ctx, (priv_set->count - 1) * (sizeof(LUID_ATTR)));
ALLOC_CHECK(new_set, ret, done, "dup_priv_set");
for (i=0; i < priv_set->count; i++) {
done:
return ret;
}
-
-
-NTSTATUS user_has_privilege(struct current_user *user, uint32 privilege)
-{
- LUID_ATTR set;
-
- set.attr = 0;
- set.luid.high = 0;
- set.luid.low = privilege;
-
- return check_priv_in_privilege(user->privs, set);
-}
-
ace_dest->size = ace_src->size;
ace_dest->info.mask = ace_src->info.mask;
ace_dest->obj_flags = ace_src->obj_flags;
- memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, sizeof(struct uuid));
- memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, sizeof(struct uuid));
+ memcpy(&ace_dest->obj_guid, &ace_src->obj_guid, GUID_SIZE);
+ memcpy(&ace_dest->inh_guid, &ace_src->inh_guid, GUID_SIZE);
sid_copy(&ace_dest->trustee, &ace_src->trustee);
}
{ LDAP_ATTR_LIST_END, NULL }
};
-/* privileges */
-
-ATTRIB_MAP_ENTRY privilege_attr_list[] = {
- { LDAP_ATTR_CN, "sambaPrivName" },
- { LDAP_ATTR_SID_LIST, LDAP_ATTRIBUTE_SID_LIST },
- { LDAP_ATTR_DESC, "description" },
- { LDAP_ATTR_OBJCLASS, "objectClass" },
- { LDAP_ATTR_LIST_END, NULL }
-};
-
/**********************************************************************
perform a simple table lookup and return the attribute name
**********************************************************************/
return NT_STATUS_OK;
}
+/**********************************************************************
+ Add the sambaDomain to LDAP, so we don't have to search for this stuff
+ again. This is a once-add operation for now.
+
+ TODO: Add other attributes, and allow modification.
+*********************************************************************/
+static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
+ const char *domain_name)
+{
+ fstring sid_string;
+ fstring algorithmic_rid_base_string;
+ pstring filter, dn;
+ LDAPMod **mods = NULL;
+ int rc;
+ int ldap_op;
+ LDAPMessage *result = NULL;
+ int num_result;
+ char **attr_list;
+ uid_t u_low, u_high;
+ gid_t g_low, g_high;
+ uint32 rid_low, rid_high;
+
+ slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
+ domain_name, LDAP_OBJ_DOMINFO);
+
+ attr_list = get_attr_list( dominfo_attr_list );
+ rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
+ free_attr_list( attr_list );
+
+ if (rc != LDAP_SUCCESS) {
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ num_result = ldap_count_entries(ldap_state->ldap_struct, result);
+
+ if (num_result > 1) {
+ DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
+ ldap_msgfree(result);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ /* Check if we need to add an entry */
+ DEBUG(3,("Adding new domain\n"));
+ ldap_op = LDAP_MOD_ADD;
+
+ pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
+ domain_name, lp_ldap_suffix());
+
+ /* Free original search */
+ ldap_msgfree(result);
+
+ /* make the changes - the entry *must* not already have samba attributes */
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
+ domain_name);
+
+ /* If we don't have an entry, then ask secrets.tdb for what it thinks.
+ It may choose to make it up */
+
+ sid_to_string(sid_string, get_global_sam_sid());
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string);
+
+ slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base());
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
+ algorithmic_rid_base_string);
+ smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
+
+ /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
+ TODO: fix all the places where the line between idmap and normal operations
+ needed by smbd gets fuzzy --jerry 2003-08-11 */
+
+ if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
+ && get_free_rid_range(&rid_low, &rid_high) )
+ {
+ fstring rid_str;
+
+ fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
+ DEBUG(10,("setting next available user rid [%s]\n", rid_str));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
+ rid_str);
+
+ fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
+ DEBUG(10,("setting next available group rid [%s]\n", rid_str));
+ smbldap_set_mod(&mods, LDAP_MOD_ADD,
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
+ rid_str);
+
+ }
+
+
+ switch(ldap_op)
+ {
+ case LDAP_MOD_ADD:
+ rc = smbldap_add(ldap_state, dn, mods);
+ break;
+ case LDAP_MOD_REPLACE:
+ rc = smbldap_modify(ldap_state, dn, mods);
+ break;
+ default:
+ DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ if (rc!=LDAP_SUCCESS) {
+ char *ld_error = NULL;
+ ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
+ DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n",
+ ldap_op == LDAP_MOD_ADD ? "add" : "modify",
+ dn, ldap_err2string(rc),
+ ld_error?ld_error:"unknown"));
+ SAFE_FREE(ld_error);
+
+ ldap_mods_free(mods, True);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name));
+ ldap_mods_free(mods, True);
+ return NT_STATUS_OK;
+}
+
+/**********************************************************************
+Search for the domain info entry
+*********************************************************************/
+NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
+ LDAPMessage ** result, const char *domain_name,
+ BOOL try_add)
+{
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ pstring filter;
+ int rc;
+ char **attr_list;
+ int count;
+
+ pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
+ LDAP_OBJ_DOMINFO,
+ get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
+ domain_name);
+
+ DEBUG(2, ("Searching for:[%s]\n", filter));
+
+
+ attr_list = get_attr_list( dominfo_attr_list );
+ rc = smbldap_search_suffix(ldap_state, filter, attr_list , result);
+ free_attr_list( attr_list );
+
+ if (rc != LDAP_SUCCESS) {
+ DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
+ DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
+ } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) {
+ DEBUG(3, ("Got no domain info entries for domain\n"));
+ ldap_msgfree(*result);
+ *result = NULL;
+ if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
+ return smbldap_search_domain_info(ldap_state, result, domain_name, False);
+ }
+ else {
+ DEBUG(0, ("Adding domain info for %s failed with %s\n",
+ domain_name, nt_errstr(ret)));
+ return ret;
+ }
+ } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) {
+ DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
+ count, domain_name));
+ ldap_msgfree(*result);
+ *result = NULL;
+ return ret;
+ } else {
+ return NT_STATUS_OK;
+ }
+
+ return ret;
+}
+
/*******************************************************************
Return a copy of the DN for a LDAPMessage. Convert from utf8 to CH_UNIX.
********************************************************************/
ldap_memfree(utf8_dn);
return unix_dn;
}
+
+++ /dev/null
-/*
- Unix SMB/CIFS mplementation.
- LDAP protocol helper functions for SAMBA
- Copyright (C) Jean François Micouleau 1998
- Copyright (C) Gerald Carter 2001-2003
- Copyright (C) Shahms King 2001
- Copyright (C) Andrew Bartlett 2002-2003
- Copyright (C) Stefan (metze) Metzmacher 2002-2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-
-*/
-
-#include "includes.h"
-#include "smbldap.h"
-
-/**********************************************************************
- Add the sambaDomain to LDAP, so we don't have to search for this stuff
- again. This is a once-add operation for now.
-
- TODO: Add other attributes, and allow modification.
-*********************************************************************/
-static NTSTATUS add_new_domain_info(struct smbldap_state *ldap_state,
- const char *domain_name)
-{
- fstring sid_string;
- fstring algorithmic_rid_base_string;
- pstring filter, dn;
- LDAPMod **mods = NULL;
- int rc;
- int ldap_op;
- LDAPMessage *result = NULL;
- int num_result;
- char **attr_list;
- uid_t u_low, u_high;
- gid_t g_low, g_high;
- uint32 rid_low, rid_high;
-
- slprintf (filter, sizeof (filter) - 1, "(&(%s=%s)(objectclass=%s))",
- get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
- domain_name, LDAP_OBJ_DOMINFO);
-
- attr_list = get_attr_list( dominfo_attr_list );
- rc = smbldap_search_suffix(ldap_state, filter, attr_list, &result);
- free_attr_list( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- num_result = ldap_count_entries(ldap_state->ldap_struct, result);
-
- if (num_result > 1) {
- DEBUG (0, ("More than domain with that name exists: bailing out!\n"));
- ldap_msgfree(result);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* Check if we need to add an entry */
- DEBUG(3,("Adding new domain\n"));
- ldap_op = LDAP_MOD_ADD;
-
- pstr_sprintf(dn, "%s=%s,%s", get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
- domain_name, lp_ldap_suffix());
-
- /* Free original search */
- ldap_msgfree(result);
-
- /* make the changes - the entry *must* not already have samba attributes */
- smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
- domain_name);
-
- /* If we don't have an entry, then ask secrets.tdb for what it thinks.
- It may choose to make it up */
-
- sid_to_string(sid_string, get_global_sam_sid());
- smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOM_SID), sid_string);
-
- slprintf(algorithmic_rid_base_string, sizeof(algorithmic_rid_base_string) - 1, "%i", algorithmic_rid_base());
- smbldap_set_mod(&mods, LDAP_MOD_ADD, get_attr_key2string(dominfo_attr_list, LDAP_ATTR_ALGORITHMIC_RID_BASE),
- algorithmic_rid_base_string);
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_DOMINFO);
-
- /* add the sambaNext[User|Group]Rid attributes if the idmap ranges are set.
- TODO: fix all the places where the line between idmap and normal operations
- needed by smbd gets fuzzy --jerry 2003-08-11 */
-
- if ( lp_idmap_uid(&u_low, &u_high) && lp_idmap_gid(&g_low, &g_high)
- && get_free_rid_range(&rid_low, &rid_high) )
- {
- fstring rid_str;
-
- fstr_sprintf( rid_str, "%i", rid_high|USER_RID_TYPE );
- DEBUG(10,("setting next available user rid [%s]\n", rid_str));
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_USERRID),
- rid_str);
-
- fstr_sprintf( rid_str, "%i", rid_high|GROUP_RID_TYPE );
- DEBUG(10,("setting next available group rid [%s]\n", rid_str));
- smbldap_set_mod(&mods, LDAP_MOD_ADD,
- get_attr_key2string(dominfo_attr_list, LDAP_ATTR_NEXT_GROUPRID),
- rid_str);
-
- }
-
-
- switch(ldap_op)
- {
- case LDAP_MOD_ADD:
- rc = smbldap_add(ldap_state, dn, mods);
- break;
- case LDAP_MOD_REPLACE:
- rc = smbldap_modify(ldap_state, dn, mods);
- break;
- default:
- DEBUG(0,("Wrong LDAP operation type: %d!\n", ldap_op));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (rc!=LDAP_SUCCESS) {
- char *ld_error = NULL;
- ldap_get_option(ldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
- DEBUG(1,("failed to %s domain dn= %s with: %s\n\t%s\n",
- ldap_op == LDAP_MOD_ADD ? "add" : "modify",
- dn, ldap_err2string(rc),
- ld_error?ld_error:"unknown"));
- SAFE_FREE(ld_error);
-
- ldap_mods_free(mods, True);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- DEBUG(2,("added: domain = %s in the LDAP database\n", domain_name));
- ldap_mods_free(mods, True);
- return NT_STATUS_OK;
-}
-
-/**********************************************************************
-Search for the domain info entry
-*********************************************************************/
-NTSTATUS smbldap_search_domain_info(struct smbldap_state *ldap_state,
- LDAPMessage ** result, const char *domain_name,
- BOOL try_add)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- pstring filter;
- int rc;
- char **attr_list;
- int count;
-
- pstr_sprintf(filter, "(&(objectClass=%s)(%s=%s))",
- LDAP_OBJ_DOMINFO,
- get_attr_key2string(dominfo_attr_list, LDAP_ATTR_DOMAIN),
- domain_name);
-
- DEBUG(2, ("Searching for:[%s]\n", filter));
-
-
- attr_list = get_attr_list( dominfo_attr_list );
- rc = smbldap_search_suffix(ldap_state, filter, attr_list , result);
- free_attr_list( attr_list );
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(2,("Problem during LDAPsearch: %s\n", ldap_err2string (rc)));
- DEBUG(2,("Query was: %s, %s\n", lp_ldap_suffix(), filter));
- } else if (ldap_count_entries(ldap_state->ldap_struct, *result) < 1) {
- DEBUG(3, ("Got no domain info entries for domain\n"));
- ldap_msgfree(*result);
- *result = NULL;
- if (try_add && NT_STATUS_IS_OK(ret = add_new_domain_info(ldap_state, domain_name))) {
- return smbldap_search_domain_info(ldap_state, result, domain_name, False);
- }
- else {
- DEBUG(0, ("Adding domain info for %s failed with %s\n",
- domain_name, nt_errstr(ret)));
- return ret;
- }
- } else if ((count = ldap_count_entries(ldap_state->ldap_struct, *result)) > 1) {
- DEBUG(0, ("Got too many (%d) domain info entries for domain %s\n",
- count, domain_name));
- ldap_msgfree(*result);
- *result = NULL;
- return ret;
- } else {
- return NT_STATUS_OK;
- }
-
- return ret;
-}
-
return s;
}
+
+/*****************************************************************
+ Print a GUID structure for debugging.
+*****************************************************************/
+
+void print_guid(GUID *guid)
+{
+ int i;
+
+ d_printf("%08x-%04x-%04x",
+ IVAL(guid->info, 0), SVAL(guid->info, 4), SVAL(guid->info, 6));
+ d_printf("-%02x%02x-", guid->info[8], guid->info[9]);
+ for (i=10;i<GUID_SIZE;i++)
+ d_printf("%02x", guid->info[i]);
+ d_printf("\n");
+}
+
/*******************************************************************
Tallocs a duplicate SID.
********************************************************************/
}
/* Check the incoming SMB signature. */
- if (!srv_check_sign_mac(buffer, True)) {
+ if (!srv_check_sign_mac(buffer)) {
DEBUG(0, ("receive_smb: SMB Signature verification failed on incoming packet!\n"));
if (smb_read_error == 0)
smb_read_error = READ_BAD_SIG;
return val;
}
-
-void string_append(char **left, const char *right)
-{
- int new_len = strlen(right) + 1;
-
- if (*left == NULL) {
- *left = malloc(new_len);
- *left[0] = '\0';
- } else {
- new_len += strlen(*left);
- *left = Realloc(*left, new_len);
- }
-
- if (*left == NULL)
- return;
-
- safe_strcat(*left, right, new_len-1);
-}
* Unix SMB/CIFS implementation.
* UUID server routines
* Copyright (C) Theodore Ts'o 1996, 1997,
- * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002, 2003
+ * Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2002.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
#define TIME_OFFSET_HIGH 0x01B21DD2
#define TIME_OFFSET_LOW 0x13814000
-void smb_uuid_pack(const struct uuid uu, UUID_FLAT *ptr)
-{
- SIVAL(ptr, 0, uu.time_low);
- SSVAL(ptr, 4, uu.time_mid);
- SSVAL(ptr, 6, uu.time_hi_and_version);
- memcpy(ptr+8, uu.clock_seq, 2);
- memcpy(ptr+10, uu.node, 6);
-}
+struct uuid {
+ uint32 time_low;
+ uint16 time_mid;
+ uint16 time_hi_and_version;
+ uint8 clock_seq[2];
+ uint8 node[6];
+};
-void smb_uuid_unpack(const UUID_FLAT in, struct uuid *uu)
+
+static void uuid_pack(const struct uuid *uu, GUID *ptr)
{
- uu->time_low = IVAL(in.info, 0);
- uu->time_mid = SVAL(in.info, 4);
- uu->time_hi_and_version = SVAL(in.info, 6);
- memcpy(uu->clock_seq, in.info+8, 2);
- memcpy(uu->node, in.info+10, 6);
+ uint8 *out = ptr->info;
+
+ SIVAL(out, 0, uu->time_low);
+ SSVAL(out, 4, uu->time_mid);
+ SSVAL(out, 6, uu->time_hi_and_version);
+ memcpy(out+8, uu->clock_seq, 2);
+ memcpy(out+10, uu->node, 6);
}
-const struct uuid smb_uuid_unpack_static(const UUID_FLAT in)
+static void uuid_unpack(const GUID in, struct uuid *uu)
{
- static struct uuid uu;
+ const uint8 *ptr = in.info;
- smb_uuid_unpack(in, &uu);
- return uu;
+ uu->time_low = IVAL(ptr, 0);
+ uu->time_mid = SVAL(ptr, 4);
+ uu->time_hi_and_version = SVAL(ptr, 6);
+ memcpy(uu->clock_seq, ptr+8, 2);
+ memcpy(uu->node, ptr+10, 6);
}
-void smb_uuid_generate_random(struct uuid *uu)
+void smb_uuid_generate_random(GUID *out)
{
- UUID_FLAT tmp;
+ GUID tmp;
+ struct uuid uu;
generate_random_buffer(tmp.info, sizeof(tmp.info), True);
- smb_uuid_unpack(tmp, uu);
+ uuid_unpack(tmp, &uu);
- uu->clock_seq[0] = (uu->clock_seq[0] & 0x3F) | 0x80;
- uu->time_hi_and_version = (uu->time_hi_and_version & 0x0FFF) | 0x4000;
+ uu.clock_seq[0] = (uu.clock_seq[0] & 0x3F) | 0x80;
+ uu.time_hi_and_version = (uu.time_hi_and_version & 0x0FFF) | 0x4000;
+ uuid_pack(&uu, out);
}
-char *smb_uuid_to_string(const struct uuid uu)
+char *smb_uuid_to_string(const GUID in)
{
+ struct uuid uu;
char *out;
+ uuid_unpack(in, &uu);
+
asprintf(&out, "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uu.time_low, uu.time_mid, uu.time_hi_and_version,
uu.clock_seq[0], uu.clock_seq[1],
return out;
}
-const char *smb_uuid_string_static(const struct uuid uu)
+const char *smb_uuid_string_static(const GUID in)
{
+ struct uuid uu;
static char out[37];
- slprintf(out, sizeof(out),
+ uuid_unpack(in, &uu);
+ slprintf(out, sizeof(out) -1,
"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
uu.time_low, uu.time_mid, uu.time_hi_and_version,
uu.clock_seq[0], uu.clock_seq[1],
uu.node[3], uu.node[4], uu.node[5]);
return out;
}
-
-BOOL smb_string_to_uuid(const char *in, struct uuid* uu)
-{
- BOOL ret = False;
- const char *ptr = in;
- char *end = (char *)in;
- int i;
-
- if (!in || !uu) goto out;
-
- uu->time_low = strtoul(ptr, &end, 16);
- if ((end - ptr) != 8 || *end != '-') goto out;
- ptr = (end + 1);
-
- uu->time_mid = strtoul(ptr, &end, 16);
- if ((end - ptr) != 4 || *end != '-') goto out;
- ptr = (end + 1);
-
- uu->time_hi_and_version = strtoul(ptr, &end, 16);
- if ((end - ptr) != 4 || *end != '-') goto out;
- ptr = (end + 1);
-
- for (i = 0; i < 2; i++) {
- int adj = 0;
- if (*ptr >= '0' && *ptr <= '9') {
- adj = '0';
- } else if (*ptr >= 'a' && *ptr <= 'f') {
- adj = 'a';
- } else if (*ptr >= 'A' && *ptr <= 'F') {
- adj = 'A';
- } else {
- goto out;
- }
- uu->clock_seq[i] = (*ptr - adj) << 4;
- ptr++;
-
- if (*ptr >= '0' && *ptr <= '9') {
- adj = '0';
- } else if (*ptr >= 'a' && *ptr <= 'f') {
- adj = 'a';
- } else if (*ptr >= 'A' && *ptr <= 'F') {
- adj = 'A';
- } else {
- goto out;
- }
- uu->clock_seq[i] |= (*ptr - adj);
- ptr++;
- }
-
- if (*ptr != '-') goto out;
- ptr++;
-
- for (i = 0; i < 6; i++) {
- int adj = 0;
- if (*ptr >= '0' && *ptr <= '9') {
- adj = '0';
- } else if (*ptr >= 'a' && *ptr <= 'f') {
- adj = 'a';
- } else if (*ptr >= 'A' && *ptr <= 'F') {
- adj = 'A';
- } else {
- goto out;
- }
- uu->node[i] = (*ptr - adj) << 4;
- ptr++;
-
- if (*ptr >= '0' && *ptr <= '9') {
- adj = '0';
- } else if (*ptr >= 'a' && *ptr <= 'f') {
- adj = 'a';
- } else if (*ptr >= 'A' && *ptr <= 'F') {
- adj = 'A';
- } else {
- goto out;
- }
- uu->node[i] |= (*ptr - adj);
- ptr++;
- }
-
- ret = True;
-out:
- return ret;
-}
}
}
+struct uuid {
+ uint32 i1;
+ uint16 i2;
+ uint16 i3;
+ uint8 s[8];
+};
+
static void dump_guid(const char *field, struct berval **values)
{
int i;
- UUID_FLAT guid;
+ GUID guid;
for (i=0; values[i]; i++) {
memcpy(guid.info, values[i]->bv_val, sizeof(guid.info));
- printf("%s: %s\n", field,
- smb_uuid_string_static(smb_uuid_unpack_static(guid)));
+ printf("%s: %s\n", field, smb_uuid_string_static(guid));
}
}
* @return boolean indicating success
**/
BOOL ads_pull_guid(ADS_STRUCT *ads,
- void *msg, struct uuid *guid)
+ void *msg, GUID *guid)
{
char **values;
- UUID_FLAT flat_guid;
values = ldap_get_values(ads->ld, msg, "objectGUID");
if (!values)
return False;
if (values[0]) {
- memcpy(&flat_guid.info, values[0], sizeof(UUID_FLAT));
- smb_uuid_unpack(flat_guid, guid);
+ memcpy(guid, values[0], sizeof(GUID));
ldap_value_free(values);
return True;
}
session_key = data_blob(NULL, 16);
SMBsesskeygen_ntv1(nt_hash, NULL, session_key.data);
}
- cli_simple_set_signing(cli, session_key, nt_response);
+ cli_simple_set_signing(cli, session_key, nt_response, 0);
} else {
/* pre-encrypted password supplied. Only used for
security=server, can't do
file_save("negTokenTarg.dat", negTokenTarg.data, negTokenTarg.length);
#endif
- cli_simple_set_signing(cli, session_key_krb5, null_blob);
+ cli_simple_set_signing(cli, session_key_krb5, null_blob, 0);
blob2 = cli_session_setup_blob(cli, negTokenTarg);
fstrcpy(cli->server_domain, ntlmssp_state->server_domain);
cli_set_session_key(cli, ntlmssp_state->session_key);
- if (cli_simple_set_signing(cli, key, null_blob)) {
-
- /* 'resign' the last message, so we get the right sequence numbers
- for checking the first reply from the server */
- cli_calculate_sign_mac(cli);
-
- if (!cli_check_sign_mac(cli, True)) {
- nt_status = NT_STATUS_ACCESS_DENIED;
- }
- }
+ /* Using NTLMSSP session setup, signing on the net only starts
+ * after a successful authentication and the session key has
+ * been determined, but with a sequence number of 2. This
+ * assumes that NTLMSSP needs exactly 2 roundtrips, for any
+ * other SPNEGO mechanism it needs adapting. */
+
+ cli_simple_set_signing(cli, key, null_blob, 2);
}
/* we have a reference conter on ntlmssp_state, if we are signing
}
cli->sign_info.negotiated_smb_signing = True;
cli->sign_info.mandatory_signing = True;
- } else if (cli->sign_info.allow_smb_signing && cli->sec_mode & NEGOTIATE_SECURITY_SIGNATURES_ENABLED) {
- cli->sign_info.negotiated_smb_signing = True;
}
} else if (cli->protocol >= PROTOCOL_LANMAN1) {
struct cli_state *get_ipc_connect_master_ip(struct ip_service * mb_ip, pstring workgroup, struct user_auth_info *user_info)
{
static fstring name;
- struct cli_state *cli;
- struct in_addr server_ip;
+ struct cli_state *cli;
+ struct in_addr server_ip;
DEBUG(99, ("Looking up name of master browser %s\n",
inet_ntoa(mb_ip->ip)));
return NULL;
}
- pstrcpy(workgroup, name);
+ pstrcpy(workgroup, name);
- DEBUG(4, ("found master browser %s, %s\n",
+ DEBUG(4, ("found master browser %s, %s\n",
name, inet_ntoa(mb_ip->ip)));
- cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info);
+ cli = get_ipc_connect(inet_ntoa(server_ip), &server_ip, user_info);
- return cli;
+ return cli;
}
return ret;
}
- if (!cli_check_sign_mac(cli, True)) {
+ if (!cli_check_sign_mac(cli)) {
DEBUG(0, ("SMB Signature verification failed on incoming packet!\n"));
cli->smb_rw_error = READ_BAD_SIG;
close(cli->fd);
free the user_info struct (malloc()'d memory)
***********************************************************************/
-NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, const DOM_SID *user_sid)
+NET_USER_INFO_3* netsamlogon_cache_get( TALLOC_CTX *mem_ctx, DOM_SID *user_sid)
{
NET_USER_INFO_3 *user = NULL;
TDB_DATA data, key;
return user;
}
-BOOL netsamlogon_cache_have(const DOM_SID *user_sid)
+BOOL netsamlogon_cache_have(DOM_SID *user_sid)
{
TALLOC_CTX *mem_ctx = talloc_init("netsamlogon_cache_have");
NET_USER_INFO_3 *user = NULL;
SMB signing - NULL implementation - check a MAC sent by server.
************************************************************/
-static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok)
+static BOOL null_check_incoming_message(char *inbuf, struct smb_sign_info *si)
{
return True;
}
}
-static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq, BOOL expected_ok)
+static BOOL signing_good(char *inbuf, struct smb_sign_info *si, BOOL good, uint32 seq)
{
- if (good) {
+ if (good && !si->doing_signing) {
+ si->doing_signing = True;
+ }
- if (!si->doing_signing) {
- si->doing_signing = True;
- }
-
- if (!si->seen_valid) {
- si->seen_valid = True;
- }
+ if (!good) {
+ if (si->doing_signing) {
+ struct smb_basic_signing_context *data = si->signing_context;
- } else {
- if (!si->mandatory_signing && !si->seen_valid) {
+ /* W2K sends a bad first signature but the sign engine is on.... JRA. */
+ if (data->send_seq_num > 1)
+ DEBUG(1, ("signing_good: SMB signature check failed on seq %u!\n",
+ (unsigned int)seq ));
- if (!expected_ok) {
- return True;
- }
- /* Non-mandatory signing - just turn off if this is the first bad packet.. */
- DEBUG(5, ("signing_good: signing negotiated but not required and the other side \
-isn't sending correct signatures. Turning signatures off.\n"));
- si->negotiated_smb_signing = False;
- si->allow_smb_signing = False;
- si->doing_signing = False;
- free_signing_context(si);
- return True;
- } else if (!expected_ok) {
- /* This packet is known to be unsigned */
- return True;
+ return False;
} else {
- /* Mandatory signing or bad packet after signing started - fail and disconnect. */
- if (seq)
- DEBUG(0, ("signing_good: BAD SIG: seq %u\n", (unsigned int)seq));
+ DEBUG(3, ("signing_good: Peer did not sign reply correctly\n"));
+ free_signing_context(si);
return False;
}
}
SMB signing - Client implementation - check a MAC sent by server.
************************************************************/
-static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok)
+static BOOL client_check_incoming_message(char *inbuf, struct smb_sign_info *si)
{
BOOL good;
uint32 reply_seq_number;
DEBUG(10, ("client_check_incoming_message: seq %u: got good SMB signature of\n", (unsigned int)reply_seq_number));
dump_data(10, (const char *)server_sent_mac, 8);
}
- return signing_good(inbuf, si, good, saved_seq, expected_ok);
+ return signing_good(inbuf, si, good, saved_seq);
}
/***********************************************************
BOOL cli_simple_set_signing(struct cli_state *cli,
const DATA_BLOB user_session_key,
- const DATA_BLOB response)
+ const DATA_BLOB response, int initial_send_seq_num)
{
struct smb_basic_signing_context *data;
dump_data_pw("MAC ssession key is:\n", data->mac_key.data, data->mac_key.length);
/* Initialise the sequence number */
- data->send_seq_num = 0;
+ data->send_seq_num = initial_send_seq_num;
/* Initialise the list of outstanding packets */
data->outstanding_packet_list = NULL;
SMB signing - TEMP implementation - check a MAC sent by server.
************************************************************/
-static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok)
+static BOOL temp_check_incoming_message(char *inbuf, struct smb_sign_info *si)
{
return True;
}
* which had a bad checksum, True otherwise.
*/
-BOOL cli_check_sign_mac(struct cli_state *cli, BOOL expected_ok)
+BOOL cli_check_sign_mac(struct cli_state *cli)
{
- if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info, expected_ok)) {
+ if (!cli->sign_info.check_incoming_message(cli->inbuf, &cli->sign_info)) {
free_signing_context(&cli->sign_info);
return False;
}
SMB signing - Server implementation - check a MAC sent by server.
************************************************************/
-static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si, BOOL expected_ok)
+static BOOL srv_check_incoming_message(char *inbuf, struct smb_sign_info *si)
{
BOOL good;
struct smb_basic_signing_context *data = si->signing_context;
dump_data(10, (const char *)server_sent_mac, 8);
}
- return (signing_good(inbuf, si, good, saved_seq, expected_ok));
+ if (!signing_good(inbuf, si, good, saved_seq)) {
+ if (!si->mandatory_signing && (data->send_seq_num < 3)){
+ /* Non-mandatory signing - just turn off if this is the first bad packet.. */
+ DEBUG(5, ("srv_check_incoming_message: signing negotiated but not required and client \
+isn't sending correct signatures. Turning off.\n"));
+ si->negotiated_smb_signing = False;
+ si->allow_smb_signing = False;
+ si->doing_signing = False;
+ free_signing_context(si);
+ return True;
+ } else {
+ /* Mandatory signing or bad packet after signing started - fail and disconnect. */
+ if (saved_seq)
+ DEBUG(0, ("srv_check_incoming_message: BAD SIG: seq %u\n", (unsigned int)saved_seq));
+ return False;
+ }
+ } else {
+ return True;
+ }
}
/***********************************************************
Called to validate an incoming packet from the client.
************************************************************/
-BOOL srv_check_sign_mac(char *inbuf, BOOL expected_ok)
+BOOL srv_check_sign_mac(char *inbuf)
{
/* Check if it's a session keepalive. */
if(CVAL(inbuf,0) == SMBkeepalive)
return True;
- return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info, expected_ok);
+ return srv_sign_info.check_incoming_message(inbuf, &srv_sign_info);
}
/***********************************************************
return srv_sign_info.doing_signing;
}
-
-/***********************************************************
- Returns whether signing is negotiated. We can't use it unless it was
- in the negprot.
-************************************************************/
-
-BOOL srv_is_signing_negotiated(void)
-{
- return srv_sign_info.negotiated_smb_signing;
-}
-
-/***********************************************************
- Returns whether signing is negotiated. We can't use it unless it was
- in the negprot.
-************************************************************/
-
-BOOL srv_signing_started(void)
-{
- struct smb_basic_signing_context *data;
-
- if (!srv_sign_info.doing_signing) {
- return False;
- }
-
- data = (struct smb_basic_signing_context *)srv_sign_info.signing_context;
- if (!data)
- return False;
-
- if (data->send_seq_num == 0) {
- return False;
- }
-
- return True;
-}
-
-
/***********************************************************
Tell server code we are in a multiple trans reply state.
************************************************************/
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Samba module with developer tools
- Copyright (C) Andrew Tridgell 2001
- Copyright (C) Jelmer Vernooij 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-static struct {
- char from;
- char *to;
- int len;
-} weird_table[] = {
- {'q', "^q^", 3},
- {'Q', "^Q^", 3},
- {0, NULL}
-};
-
-static size_t weird_pull(void *cd, char **inbuf, size_t *inbytesleft,
- char **outbuf, size_t *outbytesleft)
-{
- while (*inbytesleft >= 1 && *outbytesleft >= 2) {
- int i;
- int done = 0;
- for (i=0;weird_table[i].from;i++) {
- if (strncmp((*inbuf),
- weird_table[i].to,
- weird_table[i].len) == 0) {
- if (*inbytesleft < weird_table[i].len) {
- DEBUG(0,("ERROR: truncated weird string\n"));
- /* smb_panic("weird_pull"); */
-
- } else {
- (*outbuf)[0] = weird_table[i].from;
- (*outbuf)[1] = 0;
- (*inbytesleft) -= weird_table[i].len;
- (*outbytesleft) -= 2;
- (*inbuf) += weird_table[i].len;
- (*outbuf) += 2;
- done = 1;
- break;
- }
- }
- }
- if (done) continue;
- (*outbuf)[0] = (*inbuf)[0];
- (*outbuf)[1] = 0;
- (*inbytesleft) -= 1;
- (*outbytesleft) -= 2;
- (*inbuf) += 1;
- (*outbuf) += 2;
- }
-
- if (*inbytesleft > 0) {
- errno = E2BIG;
- return -1;
- }
-
- return 0;
-}
-
-static size_t weird_push(void *cd, char **inbuf, size_t *inbytesleft,
- char **outbuf, size_t *outbytesleft)
-{
- int ir_count=0;
-
- while (*inbytesleft >= 2 && *outbytesleft >= 1) {
- int i;
- int done=0;
- for (i=0;weird_table[i].from;i++) {
- if ((*inbuf)[0] == weird_table[i].from &&
- (*inbuf)[1] == 0) {
- if (*outbytesleft < weird_table[i].len) {
- DEBUG(0,("No room for weird character\n"));
- /* smb_panic("weird_push"); */
- } else {
- memcpy(*outbuf, weird_table[i].to,
- weird_table[i].len);
- (*inbytesleft) -= 2;
- (*outbytesleft) -= weird_table[i].len;
- (*inbuf) += 2;
- (*outbuf) += weird_table[i].len;
- done = 1;
- break;
- }
- }
- }
- if (done) continue;
-
- (*outbuf)[0] = (*inbuf)[0];
- if ((*inbuf)[1]) ir_count++;
- (*inbytesleft) -= 2;
- (*outbytesleft) -= 1;
- (*inbuf) += 2;
- (*outbuf) += 1;
- }
-
- if (*inbytesleft == 1) {
- errno = EINVAL;
- return -1;
- }
-
- if (*inbytesleft > 1) {
- errno = E2BIG;
- return -1;
- }
-
- return ir_count;
-}
-
-struct charset_functions weird_functions = {"WEIRD", weird_pull, weird_push};
-
-int charset_weird_init(void)
-{
- smb_register_charset(&weird_functions);
- return True;
-}
}
#ifdef HAVE_ADS
else {
- struct uuid domain_guid;
- UUID_FLAT flat_guid;
+ GUID domain_guid;
pstring domain;
pstring hostname;
char *component, *dc, *q1;
DEBUG(2, ("Could not fetch DomainGUID for %s\n", domain));
return;
}
-
- smb_uuid_pack(domain_guid, &flat_guid);
- memcpy(q, &flat_guid.info, UUID_FLAT_SIZE);
- q += UUID_FLAT_SIZE;
+ memcpy(q, &domain_guid, sizeof(domain_guid));
+ q += sizeof(domain_guid);
/* Forest */
str_offset = q - q_orig;
Deal with a name refresh request to a WINS server.
************************************************************************/
-void wins_process_name_refresh_request( struct subnet_record *subrec,
- struct packet_struct *p )
+void wins_process_name_refresh_request(struct subnet_record *subrec,
+ struct packet_struct *p)
{
struct nmb_packet *nmb = &p->packet.nmb;
struct nmb_name *question = &nmb->question.question_name;
struct in_addr from_ip;
struct in_addr our_fake_ip = *interpret_addr2("0.0.0.0");
- putip( (char *)&from_ip, &nmb->additional->rdata[2] );
+ putip((char *)&from_ip,&nmb->additional->rdata[2]);
if(bcast) {
/*
* We should only get unicast name refresh packets here.
- * Anyone trying to refresh broadcast should not be going
- * to a WINS server. Log an error here.
+ * Anyone trying to refresh broadcast should not be going to a WINS
+ * server. Log an error here.
*/
- if( DEBUGLVL( 0 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Broadcast name refresh request received " );
- dbgtext( "for name %s ", nmb_namestr(question) );
- dbgtext( "from IP %s ", inet_ntoa(from_ip) );
- dbgtext( "on subnet %s. ", subrec->subnet_name );
- dbgtext( "Error - Broadcasts should not be sent " );
- dbgtext( "to a WINS server\n" );
- }
+
+ DEBUG(0,("wins_process_name_refresh_request: broadcast name refresh request \
+received for name %s from IP %s on subnet %s. Error - should not be sent to WINS server\n",
+ nmb_namestr(question), inet_ntoa(from_ip), subrec->subnet_name));
return;
}
- if( DEBUGLVL( 3 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name refresh for name %s IP %s\n",
- nmb_namestr(question), inet_ntoa(from_ip) );
- }
+ DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s \
+IP %s\n", nmb_namestr(question), inet_ntoa(from_ip) ));
/*
* See if the name already exists.
- * If not, handle it as a name registration and return.
*/
+
namerec = find_name_on_subnet(subrec, question, FIND_ANY_NAME);
/*
* treat it like a registration request. This allows us to recover
* from errors (tridge)
*/
+
if(namerec == NULL) {
- if( DEBUGLVL( 3 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name refresh for name %s ",
- nmb_namestr( question ) );
- dbgtext( "and the name does not exist. Treating " );
- dbgtext( "as registration.\n" );
- }
+ DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s and \
+the name does not exist. Treating as registration.\n", nmb_namestr(question) ));
wins_process_name_registration_request(subrec,p);
return;
}
/*
- * if the name is present but not active, simply remove it
- * and treat the refresh request as a registration & return.
+ * if the name is present but not active,
+ * simply remove it and treat the request
+ * as a registration
*/
if (namerec != NULL && !WINS_STATE_ACTIVE(namerec)) {
- if( DEBUGLVL( 5 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name (%s) in WINS ", nmb_namestr(question) );
- dbgtext( "was not active - removing it.\n" );
- }
+ DEBUG(5,("wins_process_name_refresh_request: Name (%s) in WINS was \
+not active - removing it.\n", nmb_namestr(question) ));
remove_name_from_namelist( subrec, namerec );
namerec = NULL;
- wins_process_name_registration_request( subrec, p );
+ wins_process_name_registration_request(subrec,p);
return;
}
/*
* Check that the group bits for the refreshing name and the
- * name in our database match. If not, refuse the refresh.
- * [crh: Why RFS_ERR instead of ACT_ERR? Is this what MS does?]
+ * name in our database match.
*/
- if( (namerec != NULL) &&
- ( (group && !NAME_GROUP(namerec))
- || (!group && NAME_GROUP(namerec)) ) ) {
- if( DEBUGLVL( 3 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name %s ", nmb_namestr(question) );
- dbgtext( "group bit = %s does not match ",
- group ? "True" : "False" );
- dbgtext( "group bit in WINS for this name.\n" );
- }
+
+ if((namerec != NULL) && ((group && !NAME_GROUP(namerec)) || (!group && NAME_GROUP(namerec))) ) {
+ DEBUG(3,("wins_process_name_refresh_request: Name %s group bit = %s \
+does not match group bit in WINS for this name.\n", nmb_namestr(question), group ? "True" : "False" ));
send_wins_name_registration_response(RFS_ERR, 0, p);
return;
}
/*
- * For a unique name check that the person refreshing the name is
- * one of the registered IP addresses. If not - fail the refresh.
- * Do the same for group names with a type of 0x1c.
- * Just return success for unique 0x1d refreshes. For normal group
- * names update the ttl and return success.
+ * For a unique name check that the person refreshing the name is one of the registered IP
+ * addresses. If not - fail the refresh. Do the same for group names with a type of 0x1c.
+ * Just return success for unique 0x1d refreshes. For normal group names update the ttl
+ * and return success.
*/
- if( (!group || (group && (question->name_type == 0x1c)))
- && find_ip_in_name_record(namerec, from_ip) ) {
+
+ if((!group || (group && (question->name_type == 0x1c))) && find_ip_in_name_record(namerec, from_ip )) {
/*
* Update the ttl.
*/
send_wins_name_registration_response(0, ttl, p);
wins_hook("refresh", namerec, ttl);
return;
- } else if((group && (question->name_type == 0x1c))) {
- /*
- * Added by crh for bug #1079.
- * Fix from Bert Driehuis
- */
- if( DEBUGLVL( 3 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name refresh for name %s, ",
- nmb_namestr(question) );
- dbgtext( "but IP address %s ", inet_ntoa(from_ip) );
- dbgtext( "is not yet associated with " );
- dbgtext( "that name. Treating as registration.\n" );
- }
- wins_process_name_registration_request(subrec,p);
- return;
} else if(group) {
/*
- * Normal groups are all registered with an IP address of
- * 255.255.255.255 so we can't search for the IP address.
- */
+ * Normal groups are all registered with an IP address of 255.255.255.255
+ * so we can't search for the IP address.
+ */
update_name_ttl(namerec, ttl);
send_wins_name_registration_response(0, ttl, p);
return;
/*
* Fail the refresh.
*/
- if( DEBUGLVL( 3 ) ) {
- dbgtext( "wins_process_name_refresh_request: " );
- dbgtext( "Name refresh for name %s with IP %s ",
- nmb_namestr(question), inet_ntoa(from_ip) );
- dbgtext( "and is IP is not known to the name.\n" );
- }
+
+ DEBUG(3,("wins_process_name_refresh_request: Name refresh for name %s with IP %s and \
+is IP is not known to the name.\n", nmb_namestr(question), inet_ntoa(from_ip) ));
send_wins_name_registration_response(RFS_ERR, 0, p);
return;
}
return (result == NSS_STATUS_SUCCESS);
}
-BOOL winbind_allocate_rid(uint32 *rid)
-{
- struct winbindd_request request;
- struct winbindd_response response;
- int result;
-
- /* Initialise request */
-
- ZERO_STRUCT(request);
- ZERO_STRUCT(response);
-
- /* Make request */
-
- result = winbindd_request(WINBINDD_ALLOCATE_RID, &request, &response);
-
- if (result != NSS_STATUS_SUCCESS)
- return False;
-
- /* Copy out result */
- *rid = response.data.rid;
-
- return True;
-}
-
/* Fetch the list of groups a user is a member of from winbindd. This is
used by winbind_getgroups. */
}
/***********************************************************************/
+#if 0 /* not needed currently since winbindd_acct was added -- jerry */
+
/* Call winbindd to convert SID to uid. Do not allocate */
BOOL winbind_sid_to_uid_query(uid_t *puid, const DOM_SID *sid)
return (result == NSS_STATUS_SUCCESS);
}
+#endif /* JERRY */
+
/***********************************************************************/
return True;
}
-static BOOL wbinfo_allocate_rid(void)
-{
- uint32 rid;
-
- if (!winbind_allocate_rid(&rid))
- return False;
-
- d_printf("New rid: %d\n", rid);
-
- return True;
-}
-
/* Convert sid to string */
static BOOL wbinfo_lookupsid(char *sid)
{ "gid-to-sid", 'G', POPT_ARG_INT, &int_arg, 'G', "Converts gid to sid", "GID" },
{ "sid-to-uid", 'S', POPT_ARG_STRING, &string_arg, 'S', "Converts sid to uid", "SID" },
{ "sid-to-gid", 'Y', POPT_ARG_STRING, &string_arg, 'Y', "Converts sid to gid", "SID" },
- { "allocate-rid", 'A', POPT_ARG_NONE, 0, 'A', "Get a new RID out of idmap" },
{ "create-user", 'c', POPT_ARG_STRING, &string_arg, 'c', "Create a local user account", "name" },
{ "delete-user", 'x', POPT_ARG_STRING, &string_arg, 'x', "Delete a local user account", "name" },
{ "create-group", 'C', POPT_ARG_STRING, &string_arg, 'C', "Create a local group", "name" },
goto done;
}
break;
- case 'A':
- if (!wbinfo_allocate_rid()) {
- d_printf("Could not allocate a RID\n");
- goto done;
- }
- break;
case 't':
if (!wbinfo_check_secret()) {
d_printf("Could not check secret\n");
&errnop);
/*
- * Always return NOTFOUND so nsswitch will get info from all
- * the database backends specified in the nsswitch.conf file.
- */
- return NSS_STATUS_NOTFOUND;
+ * If the maximum number of gids have been found, return
+ * SUCCESS so the switch engine will stop searching. Otherwise
+ * return NOTFOUND so nsswitch will continue to get groups
+ * from the remaining database backends specified in the
+ * nsswitch.conf file.
