#ifndef _GUMS_H
#define _GUMS_H
-#define GUMS_VERSION_MAJOR 0
-#define GUMS_VERSION_MINOR 1
+#define GUMS_VERSION_MAJOR 0
+#define GUMS_VERSION_MINOR 1
#define GUMS_OBJECT_VERSION 1
#define GUMS_OBJ_DOMAIN 1
} GUMS_GROUP;
+typedef struct gums_domain
+{
+ uint32 next_rid;
+
+} GUMS_DOMAIN;
+
union gums_obj_p {
- gums_user *user;
- gums_group *group;
-}
+ GUMS_USER *user;
+ GUMS_GROUP *group;
+ GUMS_DOMAIN *domain;
+};
typedef struct gums_object
{
DOM_SID sid; /* Object Sid */
uint32 count; /* number of changes */
GUMS_DATA_SET **data;
+
} GUMS_COMMIT_SET;
typedef struct gums_privilege
NTSTATUS (*delete_object) (const DOM_SID *sid);
NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
+ NTSTATUS (*get_object_from_name) (GUMS_OBJECT **object, const char *name, const int onj_type);
/* This function is used to get the list of all objects changed since b_time, it is
used to support PDC<->BDC synchronization */
NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
NTSTATUS (*set_object) (const GUMS_OBJECT *object);
/* set object values function */
- NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET *data_set);
+ NTSTATUS (*set_object_values) (DOM_SID *sid, uint32 count, GUMS_DATA_SET **data_set);
/* Group related functions */
- NTSTATUS (*add_memberss_to_group) (const DOM_SID *group, const DOM_SID **members);
+ NTSTATUS (*add_members_to_group) (const DOM_SID *group, const DOM_SID **members);
NTSTATUS (*delete_members_from_group) (const DOM_SID *group, const DOM_SID **members);
NTSTATUS (*enumerate_group_members) (DOM_SID **members, const DOM_SID *sid, const int type);
NTSTATUS (*delete_members_from_privilege) (const LUID_ATTR *priv, const DOM_SID **members);
NTSTATUS (*enumerate_privilege_members) (DOM_SID **members, const LUID_ATTR *priv);
NTSTATUS (*get_sid_privileges) (DOM_SID **privs, const DOM_SID *sid);
+
/* warning!: set_privilege will overwrite a prior existing privilege if such exist */
NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
} GUMS_FUNCTIONS;
/* define value types */
+#define GUMS_SET_PRIMARY_GROUP 0x1
+#define GUMS_SET_SEC_DESC 0x2
-#define GUMS_SET_PRIMARY_GROUP 1
-#define GUMS_SET_SEC_DESC 2
+#define GUMS_SET_NAME 0x10
+#define GUMS_SET_DESCRIPTION 0x11
+#define GUMS_SET_FULL_NAME 0x12
/* user specific type values */
-#define GUMS_SET_LOGON_TIME 10 /* keep NTTIME consecutive */
-#define GUMS_SET_LOGOFF_TIME 11 /* too ease checking */
-#define GUMS_SET_KICKOFF_TIME 13
-#define GUMS_SET_PASS_LAST_SET_TIME 14
-#define GUMS_SET_PASS_CAN_CHANGE_TIME 15
-#define GUMS_SET_PASS_MUST_CHANGE_TIME 16 /* NTTIME end */
-
-#define GUMS_SET_NAME 20 /* keep strings consecutive */
-#define GUMS_SET_DESCRIPTION 21 /* too ease checking */
-#define GUMS_SET_FULL_NAME 22
-#define GUMS_SET_HOME_DIRECTORY 23
-#define GUMS_SET_DRIVE 24
-#define GUMS_SET_LOGON_SCRIPT 25
-#define GUMS_SET_PROFILE_PATH 26
-#define GUMS_SET_WORKSTATIONS 27
-#define GUMS_SET_UNKNOWN_STRING 28
-#define GUMS_SET_MUNGED_DIAL 29 /* strings end */
-
-#define GUMS_SET_LM_PASSWORD 40
-#define GUMS_SET_NT_PASSWORD 41
-#define GUMS_SET_PLAINTEXT_PASSWORD 42
-#define GUMS_SET_UNKNOWN_3 43
-#define GUMS_SET_LOGON_DIVS 44
-#define GUMS_SET_HOURS_LEN 45
-#define GUMS_SET_HOURS 46
-#define GUMS_SET_UNKNOWN_5 47
-#define GUMS_SET_UNKNOWN_6 48
-
-#define GUMS_SET_MUST_CHANGE_PASS 50
-#define GUMS_SET_CANNOT_CHANGE_PASS 51
-#define GUMS_SET_PASS_NEVER_EXPIRE 52
-#define GUMS_SET_ACCOUNT_DISABLED 53
-#define GUMS_SET_ACCOUNT_LOCKOUT 54
+#define GUMS_SET_LOGON_TIME 0x20
+#define GUMS_SET_LOGOFF_TIME 0x21
+#define GUMS_SET_KICKOFF_TIME 0x23
+#define GUMS_SET_PASS_LAST_SET_TIME 0x24
+#define GUMS_SET_PASS_CAN_CHANGE_TIME 0x25
+#define GUMS_SET_PASS_MUST_CHANGE_TIME 0x26
+
+
+#define GUMS_SET_HOME_DIRECTORY 0x31
+#define GUMS_SET_DRIVE 0x32
+#define GUMS_SET_LOGON_SCRIPT 0x33
+#define GUMS_SET_PROFILE_PATH 0x34
+#define GUMS_SET_WORKSTATIONS 0x35
+#define GUMS_SET_UNKNOWN_STRING 0x36
+#define GUMS_SET_MUNGED_DIAL 0x37
+
+#define GUMS_SET_LM_PASSWORD 0x40
+#define GUMS_SET_NT_PASSWORD 0x41
+#define GUMS_SET_PLAINTEXT_PASSWORD 0x42
+#define GUMS_SET_UNKNOWN_3 0x43
+#define GUMS_SET_LOGON_DIVS 0x44
+#define GUMS_SET_HOURS_LEN 0x45
+#define GUMS_SET_HOURS 0x46
+#define GUMS_SET_UNKNOWN_5 0x47
+#define GUMS_SET_UNKNOWN_6 0x48
+
+#define GUMS_SET_MUST_CHANGE_PASS 0x50
+#define GUMS_SET_CANNOT_CHANGE_PASS 0x51
+#define GUMS_SET_PASS_NEVER_EXPIRE 0x52
+#define GUMS_SET_ACCOUNT_DISABLED 0x53
+#define GUMS_SET_ACCOUNT_LOCKOUT 0x54
/*group specific type values */
-#define GUMS_ADD_SID_LIST 60
-#define GUMS_DEL_SID_LIST 61
-#define GUMS_SET_SID_LIST 62
+#define GUMS_ADD_SID_LIST 0x60
+#define GUMS_DEL_SID_LIST 0x61
+#define GUMS_SET_SID_LIST 0x62
#endif /* _GUMS_H */
#include "sam.h"
+#include "gums.h"
+
#include "session.h"
#include "asn_1.h"
* Mass Ave, Cambridge, MA 02139, USA.
*/
-
/* ALL strings assumes UTF8 as encoding */
GENSTRUCT struct tdbsam2_domain_data {
uint32 xcounter; /* counter to be updated at any change */
SEC_DESC *sec_desc; /* Security Descriptor */
- DOM_SID *user_sid; /* The User SID */
- char *name; _NULLTERM /* NT User Name */
+ DOM_SID *dom_sid; /* The Domain SID */
+ char *name; _NULLTERM /* NT Domain Name */
char *description; _NULLTERM /* Descritpion (Gecos) */
+
+ uint32 next_rid; /* The Next free RID */
};
GENSTRUCT struct tdbsam2_user_data {
uint32 unknown_3; /* 0x00ff ffff */
uint32 unknown_5; /* 0x0002 0000 */
uint32 unknown_6; /* 0x0000 04ec */
-};
+};
GENSTRUCT struct tdbsam2_group_data {
uint32 xcounter; /* counter to be updated at any change */
SEC_DESC *sec_desc; /* Security Descriptor */
DOM_SID *group_sid; /* The Group SID */
- char *name; _NULLTERM /* NT User Name */
+ char *name; _NULLTERM /* NT Group Name */
char *description; _NULLTERM /* Descritpion (Gecos) */
uint32 count; /* number of sids */
d_printf("%02x", guid->info[i]);
d_printf("\n");
}
+
+/*******************************************************************
+ Tallocs a duplicate SID.
+********************************************************************/
+
+DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
+{
+ DOM_SID *dst;
+
+ if(!src)
+ return NULL;
+
+ if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
+ sid_copy( dst, src);
+ }
+
+ return dst;
+}
return(return_sdb);
}
-/*******************************************************************
- Tallocs a duplicate SID.
