-/*
- Samba Unix/Linux SMB client utility profiles.c
-
- Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
- Copyright (C) Jelmer Vernooij (conversion to popt) 2003
- Copyright (C) Gerald (Jerry) Carter 2005
+/*
+ Samba Unix/Linux SMB client utility profiles.c
+
+ Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
+ Copyright (C) Jelmer Vernooij (conversion to popt) 2003
+ Copyright (C) Gerald (Jerry) Carter 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-
+
#include "includes.h"
-#include "regfio.h"
+#include "system/filesys.h"
+#include "popt_common.h"
+#include "../libcli/security/security.h"
+<<<<<<< HEAD
/* GLOBAL VARIABLES */
-DOM_SID old_sid, new_sid;
+struct dom_sid old_sid, new_sid;
int change = 0, new_val = 0;
+int opt_verbose = False;
+/********************************************************************
+********************************************************************/
+
+static void verbose_output(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
+static void verbose_output(const char *format, ...)
+{
+ va_list args;
+ char *var = NULL;
+
+ if (!opt_verbose) {
+ return;
+ }
+
+ va_start(args, format);
+ if ((vasprintf(&var, format, args)) == -1) {
+ va_end(args);
+ return;
+ }
+
+ fprintf(stdout, "%s", var);
+ va_end(args);
+ SAFE_FREE(var);
+}
/********************************************************************
********************************************************************/
-static BOOL swap_sid_in_acl( SEC_DESC *sd, DOM_SID *s1, DOM_SID *s2 )
+static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, struct dom_sid *s2 )
{
- SEC_ACL *acl = sd->dacl;
+ struct security_acl *theacl;
int i;
- BOOL update = False;
+ bool update = False;
- if ( sid_equal( sd->owner_sid, s1 ) ) {
+ verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
+ if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
sid_copy( sd->owner_sid, s2 );
update = True;
+ verbose_output(" New Owner SID: %s\n",
+ sid_string_tos(sd->owner_sid));
+
}
- if ( sid_equal( sd->grp_sid, s1 ) ) {
- sid_copy( sd->grp_sid, s2 );
+ verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
+ if ( dom_sid_equal( sd->group_sid, s1 ) ) {
+ sid_copy( sd->group_sid, s2 );
update = True;
+ verbose_output(" New Group SID: %s\n",
+ sid_string_tos(sd->group_sid));
}
- for ( i=0; i<acl->num_aces; i++ ) {
- if ( sid_equal( &acl->ace[i].trustee, s1 ) ) {
- sid_copy( &acl->ace[i].trustee, s2 );
+ theacl = sd->dacl;
+ verbose_output(" DACL: %d entries:\n", theacl->num_aces);
+ for ( i=0; i<theacl->num_aces; i++ ) {
+ verbose_output(" Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ sid_copy( &theacl->aces[i].trustee, s2 );
update = True;
+ verbose_output(" New Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
}
}
+#if 0
+ theacl = sd->sacl;
+ verbose_output(" SACL: %d entries: \n", theacl->num_aces);
+ for ( i=0; i<theacl->num_aces; i++ ) {
+ verbose_output(" Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ sid_copy( &theacl->aces[i].trustee, s2 );
+ update = True;
+ verbose_output(" New Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ }
+ }
+#endif
return update;
}
/********************************************************************
********************************************************************/
-static BOOL copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
+static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
REGF_NK_REC *parent, REGF_FILE *outfile,
const char *parentpath )
{
REGF_NK_REC *key, *subkey;
- SEC_DESC *new_sd;
- REGVAL_CTR *values;
- REGSUBKEY_CTR *subkeys;
+ struct security_descriptor *new_sd;
+ struct regval_ctr *values;
+ struct regsubkey_ctr *subkeys;
int i;
- pstring path;
+ char *path;
+ WERROR werr;
/* swap out the SIDs in the security descriptor */
- if ( !(new_sd = dup_sec_desc( outfile->mem_ctx, nk->sec_desc->sec_desc )) ) {
- fprintf( stderr, "Failed to copy security descriptor!\n" );
+ if (nk->sec_desc->sec_desc == NULL) {
+ fprintf(stderr, "Invalid (NULL) security descriptor!\n");
+ return false;