+ */
+ return (gmem->numgids == gmem->maxgids ? NSS_STATUS_SUCCESS : NSS_STATUS_NOTFOUND);
}
static NSS_STATUS
{ WINBINDD_SID_TO_GID, winbindd_sid_to_gid, "SID_TO_GID" },
{ WINBINDD_GID_TO_SID, winbindd_gid_to_sid, "GID_TO_SID" },
{ WINBINDD_UID_TO_SID, winbindd_uid_to_sid, "UID_TO_SID" },
- { WINBINDD_ALLOCATE_RID, winbindd_allocate_rid, "ALLOCATE_RID" },
/* Miscellaneous */
BOOL native_mode; /* is this a win2k domain in native mode ? */
BOOL active_directory; /* is this a win2k active directory ? */
BOOL primary; /* is this our primary domain ? */
- BOOL internal; /* BUILTIN and member SAM */
/* Lookup methods for this domain (LDAP or RPC) */
struct winbindd_methods *methods;
/* lookup user info for a given SID */
NTSTATUS (*query_user)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
WINBIND_USERINFO *user_info);
/* lookup all groups that a user is a member of. The backend
function */
NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
uint32 *num_groups, DOM_SID ***user_gids);
/* find all members of the group with the specified group_rid */
NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid,
+ DOM_SID *group_sid,
uint32 *num_names,
DOM_SID ***sid_mem, char ***names,
uint32 **name_types);
/* Lookup user information from a rid */
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ DOM_SID *sid,
WINBIND_USERINFO *info)
{
ADS_STRUCT *ads = NULL;
/* Lookup groups a user is a member of. */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ DOM_SID *sid,
uint32 *num_groups, DOM_SID ***user_gids)
{
ADS_STRUCT *ads = NULL;
*/
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ DOM_SID *group_sid, uint32 *num_names,
DOM_SID ***sid_mem, char ***names,
uint32 **name_types)
{
/* Lookup user information from a rid */
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
WINBIND_USERINFO *info)
{
struct winbind_cache *cache = get_cache(domain);
/* Lookup groups a user is a member of. */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
uint32 *num_groups, DOM_SID ***user_gids)
{
struct winbind_cache *cache = get_cache(domain);
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ DOM_SID *group_sid, uint32 *num_names,
DOM_SID ***sid_mem, char ***names,
uint32 **name_types)
{
DEBUG(10, ("group SID %s\n", sid_to_string(sid_string, group_sid)));
*num_gr_mem = 0;
-
- /* HACK ALERT!! This whole routine does not cope with group members
- * from more than one domain, ie aliases. Thus we have to work it out
- * ourselves in a special routine. */
-
- if (domain->internal)
- return fill_passdb_alias_grmem(domain, group_sid,
- num_gr_mem,
- gr_mem, gr_mem_len);
if ( !((group_name_type==SID_NAME_DOM_GRP) ||
((group_name_type==SID_NAME_ALIAS) && domain->primary)) )
/* if no domain or our local domain, then do a local tdb search */
- if ( (!*name_domain || strequal(name_domain, get_global_sam_name())) &&
- ((grp = wb_getgrnam(name_group)) != NULL) ) {
-
+ if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
char *buffer = NULL;
+ if ( !(grp=wb_getgrnam(name_group)) ) {
+ DEBUG(5,("winbindd_getgrnam: lookup for %s\\%s failed\n",
+ name_domain, name_group));
+ return WINBINDD_ERROR;
+ }
memcpy( &state->response.data.gr, grp, sizeof(WINBINDD_GR) );
gr_mem_len = gr_mem_buffer( &buffer, grp->gr_mem, grp->num_gr_mem );
return WINBINDD_OK;
}
- /* if no domain or our local domain and no local tdb group, default to
- * our local domain for aliases */
-
- if ( !*name_domain || strequal(name_domain, get_global_sam_name()) ) {
- fstrcpy(name_domain, get_global_sam_name());
- }
-
/* Get info for the domain */
if ((domain = find_domain_from_name(name_domain)) == NULL) {
}
if ( !((name_type==SID_NAME_DOM_GRP) ||
- ((name_type==SID_NAME_ALIAS) && domain->primary) ||
- ((name_type==SID_NAME_ALIAS) && domain->internal)) )
+ ((name_type==SID_NAME_ALIAS) && domain->primary)) )
{
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
name_group, name_type));
}
if ( !((name_type==SID_NAME_DOM_GRP) ||
- ((name_type==SID_NAME_ALIAS) && domain->primary) ||
- ((name_type==SID_NAME_ALIAS) && domain->internal)) )
+ ((name_type==SID_NAME_ALIAS) && domain->primary) ))
{
DEBUG(1, ("name '%s' is not a local or domain group: %d\n",
group_name, name_type));
/* get the domain local groups if we are a member of a native win2k domain
and are not using LDAP to get the groups */
- if ( ( lp_security() != SEC_ADS && domain->native_mode
- && domain->primary) || domain->internal )
+ if ( lp_security() != SEC_ADS && domain->native_mode
+ && domain->primary )
{
DEBUG(4,("get_sam_group_entries: Native Mode 2k domain; enumerating local groups as well\n"));
return WINBINDD_OK;
}
-static void add_gid_to_array_unique(gid_t gid, gid_t **gids, int *num)
-{
- int i;
-
- if ((*num) >= groups_max())
- return;
-
- for (i=0; i<*num; i++) {
- if ((*gids)[i] == gid)
- return;
- }
-
- *gids = Realloc(*gids, (*num+1) * sizeof(gid_t));
-
- if (*gids == NULL)
- return;
-
- (*gids)[*num] = gid;
- *num += 1;
-}
-
-static void add_gids_from_sid(DOM_SID *sid, gid_t **gids, int *num)
-{
- gid_t gid;
- DOM_SID *aliases;
- int j, num_aliases;
-
- DEBUG(10, ("Adding gids from SID: %s\n", sid_string_static(sid)));
-
- if (NT_STATUS_IS_OK(idmap_sid_to_gid(sid, &gid, 0)))
- add_gid_to_array_unique(gid, gids, num);
-
- /* Add nested group memberships */
-
- if (!pdb_enum_alias_memberships(sid, &aliases, &num_aliases))
- return;
-
- for (j=0; j<num_aliases; j++) {
-
- if (!NT_STATUS_IS_OK(sid_to_gid(&aliases[j], &gid)))
- continue;
-
- add_gid_to_array_unique(gid, gids, num);
- }
- SAFE_FREE(aliases);
-}
-
/* Get user supplementary groups. This is much quicker than trying to
invert the groups database. We merge the groups from the gids and
other_sids info3 fields as trusted domain, universal group
DOM_SID **user_grpsids;
struct winbindd_domain *domain;
enum winbindd_result result = WINBINDD_ERROR;
- gid_t *gid_list = NULL;
+ gid_t *gid_list;
unsigned int i;
TALLOC_CTX *mem_ctx;
NET_USER_INFO_3 *info3 = NULL;
goto done;
}
- add_gids_from_sid(&user_sid, &gid_list, &num_gids);
-
/* Treat the info3 cache as authoritative as the
lookup_usergroups() function may return cached data. */
info3->num_groups2, info3->num_other_sids));
num_groups = info3->num_other_sids + info3->num_groups2;
+ gid_list = calloc(sizeof(gid_t), num_groups);
/* Go through each other sid and convert it to a gid */
continue;
}
- add_gids_from_sid(&info3->other_sids[i].sid,
- &gid_list, &num_gids);
+ /* Map to a gid */
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&info3->other_sids[i].sid, &gid_list[num_gids], 0)) )
+ {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&info3->other_sids[i].sid)));
+ continue;
+ }
+
+ /* We've jumped through a lot of hoops to get here */
+
+ DEBUG(10, ("winbindd_getgroups: mapped other sid %s to "
+ "gid %lu\n", sid_string_static(
+ &info3->other_sids[i].sid),
+ (unsigned long)gid_list[num_gids]));
+
+ num_gids++;
}
for (i = 0; i < info3->num_groups2; i++) {
sid_copy( &group_sid, &domain->sid );
sid_append_rid( &group_sid, info3->gids[i].g_rid );
- add_gids_from_sid(&group_sid, &gid_list, &num_gids);
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(&group_sid, &gid_list[num_gids], 0)) ) {
+ DEBUG(10, ("winbindd_getgroups: could not map sid %s to gid\n",
+ sid_string_static(&group_sid)));
+ }
- if (gid_list == NULL)
- goto done;
+ num_gids++;
}
SAFE_FREE(info3);
goto done;
for (i = 0; i < num_groups; i++) {
- add_gids_from_sid(user_grpsids[i],
- &gid_list, &num_gids);
-
- if (gid_list == NULL)
- goto done;
+ if (!NT_STATUS_IS_OK(idmap_sid_to_gid(user_grpsids[i], &gid_list[num_gids], 0))) {
+ DEBUG(1, ("unable to convert group sid %s to gid\n",
+ sid_string_static(user_grpsids[i])));
+ continue;
+ }
+ num_gids++;
}
}
/* Update this when you change the interface. */
-#define WINBIND_INTERFACE_VERSION 10
+#define WINBIND_INTERFACE_VERSION 9
/* Socket commands */
WINBINDD_SID_TO_GID,
WINBINDD_UID_TO_SID,
WINBINDD_GID_TO_SID,
- WINBINDD_ALLOCATE_RID,
/* Miscellaneous other stuff */
char nt_session_key[16];
char first_8_lm_hash[8];
} auth;
- uint32 rid; /* create user or group or allocate rid */
+ uint32 rid; /* create user or group */
struct {
fstring name;
fstring alt_name;
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- Winbind rpc backend functions
-
- Copyright (C) Tim Potter 2000-2001,2003
- Copyright (C) Simo Sorce 2003
- Copyright (C) Volker Lendecke 2004
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "winbindd.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_WINBIND
-
-static void
-add_member(const char *domain, const char *user,
- char **members, int *num_members)
-{
- fstring name;
-
- fill_domain_username(name, domain, user);
- safe_strcat(name, ",", sizeof(name)-1);
- string_append(members, name);
- *num_members += 1;
-}
-
-/**********************************************************************
- Add member users resulting from sid. Expand if it is a domain group.
-**********************************************************************/
-
-static void
-add_expanded_sid(const DOM_SID *sid, char **members, int *num_members)
-{
- DOM_SID dom_sid;
- uint32 rid;
- struct winbindd_domain *domain;
- int i;
-
- char *name = NULL;
- enum SID_NAME_USE type;
-
- uint32 num_names;
- DOM_SID **sid_mem;
- char **names;
- uint32 *types;
-
- NTSTATUS result;
-
- TALLOC_CTX *mem_ctx = talloc_init("add_expanded_sid");
-
- if (mem_ctx == NULL) {
- DEBUG(1, ("talloc_init failed\n"));
- return;
- }
-
- sid_copy(&dom_sid, sid);
- sid_split_rid(&dom_sid, &rid);
-
- domain = find_domain_from_sid(&dom_sid);
-
- if (domain == NULL) {
- DEBUG(3, ("Could not find domain for sid %s\n",
- sid_string_static(sid)));
- goto done;
- }
-
- result = domain->methods->sid_to_name(domain, mem_ctx, sid,
- &name, &type);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(3, ("sid_to_name failed for sid %s\n",
- sid_string_static(sid)));
- goto done;
- }
-
- DEBUG(10, ("Found name %s, type %d\n", name, type));
-
- if (type == SID_NAME_USER) {
- add_member(domain->name, name, members, num_members);
- goto done;
- }
-
- if (type != SID_NAME_DOM_GRP) {
- DEBUG(10, ("Alias member %s neither user nor group, ignore\n",
- name));
- goto done;
- }
-
- /* Expand the domain group */
-
- result = domain->methods->lookup_groupmem(domain, mem_ctx,
- sid, &num_names,
- &sid_mem, &names,
- &types);
-
- if (!NT_STATUS_IS_OK(result)) {
- DEBUG(10, ("Could not lookup group members for %s: %s\n",
- name, nt_errstr(result)));
- goto done;
- }
-
- for (i=0; i<num_names; i++) {
- DEBUG(10, ("Adding group member SID %s\n",
- sid_string_static(sid_mem[i])));
-
- if (types[i] != SID_NAME_USER) {
- DEBUG(1, ("Hmmm. Member %s of group %s is no user. "
- "Ignoring.\n", names[i], name));
- continue;
- }
-
- add_member(domain->name, names[i], members, num_members);
- }
-
- done:
- talloc_destroy(mem_ctx);
- return;
-}
-
-BOOL fill_passdb_alias_grmem(struct winbindd_domain *domain,
- DOM_SID *group_sid,
- int *num_gr_mem, char **gr_mem, int *gr_mem_len)
-{
- DOM_SID *members;
- int i, num_members;
-
- *num_gr_mem = 0;
- *gr_mem = NULL;
- *gr_mem_len = 0;
-
- if (!pdb_enum_aliasmem(group_sid, &members, &num_members))
- return True;
-
- for (i=0; i<num_members; i++) {
- add_expanded_sid(&members[i], gr_mem, num_gr_mem);
- }
-
- SAFE_FREE(members);
-
- if (*gr_mem != NULL) {
- int len;
-
- /* We have at least one member, strip off the last "," */
- len = strlen(*gr_mem);
- (*gr_mem)[len-1] = '\0';
- *gr_mem_len = len;
- }
-
- return True;
-}
-
-/* Query display info for a domain. This returns enough information plus a
- bit extra to give an overview of domain users for the User Manager
- application. */
-static NTSTATUS query_user_list(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- WINBIND_USERINFO **info)
-{
- /* We don't have users */
- *num_entries = 0;
- *info = NULL;
- return NT_STATUS_OK;
-}
-
-/* list all domain groups */
-static NTSTATUS enum_dom_groups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info)
-{
- /* We don't have domain groups */
- *num_entries = 0;
- *info = NULL;
- return NT_STATUS_OK;
-}
-
-/* List all domain groups */
-
-static NTSTATUS enum_local_groups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info)
-{
- struct acct_info *talloced_info;
-
- /* Hmm. One billion aliases should be enough for a start */
-
- if (!pdb_enum_aliases(&domain->sid, 0, 1000000000,
- num_entries, info)) {
- /* Nothing to report, just exit. */
- return NT_STATUS_OK;
- }
-
- talloced_info = (struct acct_info *)
- talloc_memdup(mem_ctx, *info,
- *num_entries * sizeof(struct acct_info));
-
- SAFE_FREE(*info);
- *info = talloced_info;
-
- return NT_STATUS_OK;
-}
-
-/* convert a single name to a sid in a domain */
-static NTSTATUS name_to_sid(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const char *name,
- DOM_SID *sid,
- enum SID_NAME_USE *type)
-{
- DEBUG(10, ("Finding name %s\n", name));
-
- if (!pdb_find_alias(name, sid))
- return NT_STATUS_NONE_MAPPED;
-
- *type = SID_NAME_ALIAS;
- return NT_STATUS_OK;
-}
-
-/*
- convert a domain SID to a user or group name
-*/
-static NTSTATUS sid_to_name(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
- char **name,
- enum SID_NAME_USE *type)
-{
- struct acct_info info;
-
- DEBUG(10, ("Converting SID %s\n", sid_string_static(sid)));
-
- if (!pdb_get_aliasinfo(sid, &info))
- return NT_STATUS_NONE_MAPPED;
-
- *name = talloc_strdup(mem_ctx, info.acct_name);
- *type = SID_NAME_ALIAS;
-
- return NT_STATUS_OK;
-}
-
-/* Lookup user information from a rid or username. */
-static NTSTATUS query_user(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- WINBIND_USERINFO *user_info)
-{
- return NT_STATUS_NO_SUCH_USER;
-}
-
-/* Lookup groups a user is a member of. I wish Unix had a call like this! */
-static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID ***user_gids)
-{
- return NT_STATUS_NO_SUCH_USER;
-}
-
-
-/* Lookup group membership given a rid. */
-static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
- DOM_SID ***sid_mem, char ***names,
- uint32 **name_types)
-{
- return NT_STATUS_OK;
-}
-
-/* find the sequence number for a domain */
-static NTSTATUS sequence_number(struct winbindd_domain *domain, uint32 *seq)
-{
- *seq = 1;
- return NT_STATUS_OK;
-}
-
-/* get a list of trusted domains */
-static NTSTATUS trusted_domains(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- uint32 *num_domains,
- char ***names,
- char ***alt_names,
- DOM_SID **dom_sids)
-{
- return NT_STATUS_OK;
-}
-
-/* find the domain sid for a domain */
-static NTSTATUS domain_sid(struct winbindd_domain *domain, DOM_SID *sid)
-{
- sid_copy(sid, &domain->sid);
- return NT_STATUS_OK;
-}
-
-/* find alternate names list for the domain
- * should we look for netbios aliases??
- SSS */
-static NTSTATUS alternate_name(struct winbindd_domain *domain)
-{
- DEBUG(3,("pdb: alternate_name\n"));
-
- return NT_STATUS_OK;
-}
-
-
-/* the rpc backend methods are exposed via this structure */
-struct winbindd_methods passdb_methods = {
- False,
- query_user_list,
- enum_dom_groups,
- enum_local_groups,
- name_to_sid,
- sid_to_name,
- query_user,
- lookup_usergroups,
- lookup_groupmem,
- sequence_number,
- trusted_domains,
- domain_sid,
- alternate_name
-};
/* Lookup user information from a rid or username. */
static NTSTATUS query_user(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
WINBIND_USERINFO *user_info)
{
CLI_POLICY_HND *hnd = NULL;
/* Lookup groups a user is a member of. I wish Unix had a call like this! */
static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ DOM_SID *user_sid,
uint32 *num_groups, DOM_SID ***user_grpsids)
{
CLI_POLICY_HND *hnd;
/* Lookup group membership given a rid. */
static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid, uint32 *num_names,
+ DOM_SID *group_sid, uint32 *num_names,
DOM_SID ***sid_mem, char ***names,
uint32 **name_types)
{
enum winbindd_result winbindd_lookupsid(struct winbindd_cli_state *state)
{
+ extern DOM_SID global_sid_Builtin;
enum SID_NAME_USE type;
- DOM_SID sid;
+ DOM_SID sid, tmp_sid;
+ uint32 rid;
fstring name;
fstring dom_name;
return WINBINDD_ERROR;
}
+ /* Don't look up BUILTIN sids */
+
+ sid_copy(&tmp_sid, &sid);
+ sid_split_rid(&tmp_sid, &rid);
+
+ if (sid_equal(&tmp_sid, &global_sid_Builtin)) {
+ return WINBINDD_ERROR;
+ }
+
/* Lookup the sid */
if (!winbindd_lookup_name_by_sid(&sid, dom_name, name, &type)) {
return WINBINDD_OK;
}
-
-enum winbindd_result winbindd_allocate_rid(struct winbindd_cli_state *state)
-{
- if ( !state->privileged ) {
- DEBUG(2, ("winbindd_allocate_rid: non-privileged access "
- "denied!\n"));
- return WINBINDD_ERROR;
- }
-
- /* We tell idmap to always allocate a user RID. There might be a good
- * reason to keep RID allocation for users to even and groups to
- * odd. This needs discussion I think. For now only allocate user
- * rids. */
-
- if (!NT_STATUS_IS_OK(idmap_allocate_rid(&state->response.data.rid,
- USER_RID_TYPE)))
- return WINBINDD_ERROR;
-
- return WINBINDD_OK;
-}
}
/* set flags about native_mode, active_directory */
-
- if (!domain->internal)
- set_dc_type_and_flags( domain );
+
+ set_dc_type_and_flags( domain );
DEBUG(3,("add_trusted_domain: %s is an %s %s domain\n", domain->name,
domain->active_directory ? "ADS" : "NT4",
/* do an initial scan for trusted domains */
add_trusted_domains(domain);
-
- /* Add our local SAM domains */
- {
- DOM_SID sid;
- extern struct winbindd_methods passdb_methods;
- struct winbindd_domain *dom;
-
- string_to_sid(&sid, "S-1-5-32");
-
- dom = add_trusted_domain("BUILTIN", NULL, &passdb_methods,
- &sid);
- dom->internal = True;
-
- dom = add_trusted_domain(get_global_sam_name(), NULL,
- &passdb_methods,
- get_global_sam_sid());
- dom->internal = True;
- }
/* avoid rescanning this right away */
last_trustdom_scan = time(NULL);
}
if (i != 0) {
/* Clear out the newline character */
- /* But only if there is something in there,
- otherwise we clobber something in the stack */
- if (strlen(response))
- response[strlen(response)-1] = ' ';
+ response[strlen(response)-1] = ' ';
}
fstrcat(response,addr);
fstrcat(response,"\t");
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
-
- ModConfig LDAP backend
-
- Copyright (C) Simo Sorce 2003
- Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
- Copyright (C) Gerald Carter 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_CONFIG
-*/
-
-#include <lber.h>
-#include <ldap.h>
-
-#include "smbldap.h"
-
-#define LDAP_OBJ_SAMBA_CONFIG "sambaConfig"
-#define LDAP_OBJ_SAMBA_SHARE "sambaShare"
-#define LDAP_OBJ_SAMBA_OPTION "sambaConfigOption"
-
-#define LDAP_ATTR_LIST_END 0
-#define LDAP_ATTR_BOOL 1
-#define LDAP_ATTR_INTEGER 2
-#define LDAP_ATTR_STRING 3
-#define LDAP_ATTR_LIST 4
-#define LDAP_ATTR_NAME 5
-
-
-struct ldap_config_state {
- struct smbldap_state *smbldap_state;
- TALLOC_CTX *mem_ctx;
-};
-
-ATTRIB_MAP_ENTRY option_attr_list[] = {
- { LDAP_ATTR_NAME, "sambaOptionName" },
- { LDAP_ATTR_LIST, "sambaListOption" },
- { LDAP_ATTR_STRING, "sambaStringOption" },
- { LDAP_ATTR_INTEGER, "sambaIntegerOption" },
- { LDAP_ATTR_BOOL, "sambaBoolOption" },
- { LDAP_ATTR_LIST_END, NULL }
-};
-
-static struct ldap_config_state ldap_state;
-static char *config_base_dn;
-
-static NTSTATUS ldap_config_close(void);
-
-/*
-TODO:
- search each section
- start with global, then with others
- for each section parse all options
-*/
-
-static NTSTATUS parse_section(
- const char *dn,
- BOOL (*pfunc)(const char *, const char *))
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
- pstring filter;
- pstring option_name;
- pstring option_value;
- char **attr_list = NULL;
- int rc;
- int count;
-
- mem_ctx = talloc_init("parse_section");
-
- /* search for the options */
- pstr_sprintf(filter, "objectClass=%s",
- LDAP_OBJ_SAMBA_OPTION);
-
- DEBUG(0, ("Searching for:[%s]\n", filter));
-
- attr_list = get_attr_list(option_attr_list);
- rc = smbldap_search(ldap_state.smbldap_state,
- dn, LDAP_SCOPE_ONELEVEL,
- filter, attr_list, 0, &result);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0,("parse_section: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG));
- goto done;
- }
-
- count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
- entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
- while (entry) {
- int o;
-
- if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaOptionName", option_name)) {
- goto done;
- }
-
- option_value[0] = '\0';
- for (o = 1; option_attr_list[o].name != NULL; o++) {
- if (smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, option_attr_list[o].name, option_value)) {
- break;
- }
- }
- if (option_value[0] != '\0') {
- if (!pfunc(option_name, option_value)) {
- goto done;
- }
- } else {
- DEBUG(0,("parse_section: Missing value for option: %s\n", option_name));
- goto done;
- }
-
- entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry);
- }
-
- ret = NT_STATUS_OK;
-
-done:
- talloc_destroy(mem_ctx);
- free_attr_list(attr_list);
- if (result) ldap_msgfree(result);
-
- return ret;
-}
-
-/*****************************************************************************
- load configuration from ldap
-*****************************************************************************/
-
-static NTSTATUS ldap_config_load(
- BOOL (*sfunc)(const char *),
- BOOL (*pfunc)(const char *, const char *))
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *result = NULL;
- LDAPMessage *entry = NULL;
- pstring filter;
- pstring attr_text;
- char *config_dn = NULL;
- char *temp;
- int rc;
- int count;
- const char *config_attr_list[] = {"description", NULL};
- const char *share_attr_list[] = {"sambaShareName", "description", NULL};
- char **share_dn;
- char **share_name;
-
- mem_ctx = talloc_init("ldap_config_load");
-
- /* search for the base config dn */
- pstr_sprintf(filter, "objectClass=%s",
- LDAP_OBJ_SAMBA_CONFIG);
-
- DEBUG(0, ("Searching for:[%s]\n", filter));
-
- rc = smbldap_search(ldap_state.smbldap_state,
- config_base_dn, LDAP_SCOPE_SUBTREE,
- filter, config_attr_list, 0, &result);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG));
- goto done;
- }
-
- count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
- if (count != 1) {
- DEBUG(0,("ldap_config_load: single %s object not found\n", LDAP_OBJ_SAMBA_CONFIG));
- goto done;
- }
-
- if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, result))) {
- goto done;
- }
- config_dn = talloc_strdup(mem_ctx, temp);
- SAFE_FREE(temp);
- if (!config_dn) {
- goto done;
- }
-
- entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
-
- if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "description", attr_text)) {
- DEBUG(0, ("ldap_config_load: no description field in %s object\n", LDAP_OBJ_SAMBA_CONFIG));
- }
-
- if (result) ldap_msgfree(result);
-/* TODO: finish up the last section, see loadparm's lp_load()*/
-
- /* retrive the section list */
- pstr_sprintf(filter, "objectClass=%s",
- LDAP_OBJ_SAMBA_SHARE);
-
- DEBUG(0, ("Searching for:[%s]\n", filter));
-
- rc = smbldap_search(ldap_state.smbldap_state,
- config_dn, LDAP_SCOPE_SUBTREE,
- filter, share_attr_list, 0, &result);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0,("ldap_config_load: %s object not found\n", LDAP_OBJ_SAMBA_CONFIG));
- goto done;
- }
-
- count = ldap_count_entries(ldap_state.smbldap_state->ldap_struct, result);
- DEBUG(0, ("config_ldap: Found %d shares\n", count));
- if (count) {
- int i;
-
- share_dn = talloc(mem_ctx, (count + 1) * sizeof(char *));
- share_name = talloc(mem_ctx, (count) * sizeof(char *));
- if (!share_dn || !share_name) {
- DEBUG(0,("config_ldap: Out of memory!\n"));
- goto done;
- }
- entry = ldap_first_entry(ldap_state.smbldap_state->ldap_struct, result);
- i = 0;
- while (entry) {
- if (!(temp = smbldap_get_dn(ldap_state.smbldap_state->ldap_struct, entry))) {
- goto done;
- }
- if (!smbldap_get_single_pstring(ldap_state.smbldap_state->ldap_struct, entry, "sambaShareName", attr_text)) {
- goto done;
- }
- share_dn[i] = talloc_strdup(mem_ctx, temp);
- share_name[i] = talloc_strdup(mem_ctx, attr_text);
- if (!share_dn[i] || !share_name[i]) {
- DEBUG(0,("config_ldap: Out of memory!\n"));
- goto done;
- }
-
- DEBUG(0, ("config_ldap: Found share [%s] (%s)\n", attr_text, temp));
- SAFE_FREE(temp);
-
- entry = ldap_next_entry(ldap_state.smbldap_state->ldap_struct, entry);
- i++;
- if (entry && (count == i)) {
- DEBUG(0, ("Error too many entryes in ldap result\n"));
- goto done;
- }
- }
- share_dn[i] = NULL;
- }
-
- /* parse global section*/
- if (!sfunc("global")) {
- goto done;
- }
- if (!NT_STATUS_IS_OK(parse_section(config_dn, pfunc))) {
- goto done;
- } else { /* parse shares */
- int i;
-
- for (i = 0; share_dn[i] != NULL; i++) {
- if (!sfunc(share_name[i])) {
- goto done;
- }
- if (!NT_STATUS_IS_OK(parse_section(share_dn[i], pfunc))) {
- goto done;
- }
- }
- }
-
-done:
- talloc_destroy(mem_ctx);
- if (result) ldap_msgfree(result);
-
- return ret;
-}
-
-/*****************************************************************************
- Initialise config_ldap module
-*****************************************************************************/
-
-static NTSTATUS ldap_config_init(char *params)
-{
- NTSTATUS nt_status;
- const char *location;
- const char *basedn;
-
- ldap_state.mem_ctx = talloc_init("config_ldap");
- if (!ldap_state.mem_ctx) {
- return NT_STATUS_NO_MEMORY;
- }
-
- /* we assume only location is passed through an inline parameter
- * other options go via parametrical options */
- if (params) {
- location = params;
- } else {
- location = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "url", "ldap://localhost");
- }
- DEBUG(0,("config_ldap: location=%s\n", location));
- basedn = lp_parm_const_string(GLOBAL_SECTION_SNUM, "config_ldap", "basedn", NULL);
- if (basedn) config_base_dn = smb_xstrdup(basedn);
-
- if (!NT_STATUS_IS_OK(nt_status =
- smbldap_init(ldap_state.mem_ctx, location,
- &ldap_state.smbldap_state))) {
- talloc_destroy(ldap_state.mem_ctx);
- DEBUG(0,("config_ldap: smbldap_init failed!\n"));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-/*****************************************************************************
- End the LDAP session
-*****************************************************************************/
-
-static NTSTATUS ldap_config_close(void)
-{
-
- smbldap_free_struct(&(ldap_state).smbldap_state);
- talloc_destroy(ldap_state.mem_ctx);
-
- DEBUG(5,("The connection to the LDAP server was closed\n"));
- /* maybe free the results here --metze */
-
- return NT_STATUS_OK;
-}
-
-static struct config_functions functions = {
- ldap_config_init,
- ldap_config_load,
- ldap_config_close
-};
-
-NTSTATUS config_ldap_init(void)
-{
- return smb_register_config(SAMBA_CONFIG_INTERFACE_VERSION, "ldap", &functions);
-}
*/
typedef struct
{
- char *szConfigBackend;
char *smb_ports;
char *dos_charset;
char *unix_charset;
char *szSMBPasswdFile;
char *szPrivateDir;
char **szPassdbBackend;
- char *szGumsBackend;
char **szPreloadModules;
char *szPasswordServer;
char *szSocketOptions;
char *szLdapUserSuffix;
char *szLdapIdmapSuffix;
char *szLdapGroupSuffix;
- char *szLdapPrivilegeSuffix;
#ifdef WITH_LDAP_SAMCONFIG
int ldap_port;
char *szLdapServer;
static struct parm_struct parm_table[] = {
{N_("Base Options"), P_SEP, P_SEPARATOR},
- {"config backend", P_STRING, P_GLOBAL, &Globals.szConfigBackend, NULL, NULL, FLAG_ADVANCED},
{"dos charset", P_STRING, P_GLOBAL, &Globals.dos_charset, handle_charset, NULL, FLAG_ADVANCED},
{"unix charset", P_STRING, P_GLOBAL, &Globals.unix_charset, handle_charset, NULL, FLAG_ADVANCED},
{"display charset", P_STRING, P_GLOBAL, &Globals.display_charset, handle_charset, NULL, FLAG_ADVANCED},
{"smb passwd file", P_STRING, P_GLOBAL, &Globals.szSMBPasswdFile, NULL, NULL, FLAG_ADVANCED},
{"private dir", P_STRING, P_GLOBAL, &Globals.szPrivateDir, NULL, NULL, FLAG_ADVANCED},
{"passdb backend", P_LIST, P_GLOBAL, &Globals.szPassdbBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
- {"gums backend", P_STRING, P_GLOBAL, &Globals.szGumsBackend, NULL, NULL, FLAG_ADVANCED | FLAG_WIZARD},
{"algorithmic rid base", P_INTEGER, P_GLOBAL, &Globals.AlgorithmicRidBase, NULL, NULL, FLAG_ADVANCED},
{"root directory", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_ADVANCED},
{"root dir", P_STRING, P_GLOBAL, &Globals.szRootdir, NULL, NULL, FLAG_HIDE},
{"ldap user suffix", P_STRING, P_GLOBAL, &Globals.szLdapUserSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap group suffix", P_STRING, P_GLOBAL, &Globals.szLdapGroupSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap idmap suffix", P_STRING, P_GLOBAL, &Globals.szLdapIdmapSuffix, NULL, NULL, FLAG_ADVANCED},
- {"ldap privilege suffix", P_STRING, P_GLOBAL, &Globals.szLdapPrivilegeSuffix, NULL, NULL, FLAG_ADVANCED},
{"ldap filter", P_STRING, P_GLOBAL, &Globals.szLdapFilter, NULL, NULL, FLAG_ADVANCED},
{"ldap admin dn", P_STRING, P_GLOBAL, &Globals.szLdapAdminDn, NULL, NULL, FLAG_ADVANCED},
{"ldap ssl", P_ENUM, P_GLOBAL, &Globals.ldap_ssl, NULL, enum_ldap_ssl, FLAG_ADVANCED},
DEBUG(3, ("Initialising global parameters\n"));
- string_set(&Globals.szConfigBackend, NULL);
-
string_set(&Globals.szSMBPasswdFile, dyn_SMB_PASSWD_FILE);
string_set(&Globals.szPrivateDir, dyn_PRIVATE_DIR);
#else
Globals.szPassdbBackend = str_list_make("smbpasswd", NULL);
#endif /* WITH_LDAP_SAMCONFIG */
- string_set(&Globals.szGumsBackend, "tdbsam2");
string_set(&Globals.szLdapSuffix, "");
string_set(&Globals.szLdapFilter, "(uid=%u)");
string_set(&Globals.szLdapUserSuffix, "");
string_set(&Globals.szLdapGroupSuffix, "");
string_set(&Globals.szLdapIdmapSuffix, "");
- string_set(&Globals.szLdapPrivilegeSuffix, "");
string_set(&Globals.szLdapAdminDn, "");
Globals.ldap_ssl = LDAP_SSL_ON;
#define FN_LOCAL_INTEGER(fn_name,val) \
int fn_name(int i) {return(LP_SNUM_OK(i)? ServicePtrs[(i)]->val : sDefault.val);}
-FN_GLOBAL_STRING(lp_config_backend, &Globals.szConfigBackend)
FN_GLOBAL_STRING(lp_smb_ports, &Globals.smb_ports)
FN_GLOBAL_STRING(lp_dos_charset, &Globals.dos_charset)
FN_GLOBAL_STRING(lp_unix_charset, &Globals.unix_charset)
FN_GLOBAL_STRING(lp_passwordserver, &Globals.szPasswordServer)
FN_GLOBAL_STRING(lp_name_resolve_order, &Globals.szNameResolveOrder)
FN_GLOBAL_STRING(lp_realm, &Globals.szRealm)
-FN_GLOBAL_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
+FN_GLOBAL_CONST_STRING(lp_afs_username_map, &Globals.szAfsUsernameMap)
FN_GLOBAL_STRING(lp_username_map, &Globals.szUsernameMap)
FN_GLOBAL_CONST_STRING(lp_logon_script, &Globals.szLogonScript)
FN_GLOBAL_CONST_STRING(lp_logon_path, &Globals.szLogonPath)
static FN_GLOBAL_STRING(lp_announce_version, &Globals.szAnnounceVersion)
FN_GLOBAL_LIST(lp_netbios_aliases, &Globals.szNetbiosAliases)
FN_GLOBAL_LIST(lp_passdb_backend, &Globals.szPassdbBackend)
-FN_GLOBAL_STRING(lp_gums_backend, &Globals.szGumsBackend)
FN_GLOBAL_LIST(lp_preload_modules, &Globals.szPreloadModules)
FN_GLOBAL_STRING(lp_panic_action, &Globals.szPanicAction)
FN_GLOBAL_STRING(lp_adduser_script, &Globals.szAddUserScript)
return lp_string(Globals.szLdapSuffix);
}
-char *lp_ldap_privilege_suffix(void)
-{
- if (Globals.szLdapPrivilegeSuffix[0])
- return append_ldap_suffix(Globals.szLdapPrivilegeSuffix);
-
- return lp_string(Globals.szLdapSuffix);
-}
-
/***************************************************************************
***************************************************************************/
if (iServiceIndex >= 0)
bRetval = service_ok(iServiceIndex);
- if (*(lp_config_backend())) {
- modconf_init(lp_config_backend());
- modconf_load(do_section, do_parameter);
- }
-
lp_add_auto_services(lp_auto_services());
if (add_ipc) {
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Configuration Modules Support
- Copyright (C) Simo Sorce 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_IDMAP
-
-struct modconf_struct {
- char *name;
- struct config_functions *fns;
-};
-
-static struct modconf_struct module;
-
-NTSTATUS smb_register_config(int version, const char *name, struct config_functions *fns)
-{
- if ((version != SAMBA_CONFIG_INTERFACE_VERSION)) {
- DEBUG(0, ("smb_register_config: Failed to register config module.\n"
- "The module has been compiled with a different interface version (%d).\n"
- "The supported version is: %d\n",
- version, SAMBA_CONFIG_INTERFACE_VERSION));
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- }
-
- if (!name || !name[0]) {
- DEBUG(0,("smb_register_config: Name missing!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- module.name = smb_xstrdup(name);
- module.fns = fns;
- DEBUG(5, ("smb_register_config: Successfully registeres config backend '%s'\n", name));
- return NT_STATUS_OK;
-}
-
-/**********************************************************************
- * Init the configuration module
- *********************************************************************/
-
-BOOL modconf_init(const char *config_backend)
-{
- NTSTATUS ret;
- BOOL bret = False;
- char *name;
- char *params;
-
- /* nothing to do */
- if (!config_backend)
- return True;
-
- name = smb_xstrdup(config_backend);
- if ((params = strchr(name, ':')) != NULL ) {
- *params = '\0';
- params++;
- }
-
- ret = smb_probe_module("config", name);
-
- if (NT_STATUS_IS_OK(ret) && NT_STATUS_IS_OK(module.fns->init(params)))
- bret = True;
-
- SAFE_FREE(name);
- return bret;
-}
-
-BOOL modconf_load(BOOL (*sfunc)(const char *),BOOL (*pfunc)(const char *, const char *))
-{
- if (module.fns) {
- if (NT_STATUS_IS_OK(module.fns->load(sfunc, pfunc))) {
- return True;
- }
- }
- return False;
-}
-
-NTSTATUS modconf_close(void)
-{
- return module.fns->close();
-}
/**
* Force get_global_sam_sid to requery the backends
*/
-void reset_global_sam_sid(void)
+void reset_global_sam_sid(void)
{
SAFE_FREE(global_sam_sid);
}
-
done:
- SAFE_FREE(lm_pw_ptr);
- SAFE_FREE(nt_pw_ptr);
SAFE_FREE(username);
SAFE_FREE(domain);
SAFE_FREE(nt_username);
return (NULL);
}
+uint32 pdb_get_fields_present (const SAM_ACCOUNT *sampass)
+{
+ if (sampass)
+ return (sampass->private.fields_present);
+ else
+ return (-1);
+}
+
uint16 pdb_get_bad_password_count(const SAM_ACCOUNT *sampass)
{
if (sampass)
return pdb_set_init_flags(sampass, PDB_PLAINTEXT_PW, flag);
}
+BOOL pdb_set_fields_present (SAM_ACCOUNT *sampass, uint32 fields_present, enum pdb_value_state flag)
+{
+ if (!sampass)
+ return False;
+
+ sampass->private.fields_present = fields_present;
+
+ return pdb_set_init_flags(sampass, PDB_FIELDS_PRESENT, flag);
+}
+
BOOL pdb_set_bad_password_count(SAM_ACCOUNT *sampass, uint16 bad_password_count, enum pdb_value_state flag)
{
if (!sampass)
/* value set to all for testing */
return 0x00ffffff;
}
-
(*pdb_method)->delete_group_mapping_entry = pdb_nop_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = pdb_nop_enum_group_mapping;
- /* we do not handle groups in guest backend */
-/* FIXME
- (*pdb_method)->get_group_info_by_sid = pdb_nop_get_group_info_by_sid;
- (*pdb_method)->get_group_list = pdb_nop_get_group_list;
- (*pdb_method)->get_group_sids = pdb_nop_get_group_sids;
- (*pdb_method)->add_group = pdb_nop_add_group;
- (*pdb_method)->update_group = pdb_nop_update_group;
- (*pdb_method)->delete_group = pdb_nop_delete_group;
- (*pdb_method)->add_sid_to_group = pdb_nop_add_sid_to_group;
- (*pdb_method)->remove_sid_from_group = pdb_nop_remove_sid_from_group;
- (*pdb_method)->get_group_info_by_name = pdb_nop_get_group_info_by_name;
- (*pdb_method)->get_group_info_by_nt_name = pdb_nop_get_group_info_by_nt_name;
- (*pdb_method)->get_group_uids = pdb_nop_get_group_uids;
-*/
-
/* There's not very much to initialise here */
return NT_STATUS_OK;
+++ /dev/null
-/*
- * GUMS password backend for samba
- * Copyright (C) Simo Sorce 2003-2004
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-
-#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-#define BOOL_SET_OR_FAIL(func, label) do { if (!func) { DEBUG(0, ("%s: Setting sam object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-
-struct gums_gw_data {
- GUMS_FUNCTIONS *fns;
- void *handle;
-};
-
-static NTSTATUS gums_object_to_sam_account(SAM_ACCOUNT *sa, GUMS_OBJECT *go)
-{
- NTSTATUS ret;
- NTTIME nt_time;
- DATA_BLOB pwd;
-
- if (!go || !sa)
- return NT_STATUS_INVALID_PARAMETER;
-/*
- if (!NT_STATUS_IS_OK(ret = pdb_init_sam(sa))) {
- DEBUG(0, ("gums_object_to_sam_account: error occurred while creating sam_account object!\n"));
- goto error;
- }
-*/
- if (gums_get_object_type(go) != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- BOOL_SET_OR_FAIL(pdb_set_acct_ctrl(sa, gums_get_user_acct_ctrl(go), PDB_SET), error);
-
- /* domain */
- /* unix_homedir ? */
-
- nt_time = gums_get_user_logon_time(go);
- BOOL_SET_OR_FAIL(pdb_set_logon_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- nt_time = gums_get_user_logoff_time(go);
- BOOL_SET_OR_FAIL(pdb_set_logoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- nt_time = gums_get_user_kickoff_time(go);
- BOOL_SET_OR_FAIL(pdb_set_kickoff_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- nt_time = gums_get_user_pass_last_set_time(go);
- BOOL_SET_OR_FAIL(pdb_set_pass_last_set_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- nt_time = gums_get_user_pass_can_change_time(go);
- BOOL_SET_OR_FAIL(pdb_set_pass_can_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- nt_time = gums_get_user_pass_must_change_time(go);
- BOOL_SET_OR_FAIL(pdb_set_pass_must_change_time(sa, nt_time_to_unix(&nt_time), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_hours_len(sa, gums_get_user_hours_len(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_logon_divs(sa, gums_get_user_logon_divs(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_user_sid(sa, gums_get_object_sid(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_group_sid(sa, gums_get_user_pri_group(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_username(sa, gums_get_object_name(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_nt_username(sa, gums_get_object_name(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_fullname(sa, gums_get_user_fullname(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_logon_script(sa, gums_get_user_logon_script(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_profile_path(sa, gums_get_user_profile_path(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_dir_drive(sa, gums_get_user_dir_drive(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_homedir(sa, gums_get_user_homedir(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_acct_desc(sa, gums_get_object_description(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_workstations(sa, gums_get_user_workstations(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_unknown_str(sa, gums_get_user_unknown_str(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_munged_dial(sa, gums_get_user_munged_dial(go), PDB_SET), error);
-
- pwd = gums_get_user_nt_pwd(go);
- if (!pdb_set_nt_passwd(sa, pwd.data, PDB_SET)) {
- DEBUG(5, ("gums_object_to_sam_account: unable to set nt password"));
- data_blob_clear_free(&pwd);
- ret = NT_STATUS_UNSUCCESSFUL;
- goto error;
- }
- data_blob_clear_free(&pwd);
- pwd = gums_get_user_lm_pwd(go);
- if (!pdb_set_lanman_passwd(sa, pwd.data, PDB_SET)) {
- DEBUG(5, ("gums_object_to_sam_account: unable to set lanman password"));
- data_blob_clear_free(&pwd);
- ret = NT_STATUS_UNSUCCESSFUL;
- goto error;
- }
- data_blob_clear_free(&pwd);
-
- BOOL_SET_OR_FAIL(pdb_set_bad_password_count(sa, gums_get_user_bad_password_count(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_unknown_6(sa, gums_get_user_unknown_6(go), PDB_SET), error);
- BOOL_SET_OR_FAIL(pdb_set_hours(sa, gums_get_user_hours(go), PDB_SET), error);
-
- return NT_STATUS_OK;
-
-error:
- if (sa && (sa->free_fn)) {
- sa->free_fn(&sa);
- }
-
- return ret;
-}
-
-static NTSTATUS sam_account_to_gums_object(GUMS_OBJECT *go, SAM_ACCOUNT *sa)
-{
- NTSTATUS ret;
- NTTIME nt_time;
- DATA_BLOB pwd;
-
- if (!go || !sa)
- return NT_STATUS_INVALID_PARAMETER;
-
-/*
- ret = gums_create_object(go, GUMS_OBJ_NORMAL_USER);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("sam_account_to_gums_object: error occurred while creating gums object!\n"));
- goto error;
- }
-*/
-
- /* sec_desc */
-
- SET_OR_FAIL(gums_set_object_name(go, pdb_get_username(sa)), error);
-
- SET_OR_FAIL(gums_set_object_sid(go, pdb_get_user_sid(sa)), error);
- SET_OR_FAIL(gums_set_user_pri_group(go, pdb_get_group_sid(sa)), error);
-
- if (pdb_get_acct_desc(sa))
- SET_OR_FAIL(gums_set_object_description(go, pdb_get_acct_desc(sa)), error);
- if (pdb_get_fullname(sa))
- SET_OR_FAIL(gums_set_user_fullname(go, pdb_get_fullname(sa)), error);
- if (pdb_get_homedir(sa))
- SET_OR_FAIL(gums_set_user_homedir(go, pdb_get_homedir(sa)), error);
- if (pdb_get_dir_drive(sa))
- SET_OR_FAIL(gums_set_user_dir_drive(go, pdb_get_dir_drive(sa)), error);
- if (pdb_get_logon_script(sa))
- SET_OR_FAIL(gums_set_user_logon_script(go, pdb_get_logon_script(sa)), error);
- if (pdb_get_profile_path(sa))
- SET_OR_FAIL(gums_set_user_profile_path(go, pdb_get_profile_path(sa)), error);
- if (pdb_get_workstations(sa))
- SET_OR_FAIL(gums_set_user_workstations(go, pdb_get_workstations(sa)), error);
- if (pdb_get_unknown_str(sa))
- SET_OR_FAIL(gums_set_user_unknown_str(go, pdb_get_unknown_str(sa)), error);
- if (pdb_get_munged_dial(sa))
- SET_OR_FAIL(gums_set_user_munged_dial(go, pdb_get_munged_dial(sa)), error);
- SET_OR_FAIL(gums_set_user_logon_divs(go, pdb_get_logon_divs(sa)), error);
- if (pdb_get_hours(sa))
- SET_OR_FAIL(gums_set_user_hours(go, pdb_get_hours_len(sa), pdb_get_hours(sa)), error);
- SET_OR_FAIL(gums_set_user_bad_password_count(go, pdb_get_bad_password_count(sa)), error);
- SET_OR_FAIL(gums_set_user_unknown_6(go, pdb_get_unknown_6(sa)), error);
-
- unix_to_nt_time(&nt_time, pdb_get_logon_time(sa));
- SET_OR_FAIL(gums_set_user_logon_time(go, nt_time), error);
- unix_to_nt_time(&nt_time, pdb_get_logoff_time(sa));
- SET_OR_FAIL(gums_set_user_logoff_time(go, nt_time), error);
- unix_to_nt_time(&nt_time, pdb_get_kickoff_time(sa));
- SET_OR_FAIL(gums_set_user_kickoff_time(go, nt_time), error);
- unix_to_nt_time(&nt_time, pdb_get_pass_last_set_time(sa));
- SET_OR_FAIL(gums_set_user_pass_last_set_time(go, nt_time), error);
- unix_to_nt_time(&nt_time, pdb_get_pass_can_change_time(sa));
- SET_OR_FAIL(gums_set_user_pass_can_change_time(go, nt_time), error);
- unix_to_nt_time(&nt_time, pdb_get_pass_must_change_time(sa));
- SET_OR_FAIL(gums_set_user_pass_must_change_time(go, nt_time), error);
-
- pwd = data_blob(pdb_get_nt_passwd(sa), NT_HASH_LEN);
- ret = gums_set_user_nt_pwd(go, pwd);
- data_blob_clear_free(&pwd);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(5, ("sam_account_to_gums_object: failed to set nt password!\n"));
- goto error;
- }
- pwd = data_blob(pdb_get_lanman_passwd(sa), LM_HASH_LEN);
- ret = gums_set_user_lm_pwd(go, pwd);
- data_blob_clear_free(&pwd);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(5, ("sam_account_to_gums_object: failed to set lanman password!\n"));
- goto error;
- }
-
- SET_OR_FAIL(gums_set_user_acct_ctrl(go, pdb_get_acct_ctrl(sa)), error);
-
- return NT_STATUS_OK;
-
-error:
- gums_reset_object(go);
- return ret;
-}
-
-static NTSTATUS gums_setsampwent(struct pdb_methods *methods, BOOL update)
-{
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- return ggwd->fns->enumerate_objects_start(&(ggwd->handle), NULL, GUMS_OBJ_NORMAL_USER);
-}
-
-static NTSTATUS gums_getsampwent(struct pdb_methods *methods, SAM_ACCOUNT *account)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->enumerate_objects_get_next(&go, ggwd->handle))) {
- return ret;
- }
-
- ret = gums_object_to_sam_account(account, go);
-
- gums_destroy_object(&go);
- return ret;
-}
-
-static void gums_endsampwent(struct pdb_methods *methods)
-{
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- ggwd->fns->enumerate_objects_stop(ggwd->handle);
-}
-
-/******************************************************************
- Lookup a name in the SAM database
- ******************************************************************/
-
-static NTSTATUS gums_getsampwnam (struct pdb_methods *methods, SAM_ACCOUNT *account, const char *name)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!account || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_name(&go, global_myname(), name, GUMS_OBJ_NORMAL_USER))) {
- DEBUG(10, ("gums_getsampwnam: unable to find account with name %s", name));
- return ret;
- }
-
- ret = gums_object_to_sam_account(account, go);
-
- gums_destroy_object(&go);
- return ret;
-}
-
-/***************************************************************************
- Search by SID
- **************************************************************************/
-
-static NTSTATUS gums_getsampwsid(struct pdb_methods *methods, SAM_ACCOUNT *account, const DOM_SID *sid)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!account || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, sid, GUMS_OBJ_NORMAL_USER))) {
- DEBUG(10, ("gums_getsampwsid: unable to find account with sid %s", sid_string_static(sid)));
- return ret;
- }
-
- ret = gums_object_to_sam_account(account, go);
-
- gums_destroy_object(&go);
- return ret;
-}
-
-/***************************************************************************
- Search by rid
- **************************************************************************/
-
-#if 0
-
-static NTSTATUS gums_getsampwrid (struct pdb_methods *methods,
- SAM_ACCOUNT *account, uint32 rid)
-{
- DOM_SID sid;
-
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
- gums_getsampwsid(methods, account, &sid);
-
- return NT_STATUS_OK;
-}
-
-#endif
-
-/***************************************************************************
- Updates a SAM_ACCOUNT
-
- This isn't a particulary practical option for pdb_guest. We certainly don't
- want to twidde the filesystem, so what should we do?