-********************************************************************/
-
-static DOM_SID *sid_dup_talloc(TALLOC_CTX *ctx, DOM_SID *src)
-{
- DOM_SID *dst;
-
- if(!src)
- return NULL;
-
- if((dst = talloc_zero(ctx, sizeof(DOM_SID))) != NULL) {
- sid_copy( dst, src);
- }
-
- return dst;
-}
-
/*******************************************************************
Creates a SEC_DESC structure
********************************************************************/
*/
#include "includes.h"
-#include "gums.h"
#include "tdbsam2.h"
#include "tdbsam2_parse_info.h"
#undef DBGC_CLASS
#define DBGC_CLASS tdbgumm_debug_level
-#define TDBSAM_VERSION "20021215"
+#define TDBSAM_VERSION 20021215
#define TDB_FILE_NAME "tdbsam2.tdb"
-#define DOMAINPREFIX "DOMAIN_"
-#define OBJECTPREFIX "OBJECT_"
+#define NAMEPREFIX "NAME_"
#define SIDPREFIX "SID_"
#define PRIVILEGEPREFIX "PRIV_"
#define TDB_FORMAT_STRING "ddB"
+#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
+#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0)
+
+struct tdbsam2_enum_objs {
+ uint32 type;
+ fstring dom_sid;
+ TDB_CONTEXT *db;
+ TDB_DATA key;
+ struct tdbsam2_enum_objs *next;
+};
+
union tdbsam2_data {
struct tdbsam2_domain_data *domain;
struct tdbsam2_user_data *user;
struct tdbsam2_object {
uint32 type;
+ uint32 version;
union tdbsam2_data data;
};
static TDB_CONTEXT *tdbsam2_db;
-#define TALLOC_CHECK(ptr, err, label) do { if ((ptr) == NULL) { DEBUG(0, ("%s: Out of memory!\n", __FUNCTION__)); err = NT_STATUS_NO_MEMORY; goto label; } } while(0)
-#define SET_OR_FAIL(func, label) do { if (NT_STATUS_IS_ERR(func)) { DEBUG(0, ("%s: Setting gums object data failed!\n", __FUNCTION__)); goto label; } } while(0)
+struct tdbsam2_enum_objs **teo_handlers;
+
+static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size)
+{
+
+ NTSTATUS ret = NT_STATUS_UNSUCCESSFUL;
+ int iret;
+ char *obj_data;
+ int data_size = 0;
+ int len;
+
+ len = tdb_unpack (buffer, size, TDB_FORMAT_STRING,
+ &(object->version),
+ &(object->type),
+ &data_size, &obj_data);
+
+ if (len == -1)
+ goto done;
+
+ /* version is checked inside this function so that backward compatibility code can be
+ called eventually.
+ this way we can easily handle database format upgrades */
+ if (object->version != TDBSAM_VERSION) {
+ DEBUG(3,("init_tdbsam2_object_from_buffer: Error, db object has wrong tdbsam version!\n"));
+ goto done;
+ }
+
+ /* be sure the string is terminated before trying to parse it */
+ if (obj_data[data_size - 1] != '\0')
+ obj_data[data_size - 1] = '\0';
+
+ switch (object->type) {
+ case GUMS_OBJ_DOMAIN:
+ object->data.domain = (struct tdbsam2_domain_data *)talloc(mem_ctx, sizeof(struct tdbsam2_domain_data));
+ TALLOC_CHECK(object->data.domain, ret, done);
+ memset(object->data.domain, 0, sizeof(struct tdbsam2_domain_data));
+
+ iret = gen_parse(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), obj_data);
+ break;
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ object->data.group = (struct tdbsam2_group_data *)talloc(mem_ctx, sizeof(struct tdbsam2_group_data));
+ TALLOC_CHECK(object->data.group, ret, done);
+ memset(object->data.group, 0, sizeof(struct tdbsam2_group_data));
+
+ iret = gen_parse(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), obj_data);
+ break;
+ case GUMS_OBJ_NORMAL_USER:
+ object->data.user = (struct tdbsam2_user_data *)talloc(mem_ctx, sizeof(struct tdbsam2_user_data));
+ TALLOC_CHECK(object->data.user, ret, done);
+ memset(object->data.user, 0, sizeof(struct tdbsam2_user_data));
-static NTSTATUS init_tdbsam2_object_from_buffer(struct tdbsam2_object *object, TALLOC_CTX *mem_ctx, char *buffer, int size) {
+ iret = gen_parse(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), obj_data);
+ break;
+ default:
+ DEBUG(3,("init_tdbsam2_object_from_buffer: Error, wrong object type number!\n"));
+ goto done;
+ }
+
+ if (iret != 0) {
+ DEBUG(0,("init_tdbsam2_object_from_buffer: Fatal Error! Unable to parse object!\n"));
+ DEBUG(0,("init_tdbsam2_object_from_buffer: DB Corrupted ?"));
+ goto done;
+ }
+
+ ret = NT_STATUS_OK;
+done:
+ SAFE_FREE(obj_data);
+ return ret;
+}
+
+static NTSTATUS init_buffer_from_tdbsam2_object(char **buffer, size_t *len, TALLOC_CTX *mem_ctx, struct tdbsam2_object *object)
+{
+
+ NTSTATUS ret;
+ char *buf1 = NULL;
+ size_t buflen;
+
+ if (!buffer)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ switch (object->type) {
+ case GUMS_OBJ_DOMAIN:
+ buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_domain_data, (char *)(object->data.domain), 0);
+ break;
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_group_data, (char *)(object->data.group), 0);
+ break;
+ case GUMS_OBJ_NORMAL_USER:
+ buf1 = gen_dump(mem_ctx, pinfo_tdbsam2_user_data, (char *)(object->data.user), 0);
+ break;
+ default:
+ DEBUG(3,("init_buffer_from_tdbsam2_object: Error, wrong object type number!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (buf1 == NULL) {
+ DEBUG(0, ("init_buffer_from_tdbsam2_object: Fatal Error! Unable to dump object!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ buflen = tdb_pack(NULL, 0, TDB_FORMAT_STRING,
+ TDBSAM_VERSION,
+ object->type,
+ strlen(buf1) + 1, buf1);
+
+ *buffer = talloc(mem_ctx, buflen);
+ TALLOC_CHECK(*buffer, ret, done);
+
+ *len = tdb_pack(*buffer, buflen, TDB_FORMAT_STRING,
+ TDBSAM_VERSION,
+ object->type,
+ strlen(buf1) + 1, buf1);
+
+ if (*len != buflen) {
+ DEBUG(0, ("init_tdb_data_from_tdbsam2_object: somthing odd is going on here: bufflen (%d) != len (%d) in tdb_pack operations!\n",
+ buflen, *len));
+ *buffer = NULL;
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ ret = NT_STATUS_OK;
+done:
+ return ret;
+}
+
+static NTSTATUS opentdb(void)
+{
+ if (!tdbsam2_db) {
+ pstring tdbfile;
+ get_private_directory(tdbfile);
+ pstrcat(tdbfile, "/");
+ pstrcat(tdbfile, TDB_FILE_NAME);
+
+ tdbsam2_db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDWR | O_CREAT, 0600);
+ if (!tdbsam2_db)
+ {
+ DEBUG(0, ("opentdb: Unable to open database (%s)!\n", tdbfile));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
return NT_STATUS_OK;
}
-static NTSTATUS tdbsam2_opentdb(void) {
+static NTSTATUS get_object_by_sid(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const DOM_SID *sid)
+{
+ NTSTATUS ret;
+ TDB_DATA data, key;
+ fstring keystr;
+
+ if (!obj || !mem_ctx || !sid)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
+ return ret;
+ }
+
+ slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
+ data = tdb_fetch(tdbsam2_db, key);
+ if (!data.dptr) {
+ DEBUG(5, ("get_object_by_sid: Error fetching database, domain entry not found!\n"));
+ DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
+ DEBUGADD(5, (" Key: %s\n", keystr));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
+ SAFE_FREE(data.dptr);
+ DEBUG(0, ("get_object_by_sid: Error fetching database, malformed entry!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ SAFE_FREE(data.dptr);
return NT_STATUS_OK;
+
}
-static NTSTATUS tdbsam2_get_object_by_name(struct tdbsam2_object *obj, TALLOC_CTX *mem_ctx, const char* name) {
+static NTSTATUS get_object_by_name(TALLOC_CTX *mem_ctx, struct tdbsam2_object *obj, const char* name)
+{
NTSTATUS ret;
TDB_DATA data, key;
fstring keystr;
fstring objname;
+ DOM_SID sid;
+ char *obj_sidstr;
+ int obj_version, obj_type, obj_sidstr_len, len;
if (!obj || !mem_ctx || !name)
return NT_STATUS_INVALID_PARAMETER;
- if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
- goto done;
- }
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
+ return ret;
}
unix_strlower(name, -1, objname, sizeof(objname));
- slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, objname);
+ slprintf(keystr, sizeof(keystr)-1, "%s%s", NAMEPREFIX, objname);