-
- Current plan is to transparently add the account. It should appear
- as if the pdb_guest version was modified, but its actually stored somehwere.
- ****************************************************************************/
-
-static NTSTATUS gums_add_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!account)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_NORMAL_USER))) {
- DEBUG(0, ("gums_add_sam_account: error occurred while creating gums object!\n"));
- return ret;
- }
-
- if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) {
- DEBUG(0, ("gums_add_sam_account: error occurred while converting object!\n"));
- goto done;
- }
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) {
- DEBUG(0, ("gums_add_sam_account: unable to store account!\n"));
- goto done;
- }
-
-done:
- gums_destroy_object(&go);
- return ret;
-}
-
-static NTSTATUS gums_update_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!account)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->get_object_from_sid(&go, pdb_get_user_sid(account), GUMS_OBJ_NORMAL_USER))) {
- DEBUG(0, ("gums_update_sam_account: update on invalid account!\n"));
- return ret;
- }
-
- if (!NT_STATUS_IS_OK(ret = sam_account_to_gums_object(go, account))) {
- DEBUG(0, ("gums_update_sam_account: error occurred while converting object!\n"));
- goto done;
- }
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->set_object(go))) {
- DEBUG(0, ("gums_update_sam_account: unable to store account!\n"));
- goto done;
- }
-
-done:
- gums_destroy_object(&go);
- return ret;
-}
-
-static NTSTATUS gums_delete_sam_account (struct pdb_methods *methods, SAM_ACCOUNT *account)
-{
- NTSTATUS ret;
- struct gums_gw_data *ggwd = (struct gums_gw_data *)(methods->private_data);
-
- if (!account)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = ggwd->fns->delete_object(pdb_get_user_sid(account)))) {
- DEBUG(0, ("gums_add_sam_account: unable to store account!\n"));
- }
-
- return ret;
-}
-
-
-static void free_gw_private_data(void **vp)
-{
- struct gums_gw_data *ggwd = (struct gums_gw_data *)vp;
- ggwd->fns->free_private_data(&(ggwd->fns->private_data));
- ggwd->fns = NULL;
- ggwd->handle = NULL;
- SAFE_FREE(vp);
-}
-
-NTSTATUS pdb_init_gums_gateway(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
-{
- NTSTATUS ret;
- struct gums_gw_data *ggwd;
-
- if (!pdb_context) {
- DEBUG(0, ("invalid pdb_context specified\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(ret = gums_setup_backend(lp_gums_backend()))) {
- DEBUG(0, ("pdb_init_gums_gateway: initialization error!\n"));
- return ret;
- }
-
- ggwd = (struct gums_gw_data *)malloc(sizeof(struct gums_gw_data));
- if (!ggwd)
- return NT_STATUS_NO_MEMORY;
- memset(ggwd, 0, sizeof(struct gums_gw_data));
-
- if (!NT_STATUS_IS_OK(ret = get_gums_fns(&(ggwd->fns)))) {
- goto error;
- }
-
- if (!NT_STATUS_IS_OK(ret = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) {
- goto error;
- }
-
- (*pdb_method)->name = "gums_gateway";
-
- (*pdb_method)->setsampwent = gums_setsampwent;
- (*pdb_method)->getsampwent = gums_getsampwent;
- (*pdb_method)->endsampwent = gums_endsampwent;
- (*pdb_method)->getsampwnam = gums_getsampwnam;
- (*pdb_method)->getsampwsid = gums_getsampwsid;
- (*pdb_method)->add_sam_account = gums_add_sam_account;
- (*pdb_method)->update_sam_account = gums_update_sam_account;
- (*pdb_method)->delete_sam_account = gums_delete_sam_account;
-
- /* we should do no group mapping here */
-/* (*pdb_method)->getgrsid = gums_getgrsid;
- (*pdb_method)->getgrgid = gums_getgrgid;
- (*pdb_method)->getgrnam = gums_getgrnam;
- (*pdb_method)->add_group_mapping_entry = gums_add_group_mapping_entry;
- (*pdb_method)->update_group_mapping_entry = gums_update_group_mapping_entry;
- (*pdb_method)->delete_group_mapping_entry = gums_delete_group_mapping_entry;
- (*pdb_method)->enum_group_mapping = gums_enum_group_mapping;*/
-
- /* we do not handle groups in guest backend */
-/* FIXME
- (*pdb_method)->get_group_info_by_sid = gums_get_group_info_by_sid;
- (*pdb_method)->get_group_list = gums_get_group_list;
- (*pdb_method)->get_group_sids = gums_get_group_sids;
- (*pdb_method)->add_group = gums_add_group;
- (*pdb_method)->update_group = gums_update_group;
- (*pdb_method)->delete_group = gums_delete_group;
- (*pdb_method)->add_sid_to_group = gums_add_sid_to_group;
- (*pdb_method)->remove_sid_from_group = gums_remove_sid_from_group;
- (*pdb_method)->get_group_info_by_name = gums_get_group_info_by_name;
- (*pdb_method)->get_group_info_by_nt_name = gums_get_group_info_by_nt_name;
- (*pdb_method)->get_group_uids = gums_get_group_uids;
-*/
-
- (*pdb_method)->private_data = ggwd;
- (*pdb_method)->free_private_data = free_gw_private_data;
-
- return NT_STATUS_OK;
-
-error:
- SAFE_FREE(ggwd);
- return ret;
-}
-
-NTSTATUS pdb_gums_init(void)
-{
- return smb_register_passdb(PASSDB_INTERFACE_VERSION, "gums", pdb_init_gums_gateway);
-}
-
static NTSTATUS context_add_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ const char *lm_pw, *nt_pw;
+ uint16 acb_flags;
if ((!context) || (!context->pdb_methods)) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
+ /* disable acccounts with no passwords (that has not
+ been allowed by the ACB_PWNOTREQ bit */
+
+ lm_pw = pdb_get_lanman_passwd( sam_acct );
+ nt_pw = pdb_get_nt_passwd( sam_acct );
+ acb_flags = pdb_get_acct_ctrl( sam_acct );
+ if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
+ acb_flags |= ACB_DISABLED;
+ pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
+ }
+
/** @todo This is where a 're-read on add' should be done */
/* We now add a new account to the first database listed.
* Should we? */
static NTSTATUS context_update_sam_account(struct pdb_context *context, SAM_ACCOUNT *sam_acct)
{
NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ const char *lm_pw, *nt_pw;
+ uint16 acb_flags;
if (!context) {
DEBUG(0, ("invalid pdb_context specified!\n"));
return ret;
}
+ /* disable acccounts with no passwords (that has not
+ been allowed by the ACB_PWNOTREQ bit */
+
+ lm_pw = pdb_get_lanman_passwd( sam_acct );
+ nt_pw = pdb_get_nt_passwd( sam_acct );
+ acb_flags = pdb_get_acct_ctrl( sam_acct );
+ if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
+ acb_flags |= ACB_DISABLED;
+ pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
+ }
+
/** @todo This is where a 're-read on update' should be done */
return sam_acct->methods->update_sam_account(sam_acct->methods, sam_acct);
num_entries, unix_only);
}
-static NTSTATUS context_find_alias(struct pdb_context *context,
- const char *name, DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->find_alias(context->pdb_methods,
- name, sid);
-}
-
-static NTSTATUS context_create_alias(struct pdb_context *context,
- const char *name, uint32 *rid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->create_alias(context->pdb_methods,
- name, rid);
-}
-
-static NTSTATUS context_delete_alias(struct pdb_context *context,
- const DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->delete_alias(context->pdb_methods, sid);
-}
-
-static NTSTATUS context_enum_aliases(struct pdb_context *context,
- const DOM_SID *sid,
- uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases,
- struct acct_info **info)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->enum_aliases(context->pdb_methods,
- sid, start_idx, max_entries,
- num_aliases, info);
-}
-
-static NTSTATUS context_get_aliasinfo(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->get_aliasinfo(context->pdb_methods,
- sid, info);
-}
-
-static NTSTATUS context_set_aliasinfo(struct pdb_context *context,
- const DOM_SID *sid,
- struct acct_info *info)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->set_aliasinfo(context->pdb_methods,
- sid, info);
-}
-
-static NTSTATUS context_add_aliasmem(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->add_aliasmem(context->pdb_methods,
- alias, member);
-}
-
-static NTSTATUS context_del_aliasmem(struct pdb_context *context,
- const DOM_SID *alias,
- const DOM_SID *member)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->del_aliasmem(context->pdb_methods,
- alias, member);
-}
-
-static NTSTATUS context_enum_aliasmem(struct pdb_context *context,
- const DOM_SID *alias, DOM_SID **members,
- int *num)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->enum_aliasmem(context->pdb_methods,
- alias, members, num);
-}
-
-static NTSTATUS context_enum_alias_memberships(struct pdb_context *context,
- const DOM_SID *sid,
- DOM_SID **aliases, int *num)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if ((!context) || (!context->pdb_methods)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->
- enum_alias_memberships(context->pdb_methods, sid, aliases,
- num);
-}
-
-static NTSTATUS context_settrustpwent(struct pdb_context *context)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct pdb_methods *cur_methods;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- cur_methods = context->pdb_methods;
-
- while (cur_methods) {
- ret = cur_methods->settrustpwent(cur_methods);
- if (NT_STATUS_IS_OK(ret)) {
- context->pdb_methods = cur_methods;
- return ret;
- }
- cur_methods = cur_methods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_gettrustpwent(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct pdb_methods *cur_methods;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- cur_methods = context->pdb_methods;
-
- while (cur_methods) {
- ret = cur_methods->gettrustpwent(cur_methods, trust);
- if (!NT_STATUS_IS_ERR(ret)) {
- /* prevent from segfaulting when gettrustpwent
- was called just to rewind enumeration */
- if (trust) trust->methods = cur_methods;
- return ret;
- }
- cur_methods = cur_methods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_gettrustpwnam(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust,
- const char *name)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct pdb_methods *cur_methods;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- cur_methods = context->pdb_methods;
-
- while (cur_methods) {
- ret = cur_methods->gettrustpwnam(cur_methods, trust, name);
- if (NT_STATUS_IS_OK(ret)) {
- trust->methods = cur_methods;
- return ret;
- }
- cur_methods = cur_methods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_gettrustpwsid(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust,
- const DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- struct pdb_methods *cur_methods;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- cur_methods = context->pdb_methods;
-
- while (cur_methods) {
- ret = cur_methods->gettrustpwsid(cur_methods, trust, sid);
- if (NT_STATUS_IS_OK(ret)) {
- trust->methods = cur_methods;
- return ret;
- }
- cur_methods = cur_methods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_add_trust_passwd(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- return context->pdb_methods->add_trust_passwd(context->pdb_methods, trust);
-}
-
-static NTSTATUS context_update_trust_passwd(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- if (!trust || !trust->methods) {
- DEBUG(0, ("invalid trust pointer specified!\n"));
- return ret;
- }
-
- return trust->methods->update_trust_passwd(trust->methods, trust);
-}
-
-static NTSTATUS context_delete_trust_passwd(struct pdb_context *context,
- SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- if (!context) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
-
- if (!trust || !trust->methods) {
- DEBUG(0, ("invalid trust pointer specified!\n"));
- return ret;
- }
-
- return trust->methods->delete_trust_passwd(trust->methods, trust);
-}
-
-static NTSTATUS context_add_sid_to_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- if (NT_STATUS_IS_OK(ret = curmethods->add_sid_to_privilege(curmethods, priv_name, sid))) {
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_remove_sid_from_privilege(struct pdb_context *context, const char *priv_name, const DOM_SID *sid)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- if (NT_STATUS_IS_OK(ret = curmethods->remove_sid_from_privilege(curmethods, priv_name, sid))) {
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_get_privilege_set(struct pdb_context *context, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_set(curmethods, token, privset))) {
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
-static NTSTATUS context_get_privilege_entry(struct pdb_context *context, const char *privname, char **sid_list)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- struct pdb_methods *curmethods;
- if ((!context)) {
- DEBUG(0, ("invalid pdb_context specified!\n"));
- return ret;
- }
- curmethods = context->pdb_methods;
- while (curmethods){
- if (NT_STATUS_IS_OK(ret = curmethods->get_privilege_entry(curmethods, privname, sid_list))) {
- return ret;
- }
- curmethods = curmethods->next;
- }
-
- return ret;
-}
-
/******************************************************************
Free and cleanup a pdb context, any associated data and anything
that the attached modules might have associated.
(*context)->pdb_update_group_mapping_entry = context_update_group_mapping_entry;
(*context)->pdb_delete_group_mapping_entry = context_delete_group_mapping_entry;
(*context)->pdb_enum_group_mapping = context_enum_group_mapping;
- (*context)->pdb_find_alias = context_find_alias;
- (*context)->pdb_create_alias = context_create_alias;
- (*context)->pdb_delete_alias = context_delete_alias;
- (*context)->pdb_enum_aliases = context_enum_aliases;
- (*context)->pdb_get_aliasinfo = context_get_aliasinfo;
- (*context)->pdb_set_aliasinfo = context_set_aliasinfo;
- (*context)->pdb_add_aliasmem = context_add_aliasmem;
- (*context)->pdb_del_aliasmem = context_del_aliasmem;
- (*context)->pdb_enum_aliasmem = context_enum_aliasmem;
- (*context)->pdb_enum_alias_memberships = context_enum_alias_memberships;
- (*context)->pdb_settrustpwent = context_settrustpwent;
- (*context)->pdb_gettrustpwent = context_gettrustpwent;
- (*context)->pdb_gettrustpwnam = context_gettrustpwnam;
- (*context)->pdb_gettrustpwsid = context_gettrustpwsid;
- (*context)->pdb_add_trust_passwd = context_add_trust_passwd;
- (*context)->pdb_update_trust_passwd = context_update_trust_passwd;
- (*context)->pdb_delete_trust_passwd = context_delete_trust_passwd;
- (*context)->pdb_add_sid_to_privilege = context_add_sid_to_privilege;
- (*context)->pdb_remove_sid_from_privilege = context_remove_sid_from_privilege;
- (*context)->pdb_get_privilege_set = context_get_privilege_set;
- (*context)->pdb_get_privilege_entry = context_get_privilege_entry;
(*context)->free_fn = free_pdb_context;
BOOL pdb_add_sam_account(SAM_ACCOUNT *sam_acct)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
- const char *lm_pw, *nt_pw;
- uint16 acb_flags;
if (!pdb_context) {
return False;
}
- /* disable acccounts with no passwords (that has not
- been allowed by the ACB_PWNOTREQ bit */
-
- lm_pw = pdb_get_lanman_passwd( sam_acct );
- nt_pw = pdb_get_nt_passwd( sam_acct );
- acb_flags = pdb_get_acct_ctrl( sam_acct );
- if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
- acb_flags |= ACB_DISABLED;
- pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
- }
-
return NT_STATUS_IS_OK(pdb_context->pdb_add_sam_account(pdb_context, sam_acct));
}
BOOL pdb_update_sam_account(SAM_ACCOUNT *sam_acct)
{
struct pdb_context *pdb_context = pdb_get_static_context(False);
- const char *lm_pw, *nt_pw;
- uint16 acb_flags;
if (!pdb_context) {
return False;
}
- /* disable acccounts with no passwords (that has not
- been allowed by the ACB_PWNOTREQ bit */
-
- lm_pw = pdb_get_lanman_passwd( sam_acct );
- nt_pw = pdb_get_nt_passwd( sam_acct );
- acb_flags = pdb_get_acct_ctrl( sam_acct );
- if ( !lm_pw && !nt_pw && !(acb_flags&ACB_PWNOTREQ) ) {
- acb_flags |= ACB_DISABLED;
- pdb_set_acct_ctrl( sam_acct, acb_flags, PDB_CHANGED );
- }
-
return NT_STATUS_IS_OK(pdb_context->pdb_update_sam_account(pdb_context, sam_acct));
}
rmap, num_entries, unix_only));
}
-BOOL pdb_find_alias(const char *name, DOM_SID *sid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_find_alias(pdb_context,
- name, sid));
-}
-
-BOOL pdb_create_alias(const char *name, uint32 *rid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_create_alias(pdb_context,
- name, rid));
-}
-
-BOOL pdb_delete_alias(const DOM_SID *sid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_delete_alias(pdb_context,
- sid));
-
-}
-
-BOOL pdb_enum_aliases(const DOM_SID *sid, uint32 start_idx, uint32 max_entries,
- uint32 *num_aliases, struct acct_info **info)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_enum_aliases(pdb_context, sid,
- start_idx,
- max_entries,
- num_aliases,
- info));
-}
-
-BOOL pdb_get_aliasinfo(const DOM_SID *sid, struct acct_info *info)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_get_aliasinfo(pdb_context, sid,
- info));
-}
-
-BOOL pdb_set_aliasinfo(const DOM_SID *sid, struct acct_info *info)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->pdb_set_aliasinfo(pdb_context, sid,
- info));
-}
-
-BOOL pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_add_aliasmem(pdb_context, alias, member));
-}
-
-BOOL pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID *member)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_del_aliasmem(pdb_context, alias, member));
-}
-
-BOOL pdb_enum_aliasmem(const DOM_SID *alias,
- DOM_SID **members, int *num_members)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_aliasmem(pdb_context, alias,
- members, num_members));
-}
-
-BOOL pdb_enum_alias_memberships(const DOM_SID *sid,
- DOM_SID **aliases, int *num)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_enum_alias_memberships(pdb_context, sid,
- aliases, num));
-}
-
-BOOL pdb_add_sid_to_privilege(char *priv_name, DOM_SID *sid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_add_sid_to_privilege(pdb_context, priv_name, sid));
-}
-
-BOOL pdb_remove_sid_from_privilege(char *priv_name, DOM_SID *sid)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_remove_sid_from_privilege(pdb_context, priv_name, sid));
-}
-
-BOOL pdb_get_privilege_set(NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_get_privilege_set(pdb_context, token, privset));
-}
-
-BOOL pdb_get_privilege_entry(const char *privname, char **sid_list)
-{
- struct pdb_context *pdb_context = pdb_get_static_context(False);
-
- if (!pdb_context) {
- return False;
- }
-
- return NT_STATUS_IS_OK(pdb_context->
- pdb_get_privilege_entry(pdb_context, privname, sid_list));
-}
-
/***************************************************************
Initialize the static context (at smbd startup etc).
return; /* NT_STATUS_NOT_IMPLEMENTED; */
}
-static NTSTATUS pdb_default_settrustpwent(struct pdb_methods *methods)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust,
- const char* name)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD* trust,
- const DOM_SID* sid)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_add_sid_to_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_remove_sid_from_privilege(struct pdb_methods *methods, const char *priv_name, const DOM_SID *sid)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-static NTSTATUS pdb_default_get_privilege_set(struct pdb_methods *methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
-{
- /* by default return the empty privilege set as otherwise login will
- * be denied if a backend does not support privilege sets */
- return NT_STATUS_OK;
-}
-
-static NTSTATUS pdb_default_get_privilege_entry(struct pdb_methods *methods, const char *privname, char **sid_list)
-{
- return NT_STATUS_NOT_IMPLEMENTED;
-}
-
-
NTSTATUS make_pdb_methods(TALLOC_CTX *mem_ctx, PDB_METHODS **methods)
{
*methods = talloc(mem_ctx, sizeof(struct pdb_methods));
(*methods)->update_group_mapping_entry = pdb_default_update_group_mapping_entry;
(*methods)->delete_group_mapping_entry = pdb_default_delete_group_mapping_entry;
(*methods)->enum_group_mapping = pdb_default_enum_group_mapping;
- (*methods)->find_alias = pdb_default_find_alias;
- (*methods)->create_alias = pdb_default_create_alias;
- (*methods)->delete_alias = pdb_default_delete_alias;
- (*methods)->enum_aliases = pdb_default_enum_aliases;
- (*methods)->get_aliasinfo = pdb_default_get_aliasinfo;
- (*methods)->set_aliasinfo = pdb_default_set_aliasinfo;
- (*methods)->add_aliasmem = pdb_default_add_aliasmem;
- (*methods)->del_aliasmem = pdb_default_del_aliasmem;
- (*methods)->enum_aliasmem = pdb_default_enum_aliasmem;
- (*methods)->enum_alias_memberships = pdb_default_alias_memberships;
-
- (*methods)->settrustpwent = pdb_default_settrustpwent;
- (*methods)->gettrustpwent = pdb_default_gettrustpwent;
- (*methods)->gettrustpwnam = pdb_default_gettrustpwnam;
- (*methods)->gettrustpwsid = pdb_default_gettrustpwsid;
- (*methods)->add_trust_passwd = pdb_default_add_trust_passwd;
- (*methods)->update_trust_passwd = pdb_default_update_trust_passwd;
- (*methods)->delete_trust_passwd = pdb_default_delete_trust_passwd;
-
- (*methods)->add_sid_to_privilege = pdb_default_add_sid_to_privilege;
- (*methods)->remove_sid_from_privilege = pdb_default_remove_sid_from_privilege;
- (*methods)->get_privilege_set = pdb_default_get_privilege_set;
- (*methods)->get_privilege_entry = pdb_default_get_privilege_entry;
return NT_STATUS_OK;
}
return NT_STATUS_OK;
}
-/**********************************************************************
- Privileges related functions
- *********************************************************************/
-
-static NTSTATUS ldapsam_modify_sid_list_for_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid, int ldap_op)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *entry = NULL;
- LDAPMod **mods = NULL;
- fstring sid_str;
- fstring filter;
- char **attr_list, *dn;
- int rc, i;
-
- if ((sid == NULL) || (!sid_to_string(sid_str, sid))) {
- DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Invalid SID\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname);
- attr_list = get_attr_list(privilege_attr_list);
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(),
- LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- free_attr_list(attr_list);
-
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- goto done;
- }
-
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) {
- /* if the privilege does not exist and we are adding then
- * create it */
- if (ldap_op == LDAP_MOD_ADD) {
-
- DEBUG(3, ("Privilege not found on ldap tree, creating a new entry\n"));
- if (asprintf(&dn, "sambaPrivName=%s,%s", privname, lp_ldap_privilege_suffix()) < 0) {
- DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: Out of memory\n"));
- goto done;
- }
-
- smbldap_make_mod(ldap_state->smbldap_state->ldap_struct, entry, &mods, "sambaPrivName", privname);
-
- smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectclass", LDAP_OBJ_PRIVILEGE);
-
- rc = smbldap_add(ldap_state->smbldap_state, dn, mods);
-
- if (rc != LDAP_SUCCESS) {
- char *ld_error = NULL;
-
- ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
- DEBUG(1,
- ("ldapsam_modify_sid_list_for_privilege:"
- "Failed to add privilege (%s) dn= %s with: %s\n\t%s\n",
- privname,
- dn, ldap_err2string(rc),
- ld_error ? ld_error : "unknown")
- );
-
- SAFE_FREE(ld_error);
- goto done;
- }
-
- pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname);
- attr_list = get_attr_list(privilege_attr_list);
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(),
- LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- free_attr_list(attr_list);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_modify_sid_list_for_privilege: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_modify_sid_list_for_privilege: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- goto done;
- }
- } else {
- goto done;
- }
- }
- /* entry found */
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result);
-
- /* retrieve the dn */
- dn = smbldap_get_dn(ldap_state->smbldap_state->ldap_struct, entry);
- if (!dn) {
- goto done;
- }
-
- /* prepare the modification */
- smbldap_set_mod(&mods, ldap_op, "sambaSIDList", sid_str);
-
- /* modify the privilege */
- rc = smbldap_modify(ldap_state->smbldap_state, dn, mods);
-
- /* free used structures */
- ldap_mods_free(mods, True);
-
- if (rc != LDAP_SUCCESS) {
- char *ld_error = NULL;
-
- ldap_get_option(ldap_state->smbldap_state->ldap_struct, LDAP_OPT_ERROR_STRING, &ld_error);
- DEBUG(1,
- ("ldapsam_modify_sid_list_for_privilege:"
- "Failed to %s sid for privilege (%s) dn= %s with: %s\n\t%s\n",
- (ldap_op == LDAP_MOD_ADD) ? "add" : "remove",
- privname,
- dn, ldap_err2string(rc),
- ld_error ? ld_error : "unknown")
- );
- SAFE_FREE(ld_error);
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- return ret;
-}
-
-static NTSTATUS ldapsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid)
-{
- return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_ADD);
-}
-
-static NTSTATUS ldapsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *privname, const DOM_SID *sid)
-{
- return ldapsam_modify_sid_list_for_privilege(my_methods, privname, sid, LDAP_MOD_DELETE);
-}
-
-static NTSTATUS ldapsam_get_privilege_set(struct pdb_methods *my_methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *entry = NULL;
- fstring sid_str;
- fstring filter;
- char **sid_list;
- char **attr_list;
- int rc, i;
-
- sid_list = (char **)malloc(sizeof(char *) * (token->num_sids + 1));
- for (i = 0; i < token->num_sids; i++) {
- sid_to_string(sid_str, &token->user_sids[i]);
- sid_list[i] = strdup(sid_str);
- if ( ! sid_list[i]) {
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
- }
- sid_list[i] = NULL;
-
- pstr_sprintf(filter, "(objectclass=%s)", LDAP_OBJ_PRIVILEGE);
- attr_list = get_attr_list(privilege_attr_list);
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(),
- LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- free_attr_list(attr_list);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_get_privilege_set: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_get_privilege_set: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- goto done;
- }
-
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) {
- DEBUG(3, ("ldapsam_get_privilege_set: No privileges in ldap tree\n"));
- ret = NT_STATUS_OK;
- goto done;
- }
-
- DEBUG(2, ("ldapsam_get_privilege_set: %d entries in the base!\n",
- ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result)));
-
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result);
-
- while (entry != NULL) {
- char **values = NULL;
-
- for(i=0; sid_list[i] != NULL; i++) {
- char *c, *s;
- pstring privname;
- int j;
-
- if (!smbldap_get_single_attribute(ldap_state->smbldap_state->ldap_struct, entry, "sambaPrivName", privname, sizeof(pstring))) {
- goto loop;
- }
-
- if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) {
- DEBUG(10, ("ldapsam_get_privilege_set: SID List not found skipping privilege\n"));
- goto loop;
- }
-
- j = 0;
- while (values[j] != 0) {
- if (strcmp(values[j], sid_list[i]) == 0) {
- DEBUG(10, ("sid [%s] found in users sid list\n", sid_list[i]));
- DEBUG(10, ("adding privilege [%s] to the users privilege list\n", privname));
- add_privilege_by_name(privset, privname);
- goto loop;
- }
- j++;
- }
-
- if (values) {
- ldap_value_free(values);
- values = NULL;
- }
- }
- loop:
- if (values) {
- ldap_value_free(values);
- }
-
- entry = ldap_next_entry(ldap_state->smbldap_state->ldap_struct, entry);
- }
-
- ret = NT_STATUS_OK;
-
-done:
- i = 0;
- while (sid_list[i]) {
- free(sid_list[i]);
- i++;
- }
- free(sid_list);
-
- return ret;
-}
-
-static NTSTATUS ldapsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname,
- char **sid_list)
-{
- struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- LDAPMessage *entry = NULL;
- fstring sid_str;
- fstring filter;
- char **attr_list, **values;
- int rc, i, len;
-
- *sid_list = NULL;
- pstr_sprintf(filter, "(&(objectclass=%s)(sambaPrivName=%s))", LDAP_OBJ_PRIVILEGE, privname);
- attr_list = get_attr_list(privilege_attr_list);
- rc = smbldap_search(ldap_state->smbldap_state, lp_ldap_privilege_suffix(),
- LDAP_SCOPE_SUBTREE, filter,
- attr_list, 0, &ldap_state->result);
- free_attr_list(attr_list);
-
- if (rc != LDAP_SUCCESS) {
- DEBUG(0, ("ldapsam_get_privilege_entry: LDAP search failed: %s\n", ldap_err2string(rc)));
- DEBUG(3, ("ldapsam_get_privilege_entry: Query was: %s, %s\n", lp_ldap_privilege_suffix(), filter));
- ldap_msgfree(ldap_state->result);
- ldap_state->result = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (ldap_count_entries(ldap_state->smbldap_state->ldap_struct, ldap_state->result) == 0) {
- DEBUG(3, ("ldapsam_get_privilege_entry: No such privilege (%s) in ldap tree\n", privname));
- goto done;
- }
-
- entry = ldap_first_entry(ldap_state->smbldap_state->ldap_struct, ldap_state->result);
-
- if ((values = ldap_get_values(ldap_state->smbldap_state->ldap_struct, entry, LDAP_ATTRIBUTE_SID_LIST)) == NULL) {
- DEBUG(10, ("ldapsam_get_privilege_entry: SID List not found skipping privilege\n"));
- ret = NT_STATUS_OK;
- goto done;
- }
-
- for (i = 0, len = 0; values[i] != 0; i++ ) {
- len = len + strlen(values[i]) + 1;
- }
-
- *sid_list = (char *)malloc(len);
- if ((*sid_list) == NULL) {
- DEBUG(0, ("ldapsam_get_privilege_entry: Out of memory!\n"));
- ldap_value_free(values);
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- (*sid_list)[0] = '\0';
-
- for (i = 0; values[i] != 0; i++ ) {
- if (i != 0) {
- strlcat(*sid_list, ",", len);
- }
- DEBUG(0, ("sid_list = [%s]\n", *sid_list));
- DEBUG(0, ("values = [%s]\n", values[i]));
- DEBUG(0, ("len = [%d]\n", len));
- strlcat(*sid_list, values[i], len);
- DEBUG(0, ("sid_list = [%s]\n", *sid_list));
- }
-
- ldap_value_free(values);
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-
/**********************************************************************
Housekeeping
*********************************************************************/
(*pdb_method)->delete_group_mapping_entry = ldapsam_delete_group_mapping_entry;
(*pdb_method)->enum_group_mapping = ldapsam_enum_group_mapping;
- (*pdb_method)->add_sid_to_privilege = ldapsam_add_sid_to_privilege;
- (*pdb_method)->remove_sid_from_privilege = ldapsam_remove_sid_from_privilege;
- (*pdb_method)->get_privilege_set = ldapsam_get_privilege_set;
- (*pdb_method)->get_privilege_entry = ldapsam_get_privilege_entry;
-
/* TODO: Setup private data and free */
ldap_state = talloc_zero(pdb_context->mem_ctx, sizeof(*ldap_state));
#define PASSDB_FILE_NAME "passdb.tdb"
#define USERPREFIX "USER_"
#define RIDPREFIX "RID_"
-#define PRIVPREFIX "PRIV_"
#define tdbsamver_t int32
struct tdbsam_privates {
/* No need to free any further, as it is talloc()ed */
}
-/**
- * Start trust passwords enumeration. This function is a simple
- * wrapper for calling gettrustpwent with null pointer passed.
- *
- * @param methods methods belonging in pdb context (module)
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_settrustpwent(struct pdb_methods *methods)
-{
- /* rewind enumeration from beginning */
- return methods->gettrustpwent(methods, NULL);
-}
-
-
-/**
- * Enumerate across trust passwords (machine and interdomain nt/ads)
- *
- * @param methods methods belonging in pdb context (module)
- * @param trust trust password structure
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_gettrustpwent(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- struct trust_passwd_data t;
- TALLOC_CTX *mem_ctx;
-
- TRUSTDOM **trustdom;
- static int enum_ctx;
- int num_domains = 0;
- unsigned int max_domains = 1;
- char *dom_name, *dom_pass;
-
- smb_ucs2_t *uni_dom_name;
- uint8 mach_pass[16];
- uint32 sec_chan;
-
- if (!methods) return NT_STATUS_UNSUCCESSFUL;
-
- /*
- * NT domain trust passwords
- */
-
- /* rewind enumeration when passed NULL pointer as a trust */
- if (!trust) {
- enum_ctx = 0;
- return NT_STATUS_OK;
- }
-
- mem_ctx = talloc_init("tdbsam_gettrustpwent: trust password enumeration");
-
- /* fetch next trusted domain (one at a time) and its full information */
- nt_status = secrets_get_trusted_domains(mem_ctx, &enum_ctx, max_domains, &num_domains,
- &trustdom);
- if (num_domains) {
- pull_ucs2_talloc(mem_ctx, &dom_name, trustdom[0]->name);
- if (secrets_fetch_trusted_domain_password(dom_name, &dom_pass, &t.domain_sid,
- &t.mod_time)) {
-
- t.uni_name_len = strnlen_w(trustdom[0]->name, 32);
- strncpy_w(t.uni_name, trustdom[0]->name, t.uni_name_len);
- safe_strcpy(t.pass, dom_pass, FSTRING_LEN - 1);
- t.flags = PASS_DOMAIN_TRUST_NT;
-
- SAFE_FREE(dom_pass);
- talloc_destroy(mem_ctx);
- trust->private = t;
- return nt_status;
- } else {
- talloc_destroy(mem_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- /*
- * NT machine trust password
- */
-
- if (secrets_lock_trust_account_password(lp_workgroup(), True)) {
- sec_chan = get_default_sec_channel();
- if (secrets_fetch_trust_account_password(lp_workgroup(), mach_pass, &t.mod_time,
- &sec_chan)) {
-
- t.uni_name_len = strlen(lp_workgroup());
- push_ucs2_talloc(mem_ctx, &uni_dom_name, lp_workgroup());
- strncpy_w(t.uni_name, uni_dom_name, t.uni_name_len);
- safe_strcpy(t.pass, mach_pass, FSTRING_LEN - 1);
- t.flags = PASS_MACHINE_TRUST_NT;
- if (!secrets_fetch_domain_sid(lp_workgroup(), &t.domain_sid)) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- talloc_destroy(mem_ctx);
- trust->private = t;
- return NT_STATUS_NO_MORE_ENTRIES;
- }
- secrets_lock_trust_account_password(lp_workgroup(), False);
- } else {
- talloc_destroy(mem_ctx);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /*
- * ADS machine trust password (TODO)
- */
-
-
- /*
- * if nothing is to be returned then reset domain name
- * and return "no more entries"
- */
- nt_status = NT_STATUS_NO_MORE_ENTRIES;
- trust->private.uni_name_len = 0;
- trust->private.uni_name[t.uni_name_len] = 0;
-
- talloc_destroy(mem_ctx);
- return nt_status;
-}
-
-
-/**
- * Get trust password by trusted party name
- *
- * @param methods methods belonging to pdb context (module)
- * @param trust trust password structure
- * @param sid trusted party name
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_gettrustpwnam(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust,
- const char *name)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- char domain_name[32];
-
- if (!methods || !trust || !name) return nt_status;
-
- do {
- /* get trust password (next in turn) */
- nt_status = tdbsam_gettrustpwent(methods, trust);
-
- /* convert unicode name and do case insensitive compare */
- pull_ucs2(NULL, domain_name, trust->private.uni_name, sizeof(domain_name),
- trust->private.uni_name_len, STR_TERMINATE);
- if (!StrnCaseCmp(domain_name, name, sizeof(domain_name)))
- return NT_STATUS_OK;
-
- } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
-
- return nt_status;
-}
-
-
-/**
- * Get trust password by trusted party sid
- *
- * @param methods methods belonging to pdb context (module)
- * @param trust trust password structure
- * @param sid trusted party sid
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_gettrustpwsid(struct pdb_methods *methods, SAM_TRUST_PASSWD *trust,
- const DOM_SID *sid)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- if (!methods || !trust || !sid) return nt_status;
-
- do {
- nt_status = tdbsam_gettrustpwent(methods, trust);
-
- if (sid_equal(&trust->private.domain_sid, sid))
- return NT_STATUS_OK;
-
- } while (NT_STATUS_EQUAL(nt_status, STATUS_MORE_ENTRIES));
-
- return nt_status;
-}
-
-
-/**
- * Add new trust password.
- *
- * @param methods methods belonging in pdb context (module)
- * @param trust trust password structure
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_add_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD *trust)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- BOOL status = False;
- TALLOC_CTX *mem_ctx;
-
- char* domain = NULL;
- struct trust_passwd_data t = trust->private;
- uint32 sec_chan;
-
- mem_ctx = talloc_init("tdbsam_add_trust_passwd: storing new trust password");
-
- /* convert unicode name to char* (used to form the key) */
- pull_ucs2_talloc(mem_ctx, &domain, t.uni_name);
-
- /* add nt machine trust password */
- if (t.flags & (PASS_MACHINE_TRUST_NT | PASS_SERVER_TRUST_NT)) {
- sec_chan = (t.flags & PASS_MACHINE_TRUST_NT) ? SEC_CHAN_WKSTA : SEC_CHAN_BDC;
- status = secrets_store_machine_password(t.pass, domain, sec_chan);
- if (status)
- status = secrets_store_domain_sid(domain, &t.domain_sid);
-
- nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-
- /* add nt domain trust password */
- } else if (t.flags & PASS_DOMAIN_TRUST_NT) {
- status = secrets_store_trusted_domain_password(domain, t.uni_name, t.uni_name_len,
- t.pass, t.domain_sid);
- nt_status = status ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-
- /* add ads machine trust password (TODO) */
- } else if (t.flags & PASS_MACHINE_TRUST_ADS) {
- }
-
- talloc_destroy(mem_ctx);
- return nt_status;
-}
-
-
-/**
- * Update trust password.
- *
- * @param methods methods belonging in pdb context (module)
- * @param trust trust password structure
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_update_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
-{
- NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
- return nt_status;
-}
-
-
-/**
- * Delete trust password.
- *
- * @param methods methods belonging in pdb context (module)
- * @param trust trust password structure
- *
- * @return nt status of performed operation
- **/
-
-static NTSTATUS tdbsam_delete_trust_passwd(struct pdb_methods *methods, const SAM_TRUST_PASSWD* trust)
-{
- NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
- return nt_status;
-}
-
-
-/***************************************************************************
- Add sid to privilege
-****************************************************************************/
-
-static NTSTATUS tdbsam_add_sid_to_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid)
-{
- struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
- TDB_CONTEXT *pwd_tdb = NULL;
- TDB_DATA key, data;
- fstring keystr;
- fstring name;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- fstring sid_str;
- char *sid_list = NULL, *s = NULL;
- size_t str_size;
- int flag;
-
- /* invalidate the existing TDB iterator if it is open */
-
- if (tdb_state->passwd_tdb) {
- tdb_close(tdb_state->passwd_tdb);
- tdb_state->passwd_tdb = NULL;
- }
-
- /* open the account TDB passwd*/
-
- pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT);
-
- if (!pwd_tdb) {
- DEBUG(0, ("tdb_add_sid_to_privilege: Unable to open TDB passwd (%s)!\n",
- tdb_state->tdbsam_location));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* setup the PRIV index key */
- fstrcpy(name, priv_name);
- strlower_m(name);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- /* check if the privilege already exist in the database */
-
- /* get the record */
- data = tdb_fetch (pwd_tdb, key);
-
- if (data.dptr) {
- /* check the list is not empty */
- if (*(data.dptr)) {
- sid_list = strdup(data.dptr);
- if (!sid_list) {
- DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
- goto done;
- }
- }
- SAFE_FREE(data.dptr);
-
- flag = TDB_MODIFY;
- } else {
- /* if privilege does not exist create one */
- flag = TDB_INSERT;
- }
-
- /* add the given sid */
- sid_to_string(sid_str, sid);
-
- if (sid_list) {
- str_size = strlen(sid_list) + strlen(sid_str) + 2;
- s = realloc(sid_list, str_size);
- if (!s) {
- DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
- sid_list = s;
- s = &sid_list[strlen(sid_list)];
- snprintf(s, strlen(sid_str) + 2, ",%s", sid_str);
-
- } else {
- sid_list = strdup(sid_str);
- if (!sid_list) {
- DEBUG(0, ("tdbsam_add_sid_to_privilege: Out of Memory!\n"));
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
-
- }
-
- /* copy the PRIVILEGE struct into a BYTE buffer for storage */
- data.dsize = strlen(sid_list) + 1;
- data.dptr = sid_list;
-
- /* add the account */
- if (tdb_store(pwd_tdb, key, data, flag) != TDB_SUCCESS) {
- DEBUG(0, ("Unable to modify passwd TDB!"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- /* cleanup */
- tdb_close (pwd_tdb);
- SAFE_FREE(sid_list);
-
- return (ret);
-}
-
-/***************************************************************************
- Reomve sid to privilege
-****************************************************************************/
-
-static NTSTATUS tdbsam_remove_sid_from_privilege(struct pdb_methods *my_methods, const char *priv_name, const DOM_SID *sid)
-{
- struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
- TDB_CONTEXT *pwd_tdb = NULL;
- TDB_DATA key, data;
- fstring keystr;
- fstring name;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- fstring sid_str;
- char *sid_list = NULL, *s = NULL;
-
- /* invalidate the existing TDB iterator if it is open */
-
- if (tdb_state->passwd_tdb) {
- tdb_close(tdb_state->passwd_tdb);
- tdb_state->passwd_tdb = NULL;
- }
-
- /* open the account TDB passwd*/
-
- pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDWR | O_CREAT);
-
- if (!pwd_tdb) {
- DEBUG(0, ("tdbsam_remove_sid_from_privilege: Unable to open TDB passwd (%s)!\n",
- tdb_state->tdbsam_location));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* setup the PRIV index key */
- fstrcpy(name, priv_name);
- strlower_m(name);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- /* check if the privilege already exist in the database */
-
- /* get the record */
- data = tdb_fetch (pwd_tdb, key);
-
- /* if privilege does not exist, just leave */
- if (!data.dptr) {
- ret = NT_STATUS_OK;
- goto done;
- }
-
- if (data.dptr) {
- sid_list = strdup(data.dptr);
- if (!sid_list) {
- DEBUG(0, ("tdbsam_remove_sid_from_privilege: Out of Memory!\n"));
- goto done;
- }
- SAFE_FREE(data.dptr);
- }
-
- /* remove the given sid */
- sid_to_string(sid_str, sid);
-
- s = strstr(sid_list, sid_str);
- if (s) {
- char *p;
- p = strstr(s, ",");
- if (p) {
- size_t l = strlen(sid_list) + 1 - (s - sid_list);
- memmove(s, ++p, l);
- } else {
- if (s != sid_list)
- s--;
- *s = '\0';
- }
- } else {
- /* sid not found */
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- /* copy the PRIVILEGE struct into a BYTE buffer for storage */
- data.dsize = strlen(sid_list) + 1;
- data.dptr = sid_list;
-
- /* add the account */
- if (tdb_store(pwd_tdb, key, data, TDB_MODIFY) != TDB_SUCCESS) {
- DEBUG(0, ("Unable to modify passwd TDB!"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(pwd_tdb)));
- DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- /* cleanup */
- tdb_close (pwd_tdb);
- SAFE_FREE(sid_list);
-
- return (ret);
-}
-
-/***************************************************************************
- get the privilege list for the given token
-****************************************************************************/
-
-struct priv_traverse {
- char **sid_list;
- PRIVILEGE_SET *privset;
-};
-
-static int tdbsam_traverse_privilege(TDB_CONTEXT *t, TDB_DATA key, TDB_DATA data, void *state)
-{
- struct priv_traverse *pt = (struct priv_traverse *)state;
- int prefixlen = strlen(PRIVPREFIX);
-
- if (strncmp(key.dptr, PRIVPREFIX, prefixlen) == 0) {
-
- /* add to privilege_set if any of the sid in the token
- * is contained in the privilege */
- int i;
-
- for(i=0; pt->sid_list[i] != NULL; i++) {
- char *c, *s;
- int len;
-
- s = data.dptr;
- while ((c=strchr(s, ',')) !=NULL) {
- len = MAX((c - s), strlen(pt->sid_list[i]));
- if (strncmp(s, pt->sid_list[i], len) == 0) {
- DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i]));
- DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen])));
- add_privilege_by_name(pt->privset, &(key.dptr[prefixlen]));
- return 0;
- }
- s = c + 1;
- }
- len = MAX(strlen(s), strlen(pt->sid_list[i]));
- if (strncmp(s, pt->sid_list[i], len) == 0) {
- DEBUG(10, ("sid [%s] found in users sid list\n", pt->sid_list[i]));
- DEBUG(10, ("adding privilege [%s] to the users privilege list\n", &(key.dptr[prefixlen])));
- add_privilege_by_name(pt->privset, &(key.dptr[prefixlen]));
- return 0;
- }
- }
- }
-
- return 0;
-}
-
-static NTSTATUS tdbsam_get_privilege_set(struct pdb_methods *my_methods, NT_USER_TOKEN *token, PRIVILEGE_SET *privset)
-{
- struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- TDB_CONTEXT *pwd_tdb = NULL;
- struct priv_traverse pt;
- fstring sid_str;
- char **sid_list;
- int i;
-
- if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY )))
- return NT_STATUS_UNSUCCESSFUL;
-
- sid_list = (char **)malloc(sizeof(char *) * (token->num_sids + 1));
- for (i = 0; i < token->num_sids; i++) {
- sid_to_string(sid_str, &token->user_sids[i]);
- sid_list[i] = strdup(sid_str);
- if ( ! sid_list[i]) {
- ret = NT_STATUS_NO_MEMORY;
- goto done;
- }
- }
- sid_list[i] = NULL;
-
- pt.sid_list = sid_list;
- pt.privset = privset;
- tdb_traverse(pwd_tdb, tdbsam_traverse_privilege, &pt);
-
- ret = NT_STATUS_OK;
-
-done:
- i = 0;
- while (sid_list[i]) {
- free(sid_list[i]);
- i++;
- }
- free(sid_list);
-
- tdb_close(pwd_tdb);
-
- return ret;
-}
-
-static NTSTATUS tdbsam_get_privilege_entry(struct pdb_methods *my_methods, const char *privname, char **sid_list)
-{
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- TDB_CONTEXT *pwd_tdb = NULL;
- TDB_DATA key, data;
- fstring name;
- fstring keystr;
-
- struct tdbsam_privates *tdb_state = (struct tdbsam_privates *)my_methods->private_data;
-
- if (!(pwd_tdb = tdbsam_tdbopen(tdb_state->tdbsam_location, O_RDONLY)))
- return ret;
-
- /* setup the PRIV index key */
- fstrcpy(name, privname);
- strlower_m(name);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", PRIVPREFIX, name);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(pwd_tdb, key);
- if (!data.dptr)
- goto done;
-
- *sid_list = strdup(data.dptr);
- SAFE_FREE(data.dptr);
-
- if (!*sid_list)
- goto done;
-
- ret = NT_STATUS_OK;
-done:
- tdb_close(pwd_tdb);
- return ret;
-}
-
-
-
-
-
-
static NTSTATUS pdb_init_tdbsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location)
{
(*pdb_method)->add_sam_account = tdbsam_add_sam_account;
(*pdb_method)->update_sam_account = tdbsam_update_sam_account;
(*pdb_method)->delete_sam_account = tdbsam_delete_sam_account;
- (*pdb_method)->settrustpwent = tdbsam_settrustpwent;
- (*pdb_method)->gettrustpwent = tdbsam_gettrustpwent;
- (*pdb_method)->gettrustpwnam = tdbsam_gettrustpwnam;
- (*pdb_method)->gettrustpwsid = tdbsam_gettrustpwsid;
- (*pdb_method)->add_trust_passwd = tdbsam_add_trust_passwd;
- (*pdb_method)->update_trust_passwd = tdbsam_update_trust_passwd;
- (*pdb_method)->delete_trust_passwd = tdbsam_delete_trust_passwd;
- (*pdb_method)->add_sid_to_privilege = tdbsam_add_sid_to_privilege;
- (*pdb_method)->remove_sid_from_privilege = tdbsam_remove_sid_from_privilege;
- (*pdb_method)->get_privilege_set = tdbsam_get_privilege_set;
- (*pdb_method)->get_privilege_entry = tdbsam_get_privilege_entry;
tdb_state = talloc_zero(pdb_context->mem_ctx, sizeof(struct tdbsam_privates));
{
return smb_register_passdb(PASSDB_INTERFACE_VERSION, "tdbsam", pdb_init_tdbsam);
}
+
(*pdb_method)->getsampwsid = NULL;
(*pdb_method)->update_sam_account = NULL;
(*pdb_method)->delete_sam_account = NULL;
- (*pdb_method)->get_group_info_by_sid = NULL;
- (*pdb_method)->get_group_list = NULL;
- (*pdb_method)->get_group_sids = NULL;
- (*pdb_method)->add_group = NULL;
- (*pdb_method)->update_group = NULL;
- (*pdb_method)->delete_group = NULL;
- (*pdb_method)->add_sid_to_group = NULL;
- (*pdb_method)->remove_sid_from_group = NULL;
- (*pdb_method)->get_group_info_by_name = NULL;
- (*pdb_method)->get_group_info_by_nt_name = NULL;
- (*pdb_method)->get_group_uids = NULL;
+ (*pdb_method)->getgrsid = NULL;
+ (*pdb_method)->getgrgid = NULL;
+ (*pdb_method)->getgrnam = NULL;
+ (*pdb_method)->add_group_mapping_entry = NULL;
+ (*pdb_method)->update_group_mapping_entry = NULL;
+ (*pdb_method)->delete_group_mapping_entry = NULL;
+ (*pdb_method)->enum_group_mapping = NULL;
data = talloc(pdb_context->mem_ctx, sizeof(pdb_xml));
data->location = talloc_strdup(pdb_context->mem_ctx, (location ? location : "passdb.xml"));
Copyright (C) Andrew Bartlett 2002
Copyright (C) Rafal Szczesniak 2002
Copyright (C) Tim Potter 2001
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
return True;
}
-BOOL secrets_store_domain_guid(const char *domain, struct uuid *guid)
+BOOL secrets_store_domain_guid(const char *domain, GUID *guid)
{
fstring key;
slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
strupper_m(key);
- return secrets_store(key, guid, sizeof(struct uuid));
+ return secrets_store(key, guid, sizeof(GUID));
}
-BOOL secrets_fetch_domain_guid(const char *domain, struct uuid *guid)
+BOOL secrets_fetch_domain_guid(const char *domain, GUID *guid)
{
- struct uuid *dyn_guid;
+ GUID *dyn_guid;
fstring key;
size_t size;
- struct uuid new_guid;
+ GUID new_guid;
slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);
strupper_m(key);
- dyn_guid = (struct uuid *)secrets_fetch(key, &size);
+ dyn_guid = (GUID *)secrets_fetch(key, &size);
+
+ DEBUG(6,("key is %s, size is %d\n", key, (int)size));
- if ((!dyn_guid) && (lp_server_role() == ROLE_DOMAIN_PDC)) {
+ if ((NULL == dyn_guid) && (ROLE_DOMAIN_PDC == lp_server_role())) {
smb_uuid_generate_random(&new_guid);
if (!secrets_store_domain_guid(domain, &new_guid))
return False;
- dyn_guid = (struct uuid *)secrets_fetch(key, &size);
+ dyn_guid = (GUID *)secrets_fetch(key, &size);
if (dyn_guid == NULL)
return False;
}
- if (size != sizeof(struct uuid))
+ if (size != sizeof(GUID))
{
- DEBUG(1,("UUID size %d is wrong!\n", (int)size));
SAFE_FREE(dyn_guid);
return False;
}
/************************************************************************
Routine to get the trust account password for a domain.
The user of this function must have locked the trust password file using
- the above secrets_lock_trust_account_password().
+ the above call.
************************************************************************/
BOOL secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
return True;
}
+/************************************************************************
+ Routine to set the trust account password for a domain.
+************************************************************************/
+
+BOOL secrets_store_trust_account_password(const char *domain, uint8 new_pwd[16])
+{
+ struct machine_acct_pass pass;
+
+ pass.mod_time = time(NULL);
+ memcpy(pass.hash, new_pwd, 16);
+
+ return secrets_store(trust_keystr(domain), (void *)&pass, sizeof(pass));
+}
/**
* Routine to store the password for trusted domain
* @return nt status code of rpc response
**/
-NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains,
- int *num_domains, TRUSTDOM ***domains)
+NTSTATUS secrets_get_trusted_domains(TALLOC_CTX* ctx, int* enum_ctx, unsigned int max_num_domains, int *num_domains, TRUSTDOM ***domains)
{
TDB_LIST_NODE *keys, *k;
TRUSTDOM *dom = NULL;
return True;
}
-static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2,
- struct uuid guid)
+static void store_printer_guid(NT_PRINTER_INFO_LEVEL_2 *info2, GUID guid)
{
int i;
REGVAL_CTR *ctr=NULL;
regval_ctr_delvalue(ctr, "objectGUID");
regval_ctr_addvalue(ctr, "objectGUID", REG_BINARY,
- (char *) &guid, sizeof(struct uuid));
+ (char *) &guid, sizeof(GUID));
}
static WERROR publish_it(NT_PRINTER_INFO_LEVEL *printer)
void *res = NULL;
ADS_STRUCT *ads;
const char *attrs[] = {"objectGUID", NULL};
- struct uuid guid;
+ GUID guid;
WERROR win_rc = WERR_OK;
ZERO_STRUCT(guid);
return win_rc;
}
-BOOL is_printer_published(Printer_entry *print_hnd, int snum,
- struct uuid *guid)
+BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid)
{
NT_PRINTER_INFO_LEVEL *printer = NULL;
REGVAL_CTR *ctr;
return False;
}
- if (regval_size(guid_val) == sizeof(struct uuid))
- memcpy(guid, regval_data_p(guid_val), sizeof(struct uuid));
+ if (regval_size(guid_val) == sizeof(GUID))
+ memcpy(guid, regval_data_p(guid_val), sizeof(GUID));
return True;
}
{
return WERR_OK;
}
-BOOL is_printer_published(Printer_entry *print_hnd, int snum,
- struct uuid *guid)
+BOOL is_printer_published(Printer_entry *print_hnd, int snum, GUID *guid)
{
return False;
}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- RPC pipe client
-
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-NTSTATUS cli_epm_map(struct cli_state *cli, TALLOC_CTX *mem_ctx,
- EPM_HANDLE *handle, EPM_TOWER **tower,
- EPM_HANDLE *entry_handle, uint32 *num_towers)
-{
- prs_struct qbuf, rbuf;
- EPM_Q_MAP q;
- EPM_R_MAP r;
- BOOL result = False;
-
- ZERO_STRUCT(q);
- ZERO_STRUCT(r);
-
- /* Initialise parse structures */
-
- prs_init(&qbuf, MAX_PDU_FRAG_LEN, mem_ctx, MARSHALL);
- prs_init(&rbuf, 0, mem_ctx, UNMARSHALL);
-
- /* Marshall data and send request */
-
- init_epm_q_map(mem_ctx, &q, *tower, *num_towers);
-
- if (!epm_io_q_map("map_query", &q, &qbuf, 0) ||
- !rpc_api_pipe_req(cli, EPM_MAP_PIPE_NAME, &qbuf, &rbuf))
- goto done;
-
- /* Unmarshall response */
-
- if (!epm_io_r_map("map_reply", &r, &rbuf, 0))
- goto done;
-
- result = True;
-
- done:
- prs_mem_free(&qbuf);
- prs_mem_free(&rbuf);
-
- return result ? NT_STATUS_OK : NT_STATUS_UNSUCCESSFUL;
-}
NTSTATUS cli_lsa_query_info_policy2(struct cli_state *cli, TALLOC_CTX *mem_ctx,
POLICY_HND *pol, uint16 info_class,
char **domain_name, char **dns_name,
- char **forest_name, struct uuid **domain_guid,
+ char **forest_name, GUID **domain_guid,
DOM_SID **domain_sid)
{
prs_struct qbuf, rbuf;
*domain_guid = talloc(mem_ctx, sizeof(**domain_guid));
memcpy(*domain_guid,
&r.info.dns_dom_info.dom_guid,
- sizeof(struct uuid));
+ sizeof(GUID));
}
if (domain_sid && r.info.dns_dom_info.ptr_dom_sid != 0) {
cli->nt_pipe_fnum = (uint16)fnum;
} else {
if ((fnum = cli_open(cli, pipe_names[pipe_idx].client_pipe, O_CREAT|O_RDWR, DENY_NONE)) == -1) {
- DEBUG(1,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
+ DEBUG(0,("cli_nt_session_open: cli_open failed on pipe %s to machine %s. Error was %s\n",
pipe_names[pipe_idx].client_pipe, cli->desthost, cli_errstr(cli)));
return False;
}
return False;
if ( !prs_uint32("forestname_ptr", ps, depth, &p->forestname_ptr) )
return False;
-
- if ( !smb_io_uuid("domain_guid", &p->domain_guid, ps, depth) )
+
+ if ( !prs_uint8s(False, "domain_guid", ps, depth, p->domain_guid.info, GUID_SIZE) )
return False;
if ( !smb_io_unistr2( "netbios_domain", &p->netbios_domain, p->netbios_ptr, ps, depth) )
if ( !prs_uint32( "sid_ptr", ps, depth, &trust->sid_ptr ) )
return False;
- if ( !smb_io_uuid("guid", &trust->guid, ps, depth) )
+ if ( !prs_uint8s(False, "guid", ps, depth, trust->guid.info, GUID_SIZE) )
return False;
return True;
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Samba end point mapper functions
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003.
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_RPC_PARSE
-
-static uint32 internal_referent_id = 0;
-
-
-/*******************************************************************
- Reads or writes a handle.
-********************************************************************/
-BOOL epm_io_handle(const char *desc, EPM_HANDLE *handle, prs_struct *ps,
- int depth)
-{
- if (!prs_align(ps))
- return False;
-
- if (!prs_uint8s(False, "data", ps, depth, handle->data,
- sizeof(handle->data)))
- return False;
-
- return True;
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure.
-********************************************************************/
-NTSTATUS init_epm_floor(EPM_FLOOR *efloor, uint8 protocol)
-{
- /* handle lhs */
- efloor->lhs.protocol = protocol;
- efloor->lhs.length = sizeof(efloor->lhs.protocol);
-
- switch(efloor->lhs.protocol) {
- case EPM_FLOOR_UUID:
- efloor->lhs.length += sizeof(efloor->lhs.uuid.uuid);
- efloor->lhs.length += sizeof(efloor->lhs.uuid.version);
- break;
- default:
- break;
- }
-
- /* handle rhs */
- switch(efloor->lhs.protocol) {
- case EPM_FLOOR_RPC:
- case EPM_FLOOR_UUID:
- efloor->rhs.length = sizeof(efloor->rhs.unknown);
- break;
- case EPM_FLOOR_TCP:
- efloor->rhs.length = sizeof(efloor->rhs.tcp.port);
- break;
- case EPM_FLOOR_IP:
- efloor->rhs.length = sizeof(efloor->rhs.ip.addr);
- break;
- case EPM_FLOOR_NMPIPES:
- case EPM_FLOOR_LRPC:
- case EPM_FLOOR_NETBIOS:
- efloor->rhs.length = strlen(efloor->rhs.string) + 1;
- break;
- default:
- break;
- }
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure with a UUID
-********************************************************************/
-NTSTATUS init_epm_floor_uuid(EPM_FLOOR *efloor,
- const struct uuid uuid, uint16 version)
-{
- memcpy(&efloor->lhs.uuid.uuid, &uuid, sizeof(uuid));
- efloor->lhs.uuid.version = version;
- efloor->rhs.unknown = 0;
- return init_epm_floor(efloor, EPM_FLOOR_UUID);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for RPC
-********************************************************************/
-NTSTATUS init_epm_floor_rpc(EPM_FLOOR *efloor)
-{
- efloor->rhs.unknown = 0;
- return init_epm_floor(efloor, EPM_FLOOR_RPC);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for TCP
-********************************************************************/
-NTSTATUS init_epm_floor_tcp(EPM_FLOOR *efloor, uint16 port)
-{
- efloor->rhs.tcp.port = htons(port);
- return init_epm_floor(efloor, EPM_FLOOR_TCP);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for IP
-********************************************************************/
-NTSTATUS init_epm_floor_ip(EPM_FLOOR *efloor, uint8 addr[4])
-{
- memcpy(&efloor->rhs.ip.addr, addr, sizeof(addr));
- return init_epm_floor(efloor, EPM_FLOOR_IP);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for named pipe
-********************************************************************/
-NTSTATUS init_epm_floor_np(EPM_FLOOR *efloor, const char *pipe_name)
-{
- safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1);
- return init_epm_floor(efloor, EPM_FLOOR_NMPIPES);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for named pipe
-********************************************************************/
-NTSTATUS init_epm_floor_lrpc(EPM_FLOOR *efloor, const char *pipe_name)
-{
- safe_strcpy(efloor->rhs.string, pipe_name, sizeof(efloor->rhs.string)-1);
- return init_epm_floor(efloor, EPM_FLOOR_LRPC);
-}
-
-/*******************************************************************
- inits an EPM_FLOOR structure for named pipe
-********************************************************************/
-NTSTATUS init_epm_floor_nb(EPM_FLOOR *efloor, char *host_name)
-{
- safe_strcpy(efloor->rhs.string, host_name, sizeof(efloor->rhs.string)-1);
- return init_epm_floor(efloor, EPM_FLOOR_NETBIOS);
-}
-
-/*******************************************************************
- reads and writes EPM_FLOOR.
-********************************************************************/
-BOOL epm_io_floor(const char *desc, EPM_FLOOR *efloor,
- prs_struct *ps, int depth)
-{
- prs_debug(ps, depth, desc, "epm_io_floor");
- depth++;
-
- if (!prs_uint16("lhs_length", ps, depth, &efloor->lhs.length))
- return False;
- if (!prs_uint8("protocol", ps, depth, &efloor->lhs.protocol))
- return False;
-
- switch (efloor->lhs.protocol) {
- case EPM_FLOOR_UUID:
- if (!smb_io_uuid("uuid", &efloor->lhs.uuid.uuid, ps, depth))
- return False;
- if (!prs_uint16("version", ps, depth,
- &efloor->lhs.uuid.version))
- return False;
- break;
- }
-
- if (!prs_uint16("rhs_length", ps, depth, &efloor->rhs.length))
- return False;
-
- switch (efloor->lhs.protocol) {
- case EPM_FLOOR_UUID:
- case EPM_FLOOR_RPC:
- if (!prs_uint16("unknown", ps, depth, &efloor->rhs.unknown))
- return False;
- break;
- case EPM_FLOOR_TCP:
- if (!prs_uint16("tcp_port", ps, depth, &efloor->rhs.tcp.port))
- return False;
- break;
- case EPM_FLOOR_IP:
- if (!prs_uint8s(False, "ip_addr", ps, depth,
- efloor->rhs.ip.addr,
- sizeof(efloor->rhs.ip.addr)))
- return False;
- break;
- case EPM_FLOOR_NMPIPES:
- case EPM_FLOOR_LRPC:
- case EPM_FLOOR_NETBIOS:
- if (!prs_uint8s(False, "string", ps, depth,
- efloor->rhs.string,
- efloor->rhs.length))
- return False;
- break;
- default:
- break;
- }
-
- return True;
-}
-
-/*******************************************************************
- Inits a EPM_TOWER structure.
-********************************************************************/
-NTSTATUS init_epm_tower(TALLOC_CTX *ctx, EPM_TOWER *tower,
- const EPM_FLOOR *floors, int num_floors)
-{
- int size = 0;
- int i;
-
- DEBUG(5, ("init_epm_tower\n"));
-
- size += sizeof(uint16); /* number of floors is in tower length */
- for (i = 0; i < num_floors; i++) {
- size += (sizeof(uint16) * 2);
- size += floors[i].lhs.length;
- size += floors[i].rhs.length;
- }
-
- tower->max_length = tower->length = size;
- tower->num_floors = num_floors;
- tower->floors = talloc(ctx, sizeof(EPM_FLOOR) * num_floors);
- if (!tower->floors) {
- return NT_STATUS_NO_MEMORY;
- }
- memcpy(tower->floors, floors, sizeof(EPM_FLOOR) * num_floors);
- tower->unknown = 0x7e;
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Reads or writes an EPM_TOWER structure.
-********************************************************************/
-BOOL epm_io_tower(const char *desc, EPM_TOWER *tower,
- prs_struct *ps, int depth)
-{
- int i;
-
- prs_debug(ps, depth, desc, "epm_io_tower");
- depth++;
-
- if (!prs_align(ps))
- return False;
-
- if (!prs_uint32("max_length", ps, depth, &tower->max_length))
- return False;
- if (!prs_uint32("length", ps, depth, &tower->length))
- return False;
- if (!prs_uint16("num_floors", ps, depth, &tower->num_floors))
- return False;
-
- if (UNMARSHALLING(ps)) {
- tower->floors = talloc(ps->mem_ctx,
- sizeof(EPM_FLOOR) * tower->num_floors);
- if (!tower->floors)
- return False;
- }
-
- for (i = 0; i < tower->num_floors; i++) {
- if (!epm_io_floor("floor", tower->floors + i, ps, depth))
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- Initialize an EPM_TOWER_ARRAY structure
-********************************************************************/
-NTSTATUS init_epm_tower_array(TALLOC_CTX *ctx, EPM_TOWER_ARRAY *array,
- const EPM_TOWER *towers, int num_towers)
-{
- int i;
-
- array->max_count = num_towers;
- array->offset = 0;
- array->count = num_towers;
- array->tower_ref_ids = talloc(ctx, sizeof(uint32) * num_towers);
- if (!array->tower_ref_ids) {
- return NT_STATUS_NO_MEMORY;
- }
- for (i=0;i<num_towers;i++)
- array->tower_ref_ids[i] = ++internal_referent_id;
-
- array->towers = talloc(ctx, sizeof(EPM_TOWER) * num_towers);
- if (!array->towers) {
- return NT_STATUS_NO_MEMORY;
- }
- memcpy(array->towers, towers, sizeof(EPM_TOWER) * num_towers);
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Reads or writes an EPM_TOWER_ARRAY structure.
-********************************************************************/
-BOOL epm_io_tower_array(const char *desc, EPM_TOWER_ARRAY *array,
- prs_struct *ps, int depth)
-{
- int i;
-
- prs_debug(ps, depth, desc, "epm_io_tower_array");
- depth++;
-
- if (!prs_uint32("max_count", ps, depth, &array->max_count))
- return False;
- if (!prs_uint32("offset", ps, depth, &array->offset))
- return False;
- if (!prs_uint32("count", ps, depth, &array->count))
- return False;
-
-
- if (UNMARSHALLING(ps)) {
- array->tower_ref_ids = talloc(ps->mem_ctx,
- sizeof(uint32) * array->count);
- if (!array->tower_ref_ids) {
- return False;
- }
- }
- for (i=0; i < array->count; i++) {
- if (!prs_uint32("ref_id", ps, depth, &array->tower_ref_ids[i])) {
- return False;
- } else {
- if (array->tower_ref_ids[i] > internal_referent_id) {
- internal_referent_id = array->tower_ref_ids[i];
- }
- }
- }
-
-
-
- if (!prs_set_offset(ps, prs_offset(ps) + array->offset))
- return False;
-
- if (UNMARSHALLING(ps)) {
- array->towers = talloc(ps->mem_ctx,
- sizeof(EPM_TOWER) * array->count);
- if (!array->towers) {
- return False;
- }
- }
-
- for (i = 0; i < array->count; i++) {
- if (!epm_io_tower("tower", &array->towers[i], ps, depth))
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************
- Initialize EPM_R_MAP structure
-******************************************************************/
-NTSTATUS init_epm_r_map(TALLOC_CTX *ctx, EPM_R_MAP *r_map,
- const EPM_HANDLE *handle, const EPM_TOWER_ARRAY *array,
- int num_elements, uint32 status)
-{
- memcpy(&r_map->handle, handle, sizeof(*handle));
- r_map->num_results = num_elements;
- r_map->results = talloc(ctx, sizeof(EPM_TOWER_ARRAY) * num_elements);
- if (!r_map->results) {
- return NT_STATUS_NO_MEMORY;
- }
- memcpy(r_map->results, array, sizeof(EPM_TOWER_ARRAY) * num_elements);
- r_map->status = status;
- return NT_STATUS_OK;
-}
-
-/*************************************************************************
- Inits a EPM_Q_MAP structure.
-**************************************************************************
-* We attempt to hide the ugliness of the wire format by taking a EPM_TOWER
-* array with a defined size
-**************************************************************************/
-NTSTATUS init_epm_q_map(TALLOC_CTX *ctx, EPM_Q_MAP *q_map,
- const EPM_TOWER *towers, int num_towers)
-{
- static uint32 handle = 1;
-
- ZERO_STRUCTP(q_map);
-
- DEBUG(5, ("init_epm_q_map\n"));
- q_map->handle.data[0] = (handle >> 0) & 0xFF;
- q_map->handle.data[1] = (handle >> 8) & 0xFF;
- q_map->handle.data[2] = (handle >> 16) & 0xFF;
- q_map->handle.data[3] = (handle >> 24) & 0xFF;
-
- q_map->tower = talloc(ctx, sizeof(EPM_TOWER) * (num_towers + 1));
- if (!q_map->tower) {
- return NT_STATUS_NO_MEMORY;
- }
-
- memcpy(q_map->tower, towers, sizeof(EPM_TOWER) * num_towers);
-
- ZERO_STRUCT(q_map->tower[num_towers]);
-
- /* For now let's not take more than 4 towers per result */
- q_map->max_towers = num_towers * 4;
-
- q_map->tower_ref_id = ++internal_referent_id;
-
- handle++;
-
- return NT_STATUS_OK;
-}
-
-/*****************************************************************
- epm_io_q_map - read or write EPM_Q_MAP structure
-******************************************************************/
-BOOL epm_io_q_map(const char *desc, EPM_Q_MAP *io_map, prs_struct *ps,
- int depth)
-{
- prs_debug(ps, depth, desc, "epm_io_q_map");
- depth++;
-
- if (!epm_io_handle("handle", &io_map->handle, ps, depth))
- return False;
-
- if (!prs_uint32("referent_id", ps, 0, &io_map->tower_ref_id))
- return False;
- if (io_map->tower_ref_id > internal_referent_id)
- internal_referent_id = io_map->tower_ref_id;
-
- /* HACK: We need a more elegant way of doing this */
- if (UNMARSHALLING(ps)) {
- io_map->tower = talloc(ps->mem_ctx, sizeof(EPM_TOWER));
- if (!io_map->tower)
- return False;
- }
- if (!epm_io_tower("tower", io_map->tower, ps, depth))
- return False;
- if (!epm_io_handle("term_handle", &io_map->term_handle, ps, depth))
- return False;
-
- if (!prs_uint32("max_towers", ps, 0, &io_map->max_towers))
- return False;
-
- return True;
-}
-
-/*******************************************************************
- epm_io_r_map - Read/Write EPM_R_MAP structure
-******************************************************************/
-BOOL epm_io_r_map(const char *desc, EPM_R_MAP *io_map,
- prs_struct *ps, int depth)
-{
- prs_debug(ps, depth, desc, "epm_io_r_map");
- depth++;
-
- if (!epm_io_handle("handle", &io_map->handle, ps, depth))
- return False;
- if (!prs_uint32("num_results", ps, depth, &io_map->num_results))
- return False;
-
- if (UNMARSHALLING(ps)) {
- io_map->results = talloc(ps->mem_ctx,
- sizeof(EPM_TOWER_ARRAY) *
- io_map->num_results);
- if (!io_map->results)
- return False;
- }
- if (!epm_io_tower_array("results", io_map->results, ps, depth))
- return False;
-
- if (!prs_align(ps))
- return False;
-
- if (!prs_uint32("status", ps, depth, &io_map->status))
- return False;
-
- return True;
-}
if(!prs_align(ps))
return False;
- if ( !smb_io_uuid("dom_guid", &info->dom_guid, ps, depth) )
+ if (!prs_uint8s(False, "dom_guid", ps, depth, info->dom_guid.info, GUID_SIZE))
return False;
if(!prs_align(ps))
return True;
}
-/*******************************************************************
- Reads or writes a struct uuid
-********************************************************************/
-
-BOOL smb_io_uuid(const char *desc, struct uuid *uuid,
- prs_struct *ps, int depth)
-{
- if (uuid == NULL)
- return False;
-
- prs_debug(ps, depth, desc, "smb_io_uuid");
- depth++;
-
- if(!prs_uint32 ("data ", ps, depth, &uuid->time_low))
- return False;
- if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid))
- return False;
- if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version))
- return False;
-
- if(!prs_uint8s (False, "data ", ps, depth, uuid->clock_seq, sizeof(uuid->clock_seq)))
- return False;
- if(!prs_uint8s (False, "data ", ps, depth, uuid->node, sizeof(uuid->node)))
- return False;
-
- return True;
-}
-
/*******************************************************************
creates a STRHDR structure.
********************************************************************/
{ \
{ \
0x8a885d04, 0x1ceb, 0x11c9, \
- { 0x9f, 0xe8 }, \
- { 0x08, 0x00, \
- 0x2b, 0x10, 0x48, 0x60 } \
+ { 0x9f, 0xe8, 0x08, 0x00, \
+ 0x2b, 0x10, 0x48, 0x60 } \
}, 0x02 \
}
{ \
{ \
0x8a885d04, 0x1ceb, 0x11c9, \
- { 0x9f, 0xe8 }, \
- { 0x08, 0x00, \
- 0x2b, 0x10, 0x48, 0x60 } \
+ { 0x9f, 0xe8, 0x08, 0x00, \
+ 0x2b, 0x10, 0x48, 0x60 } \
}, 0x02 \
}
{ \
{ \
0x6bffd098, 0xa112, 0x3610, \
- { 0x98, 0x33 }, \
- { 0x46, 0xc3, \
- 0xf8, 0x7e, 0x34, 0x5a } \
+ { 0x98, 0x33, 0x46, 0xc3, \
+ 0xf8, 0x7e, 0x34, 0x5a } \
}, 0x01 \
}
{ \
{ \
0x4b324fc8, 0x1670, 0x01d3, \
- { 0x12, 0x78 }, \
- { 0x5a, 0x47, \
- 0xbf, 0x6e, 0xe1, 0x88 } \
+ { 0x12, 0x78, 0x5a, 0x47, \
+ 0xbf, 0x6e, 0xe1, 0x88 } \
}, 0x03 \
}
{ \
{ \
0x12345778, 0x1234, 0xabcd, \
- { 0xef, 0x00 }, \
- { 0x01, 0x23, \
- 0x45, 0x67, 0x89, 0xab } \
+ { 0xef, 0x00, 0x01, 0x23, \
+ 0x45, 0x67, 0x89, 0xab } \
}, 0x00 \
}
{ \
{ \
0x3919286a, 0xb10c, 0x11d0, \
- { 0x9b, 0xa8 }, \
- { 0x00, 0xc0, \
- 0x4f, 0xd9, 0x2e, 0xf5 } \
+ { 0x9b, 0xa8, 0x00, 0xc0, \
+ 0x4f, 0xd9, 0x2e, 0xf5 } \
}, 0x00 \
}
{ \
{ \
0x12345778, 0x1234, 0xabcd, \
- { 0xef, 0x00 }, \
- { 0x01, 0x23, \
- 0x45, 0x67, 0x89, 0xac } \
+ { 0xef, 0x00, 0x01, 0x23, \
+ 0x45, 0x67, 0x89, 0xac } \
}, 0x01 \
}
{ \
{ \
0x12345678, 0x1234, 0xabcd, \
- { 0xef, 0x00 }, \
- { 0x01, 0x23, \
- 0x45, 0x67, 0xcf, 0xfb } \
+ { 0xef, 0x00, 0x01, 0x23, \
+ 0x45, 0x67, 0xcf, 0xfb } \
}, 0x01 \
}
{ \
{ \
0x338cd001, 0x2244, 0x31f1, \
- { 0xaa, 0xaa }, \
- { 0x90, 0x00, \
- 0x38, 0x00, 0x10, 0x03 } \
+ { 0xaa, 0xaa, 0x90, 0x00, \
+ 0x38, 0x00, 0x10, 0x03 } \
}, 0x01 \
}
{ \
{ \
0x12345678, 0x1234, 0xabcd, \
- { 0xef, 0x00 }, \
- { 0x01, 0x23, \
- 0x45, 0x67, 0x89, 0xab } \
+ { 0xef, 0x00, 0x01, 0x23, \
+ 0x45, 0x67, 0x89, 0xab } \
}, 0x01 \
}
{ \
{ \
0x0, 0x0, 0x0, \
- { 0x00, 0x00 }, \
- { 0x00, 0x00, \
- 0x00, 0x00, 0x00, 0x00 } \
+ { 0x00, 0x00, 0x00, 0x00, \
+ 0x00, 0x00, 0x00, 0x00 } \
}, 0x00 \
}
{ \
{ \
0x4fc742e0, 0x4a10, 0x11cf, \
- { 0x82, 0x73 }, \
- { 0x00, 0xaa, \
+ { 0x82, 0x73, 0x00, 0xaa, \
0x00, 0x4a, 0xe6, 0x73 } \
}, 0x03 \
}
{ \
{ \
0x60a15ec5, 0x4de8, 0x11d7, \
- { 0xa6, 0x37 }, \
- { 0x00, 0x50, \
+ { 0xa6, 0x37, 0x00, 0x50, \
0x56, 0xa2, 0x01, 0x82 } \
}, 0x01 \
}
{ \
{ \
0x894de0c0, 0x0d55, 0x11d3, \
- { 0xa3, 0x22 }, \
- { 0x00, 0xc0, \
+ { 0xa3, 0x22, 0x00, 0xc0, \
0x4f, 0xa3, 0x21, 0xa1 } \
}, 0x01 \
}
-#define SYNT_EPM_V3 \
-{ \
- { \
- 0xe1af8308, 0x5d1f, 0x11c9, \
- { 0x91, 0xa4 }, \
- { 0x08, 0x00, \
- 0x2b, 0x14, 0xa0, 0xfa } \
- }, 0x03 \
-}
-
/*
* IMPORTANT!! If you update this structure, make sure to
* update the index #defines in smb.h.
{ PIPE_NETDFS , SYNT_NETDFS_V3 , PIPE_NETDFS , TRANS_SYNT_V2 },
{ PIPE_ECHO , SYNT_ECHO_V1 , PIPE_ECHO , TRANS_SYNT_V2 },
{ PIPE_SHUTDOWN, SYNT_SHUTDOWN_V1 , PIPE_SHUTDOWN , TRANS_SYNT_V2 },
- { PIPE_EPM , SYNT_EPM_V3 , PIPE_EPM , TRANS_SYNT_V2 },
{ NULL , SYNT_NONE_V0 , NULL , SYNT_NONE_V0 }
};
return True;
}
+/*******************************************************************
+ Reads or writes an RPC_UUID structure.
+********************************************************************/
+
+static BOOL smb_io_rpc_uuid(const char *desc, RPC_UUID *uuid, prs_struct *ps, int depth)
+{
+ if (uuid == NULL)
+ return False;
+
+ prs_debug(ps, depth, desc, "smb_io_rpc_uuid");
+ depth++;
+
+ if(!prs_align(ps))
+ return False;
+
+ if(!prs_uint32 ("data ", ps, depth, &uuid->time_low))
+ return False;
+ if(!prs_uint16 ("data ", ps, depth, &uuid->time_mid))
+ return False;
+ if(!prs_uint16 ("data ", ps, depth, &uuid->time_hi_and_version))
+ return False;
+
+ if(!prs_uint8s (False, "data ", ps, depth, uuid->remaining, sizeof(uuid->remaining)))
+ return False;
+
+ return True;
+}
+
/*******************************************************************
Reads or writes an RPC_IFACE structure.
********************************************************************/
prs_debug(ps, depth, desc, "smb_io_rpc_iface");
depth++;
- if (!prs_align(ps))
- return False;
-
- if (!smb_io_uuid( "uuid", &ifc->uuid, ps, depth))
+ if (!smb_io_rpc_uuid( "uuid", &ifc->uuid, ps, depth))
return False;
if(!prs_uint32 ("version", ps, depth, &ifc->version))
/*************************************************************************
init_sam_user_infoa
+
+ unknown_5 = 0x0001 0000
+ unknown_6 = 0x0000 04ec
+
*************************************************************************/
void init_sam_user_info24(SAM_USER_INFO_24 * usr, char newpass[516], uint16 pw_len)
return False;
if (psa->obj_flags & SEC_ACE_OBJECT_PRESENT)
- if (!smb_io_uuid("obj_guid", &psa->obj_guid, ps,depth))
+ if (!prs_uint8s(False, "obj_guid", ps, depth, psa->obj_guid.info, GUID_SIZE))
return False;
if (psa->obj_flags & SEC_ACE_OBJECT_INHERITED_PRESENT)
- if (!smb_io_uuid("inh_guid", &psa->inh_guid, ps,depth))
+ if (!prs_uint8s(False, "inh_guid", ps, depth, psa->inh_guid.info, GUID_SIZE))
return False;
if(!smb_io_dom_sid("trustee ", &psa->trustee , ps, depth))
+++ /dev/null
-
-/*
- Unix SMB/CIFS implementation.
- Samba end point mapper utility and mapping functions
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*****************************************************************
- api_handle_map_req - handles standard epm mapping request
-******************************************************************/
-static BOOL api_handle_map_req(pipes_struct * p)
-{
-
- EPM_Q_MAP q_in;
- EPM_R_MAP q_out;
-
- prs_struct *in_data = &p->in_data.data;
- prs_struct *ret_data = &p->out_data.rdata;
-
- ZERO_STRUCT(q_in);
- ZERO_STRUCT(q_out);
-
- /* process input request and parse packet */
-
- if (!epm_io_q_map("", &q_in, in_data, 0)) {
- DEBUG(0,
- ("api_handle_map_request: unable to unmarshall EPMD_MAP\n"));
- return False;
- }
-
- _epm_map(p, &q_in, &q_out);
-
- if (!epm_io_r_map("", &q_out, ret_data, 0)) {
- DEBUG(0,
- ("api_handle_map_req: unable to marshall EPMD_MAP\n"));
- return False;
- }
-
- return True;
-}
-
-/*******************************************************************/
-/* \pipe\epmapper commands */
-/*******************************************************************/
-/* opnum is 3 on map request */
-
-struct api_struct api_epmapper_cmds[] = {
- {"MAP_PIPE_NAME", EPM_MAP_PIPE_NAME, api_handle_map_req},
-};
-
-/*******************************************************************/
-/* */
-/*******************************************************************/
-
-void epm_get_pipe_fns(struct api_struct **funcs, int *n_funcs)
-{
- *funcs = api_epmapper_cmds;
- *n_funcs = sizeof(api_epmapper_cmds) / sizeof(struct api_struct);
-}
-
-/*******************************************************************/
-/* */
-/*******************************************************************/
-
-NTSTATUS rpc_epmapper_init(void)
-{
- return rpc_pipe_register_commands(SMB_RPC_INTERFACE_VERSION,
- EPM_PIPE_NM, EPM_PIPE_NM,
- api_epmapper_cmds,
- sizeof(api_epmapper_cmds) /
- sizeof(struct api_struct));
-}
+++ /dev/null
-
-/*
- Unix SMB/CIFS implementation.
- Samba end point mapper utility and mapping functions
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/*******************************************************************/
-/* _epm_map - fill out mapping on input and output structs */
-/*******************************************************************/
-void _epm_map(pipes_struct *ps, const EPM_Q_MAP *q_u, EPM_R_MAP *r_u)
-{
- int i;
- uint8 target_address[] = { 9, 53, 95, 27 };
- EPM_FLOOR *floors = talloc(ps->mem_ctx, sizeof(EPM_FLOOR) *
- q_u->tower->num_floors);
- EPM_TOWER *towers = talloc(ps->mem_ctx,
- sizeof(EPM_TOWER) * MAX_TOWERS);
- EPM_TOWER_ARRAY array;
-
- if (!floors || !towers) {
- DEBUG(0, ("_epm_map: talloc failed!\n"));
- return;
- }
-
- for (i = 0; i < q_u->tower->num_floors; i++) {
- switch (q_u->tower->floors[i].lhs.protocol) {
- case EPM_FLOOR_UUID:
- init_epm_floor_uuid(&floors[i],
- q_u->tower->floors[i].
- lhs.uuid.uuid,
- q_u->tower->floors[i].
- lhs.uuid.version);
- break;
- case EPM_FLOOR_RPC:
- init_epm_floor_rpc(&floors[i]);
- break;
- case EPM_FLOOR_TCP:
- /* for now map all requests to port 135 */
- init_epm_floor_tcp(&floors[i], 135);
- break;
- case EPM_FLOOR_IP:
- init_epm_floor_ip(&floors[i], target_address);
- break;
- }
- }
-
- init_epm_tower(ps->mem_ctx, &towers[0], floors, 5);
- init_epm_tower_array(ps->mem_ctx, &array, towers, 1);
- init_epm_r_map(ps->mem_ctx, r_u, &q_u->term_handle, &array, 1, 0);
-
- return;
-
-}
status = lookup_name(dom_name, user, &sid, &name_type);
- if (name_type == SID_NAME_WKN_GRP) {
- /* BUILTIN aliases are still aliases :-) */
- name_type = SID_NAME_ALIAS;
- }
-
DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" :
"not found"));
static void init_dns_dom_info(LSA_DNS_DOM_INFO *r_l, const char *nb_name,
const char *dns_name, const char *forest_name,
- struct uuid *dom_guid, DOM_SID *dom_sid)
+ GUID *dom_guid, DOM_SID *dom_sid)
{
if (nb_name && *nb_name) {
init_unistr2(&r_l->uni_nb_dom_name, nb_name, UNI_FLAGS_NONE);
/* how do we init the guid ? probably should write an init fn */
if (dom_guid) {
- memcpy(&r_l->dom_guid, dom_guid, sizeof(struct uuid));
+ memcpy(&r_l->dom_guid, dom_guid, sizeof(GUID));
}
if (dom_sid) {
DEBUG(10,("_lsa_priv_get_dispname: %s", name_asc));
- while (privs[i].se_priv!=SE_ALL_PRIVS && strcmp(name_asc, privs[i].priv))
+ while (privs[i].se_priv!=SE_PRIV_ALL && strcmp(name_asc, privs[i].priv))
i++;
- if (privs[i].se_priv!=SE_ALL_PRIVS) {
+ if (privs[i].se_priv!=SE_PRIV_ALL) {
DEBUG(10,(": %s\n", privs[i].description));
init_unistr2(&r_u->desc, privs[i].description, UNI_FLAGS_NONE);
init_uni_hdr(&r_u->hdr_desc, &r_u->desc);
/***************************************************************************
_lsa_enum_accounts.
-
- This call lists all sids that have been granted privileges. I think it would
- be ok not to return anything here, or only return BUILTIN\Administrators.
***************************************************************************/
NTSTATUS _lsa_enum_accounts(pipes_struct *p, LSA_Q_ENUM_ACCOUNTS *q_u, LSA_R_ENUM_ACCOUNTS *r_u)
{
- extern DOM_SID global_sid_Builtin_Administrators;
struct lsa_info *handle;
+ GROUP_MAP *map=NULL;
int num_entries=0;
LSA_SID_ENUM *sids=&r_u->sids;
+ int i=0,j=0;
+ BOOL ret;
if (!find_policy_by_hnd(p, &q_u->pol, (void **)&handle))
return NT_STATUS_INVALID_HANDLE;
if (!(handle->access & POLICY_VIEW_LOCAL_INFORMATION))
return NT_STATUS_ACCESS_DENIED;
-
- num_entries = 1;
+ /* get the list of mapped groups (domain, local, builtin) */
+ become_root();
+ ret = pdb_enum_group_mapping(SID_NAME_UNKNOWN, &map, &num_entries, ENUM_ONLY_MAPPED);
+ unbecome_root();
+ if( !ret ) {
+ DEBUG(3,("_lsa_enum_accounts: enumeration of groups failed!\n"));
+ return NT_STATUS_OK;
+ }
+
if (q_u->enum_context >= num_entries)
return NT_STATUS_NO_MORE_ENTRIES;
sids->sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, (num_entries-q_u->enum_context)*sizeof(DOM_SID2));
if (sids->ptr_sid==NULL || sids->sid==NULL) {
+ SAFE_FREE(map);
return NT_STATUS_NO_MEMORY;
}
- init_dom_sid2( &(*sids).sid[0], &global_sid_Builtin_Administrators);
- init_lsa_r_enum_accounts(r_u, 1);
+ for (i=q_u->enum_context, j=0; i<num_entries; i++) {
+ init_dom_sid2( &(*sids).sid[j], &map[i].sid);
+ (*sids).ptr_sid[j]=1;
+ j++;
+ }
+
+ SAFE_FREE(map);
+
+ init_lsa_r_enum_accounts(r_u, j);
return NT_STATUS_OK;
}
char *dns_name = NULL;
char *forest_name = NULL;
DOM_SID *sid = NULL;
- struct uuid guid;
+ GUID guid;
fstring dnsdomname;
ZERO_STRUCT(guid);
return True;
}
-/*************************************************************************
- api_ds_enum_dom_trusts:
- *************************************************************************/
-
-#if 0 /* JERRY */
-static BOOL api_ds_enum_dom_trusts(pipes_struct *p)
-{
- DS_Q_ENUM_DOM_TRUSTS q_u;
- DS_R_ENUM_DOM_TRUSTS r_u;
-
- prs_struct *data = &p->in_data.data;
- prs_struct *rdata = &p->out_data.rdata;
-
- ZERO_STRUCT(q_u);
- ZERO_STRUCT(r_u);
-
- DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
- if ( !ds_io_q_enum_domain_trusts("", data, 0, &q_u) ) {
- DEBUG(0,("api_ds_enum_domain_trusts: Failed to unmarshall DS_Q_ENUM_DOM_TRUSTS.\n"));
- return False;
- }
-
- r_u.status = _ds_enum_dom_trusts(p, &q_u, &r_u);
-
- if ( !ds_io_r_enum_domain_trusts("", rdata, 0, &r_u) ) {
- DEBUG(0,("api_ds_enum_domain_trusts: Failed to marshall DS_R_ENUM_DOM_TRUSTS.\n"));
- return False;
- }
-
- DEBUG(6,("api_ds_enum_dom_trusts\n"));
-
- return True;
-}
-#endif /* JERRY */
-
/*******************************************************************
array of \PIPE\NETLOGON operations
********************************************************************/
{ "NET_SAMLOGOFF" , NET_SAMLOGOFF , api_net_sam_logoff },
{ "NET_LOGON_CTRL2" , NET_LOGON_CTRL2 , api_net_logon_ctrl2 },
{ "NET_TRUST_DOM_LIST", NET_TRUST_DOM_LIST, api_net_trust_dom_list },
- { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl },
-#if 0 /* JERRY */
- { "DS_ENUM_DOM_TRUSTS", DS_ENUM_DOM_TRUSTS, api_ds_enum_dom_trusts }
-#endif /* JERRY */
+ { "NET_LOGON_CTRL" , NET_LOGON_CTRL , api_net_logon_ctrl }
};
void netlog_get_pipe_fns( struct api_struct **fns, int *n_fns )
return status;
}
-/*************************************************************************
- _ds_enum_dom_trusts
- *************************************************************************/
-#if 0 /* JERRY -- not correct */
-NTSTATUS _ds_enum_dom_trusts(pipes_struct *p, DS_Q_ENUM_DOM_TRUSTS *q_u,
- DS_R_ENUM_DOM_TRUSTS *r_u)
-{
- NTSTATUS status = NT_STATUS_OK;
- /* TODO: According to MSDN, the can only be executed against a
- DC or domain member running Windows 2000 or later. Need
- to test against a standalone 2k server and see what it
- does. A windows 2000 DC includes its own domain in the
- list. --jerry */
-
- return status;
-}
-#endif /* JERRY */
{
if ( strequal(pipe_names[i].client_pipe, pname)
&& (abstract->version == pipe_names[i].abstr_syntax.version)
- && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(struct uuid)) == 0)
+ && (memcmp(&abstract->uuid, &pipe_names[i].abstr_syntax.uuid, sizeof(RPC_UUID)) == 0)
&& (transfer->version == pipe_names[i].trans_syntax.version)
- && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(struct uuid)) == 0) )
+ && (memcmp(&transfer->uuid, &pipe_names[i].trans_syntax.uuid, sizeof(RPC_UUID)) == 0) )
{
struct api_struct *fns = NULL;
int n_fns = 0;
echo_get_pipe_fns( &cmds, &n_cmds );
break;
#endif
- case PI_EPM:
- epm_get_pipe_fns( &cmds, &n_cmds );
- break;
default:
DEBUG(0,("get_pipe_fns: Unknown pipe index! [%d]\n", idx));
}
if (vuser) {
p->session_key = data_blob(vuser->session_key.data, vuser->session_key.length);
p->pipe_user.nt_user_token = dup_nt_token(vuser->nt_user_token);
- init_privilege(&p->pipe_user.privs);
- dup_priv_set(p->pipe_user.privs, vuser->privs);
}
/*
extern rid_name domain_alias_rids[];
extern rid_name builtin_alias_rids[];
-extern PRIVS privs[];
typedef struct _disp_info {
BOOL user_dbloaded;
Get the group entries - similar to get_sampwd_entries().