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch(tdbsam2_db, key);
if (!data.dptr) {
- DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
+ DEBUG(5, ("get_object_by_name: Error fetching database, domain entry not found!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
+ return NT_STATUS_UNSUCCESSFUL;
}
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
+ len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
+ &obj_version,
+ &obj_type,
+ &obj_sidstr_len, &obj_sidstr);
+
SAFE_FREE(data.dptr);
- ret = NT_STATUS_OK;
+ if (len == -1 || obj_version != TDBSAM_VERSION || obj_sidstr_len <= 0) {
+ DEBUG(5, ("get_object_by_name: Error unpacking database object!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
-done:
- return ret;
+ if (!string_to_sid(&sid, obj_sidstr)) {
+ DEBUG(5, ("get_object_by_name: Error invalid sid string found in database object!\n"));
+ SAFE_FREE(obj_sidstr);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ SAFE_FREE(obj_sidstr);
+
+ return get_object_by_sid(mem_ctx, obj, &sid);
}
-
-static NTSTATUS tdbsam2_store(struct tdbsam2_object *object) {
+static NTSTATUS store_object(TALLOC_CTX *mem_ctx, struct tdbsam2_object *object, BOOL new_obj)
+{
NTSTATUS ret;
+ TDB_DATA data, key, key2;
+ fstring keystr;
+ fstring namestr;
+ int flag, r;
+
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
+ return ret;
+ }
+
+ if (new_obj) {
+ flag = TDB_INSERT;
+ } else {
+ flag = TDB_MODIFY;
+ }
+
+ ret = init_buffer_from_tdbsam2_object(&(data.dptr), &(data.dsize), mem_ctx, object);
+ if (NT_STATUS_IS_ERR(ret))
+ return ret;
+
+ switch (object->type) {
+ case GUMS_OBJ_DOMAIN:
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.domain->dom_sid));
+ slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.domain->name);
+ break;
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.group->group_sid));
+ slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.group->name);
+ break;
+ case GUMS_OBJ_NORMAL_USER:
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", SIDPREFIX, sid_string_static(object->data.user->user_sid));
+ slprintf(namestr, sizeof(namestr) - 1, "%s%s", NAMEPREFIX, object->data.user->name);
+ break;
+ default:
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
+ if ((r = tdb_store(tdbsam2_db, key, data, flag)) != TDB_SUCCESS) {
+ DEBUG(0, ("store_object: Unable to modify SAM!\n"));
+ DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
+ DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
+ if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+
+ key2.dptr = namestr;
+ key2.dsize = strlen(namestr) + 1;
+
+ if ((r = tdb_store(tdbsam2_db, key2, key, flag)) != TDB_SUCCESS) {
+ DEBUG(0, ("store_object: Unable to modify SAM!\n"));
+ DEBUGADD(0, (" Error: %s", tdb_errorstr(tdbsam2_db)));
+ DEBUGADD(0, (" occured while storing the main record (%s)\n", keystr));
+ if (r == TDB_ERR_EXISTS) return NT_STATUS_UNSUCCESSFUL;
+ return NT_STATUS_INTERNAL_DB_ERROR;
+ }
+/* TODO: update the general database counter */
+/* TODO: update this entry counter too */
return NT_STATUS_OK;
}
-static NTSTATUS tdbsam2_get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID *sid) {
-
+static NTSTATUS get_next_sid(TALLOC_CTX *mem_ctx, DOM_SID **sid)
+{
NTSTATUS ret;
+ struct tdbsam2_object obj;
+ DOM_SID *dom_sid = get_global_sam_sid();
+ uint32 new_rid;
+
+/* TODO: LOCK DOMAIN OBJECT */
+ ret = get_object_by_sid(mem_ctx, &obj, dom_sid);
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("get_next_sid: unable to get root Domain object!\n"));
+ ret = NT_STATUS_INTERNAL_DB_ERROR;
+ goto error;
+ }
+
+ new_rid = obj.data.domain->next_rid;
+
+ /* Increment the RID Counter */
+ obj.data.domain->next_rid++;
+
+ /* Store back Domain object */
+ ret = store_object(mem_ctx, &obj, False);
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("get_next_sid: unable to update root Domain object!\n"));
+ ret = NT_STATUS_INTERNAL_DB_ERROR;
+ goto error;
+ }
+/* TODO: UNLOCK DOMAIN OBJECT */
+
+ *sid = sid_dup_talloc(mem_ctx, dom_sid);
+ TALLOC_CHECK(*sid, ret, error);
+
+ if (!sid_append_rid(*sid, new_rid)) {
+ DEBUG(0, ("get_next_sid: unable to build new SID !?!\n"));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto error;
+ }
return NT_STATUS_OK;
-}
-static NTSTATUS tdbsam2_user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata, uint32 type) {
+error:
+ return ret;
+}
+static NTSTATUS user_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_user_data *userdata)
+{
NTSTATUS ret;
if (!object || !userdata) {
SET_OR_FAIL(gums_set_user_unknown_5(*object, userdata->unknown_5), error);
SET_OR_FAIL(gums_set_user_unknown_6(*object, userdata->unknown_6), error);
- SET_OR_FAIL(gums_set_user_logon_time(*object, userdata->logon_time), error);
- SET_OR_FAIL(gums_set_user_logoff_time(*object, userdata->logoff_time), error);
- SET_OR_FAIL(gums_set_user_kickoff_time(*object, userdata->kickoff_time), error);
- SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, userdata->pass_last_set_time), error);
- SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, userdata->pass_can_change_time), error);
- SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, userdata->pass_must_change_time), error);
+ SET_OR_FAIL(gums_set_user_logon_time(*object, *(userdata->logon_time)), error);
+ SET_OR_FAIL(gums_set_user_logoff_time(*object, *(userdata->logoff_time)), error);
+ SET_OR_FAIL(gums_set_user_kickoff_time(*object, *(userdata->kickoff_time)), error);
+ SET_OR_FAIL(gums_set_user_pass_last_set_time(*object, *(userdata->pass_last_set_time)), error);
+ SET_OR_FAIL(gums_set_user_pass_can_change_time(*object, *(userdata->pass_can_change_time)), error);
+ SET_OR_FAIL(gums_set_user_pass_must_change_time(*object, *(userdata->pass_must_change_time)), error);
ret = NT_STATUS_OK;
return ret;
return ret;
}
-static NTSTATUS tdbsam2_group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata, uint32 type) {
-
+static NTSTATUS group_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_group_data *groupdata)
+{
NTSTATUS ret;
if (!object || !groupdata) {
return ret;
}
-static NTSTATUS tdbsam2_domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata, uint32 type) {
+static NTSTATUS domain_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_domain_data *domdata)
+{
NTSTATUS ret;
- if (!object || !domdata) {
+ if (!object || !*object || !domdata) {
DEBUG(0, ("tdbsam2_domain_data_to_gums_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
return ret;
}
-static NTSTATUS tdbsam2_data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data) {
+static NTSTATUS data_to_gums_object(GUMS_OBJECT **object, struct tdbsam2_object *data)
+{
NTSTATUS ret;
switch (data->type) {
case GUMS_OBJ_DOMAIN:
- ret = tdbsam2_domain_data_to_gums_object(object, data->data.domain, data->type);
+ ret = domain_data_to_gums_object(object, data->data.domain);
break;
case GUMS_OBJ_NORMAL_USER:
- ret = tdbsam2_user_data_to_gums_object(object, data->data.user, data->type);
+ ret = user_data_to_gums_object(object, data->data.user);
break;
case GUMS_OBJ_GROUP:
case GUMS_OBJ_ALIAS:
- ret = tdbsam2_group_data_to_gums_object(object, data->data.group, data->type);
+ ret = group_data_to_gums_object(object, data->data.group);
break;
default:
}
+/* GUMM object functions */
+static NTSTATUS tdbsam2_get_domain_sid(DOM_SID *sid, const char* name)
+{
+ NTSTATUS ret;
+ struct tdbsam2_object obj;
+ TALLOC_CTX *mem_ctx;
+ fstring domname;
-/* GUMM object functions */
+ if (!sid || !name)
+ return NT_STATUS_INVALID_PARAMETER;
-static NTSTATUS get_domain_sid(DOM_SID *sid, const char* name) {
+ mem_ctx = talloc_init("tdbsam2_get_domain_sid");
+ if (!mem_ctx) {
+ DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
+ goto done;
+ }
+