******************************************************************/
-static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx,
+static NTSTATUS get_group_entries( enum SID_NAME_USE type, TALLOC_CTX *ctx,
DOMAIN_GRP **d_grp, DOM_SID *sid, uint32 start_idx,
uint32 *p_num_entries, uint32 max_entries )
{
needed for some passdb backends to enumerate groups */
become_root();
- pdb_enum_group_mapping(SID_NAME_DOM_GRP, &map, (int *)&group_entries,
- ENUM_ONLY_MAPPED);
+ pdb_enum_group_mapping(type, &map, (int *)&group_entries, ENUM_ONLY_MAPPED);
unbecome_root();
num_entries=group_entries-start_idx;
fstrcpy((*d_grp)[i].name, map[i+start_idx].nt_name);
fstrcpy((*d_grp)[i].comment, map[i+start_idx].comment);
sid_split_rid(&map[i+start_idx].sid, &(*d_grp)[i].rid);
- (*d_grp)[i].attr=SID_NAME_DOM_GRP;
+ (*d_grp)[i].attr=type;
}
SAFE_FREE(map);
*p_num_entries = num_entries;
- DEBUG(10,("get_group_domain_entries: returning %d entries\n",
- *p_num_entries));
+ DEBUG(10,("get_group_entries: returning %d entries\n", *p_num_entries));
return NT_STATUS_OK;
}
/*******************************************************************
- Wrapper for enumerating local groups
+ Wrapper for enuemrating domain groups
******************************************************************/
-static NTSTATUS get_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
- const DOM_SID *sid, uint32 start_idx,
- uint32 *p_num_entries, uint32 max_entries )
+static NTSTATUS get_group_domain_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
+ DOM_SID *sid, uint32 start_idx,
+ uint32 *p_num_entries, uint32 max_entries )
{
- struct acct_info *info;
- int i;
- BOOL res;
-
- become_root();
- res = pdb_enum_aliases(sid, start_idx, max_entries,
- p_num_entries, &info);
- unbecome_root();
-
- if (!res)
- return NT_STATUS_ACCESS_DENIED;
+ return get_group_entries( SID_NAME_DOM_GRP, ctx, d_grp, sid, start_idx,
+ p_num_entries, max_entries );
+}
- *d_grp = talloc(ctx, sizeof(DOMAIN_GRP) * (*p_num_entries));
+/*******************************************************************
+ Wrapper for enumerating local groups
+ ******************************************************************/
- if (*d_grp == NULL) {
- SAFE_FREE(info);
- return NT_STATUS_NO_MEMORY;
+static NTSTATUS get_group_alias_entries( TALLOC_CTX *ctx, DOMAIN_GRP **d_grp,
+ DOM_SID *sid, uint32 start_idx,
+ uint32 *p_num_entries, uint32 max_entries)
+{
+ if ( sid_equal(sid, &global_sid_Builtin) ) {
+ return get_group_entries( SID_NAME_WKN_GRP, ctx, d_grp,
+ sid, start_idx, p_num_entries, max_entries );
}
-
- for (i=0; i<*p_num_entries; i++) {
- fstrcpy((*d_grp)[i].name, info[i].acct_name);
- fstrcpy((*d_grp)[i].comment, info[i].acct_desc);
- (*d_grp)[i].rid = info[i].rid;
- (*d_grp)[i].attr = SID_NAME_ALIAS;
+ else if ( sid_equal(sid, get_global_sam_sid()) ) {
+ return get_group_entries( SID_NAME_ALIAS, ctx, d_grp,
+ sid, start_idx, p_num_entries, max_entries );
}
- SAFE_FREE(info);
+ /* can't do anything with this SID */
+
+ *p_num_entries = 0;
+
return NT_STATUS_OK;
}
sid_to_string(sid_str, &sid);
DEBUG(5,("samr_reply_enum_dom_aliases: sid %s\n", sid_str));
- status = get_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx,
- &num_entries, MAX_SAM_ENTRIES);
+ status = get_group_alias_entries(p->mem_ctx, &grp, &sid, q_u->start_idx,
+ &num_entries, MAX_SAM_ENTRIES);
if (NT_STATUS_IS_ERR(status)) return status;
make_group_sam_entry_list(p->mem_ctx, &r_u->sam, &r_u->uni_grp_name, num_entries, grp);
NTSTATUS _samr_query_aliasinfo(pipes_struct *p, SAMR_Q_QUERY_ALIASINFO *q_u, SAMR_R_QUERY_ALIASINFO *r_u)
{
DOM_SID sid;
- struct acct_info info;
+ GROUP_MAP map;
uint32 acc_granted;
BOOL ret;
return r_u->status;
}
+ if (!sid_check_is_in_our_domain(&sid) &&
+ !sid_check_is_in_builtin(&sid))
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
become_root();
- ret = pdb_get_aliasinfo(&sid, &info);
+ ret = pdb_getgrsid(&map, sid);
unbecome_root();
if ( !ret )
case 1:
r_u->ptr = 1;
r_u->ctr.switch_value1 = 1;
- init_samr_alias_info1(&r_u->ctr.alias.info1,
- info.acct_name, 1, info.acct_desc);
+ init_samr_alias_info1(&r_u->ctr.alias.info1, map.nt_name, 1, map.comment);
break;
case 3:
r_u->ptr = 1;
r_u->ctr.switch_value1 = 3;
- init_samr_alias_info3(&r_u->ctr.alias.info3, info.acct_desc);
+ init_samr_alias_info3(&r_u->ctr.alias.info3, map.comment);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
return NT_STATUS_INVALID_HANDLE;
if (!NT_STATUS_IS_OK(nt_status = access_check_samr_function(acc_granted, SA_RIGHT_DOMAIN_CREATE_USER, "_samr_create_user"))) {
- if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT))) {
- DEBUG(3, ("_samr_create_user: User should be denied access but was overridden by %s\n", privs[SE_MACHINE_ACCOUNT].priv));
- } else {
- if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS))) {
- DEBUG(3, ("_samr_create_user: User should be denied access but was overridden by %s\n", privs[SE_ADD_USERS].priv));
- } else {
- return nt_status;
- }
- }
+ return nt_status;
}
if (!(acb_info == ACB_NORMAL || acb_info == ACB_DOMTRUST || acb_info == ACB_WSTRUST || acb_info == ACB_SVRTRUST)) {
/* the passdb lookup has failed; check to see if we need to run the
add user/machine script */
-
- /*
- * we can't check both the ending $ and the acb_info.
- *
- * UserManager creates trust accounts (ending in $,
- * normal that hidden accounts) with the acb_info equals to ACB_NORMAL.
- * JFM, 11/29/2001
- */
- if (account[strlen(account)-1] == '$') {
- if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_MACHINE_ACCOUNT)) || geteuid() == 0) {
- DEBUG(3, ("user [%s] has been granted Add Machines privilege!\n", p->user_name));
- become_root();
- pstrcpy(add_script, lp_addmachine_script());
- } else {
- DEBUG(3, ("user [%s] doesn't have Add Machines privilege!\n", p->user_name));
- return NT_STATUS_ACCESS_DENIED;
- }
- } else {
- if (NT_STATUS_IS_OK(user_has_privilege(&(p->pipe_user), SE_ADD_USERS)) || geteuid() == 0) {
- DEBUG(3, ("user [%s] has been granted Add Users privilege!\n", p->user_name));
- become_root();
- pstrcpy(add_script, lp_adduser_script());
- } else {
- DEBUG(3, ("user [%s] doesn't have Add Users privilege!\n", p->user_name));
- return NT_STATUS_ACCESS_DENIED;
- }
- }
pw = Get_Pwnam(account);
*********************************************************************/
if ( !pw ) {
+ /*
+ * we can't check both the ending $ and the acb_info.
+ *
+ * UserManager creates trust accounts (ending in $,
+ * normal that hidden accounts) with the acb_info equals to ACB_NORMAL.
+ * JFM, 11/29/2001
+ */
+ if (account[strlen(account)-1] == '$')
+ pstrcpy(add_script, lp_addmachine_script());
+ else
+ pstrcpy(add_script, lp_adduser_script());
if (*add_script) {
int add_ret;
}
else /* no add user script -- ask winbindd to do it */
{
- if (!winbind_create_user(account, &new_rid)) {
+ if ( !winbind_create_user( account, &new_rid ) ) {
DEBUG(3,("_samr_create_user: winbind_create_user(%s) failed\n",
account));
}
/* implicit call to getpwnam() next. we have a valid SID coming out of this call */
if ( !NT_STATUS_IS_OK(nt_status = pdb_init_sam_new(&sam_pass, account, new_rid)) )
- goto done;
+ return nt_status;
pdb_set_acct_ctrl(sam_pass, acb_info, PDB_CHANGED);
if (!pdb_add_sam_account(sam_pass)) {
pdb_free_sam(&sam_pass);
- DEBUG(0, ("could not add user/computer %s to passdb !?\n",
+ DEBUG(0, ("could not add user/computer %s to passdb. Check permissions?\n",
account));
- nt_status = NT_STATUS_ACCESS_DENIED;
- goto done;
+ return NT_STATUS_ACCESS_DENIED;
}
/* Get the user's SID */
if (!NT_STATUS_IS_OK(nt_status =
access_check_samr_object(psd, p->pipe_user.nt_user_token,
des_access, &acc_granted, "_samr_create_user"))) {
- goto done;
+ return nt_status;
}
/* associate the user's SID with the new handle. */
if ((info = get_samr_info_by_sid(&sid)) == NULL) {
pdb_free_sam(&sam_pass);
- nt_status = NT_STATUS_NO_MEMORY;
- goto done;
+ return NT_STATUS_NO_MEMORY;
}
ZERO_STRUCTP(info);
/* get a (unique) handle. open a policy on it. */
if (!create_policy_hnd(p, user_pol, free_samr_info, (void *)info)) {
pdb_free_sam(&sam_pass);
- nt_status = NT_STATUS_OBJECT_NAME_NOT_FOUND;
- goto done;
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
r_u->user_rid=pdb_get_user_rid(sam_pass);
pdb_free_sam(&sam_pass);
- nt_status = NT_STATUS_OK;
-
-done:
- unbecome_root();
- return nt_status;
+ return NT_STATUS_OK;
}
/*******************************************************************
{
int i;
+ GROUP_MAP map;
int num_sids = 0;
DOM_SID2 *sid;
DOM_SID *sids=NULL;
DOM_SID alias_sid;
+ DOM_SID als_sid;
+ uint32 alias_rid;
+ fstring alias_sid_str;
uint32 acc_granted;
access_check_samr_function(acc_granted, SA_RIGHT_ALIAS_GET_MEMBERS, "_samr_query_aliasmem"))) {
return r_u->status;
}
+
+ sid_copy(&als_sid, &alias_sid);
+ sid_to_string(alias_sid_str, &alias_sid);
+ sid_split_rid(&alias_sid, &alias_rid);
+
+ DEBUG(10, ("sid is %s\n", alias_sid_str));
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ if (sid_equal(&alias_sid, &global_sid_Builtin)) {
+ DEBUG(10, ("lookup on Builtin SID (S-1-5-32)\n"));
+ if(!get_builtin_group_from_sid(&als_sid, &map))
+ return NT_STATUS_NO_SUCH_ALIAS;
+ } else {
+ if (sid_equal(&alias_sid, get_global_sam_sid())) {
+ DEBUG(10, ("lookup on Server SID\n"));
+ if(!get_local_group_from_sid(&als_sid, &map)) {
+ fstring alias_sid_string;
+ DEBUG(10, ("Alias %s not found\n", sid_to_string(alias_sid_string, &als_sid)));
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
+ }
+ }
- if (!pdb_enum_aliasmem(&alias_sid, &sids, &num_sids))
+ if (!get_sid_list_of_group(map.gid, &sids, &num_sids)) {
+ fstring alias_sid_string;
+ DEBUG(10, ("Alias %s found, but member list unavailable\n", sid_to_string(alias_sid_string, &als_sid)));
return NT_STATUS_NO_SUCH_ALIAS;
+ }
+ DEBUG(10, ("sid is %s\n", alias_sid_str));
sid = (DOM_SID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_SID2) * num_sids);
if (num_sids!=0 && sid == NULL) {
SAFE_FREE(sids);
init_dom_sid2(&sid[i], &sids[i]);
}
+ DEBUG(10, ("sid is %s\n", alias_sid_str));
init_samr_r_query_aliasmem(r_u, num_sids, sid, NT_STATUS_OK);
SAFE_FREE(sids);
NTSTATUS _samr_add_aliasmem(pipes_struct *p, SAMR_Q_ADD_ALIASMEM *q_u, SAMR_R_ADD_ALIASMEM *r_u)
{
DOM_SID alias_sid;
+ fstring alias_sid_str;
+ uid_t uid;
+ struct passwd *pwd;
+ struct group *grp;
+ fstring grp_name;
+ GROUP_MAP map;
+ NTSTATUS ret;
+ SAM_ACCOUNT *sam_user = NULL;
+ BOOL check;
uint32 acc_granted;
/* Find the policy handle. Open a policy on it. */
return r_u->status;
}
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ sid_to_string(alias_sid_str, &alias_sid);
+ DEBUG(10, ("sid is %s\n", alias_sid_str));
- if (!pdb_add_aliasmem(&alias_sid, &q_u->sid.sid))
- return NT_STATUS_ACCESS_DENIED;
+ if (sid_compare(&alias_sid, get_global_sam_sid())>0) {
+ DEBUG(10, ("adding member on Server SID\n"));
+ if(!get_local_group_from_sid(&alias_sid, &map))
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ } else {
+ if (sid_compare(&alias_sid, &global_sid_Builtin)>0) {
+ DEBUG(10, ("adding member on BUILTIN SID\n"));
+ if( !get_builtin_group_from_sid(&alias_sid, &map))
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ } else
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ ret = pdb_init_sam(&sam_user);
+ if (!NT_STATUS_IS_OK(ret))
+ return ret;
+
+ check = pdb_getsampwsid(sam_user, &q_u->sid.sid);
+
+ if (check != True) {
+ pdb_free_sam(&sam_user);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* check a real user exist before we run the script to add a user to a group */
+ if (!NT_STATUS_IS_OK(sid_to_uid(pdb_get_user_sid(sam_user), &uid))) {
+ pdb_free_sam(&sam_user);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ pdb_free_sam(&sam_user);
+
+ if ((pwd=getpwuid_alloc(uid)) == NULL) {
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ if ((grp=getgrgid(map.gid)) == NULL) {
+ passwd_free(&pwd);
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ /* we need to copy the name otherwise it's overloaded in user_in_group_list */
+ fstrcpy(grp_name, grp->gr_name);
+ /* if the user is already in the group */
+ if(user_in_unix_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
+ return NT_STATUS_MEMBER_IN_ALIAS;
+ }
+
+ /*
+ * ok, the group exist, the user exist, the user is not in the group,
+ * we can (finally) add it to the group !
+ */
+ smb_add_user_group(grp_name, pwd->pw_name);
+
+ /* check if the user has been added then ... */
+ if(!user_in_unix_group_list(pwd->pw_name, grp_name)) {
+ passwd_free(&pwd);
+ return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */
+ }
+
+ passwd_free(&pwd);
return NT_STATUS_OK;
}
NTSTATUS _samr_del_aliasmem(pipes_struct *p, SAMR_Q_DEL_ALIASMEM *q_u, SAMR_R_DEL_ALIASMEM *r_u)
{
DOM_SID alias_sid;
+ fstring alias_sid_str;
+ struct group *grp;
+ fstring grp_name;
+ GROUP_MAP map;
+ SAM_ACCOUNT *sam_pass=NULL;
uint32 acc_granted;
/* Find the policy handle. Open a policy on it. */
return r_u->status;
}
- DEBUG(10, ("_samr_del_aliasmem:sid is %s\n",
- sid_string_static(&alias_sid)));
+ sid_to_string(alias_sid_str, &alias_sid);
+ DEBUG(10, ("_samr_del_aliasmem:sid is %s\n", alias_sid_str));
- if (!pdb_del_aliasmem(&alias_sid, &q_u->sid.sid))
- return NT_STATUS_ACCESS_DENIED;
-
+ if (!sid_check_is_in_our_domain(&alias_sid) &&
+ !sid_check_is_in_builtin(&alias_sid)) {
+ DEBUG(10, ("_samr_del_aliasmem:invalid alias group\n"));
+ return NT_STATUS_NO_SUCH_ALIAS;
+ }
+
+ if( !get_local_group_from_sid(&alias_sid, &map))
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ if ((grp=getgrgid(map.gid)) == NULL)
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ /* we need to copy the name otherwise it's overloaded in user_in_unix_group_list */
+ fstrcpy(grp_name, grp->gr_name);
+
+ /* check if the user exists before trying to remove it from the group */
+ pdb_init_sam(&sam_pass);
+ if(!pdb_getsampwsid(sam_pass, &q_u->sid.sid)) {
+ DEBUG(5,("_samr_del_aliasmem:User %s doesn't exist.\n", pdb_get_username(sam_pass)));
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_NO_SUCH_USER;
+ }
+
+ /* if the user is not in the group */
+ if(!user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) {
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_MEMBER_NOT_IN_ALIAS;
+ }
+
+ smb_delete_user_group(grp_name, pdb_get_username(sam_pass));
+
+ /* check if the user has been removed then ... */
+ if(user_in_unix_group_list(pdb_get_username(sam_pass), grp_name)) {
+ pdb_free_sam(&sam_pass);
+ return NT_STATUS_MEMBER_NOT_IN_ALIAS; /* don't know what to reply else */
+ }
+
+ pdb_free_sam(&sam_pass);
return NT_STATUS_OK;
}
NTSTATUS _samr_delete_dom_alias(pipes_struct *p, SAMR_Q_DELETE_DOM_ALIAS *q_u, SAMR_R_DELETE_DOM_ALIAS *r_u)
{
DOM_SID alias_sid;
+ DOM_SID dom_sid;
+ uint32 alias_rid;
+ fstring alias_sid_str;
+ gid_t gid;
+ struct group *grp;
+ GROUP_MAP map;
uint32 acc_granted;
DEBUG(5, ("_samr_delete_dom_alias: %d\n", __LINE__));
if (!NT_STATUS_IS_OK(r_u->status = access_check_samr_function(acc_granted, STD_RIGHT_DELETE_ACCESS, "_samr_delete_dom_alias"))) {
return r_u->status;
}
+
+ sid_copy(&dom_sid, &alias_sid);
+ sid_to_string(alias_sid_str, &dom_sid);
+ sid_split_rid(&dom_sid, &alias_rid);
- DEBUG(10, ("sid is %s\n", sid_string_static(&alias_sid)));
+ DEBUG(10, ("sid is %s\n", alias_sid_str));
- if (!sid_check_is_in_our_domain(&alias_sid))
+ /* we check if it's our SID before deleting */
+ if (!sid_equal(&dom_sid, get_global_sam_sid()))
return NT_STATUS_NO_SUCH_ALIAS;
-
+
DEBUG(10, ("lookup on Local SID\n"));
- /* Have passdb delete the alias */
- if (!pdb_delete_alias(&alias_sid))
+ if(!get_local_group_from_sid(&alias_sid, &map))
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ gid=map.gid;
+
+ /* check if group really exists */
+ if ( (grp=getgrgid(gid)) == NULL)
+ return NT_STATUS_NO_SUCH_ALIAS;
+
+ /* we can delete the UNIX group */
+ smb_delete_group(grp->gr_name);
+
+ /* check if the group has been successfully deleted */
+ if ( (grp=getgrgid(gid)) != NULL)
return NT_STATUS_ACCESS_DENIED;
+ /* don't check if we removed it as it could be an un-mapped group */
+ pdb_delete_group_mapping_entry(alias_sid);
+
if (!close_policy_hnd(p, &q_u->alias_pol))
return NT_STATUS_OBJECT_NAME_INVALID;
DOM_SID dom_sid;
DOM_SID info_sid;
fstring name;
+ fstring sid_string;
struct group *grp;
struct samr_info *info;
uint32 acc_granted;
unistr2_to_ascii(name, &q_u->uni_acct_desc, sizeof(name)-1);
- /* Have passdb create the alias */
- if (!pdb_create_alias(name, &r_u->rid))
- return NT_STATUS_ACCESS_DENIED;
-
- sid_copy(&info_sid, get_global_sam_sid());
- sid_append_rid(&info_sid, r_u->rid);
+ /* check if group already exists */
+ if ( (grp=getgrnam(name)) != NULL)
+ return NT_STATUS_ALIAS_EXISTS;
- if (!NT_STATUS_IS_OK(sid_to_gid(&info_sid, &gid)))
+ /* we can create the UNIX group */
+ if (smb_create_group(name, &gid) != 0)
return NT_STATUS_ACCESS_DENIED;
/* check if the group has been successfully created */
if ((grp=getgrgid(gid)) == NULL)
return NT_STATUS_ACCESS_DENIED;
+ r_u->rid=pdb_gid_to_group_rid(grp->gr_gid);
+
+ sid_copy(&info_sid, get_global_sam_sid());
+ sid_append_rid(&info_sid, r_u->rid);
+ sid_to_string(sid_string, &info_sid);
+
+ /* add the group to the mapping table */
+ if(!add_initial_entry(grp->gr_gid, sid_string, SID_NAME_ALIAS, name, NULL))
+ return NT_STATUS_ACCESS_DENIED;
+
if ((info = get_samr_info_by_sid(&info_sid)) == NULL)
return NT_STATUS_NO_MEMORY;
NTSTATUS _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u)
{
DOM_SID group_sid;
- struct acct_info info;
+ GROUP_MAP map;
ALIAS_INFO_CTR *ctr;
uint32 acc_granted;
return r_u->status;
}
+ if (!get_local_group_from_sid(&group_sid, &map) &&
+ !get_builtin_group_from_sid(&group_sid, &map))
+ return NT_STATUS_NO_SUCH_GROUP;
+
ctr=&q_u->ctr;
switch (ctr->switch_value1) {
case 3:
- unistr2_to_ascii(info.acct_desc,
- &(ctr->alias.info3.uni_acct_desc),
- sizeof(info.acct_desc)-1);
+ unistr2_to_ascii(map.comment, &(ctr->alias.info3.uni_acct_desc), sizeof(map.comment)-1);
break;
default:
return NT_STATUS_INVALID_INFO_CLASS;
}
- if(!pdb_set_aliasinfo(&group_sid, &info)) {
- return NT_STATUS_ACCESS_DENIED;
+ if(!pdb_update_group_mapping_entry(&map)) {
+ return NT_STATUS_NO_SUCH_GROUP;
}
return NT_STATUS_OK;
DEBUG(10,("INFO_21 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
- pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
- } else {
- uint32 expire;
- time_t new_time;
- if (pdb_get_pass_must_change_time(to) == 0) {
- if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
- || expire == (uint32)-1) {
- new_time = get_time_t_max();
- } else {
- time_t old_time = pdb_get_pass_last_set_time(to);
- new_time = old_time + expire;
- if ((new_time) < time(0)) {
- new_time = time(0) + expire;
- }
- }
- if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
- DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
- }
- }
+ pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
}
DEBUG(10,("INFO_21 PADDING_2: %02X\n",from->padding2));
DEBUG(10,("INFO_23 PASS_MUST_CHANGE_AT_NEXT_LOGON: %02X\n",from->passmustchange));
if (from->passmustchange==PASS_MUST_CHANGE_AT_NEXT_LOGON) {
pdb_set_pass_must_change_time(to,0, PDB_CHANGED);
- } else {
- uint32 expire;
- time_t new_time;
- if (pdb_get_pass_must_change_time(to) == 0) {
- if (!account_policy_get(AP_MAX_PASSWORD_AGE, &expire)
- || expire == (uint32)-1) {
- new_time = get_time_t_max();
- } else {
- time_t old_time = pdb_get_pass_last_set_time(to);
- new_time = old_time + expire;
- if ((new_time) < time(0)) {
- new_time = time(0) + expire;
- }
- }
- if (!pdb_set_pass_must_change_time (to, new_time, PDB_CHANGED)) {
- DEBUG (0, ("pdb_set_pass_must_change_time failed!\n"));
- }
- }
}
DEBUG(10,("INFO_23 PADDING_2: %02X\n",from->padding2));
static BOOL construct_printer_info_7(Printer_entry *print_hnd, PRINTER_INFO_7 *printer, int snum)
{
char *guid_str = NULL;
- UUID_FLAT guid;
+ GUID guid;
if (is_printer_published(print_hnd, snum, &guid)) {
- asprintf(&guid_str, "{%s}",
- smb_uuid_string_static(smb_uuid_unpack_static(guid)));
+ asprintf(&guid_str, "{%s}", smb_uuid_string_static(guid));
strupper_m(guid_str);
init_unistr(&printer->guid, guid_str);
printer->action = SPOOL_DS_PUBLISH;
static char *valid_share_pathname(char *dos_pathname)
{
+ pstring saved_pathname;
+ pstring unix_pathname;
char *ptr;
+ int ret;
/* Convert any '\' paths to '/' */
unix_format(dos_pathname);
if (*ptr != '/')
return NULL;
- return ptr;
-}
-
-static BOOL exist_share_pathname(char *unix_pathname)
-{
- pstring saved_pathname;
- int ret;
-
/* Can we cd to it ? */
/* First save our current directory. */
if (getcwd(saved_pathname, sizeof(saved_pathname)) == NULL)
return False;
+ pstrcpy(unix_pathname, ptr);
+
ret = chdir(unix_pathname);
/* We *MUST* be able to chdir back. Abort if we can't. */
if (chdir(saved_pathname) == -1)
smb_panic("valid_share_pathname: Unable to restore current directory.\n");
- if (ret == -1) return False;
-
- return True;
+ return (ret != -1) ? ptr : NULL;
}
/*******************************************************************
int type;
int snum;
int ret;
- char *path;
+ char *ptr;
SEC_DESC *psd = NULL;
DEBUG(5,("_srv_net_share_set_info: %d\n", __LINE__));
return WERR_ACCESS_DENIED;
/* Check if the pathname is valid. */
- if (!(path = valid_share_pathname( pathname )))
+ if (!(ptr = valid_share_pathname( pathname )))
return WERR_OBJECT_PATH_INVALID;
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
- string_replace(path, '"', ' ');
+ string_replace(ptr, '"', ' ');
string_replace(comment, '"', ' ');
DEBUG(10,("_srv_net_share_set_info: change share command = %s\n",
/* Only call modify function if something changed. */
- if (strcmp(path, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
+ if (strcmp(ptr, lp_pathname(snum)) || strcmp(comment, lp_comment(snum)) ) {
if (!lp_change_share_cmd() || !*lp_change_share_cmd())
return WERR_ACCESS_DENIED;
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_change_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+ lp_change_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
DEBUG(10,("_srv_net_share_set_info: Running [%s]\n", command ));
if ((ret = smbrun(command, NULL)) != 0) {
return WERR_ACCESS_DENIED;
}
- /* Check if the new share pathname exist, if not return an error */
- if (!exist_share_pathname(path)) {
- DEBUG(1, ("_srv_net_share_set_info: change share command was ok but path (%s) has not been created!\n", path));
- return WERR_OBJECT_PATH_INVALID;
- }
-
/* Tell everyone we updated smb.conf. */
message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
int type;
int snum;
int ret;
- char *path;
+ char *ptr;
SEC_DESC *psd = NULL;
DEBUG(5,("_srv_net_share_add: %d\n", __LINE__));
return WERR_ACCESS_DENIED;
/* Check if the pathname is valid. */
- if (!(path = valid_share_pathname( pathname )))
+ if (!(ptr = valid_share_pathname( pathname )))
return WERR_OBJECT_PATH_INVALID;
/* Ensure share name, pathname and comment don't contain '"' characters. */
string_replace(share_name, '"', ' ');
- string_replace(path, '"', ' ');
+ string_replace(ptr, '"', ' ');
string_replace(comment, '"', ' ');
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_add_share_cmd(), dyn_CONFIGFILE, share_name, path, comment);
+ lp_add_share_cmd(), dyn_CONFIGFILE, share_name, ptr, comment);
DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
if ((ret = smbrun(command, NULL)) != 0) {
return WERR_ACCESS_DENIED;
}
- /* Check if the new share pathname exist, if not try to delete the
- * share and return an error */
- if (!exist_share_pathname(path)) {
- DEBUG(1, ("_srv_net_share_add: add share command was ok but path (%s) has not been created!\n", path));
- DEBUG(1, ("_srv_net_share_add: trying to rollback and delete the share\n"));
-
- if (!lp_delete_share_cmd() || !*lp_delete_share_cmd()) {
- DEBUG(1, ("_srv_net_share_add: Error! delete share command is not defined! Please check share (%s) in the config file\n", share_name));
- return WERR_OBJECT_PATH_INVALID;
- }
-
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"",
- lp_delete_share_cmd(), dyn_CONFIGFILE, share_name);
-
- DEBUG(10,("_srv_net_share_add: Running [%s]\n", command ));
- if ((ret = smbrun(command, NULL)) != 0) {
- DEBUG(0,("_srv_net_share_add: Running [%s] returned (%d)\n", command, ret ));
- DEBUG(1, ("_srv_net_share_add: Error! delete share command failed! Please check share (%s) in the config file\n", share_name));
- }
-
- return WERR_OBJECT_PATH_INVALID;
- }
-
if (psd) {
- if (!set_share_security(p->mem_ctx, share_name, psd)) {
- DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n", share_name ));
- }
+ if (!set_share_security(p->mem_ctx, share_name, psd))
+ DEBUG(0,("_srv_net_share_add: Failed to add security info to share %s.\n",
+ share_name ));
}
/* Tell everyone we updated smb.conf. */
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- RPC pipe client
-
- Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2003
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-#include "rpcclient.h"
-
-
-static NTSTATUS cmd_epm_map(struct cli_state *cli,
- TALLOC_CTX *mem_ctx,
- int argc, const char **argv)
-{
- EPM_HANDLE handle, entry_handle;
- EPM_TOWER *towers;
- EPM_FLOOR floors[5];
- uint8 addr[4] = {0,0,0,0};
- uint32 numtowers;
- /* need to allow all this stuff to be passed in, but
- for now, it demonstrates the call */
- struct uuid if_uuid = {0xe3514235, 0x4b06, 0x11d1, \
- { 0xab, 0x04 }, \
- { 0x00, 0xc0, \
- 0x4f, 0xc2, 0xdc, 0xd2 } },
- syn_uuid = {0x8a885d04, 0x1ceb, 0x11c9, \
- { 0x9f, 0xe8 }, \
- { 0x08, 0x00, \
- 0x2b, 0x10, 0x48, 0x60 } };
-
- NTSTATUS result;
-
- ZERO_STRUCT(handle);
- numtowers = 1;
- init_epm_floor_uuid(&floors[0], if_uuid, 4);
- init_epm_floor_uuid(&floors[1], syn_uuid, 2);
- init_epm_floor_rpc(&floors[2]);
-
- /* sample for netbios named pipe query
- init_epm_floor_np(&floors[3], "\\PIPE\\lsass");
- init_epm_floor_nb(&floors[4], "\\\\psflinux");
- */
- init_epm_floor_tcp(&floors[3], 135);
- init_epm_floor_ip(&floors[4], addr);
- towers = talloc(mem_ctx, sizeof(EPM_TOWER));
- init_epm_tower(mem_ctx, towers, floors, 5);
-
- result = cli_epm_map(cli, mem_ctx, &handle, &towers, &entry_handle, &numtowers);
-
- return result;
-}
-
-struct cmd_set epm_commands[] = {
-
- { "EPMAPPER" },
-
- { "map", RPC_RTYPE_NTSTATUS, cmd_epm_map, NULL, PI_EPM, "map endpoint", "" },
- { NULL }
-};
-
-
POLICY_HND pol;
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
DOM_SID *dom_sid;
- struct uuid *dom_guid;
+ GUID *dom_guid;
fstring sid_str;
char *domain_name = NULL;
char *dns_name = NULL;
if (info_class == 12) {
printf("domain GUID is ");
- smb_uuid_string_static(*dom_guid);
+ print_guid(&dom_guid);
}
done:
return result;
extern struct cmd_set ds_commands[];
extern struct cmd_set echo_commands[];
extern struct cmd_set shutdown_commands[];
-extern struct cmd_set epm_commands[];
static struct cmd_set *rpcclient_command_list[] = {
rpcclient_commands,
reg_commands,
echo_commands,
shutdown_commands,
- epm_commands,
NULL
};
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Jeremy Allison 1996-2001
- Copyright (C) Luke Kenneth Casson Leighton 1996-1998
- Copyright (C) Gerald (Jerry) Carter 2000-2001
- Copyright (C) Andrew Bartlett 2001-2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_ACCOUNT_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_account(SAM_ACCOUNT_HANDLE *account)
-{
- ZERO_STRUCT(account->private); /* Don't touch the talloc context */
-
- /* Don't change these timestamp settings without a good reason.
- They are important for NT member server compatibility. */
-
- /* FIXME: We should actually call get_nt_time_max() or sthng
- * here */
- unix_to_nt_time(&(account->private.logoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.kickoff_time),get_time_t_max());
- unix_to_nt_time(&(account->private.pass_must_change_time),get_time_t_max());
- account->private.unknown_1 = 0x00ffffff; /* don't know */
- account->private.logon_divs = 168; /* hours per week */
- account->private.hours_len = 21; /* 21 times 8 bits = 168 */
- memset(account->private.hours, 0xff, account->private.hours_len); /* available at all hours */
- account->private.unknown_2 = 0x00000000; /* don't know */
- account->private.unknown_3 = 0x000004ec; /* don't know */
-}
-
-static void destroy_sam_talloc(SAM_ACCOUNT_HANDLE **account)
-{
- if (*account) {
- data_blob_clear_free(&((*account)->private.lm_pw));
- data_blob_clear_free(&((*account)->private.nt_pw));
- if((*account)->private.plaintext_pw!=NULL)
- memset((*account)->private.plaintext_pw,'\0',strlen((*account)->private.plaintext_pw));
-
- talloc_destroy((*account)->mem_ctx);
- *account = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_ACCOUNT_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_account_talloc(TALLOC_CTX *mem_ctx, SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *account=(SAM_ACCOUNT_HANDLE *)talloc(mem_ctx, sizeof(SAM_ACCOUNT_HANDLE));
-
- if (*account==NULL) {
- DEBUG(0,("sam_init_account_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*account)->mem_ctx = mem_ctx;
-
- (*account)->free_fn = NULL;
-
- sam_fill_default_account(*account);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct sam_passwd.
- ************************************************************/
-
-NTSTATUS sam_init_account(SAM_ACCOUNT_HANDLE **account)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_ACCOUNT_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_account: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_account_talloc(mem_ctx, account))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*account)->free_fn = destroy_sam_talloc;
-
- return NT_STATUS_OK;
-}
-
-/**
- * Free the contents of the SAM_ACCOUNT_HANDLE, but not the structure.
- *
- * Also wipes the LM and NT hashes and plaintext password from
- * memory.
- *
- * @param account SAM_ACCOUNT_HANDLE to free members of.
- **/
-
-static void sam_free_account_contents(SAM_ACCOUNT_HANDLE *account)
-{
-
- /* Kill off sensitive data. Free()ed by the
- talloc mechinism */
-
- data_blob_clear_free(&(account->private.lm_pw));
- data_blob_clear_free(&(account->private.nt_pw));
- if (account->private.plaintext_pw)
- memset(account->private.plaintext_pw,'\0',strlen(account->private.plaintext_pw));
-}
-
-
-/************************************************************
- Reset the SAM_ACCOUNT_HANDLE and free the NT/LM hashes.
- ***********************************************************/
-
-NTSTATUS sam_reset_sam(SAM_ACCOUNT_HANDLE *account)
-{
- SMB_ASSERT(account != NULL);
-
- sam_free_account_contents(account);
-
- sam_fill_default_account(account);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_ACCOUNT_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_account(SAM_ACCOUNT_HANDLE **account)
-{
- SMB_ASSERT(*account != NULL);
-
- sam_free_account_contents(*account);
-
- if ((*account)->free_fn) {
- (*account)->free_fn(account);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the account control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 acct_ctrl, size_t length)
-{
- static fstring acct_str;
- size_t i = 0;
-
- acct_str[i++] = '[';
-
- if (acct_ctrl & ACB_PWNOTREQ ) acct_str[i++] = 'N';
- if (acct_ctrl & ACB_DISABLED ) acct_str[i++] = 'D';
- if (acct_ctrl & ACB_HOMDIRREQ) acct_str[i++] = 'H';
- if (acct_ctrl & ACB_TEMPDUP ) acct_str[i++] = 'T';
- if (acct_ctrl & ACB_NORMAL ) acct_str[i++] = 'U';
- if (acct_ctrl & ACB_MNS ) acct_str[i++] = 'M';
- if (acct_ctrl & ACB_WSTRUST ) acct_str[i++] = 'W';
- if (acct_ctrl & ACB_SVRTRUST ) acct_str[i++] = 'S';
- if (acct_ctrl & ACB_AUTOLOCK ) acct_str[i++] = 'L';
- if (acct_ctrl & ACB_PWNOEXP ) acct_str[i++] = 'X';
- if (acct_ctrl & ACB_DOMTRUST ) acct_str[i++] = 'I';
-
- for ( ; i < length - 2 ; i++ )
- acct_str[i] = ' ';
-
- i = length - 2;
- acct_str[i++] = ']';
- acct_str[i++] = '\0';
-
- return acct_str;
-}
-
-/**********************************************************
- Decode the account control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_acct_ctrl(const char *p)
-{
- uint16 acct_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'N': { acct_ctrl |= ACB_PWNOTREQ ; break; /* 'N'o password. */ }
- case 'D': { acct_ctrl |= ACB_DISABLED ; break; /* 'D'isabled. */ }
- case 'H': { acct_ctrl |= ACB_HOMDIRREQ; break; /* 'H'omedir required. */ }
- case 'T': { acct_ctrl |= ACB_TEMPDUP ; break; /* 'T'emp account. */ }
- case 'U': { acct_ctrl |= ACB_NORMAL ; break; /* 'U'ser account (normal). */ }
- case 'M': { acct_ctrl |= ACB_MNS ; break; /* 'M'NS logon user account. What is this ? */ }
- case 'W': { acct_ctrl |= ACB_WSTRUST ; break; /* 'W'orkstation account. */ }
- case 'S': { acct_ctrl |= ACB_SVRTRUST ; break; /* 'S'erver account. */ }
- case 'L': { acct_ctrl |= ACB_AUTOLOCK ; break; /* 'L'ocked account. */ }
- case 'X': { acct_ctrl |= ACB_PWNOEXP ; break; /* No 'X'piry on password */ }
- case 'I': { acct_ctrl |= ACB_DOMTRUST ; break; /* 'I'nterdomain trust account. */ }
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return acct_ctrl;
-}
-
-/*************************************************************
- Routine to set 32 hex password characters from a 16 byte array.
-**************************************************************/
-
-void sam_sethexpwd(char *p, const unsigned char *pwd, uint16 acct_ctrl)
-{
- if (pwd != NULL) {
- int i;
- for (i = 0; i < 16; i++)
- slprintf(&p[i*2], 3, "%02X", pwd[i]);
- } else {
- if (acct_ctrl & ACB_PWNOTREQ)
- safe_strcpy(p, "NO PASSWORDXXXXXXXXXXXXXXXXXXXXX", 33);
- else
- safe_strcpy(p, "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", 33);
- }
-}
-
-/*************************************************************
- Routine to get the 32 hex characters and turn them
- into a 16 byte array.
-**************************************************************/
-
-BOOL sam_gethexpwd(const char *p, unsigned char *pwd)
-{
- int i;
- unsigned char lonybble, hinybble;
- char *hexchars = "0123456789ABCDEF";
- char *p1, *p2;
-
- if (!p)
- return (False);
-
- for (i = 0; i < 32; i += 2) {
- hinybble = toupper(p[i]);
- lonybble = toupper(p[i + 1]);
-
- p1 = strchr(hexchars, hinybble);
- p2 = strchr(hexchars, lonybble);
-
- if (!p1 || !p2)
- return (False);
-
- hinybble = PTR_DIFF(p1, hexchars);
- lonybble = PTR_DIFF(p2, hexchars);
-
- pwd[i / 2] = (hinybble << 4) | lonybble;
- }
- return (True);
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- SAM_GROUP_HANDLE /SAM_GROUP_ENUM helpers
-
- Copyright (C) Stefan (metze) Metzmacher 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-/************************************************************
- Fill the SAM_GROUP_HANDLE with default values.
- ***********************************************************/
-
-static void sam_fill_default_group(SAM_GROUP_HANDLE *group)
-{
- ZERO_STRUCT(group->private); /* Don't touch the talloc context */
-
-}
-
-static void destroy_sam_group_handle_talloc(SAM_GROUP_HANDLE **group)
-{
- if (*group) {
-
- talloc_destroy((*group)->mem_ctx);
- *group = NULL;
- }
-}
-
-
-/**********************************************************************
- Alloc memory and initialises a SAM_GROUP_HANDLE on supplied mem_ctx.
-***********************************************************************/
-
-NTSTATUS sam_init_group_talloc(TALLOC_CTX *mem_ctx, SAM_GROUP_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group_talloc: mem_ctx was NULL!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- *group=(SAM_GROUP_HANDLE *)talloc(mem_ctx, sizeof(SAM_GROUP_HANDLE));
-
- if (*group==NULL) {
- DEBUG(0,("sam_init_group_talloc: error while allocating memory\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- (*group)->mem_ctx = mem_ctx;
-
- (*group)->free_fn = NULL;
-
- sam_fill_default_group(*group);
-
- return NT_STATUS_OK;
-}
-
-
-/*************************************************************
- Alloc memory and initialises a struct SAM_GROUP_HANDLE.
- ************************************************************/
-
-NTSTATUS sam_init_group(SAM_GROUP_HANDLE **group)
-{
- TALLOC_CTX *mem_ctx;
- NTSTATUS nt_status;
-
- mem_ctx = talloc_init("sam internal SAM_GROUP_HANDLE allocation");
-
- if (!mem_ctx) {
- DEBUG(0,("sam_init_group: error while doing talloc_init()\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_init_group_talloc(mem_ctx, group))) {
- talloc_destroy(mem_ctx);
- return nt_status;
- }
-
- (*group)->free_fn = destroy_sam_group_handle_talloc;
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Reset the SAM_GROUP_HANDLE.
- ***********************************************************/
-
-NTSTATUS sam_reset_group(SAM_GROUP_HANDLE *group)
-{
- SMB_ASSERT(group != NULL);
-
- sam_fill_default_group(group);
-
- return NT_STATUS_OK;
-}
-
-
-/************************************************************
- Free the SAM_GROUP_HANDLE and the member pointers.
- ***********************************************************/
-
-NTSTATUS sam_free_group(SAM_ACCOUNT_HANDLE **group)
-{
- SMB_ASSERT(*group != NULL);
-
- if ((*group)->free_fn) {
- (*group)->free_fn(group);
- }
-
- return NT_STATUS_OK;
-}
-
-
-/**********************************************************
- Encode the group control bits into a string.
- length = length of string to encode into (including terminating
- null). length *MUST BE MORE THAN 2* !
- **********************************************************/
-
-char *sam_encode_acct_ctrl(uint16 group_ctrl, size_t length)
-{
- static fstring group_str;
- size_t i = 0;
-
- group_str[i++] = '[';
-
- if (group_ctrl & GCB_LOCAL_GROUP ) group_str[i++] = 'L';
- if (group_ctrl & GCB_GLOBAL_GROUP ) group_str[i++] = 'G';
-
- for ( ; i < length - 2 ; i++ )
- group_str[i] = ' ';
-
- i = length - 2;
- group_str[i++] = ']';
- group_str[i++] = '\0';
-
- return group_str;
-}
-
-/**********************************************************
- Decode the group control bits from a string.
- **********************************************************/
-
-uint16 sam_decode_group_ctrl(const char *p)
-{
- uint16 group_ctrl = 0;
- BOOL finished = False;
-
- /*
- * Check if the account type bits have been encoded after the
- * NT password (in the form [NDHTUWSLXI]).
- */
-
- if (*p != '[')
- return 0;
-
- for (p++; *p && !finished; p++) {
- switch (*p) {
- case 'L': { group_ctrl |= GCB_LOCAL_GROUP; break; /* 'L'ocal Aliases Group. */ }
- case 'G': { group_ctrl |= GCB_GLOBAL_GROUP; break; /* 'G'lobal Domain Group. */ }
-
- case ' ': { break; }
- case ':':
- case '\n':
- case '\0':
- case ']':
- default: { finished = True; }
- }
- }
-
- return group_ctrl;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Grops and Users Management System initializations.
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-#define GMV_MAJOR 0
-#define GMV_MINOR 1
-
-static GUMS_FUNCTIONS *gums_backend = NULL;
-
-static struct gums_init_function_entry *backends = NULL;
-
-static void lazy_initialize_gums(void)
-{
- static BOOL initialized = False;
-
- if (initialized)
- return;
-
- static_init_gums;
- initialized = True;
-}
-
-static struct gums_init_function_entry *gums_find_backend_entry(const char *name);
-
-NTSTATUS gums_register_module(int version, const char *name, gums_init_function init_fn)
-{
- struct gums_init_function_entry *entry = backends;
-
- if (version != GUMS_INTERFACE_VERSION) {
- DEBUG(0,("Can't register gums backend!\n"
- "You tried to register a gums module with"
- "GUMS_INTERFACE_VERSION %d, while this version"
- "of samba uses version %d\n", version,
- GUMS_INTERFACE_VERSION));
-
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
- }
-
- if (!name || !init_fn) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- DEBUG(5,("Attempting to register gums backend %s\n", name));
-
- /* Check for duplicates */
- if (gums_find_backend_entry(name)) {
- DEBUG(0,("There already is a gums backend registered"
- "with the name %s!\n", name));
- return NT_STATUS_OBJECT_NAME_COLLISION;
- }
-
- entry = smb_xmalloc(sizeof(struct gums_init_function_entry));
- entry->name = smb_xstrdup(name);
- entry->init_fn = init_fn;
-
- DLIST_ADD(backends, entry);
- DEBUG(5,("Successfully added gums backend '%s'\n", name));
- return NT_STATUS_OK;
-}
-
-static struct gums_init_function_entry *gums_find_backend_entry(const char *name)
-{
- struct gums_init_function_entry *entry = backends;
-
- while (entry) {
- if (strcmp(entry->name, name) == 0)
- return entry;
- entry = entry->next;
- }
-
- return NULL;
-}
-
-NTSTATUS gums_setup_backend(const char *backend)
-{
-
- TALLOC_CTX *mem_ctx;
- char *module_name = smb_xstrdup(backend);
- char *p, *module_data = NULL;
- struct gums_init_function_entry *entry;
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
-
- lazy_initialize_gums();
-
- p = strchr(module_name, ':');
- if (p) {
- *p = 0;
- module_data = p+1;
- trim_string(module_data, " ", " ");
- }
-
- trim_string(module_name, " ", " ");
-
- DEBUG(5,("Attempting to find a gums backend to match %s (%s)\n", backend, module_name));
-
- entry = gums_find_backend_entry(module_name);
-
- /* Try to find a module that contains this module */
- if (!entry) {
- DEBUG(2,("No builtin backend found, trying to load plugin\n"));
- if(NT_STATUS_IS_OK(smb_probe_module("gums", module_name)) && !(entry = gums_find_backend_entry(module_name))) {
- DEBUG(0,("Plugin is available, but doesn't register gums backend %s\n", module_name));
- SAFE_FREE(module_name);
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
-
- /* No such backend found */
- if(!entry) {
- DEBUG(0,("No builtin nor plugin backend for %s found\n", module_name));
- SAFE_FREE(module_name);
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- DEBUG(5,("Found gums backend %s\n", module_name));
-
- /* free current functions structure if any */
- if (gums_backend) {
- gums_backend->free_private_data(gums_backend->private_data);
- talloc_destroy(gums_backend->mem_ctx);
- gums_backend = NULL;
- }
-
- /* allocate a new GUMS_FUNCTIONS structure and memory context */
- mem_ctx = talloc_init("gums_backend (%s)", module_name);
- if (!mem_ctx)
- return NT_STATUS_NO_MEMORY;
- gums_backend = talloc(mem_ctx, sizeof(GUMS_FUNCTIONS));
- if (!gums_backend)
- return NT_STATUS_NO_MEMORY;
- gums_backend->mem_ctx = mem_ctx;
-
- /* init the requested backend module */
- if (NT_STATUS_IS_OK(ret = entry->init_fn(gums_backend, module_data))) {
- DEBUG(5,("gums backend %s has a valid init\n", backend));
- } else {
- DEBUG(0,("gums backend %s did not correctly init (error was %s)\n", backend, nt_errstr(ret)));
- }
- SAFE_FREE(module_name);
- return ret;
-}
-
-NTSTATUS get_gums_fns(GUMS_FUNCTIONS **fns)
-{
- if (gums_backend != NULL) {
- *fns = gums_backend;
- return NT_STATUS_OK;
- }
-
- DEBUG(2, ("get_gums_fns: unable to get gums functions! backend uninitialized?\n"));
- return NT_STATUS_UNSUCCESSFUL;
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS structures
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-/* Functions to get/set info from a GUMS object */
-
-NTSTATUS gums_create_object(GUMS_OBJECT **obj, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_OBJECT *go;
- NTSTATUS ret;
-
- mem_ctx = talloc_init("gums_create_object");
- if (!mem_ctx) {
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- *obj = NULL;
- return NT_STATUS_NO_MEMORY;
- }
-
- go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
- if (!go) {
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- talloc_destroy(mem_ctx);
- *obj = NULL;
- return NT_STATUS_NO_MEMORY;
- }
-
- go->mem_ctx = mem_ctx;
- go->type = type;
- go->version = GUMS_OBJECT_VERSION;
-
- switch(type) {
- case GUMS_OBJ_DOMAIN:
- go->domain = (GUMS_DOMAIN *)talloc_zero(mem_ctx, sizeof(GUMS_DOMAIN));
- if (!(go->domain)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
-
- break;
-
-/*
- case GUMS_OBJ_WORKSTATION_TRUST:
- case GUMS_OBJ_SERVER_TRUST:
- case GUMS_OBJ_DOMAIN_TRUST:
-*/
- case GUMS_OBJ_NORMAL_USER:
- go->user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
- if (!(go->user)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
- gums_set_user_acct_ctrl(go, ACB_NORMAL);
- gums_set_user_hours(go, 0, NULL);
-
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- go->group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
- if (!(go->group)) {
- ret = NT_STATUS_NO_MEMORY;
- DEBUG(0, ("gums_create_object: Out of memory!\n"));
- goto error;
- }
-
- break;
-
- default:
- /* TODO: throw error */
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto error;
- }
-
- *obj = go;
- return NT_STATUS_OK;
-
-error:
- talloc_destroy(go->mem_ctx);
- *obj = NULL;
- return ret;
-}
-
-NTSTATUS gums_create_privilege(GUMS_PRIVILEGE **priv)
-{
- TALLOC_CTX *mem_ctx;
- GUMS_PRIVILEGE *pri;
-
- mem_ctx = talloc_init("gums_create_privilege");
- if (!mem_ctx) {
- DEBUG(0, ("gums_create_privilege: Out of memory!\n"));
- *priv = NULL;
- return NT_STATUS_NO_MEMORY;
- }
-
- pri = talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE));
- if (!pri) {
- DEBUG(0, ("gums_create_privilege: Out of memory!\n"));
- talloc_destroy(mem_ctx);
- *priv = NULL;
- return NT_STATUS_NO_MEMORY;
- }
-
- pri->mem_ctx = mem_ctx;
- pri->version = GUMS_PRIVILEGE_VERSION;
-
- *priv = pri;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_destroy_object(GUMS_OBJECT **obj)
-{
- if (!obj || !(*obj))
- return NT_STATUS_INVALID_PARAMETER;
-
- if ((*obj)->mem_ctx)
- talloc_destroy((*obj)->mem_ctx);
- *obj = NULL;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_destroy_privilege(GUMS_PRIVILEGE **priv)
-{
- if (!priv || !(*priv))
- return NT_STATUS_INVALID_PARAMETER;
-
- if ((*priv)->mem_ctx)
- talloc_destroy((*priv)->mem_ctx);
- *priv = NULL;
-
- return NT_STATUS_OK;
-}
-
-void gums_reset_object(GUMS_OBJECT *go)
-{
- go->seq_num = 0;
- go->sid = NULL;
- go->name = NULL;
- go->description = NULL;
-
- switch(go->type) {
- case GUMS_OBJ_DOMAIN:
- memset(go->domain, 0, sizeof(GUMS_DOMAIN));
- break;
-
-/*
- case GUMS_OBJ_WORKSTATION_TRUST:
- case GUMS_OBJ_SERVER_TRUST:
- case GUMS_OBJ_DOMAIN_TRUST:
-*/
- case GUMS_OBJ_NORMAL_USER:
- memset(go->user, 0, sizeof(GUMS_USER));
- gums_set_user_acct_ctrl(go, ACB_NORMAL);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- memset(go->group, 0, sizeof(GUMS_GROUP));
- break;
-
- default:
- return;
- }
-}
-
-uint32 gums_get_object_type(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return 0;
-
- return obj->type;
-}
-
-uint32 gums_get_object_seq_num(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return 0;
-
- return obj->seq_num;
-}
-
-uint32 gums_get_object_version(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return 0;
-
- return obj->version;
-}
-
-const SEC_DESC *gums_get_sec_desc(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NULL;
-
- return obj->sec_desc;
-}
-
-const DOM_SID *gums_get_object_sid(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NULL;
-
- return obj->sid;
-}
-
-const char *gums_get_object_name(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NULL;
-
- return obj->name;
-}
-
-const char *gums_get_object_description(const GUMS_OBJECT *obj)
-{
- if (!obj)
- return NULL;
-
- return obj->description;
-}
-
-NTSTATUS gums_set_object_seq_num(GUMS_OBJECT *obj, uint32 seq_num)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->seq_num = seq_num;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_version(GUMS_OBJECT *obj, uint32 version)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->version = version;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_sec_desc(GUMS_OBJECT *obj, const SEC_DESC *sec_desc)
-{
- if (!obj || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sec_desc = dup_sec_desc(obj->mem_ctx, sec_desc);
- if (!(obj->sec_desc)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_sid(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->sid)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_name(GUMS_OBJECT *obj, const char *name)
-{
- if (!obj || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->name = (char *)talloc_strdup(obj->mem_ctx, name);
- if (!(obj->name)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_object_description(GUMS_OBJECT *obj, const char *description)
-{
- if (!obj || !description)
- return NT_STATUS_INVALID_PARAMETER;
-
- obj->description = (char *)talloc_strdup(obj->mem_ctx, description);
- if (!(obj->description)) return NT_STATUS_UNSUCCESSFUL;
- return NT_STATUS_OK;
-}
-
-/*
-NTSTATUS gums_get_object_privileges(PRIVILEGE_SET **priv_set, const GUMS_OBJECT *obj)
-{
- if (!priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- *priv_set = obj->priv_set;
- return NT_STATUS_OK;
-}
-*/
-
-uint32 gums_get_domain_next_rid(const GUMS_OBJECT *obj)
-{
- if (obj->type != GUMS_OBJ_DOMAIN)
- return -1;
-
- return obj->domain->next_rid;
-}
-
-NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_DOMAIN)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->domain->next_rid = rid;
- return NT_STATUS_OK;
-}
-
-/* User specific functions */
-
-const DOM_SID *gums_get_user_pri_group(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->group_sid;
-}
-
-const DATA_BLOB gums_get_user_nt_pwd(const GUMS_OBJECT *obj)
-{
- fstring p;
-
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return data_blob(NULL, 0);
-
- pdb_sethexpwd(p, (unsigned char *)(obj->user->nt_pw.data), 0);
- DEBUG(100, ("Reading NT Password=[%s]\n", p));
-
- return obj->user->nt_pw;
-}
-
-const DATA_BLOB gums_get_user_lm_pwd(const GUMS_OBJECT *obj)
-{
- fstring p;
-
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return data_blob(NULL, 0);
-
- pdb_sethexpwd(p, (unsigned char *)(obj->user->lm_pw.data), 0);
- DEBUG(100, ("Reading LM Password=[%s]\n", p));
-
- return obj->user->lm_pw;
-}
-
-const char *gums_get_user_fullname(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->full_name;
-}
-
-const char *gums_get_user_homedir(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->home_dir;
-}
-
-const char *gums_get_user_dir_drive(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->dir_drive;
-}
-
-const char *gums_get_user_profile_path(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->profile_path;
-}
-
-const char *gums_get_user_logon_script(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->logon_script;
-}
-
-const char *gums_get_user_workstations(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->workstations;
-}
-
-const char *gums_get_user_unknown_str(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->unknown_str;
-}
-
-const char *gums_get_user_munged_dial(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->munged_dial;
-}
-
-NTTIME gums_get_user_logon_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->logon_time;
-}
-
-NTTIME gums_get_user_logoff_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->logoff_time;
-}
-
-NTTIME gums_get_user_kickoff_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->kickoff_time;
-}
-
-NTTIME gums_get_user_pass_last_set_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->pass_last_set_time;
-}
-
-NTTIME gums_get_user_pass_can_change_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->pass_can_change_time;
-}
-
-NTTIME gums_get_user_pass_must_change_time(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER) {
- NTTIME null_time;
- init_nt_time(&null_time);
- return null_time;
- }
-
- return obj->user->pass_must_change_time;
-}
-
-uint16 gums_get_user_acct_ctrl(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->acct_ctrl;
-}
-
-uint16 gums_get_user_logon_divs(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->logon_divs;
-}
-
-uint32 gums_get_user_hours_len(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->hours_len;
-}
-
-const uint8 *gums_get_user_hours(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return NULL;
-
- return obj->user->hours;
-}
-
-uint32 gums_get_user_unknown_3(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->unknown_3;
-}
-
-uint16 gums_get_user_bad_password_count(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->bad_password_count;
-}
-
-uint16 gums_get_user_logon_count(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->logon_count;
-}
-
-uint32 gums_get_user_unknown_6(const GUMS_OBJECT *obj)
-{
- if (!obj || obj->type != GUMS_OBJ_NORMAL_USER)
- return 0;
-
- return obj->user->unknown_6;
-}
-
-NTSTATUS gums_set_user_pri_group(GUMS_OBJECT *obj, const DOM_SID *sid)
-{
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->group_sid = sid_dup_talloc(obj->mem_ctx, sid);
- if (!(obj->user->group_sid)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
-{
- fstring p;
- unsigned char r[16];
-
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
-
- memcpy(r, nt_pwd.data, 16);
- pdb_sethexpwd(p, r, 0);
- DEBUG(100, ("Setting NT Password=[%s]\n", p));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
-{
- fstring p;
- unsigned char r[16];
-
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
-
- memcpy(r, lm_pwd.data, 16);
- pdb_sethexpwd(p, r, 0);
- DEBUG(100, ("Setting LM Password=[%s]\n", p));
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_fullname(GUMS_OBJECT *obj, const char *fullname)
-{
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->full_name = (char *)talloc_strdup(obj->mem_ctx, fullname);
- if (!(obj->user->full_name)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_homedir(GUMS_OBJECT *obj, const char *homedir)
-{
- if (!obj || !homedir)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->home_dir = (char *)talloc_strdup(obj->mem_ctx, homedir);
- if (!(obj->user->home_dir)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_dir_drive(GUMS_OBJECT *obj, const char *dir_drive)
-{
- if (!obj || !dir_drive)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->dir_drive = (char *)talloc_strdup(obj->mem_ctx, dir_drive);
- if (!(obj->user->dir_drive)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_script(GUMS_OBJECT *obj, const char *logon_script)
-{
- if (!obj || !logon_script)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->logon_script = (char *)talloc_strdup(obj->mem_ctx, logon_script);
- if (!(obj->user->logon_script)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_profile_path(GUMS_OBJECT *obj, const char *profile_path)
-{
- if (!obj || !profile_path)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->profile_path = (char *)talloc_strdup(obj->mem_ctx, profile_path);
- if (!(obj->user->profile_path)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_workstations(GUMS_OBJECT *obj, const char *workstations)
-{
- if (!obj || !workstations)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->workstations = (char *)talloc_strdup(obj->mem_ctx, workstations);
- if (!(obj->user->workstations)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_str(GUMS_OBJECT *obj, const char *unknown_str)
-{
- if (!obj || !unknown_str)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->unknown_str = (char *)talloc_strdup(obj->mem_ctx, unknown_str);
- if (!(obj->user->unknown_str)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_munged_dial(GUMS_OBJECT *obj, const char *munged_dial)
-{
- if (!obj || !munged_dial)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->munged_dial = (char *)talloc_strdup(obj->mem_ctx, munged_dial);
- if (!(obj->user->munged_dial)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_time(GUMS_OBJECT *obj, NTTIME logon_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->logon_time = logon_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logoff_time(GUMS_OBJECT *obj, NTTIME logoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->logoff_time = logoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_kickoff_time(GUMS_OBJECT *obj, NTTIME kickoff_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->kickoff_time = kickoff_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_last_set_time(GUMS_OBJECT *obj, NTTIME pass_last_set_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->pass_last_set_time = pass_last_set_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_can_change_time(GUMS_OBJECT *obj, NTTIME pass_can_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->pass_can_change_time = pass_can_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_pass_must_change_time(GUMS_OBJECT *obj, NTTIME pass_must_change_time)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->pass_must_change_time = pass_must_change_time;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_acct_ctrl(GUMS_OBJECT *obj, uint16 acct_ctrl)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->acct_ctrl = acct_ctrl;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_divs(GUMS_OBJECT *obj, uint16 logon_divs)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->logon_divs = logon_divs;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_hours(GUMS_OBJECT *obj, uint32 hours_len, const uint8 *hours)
-{
- if (!obj || !hours)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->hours_len = hours_len;
- if (hours_len == 0)
- DEBUG(10, ("gums_set_user_hours: Warning, hours_len is zero!\n"));
-
- obj->user->hours = (uint8 *)talloc(obj->mem_ctx, MAX_HOURS_LEN);
- if (!(obj->user->hours))
- return NT_STATUS_NO_MEMORY;
- if (hours_len)
- memcpy(obj->user->hours, hours, hours_len);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_3(GUMS_OBJECT *obj, uint32 unknown_3)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->unknown_3 = unknown_3;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_bad_password_count(GUMS_OBJECT *obj, uint16 bad_password_count)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->bad_password_count = bad_password_count;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_logon_count(GUMS_OBJECT *obj, uint16 logon_count)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->logon_count = logon_count;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_user_unknown_6(GUMS_OBJECT *obj, uint32 unknown_6)
-{
- if (!obj)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->user->unknown_6 = unknown_6;
- return NT_STATUS_OK;
-}
-
-/* Group specific functions */
-
-const DOM_SID *gums_get_group_members(int *count, const GUMS_OBJECT *obj)
-{
- if (!count || !obj || !(obj->type == GUMS_OBJ_GROUP || obj->type == GUMS_OBJ_ALIAS)) {
- *count = -1;
- return NULL;
- }
-
- *count = obj->group->count;
- return obj->group->members;
-}
-
-NTSTATUS gums_set_group_members(GUMS_OBJECT *obj, uint32 count, DOM_SID *members)
-{
- uint32 n;
-
- if (!obj || ((count > 0) && !members))
- return NT_STATUS_INVALID_PARAMETER;
-
- if (obj->type != GUMS_OBJ_GROUP &&
- obj->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_OBJECT_TYPE_MISMATCH;
-
- obj->group->count = count;
-
- if (count) {
- obj->group->members = (DOM_SID *)talloc(obj->mem_ctx, count * sizeof(DOM_SID));
- if (!(obj->group->members)) {
- return NT_STATUS_NO_MEMORY;
- }
-
-
- n = 0;
- do {
- sid_copy(&(obj->group->members[n]), &(members[n]));
- n++;
- } while (n < count);
- } else {
- obj->group->members = 0;
- }
-
- return NT_STATUS_OK;
-}
-
-/* Privilege specific functions */
-
-const LUID_ATTR *gums_get_priv_luid_attr(const GUMS_PRIVILEGE *priv)
-{
- if (!priv) {
- return NULL;
- }
-
- return priv->privilege;
-}
-
-const DOM_SID *gums_get_priv_members(int *count, const GUMS_PRIVILEGE *priv)
-{
- if (!count || !priv) {
- *count = -1;
- return NULL;
- }
-
- *count = priv->count;
- return priv->members;
-}
-
-NTSTATUS gums_set_priv_luid_attr(GUMS_PRIVILEGE *priv, LUID_ATTR *luid_attr)
-{
- if (!luid_attr || !priv)
- return NT_STATUS_INVALID_PARAMETER;
-
- priv->privilege = (LUID_ATTR *)talloc_memdup(priv->mem_ctx, luid_attr, sizeof(LUID_ATTR));
- if (!(priv->privilege)) return NT_STATUS_NO_MEMORY;
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_set_priv_members(GUMS_PRIVILEGE *priv, uint32 count, DOM_SID *members)
-{
- uint32 n;
-
- if (!priv || !members || !members)
- return NT_STATUS_INVALID_PARAMETER;
-
- priv->count = count;
- priv->members = (DOM_SID *)talloc(priv->mem_ctx, count * sizeof(DOM_SID));
- if (!(priv->members))
- return NT_STATUS_NO_MEMORY;
-
- n = 0;
- do {
- sid_copy(&(priv->members[n]), &(members[n]));
- n++;
- } while (n < count);
-
- return NT_STATUS_OK;
-}
-
-/* data_store set functions */
-
-NTSTATUS gums_create_commit_set(GUMS_COMMIT_SET **com_set, DOM_SID *sid, uint32 type)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("commit_set");
- if (mem_ctx == NULL)
- return NT_STATUS_NO_MEMORY;
-
- *com_set = (GUMS_COMMIT_SET *)talloc_zero(mem_ctx, sizeof(GUMS_COMMIT_SET));
- if (*com_set == NULL) {
- talloc_destroy(mem_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- (*com_set)->mem_ctx = mem_ctx;
- (*com_set)->type = type;
- sid_copy(&((*com_set)->sid), sid);
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_grow_data_set(GUMS_COMMIT_SET *com_set, int size)
-{
- GUMS_DATA_SET *data_set;
-
- com_set->count = com_set->count + size;
- if (com_set->count == size) { /* data set is empty*/
- data_set = (GUMS_DATA_SET *)talloc_zero(com_set->mem_ctx, sizeof(GUMS_DATA_SET));
- } else {
- data_set = (GUMS_DATA_SET *)talloc_realloc(com_set->mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
- }
- if (data_set == NULL)
- return NT_STATUS_NO_MEMORY;
-
- com_set->data = data_set;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_sec_desc(GUMS_COMMIT_SET *com_set, SEC_DESC *sec_desc)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- SEC_DESC *new_sec_desc;
-
- if (!com_set || !sec_desc)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SEC_DESC;
- new_sec_desc = dup_sec_desc(com_set->mem_ctx, sec_desc);
- if (new_sec_desc == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (SEC_DESC *)(data_set->data) = new_sec_desc;
-
- return NT_STATUS_OK;
-}
-
-/*
-NTSTATUS gums_cs_add_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_PRIVILEGE;
- if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
- return ret;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_del_privilege(GUMS_PRIV_COMMIT_SET *com_set, LUID_ATTR priv)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- LUID_ATTR *new_priv;
-
- if (!com_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_PRIVILEGE;
- if (!NT_STATUS_IS_OK(ret = dupalloc_luid_attr(com_set->mem_ctx, &new_priv, priv)))
- return ret;
-
- (SEC_DESC *)(data_set->data) = new_priv;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_privilege_set(GUMS_PRIV_COMMIT_SET *com_set, PRIVILEGE_SET *priv_set)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- PRIVILEGE_SET *new_priv_set;
-
- if (!com_set || !priv_set)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_OK(ret = gums_pcs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = ((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_PRIVILEGE;
- if (!NT_STATUS_IS_OK(ret = init_priv_set_with_ctx(com_set->mem_ctx, &new_priv_set)))
- return ret;
-
- if (!NT_STATUS_IS_OK(ret = dup_priv_set(new_priv_set, priv_set)))
- return ret;
-
- (SEC_DESC *)(data_set->data) = new_priv_set;
-
- return NT_STATUS_OK;
-}
-*/
-
-NTSTATUS gums_cs_set_string(GUMS_COMMIT_SET *com_set, uint32 type, char *str)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- char *new_str;
-
- if (!com_set || !str || type < GUMS_SET_NAME || type > GUMS_SET_MUNGED_DIAL)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_str = talloc_strdup(com_set->mem_ctx, str);
- if (new_str == NULL)
- return NT_STATUS_NO_MEMORY;
-
- (char *)(data_set->data) = new_str;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_name(GUMS_COMMIT_SET *com_set, char *name)
-{
- return gums_cs_set_string(com_set, GUMS_SET_NAME, name);
-}
-
-NTSTATUS gums_cs_set_description(GUMS_COMMIT_SET *com_set, char *desc)
-{
- return gums_cs_set_string(com_set, GUMS_SET_DESCRIPTION, desc);
-}
-
-NTSTATUS gums_cs_set_full_name(GUMS_COMMIT_SET *com_set, char *full_name)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, full_name);
-}
-
-NTSTATUS gums_cs_set_home_directory(GUMS_COMMIT_SET *com_set, char *home_dir)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, home_dir);
-}
-
-NTSTATUS gums_cs_set_drive(GUMS_COMMIT_SET *com_set, char *drive)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, drive);
-}
-
-NTSTATUS gums_cs_set_logon_script(GUMS_COMMIT_SET *com_set, char *logon_script)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, logon_script);
-}
-
-NTSTATUS gums_cs_set_profile_path(GUMS_COMMIT_SET *com_set, char *prof_path)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, prof_path);
-}
-
-NTSTATUS gums_cs_set_workstations(GUMS_COMMIT_SET *com_set, char *wks)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, wks);
-}
-
-NTSTATUS gums_cs_set_unknown_string(GUMS_COMMIT_SET *com_set, char *unkn_str)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, unkn_str);
-}
-
-NTSTATUS gums_cs_set_munged_dial(GUMS_COMMIT_SET *com_set, char *munged_dial)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_string(com_set, GUMS_SET_NAME, munged_dial);
-}
-
-NTSTATUS gums_cs_set_nttime(GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- NTTIME *new_time;
-
- if (!com_set || !nttime || type < GUMS_SET_LOGON_TIME || type > GUMS_SET_PASS_MUST_CHANGE_TIME)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = type;
- new_time = talloc(com_set->mem_ctx, sizeof(NTTIME));
- if (new_time == NULL)
- return NT_STATUS_NO_MEMORY;
-
- new_time->low = nttime->low;
- new_time->high = nttime->high;
- (char *)(data_set->data) = new_time;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_set_logon_time(GUMS_COMMIT_SET *com_set, NTTIME *logon_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, logon_time);
-}
-
-NTSTATUS gums_cs_set_logoff_time(GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
-}
-
-NTSTATUS gums_cs_set_kickoff_time(GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
-}
-
-NTSTATUS gums_cs_set_pass_last_set_time(GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pls_time);
-}
-
-NTSTATUS gums_cs_set_pass_can_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pcc_time);
-}
-
-NTSTATUS gums_cs_set_pass_must_change_time(GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
-{
- if (com_set->type != GUMS_OBJ_NORMAL_USER)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_set_nttime(com_set, GUMS_SET_LOGON_TIME, pmc_time);
-}
-
-NTSTATUS gums_cs_add_sids_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_ADD_SID_LIST;
- new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_cs_add_users_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(com_set, sids, count);
-}
-
-NTSTATUS gums_cs_add_groups_to_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- if (!com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- return gums_cs_add_sids_to_group(com_set, sids, count);
-}
-
-NTSTATUS gums_cs_del_sids_from_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_DEL_SID_LIST;
- new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_ds_set_sids_in_group(GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
-{
- NTSTATUS ret;
- GUMS_DATA_SET *data_set;
- DOM_SID **new_sids;
- int i;
-
- if (!com_set || !sids)
- return NT_STATUS_INVALID_PARAMETER;
- if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = gums_cs_grow_data_set(com_set, 1)))
- return ret;
-
- data_set = &((com_set->data)[com_set->count - 1]);
-
- data_set->type = GUMS_SET_SID_LIST;
- new_sids = (DOM_SID **)talloc(com_set->mem_ctx, (sizeof(void *) * count));
- if (new_sids == NULL)
- return NT_STATUS_NO_MEMORY;
- for (i = 0; i < count; i++) {
- new_sids[i] = sid_dup_talloc(com_set->mem_ctx, sids[i]);
- if (new_sids[i] == NULL)
- return NT_STATUS_NO_MEMORY;
- }
-
- (SEC_DESC *)(data_set->data) = new_sids;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
-{
- NTSTATUS ret;
- GUMS_FUNCTIONS *fns;
-
- if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns))) {
- DEBUG(0, ("gums_commit_data: unable to get gums functions! backend uninitialized?\n"));
- return ret;
- }
- return fns->set_object_values(&(set->sid), set->count, set->data);
-}
-
-NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
-{
- talloc_destroy((*com_set)->mem_ctx);
- *com_set = NULL;
-
- return NT_STATUS_OK;
-}
-
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- GUMS backends helper functions
- Copyright (C) Simo Sorce 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-extern DOM_SID global_sid_World;
-extern DOM_SID global_sid_Builtin;
-extern DOM_SID global_sid_Builtin_Administrators;
-extern DOM_SID global_sid_Builtin_Power_Users;
-extern DOM_SID global_sid_Builtin_Account_Operators;
-extern DOM_SID global_sid_Builtin_Server_Operators;
-extern DOM_SID global_sid_Builtin_Print_Operators;
-extern DOM_SID global_sid_Builtin_Backup_Operators;
-extern DOM_SID global_sid_Builtin_Replicator;
-extern DOM_SID global_sid_Builtin_Users;
-extern DOM_SID global_sid_Builtin_Guests;
-
-
-/* defines */
-
-#define ALLOC_CHECK(str, ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: out of memory!\n", str)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define NTSTATUS_CHECK(err, label, str1, str2) do { if (NT_STATUS_IS_ERR(err)) { DEBUG(0, ("%s: %s\n", str1, str2)); } } while(0)
-
-/****************************************************************************
- Check if a user is a mapped group.
-
- This function will check if the group SID is mapped onto a
- system managed gid or onto a winbind manged sid.
- In the first case it will be threated like a mapped group
- and the backend should take the member list with a getgrgid
- and ignore any user that have been possibly set into the group
- object.
-
- In the second case, the group is a fully SAM managed group
- served back to the system through winbind. In this case the
- members of a Local group are "unrolled" to cope with the fact
- that unix cannot contain groups inside groups.
- The backend MUST never call any getgr* / getpw* function or
- loops with winbind may happen.
- ****************************************************************************/
-
-#if 0
-NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
-{
- NTSTATUS result;
- gid_t id;
-
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
- result = idmap_get_gid_from_sid(&id, sid, False);
- if (NT_STATUS_IS_OK(result)) {
- *mapped = gid_is_in_winbind_range(id);
- } else {
- *mapped = False;
- }
-
- return result;
-}
-#endif
-
-#define ALIAS_DEFAULT_SACL_SA_RIGHTS 0x01050013
-#define ALIAS_DEFAULT_DACL_SA_RIGHTS \
- (READ_CONTROL_ACCESS | \
- SA_RIGHT_ALIAS_LOOKUP_INFO | \
- SA_RIGHT_ALIAS_GET_MEMBERS) /* 0x0002000c */
-
-#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
-
-
-NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
-{
- DOM_SID *world = &global_sid_World;
- DOM_SID *admins = &global_sid_Builtin_Administrators;
- SEC_ACCESS sa;
- SEC_ACE sacl_ace;
- SEC_ACE dacl_aces[2];
- SEC_ACL *sacl = NULL;
- SEC_ACL *dacl = NULL;
- size_t psize;
-
- init_sec_access(&sa, ALIAS_DEFAULT_SACL_SA_RIGHTS);
- init_sec_ace(&sacl_ace, world, SEC_ACE_TYPE_SYSTEM_AUDIT, sa, ALIAS_DEFAULT_SACL_SEC_ACE_FLAG);
-
- sacl = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &sacl_ace);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- init_sec_access(&sa, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- init_sec_ace(&(dacl_aces[0]), world, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
- init_sec_access(&sa, SA_RIGHT_ALIAS_ALL_ACCESS);
- init_sec_ace(&(dacl_aces[1]), admins, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
-
- dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, dacl_aces);
- if (!sacl) {
- DEBUG(0, ("build_init_sec_desc: Failed to make SEC_ACL.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *sec_desc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, admins, admins, sacl, dacl, &psize);
- if (!(*sec_desc)) {
- DEBUG(0,("get_share_security: Failed to make SEC_DESC.\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sec_desc_add_ace_to_dacl(SEC_DESC *sec_desc, TALLOC_CTX *ctx, DOM_SID *sid, uint32 mask)
-{
- NTSTATUS result;
- SEC_ACE *new_aces;
- unsigned num_aces;
- int i;
-
- num_aces = sec_desc->dacl->num_aces + 1;
- result = sec_ace_add_sid(ctx, &new_aces, sec_desc->dacl->ace, &num_aces, sid, mask);
- if (NT_STATUS_IS_OK(result)) {
- sec_desc->dacl->ace = new_aces;
- sec_desc->dacl->num_aces = num_aces;
- sec_desc->dacl->size = SEC_ACL_HEADER_SIZE;
- for (i = 0; i < num_aces; i++) {
- sec_desc->dacl->size += sec_desc->dacl->ace[i].size;
- }
- }
- return result;
-}
-
-NTSTATUS gums_make_domain(DOM_SID *sid, const char *name, const char *description)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- GUMS_FUNCTIONS *fns;
-
- if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
- return ret;
-
- if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_DOMAIN)))
- return ret;
-
- ret = gums_set_object_sid(go, sid);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
-
- ret = gums_set_object_name(go, name);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
-
- if (description) {
- ret = gums_set_object_description(go, description);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
- }
-
- /* make security descriptor * /
- ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
- NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
- */
-
- ret = fns->set_object(go);
-
- gums_destroy_object(&go);
- return ret;
-}
-
-NTSTATUS gums_make_alias(DOM_SID *sid, const char *name, const char *description)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- GUMS_FUNCTIONS *fns;
-
- if (!NT_STATUS_IS_OK(ret = get_gums_fns(&fns)))
- return ret;
-
- if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, GUMS_OBJ_ALIAS)))
- return ret;
-
- ret = gums_set_object_sid(go, sid);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set sid!");
-
- ret = gums_set_object_name(go, name);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set name!");
-
- if (description) {
- ret = gums_set_object_description(go, description);
- NTSTATUS_CHECK(ret, done, "gums_make_alias", "unable to set description!");
- }
-
- /* make security descriptor * /
- ret = create_builtin_alias_default_sec_desc(&((*go).sec_desc), (*go).mem_ctx);
- NTSTATUS_CHECK(ret, error, "gums_init_backend", "create_builtin_alias_default_sec_desc");
- */
-
- ret = fns->set_object(go);
-
- gums_destroy_object(&go);
- return ret;
-}
-
-NTSTATUS gums_init_domain(DOM_SID *sid, const char *name, const char * description)
-{
- NTSTATUS ret;
-
- /* Add the weelknown Builtin Domain */
- if (!NT_STATUS_IS_OK(ret = gums_make_domain(
- sid,
- name,
- description
- ))) {
- return ret;
- }
-
- /* Add default users and groups */
- /* Administrator
- Guest
- Domain Administrators
- Domain Users
- Domain Guests
- */
-
- return ret;
-}
-
-NTSTATUS gums_init_builtin_domain(void)
-{
- NTSTATUS ret;
-
- generate_wellknown_sids();
-
- /* Add the weelknown Builtin Domain */
- if (!NT_STATUS_IS_OK(ret = gums_make_domain(
- &global_sid_Builtin,
- "BUILTIN",
- "Builtin Domain"
- ))) {
- return ret;
- }
-
- /* Add the well known Builtin Local Groups */
-
- /* Administrators */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Administrators,
- "Administrators",
- "Members can fully administer the computer/domain"
- ))) {
- return ret;
- }
- /* Administrator privilege set */
- /* From BDC join trace:
- SeSecurityPrivilege, SeBackupPrivilege, SeRestorePrivilege,
- SeSystemtimePrivilege, SeShutdownPrivilege,
- SeRemoteShutdownPrivilege, SeTakeOwnershipPrivilege,
- SeDebugPrivilege, SeSystemEnvironmentPrivilege,
- SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege,
- SeIncreaseBasePriorityPrivilege, SeLocalDriverPrivilege,
- SeCreatePagefilePrivilege, SeIncreaseQuotaPrivilege
- */
-
- /* Power Users */
- /* Domain Controllers Does NOT have Power Users (?) */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Power_Users,
- "Power Users",
- "Power Users"
- ))) {
- return ret;
- }
-
- /* Power Users privilege set */
- /* (?) */
-
- /* Account Operators */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Account_Operators,
- "Account Operators",
- "Members can administer domain user and group accounts"
- ))) {
- return ret;
- }
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* Server Operators */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Server_Operators,
- "Server Operators",
- "Members can administer domain servers"
- ))) {
- return ret;
- }
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege, SeRestorePrivilege, SeSystemtimePrivilege,
- SeShutdownPrivilege, SeRemoteShutdownPrivilege
- */
-
- /* Print Operators */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Print_Operators,
- "Print Operators",
- "Members can administer domain printers"
- ))) {
- return ret;
- }
-
- /* make privilege set */
- /* From BDC join trace:
- SeShutdownPrivilege
- */
-
- /* Backup Operators */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Backup_Operators,
- "Backup Operators",
- "Members can bypass file security to backup files"
- ))) {
- return ret;
- }
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
- */
-
- /* Replicator */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Replicator,
- "Replicator",
- "Supports file replication in a domain"
- ))) {
- return ret;
- }
-
- /* make privilege set */
- /* From BDC join trace:
- SeBackupPrivilege, SeRestorePrivilege, SeShutdownPrivilege
- */
-
- /* Users */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Users,
- "Users",
- "Ordinary users"
- ))) {
- return ret;
- }
-
- /* Users specific ACEs * /
- sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Account_Operators, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- sec_desc_add_ace_to_dacl(go->sec_desc, go->mem_ctx, &global_sid_Builtin_Power_Users, ALIAS_DEFAULT_DACL_SA_RIGHTS);
- */
-
- /* Guests */
- if (!NT_STATUS_IS_OK(ret = gums_make_alias(
- &global_sid_Builtin_Guests,
- "Guests",
- "Users granted guest access to the computer/domain"
- ))) {
- return ret;
- }
-
- return ret;
-}
-
+++ /dev/null
-/*
- * Unix SMB/CIFS implementation.
- * tdbsam2 - sam backend
- * Copyright (C) Simo Sorce 2002-2003
- *
- * This program is free software; you can redistribute it and/or modify it under
- * the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option)
- * any later version.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
- * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
- * more details.
- *
- * You should have received a copy of the GNU General Public License along with
- * this program; if not, write to the Free Software Foundation, Inc., 675
- * Mass Ave, Cambridge, MA 02139, USA.
- */
-
-#include "includes.h"
-#include "tdbsam2_parse_info.h"
-
-#if 0
-static int gums_tdbsam2_debug_class = DBGC_ALL;
-#endif
-/*
-#undef DBGC_CLASS
-#define DBGC_CLASS gums_tdbsam2_debug_class
-*/
-
-#define TDBSAM_VERSION 20021215
-#define TDB_FILE_NAME "tdbsam2.tdb"
-#define NAMEPREFIX "NAME_"
-#define SIDPREFIX "SID_"
-#define PRIVILEGEPREFIX "PRIV_"
-
-#define TDB_BASIC_OBJ_STRING "ddd"
-#define TDB_FORMAT_STRING "dddB"
-#define TDB_PRIV_FORMAT_STRING "ddB"
-
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", FUNCTION_MACRO)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (!NT_STATUS_IS_OK(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", FUNCTION_MACRO)); goto label; } } while(0)
-
-
-
-struct tdbsam2_enum_objs {
- uint32 type;
- DOM_SID *dom_sid;
- TDB_CONTEXT *db;
- TDB_DATA key;
- struct tdbsam2_enum_objs *next;
-};
-
-struct tdbsam2_private_data {
-
- const char *storage;
- struct tdbsam2_enum_objs *teo_handlers;
-};
-
-static struct tdbsam2_private_data *ts2_privs;
-
-static NTSTATUS init_object_from_buffer(GUMS_OBJECT **go, char *buffer, int size)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- TALLOC_CTX *mem_ctx;
- int iret;
- char *obj_data = NULL;
- int data_size = 0;
- int version, type, seqnum;
- int len;
-
- mem_ctx = talloc_init("init_object_from_buffer");
- if (!mem_ctx) {
- DEBUG(0, ("init_object_from_buffer: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
- &version,
- &type,
- &seqnum,
- &data_size, &obj_data);
-
- if (len == -1 || data_size <= 0)
- goto done;
-
- /* version is checked inside this function so that backward
- compatibility code can be called eventually.
- This way we can easily handle database format upgrades */
- if (version != TDBSAM_VERSION) {
- DEBUG(3,("init_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
- goto done;
- }
-
- /* be sure the string is terminated before trying to parse it */
- if (obj_data[data_size - 1] != '\0')
- obj_data[data_size - 1] = '\0';
-
- *go = (GUMS_OBJECT *)talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
- TALLOC_CHECK(*go, ret, done);
-
- switch (type) {
-
- case GUMS_OBJ_DOMAIN:
- iret = gen_parse(mem_ctx, pinfo_gums_domain, (char *)(*go), obj_data);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- iret = gen_parse(mem_ctx, pinfo_gums_group, (char *)(*go), obj_data);
- break;
-
- case GUMS_OBJ_NORMAL_USER:
- iret = gen_parse(mem_ctx, pinfo_gums_user, (char *)(*go), obj_data);
- break;
-
- default:
- DEBUG(3,("init_object_from_buffer: Error, wrong object type number!\n"));
- goto done;
- }
-
- if (iret != 0) {
- DEBUG(0, ("init_object_from_buffer: Fatal Error! Unable to parse object!\n"));
- DEBUG(0, ("init_object_from_buffer: DB Corrupt ?"));
- goto done;
- }
-
- (*go)->mem_ctx = mem_ctx;
-
- ret = NT_STATUS_OK;
-done:
- SAFE_FREE(obj_data);
- return ret;
-}
-
-static NTSTATUS init_privilege_from_buffer(GUMS_PRIVILEGE **priv, char *buffer, int size)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- TALLOC_CTX *mem_ctx;
- int iret;
- char *obj_data = NULL;
- int data_size = 0;
- int version, seqnum;
- int len;
-
- mem_ctx = talloc_init("init_privilege_from_buffer");
- if (!mem_ctx) {
- DEBUG(0, ("init_privilege_from_buffer: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- len = tdb_unpack (buffer, size, TDB_PRIV_FORMAT_STRING,
- &version,
- &seqnum,
- &data_size, &obj_data);
-
- if (len == -1 || data_size <= 0)
- goto done;
-
- /* version is checked inside this function so that backward
- compatibility code can be called eventually.