+ unix_strlower(name, -1, domname, sizeof(domname));
+
+ ret = get_object_by_name(mem_ctx, &obj, domname);
+
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
+ goto done;
+ }
+
+ if (obj.type != GUMS_OBJ_DOMAIN) {
+ DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ sid_copy(sid, obj.data.domain->dom_sid);
+
+ ret = NT_STATUS_OK;
+
+done:
+ talloc_destroy(mem_ctx);
+ return ret;
+}
+
+static NTSTATUS tdbsam2_set_domain_sid (const DOM_SID *sid, const char *name)
+{
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
- TDB_DATA data, key;
- fstring keystr;
fstring domname;
if (!sid || !name)
return NT_STATUS_INVALID_PARAMETER;
- mem_ctx = talloc_init("get_domain_sid");
+ mem_ctx = talloc_init("tdbsam2_set_domain_sid");
if (!mem_ctx) {
DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
goto done;
}
}
unix_strlower(name, -1, domname, sizeof(domname));
- slprintf(keystr, sizeof(keystr)-1, "%s%s", DOMAINPREFIX, domname);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
+/* TODO: we need to lock this entry until updated! */
- data = tdb_fetch(tdbsam2_db, key);
- if (!data.dptr) {
- DEBUG(5, ("get_domain_sid: Error fetching database, domain entry not found!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
- }
+ ret = get_object_by_name(mem_ctx, &obj, domname);
- if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
- SAFE_FREE(data.dptr);
- DEBUG(0, ("get_domain_sid: Error fetching database, malformed entry!\n"));
- ret = NT_STATUS_UNSUCCESSFUL;
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("tdbsam2_get_domain_sid: Error fetching database!\n"));
goto done;
}
- SAFE_FREE(data.dptr);
if (obj.type != GUMS_OBJ_DOMAIN) {
- DEBUG(5, ("get_domain_sid: Requested object is not a domain!\n"));
+ DEBUG(5, ("tdbsam2_get_domain_sid: Requested object is not a domain!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- sid_copy(sid, obj.data.domain->dom_sid);
+ sid_copy(obj.data.domain->dom_sid, sid);
- ret = NT_STATUS_OK;
+ ret = store_object(mem_ctx, &obj, False);
done:
+/* TODO: unlock here */
if (mem_ctx) talloc_destroy(mem_ctx);
return ret;
}
- NTSTATUS (*set_domain_sid) (const DOM_SID *sid, const char *name);
-
+/* TODO */
NTSTATUS (*get_sequence_number) (void);
-static NTSTATUS tdbsam2_new_object(DOM_SID **sid, const char *name, const int obj_type) {
+extern DOM_SID global_sid_NULL;
+
+static NTSTATUS tdbsam2_new_object(DOM_SID *sid, const char *name, const int obj_type)
+{
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
+ NTTIME zero_time = {0,0};
+ const char *defpw = "NOPASSWORDXXXXXX";
+ uint8 defhours[21] = {255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255,255};
if (!sid || !name) {
DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_NO_MEMORY;
}
+ obj.type = obj_type;
+ obj.version = TDBSAM_VERSION;
+
switch (obj_type) {
case GUMS_OBJ_NORMAL_USER:
obj.data.user = (struct tdbsam2_user_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_user_data));
TALLOC_CHECK(obj.data.user, ret, done);
- /*obj.data.user->sec_desc*/
-
- tdbsam2_get_next_sid(mem_ctx, obj.data.user->user_sid);
+ get_next_sid(mem_ctx, &(obj.data.user->user_sid));
TALLOC_CHECK(obj.data.user->user_sid, ret, done);
+ sid_copy(sid, obj.data.user->user_sid);
obj.data.user->name = talloc_strdup(mem_ctx, name);
TALLOC_CHECK(obj.data.user, ret, done);
+ obj.data.user->xcounter = 1;
+ /*obj.data.user->sec_desc*/
+ obj.data.user->description = "";
+ obj.data.user->group_sid = &global_sid_NULL;
+ obj.data.user->logon_time = &zero_time;
+ obj.data.user->logoff_time = &zero_time;
+ obj.data.user->kickoff_time = &zero_time;
+ obj.data.user->pass_last_set_time = &zero_time;
+ obj.data.user->pass_can_change_time = &zero_time;
+ obj.data.user->pass_must_change_time = &zero_time;
+
+ obj.data.user->full_name = "";
+ obj.data.user->home_dir = "";
+ obj.data.user->dir_drive = "";
+ obj.data.user->logon_script = "";
+ obj.data.user->profile_path = "";
+ obj.data.user->workstations = "";
+ obj.data.user->unknown_str = "";
+ obj.data.user->munged_dial = "";
+
+ obj.data.user->lm_pw_ptr = defpw;
+ obj.data.user->nt_pw_ptr = defpw;
+
+ obj.data.user->logon_divs = 168;
+ obj.data.user->hours_len = 21;
+ obj.data.user->hours = &defhours;
+
+ obj.data.user->unknown_3 = 0x00ffffff;
+ obj.data.user->unknown_5 = 0x00020000;
+ obj.data.user->unknown_6 = 0x000004ec;
break;
case GUMS_OBJ_GROUP:
obj.data.group = (struct tdbsam2_group_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_group_data));
TALLOC_CHECK(obj.data.group, ret, done);
- /*obj.data.user->sec_desc*/
-
- tdbsam2_get_next_sid(mem_ctx, obj.data.group->group_sid);
+ get_next_sid(mem_ctx, &(obj.data.group->group_sid));
TALLOC_CHECK(obj.data.group->group_sid, ret, done);
+ sid_copy(sid, obj.data.group->group_sid);
obj.data.group->name = talloc_strdup(mem_ctx, name);
TALLOC_CHECK(obj.data.group, ret, done);
+ obj.data.group->xcounter = 1;
+ /*obj.data.group->sec_desc*/
+ obj.data.group->description = "";
+
break;
case GUMS_OBJ_DOMAIN:
- /* TODO: SHOULD WE ALLOW TO CREATE NEW DOMAINS ? */
+
+ /* FIXME: should we check against global_sam_sid to make it impossible
+ to store more than one domain ? */
+
+ obj.data.domain = (struct tdbsam2_domain_data *)talloc_zero(mem_ctx, sizeof(struct tdbsam2_domain_data));
+ TALLOC_CHECK(obj.data.domain, ret, done);
+
+ obj.data.domain->dom_sid = sid_dup_talloc(mem_ctx, get_global_sam_sid());
+ TALLOC_CHECK(obj.data.domain->dom_sid, ret, done);
+ sid_copy(sid, obj.data.domain->dom_sid);
+
+ obj.data.domain->name = talloc_strdup(mem_ctx, name);
+ TALLOC_CHECK(obj.data.domain, ret, done);
+
+ obj.data.domain->xcounter = 1;
+ /*obj.data.domain->sec_desc*/
+ obj.data.domain->next_rid = 0x3e9;
+ obj.data.domain->description = "";
+
+ ret = NT_STATUS_OK;
+ break;
default:
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- ret = tdbsam2_store(&obj);
+ ret = store_object(mem_ctx, &obj, True);
done:
talloc_destroy(mem_ctx);
return ret;
}
-static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid) {
-
+static NTSTATUS tdbsam2_delete_object(const DOM_SID *sid)
+{
NTSTATUS ret;
struct tdbsam2_object obj;
TALLOC_CTX *mem_ctx;
TDB_DATA data, key;
fstring keystr;
- fstring sidstr;
- char *obj_name = NULL;
- int obj_type, obj_version, len;
if (!sid) {
- DEBUG(0, ("tdbsam2_new_object: no NULL pointers are accepted here!\n"));
+ DEBUG(0, ("tdbsam2_delete_object: no NULL pointers are accepted here!\n"));
return NT_STATUS_INVALID_PARAMETER;
}
mem_ctx = talloc_init("tdbsam2_delete_object");
if (!mem_ctx) {
- DEBUG(0, ("tdbsam2_new_object: Out of memory!\n"));
+ DEBUG(0, ("tdbsam2_delete_object: Out of memory!\n"));
return NT_STATUS_NO_MEMORY;
}
if (tdbsam2_db == NULL) {
- if (NT_STATUS_IS_ERR(ret = tdbsam2_opentdb())) {
+ if (NT_STATUS_IS_ERR(ret = opentdb())) {
goto done;
}
}
- sid_to_string(sidstr, sid);
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sidstr);
+ slprintf(keystr, sizeof(keystr)-1, "%s%s", SIDPREFIX, sid_string_static(sid));
key.dptr = keystr;
key.dsize = strlen(keystr) + 1;
data = tdb_fetch(tdbsam2_db, key);
if (!data.dptr) {
- DEBUG(5, ("get_domain_sid: Error fetching database, SID entry not found!\n"));
+ DEBUG(5, ("tdbsam2_delete_object: Error fetching database, SID entry not found!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
- len = tdb_unpack(data.dptr, data.dsize, TDB_FORMAT_STRING,
- &obj_version,
- &obj_type,
- &obj_name);
+ if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
+ DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
+ DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
+ DEBUGADD(5, (" Key: %s\n", keystr));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- if (len == -1) {
+ if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
+ SAFE_FREE(data.dptr);