- This way we can easily handle database format upgrades */
- if (version != TDBSAM_VERSION) {
- DEBUG(3,("init_privilege_from_buffer: Error, db object has wrong tdbsam version!\n"));
- goto done;
- }
-
- /* be sure the string is terminated before trying to parse it */
- if (obj_data[data_size - 1] != '\0')
- obj_data[data_size - 1] = '\0';
-
- *priv = (GUMS_PRIVILEGE *)talloc_zero(mem_ctx, sizeof(GUMS_PRIVILEGE));
- TALLOC_CHECK(*priv, ret, done);
-
- iret = gen_parse(mem_ctx, pinfo_gums_privilege, (char *)(*priv), obj_data);
-
- if (iret != 0) {
- DEBUG(0, ("init_privilege_from_buffer: Fatal Error! Unable to parse object!\n"));
- DEBUG(0, ("init_privilege_from_buffer: DB Corrupt ?"));
- goto done;
- }
-
- (*priv)->mem_ctx = mem_ctx;
-
- ret = NT_STATUS_OK;
-done:
- SAFE_FREE(obj_data);
- return ret;
-}
-
-static NTSTATUS init_buffer_from_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_OBJECT *object)
-{
-
- NTSTATUS ret;
- char *genbuf = NULL;
- size_t buflen;
-
- if (!buffer)
- return NT_STATUS_INVALID_PARAMETER;
-
- switch (gums_get_object_type(object)) {
-
- case GUMS_OBJ_DOMAIN:
- genbuf = gen_dump(mem_ctx, pinfo_gums_domain, (char *)object, 0);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
- genbuf = gen_dump(mem_ctx, pinfo_gums_group, (char *)object, 0);
- break;
-
- case GUMS_OBJ_NORMAL_USER:
- genbuf = gen_dump(mem_ctx, pinfo_gums_user, (char *)object, 0);
- break;
-
- default:
- DEBUG(3,("init_buffer_from_object: Error, wrong object type number!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (genbuf == NULL) {
- DEBUG(0, ("init_buffer_from_object: Fatal Error! Unable to dump object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- object->seq_num,
- strlen(genbuf) + 1, genbuf);
-
- *buffer = talloc(mem_ctx, buflen);
- TALLOC_CHECK(*buffer, ret, done);
-
- *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
- TDBSAM_VERSION,
- object->type,
- object->seq_num,
- strlen(genbuf) + 1, genbuf);
-
- if (*len != buflen) {
- DEBUG(0, ("init_buffer_from_object: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
- buflen, *len));
- *buffer = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-static NTSTATUS init_buffer_from_privilege(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, GUMS_PRIVILEGE *priv)
-{
-
- NTSTATUS ret;
- char *genbuf = NULL;
- size_t buflen;
-
- if (!buffer || !len || !mem_ctx || !priv)
- return NT_STATUS_INVALID_PARAMETER;
-
- genbuf = gen_dump(mem_ctx, pinfo_gums_privilege, (char *)priv, 0);
-
- if (genbuf == NULL) {
- DEBUG(0, ("init_buffer_from_privilege: Fatal Error! Unable to dump object!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- buflen = tdb_pack(NULL, 0, TDB_PRIV_FORMAT_STRING,
- TDBSAM_VERSION,
- priv->seq_num,
- strlen(genbuf) + 1, genbuf);
-
- *buffer = talloc(mem_ctx, buflen);
- TALLOC_CHECK(*buffer, ret, done);
-
- *len = tdb_pack(*buffer, buflen, TDB_PRIV_FORMAT_STRING,
- TDBSAM_VERSION,
- priv->seq_num,
- strlen(genbuf) + 1, genbuf);
-
- if (*len != buflen) {
- DEBUG(0, ("init_buffer_from_privilege: something odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
- buflen, *len));
- *buffer = NULL;
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-done:
- return ret;
-}
-
-static NTSTATUS opentdb(TDB_CONTEXT **tdb, BOOL readonly)
-{
- if (!tdb)
- return NT_STATUS_INVALID_PARAMETER;
-
- *tdb = tdb_open_log(ts2_privs->storage, 0, TDB_DEFAULT, readonly?(O_RDONLY):(O_RDWR | O_CREAT), 0600);
- if (!(*tdb))
- {
- DEBUG(0, ("opentdb: Unable to open database (%s)!\n", ts2_privs->storage));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS get_object_by_sid(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const DOM_SID *sid)
-{
- NTSTATUS ret;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!obj || !sid)
- return NT_STATUS_INVALID_PARAMETER;
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_sid: Entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_NOT_FOUND;
- goto done;
- }
-
- if (!NT_STATUS_IS_OK(init_object_from_buffer(obj, data.dptr, data.dsize))) {
- DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- SAFE_FREE(data.dptr);
- return ret;
-}
-
-static NTSTATUS make_full_object_name(TDB_CONTEXT *tdb, fstring objname, GUMS_OBJECT *object)
-{
- NTSTATUS ret;
-
- objname[0] = '\0';
-
- if (gums_get_object_type(object) == GUMS_OBJ_DOMAIN) {
-
- fstrcpy(objname, gums_get_object_name(object));
-
- } else {
- GUMS_OBJECT *domain_object;
- DOM_SID domain_sid;
- uint32 *discard_rid;
-
- sid_copy(&domain_sid, gums_get_object_sid(object));
- sid_split_rid(&domain_sid, discard_rid);
-
- if (!NT_STATUS_IS_OK(get_object_by_sid(tdb,
- &domain_object,
- &domain_sid))) {
-
- DEBUG(3, ("Object's domain not found!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- fstrcpy(objname, gums_get_object_name(domain_object));
- fstrcat(objname, "\\");
- fstrcat(objname, gums_get_object_name(object));
- }
-
- ret = NT_STATUS_OK;
-
-done:
- return ret;
-}
-
-/* name should be in DOMAIN\NAME format */
-static NTSTATUS get_object_by_name(TDB_CONTEXT *tdb, GUMS_OBJECT **obj, const char *fullname)
-{
-
- NTSTATUS ret = NT_STATUS_OK;
- TDB_DATA data, key;
- fstring keystr;
- fstring objname;
- DOM_SID sid;
- fstring sidstr;
- int sidstr_len;
-
- if (!obj || !fullname)
- return NT_STATUS_INVALID_PARAMETER;
-
- /* Data is stored in all lower-case */
- fstrcpy(objname, fullname);
- strlower_m(objname);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_by_name: Entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_NOT_FOUND;
- goto done;
- }
-
- fstrcpy(sidstr, data.dptr);
- sidstr_len = data.dsize;
-
- SAFE_FREE(data.dptr);
-
- if (sidstr_len <= 0) {
- DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (!string_to_sid(&sid, sidstr)) {
- DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
-done:
- if (NT_STATUS_IS_OK(ret))
- return get_object_by_sid(tdb, obj, &sid);
- return ret;
-}
-
-/* Get object's sequence number */
-
-static NTSTATUS get_object_seq_num(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int *seq_num)
-{
-
- NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
- TDB_DATA data, key;
- fstring keystr;
- fstring sidstr;
- int version, type, seqnum;
-
- if (!object || !seq_num)
- return NT_STATUS_INVALID_PARAMETER;
-
- fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object)));
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr);
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr) {
- DEBUG(5, ("get_object_seq_num: Entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_NOT_FOUND;
- goto done;
- }
-
- if (tdb_unpack (data.dptr, data.dsize, TDB_BASIC_OBJ_STRING, &version, &type, &seqnum) == -1)
- goto done;
-
- *seq_num = seqnum;
- ret = NT_STATUS_OK;
-
-done:
- SAFE_FREE(data.dptr);
- return ret;
-}
-
-/* store a gums object
- * flag: TDB_REPLACE or TDB_MODIFY or TDB_INSERT
- */
-
-static NTSTATUS store_object(TDB_CONTEXT *tdb, GUMS_OBJECT *object, int flag)
-{
- NTSTATUS ret = NT_STATUS_OK;
- TDB_DATA data, data2, key, key2;
- TALLOC_CTX *mem_ctx;
- fstring keystr;
- fstring sidstr;
- fstring namestr;
- fstring objname;
- int r;
-
- /* TODO: on object renaming/replacing this function should
- * check name->sid record and delete the old one
- */
-
- mem_ctx = talloc_init("store_object");
- if (!mem_ctx) {
- DEBUG(0, ("store_object: Out of memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- make_full_object_name(tdb, objname, object);
-
- /* Data is stored in all lower-case */
- strlower_m(objname);
-
- if (flag == TDB_MODIFY) {
- if (!NT_STATUS_IS_OK(ret = get_object_seq_num(tdb, object, &(object->seq_num))))
- goto done;
- object->seq_num += 1;
- }
-
- if (!NT_STATUS_IS_OK(ret = init_buffer_from_object(&(data.dptr), &(data.dsize), mem_ctx, object)))
- goto done;
-
- fstrcpy(sidstr, sid_string_static(gums_get_object_sid(object)));
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sidstr);
- slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, objname);
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if ((r = tdb_store(tdb, key, data, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify TDBSAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb)));
- DEBUGADD(0, (" occured while storing sid record (%s)\n", keystr));
- if (r == TDB_ERR_EXISTS)
- ret = NT_STATUS_UNSUCCESSFUL;
- else
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto done;
- }
-
- data2.dptr = sidstr;
- data2.dsize = strlen(sidstr) + 1;
- key2.dptr = namestr;
- key2.dsize = strlen(namestr) + 1;
-
- if ((r = tdb_store(tdb, key2, data2, flag)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to modify TDBSAM!\n"));
- DEBUGADD(0, (" Error: %s", tdb_errorstr(tdb)));
- DEBUGADD(0, (" occured while storing name record (%s)\n", keystr));
- DEBUGADD(0, (" attempting rollback operation.\n"));
- if ((tdb_delete(tdb, key)) != TDB_SUCCESS) {
- DEBUG(0, ("store_object: Unable to rollback! Check database consitency!\n"));
- }
- if (r == TDB_ERR_EXISTS)
- ret = NT_STATUS_UNSUCCESSFUL;
- else
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto done;
- }
-
-/* TODO: update the general database counter */
-/* TODO: update this entry counter too */
-
-done:
- talloc_destroy(mem_ctx);
- return ret;
-}
-
-/* GUMM object functions */
-
-static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
-{
-
- NTSTATUS ret;
- TDB_CONTEXT *tdb;
- GUMS_OBJECT *go;
- fstring domname;
-
- if (!sid || !name)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) {
- return ret;
- }
-
- /* Data is stored in all lower-case */
- fstrcpy(domname, name);
- strlower_m(domname);
-
- if (!NT_STATUS_IS_OK(ret = get_object_by_name(tdb, &go, domname))) {
- go = NULL;
- DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
- goto done;
- }
-
- if (gums_get_object_type(go) != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto done;
- }
-
- sid_copy(sid, gums_get_object_sid(go));
-
- ret = NT_STATUS_OK;
-
-done:
- if (go)
- gums_destroy_object(&go);
- tdb_close(tdb);
- return ret;
-}
-
-static NTSTATUS get_next_sid(TDB_CONTEXT *tdb, DOM_SID *sid)
-{
- NTSTATUS ret;
- GUMS_OBJECT *go;
- DOM_SID dom_sid;
- TDB_DATA dom_sid_key;
- fstring dom_sid_str;
- uint32 new_rid;
-
- /* Find the domain SID */
- if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) {
- DEBUG(0, ("get_next_sid: cannot found the domain sid!!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* Lock the domain record */
- sid_to_string(dom_sid_str, &dom_sid);
- dom_sid_key.dptr = dom_sid_str;
- dom_sid_key.dsize = strlen(dom_sid_key.dptr) + 1;
-
- if(tdb_chainlock(tdb, dom_sid_key) != 0) {
- DEBUG(0, ("get_next_sid: unable to lock domain record!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- /* Get the domain object */
- ret = get_object_by_sid(tdb, &go, &dom_sid);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto done;
- }
-
- new_rid = gums_get_domain_next_rid(go);
-
- /* Increment the RID Counter */
- gums_set_domain_next_rid(go, new_rid+1);
-
- /* Store back Domain object */
- ret = store_object(tdb, go, TDB_MODIFY);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
- ret = NT_STATUS_INTERNAL_DB_ERROR;
- goto done;
- }
-
- /* Build the Domain SID to return */
- sid_copy(sid, &dom_sid);
-
- if (!sid_append_rid(sid, new_rid)) {
- DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- ret = NT_STATUS_OK;
-
-done:
- /* Unlock the Domain object */
- tdb_chainunlock(tdb, dom_sid_key);
-
- return ret;
-}
-
-/* TODO */
- NTSTATUS (*get_sequence_number) (void);
-
-
-extern DOM_SID global_sid_NULL;
-
-static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
-{
-
- NTSTATUS ret = NT_STATUS_OK;
- TDB_CONTEXT *tdb;
- GUMS_OBJECT *go;
- NTTIME null_time;
- DATA_BLOB pw;
- const char *defpw = "NOPASSWORDXXXXXX";
- uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
-
- if (!name) {
- DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) {
- return ret;
- }
-
- if (!NT_STATUS_IS_OK(ret = gums_create_object(&go, obj_type))) {
- go = NULL;
- goto done;
- }
-
- if (obj_type == GUMS_OBJ_DOMAIN) {
- sid_copy(sid, get_global_sam_sid());
- } else {
- if (!NT_STATUS_IS_OK(ret = get_next_sid(tdb, sid)))
- goto done;
- }
-
- gums_set_object_sid(go, sid);
- gums_set_object_name(go, name);
- gums_set_object_seq_num(go, 1);
-
- /*obj.domain->sec_desc*/
-
- switch (obj_type) {
- case GUMS_OBJ_NORMAL_USER:
-
- init_nt_time(&null_time);
-
- gums_set_user_logon_time(go, null_time);
- gums_set_user_logoff_time(go, null_time);
- gums_set_user_kickoff_time(go, null_time);
- gums_set_user_pass_last_set_time(go, null_time);
- gums_set_user_pass_can_change_time(go, null_time);
- gums_set_user_pass_must_change_time(go, null_time);
-
- pw = data_blob(defpw, NT_HASH_LEN);
- gums_set_user_nt_pwd(go, pw);
- gums_set_user_lm_pwd(go, pw);
- data_blob_free(&pw);
-
- gums_set_user_logon_divs(go, 168);
- gums_set_user_hours(go, 21, defhours);
-
- gums_set_user_bad_password_count(go, 0);
- gums_set_user_logon_count(go, 0);
- gums_set_user_unknown_6(go, 0x000004ec);
- break;
-
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
-
- break;
-
- case GUMS_OBJ_DOMAIN:
-
- gums_set_domain_next_rid(go, 0x3e9);
-
- break;
-
- default:
- ret = NT_STATUS_OBJECT_TYPE_MISMATCH;
- goto done;
- }
-
- ret = store_object(tdb, go, TDB_INSERT);
-
-done:
- if (go)
- gums_destroy_object(&go);
- tdb_close(tdb);
- return ret;
-}
-
-/* TODO: handle privileges objects */
-
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
-{
- /* TODO: need to address privilege deletion */
- NTSTATUS ret = NT_STATUS_OK;
- TDB_CONTEXT *tdb;
- GUMS_OBJECT *go;
- TDB_DATA data, key;
- fstring keystr;
-
- if (!sid) {
- DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) {
- return ret;
- }
-
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(sid));
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- data = tdb_fetch(tdb, key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (tdb_delete(tdb, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- if (!NT_STATUS_IS_OK(init_object_from_buffer(&go, data.dptr, data.dsize))) {
- DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, gums_get_object_name(go));
-
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if (tdb_delete(tdb, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdb)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
-/* TODO: update the general database counter */
-
-done:
- gums_destroy_object(&go);
- SAFE_FREE(data.dptr);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
-{
- NTSTATUS ret;
- TDB_CONTEXT *tdb;
-
- if (!object || !sid) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) {
- return ret;
- }
-
- ret = get_object_by_sid(tdb, object, sid);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: %s\n", nt_errstr(ret)));
- goto error;
- }
- if (obj_type && gums_get_object_type(*object) != obj_type) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: the object is not of the rerquested type!\n"));
- goto error;
- }
-
- tdb_close(tdb);
- return NT_STATUS_OK;
-
-error:
- gums_destroy_object(object);
- tdb_close(tdb);
- return ret;
-}
-
-static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *domain, const char *name, const int obj_type)
-{
- NTSTATUS ret;
- TDB_CONTEXT *tdb;
- fstring objname;
-
- if (!object || !name) {
- DEBUG(0, ("tdbsam2_get_object_from_name: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, True))) {
- return ret;
- }
-
- if (obj_type == GUMS_OBJ_DOMAIN) {
- fstrcpy(objname, name);
- } else {
- if (!domain) {
- domain = global_myname();
- }
- fstrcpy(objname, domain);
- fstrcat(objname, "\\");
- fstrcat(objname, name);
- }
-
- *object = NULL;
- ret = get_object_by_name(tdb, object, name);
- if (!NT_STATUS_IS_OK(ret)) {
- DEBUG(0, ("tdbsam2_get_object_from_name: %s\n", nt_errstr(ret)));
- goto error;
- }
- if (obj_type && gums_get_object_type(*object) != obj_type) {
- DEBUG(0, ("tdbsam2_get_object_from_name: the object is not of the rerquested type!\n"));
- goto error;
- }
-
- tdb_close(tdb);
- return NT_STATUS_OK;
-
-error:
- gums_destroy_object(object);
- tdb_close(tdb);
- return ret;
-}
-
- /* This function is used to get the list of all objects changed since base_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
-
-static NTSTATUS tdbsam2_enumerate_objects_start(void **handle, const DOM_SID *sid, const int obj_type)
-{
- struct tdbsam2_enum_objs *teo, *t;
-
- teo = (struct tdbsam2_enum_objs *)malloc(sizeof(struct tdbsam2_enum_objs));
- if (!teo) {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
- memset(teo, 0, sizeof(struct tdbsam2_enum_objs));
-
- teo->type = obj_type;
- if (sid) {
- teo->dom_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- if (!teo->dom_sid) {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
- return NT_STATUS_NO_MEMORY;
- }
- sid_copy(teo->dom_sid, sid);
- }
-
- if (!NT_STATUS_IS_OK(opentdb(&(teo->db), True)))
- {
- DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", ts2_privs->storage));
- SAFE_FREE(teo);
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!ts2_privs->teo_handlers) {
- ts2_privs->teo_handlers = teo;
- } else {
- t = ts2_privs->teo_handlers;
- while (t->next) {
- t = t->next;
- }
- t->next = teo;
- }
-
- *handle = teo;
-
- teo->key = tdb_firstkey(teo->db);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
-{
- NTSTATUS ret;
- TDB_DATA data;
- struct tdbsam2_enum_objs *teo;
- const char *prefix = SIDPREFIX;
- const int preflen = strlen(prefix);
- fstring dom_sid_str;
- int dom_sid_str_len = 0;
-
- if (!object || !handle) {
- DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- if (teo->dom_sid) {
- sid_to_string(dom_sid_str, teo->dom_sid);
- dom_sid_str_len = strlen(dom_sid_str);
- }
-
- while ((teo->key.dptr != NULL)) {
- int len, version, type, size, seqnum;
- char *ptr;
-
- if (strncmp(teo->key.dptr, prefix, preflen)) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- if (dom_sid_str_len != 0) {
- if (strncmp(&(teo->key.dptr[preflen]), dom_sid_str, dom_sid_str_len)) {
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
- }
-
- data = tdb_fetch(teo->db, teo->key);
- if (!data.dptr) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
- DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
-
- len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
- &version,
- &type,
- &seqnum,
- &size, &ptr);
-
- if (len == -1) {
- DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(ptr);
-
- if (teo->type && type != teo->type) {
- SAFE_FREE(data.dptr);
- data.dsize = 0;
- teo->key = tdb_nextkey(teo->db, teo->key);
- continue;
- }
-
- break;
- }
-
- if (teo->key.dptr == NULL) { /* no more objs */
- ret = NT_STATUS_NO_MORE_ENTRIES;
- goto done;
- }
-
- if (!NT_STATUS_IS_OK(ret = init_object_from_buffer(object, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
- SAFE_FREE(data.dptr);
-
- /* prepare next run */
- teo->key = tdb_nextkey(teo->db, teo->key);
-
-done:
- return ret;
-}
-
-static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
-{
- struct tdbsam2_enum_objs *teo, *t, *p;
-
- teo = (struct tdbsam2_enum_objs *)handle;
-
- if (ts2_privs->teo_handlers == teo) {
- ts2_privs->teo_handlers = teo->next;
- } else {
- t = ts2_privs->teo_handlers;
- while (t != teo) {
- p = t;
- t = t->next;
- if (t == NULL) {
- DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
- }
- p = t->next;
- }
-
- tdb_close(teo->db);
- SAFE_FREE(teo->dom_sid);
- SAFE_FREE(teo);
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS tdbsam2_set_object(GUMS_OBJECT *go)
-{
- NTSTATUS ret;
- TDB_CONTEXT *tdb;
-
- if (!go)
- return NT_STATUS_INVALID_PARAMETER;
-
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) {
- return ret;
- }
-
- ret = store_object(tdb, go, TDB_REPLACE);
-
- tdb_close(tdb);
- return ret;
-}
-
-#if 0
- /* set object values function */
-static NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
-
- /* Group related functions */
-static NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
- NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
-static NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
-
-static NTSTATUS (*get_sid_groups) (DOM_SID **groups, const DOM_SID *sid);
-
-static NTSTATUS (*lock_sid) (const DOM_SID *sid);
-static NTSTATUS (*unlock_sid) (const DOM_SID *sid);
-
- /* privileges related functions */
-
-static NTSTATUS (*get_privilege) (GUMS_OBJECT **object, const char *name);
-static NTSTATUS (*add_members_to_privilege) (const char *name, const DOM_SID **members);
-static NTSTATUS (*delete_members_from_privilege) (const char *name, const DOM_SID **members);
-static NTSTATUS (*enumerate_privilege_members) (const char *name, DOM_SID **members);
-static NTSTATUS (*get_sid_privileges) (const DOM_SID *sid, const char **privs);
-
- /* warning!: set_privilege will overwrite a prior existing privilege if such exist */
-static NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-#endif
-
-static void free_tdbsam2_private_data(void **vp)
-{
- struct tdbsam2_private_data **tdb_privs = (struct tdbsam2_private_data **)vp;
- while (ts2_privs->teo_handlers)
- tdbsam2_enumerate_objects_stop(ts2_privs->teo_handlers);
- *tdb_privs = NULL;
- /* No need to free any further, as it is talloc()ed */
-}
-
-static NTSTATUS init_tdbsam2(GUMS_FUNCTIONS *fns, const char *storage)
-{
- NTSTATUS ret;
- TDB_CONTEXT *tdb;
- DOM_SID dom_sid;
-
- fns->name = talloc_strdup(fns->mem_ctx, "tdbsam2");
-
- fns->get_domain_sid = tdbsam2_get_domain_sid;
- /* fns->get_sequence_number = tdbsam2_get_sequence_number; */
- fns->new_object = tdbsam2_new_object;
- fns->delete_object = tdbsam2_delete_object;
- fns->get_object_from_sid = tdbsam2_get_object_from_sid;
- fns->get_object_from_name = tdbsam2_get_object_from_name;
- /* fns->get_updated_objects = tdbsam2_get_updated_objects; */
- fns->enumerate_objects_start = tdbsam2_enumerate_objects_start;
- fns->enumerate_objects_get_next = tdbsam2_enumerate_objects_get_next;
- fns->enumerate_objects_stop = tdbsam2_enumerate_objects_stop;
- fns->set_object = tdbsam2_set_object;
- /* fns->set_object_values = tdbsam2_set_object_values;
- fns->add_members_to_group = tdbsam2_add_members_to_group;
- fns->delete_members_from_group = tdbsam2_delete_members_from_group;
- fns->enumerate_group_members = tdbsam2_enumerate_group_members;
- fns->get_sid_groups = tdbsam2_get_sid_groups;
- fns->lock_sid = tdbsam2_lock_sid;
- fns->unlock_sid = tdbsam2_unlock_sid;
- fns->get_privilege = tdbsam2_get_privilege;
- fns->add_members_to_privilege = tdbsam2_add_members_to_privilege;
- fns->delete_members_from_privilege = tdbsam2_delete_members_from_privilege;
- fns->enumerate_privilege_members = tdbsam2_enumerate_privilege_members;
- fns->get_sid_privileges = tdbsam2_get_sid_privileges;
- fns->set_privilege = tdbsam2_set_privilege; */
-
- ts2_privs = talloc_zero(fns->mem_ctx, sizeof(struct tdbsam2_private_data));
- if (!ts2_privs) {
- DEBUG(0, ("talloc() failed for tdbsam2 private_data!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (storage) {
- ts2_privs->storage = talloc_strdup(fns->mem_ctx, storage);
- } else {
- pstring tdbfile;
- get_private_directory(tdbfile);
- pstrcat(tdbfile, "/");
- pstrcat(tdbfile, TDB_FILE_NAME);
- ts2_privs->storage = talloc_strdup(fns->mem_ctx, tdbfile);
- }
-
- /* check tdb exist (or create it) */
-
- /* Find the domain SID */
- if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, global_myname()))) {
- /* db file does not exist or it is not inited */
- /* make the tdb file */
- if (!NT_STATUS_IS_OK(ret = opentdb(&tdb, False))) {
- return ret;
- }
- tdb_close(tdb);
-
- if (!NT_STATUS_IS_OK(tdbsam2_get_domain_sid(&dom_sid, "BUILTIN"))) {
- gums_init_builtin_domain();
- }
-
- gums_init_domain(get_global_sam_sid(), global_myname(), "The Domain");
- }
-
- fns->private_data = &ts2_privs;
- fns->free_private_data = free_tdbsam2_private_data;
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS gums_tdbsam2_init(void)
-{
- /*
- if ((gums_tdbsam2_debug_class = debug_add_class("gums_tdbsam2")) == -1) {
- DEBUG(0, ("gums_tdbsam2: unable to register my own debug class! going on ...\n"));
- gums_tdbsam2_debug_class = DBGC_ALL;
- }
- */
- return gums_register_module(GUMS_INTERFACE_VERSION, "tdbsam2", init_tdbsam2);
-}
+++ /dev/null
-/*
- Unix SMB/CIFS implementation.
- Password and authentication handling
- Copyright (C) Andrew Bartlett 2002
- Copyright (C) Jelmer Vernooij 2002
- Copyright (C) Stefan (metze) Metzmacher 2002
- Copyright (C) Kai Krüger 2002
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-*/
-
-#include "includes.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_SAM
-
-extern DOM_SID global_sid_Builtin;
-
-/** List of various built-in sam modules */
-
-const struct sam_init_function_entry builtin_sam_init_functions[] = {
- { "plugin", sam_init_plugin },
-#ifdef HAVE_LDAP
- { "ads", sam_init_ads },
-#endif
- { "skel", sam_init_skel },
- { NULL, NULL}
-};
-
-
-static NTSTATUS sam_get_methods_by_sid(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const DOM_SID *domainsid)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_sid: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (sid_equal(domainsid, &(tmp_methods->domain_sid)))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", sid_string_static(domainsid)));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS sam_get_methods_by_name(const SAM_CONTEXT *context, SAM_METHODS **sam_method, const char *domainname)
-{
- SAM_METHODS *tmp_methods;
-
- DEBUG(5,("sam_get_methods_by_name: %d\n", __LINE__));
-
- /* invalid sam_context specified */
- SAM_ASSERT(context && context->methods);
-
- tmp_methods = context->methods;
-
- while (tmp_methods) {
- if (strequal(domainname, tmp_methods->domain_name))
- {
- (*sam_method) = tmp_methods;
- return NT_STATUS_OK;
- }
- tmp_methods = tmp_methods->next;
- }
-
- DEBUG(3,("sam_get_methods_by_sid: There is no backend specified for domain %s\n", domainname));
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-static NTSTATUS make_sam_methods(TALLOC_CTX *mem_ctx, SAM_METHODS **methods)
-{
- *methods = talloc(mem_ctx, sizeof(SAM_METHODS));
-
- if (!*methods) {
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*methods);
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Free and cleanup a sam context, any associated data and anything
- that the attached modules might have associated.
- *******************************************************************/
-
-void free_sam_context(SAM_CONTEXT **context)
-{
- SAM_METHODS *sam_selected = (*context)->methods;
-
- while (sam_selected) {
- if (sam_selected->free_private_data) {
- sam_selected->free_private_data(&(sam_selected->private_data));
- }
- sam_selected = sam_selected->next;
- }
-
- talloc_destroy((*context)->mem_ctx);
- *context = NULL;
-}
-
-/******************************************************************
- Make a backend_entry from scratch
- *******************************************************************/
-
-static NTSTATUS make_backend_entry(SAM_BACKEND_ENTRY *backend_entry, char *sam_backend_string)
-{
- char *tmp = NULL;
- char *tmp_string = sam_backend_string;
-
- DEBUG(5,("make_backend_entry: %d\n", __LINE__));
-
- SAM_ASSERT(sam_backend_string && backend_entry);
-
- backend_entry->module_name = sam_backend_string;
-
- DEBUG(5,("makeing backend_entry for %s\n", backend_entry->module_name));
-
- if ((tmp = strrchr(tmp_string, '|')) != NULL) {
- DEBUGADD(20,("a domain name has been specified\n"));
- *tmp = 0;
- backend_entry->domain_name = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if ((tmp = strchr(tmp_string, ':')) != NULL) {
- DEBUG(20,("options for the backend have been specified\n"));
- *tmp = 0;
- backend_entry->module_params = smb_xstrdup(tmp + 1);
- tmp_string = tmp + 1;
- }
-
- if (backend_entry->domain_name == NULL) {
- DEBUG(10,("make_backend_entry: no domain was specified for sam module %s. Using default domain %s\n",
- backend_entry->module_name, lp_workgroup()));
- backend_entry->domain_name = smb_xstrdup(lp_workgroup());
- }
-
- if ((backend_entry->domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID))) == NULL) {
- DEBUG(0,("make_backend_entry: failed to malloc domain_sid\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- DEBUG(10,("looking up sid for domain %s\n", backend_entry->domain_name));
-
- if (!secrets_fetch_domain_sid(backend_entry->domain_name, backend_entry->domain_sid)) {
- DEBUG(2,("make_backend_entry: There is no SID stored for domain %s. Creating a new one.\n",
- backend_entry->domain_name));
- DEBUG(0, ("FIXME in %s:%d\n", __FILE__, __LINE__));
- ZERO_STRUCTP(backend_entry->domain_sid);
- }
-
- DEBUG(5,("make_backend_entry: module name: %s, module parameters: %s, domain name: %s, domain sid: %s\n",
- backend_entry->module_name, backend_entry->module_params, backend_entry->domain_name, sid_string_static(backend_entry->domain_sid)));
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- create sam_methods struct based on sam_backend_entry
- *****************************************************************/
-
-static NTSTATUS make_sam_methods_backend_entry(SAM_CONTEXT *context, SAM_METHODS **methods_ptr, SAM_BACKEND_ENTRY *backend_entry)
-{
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- SAM_METHODS *methods;
- int i;
-
- DEBUG(5,("make_sam_methods_backend_entry: %d\n", __LINE__));
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods(context->mem_ctx, methods_ptr))) {
- return nt_status;
- }
-
- methods = *methods_ptr;
- methods->backendname = talloc_strdup(context->mem_ctx, backend_entry->module_name);
- methods->domain_name = talloc_strdup(context->mem_ctx, backend_entry->domain_name);
- sid_copy(&methods->domain_sid, backend_entry->domain_sid);
- methods->parent = context;
-
- DEBUG(5,("Attempting to find sam backend %s\n", backend_entry->module_name));
- for (i = 0; builtin_sam_init_functions[i].module_name; i++)
- {
- if (strequal(builtin_sam_init_functions[i].module_name, backend_entry->module_name))
- {
- DEBUG(5,("Found sam backend %s (at pos %d)\n", backend_entry->module_name, i));
- DEBUGADD(5,("initialising it with options=%s for domain %s\n", backend_entry->module_params, sid_string_static(backend_entry->domain_sid)));
- nt_status = builtin_sam_init_functions[i].init(methods, backend_entry->module_params);
- if (NT_STATUS_IS_OK(nt_status)) {
- DEBUG(5,("sam backend %s has a valid init\n", backend_entry->module_name));
- } else {
- DEBUG(2,("sam backend %s did not correctly init (error was %s)\n",
- backend_entry->module_name, nt_errstr(nt_status)));
- }
- return nt_status;
- }
- }
-
- DEBUG(2,("could not find backend %s\n", backend_entry->module_name));
-
- return NT_STATUS_INVALID_PARAMETER;
-}
-
-static NTSTATUS sam_context_check_default_backends(SAM_CONTEXT *context)
-{
- SAM_BACKEND_ENTRY entry;
- DOM_SID *global_sam_sid = get_global_sam_sid(); /* lp_workgroup doesn't play nicely with multiple domains */
- SAM_METHODS *methods, *tmpmethods;
- NTSTATUS ntstatus;
-
- DEBUG(5,("sam_context_check_default_backends: %d\n", __LINE__));
-
- /* Make sure domain lp_workgroup() is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, &global_sid_Builtin);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain %s(%s); using %s\n",
- lp_workgroup(), sid_string_static(global_sam_sid), SAM_DEFAULT_BACKEND));
-
- SAM_ASSERT(global_sam_sid);
-
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = lp_workgroup();
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, global_sam_sid);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
-
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for %s\n", lp_workgroup()));
- return ntstatus;
- }
-
- /* Make sure the BUILTIN domain is available */
-
- ntstatus = sam_get_methods_by_sid(context, &methods, global_sam_sid);
-
- if (NT_STATUS_EQUAL(ntstatus, NT_STATUS_NO_SUCH_DOMAIN)) {
- DEBUG(4,("There was no backend specified for domain BUILTIN; using %s\n",
- SAM_DEFAULT_BACKEND));
- entry.module_name = SAM_DEFAULT_BACKEND;
- entry.module_params = NULL;
- entry.domain_name = "BUILTIN";
- entry.domain_sid = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy(entry.domain_sid, &global_sid_Builtin);
-
- if (!NT_STATUS_IS_OK(ntstatus = make_sam_methods_backend_entry(context, &methods, &entry))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- return ntstatus;
- }
-
- DLIST_ADD_END(context->methods, methods, tmpmethods);
- } else if (!NT_STATUS_IS_OK(ntstatus)) {
- DEBUG(2, ("sam_get_methods_by_sid failed for BUILTIN\n"));
- return ntstatus;
- }
-
- return NT_STATUS_OK;
-}
-
-static NTSTATUS check_duplicate_backend_entries(SAM_BACKEND_ENTRY **backend_entries, int *nBackends)
-{
- int i, j;
-
- DEBUG(5,("check_duplicate_backend_entries: %d\n", __LINE__));
-
- for (i = 0; i < *nBackends; i++) {
- for (j = i + 1; j < *nBackends; j++) {
- if (sid_equal((*backend_entries)[i].domain_sid, (*backend_entries)[j].domain_sid)) {
- DEBUG(0,("two backend modules claim the same domain %s\n",
- sid_string_static((*backend_entries)[j].domain_sid)));
- return NT_STATUS_INVALID_PARAMETER;
- }
- }
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS make_sam_context_list(SAM_CONTEXT **context, char **sam_backends_param)
-{
- int i = 0, j = 0;
- SAM_METHODS *curmethods, *tmpmethods;
- int nBackends = 0;
- SAM_BACKEND_ENTRY *backends = NULL;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
-
- DEBUG(5,("make_sam_context_from_conf: %d\n", __LINE__));
-
- if (!sam_backends_param) {
- DEBUG(1, ("no SAM backeds specified!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = make_sam_context(context))) {
- DEBUG(4,("make_sam_context failed\n"));
- return nt_status;
- }
-
- while (sam_backends_param[nBackends])
- nBackends++;
-
- DEBUG(6,("There are %d domains listed with their backends\n", nBackends));
-
- if ((backends = (SAM_BACKEND_ENTRY *)malloc(sizeof(*backends)*nBackends)) == NULL) {
- DEBUG(0,("make_sam_context_list: failed to allocate backends\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- memset(backends, '\0', sizeof(*backends)*nBackends);
-
- for (i = 0; i < nBackends; i++) {
- DEBUG(8,("processing %s\n",sam_backends_param[i]));
- if (!NT_STATUS_IS_OK(nt_status = make_backend_entry(&backends[i], sam_backends_param[i]))) {
- DEBUG(4,("make_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- }
-
- if (!NT_STATUS_IS_OK(nt_status = check_duplicate_backend_entries(&backends, &nBackends))) {
- DEBUG(4,("check_duplicate_backend_entries failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
-
- for (i = 0; i < nBackends; i++) {
- if (!NT_STATUS_IS_OK(nt_status = make_sam_methods_backend_entry(*context, &curmethods, &backends[i]))) {
- DEBUG(4,("make_sam_methods_backend_entry failed\n"));
- for (j = 0; j < nBackends; j++) SAFE_FREE(backends[j].domain_sid);
- SAFE_FREE(backends);
- free_sam_context(context);
- return nt_status;
- }
- DLIST_ADD_END((*context)->methods, curmethods, tmpmethods);
- }
-
- for (i = 0; i < nBackends; i++) SAFE_FREE(backends[i].domain_sid);
-
- SAFE_FREE(backends);
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Make a sam_context from scratch.
- *******************************************************************/
-
-NTSTATUS make_sam_context(SAM_CONTEXT **context)
-{
- TALLOC_CTX *mem_ctx;
-
- mem_ctx = talloc_init("sam_context internal allocation context");
-
- if (!mem_ctx) {
- DEBUG(0, ("make_sam_context: talloc init failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- *context = talloc(mem_ctx, sizeof(**context));
- if (!*context) {
- DEBUG(0, ("make_sam_context: talloc failed!\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- ZERO_STRUCTP(*context);
-
- (*context)->mem_ctx = mem_ctx;
-
- (*context)->free_fn = free_sam_context;
-
- return NT_STATUS_OK;
-}
-
-/******************************************************************
- Return an already initialised sam_context, to facilitate backward
- compatibility (see functions below).
- *******************************************************************/
-
-static struct sam_context *sam_get_static_context(BOOL reload)
-{
- static SAM_CONTEXT *sam_context = NULL;
-
- if ((sam_context) && (reload)) {
- sam_context->free_fn(&sam_context);
- sam_context = NULL;
- }
-
- if (!sam_context) {
- if (!NT_STATUS_IS_OK(make_sam_context_list(&sam_context, lp_sam_backend()))) {
- DEBUG(4,("make_sam_context_list failed\n"));
- return NULL;
- }
-
- /* Make sure the required domains (default domain, builtin) are available */
- if (!NT_STATUS_IS_OK(sam_context_check_default_backends(sam_context))) {
- DEBUG(4,("sam_context_check_default_backends failed\n"));
- return NULL;
- }
- }
-
- return sam_context;
-}
-
-/***************************************************************
- Initialize the static context (at smbd startup etc).
-
- If uninitialised, context will auto-init on first use.
- ***************************************************************/
-
-BOOL initialize_sam(BOOL reload)
-{
- return (sam_get_static_context(reload) != NULL);
-}
-
-
-/**************************************************************
- External API. This is what the rest of the world calls...
-***************************************************************/
-
-/******************************************************************
- sam_* functions are used to link the external SAM interface
- with the internal backends. These functions lookup the appropriate
- backends for the domain and pass on to the function in sam_methods
- in the selected backend
-
- When the context parmater is NULL, the default is used.
- *******************************************************************/
-
-#define SAM_SETUP_CONTEXT if (!context) \
- context = sam_get_static_context(False);\
- if (!context) {\
- return NT_STATUS_UNSUCCESSFUL; \
- }\
-
-
-
-NTSTATUS sam_get_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, SEC_DESC **sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_sec_desc) {
- DEBUG(3, ("sam_get_sec_desc: sam_methods of the domain did not specify sam_get_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_get_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_set_sec_desc(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *sid, const SEC_DESC *sd)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_set_sec_desc: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, sid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_set_sec_desc) {
- DEBUG(3, ("sam_set_sec_desc: sam_methods of the domain did not specify sam_set_sec_desc\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_set_sec_desc(tmp_methods, access_token, sid, sd))) {
- DEBUG(4,("sam_set_sec_desc for %s in backend %s failed\n", sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_lookup_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, const char *name, DOM_SID *sid, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_lookup_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_name) {
- DEBUG(3, ("sam_lookup_name: sam_methods of the domain did not specify sam_lookup_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_name(tmp_methods, access_token, name, sid, type))) {
- DEBUG(4,("sam_lookup_name for %s\\%s in backend %s failed\n",
- tmp_methods->domain_name, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, TALLOC_CTX *mem_ctx, const DOM_SID *sid, char **name, uint32 *type)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_lookup_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- sid_copy(&domainsid, sid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_lookup_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_lookup_sid) {
- DEBUG(3, ("sam_lookup_sid: sam_methods of the domain did not specify sam_lookup_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_lookup_sid(tmp_methods, access_token, mem_ctx, sid, name, type))) {
- DEBUG(4,("sam_lookup_name for %s in backend %s failed\n",
- sid_string_static(sid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_update_domain(const SAM_CONTEXT *context, const SAM_DOMAIN_HANDLE *domain)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid domain specified */
- SAM_ASSERT(domain && domain->current_sam_methods);
-
- tmp_methods = domain->current_sam_methods;
-
- if (!tmp_methods->sam_update_domain) {
- DEBUG(3, ("sam_update_domain: sam_methods of the domain did not specify sam_update_domain\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_domain(tmp_methods, domain))){
- DEBUG(4,("sam_update_domain in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_domains(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, int32 *domain_count, DOM_SID **domains, char ***domain_names)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
- int i = 0;
-
- DEBUG(5,("sam_enum_domains: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters specified */
- SAM_ASSERT(domain_count && domains && domain_names);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_ENUM_DOMAINS, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_enum_domains: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
- *domain_count = 0;
-
- while (tmp_methods) {
- (*domain_count)++;
- tmp_methods= tmp_methods->next;
- }
-
- DEBUG(6,("sam_enum_domains: enumerating %d domains\n", (*domain_count)));
-
- tmp_methods = context->methods;
-
- if (((*domains) = malloc( sizeof(DOM_SID) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain SID list\n"));
- return NT_STATUS_NO_MEMORY;
- }
-
- if (((*domain_names) = malloc( sizeof(char*) * (*domain_count))) == NULL) {
- DEBUG(0,("sam_enum_domains: Out of memory allocating domain name list\n"));
- SAFE_FREE((*domains));
- return NT_STATUS_NO_MEMORY;
- }
-
- while (tmp_methods) {
- DEBUGADD(7,(" [%d] %s: %s\n", i, tmp_methods->domain_name, sid_string_static(&tmp_methods->domain_sid)));
- sid_copy(domains[i],&tmp_methods->domain_sid);
- *domain_names[i] = smb_xstrdup(tmp_methods->domain_name);
- i++;
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_lookup_domain(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const char *domain, DOM_SID **domainsid)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SEC_DESC *sd;
- size_t sd_size;
- uint32 acc_granted;
-
- DEBUG(5,("sam_lookup_domain: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid paramters */
- SAM_ASSERT(access_token && domain && domainsid);
-
- if (!NT_STATUS_IS_OK(nt_status = samr_make_sam_obj_sd(context->mem_ctx, &sd, &sd_size))) {
- DEBUG(4,("samr_make_sam_obj_sd failed\n"));
- return nt_status;
- }
-
- if (!se_access_check(sd, access_token, SA_RIGHT_SAM_OPEN_DOMAIN, &acc_granted, &nt_status)) {
- DEBUG(3,("sam_lookup_domain: ACCESS DENIED\n"));
- return nt_status;
- }
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- if (strcmp(domain, tmp_methods->domain_name) == 0) {
- (*domainsid) = (DOM_SID *)malloc(sizeof(DOM_SID));
- sid_copy((*domainsid), &tmp_methods->domain_sid);
- return NT_STATUS_OK;
- }
- tmp_methods= tmp_methods->next;
- }
-
- return NT_STATUS_NO_SUCH_DOMAIN;
-}
-
-
-NTSTATUS sam_get_domain_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, SAM_DOMAIN_HANDLE **domain)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_domain_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && domain);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_domain_handle) {
- DEBUG(3, ("sam_get_domain_by_sid: sam_methods of the domain did not specify sam_get_domain_handle\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_domain_handle(tmp_methods, access_token, access_desired, domain))) {
- DEBUG(4,("sam_get_domain_handle for %s in backend %s failed\n",
- sid_string_static(domainsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_account(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *account_name, uint16 acct_ctrl, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(access_token && domainsid && account_name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_account) {
- DEBUG(3, ("sam_create_account: sam_methods of the domain did not specify sam_create_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_account(tmp_methods, access_token, access_desired, account_name, acct_ctrl, account))) {
- DEBUG(4,("sam_create_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- DOM_SID domainsid;
- const DOM_SID *accountsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid parmaters */
- SAM_ASSERT(account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_account_sid(account, &accountsid))) {
- DEBUG(0,("Can't get account SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_account) {
- DEBUG(3, ("sam_add_account: sam_methods of the domain did not specify sam_add_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_account(tmp_methods, account))){
- DEBUG(4,("sam_add_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_update_account) {
- DEBUG(3, ("sam_update_account: sam_methods of the domain did not specify sam_update_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_account(tmp_methods, account))){
- DEBUG(4,("sam_update_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_account(const SAM_CONTEXT *context, const SAM_ACCOUNT_HANDLE *account)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_account: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid account specified */
- SAM_ASSERT(account && account->current_sam_methods);
-
- tmp_methods = account->current_sam_methods;
-
- if (!tmp_methods->sam_delete_account) {
- DEBUG(3, ("sam_delete_account: sam_methods of the domain did not specify sam_delete_account\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_account(tmp_methods, account))){
- DEBUG(4,("sam_delete_account in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_accounts(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 acct_ctrl, int32 *account_count, SAM_ACCOUNT_ENUM **accounts)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_accounts: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && account_count && accounts);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_accounts: sam_methods of the domain did not specify sam_enum_accounts\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_accounts(tmp_methods, access_token, acct_ctrl, account_count, accounts))) {
- DEBUG(4,("sam_enum_accounts for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-
-NTSTATUS sam_get_account_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *accountsid, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- DOM_SID domainsid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && accountsid && account);
-
- sid_copy(&domainsid, accountsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_account_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_sid) {
- DEBUG(3, ("sam_get_account_by_sid: sam_methods of the domain did not specify sam_get_account_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_sid(tmp_methods, access_token, access_desired, accountsid, account))) {
- DEBUG(4,("sam_get_account_by_sid for %s in backend %s failed\n",
- sid_string_static(accountsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_account_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_ACCOUNT_HANDLE **account)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_account_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && account);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_account_by_name) {
- DEBUG(3, ("sam_get_account_by_name: sam_methods of the domain did not specify sam_get_account_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_account_by_name(tmp_methods, access_token, access_desired, name, account))) {
- DEBUG(4,("sam_get_account_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_create_group(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *domainsid, const char *group_name, uint16 group_ctrl, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_create_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && group_name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_create_group) {
- DEBUG(3, ("sam_create_group: sam_methods of the domain did not specify sam_create_group\n"));
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_create_group(tmp_methods, access_token, access_desired, group_name, group_ctrl, group))) {
- DEBUG(4,("sam_create_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- DOM_SID domainsid;
- const DOM_SID *groupsid;
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_add_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_group_sid(group, &groupsid))) {
- DEBUG(0,("Can't get group SID\n"));
- return nt_status;
- }
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_add_group) {
- DEBUG(3, ("sam_add_group: sam_methods of the domain did not specify sam_add_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_group(tmp_methods, group))){
- DEBUG(4,("sam_add_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_update_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_update_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_update_group) {
- DEBUG(3, ("sam_update_group: sam_methods of the domain did not specify sam_update_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_update_group(tmp_methods, group))){
- DEBUG(4,("sam_update_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_delete_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_delete_group: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_group) {
- DEBUG(3, ("sam_delete_group: sam_methods of the domain did not specify sam_delete_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_group(tmp_methods, group))){
- DEBUG(4,("sam_delete_group in backend %s failed\n",
- tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groups(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID *domainsid, uint16 group_ctrl, uint32 *groups_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_enum_groups: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domainsid && groups_count && groups);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_enum_accounts) {
- DEBUG(3, ("sam_enum_groups: sam_methods of the domain did not specify sam_enum_groups\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groups(tmp_methods, access_token, group_ctrl, groups_count, groups))) {
- DEBUG(4,("sam_enum_groups for domain %s in backend %s failed\n",
- tmp_methods->domain_name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const DOM_SID *groupsid, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- uint32 rid;
- NTSTATUS nt_status;
- DOM_SID domainsid;
-
- DEBUG(5,("sam_get_group_by_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && groupsid && group);
-
- sid_copy(&domainsid, groupsid);
- if (!sid_split_rid(&domainsid, &rid)) {
- DEBUG(3,("sam_get_group_by_sid: failed to split the sid\n"));
- return NT_STATUS_INVALID_SID;
- }
-
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_sid(context, &tmp_methods, &domainsid))) {
- DEBUG(4,("sam_get_methods_by_sid failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_sid) {
- DEBUG(3, ("sam_get_group_by_sid: sam_methods of the domain did not specify sam_get_group_by_sid\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_sid(tmp_methods, access_token, access_desired, groupsid, group))) {
- DEBUG(4,("sam_get_group_by_sid for %s in backend %s failed\n",
- sid_string_static(groupsid), tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_group_by_name(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, uint32 access_desired, const char *domain, const char *name, SAM_GROUP_HANDLE **group)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- DEBUG(5,("sam_get_group_by_name: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- SAM_ASSERT(access_token && domain && name && group);
-
- if (!NT_STATUS_IS_OK(nt_status = sam_get_methods_by_name(context, &tmp_methods, domain))) {
- DEBUG(4,("sam_get_methods_by_name failed\n"));
- return nt_status;
- }
-
- if (!tmp_methods->sam_get_group_by_name) {
- DEBUG(3, ("sam_get_group_by_name: sam_methods of the domain did not specify sam_get_group_by_name\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_group_by_name(tmp_methods, access_token, access_desired, name, group))) {
- DEBUG(4,("sam_get_group_by_name for %s\\%s in backend %s failed\n",
- domain, name, tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_add_member_to_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_add_member_to_group) {
- DEBUG(3, ("sam_add_member_to_group: sam_methods of the domain did not specify sam_add_member_to_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_add_member_to_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_add_member_to_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-
-}
-
-NTSTATUS sam_delete_member_from_group(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, const SAM_GROUP_MEMBER *member)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group or member specified */
- SAM_ASSERT(group && group->current_sam_methods && member);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_delete_member_from_group) {
- DEBUG(3, ("sam_delete_member_from_group: sam_methods of the domain did not specify sam_delete_member_from_group\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_delete_member_from_group(tmp_methods, group, member))) {
- DEBUG(4,("sam_delete_member_from_group in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_enum_groupmembers(const SAM_CONTEXT *context, const SAM_GROUP_HANDLE *group, uint32 *members_count, SAM_GROUP_MEMBER **members)
-{
- const SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- SAM_SETUP_CONTEXT;
-
- /* invalid group specified */
- SAM_ASSERT(group && group->current_sam_methods && members_count && members);
-
- tmp_methods = group->current_sam_methods;
-
- if (!tmp_methods->sam_enum_groupmembers) {
- DEBUG(3, ("sam_enum_groupmembers: sam_methods of the domain did not specify sam_enum_group_members\n"));
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_enum_groupmembers(tmp_methods, group, members_count, members))) {
- DEBUG(4,("sam_enum_groupmembers in backend %s failed\n", tmp_methods->backendname));
- return nt_status;
- }
-
- return NT_STATUS_OK;
-}
-
-NTSTATUS sam_get_groups_of_sid(const SAM_CONTEXT *context, const NT_USER_TOKEN *access_token, const DOM_SID **sids, uint16 group_ctrl, uint32 *group_count, SAM_GROUP_ENUM **groups)
-{
- SAM_METHODS *tmp_methods;
- NTSTATUS nt_status;
-
- uint32 tmp_group_count;
- SAM_GROUP_ENUM *tmp_groups;
-
- DEBUG(5,("sam_get_groups_of_sid: %d\n", __LINE__));
-
- SAM_SETUP_CONTEXT;
-
- /* invalid sam_context specified */
- SAM_ASSERT(access_token && sids && context && context->methods);
-
- *group_count = 0;
-
- *groups = NULL;
-
- tmp_methods= context->methods;
-
- while (tmp_methods) {
- DEBUG(5,("getting groups from domain \n"));
- if (!tmp_methods->sam_get_groups_of_sid) {
- DEBUG(3, ("sam_get_groups_of_sid: sam_methods of domain did not specify sam_get_groups_of_sid\n"));
- SAFE_FREE(*groups);
- return NT_STATUS_NOT_IMPLEMENTED;
- }
-
- if (!NT_STATUS_IS_OK(nt_status = tmp_methods->sam_get_groups_of_sid(tmp_methods, access_token, sids, group_ctrl, &tmp_group_count, &tmp_groups))) {
- DEBUG(4,("sam_get_groups_of_sid in backend %s failed\n", tmp_methods->backendname));
- SAFE_FREE(*groups);
- return nt_status;
- }
-
- *groups = Realloc(*groups, ((*group_count) + tmp_group_count) * sizeof(SAM_GROUP_ENUM));
-
- memcpy(&(*groups)[*group_count], tmp_groups, tmp_group_count);
-
- SAFE_FREE(tmp_groups);
-
- *group_count += tmp_group_count;
-
- tmp_methods = tmp_methods->next;
- }
-
- return NT_STATUS_OK;
-}
-
-
+++ /dev/null
-#!/usr/bin/perl -w
-# a simple system for generating C parse info
-# this can be used to write generic C structer load/save routines
-# Copyright 2002 Andrew Tridgell <genstruct@tridgell.net>
-# released under the GNU General Public License v2 or later
-
-use strict;
-
-my(%enum_done) = ();
-my(%struct_done) = ();
-
-###################################################
-# general handler
-sub handle_general($$$$$$$$)
-{
- my($name) = shift;
- my($ptr_count) = shift;
- my($size) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($dump_fn) = shift;
- my($parse_fn) = shift;
- my($tflags) = shift;
- my($array_len) = 0;
- my($dynamic_len) = "NULL";
-
- # handle arrays, currently treat multidimensional arrays as 1 dimensional
- while ($element =~ /(.*)\[(.*?)\]$/) {
- $element = $1;
- if ($array_len == 0) {
- $array_len = $2;
- } else {
- $array_len = "$2 * $array_len";
- }
- }
-
- if ($flags =~ /_LEN\((\w*?)\)/) {
- $dynamic_len = "\"$1\"";
- }
-
- if ($flags =~ /_NULLTERM/) {
- $tflags = "FLAG_NULLTERM";
- }
-
- print OFILE "{\"$element\", $ptr_count, $size, offsetof(struct $name, $element), $array_len, $dynamic_len, $tflags, $dump_fn, $parse_fn},\n";
-}
-
-
-####################################################
-# parse one element
-sub parse_one($$$$)
-{
- my($name) = shift;
- my($type) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($ptr_count) = 0;
- my($size) = "sizeof($type)";
- my($tflags) = "0";
-
- # enums get the FLAG_ALWAYS flag
- if ($type =~ /^enum /) {
- $tflags = "FLAG_ALWAYS";
- }
-
-
- # make the pointer part of the base type
- while ($element =~ /^\*(.*)/) {
- $ptr_count++;
- $element = $1;
- }
-
- # convert spaces to _
- $type =~ s/ /_/g;
-
- my($dump_fn) = "gen_dump_$type";
- my($parse_fn) = "gen_parse_$type";
-
- handle_general($name, $ptr_count, $size, $element, $flags, $dump_fn, $parse_fn, $tflags);
-}
-
-####################################################
-# parse one element
-sub parse_element($$$)
-{
- my($name) = shift;
- my($element) = shift;
- my($flags) = shift;
- my($type);
- my($data);
-
- # pull the base type
- if ($element =~ /^struct (\S*) (.*)/) {
- $type = "struct $1";
- $data = $2;
- } elsif ($element =~ /^enum (\S*) (.*)/) {
- $type = "enum $1";
- $data = $2;
- } elsif ($element =~ /^unsigned (\S*) (.*)/) {
- $type = "unsigned $1";
- $data = $2;
- } elsif ($element =~ /^(\S*) (.*)/) {
- $type = $1;
- $data = $2;
- } else {
- die "Can't parse element '$element'";
- }
-
- # handle comma separated lists
- while ($data =~ /(\S*),[\s]?(.*)/) {
- parse_one($name, $type, $1, $flags);
- $data = $2;
- }
- parse_one($name, $type, $data, $flags);
-}
-
-
-my($first_struct) = 1;
-
-####################################################
-# parse the elements of one structure
-sub parse_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_struct) {
- $first_struct = 0;
- print "Parsing structs: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n";
- print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n";
-
- print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n";
-
-
- while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) {
- my($element) = $1;
- my($flags) = $2;
- $elements = $3;
- parse_element($name, $element, $flags);
- }
-
- print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n";
-
- print OFILE "
-int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent);
-}
-int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) {
- return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str);
-}
-
-";
-}
-
-my($first_enum) = 1;
-
-####################################################
-# parse out the enum declarations
-sub parse_enum_elements($$)
-{
- my($name) = shift;
- my($elements) = shift;
-
- if ($first_enum) {
- $first_enum = 0;
- print "Parsing enums: $name";
- } else {
- print ", $name";
- }
-
- print OFILE "static const struct enum_struct einfo_" . $name . "[] = {\n";
-
- my(@enums) = split(/,/s, $elements);
- for (my($i)=0; $i <= $#{@enums}; $i++) {
- my($enum) = $enums[$i];
- if ($enum =~ /\s*(\w*)/) {
- my($e) = $1;
- print OFILE "{\"$e\", $e},\n";
- }
- }
-
- print OFILE "{NULL, 0}};\n";
-
- print OFILE "
-int gen_dump_enum_$name(struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_enum(einfo_$name, p, ptr, indent);
-}
-
-int gen_parse_enum_$name(char *ptr, const char *str) {
- return gen_parse_enum(einfo_$name, ptr, str);
-}
-
-";
-}
-
-####################################################
-# parse out the enum declarations
-sub parse_enums($)
-{
- my($data) = shift;
-
- while ($data =~ /^GENSTRUCT\s+enum\s+(\w*?)\s*{(.*?)}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
-
- if (!defined($enum_done{$name})) {
- $enum_done{$name} = 1;
- parse_enum_elements($name, $elements);
- }
- }
-
- if (! $first_enum) {
- print "\n";
- }
-}
-
-####################################################
-# parse all the structures
-sub parse_structs($)
-{
- my($data) = shift;
-
- # parse into structures
- while ($data =~ /^GENSTRUCT\s+struct\s+(\w+?)\s*{\s*(.*?)\s*}\s*;(.*)/ms) {
- my($name) = $1;
- my($elements) = $2;
- $data = $3;
- if (!defined($struct_done{$name})) {
- $struct_done{$name} = 1;
- parse_elements($name, $elements);
- }
- }
-
- if (! $first_struct) {
- print "\n";
- } else {
- print "No GENSTRUCT structures found?\n";
- }
-}
-
-
-####################################################
-# parse a header file, generating a dumper structure
-sub parse_data($)
-{
- my($data) = shift;
-
- # collapse spaces
- $data =~ s/[\t ]+/ /sg;
- $data =~ s/\s*\n\s+/\n/sg;
- # strip debug lines
- $data =~ s/^\#.*?\n//smg;
-
- parse_enums($data);
- parse_structs($data);
-}
-
-
-#########################################
-# display help text
-sub ShowHelp()
-{
- print "
-generator for C structure dumpers
-Copyright Andrew Tridgell <genstruct\@tridgell.net>
-
-Sample usage:
- genstruct -o output.h gcc -E -O2 -g test.h
-
-Options:
- --help this help page
- -o OUTPUT place output in OUTPUT
-";
- exit(0);
-}
-
-########################################
-# main program
-if ($ARGV[0] ne "-o" || $#ARGV < 2) {
- ShowHelp();
-}
-
-shift;
-my($opt_ofile)=shift;
-
-print "creating $opt_ofile\n";
-
-open(OFILE, ">$opt_ofile") || die "can't open $opt_ofile";
-
-print OFILE "/* This is an automatically generated file - DO NOT EDIT! */\n\n";
-
-parse_data(`@ARGV -DGENSTRUCT=GENSTRUCT`);
-exit(0);
if (!push_sec_ctx())
return NT_STATUS_UNSUCCESSFUL;
- set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL);
+ set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
set_re_uid();
}
conn->ngroups = 0;
}
- if (conn->nt_user_token) {
- delete_nt_token(&(conn->nt_user_token));
- }
-
- if (conn->privs) {
- destroy_privilege(&(conn->privs));
- }
-
free_namearray(conn->veto_list);
free_namearray(conn->hide_list);
free_namearray(conn->veto_oplock_list);
char **rdata,char **rparam,
int *rdata_len,int *rparam_len)
{
- char *str1 = param+2;
- char *str2 = skip_string(str1,1);
- char *p = skip_string(str2,1);
- int uLevel = SVAL(p,0);
- fstring sharename;
- fstring comment;
- pstring pathname;
- char *command, *cmdname;
- unsigned int offset;
- int snum;
- int res = ERRunsup;
+ char *str1 = param+2;
+ char *str2 = skip_string(str1,1);
+ char *p = skip_string(str2,1);
+ int uLevel = SVAL(p,0);
+ fstring sharename;
+ fstring comment;
+ pstring pathname;
+ char *command, *cmdname;
+ unsigned int offset;
+ int snum;
+ int res = ERRunsup;
- /* check it's a supported varient */
- if (!prefix_ok(str1, RAP_WShareAdd_REQ)) return False;
- if (!check_share_info(uLevel, str2)) return False;
- if (uLevel != 2) return False;
-
- pull_ascii_fstring(sharename, data);
- snum = find_service(sharename);
- if (snum >= 0) { /* already exists */
- res = ERRfilexists;
- goto error_exit;
- }
+ /* check it's a supported varient */
+ if (!prefix_ok(str1,RAP_WShareAdd_REQ)) return False;
+ if (!check_share_info(uLevel,str2)) return False;
+ if (uLevel != 2) return False;
- /* only support disk share adds */
- if (SVAL(data,14) != STYPE_DISKTREE) return False;
+ pull_ascii_fstring(sharename,data);
+ snum = find_service(sharename);
+ if (snum >= 0) { /* already exists */
+ res = ERRfilexists;
+ goto error_exit;
+ }
- offset = IVAL(data, 16);
- if (offset >= mdrcnt) {
- res = ERRinvalidparam;
- goto error_exit;
- }
- pull_ascii_fstring(comment, offset? (data+offset) : "");
+ /* only support disk share adds */
+ if (SVAL(data,14)!=STYPE_DISKTREE) return False;
- offset = IVAL(data, 26);
- if (offset >= mdrcnt) {
- res = ERRinvalidparam;
- goto error_exit;
- }
- pull_ascii_pstring(pathname, offset? (data+offset) : "");
+ offset = IVAL(data, 16);
+ if (offset >= mdrcnt) {
+ res = ERRinvalidparam;
+ goto error_exit;
+ }
+ pull_ascii_fstring(comment, offset? (data+offset) : "");
- string_replace(sharename, '"', ' ');
- string_replace(pathname, '"', ' ');
- string_replace(comment, '"', ' ');
+ offset = IVAL(data, 26);
+ if (offset >= mdrcnt) {
+ res = ERRinvalidparam;
+ goto error_exit;
+ }
+ pull_ascii_pstring(pathname, offset? (data+offset) : "");
- cmdname = lp_add_share_cmd();
+ string_replace(sharename, '"', ' ');
+ string_replace(pathname, '"', ' ');
+ string_replace(comment, '"', ' ');
- if (!cmdname || *cmdname == '\0') return False;
+ cmdname = lp_add_share_cmd();
- asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
- lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment);
+ if (!cmdname || *cmdname == '\0') return False;
- if (command) {
- DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command ));
- if ((res = smbrun(command, NULL)) != 0) {
- DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res ));
- SAFE_FREE(command);
- res = ERRnoaccess;
- goto error_exit;
- } else {
- SAFE_FREE(command);
- message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
- }
- } else return False;
+ asprintf(&command, "%s \"%s\" \"%s\" \"%s\" \"%s\"",
+ lp_add_share_cmd(), dyn_CONFIGFILE, sharename, pathname, comment);
- *rparam_len = 6;
- *rparam = REALLOC(*rparam, *rparam_len);
- SSVAL(*rparam, 0, NERR_Success);
- SSVAL(*rparam, 2, 0); /* converter word */
- SSVAL(*rparam, 4, *rdata_len);
- *rdata_len = 0;
+ if (command) {
+ DEBUG(10,("api_RNetShareAdd: Running [%s]\n", command ));
+ if ((res = smbrun(command, NULL)) != 0) {
+ DEBUG(1,("api_RNetShareAdd: Running [%s] returned (%d)\n", command, res ));
+ SAFE_FREE(command);
+ res = ERRnoaccess;
+ goto error_exit;
+ } else {
+ SAFE_FREE(command);
+ message_send_all(conn_tdb_ctx(), MSG_SMB_CONF_UPDATED, NULL, 0, False, NULL);
+ }
+ } else return False;
+
+ *rparam_len = 6;
+ *rparam = REALLOC(*rparam,*rparam_len);
+ SSVAL(*rparam,0,NERR_Success);
+ SSVAL(*rparam,2,0); /* converter word */
+ SSVAL(*rparam,4,*rdata_len);
+ *rdata_len = 0;
- return True;
+ return True;
-error_exit:
- *rparam_len = 4;
- *rparam = REALLOC(*rparam, *rparam_len);
- *rdata_len = 0;
- SSVAL(*rparam, 0, res);
- SSVAL(*rparam, 2, 0);
- return True;
+ error_exit:
+ *rparam_len = 4;
+ *rparam = REALLOC(*rparam,*rparam_len);
+ *rdata_len = 0;
+ SSVAL(*rparam,0,res);
+ SSVAL(*rparam,2,0);
+ return True;
}
"\\spoolss",
"\\netdfs",
"\\rpcecho",
- "\\epmapper",
NULL
};
SAFE_FREE(vuser->groups);
delete_nt_token(&vuser->nt_user_token);
- destroy_privilege(&vuser->privs);
SAFE_FREE(vuser);
num_validated_vuids--;
}
return UID_FIELD_INVALID;
}
- if (server_info->privs) {
- init_privilege(&(vuser->privs));
- dup_priv_set(vuser->privs, server_info->privs);
- }
-
/* use this to keep tabs on all our info from the authentication */
vuser->server_info = server_info;
vuser->homes_snum = -1;
}
- if (srv_is_signing_negotiated() && !vuser->guest && !srv_signing_started()) {
+ if (lp_server_signing() && !vuser->guest && !srv_is_signing_active()) {
/* Try and turn on server signing on the first non-guest sessionsetup. */
srv_set_signing(vuser->session_key, response_blob);
}
int ngroups;
gid_t *groups;
NT_USER_TOKEN *token;
- PRIVILEGE_SET *privs;
};
/* A stack of security contexts. We include the current context as being
(unsigned int)ctx_p->uid, (unsigned int)ctx_p->gid, sec_ctx_stack_ndx ));
ctx_p->token = dup_nt_token(sec_ctx_stack[sec_ctx_stack_ndx-1].token);
- if (! ctx_p->token) {
- DEBUG(0, ("Out of memory on dup_nt_token() in push_sec_ctx()\n"));
- return False;
- }
ctx_p->ngroups = sys_getgroups(0, NULL);
if (ctx_p->ngroups != 0) {
if (!(ctx_p->groups = malloc(ctx_p->ngroups * sizeof(gid_t)))) {
- DEBUG(0, ("Out of memory on malloc() in push_sec_ctx()\n"));
+ DEBUG(0, ("Out of memory in push_sec_ctx()\n"));
delete_nt_token(&ctx_p->token);
return False;
}
ctx_p->groups = NULL;
}
- init_privilege(&ctx_p->privs);
- if (! NT_STATUS_IS_OK(dup_priv_set(ctx_p->privs, sec_ctx_stack[sec_ctx_stack_ndx-1].privs))) {
- DEBUG(0, ("Out of memory on dup_priv_set() in push_sec_ctx()\n"));
- delete_nt_token(&ctx_p->token);
- destroy_privilege(&ctx_p->privs);
- return False;
- }
-
return True;
}
Set the current security context to a given user.
****************************************************************************/
-void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token, PRIVILEGE_SET *privs)
+void set_sec_ctx(uid_t uid, gid_t gid, int ngroups, gid_t *groups, NT_USER_TOKEN *token)
{
struct sec_ctx *ctx_p = &sec_ctx_stack[sec_ctx_stack_ndx];
smb_panic("DUPLICATE_TOKEN");
delete_nt_token(&ctx_p->token);
- if (ctx_p->privs)
- reset_privilege(ctx_p->privs);
- else
- init_privilege(&ctx_p->privs);
ctx_p->groups = memdup(groups, sizeof(gid_t) * ngroups);
ctx_p->token = dup_nt_token(token);
- dup_priv_set(ctx_p->privs, privs);
become_id(uid, gid);
current_user.ngroups = ngroups;
current_user.groups = groups;
current_user.nt_user_token = ctx_p->token;
- current_user.privs = ctx_p->privs;
}
/****************************************************************************
{
/* May need to worry about supplementary groups at some stage */
- set_sec_ctx(0, 0, 0, NULL, NULL, NULL);
+ set_sec_ctx(0, 0, 0, NULL, NULL);
}
/****************************************************************************
ctx_p->ngroups = 0;
delete_nt_token(&ctx_p->token);
- destroy_privilege(&ctx_p->privs);
/* Pop back previous user */
current_user.ngroups = prev_ctx_p->ngroups;
current_user.groups = prev_ctx_p->groups;
current_user.nt_user_token = prev_ctx_p->token;
- current_user.privs = prev_ctx_p->privs;
DEBUG(3, ("pop_sec_ctx (%u, %u) - sec_ctx_stack_ndx = %d\n",
(unsigned int)geteuid(), (unsigned int)getegid(), sec_ctx_stack_ndx));
get_current_groups(ctx_p->gid, &ctx_p->ngroups, &ctx_p->groups);
ctx_p->token = NULL; /* Maps to guest user. */
- ctx_p->privs = NULL;
/* Initialise current_user global */
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
current_user.nt_user_token = NULL;
- current_user.privs = NULL;
}
string_set(&conn->dirpath,"");
string_set(&conn->user,user);
conn->nt_user_token = NULL;
- conn->privs = NULL;
conn->read_only = lp_readonly(conn->service);
conn->admin_user = False;
conn->nt_user_token = create_nt_token(conn->uid, conn->gid,
conn->ngroups, conn->groups,
guest);
-
- init_privilege(&(conn->privs));
- pdb_get_privilege_set(conn->nt_user_token, conn->privs);
}
/*
SSVAL(outbuf, smb_uid, sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
+ if (!server_info->guest) {
/* We need to start the signing engine
* here but a W2K client sends the old
* "BSRSPYL " signature instead of the
* correct one. Subsequent packets will
* be correct.
*/
- srv_check_sign_mac(inbuf, False);
+ srv_check_sign_mac(inbuf);
}
}
SSVAL(outbuf,smb_uid,sess_vuid);
- if (!server_info->guest && !srv_signing_started()) {
+ if (!server_info->guest) {
/* We need to start the signing engine
* here but a W2K client sends the old
* "BSRSPYL " signature instead of the
* correct one. Subsequent packets will
* be correct.
*/
-
- srv_check_sign_mac(inbuf, False);
+ srv_check_sign_mac(inbuf);
}
}
}
return ERROR_NT(NT_STATUS_LOGON_FAILURE);
}
- if (!server_info->guest && !srv_signing_started() && !srv_check_sign_mac(inbuf, True)) {
+ if (!server_info->guest && !srv_check_sign_mac(inbuf)) {
exit_server("reply_sesssetup_and_X: bad smb signature");
}
initgroups(pass->pw_name, pass->pw_gid);
#endif
- set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL, NULL);
+ set_sec_ctx(pass->pw_uid, pass->pw_gid, 0, NULL, NULL);
current_user.conn = NULL;
current_user.vuid = UID_FIELD_INVALID;
gid_t gid;
uid_t uid;
char group_c;
- BOOL must_free_token_priv = False;
+ BOOL must_free_token = False;
NT_USER_TOKEN *token = NULL;
- PRIVILEGE_SET *privs = NULL;
if (!conn) {
DEBUG(2,("change_to_user: Connection not open\n"));
current_user.groups = conn->groups;
current_user.ngroups = conn->ngroups;
token = conn->nt_user_token;
- privs = conn->privs;
} else if ((vuser) && check_user_ok(conn, vuser, snum)) {
uid = conn->admin_user ? 0 : vuser->uid;
gid = vuser->gid;
current_user.ngroups = vuser->n_groups;
current_user.groups = vuser->groups;
token = vuser->nt_user_token;
- privs = vuser->privs;
} else {
DEBUG(2,("change_to_user: Invalid vuid used %d or vuid not permitted access to share.\n",vuid));
return False;
DEBUG(1, ("change_to_user: create_nt_token failed!\n"));
return False;
}
- pdb_get_privilege_set(token, privs);
- must_free_token_priv = True;
+ must_free_token = True;
}
- set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token, privs);
+ set_sec_ctx(uid, gid, current_user.ngroups, current_user.groups, token);
/*
* Free the new token (as set_sec_ctx copies it).
*/
- if (must_free_token_priv) {
+ if (must_free_token)
delete_nt_token(&token);
- destroy_privilege(&privs);
- }
current_user.conn = conn;
current_user.vuid = vuid;
return False;
set_sec_ctx(p->pipe_user.uid, p->pipe_user.gid,
- p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token, p->pipe_user.privs);
+ p->pipe_user.ngroups, p->pipe_user.groups, p->pipe_user.nt_user_token);
return True;
}
const char *fname = "\\test.txt";
const char *fname1 = "\\test1.txt";
BOOL correct = True;
- int fnum1, fnum2;
+ int fnum1;
printf("starting rename test\n");
#ifdef WITH_FAKE_KASERVER
{"AFSKEY", net_afskey},
#endif
- {"PRIV", net_priv},
{"HELP", net_help},
{NULL, NULL}
struct cldap_netlogon_reply {
uint32 type;
uint32 flags;
- UUID_FLAT guid;
+ GUID guid;
char forest[MAX_DNS_LABEL];
char domain[MAX_DNS_LABEL];
reply->type = IVAL(p, 0); p += 4;
reply->flags = IVAL(p, 0); p += 4;
- memcpy(&reply->guid.info, p, UUID_FLAT_SIZE);
- p += UUID_FLAT_SIZE;
+ memcpy(&reply->guid.info, p, GUID_SIZE);
+ p += GUID_SIZE;
p += pull_netlogon_string(reply->forest, p, (const char *)os3.data);
p += pull_netlogon_string(reply->domain, p, (const char *)os3.data);
d_printf("0x%x\n", reply.type);
break;
}
- d_printf("GUID: %s\n",
- smb_uuid_string_static(smb_uuid_unpack_static(reply.guid)));
+ d_printf("GUID: ");
+ print_guid(&reply.guid);
d_printf("Flags:\n"
"\tIs a PDC: %s\n"
"\tIs a GC of the forest: %s\n"
return 0;
}
-static int net_groupmap_addmem(int argc, const char **argv)
-{
- DOM_SID alias, member;
- NTSTATUS result;
-
- if ( (argc != 2) ||
- !string_to_sid(&alias, argv[0]) ||
- !string_to_sid(&member, argv[1]) ) {
- d_printf("Usage: net groupmap addmem alias-sid member-sid\n");
- return -1;
- }
-
- if (!pdb_add_aliasmem(&alias, &member)) {
- d_printf("Could not add sid %s to alias %s: %s\n",
- argv[1], argv[0], nt_errstr(result));
- return -1;
- }
-
- return 0;
-}
-
-static int net_groupmap_delmem(int argc, const char **argv)
-{
- DOM_SID alias, member;
- NTSTATUS result;
-
- if ( (argc != 2) ||
- !string_to_sid(&alias, argv[0]) ||
- !string_to_sid(&member, argv[1]) ) {
- d_printf("Usage: net groupmap delmem alias-sid member-sid\n");
- return -1;
- }
-
- if (!pdb_del_aliasmem(&alias, &member)) {
- d_printf("Could not delete sid %s from alias %s: %s\n",
- argv[1], argv[0], nt_errstr(result));
- return -1;
- }
-
- return 0;
-}
-
-static int net_groupmap_listmem(int argc, const char **argv)
-{
- DOM_SID alias;
- DOM_SID *members;
- int i, num;
- NTSTATUS result;
-
- if ( (argc != 1) ||
- !string_to_sid(&alias, argv[0]) ) {
- d_printf("Usage: net groupmap listmem alias-sid\n");
- return -1;
- }
-
- if (!pdb_enum_aliasmem(&alias, &members, &num)) {
- d_printf("Could not list members for sid %s: %s\n",
- argv[0], nt_errstr(result));
- return -1;
- }
-
- for (i = 0; i < num; i++) {
- printf("%s\n", sid_string_static(&(members[i])));
- }
-
- SAFE_FREE(members);
-
- return 0;
-}
-
-static int net_groupmap_memberships(int argc, const char **argv)
-{
- DOM_SID member;
- DOM_SID *aliases;
- int i, num;
- NTSTATUS result;
-
- if ( (argc != 1) ||
- !string_to_sid(&member, argv[0]) ) {
- d_printf("Usage: net groupmap memberof sid\n");
- return -1;
- }
-
- if (!pdb_enum_alias_memberships(&member, &aliases, &num)) {
- d_printf("Could not list memberships for sid %s: %s\n",
- argv[0], nt_errstr(result));
- return -1;
- }
-
- for (i = 0; i < num; i++) {
- printf("%s\n", sid_string_static(&(aliases[i])));
- }
-
- SAFE_FREE(aliases);
-
- return 0;
-}
-
int net_help_groupmap(int argc, const char **argv)
{
d_printf("net groupmap add"\
"\n Update a group mapping\n");
d_printf("net groupmap delete"\
"\n Remove a group mapping\n");
- d_printf("net groupmap addmember"\
- "\n Add a foreign alias member\n");
- d_printf("net groupmap delmember"\
- "\n Delete a foreign alias member\n");
- d_printf("net groupmap listmembers"\
- "\n List foreign group members\n");
- d_printf("net groupmap memberships"\
- "\n List foreign group memberships\n");
d_printf("net groupmap list"\
"\n List current group map\n");
d_printf("net groupmap set"\
{"delete", net_groupmap_delete},
{"set", net_groupmap_set},
{"cleanup", net_groupmap_cleanup},
- {"addmem", net_groupmap_addmem},
- {"delmem", net_groupmap_delmem},
- {"listmem", net_groupmap_listmem},
- {"memberships", net_groupmap_memberships},
{"list", net_groupmap_list},
{"help", net_help_groupmap},
{NULL, NULL}
};
/* we shouldn't have silly checks like this */
-#if 0
if (getuid() != 0) {
d_printf("You must be root to edit group mappings.\nExiting...\n");
return -1;
}
-#endif
if ( argc )
return net_run_function(argc, argv, func, net_help_groupmap);
+++ /dev/null
-/*
- * Unix SMB/CIFS implementation.
- * RPC Pipe client / server routines
- * Copyright (C) Andrew Tridgell 1992-2000,
- * Copyright (C) Jean François Micouleau 1998-2001.
- * Copyright (C) Gerald Carter 2003.
- * Copyright (C) Simo Sorce 2003.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- */
-
-
-#include "includes.h"
-#include "../utils/net.h"
-
-extern PRIVS privs[];
-
-/*********************************************************
- utility function to parse an integer parameter from
- "parameter = value"
-**********************************************************/
-static uint32 get_int_param( const char* param )
-{
- char *p;
-
- p = strchr( param, '=' );
- if ( !p )
- return 0;
-
- return atoi(p+1);
-}
-
-/*********************************************************
- utility function to parse an integer parameter from
- "parameter = value"
-**********************************************************/
-static char* get_string_param( const char* param )
-{
- char *p;
-
- p = strchr( param, '=' );
- if ( !p )
- return NULL;
-
- return (p+1);
-}
-
-/*********************************************************
- Dump a GROUP_MAP entry to stdout (long or short listing)
-**********************************************************/
-
-static void print_priv_entry(const char *privname, const char *description, const char *sid_list)
-{
-
- if (!sid_list) {
- d_printf("Error getting privilege list!\n");
- return;
- }
-
- d_printf("%s\n", privname);
-
- if (description) {
- d_printf("\tdescription: %s\n", description);
- }
-
- d_printf("\tSIDS: %s\n", sid_list);
-}
-
-/*********************************************************
- List the groups.
-**********************************************************/
-static int net_priv_list(int argc, const char **argv)
-{
- fstring privname = "";
- fstring sid_string = "";
- int i;
-
- /* get the options */
- for ( i=0; i<argc; i++ ) {
- if (!StrnCaseCmp(argv[i], "privname", strlen("privname"))) {
- fstrcpy(privname, get_string_param(argv[i]));
- if (!privname[0]) {
- d_printf("must supply a name\n");
- return -1;
- }
- }
- else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
- fstrcpy(sid_string, get_string_param(argv[i]));
- if (!sid_string[0]) {
- d_printf("must supply a SID\n");
- return -1;
- }
- }
- else {
- d_printf("Bad option: %s\n", argv[i]);
- return -1;
- }
- }
-
- if (*sid_string) {
- /* list all privileges of a single sid */
-
- } else {
- char *sid_list = NULL;
-
- if (*privname) {
- const char *description = NULL;
-
- BOOL found = False;
-
- for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) {
- if (!StrCaseCmp(privs[i].priv, privname)) {
- description = privs[i].description;
- found = True;
- break;
- }
- }
- if (!found) {
- d_printf("No such privilege!\n");
- return -1;
- }
-
- /* Get the current privilege from the database */
- pdb_get_privilege_entry(privname, &sid_list);
- print_priv_entry(privname, description, sid_list);
-
- SAFE_FREE(sid_list);
-
- } else for (i=0; privs[i].se_priv != SE_ALL_PRIVS; i++) {
-
- if (!pdb_get_privilege_entry(privs[i].priv, &sid_list))
- continue;
-
- print_priv_entry(privs[i].priv, privs[i].description, sid_list);
-
- SAFE_FREE(sid_list);
- }
- }
-
- return 0;
-}
-
-/*********************************************************
- Add a sid to a privilege entry
-**********************************************************/
-
-static int net_priv_add(int argc, const char **argv)
-{
- DOM_SID sid;
- fstring privname = "";
- fstring sid_string = "";
- uint32 rid = 0;
- int i;
-
- /* get the options */
- for ( i=0; i<argc; i++ ) {
- if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) {
- rid = get_int_param(argv[i]);
- if (rid < DOMAIN_GROUP_RID_ADMINS) {
- d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
- return -1;
- }
- }
- else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) {
- BOOL found;
- int j;
-
- fstrcpy(privname, get_string_param(argv[i]));
- if (!privname[0]) {
- d_printf("must supply a name\n");
- return -1;
- }
- for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) {
- if (!StrCaseCmp(privs[j].priv, privname)) {
- found = True;
- break;
- }
- }
- if (!found) {
- d_printf("unknown privilege name");
- return -1;
- }
- }
- else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
- fstrcpy(sid_string, get_string_param(argv[i]));
- if (!sid_string[0]) {
- d_printf("must supply a SID\n");
- return -1;
- }
- }
- else {
- d_printf("Bad option: %s\n", argv[i]);
- return -1;
- }
- }
-
- if (!privname[0]) {
- d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
- return -1;
- }
-
- if ((rid == 0) && (sid_string[0] == '\0')) {
- d_printf("No rid or sid specified\n");
- d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
- return -1;
- }
-
- /* append the rid to our own domain/machine SID if we don't have a full SID */
- if (!sid_string[0]) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
- sid_to_string(sid_string, &sid);
- }
-
- if (!pdb_add_sid_to_privilege(privname, &sid)) {
- d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname);
- return -1;
- }
-
- d_printf("Successully added SID %s to privilege %s\n", sid_string, privname);
- return 0;
-}
-
-/*********************************************************
- Remove a SID froma privilege entry
-**********************************************************/
-
-static int net_priv_remove(int argc, const char **argv)
-{
- DOM_SID sid;
- fstring privname = "";
- fstring sid_string = "";
- uint32 rid = 0;
- int i;
-
- /* get the options */
- for ( i=0; i<argc; i++ ) {
- if (!StrnCaseCmp(argv[i], "rid", strlen("rid"))) {
- rid = get_int_param(argv[i]);
- if (rid < DOMAIN_GROUP_RID_ADMINS) {
- d_printf("RID must be greater than %d\n", (uint32)DOMAIN_GROUP_RID_ADMINS-1);
- return -1;
- }
- }
- else if (!StrnCaseCmp(argv[i], "privilege", strlen("privilege"))) {
- BOOL found;
- int j;
-
- fstrcpy(privname, get_string_param(argv[i]));
- if (!privname[0]) {
- d_printf("must supply a name\n");
- return -1;
- }
- for (j=0; privs[j].se_priv != SE_ALL_PRIVS; j++) {
- if (!StrCaseCmp(privs[j].priv, privname)) {
- found = True;
- break;
- }
- }
- if (!found) {
- d_printf("unknown privilege name");
- return -1;
- }
- }
- else if (!StrnCaseCmp(argv[i], "sid", strlen("sid"))) {
- fstrcpy(sid_string, get_string_param(argv[i]));
- if (!sid_string[0]) {
- d_printf("must supply a SID\n");
- return -1;
- }
- }
- else {
- d_printf("Bad option: %s\n", argv[i]);
- return -1;
- }
- }
-
- if (!privname[0]) {
- d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
- return -1;
- }
-
- if ((rid == 0) && (sid_string[0] == '\0')) {
- d_printf("No rid or sid specified\n");
- d_printf("Usage: net print add {rid=<int>|sid=<string>} privilege=<string>\n");
- return -1;
- }
-
- /* append the rid to our own domain/machine SID if we don't have a full SID */
- if (!sid_string[0]) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
- sid_to_string(sid_string, &sid);
- }
-
- if (!pdb_remove_sid_from_privilege(privname, &sid)) {
- d_printf("adding sid %s to privilege %s failed!\n", sid_string, privname);
- return -1;
- }
-
- d_printf("Successully removed SID %s from privilege %s\n", sid_string, privname);
- return 0;
-}
-
-int net_help_priv(int argc, const char **argv)
-{
- d_printf("net priv add sid\n" \
- " Add sid to privilege\n");
- d_printf("net priv remove sid\n"\
- " Remove sid from privilege\n");
- d_printf("net priv list\n"\
- " List sids per privilege\n");
-
- return -1;
-}
-
-
-/***********************************************************
- migrated functionality from smbgroupedit
- **********************************************************/
-int net_priv(int argc, const char **argv)
-{
- struct functable func[] = {
- {"add", net_priv_add},
- {"remove", net_priv_remove},
- {"list", net_priv_list},
- {"help", net_help_priv},
- {NULL, NULL}
- };
-
- /* we shouldn't have silly checks like this */
- if (getuid() != 0) {
- d_printf("You must be root to edit privilege mappings.\nExiting...\n");
- return -1;
- }
-
- if ( argc )
- return net_run_function(argc, argv, func, net_help_priv);
-
- return net_help_priv(argc, argv);
-}
-
#define BIT_EXPORT 0x02000000
#define BIT_FIX_INIT 0x04000000
#define BIT_BADPWRESET 0x08000000
-#define BIT_TRUSTDOM 0x10000000
-#define BIT_TRUSTPW 0x20000000
-#define BIT_TRUSTSID 0x40000000
-#define BIT_TRUSTFLAGS 0x80000000
#define MASK_ALWAYS_GOOD 0x0000001F
#define MASK_USER_GOOD 0x00401F00
return ret;
}
-
-
-/**
- * Trust password flag name to flag conversion
- *
- * @param flag_name SAM_TRUST_PASSWD structure flag name
- * @return flag value
- **/
-
-static int trustpw_flag(const char* flag_name)
-{
- const int flag_num = 5;
- typedef struct { const char *name; int val; } flag_conv;
- flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT },
- { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT },
- { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT },
- { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS },
- { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }};
- int i;
-
- for (i = 0; i < flag_num; i++) {
- if (!StrCaseCmp(flags[i].name, flag_name)) {
- return flags[i].val;
- }
- }
-
- return 0;
-}
-
-
-/**
- * Trust password flag to flag name conversion
- *
- * @param val SAM_TRUST_PASSWD structure flag
- * @return passed flag name
- **/
-
-static char* trustpw_flag_name(const int val)
-{
- const int flag_num = 5;
- typedef struct { const char *name; int val; } flag_conv;
- flag_conv flags[] = {{ "PASS_MACHINE_TRUST_NT", PASS_MACHINE_TRUST_NT },
- { "PASS_SERVER_TRUST_NT", PASS_SERVER_TRUST_NT },
- { "PASS_DOMAIN_TRUST_NT", PASS_DOMAIN_TRUST_NT },
- { "PASS_MACHINE_TRUST_ADS",PASS_MACHINE_TRUST_ADS },
- { "PASS_DOMAIN_TRUST_ADS", PASS_DOMAIN_TRUST_ADS }};
- int i;
-
- for (i = 0; i < flag_num; i++) {
- if (flags[i].val == val) {
- return strdup(flags[i].name);
- }
- }
-
- return strdup("unknown flag");
-}
-
-
-/**
- * Print trust password structure information
- *
- * @param mem_ctx memory context (for unicode name conversion)
- * @param trust SAM_TRUST_PASSWD structure
- * @param verbose verbose mode on/off
- * @return 0 on success, otherwise failure
- **/
-
-static int print_trustpw_info(TALLOC_CTX *mem_ctx, SAM_TRUST_PASSWD *trust, BOOL verbose)
-{
- char *dom_name;
- if (!mem_ctx || !trust) return -1;
-
- /* convert unicode domain name to char* */
- if (!pull_ucs2_talloc(mem_ctx, &dom_name, trust->private.uni_name)) return -1;
- dom_name[trust->private.uni_name_len] = 0;
-
- /* different output depending on level of verbosity */
- if (verbose) {
- printf("Domain name: %s\n", dom_name);
- printf("Domain SID: %s\n", sid_string_static(&trust->private.domain_sid));
- printf("Trust password %s\n", trust->private.pass);
- printf("Trust type: %s\n", trustpw_flag_name(trust->private.flags));
- printf("Last modified %s\n", trust->private.mod_time ? http_timestring(trust->private.mod_time) : "0");
-
- } else {
- printf("%s:%s\n", dom_name, sid_string_static(&trust->private.domain_sid));
- }
-
- return 0;
-}
-
-
-/**
- * Print trust password information by given name
- *
- * @param in initialised pdb_context
- * @param name domain name of the trust password
- * @param verbose verbose mode on/off
- * @param smbpwdstyle smbpassword-style output (ignored here)
- * @return 0 on success, otherwise failure
- **/
-
-static int print_trust_info(struct pdb_context *in, const char *name, BOOL verbose, BOOL smbpwdstyle)
-{
- SAM_TRUST_PASSWD trust;
- TALLOC_CTX *mem_ctx = NULL;
-
- mem_ctx = talloc_init("pdbedit: trust passwords listing");
-
- if (NT_STATUS_IS_OK(in->pdb_gettrustpwnam(in, &trust, name))) {
- return print_trustpw_info(mem_ctx, &trust, verbose);
- }
-
- return -1;
-}
/*********************************************************
List Users
return 0;
}
-
-/**
- * List trust passwords
- *
- * @param in initialised pdb context
- * @param verbose turn on/off verbose mode
- * @param smbpwdstyle ignored here (there was no trust passwords in smbpasswd file)
- * @return 0 on success, otherwise failure
- **/
-
-static int print_trustpw_list(struct pdb_context *in, BOOL verbose, BOOL smbpwdstyle)
-{
- SAM_TRUST_PASSWD trust;
- TALLOC_CTX *mem_ctx = NULL;
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
-
- /* start enumeration and initialise memory context */
- status = in->pdb_settrustpwent(in);
- if (NT_STATUS_IS_ERR(status)) return -1;
- mem_ctx = talloc_init("pdbedit: trust passwords listing");
-
- /* small separation to make it clear these are not regular accounts */
- if (!verbose) printf("---\n");
-
- do {
- /* fetch next trust password */
- status = in->pdb_gettrustpwent(in, &trust);
-
- if (trust.private.uni_name_len) {
- /* print trust password info */
- if (verbose) printf ("---------------\n");
- print_trustpw_info(mem_ctx, &trust, verbose);
- }
-
- } while (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES) || NT_STATUS_EQUAL(status, NT_STATUS_OK));
-
- talloc_destroy(mem_ctx);
- return 0;
-}
-
-
/*********************************************************
Fix a list of Users for uninitialised passwords
**********************************************************/
return 0;
}
-
-/**
- * Add new trusting domain account
- *
- * @param in initialised pdb_context
- * @param dom_name trusted domain name given in command line
- *
- * @return 0 on success, -1 otherwise
- **/
-
-static int new_trustdom(struct pdb_context *in, const char *dom_name)
-{
- /* TODO */
- return -1;
-}
-
-
-/**
- * Add new trust relationship password
- *
- * @param in initialised pdb_context
- * @param dom_name trusting domain name given in command line
- * @param dom_sid domain sid given in command line
- * @param flag trust password type flag given in command line
- *
- * @return 0 on success, -1 otherwise
- **/
-
-static int new_trustpw(struct pdb_context *in, const char *dom_name,
- const char *dom_sid, const char* flag)
-{
- TALLOC_CTX *mem_ctx = NULL;
- SAM_TRUST_PASSWD trust;
- NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL;
- POLICY_HND connect_hnd;
- DOM_SID *domain_sid = NULL;
- smb_ucs2_t *uni_name = NULL;
- char *givenpass, *domain_name = NULL;
- struct in_addr srv_ip;
- fstring srv_name, myname;
- struct cli_state *cli;
- time_t lct;
-
- if (!dom_name) return -1;
-
- mem_ctx = talloc_init("pdbedit: adding new trust password");
-
- /* unicode name */
- trust.private.uni_name_len = strnlen(dom_name, 32);
- push_ucs2_talloc(mem_ctx, &uni_name, dom_name);
- strncpy_w(trust.private.uni_name, uni_name, 32);
-
- /* flags */
- trust.private.flags = trustpw_flag(flag);
-
- /* trusting SID */
- if (!dom_sid) {
- /* if sid is not specified in command line, do our best
- to establish it */
-
- /* find domain PDC */
- if (!get_pdc_ip(dom_name, &srv_ip))
- return -1;
- if (is_zero_ip(srv_ip))
- return -1;
- if (!name_status_find(dom_name, 0x1b, 0x20, srv_ip, srv_name))
- return -1;
-
- get_myname(myname);
-
- /* Connect the domain pdc... */
- nt_status = cli_full_connection(&cli, myname, srv_name, &srv_ip, 139,
- "IPC$", "IPC", "", "", "", 0, Undefined, NULL);
- if (NT_STATUS_IS_ERR(nt_status))
- return -1;
- if (!cli_nt_session_open(cli, PI_LSARPC))
- return -1;
-
- /* ...and query the domain sid */
- nt_status = cli_lsa_open_policy2(cli, mem_ctx, True, SEC_RIGHTS_QUERY_VALUE,
- &connect_hnd);
- if (NT_STATUS_IS_ERR(nt_status)) return -1;
-
- nt_status = cli_lsa_query_info_policy(cli, mem_ctx, &connect_hnd,
- 5, &domain_name, &domain_sid);
- if (NT_STATUS_IS_ERR(nt_status)) return -1;
-
- nt_status = cli_lsa_close(cli, mem_ctx, &connect_hnd);
- if (NT_STATUS_IS_ERR(nt_status)) return -1;
-
- cli_nt_session_close(cli);
- cli_shutdown(cli);
-
- /* copying sid to trust password structure */
- sid_copy(&trust.private.domain_sid, domain_sid);
-
- } else {
- if (!string_to_sid(&trust.private.domain_sid, dom_sid)) {
- printf("Error: wrong SID specified !\n");
- return -1;
- }
- }
-
- /* password */
- givenpass = getpass("password:");
- memset(trust.private.pass, '\0', FSTRING_LEN);
- strncpy(trust.private.pass, givenpass, FSTRING_LEN);
-
- /* last change time */
- lct = time(NULL);
- trust.private.mod_time = lct;
-
- /* store trust password in passdb */
- nt_status = in->pdb_add_trust_passwd(in, &trust);
-
- talloc_destroy(mem_ctx);
- if (NT_STATUS_IS_OK(nt_status))
- return 0;
-
- return -1;
-}
-
-
/*********************************************************
Delete user entry
**********************************************************/
static BOOL verbose = False;
static BOOL spstyle = False;
static BOOL machine = False;
- static BOOL trustdom = False;
static BOOL add_user = False;
static BOOL delete_user = False;
static BOOL modify_user = False;
static long int account_policy_value = 0;
BOOL account_policy_value_set = False;
static BOOL badpw_reset = False;
- /* trust password parameters */
- static char *trustpw = NULL;
- static char *trustsid = NULL;
- static char *trustflags = NULL;
struct pdb_context *bin;
struct pdb_context *bout;
{"group SID", 'G', POPT_ARG_STRING, &group_sid, 0, "set group SID or RID", NULL},
{"create", 'a', POPT_ARG_NONE, &add_user, 0, "create user", NULL},
{"modify", 'r', POPT_ARG_NONE, &modify_user, 0, "modify user", NULL},
- {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL},
{"machine", 'm', POPT_ARG_NONE, &machine, 0, "account is a machine account", NULL},
- {"trustdom", 'I', POPT_ARG_NONE, &trustdom, 0, "account is a domain trust account", NULL},
- {"trustpw", 'N', POPT_ARG_STRING, &trustpw, 0, "trust password's domain name", NULL},
- {"trustsid", 'T', POPT_ARG_STRING, &trustsid, 0, "trust password's domain sid", NULL},
- {"trustflags", 'F', POPT_ARG_STRING, &trustflags, 0, "trust password flags", NULL},
+ {"delete", 'x', POPT_ARG_NONE, &delete_user, 0, "delete user", NULL},
{"backend", 'b', POPT_ARG_STRING, &backend, 0, "use different passdb backend as default backend", NULL},
{"import", 'i', POPT_ARG_STRING, &backend_in, 0, "import user accounts from this backend", NULL},
{"export", 'e', POPT_ARG_STRING, &backend_out, 0, "export user accounts to this backend", NULL},
(logon_script ? BIT_LOGSCRIPT : 0) +
(profile_path ? BIT_PROFILE : 0) +
(machine ? BIT_MACHINE : 0) +
- (trustdom ? BIT_TRUSTDOM : 0) +
- (trustpw ? BIT_TRUSTPW : 0) +
- (trustsid ? BIT_TRUSTSID : 0) +
- (trustflags ? BIT_TRUSTFLAGS : 0) +
(user_name ? BIT_USER : 0) +
(list_users ? BIT_LIST : 0) +
(force_initialised_password ? BIT_FIX_INIT : 0) +
/* list users operations */
if (checkparms & BIT_LIST) {
if (!(checkparms & ~BIT_LIST)) {
- print_users_list (bdef, verbose, spstyle);
- return print_trustpw_list(bdef, verbose, spstyle);
+ return print_users_list (bdef, verbose, spstyle);
}
if (!(checkparms & ~(BIT_USER + BIT_LIST))) {
return print_user_info (bdef, user_name, verbose, spstyle);
-
- } else if (!(checkparms & ~(BIT_TRUSTPW + BIT_LIST))) {
- return print_trust_info(bdef, trustpw, verbose, spstyle);
}
}
/* account operation */
if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) {
/* check use of -u option */
- if (!(checkparms & (BIT_USER + BIT_TRUSTPW))) {
+ if (!(checkparms & BIT_USER)) {
fprintf (stderr, "Username not specified! (use -u option)\n");
return -1;
}
/* account creation operations */
- if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE + BIT_TRUSTDOM))) {
- /* machine trust account */
+ if (!(checkparms & ~(BIT_CREATE + BIT_USER + BIT_MACHINE))) {
if (checkparms & BIT_MACHINE) {
return new_machine (bdef, user_name);
- /* interdomain trust account */
- } else if (checkparms & BIT_TRUSTDOM) {
- return new_trustdom(bdef, user_name);
-
- /* ordinary user account */
} else {
return new_user (bdef, user_name, full_name, home_dir,
home_drive, logon_script,
}
}
- /* trust password operation */
- if ((checkparms & BIT_CREATE) || (checkparms & BIT_MODIFY) || (checkparms & BIT_DELETE)) {
- /* trust password creation */
- if (!(checkparms & ~(BIT_CREATE + BIT_TRUSTPW + BIT_TRUSTSID + BIT_TRUSTFLAGS))) {
- return new_trustpw(bdef, trustpw, trustsid, trustflags);
- }
- }
-
-
if (setparms >= 0x20) {
fprintf (stderr, "Incompatible or insufficient options on command line!\n");
}
return 1;
}
-
read only = no
[samba]
- path = BUILD_FARM/samba
+ path = BUILD_FARM/samba_3_0
read only = yes
comment = Samba HEAD Sources
git.samba.org / samba.git / commitdiff