+ DEBUG(0, ("tdbsam2_delete_object: Error fetching database, malformed entry!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
}
+ switch (obj.type) {
+ case GUMS_OBJ_DOMAIN:
+ /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.domain->name);
+ break;
+ case GUMS_OBJ_GROUP:
+ case GUMS_OBJ_ALIAS:
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.group->name);
+ break;
+ case GUMS_OBJ_NORMAL_USER:
+ slprintf(keystr, sizeof(keystr) - 1, "%s%s", NAMEPREFIX, obj.data.user->name);
+ break;
+ default:
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+
+ key.dptr = keystr;
+ key.dsize = strlen(keystr) + 1;
+
if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
+ DEBUG(5, ("tdbsam2_delete_object: Error deleting object!\n"));
DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
DEBUGADD(5, (" Key: %s\n", keystr));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
- }
+ }
- switch (obj_type) {
- case GUMS_OBJ_NORMAL_USER:
- case GUMS_OBJ_GROUP:
- case GUMS_OBJ_ALIAS:
-
- slprintf(keystr, sizeof(keystr)-1, "%s%s", OBJECTPREFIX, obj_name);
- key.dptr = keystr;
- key.dsize = strlen(keystr) + 1;
-
- if (tdb_delete(tdbsam2_db, key) != TDB_SUCCESS) {
- DEBUG(5, ("tdbsam2_object_delete: Error deleting object!\n"));
- DEBUGADD(5, (" Error: %s\n", tdb_errorstr(tdbsam2_db)));
- DEBUGADD(5, (" Key: %s\n", keystr));
- ret = NT_STATUS_UNSUCCESSFUL;
- goto done;
+/* TODO: update the general database counter */
+
+done:
+ SAFE_FREE(data.dptr);
+ talloc_destroy(mem_ctx);
+ return ret;
+}
+
+static NTSTATUS tdbsam2_get_object_from_sid(GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type)
+{
+ NTSTATUS ret;
+ struct tdbsam2_object obj;
+ TALLOC_CTX *mem_ctx;
+
+ if (!object || !sid) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
+ if (!mem_ctx) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = get_object_by_sid(mem_ctx, &obj, sid);
+ if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
+ goto done;
+ }
+
+ ret = data_to_gums_object(object, &obj);
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
+ goto done;
+ }
+
+done:
+ talloc_destroy(mem_ctx);
+ return ret;
+}
+
+static NTSTATUS tdbsam2_get_object_from_name(GUMS_OBJECT **object, const char *name, const int obj_type)
+{
+ NTSTATUS ret;
+ struct tdbsam2_object obj;
+ TALLOC_CTX *mem_ctx;
+
+ if (!object || !name) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ mem_ctx = talloc_init("tdbsam2_get_object_from_sid");
+ if (!mem_ctx) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ ret = get_object_by_name(mem_ctx, &obj, name);
+ if (NT_STATUS_IS_ERR(ret) || (obj_type && obj.type != obj_type)) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: error fetching object or wrong object type!\n"));
+ goto done;
+ }
+
+ ret = data_to_gums_object(object, &obj);
+ if (NT_STATUS_IS_ERR(ret)) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: error setting object data!\n"));
+ goto done;
+ }
+
+done:
+ talloc_destroy(mem_ctx);
+ return ret;
+}
+
+ /* This function is used to get the list of all objects changed since base_time, it is
+ used to support PDC<->BDC synchronization */
+ NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
+
+static NTSTATUS tdbsam2_enumerate_objects_start(void *handle, const DOM_SID *sid, const int obj_type)
+{
+ struct tdbsam2_enum_objs *teo, *t;
+ pstring tdbfile;
+
+ teo = (struct tdbsam2_enum_objs *)calloc(1, sizeof(struct tdbsam2_enum_objs));
+ if (!teo) {
+ DEBUG(0, ("tdbsam2_enumerate_objects_start: Out of Memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ teo->type = obj_type;
+ if (sid) {
+ sid_to_string(teo->dom_sid, sid);
+ }
+
+ get_private_directory(tdbfile);
+ pstrcat(tdbfile, "/");
+ pstrcat(tdbfile, TDB_FILE_NAME);
+
+ teo->db = tdb_open_log(tdbfile, 0, TDB_DEFAULT, O_RDONLY, 0600);
+ if (!teo->db)
+ {
+ DEBUG(0, ("tdbsam2_enumerate_objects_start: Unable to open database (%s)!\n", tdbfile));
+ SAFE_FREE(teo);
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+
+ if (!teo_handlers) {
+ *teo_handlers = teo;
+ } else {
+ t = *teo_handlers;
+ while (t->next) {
+ t = t->next;
+ }
+ t->next = teo;
+ }
+
+ handle = teo;
+
+ teo->key = tdb_firstkey(teo->db);
+
+ return NT_STATUS_OK;
+}
+
+static NTSTATUS tdbsam2_enumerate_objects_get_next(GUMS_OBJECT **object, void *handle)
+{
+ NTSTATUS ret;
+ TALLOC_CTX *mem_ctx;
+ TDB_DATA data;
+ struct tdbsam2_enum_objs *teo;
+ struct tdbsam2_object obj;
+ const char *prefix = SIDPREFIX;
+ const int preflen = strlen(prefix);
+
+ if (!object || !handle) {
+ DEBUG(0, ("tdbsam2_get_object_from_sid: no NULL pointers are accepted here!\n"));
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+
+ teo = (struct tdbsam2_enum_objs *)handle;
+
+ mem_ctx = talloc_init("tdbsam2_enumerate_objects_get_next");
+ if (!mem_ctx) {
+ DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Out of memory!\n"));
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ while ((teo->key.dsize != 0)) {
+ int len, version, type, size;
+ char *ptr;
+
+ if (strncmp(teo->key.dptr, prefix, preflen)) {
+ teo->key = tdb_nextkey(teo->db, teo->key);
+ continue;
+ }
+
+ if (teo->dom_sid) {
+ if (strncmp(&(teo->key.dptr[preflen]), teo->dom_sid, strlen(teo->dom_sid))) {
+ teo->key = tdb_nextkey(teo->db, teo->key);
+ continue;
}
- break;
+ }
- case GUMS_OBJ_DOMAIN:
- /* TODO: SHOULD WE ALLOW TO DELETE DOMAINS ? */
+ data = tdb_fetch(teo->db, teo->key);
+ if (!data.dptr) {
+ DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error fetching database, SID entry not found!\n"));
+ DEBUGADD(5, (" Error: %s\n", tdb_errorstr(teo->db)));
+ DEBUGADD(5, (" Key: %s\n", teo->key.dptr));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
- default:
+ len = tdb_unpack (data.dptr, data.dsize, TDB_FORMAT_STRING,
+ &version,
+ &type,
+ &size, &ptr);
+
+ if (len == -1) {
+ DEBUG(5, ("tdbsam2_enumerate_objects_get_next: Error unable to unpack data!\n"));
ret = NT_STATUS_UNSUCCESSFUL;
goto done;
+ }
+ SAFE_FREE(ptr);
+
+ if (teo->type && type != teo->type) {
+ SAFE_FREE(data.dptr);
+ data.dsize = 0;
+ teo->key = tdb_nextkey(teo->db, teo->key);
+ continue;
+ }
+
+ break;
}
+ if (data.dsize != 0) {
+ if (NT_STATUS_IS_ERR(init_tdbsam2_object_from_buffer(&obj, mem_ctx, data.dptr, data.dsize))) {
+ SAFE_FREE(data.dptr);
+ DEBUG(0, ("tdbsam2_enumerate_objects_get_next: Error fetching database, malformed entry!\n"));
+ ret = NT_STATUS_UNSUCCESSFUL;
+ goto done;
+ }
+ SAFE_FREE(data.dptr);
+ }
+
+ ret = data_to_gums_object(object, &obj);
+
done:
- SAFE_FREE(obj_name);
talloc_destroy(mem_ctx);
return ret;
}
- NTSTATUS (*get_object_from_sid) (GUMS_OBJECT **object, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*get_sid_from_name) (GUMS_OBJECT **object, const char *name);
- /* This function is used to get the list of all objects changed since b_time, it is
- used to support PDC<->BDC synchronization */
- NTSTATUS (*get_updated_objects) (GUMS_OBJECT **objects, const NTTIME base_time);
+static NTSTATUS tdbsam2_enumerate_objects_stop(void *handle)
+{
+ struct tdbsam2_enum_objs *teo, *t, *p;
+
+ teo = (struct tdbsam2_enum_objs *)handle;
+
+ if (*teo_handlers == teo) {
+ *teo_handlers = teo->next;
+ } else {
+ t = *teo_handlers;
+ while (t != teo) {
+ p = t;
+ t = t->next;
+ if (t == NULL) {
+ DEBUG(0, ("tdbsam2_enumerate_objects_stop: Error, handle not found!\n"));
+ return NT_STATUS_UNSUCCESSFUL;
+ }
+ }
+ p = t->next;
+ }
+
+ tdb_close(teo->db);
+ SAFE_FREE(teo);
- NTSTATUS (*enumerate_objects_start) (void *handle, const DOM_SID *sid, const int obj_type);
- NTSTATUS (*enumerate_objects_get_next) (GUMS_OBJECT **object, void *handle);
- NTSTATUS (*enumerate_objects_stop) (void *handle);
+ return NT_STATUS_OK;
+}
/* This function MUST be used ONLY by PDC<->BDC replication code or recovery tools.
Never use this function to update an object in the database, use set_object_values() */
NTSTATUS (*set_privilege) (GUMS_PRIVILEGE *priv);
-int gumm_init(GUMS_FUNCTIONS **storage) {
+int gumm_init(GUMS_FUNCTIONS **storage)
+{
+ tdbsam2_db = NULL;
+ teo_handlers = 0;
return 0;
}
+
+#if 0
+int main(int argc, char *argv[])
+{
+ NTSTATUS ret;
+ DOM_SID dsid;
+
+ if (argc < 2) {
+ printf ("not enough arguments!\n");
+ exit(0);
+ }
+
+ if (!lp_load(dyn_CONFIGFILE,True,False,False)) {
+ fprintf(stderr, "Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE);
+ exit(1);
+ }
+
+ ret = tdbsam2_new_object(&dsid, "_domain_", GUMS_OBJ_DOMAIN);
+ if (NT_STATUS_IS_OK(ret)) {
+ printf ("_domain_ created, sid=%s\n", sid_string_static(&dsid));
+ } else {
+ printf ("_domain_ creation error n. 0x%08x\n", ret.v);
+ }
+ ret = tdbsam2_new_object(&dsid, argv[1], GUMS_OBJ_NORMAL_USER);
+ if (NT_STATUS_IS_OK(ret)) {
+ printf ("%s user created, sid=%s\n", argv[1], sid_string_static(&dsid));
+ } else {
+ printf ("%s user creation error n. 0x%08x\n", argv[1], ret.v);
+ }
+
+ exit(0);
+}
+#endif
#define GMV_MAJOR 0
#define GMV_MINOR 1
+#define PRIV_NONE 0
+#define PRIV_CREATE_TOKEN 1
+#define PRIV_ASSIGNPRIMARYTOKEN 2
+#define PRIV_LOCK_MEMORY 3
+#define PRIV_INCREASE_QUOTA 4
+#define PRIV_MACHINE_ACCOUNT 5
+#define PRIV_TCB 6
+#define PRIV_SECURITY 7
+#define PRIV_TAKE_OWNERSHIP 8
+#define PRIV_LOAD_DRIVER 9
+#define PRIV_SYSTEM_PROFILE 10
+#define PRIV_SYSTEMTIME 11
+#define PRIV_PROF_SINGLE_PROCESS 12
+#define PRIV_INC_BASE_PRIORITY 13
+#define PRIV_CREATE_PAGEFILE 14
+#define PRIV_CREATE_PERMANENT 15
+#define PRIV_BACKUP 16
+#define PRIV_RESTORE 17
+#define PRIV_SHUTDOWN 18
+#define PRIV_DEBUG 19
+#define PRIV_AUDIT 20
+#define PRIV_SYSTEM_ENVIRONMENT 21
+#define PRIV_CHANGE_NOTIFY 22
+#define PRIV_REMOTE_SHUTDOWN 23
+#define PRIV_UNDOCK 24
+#define PRIV_SYNC_AGENT 25
+#define PRIV_ENABLE_DELEGATION 26
+#define PRIV_ALL 255
+
+
GUMS_FUNCTIONS *gums_storage;
static void *dl_handle;
-PRIVS privs[] = {
+static PRIVS gums_privs[] = {
{PRIV_NONE, "no_privs", "No privilege"}, /* this one MUST be first */
{PRIV_CREATE_TOKEN, "SeCreateToken", "Create Token"},
{PRIV_ASSIGNPRIMARYTOKEN, "SeAssignPrimaryToken", "Assign Primary Token"},
NTSTATUS gums_unload(void)
{
- NSTATUS ret;
+ NTSTATUS ret;
NTSTATUS (*module_finalize)();
if (!dl_handle)
return NT_STATUS_UNSUCCESSFUL;
- module_close = sys_dlsym(dl_handle, "gumm_finalize");
+ module_finalize = sys_dlsym(dl_handle, "gumm_finalize");
if (!module_finalize) {
DEBUG(0, ("ERROR: Failed to find gums module's init function!\n"));
return NT_STATUS_UNSUCCESSFUL;
}
- DEBUG(5, ("Finalizing module %s\n", module_name));
+ DEBUG(5, ("Finalizing module"));
ret = module_finalize();
sys_dlclose(dl_handle);
#include "includes.h"
+
+/*******************************************************************
+ Create a SEC_ACL structure.
+********************************************************************/
+
+static SEC_ACL *make_sec_acl(TALLOC_CTX *ctx, uint16 revision, int num_aces, SEC_ACE *ace_list)
+{
+ SEC_ACL *dst;
+ int i;
+
+ if((dst = (SEC_ACL *)talloc_zero(ctx,sizeof(SEC_ACL))) == NULL)
+ return NULL;
+
+ dst->revision = revision;
+ dst->num_aces = num_aces;
+ dst->size = SEC_ACL_HEADER_SIZE;
+
+ /* Now we need to return a non-NULL address for the ace list even
+ if the number of aces required is zero. This is because there
+ is a distinct difference between a NULL ace and an ace with zero
+ entries in it. This is achieved by checking that num_aces is a
+ positive number. */
+
+ if ((num_aces) &&
+ ((dst->ace = (SEC_ACE *)talloc(ctx, sizeof(SEC_ACE) * num_aces))
+ == NULL)) {
+ return NULL;
+ }
+
+ for (i = 0; i < num_aces; i++) {
+ dst->ace[i] = ace_list[i]; /* Structure copy. */
+ dst->size += ace_list[i].size;
+ }
+
+ return dst;
+}
+
+
+
+/*******************************************************************
+ Duplicate a SEC_ACL structure.
+********************************************************************/
+
+static SEC_ACL *dup_sec_acl(TALLOC_CTX *ctx, SEC_ACL *src)
+{
+ if(src == NULL)
+ return NULL;
+
+ return make_sec_acl(ctx, src->revision, src->num_aces, src->ace);
+}
+
+
+
+/*******************************************************************
+ Creates a SEC_DESC structure
+********************************************************************/
+
+static SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
+ DOM_SID *owner_sid, DOM_SID *grp_sid,
+ SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
+{
+ SEC_DESC *dst;
+ uint32 offset = 0;
+ uint32 offset_sid = SEC_DESC_HEADER_SIZE;
+ uint32 offset_acl = 0;
+
+ *sd_size = 0;
+
+ if(( dst = (SEC_DESC *)talloc_zero(ctx, sizeof(SEC_DESC))) == NULL)
+ return NULL;
+
+ dst->revision = revision;
+ dst->type = SEC_DESC_SELF_RELATIVE;
+
+ if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
+ if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
+
+ dst->off_owner_sid = 0;
+ dst->off_grp_sid = 0;
+ dst->off_sacl = 0;
+ dst->off_dacl = 0;
+
+ if(owner_sid && ((dst->owner_sid = sid_dup_talloc(ctx,owner_sid)) == NULL))
+ goto error_exit;
+
+ if(grp_sid && ((dst->grp_sid = sid_dup_talloc(ctx,grp_sid)) == NULL))
+ goto error_exit;
+
+ if(sacl && ((dst->sacl = dup_sec_acl(ctx, sacl)) == NULL))
+ goto error_exit;
+
+ if(dacl && ((dst->dacl = dup_sec_acl(ctx, dacl)) == NULL))
+ goto error_exit;
+
+ offset = 0;
+
+ /*
+ * Work out the linearization sizes.
+ */
+ if (dst->owner_sid != NULL) {
+
+ if (offset == 0)
+ offset = SEC_DESC_HEADER_SIZE;
+
+ offset += sid_size(dst->owner_sid);
+ }
+
+ if (dst->grp_sid != NULL) {
+
+ if (offset == 0)
+ offset = SEC_DESC_HEADER_SIZE;
+
+ offset += sid_size(dst->grp_sid);
+ }
+
+ if (dst->sacl != NULL) {
+
+ offset_acl = SEC_DESC_HEADER_SIZE;
+
+ dst->off_sacl = offset_acl;
+ offset_acl += dst->sacl->size;
+ offset += dst->sacl->size;
+ offset_sid += dst->sacl->size;
+ }
+
+ if (dst->dacl != NULL) {
+
+ if (offset_acl == 0)
+ offset_acl = SEC_DESC_HEADER_SIZE;
+
+ dst->off_dacl = offset_acl;
+ offset_acl += dst->dacl->size;
+ offset += dst->dacl->size;
+ offset_sid += dst->dacl->size;
+ }
+
+ *sd_size = (size_t)((offset == 0) ? SEC_DESC_HEADER_SIZE : offset);
+
+ if (dst->owner_sid != NULL)
+ dst->off_owner_sid = offset_sid;
+
+ /* sid_size() returns 0 if the sid is NULL so this is ok */
+
+ if (dst->grp_sid != NULL)
+ dst->off_grp_sid = offset_sid + sid_size(dst->owner_sid);
+
+ return dst;
+
+error_exit:
+
+ *sd_size = 0;
+ return NULL;
+}
+
+/*******************************************************************
+ Duplicate a SEC_DESC structure.
+********************************************************************/
+
+static SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
+{
+ size_t dummy;
+
+ if(src == NULL)
+ return NULL;
+
+ return make_sec_desc( ctx, src->revision,
+ src->owner_sid, src->grp_sid, src->sacl,
+ src->dacl, &dummy);
+}
+
+
+
+
+
+
+
extern GUMS_FUNCTIONS *gums_storage;
/* Functions to get/set info from a GUMS object */
{
TALLOC_CTX *mem_ctx = talloc_init("gums_create_object");
GUMS_OBJECT *go;
- NT_STATUS ret;
+ NTSTATUS ret;
go = talloc_zero(mem_ctx, sizeof(GUMS_OBJECT));
go->mem_ctx = mem_ctx;
case GUMS_OBJ_DOMAIN_TRUST:
*/
case GUMS_OBJ_NORMAL_USER:
- go->data = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
+ go->data.user = (GUMS_USER *)talloc_zero(mem_ctx, sizeof(GUMS_USER));
break;
case GUMS_OBJ_GROUP:
case GUMS_OBJ_ALIAS:
- go->data = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
+ go->data.group = (GUMS_GROUP *)talloc_zero(mem_ctx, sizeof(GUMS_GROUP));
break;
default:
goto error;
}
- if (!(go->data)) {
+ if (!(go->data.user)) {
ret = NT_STATUS_NO_MEMORY;
DEBUG(0, ("gums_create_object: Out of memory!\n"));
goto error;
}
*/
+NTSTATUS gums_get_domain_next_rid(uint32 *rid, const GUMS_OBJECT *obj)
+{
+ if (!obj)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (obj->type != GUMS_OBJ_DOMAIN)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+ *rid = obj->data.domain->next_rid;
+ return NT_STATUS_OK;
+}
+
+NTSTATUS gums_set_domain_next_rid(GUMS_OBJECT *obj, uint32 rid)
+{
+ if (!obj)
+ return NT_STATUS_INVALID_PARAMETER;
+
+ if (obj->type != GUMS_OBJ_DOMAIN)
+ return NT_STATUS_OBJECT_TYPE_MISMATCH;
+
+ obj->data.domain->next_rid = rid;
+ return NT_STATUS_OK;
+}
+
NTSTATUS gums_get_user_pri_group(DOM_SID **sid, const GUMS_OBJECT *obj)
{
if (!sid || !obj)
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *nt_pwd = obj->data.user->nt_pw;
+ *nt_pwd = &(obj->data.user->nt_pw);
return NT_STATUS_OK;
}
NTSTATUS gums_set_user_nt_pwd(GUMS_OBJECT *obj, const DATA_BLOB nt_pwd)
{
- if (!obj || !nt_pwd || nt_pwd != NT_HASH_LEN)
+ if (!obj || nt_pwd.length != NT_HASH_LEN)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->nt_pwd = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.lenght);
+ obj->data.user->nt_pw = data_blob_talloc(obj->mem_ctx, nt_pwd.data, nt_pwd.length);
return NT_STATUS_OK;
}
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *lm_pwd = obj->data.user->lm_pw;
+ *lm_pwd = &(obj->data.user->lm_pw);
return NT_STATUS_OK;
}
NTSTATUS gums_set_user_lm_pwd(GUMS_OBJECT *obj, const DATA_BLOB lm_pwd)
{
- if (!obj || !lm_pwd || lm_pwd != LM_HASH_LEN)
+ if (!obj || lm_pwd.length != LM_HASH_LEN)
return NT_STATUS_INVALID_PARAMETER;
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- obj->data.user->lm_pwd = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.lenght);
+ obj->data.user->lm_pw = data_blob_talloc(obj->mem_ctx, lm_pwd.data, lm_pwd.length);
return NT_STATUS_OK;
}
if (obj->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_OBJECT_TYPE_MISMATCH;
- *pass_must_change_time = obj->data-user->pass_must_change_time;
+ *pass_must_change_time = obj->data.user->pass_must_change_time;
return NT_STATUS_OK;
}
return NT_STATUS_OBJECT_TYPE_MISMATCH;
*count = obj->data.group->count;
- *members = obj->data.group->members;
+ *members = *(obj->data.group->members);
return NT_STATUS_OK;
}
obj->data.group->count = count;
n = 0;
do {
- obj->data.group->members[n] = dup_sec_desc(obj->mem_ctx, members[n]);
+ obj->data.group->members[n] = sid_dup_talloc(obj->mem_ctx, members[n]);
if (!(obj->data.group->members[n])) return NT_STATUS_NO_MEMORY;
n++;
} while (n < count);
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SEC_DESC;
new_sec_desc = dup_sec_desc(mem_ctx, sec_desc);
return NT_STATUS_OK;
}
+/*
NTSTATUS gums_cs_add_privilege(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, LUID_ATTR priv)
{
GUMS_DATA_SET *data_set;
return NT_STATUS_INVALID_PARAMETER;
com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
+ if (com_set->count == 1) {
data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
} else {
data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_PRIVILEGE;
if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
return NT_STATUS_INVALID_PARAMETER;
com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
+ if (com_set->count == 1) {
data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
} else {
data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_PRIVILEGE;
if (NT_STATUS_IS_ERR(dupalloc_luid_attr(mem_ctx, &new_priv, priv)))
return NT_STATUS_INVALID_PARAMETER;
com_set->count = com_set->count + 1;
- if (com_set->count == 1) { /* first data set */
+ if (com_set->count == 1) {
data_set = (GUMS_DATA_SET *)talloc(mem_ctx, sizeof(GUMS_DATA_SET));
} else {
data_set = (GUMS_DATA_SET *)talloc_realloc(mem_ctx, com_set->data, sizeof(GUMS_DATA_SET) * com_set->count);
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
- data_set->type = GUMS_SET_SEC_DESC;
+ data_set->type = GUMS_SET_PRIVILEGE;
if (NT_STATUS_IS_ERR(dup_priv_set(&new_priv_set, mem_ctx, priv_set)))
return NT_STATUS_NO_MEMORY;
return NT_STATUS_OK;
}
+*/
NTSTATUS gums_cs_set_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, char *str)
{
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = type;
new_str = talloc_strdup(mem_ctx, str);
NTSTATUS gums_cs_set_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *name)
{
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, name);
}
NTSTATUS gums_cs_set_description(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *desc)
{
- return gums_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_DESCRIPTION, desc);
}
NTSTATUS gums_cs_set_full_name(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *full_name)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, full_name);
}
NTSTATUS gums_cs_set_home_directory(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *home_dir)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, home_dir);
}
NTSTATUS gums_cs_set_drive(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *drive)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, drive);
}
NTSTATUS gums_cs_set_logon_script(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *logon_script)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, logon_script);
}
NTSTATUS gums_cs_set_profile_path(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *prof_path)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, prof_path);
}
NTSTATUS gums_cs_set_workstations(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *wks)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, wks);
}
NTSTATUS gums_cs_set_unknown_string(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *unkn_str)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, unkn_str);
}
NTSTATUS gums_cs_set_munged_dial(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, char *munged_dial)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
+ return gums_cs_set_string(mem_ctx, com_set, GUMS_SET_NAME, munged_dial);
}
NTSTATUS gums_cs_set_nttime(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, uint32 type, NTTIME *nttime)
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = type;
new_time = talloc(mem_ctx, sizeof(NTTIME));
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, logon_time);
}
NTSTATUS gums_cs_set_logoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *logoff_time)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGOFF_TIME, logoff_time);
}
NTSTATUS gums_cs_set_kickoff_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *kickoff_time)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_KICKOFF_TIME, kickoff_time);
}
NTSTATUS gums_cs_set_pass_last_set_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pls_time)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pls_time);
}
NTSTATUS gums_cs_set_pass_can_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pcc_time)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pcc_time);
}
NTSTATUS gums_cs_set_pass_must_change_time(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, NTTIME *pmc_time)
if (com_set->type != GUMS_OBJ_NORMAL_USER)
return NT_STATUS_INVALID_PARAMETER;
- return gums_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
+ return gums_cs_set_nttime(mem_ctx, com_set, GUMS_SET_LOGON_TIME, pmc_time);
}
NTSTATUS gums_cs_add_sids_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_ADD_SID_LIST;
new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
if (com_set->type != GUMS_OBJ_GROUP || com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
}
NTSTATUS gums_cs_add_groups_to_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
if (com_set->type != GUMS_OBJ_ALIAS)
return NT_STATUS_INVALID_PARAMETER;
- return gums_add_sids_to_group(mem_ctx, com_set, sids, count);
+ return gums_cs_add_sids_to_group(mem_ctx, com_set, sids, count);
}
NTSTATUS gums_cs_del_sids_from_group(TALLOC_CTX *mem_ctx, GUMS_COMMIT_SET *com_set, const DOM_SID **sids, const uint32 count)
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_DEL_SID_LIST;
new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
if (data_set == NULL)
return NT_STATUS_NO_MEMORY;
- com_set->data = data_set;
- data_set = &((com_set->data)[com_set->count - 1]);
+ com_set->data[0] = data_set;
+ data_set = ((com_set->data)[com_set->count - 1]);
data_set->type = GUMS_SET_SID_LIST;
new_sids = (DOM_SID **)talloc(mem_ctx, (sizeof(void *) * count));
NTSTATUS gums_commit_data(GUMS_COMMIT_SET *set)
{
- return gums_storage->set_object_values(set->sid, set->count, set->data);
+ return gums_storage->set_object_values(&(set->sid), set->count, set->data);
}
NTSTATUS gums_destroy_commit_set(GUMS_COMMIT_SET **com_set)
loops with winbind may happen.
****************************************************************************/
-/*
+#if 0
NTSTATUS is_mapped_group(BOOL *mapped, const DOM_SID *sid)
{
NTSTATUS result;
gid_t id;
- /* look if mapping exist, do not make idmap alloc an uid if SID is not found * /
+ /* look if mapping exist, do not make idmap alloc an uid if SID is not found */
result = idmap_get_gid_from_sid(&id, sid, False);
if (NT_STATUS_IS_OK(result)) {
*mapped = gid_is_in_winbind_range(id);
return result;
}
-*/
+#endif
/****************************************************************************
duplicate alloc luid_attr
/****************************************************************************
initialise a privilege list
****************************************************************************/
-void init_privilege(PRIVILEGE_SET *priv_set)
+void gums_init_privilege(PRIVILEGE_SET *priv_set)
{
priv_set->count=0;
priv_set->control=0;
/****************************************************************************
add a privilege to a privilege array
****************************************************************************/
-NTSTATUS add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+NTSTATUS gums_add_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
{
LUID_ATTR *new_set;
/* check if the privilege is not already in the list */
- if (check_priv_in_privilege(priv_set, set))
+ if (gums_check_priv_in_privilege(priv_set, set))
return NT_STATUS_UNSUCCESSFUL;
/* we can allocate memory to add the new privilege */
/****************************************************************************
add all the privileges to a privilege array
****************************************************************************/
-NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
+NTSTATUS gums_add_all_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx)
{
NTSTATUS result = NT_STATUS_OK;
LUID_ATTR set;
set.luid.high=0;
set.luid.low=SE_PRIV_ADD_USERS;
- result = add_privilege(priv_set, ctx, set);
+ result = gums_add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
set.luid.low=SE_PRIV_ADD_MACHINES;
- result = add_privilege(priv_set, ctx, set);
+ result = gums_add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
set.luid.low=SE_PRIV_PRINT_OPERATOR;
- result = add_privilege(priv_set, ctx, set);
+ result = gums_add_privilege(priv_set, ctx, set);
NTSTATUS_CHECK("add_all_privilege", "add_privilege", result, done);
done:
/****************************************************************************
check if the privilege list is empty
****************************************************************************/
-BOOL check_empty_privilege(PRIVILEGE_SET *priv_set)
+BOOL gums_check_empty_privilege(PRIVILEGE_SET *priv_set)
{
return (priv_set->count == 0);
}
/****************************************************************************
check if the privilege is in the privilege list
****************************************************************************/
-BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
+BOOL gums_check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set)
{
int i;
/* if the list is empty, obviously we can't have it */
- if (check_empty_privilege(priv_set))
+ if (gums_check_empty_privilege(priv_set))
return False;
for (i=0; i<priv_set->count; i++) {
/****************************************************************************
remove a privilege from a privilege array
****************************************************************************/
-NTSTATUS remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
+NTSTATUS gums_remove_privilege(PRIVILEGE_SET *priv_set, TALLOC_CTX *ctx, LUID_ATTR set)
{
LUID_ATTR *new_set;
LUID_ATTR *old_set;
int i,j;
/* check if the privilege is in the list */
- if (!check_priv_in_privilege(priv_set, set))
+ if (!gums_check_priv_in_privilege(priv_set, set))
return NT_STATUS_UNSUCCESSFUL;
/* special case if it's the only privilege in the list */
if (priv_set->count==1) {
- init_privilege(priv_set);
+ gums_init_privilege(priv_set);
return NT_STATUS_OK;
}
/****************************************************************************
duplicates a privilege array
****************************************************************************/
-NTSTATUS dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
+NTSTATUS gums_dup_priv_set(PRIVILEGE_SET **new_priv_set, TALLOC_CTX *mem_ctx, PRIVILEGE_SET *priv_set)
{
LUID_ATTR *new_set;
LUID_ATTR *old_set;
int i;
*new_priv_set = (PRIVILEGE_SET *)talloc(mem_ctx, sizeof(PRIVILEGE_SET));
- init_privilege(*new_priv_set);
+ gums_init_privilege(*new_priv_set);
/* special case if there are no privileges in the list */
if (priv_set->count == 0) {
#define ALIAS_DEFAULT_SACL_SEC_ACE_FLAG (SEC_ACE_FLAG_FAILED_ACCESS | SEC_ACE_FLAG_SUCCESSFUL_ACCESS) /* 0xc0 */
+
+#if 0
NTSTATUS create_builtin_alias_default_sec_desc(SEC_DESC **sec_desc, TALLOC_CTX *ctx)
{
DOM_SID *world = &global_sid_World;
return NT_STATUS_NO_MEMORY;
}
- /* Administrators */
+ /* Administrators * /
/* alloc group structure */
- g_obj.data = (void *)talloc(g_obj.mem_ctx, sizeof(GUMS_OBJ_GROUP));
- ALLOC_CHECK("gums_init_backend", g_obj.data, result, done);
+ g_obj.data.group = (GUMS_GROUP *)talloc(g_obj.mem_ctx, sizeof(GUMS_GROUP));
+ ALLOC_CHECK("gums_init_backend", g_obj.data.group, result, done);
/* make admins sid */
- g_grp = (GUMS_GROUP *)g_obj.data;
+ g_grp = (GUMS_GROUP *)g_obj.data.group;
sid_copy(g_obj.sid, &global_sid_Builtin_Administrators);
/* make security descriptor */
talloc_destroy(g_priv.mem_ctx);
return result;
}
+#endif
print ", $name";
}
- print OFILE "int gen_dump_struct_$name(struct parse_string *, const char *, unsigned);\n";
- print OFILE "int gen_parse_struct_$name(char *, const char *);\n";
+ print OFILE "int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *, const char *, unsigned);\n";
+ print OFILE "int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *, const char *);\n";
print OFILE "static const struct parse_struct pinfo_" . $name . "[] = {\n";
- while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?\$(.*)/msi) {
+
+ while ($elements =~ /^.*?([a-z].*?);\s*?(\S*?)\s*?$(.*)/msi) {
my($element) = $1;
my($flags) = $2;
$elements = $3;
print OFILE "{NULL, 0, 0, 0, 0, NULL, 0, NULL, NULL}};\n";
print OFILE "
-int gen_dump_struct_$name(struct parse_string *p, const char *ptr, unsigned indent) {
- return gen_dump_struct(pinfo_$name, p, ptr, indent);
+int gen_dump_struct_$name(TALLOC_CTX *mem_ctx, struct parse_string *p, const char *ptr, unsigned indent) {
+ return gen_dump_struct(mem_ctx, pinfo_$name, p, ptr, indent);
}
-int gen_parse_struct_$name(char *ptr, const char *str) {
- return gen_parse_struct(pinfo_$name, ptr, str);
+int gen_parse_struct_$name(TALLOC_CTX *mem_ctx, char *ptr, const char *str) {
+ return gen_parse_struct(mem_ctx, pinfo_$name, ptr, str);
}
";
git.samba.org / metze / samba / wip.git / commitdiff