+ }
+
+ new_sd = security_descriptor_copy(outfile->mem_ctx,
+ nk->sec_desc->sec_desc);
+ if (new_sd == NULL) {
+ fprintf(stderr, "Failed to copy security descriptor!\n");
return False;
}
- if ( swap_sid_in_acl( new_sd, &old_sid, &new_sid ) )
- DEBUG(2,("Updating ACL for %s\n", nk->keyname ));
+ verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
+ swap_sid_in_acl( new_sd, &old_sid, &new_sid );
- if ( !(subkeys = TALLOC_ZERO_P( NULL, REGSUBKEY_CTR )) ) {
+ werr = regsubkey_ctr_init(NULL, &subkeys);
+ if (!W_ERROR_IS_OK(werr)) {
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
- if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) ) {
+ werr = regval_ctr_init(subkeys, &values);
+ if (!W_ERROR_IS_OK(werr)) {
+ TALLOC_FREE( subkeys );
DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
return False;
}
- /* copy values into the REGVAL_CTR */
+ /* copy values into the struct regval_ctr */
for ( i=0; i<nk->num_values; i++ ) {
regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
}
- /* copy subkeys into the REGSUBKEY_CTR */
+ /* copy subkeys into the struct regsubkey_ctr */
while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
regsubkey_ctr_addkey( subkeys, subkey->keyname );
/* write each one of the subkeys out */
- pstr_sprintf( path, "%s%s%s", parentpath, parent ? "\\" : "", nk->keyname );
-
+ path = talloc_asprintf(subkeys, "%s%s%s",
+ parentpath, parent ? "\\" : "",nk->keyname);
+ if (!path) {
+ TALLOC_FREE( subkeys );
+ return false;
+ }
+
nk->subkey_index = 0;
- while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
- if ( !copy_registry_tree( infile, subkey, key, outfile, path ) )
- return False;
+ while ((subkey = regfio_fetch_subkey(infile, nk))) {
+ if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
+ TALLOC_FREE(subkeys);
+ return false;
+ }
}
- /* values is a talloc()'d child of subkeys here so just throw it all away */
- TALLOC_FREE( subkeys );
+ verbose_output("[%s]\n", path);
- DEBUG(1,("[%s]\n", path));
+ /* values is a talloc()'d child of subkeys here so just throw it all away */
+ TALLOC_FREE(subkeys);
return True;
}
+=======
+#include "../librpc/gen_ndr/ndr_security.h"
+>>>>>>> 1150460... profiles...
/*********************************************************************
*********************************************************************/
-int main( int argc, char *argv[] )
+int main( int argc, const char *argv[] )
{
+ TALLOC_CTX *frame = talloc_stackframe();
int opt;
- REGF_FILE *infile, *outfile;
- REGF_NK_REC *nk;
- pstring orig_filename, new_filename;
+ int change = 0, new_val = 0;
+ struct dom_sid old_sid, new_sid;
+ DATA_BLOB old_blob, new_blob;
+ enum ndr_err_code ndr_err;
+ char *orig_filename, *new_filename;
+ uint8_t *buf;
+ size_t len;
+ size_t ofs;
+ int opt_verbose = False;
struct poptOption long_options[] = {
POPT_AUTOHELP
{ "change-sid", 'c', POPT_ARG_STRING, NULL, 'c', "Provides SID to change" },
{ "new-sid", 'n', POPT_ARG_STRING, NULL, 'n', "Provides SID to change to" },
+ { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 'v', "Verbose output" },
POPT_COMMON_SAMBA
POPT_COMMON_VERSION
POPT_TABLEEND
};
poptContext pc;
+ smb_init_locale();
+
/* setup logging options */
- setup_logging( "profiles", True );
- dbf = x_stderr;
- x_setbuf( x_stderr, NULL );
+ setup_logging( "profiles", DEBUG_STDERR);
- pc = poptGetContext("profiles", argc, (const char **)argv, long_options,
+ pc = poptGetContext("profiles", argc, argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
poptSetOtherOptionHelp(pc, "<profilefile>");
+ ZERO_STRUCT(old_sid);
+ ZERO_STRUCT(new_sid);
+
/* Now, process the arguments */
while ((opt = poptGetNextOpt(pc)) != -1) {
}
}
- poptGetArg(pc);
+ poptGetArg(pc);
if (!poptPeekArg(pc)) {
poptPrintUsage(pc, stderr, 0);
exit(1);
}
- if ((!change & new_val) || (change & !new_val)) {
+ if (!change || !new_val) {
fprintf(stderr, "You must specify both -c and -n if one or the other is set!\n");
poptPrintUsage(pc, stderr, 0);
exit(252);
}
- pstrcpy( orig_filename, poptPeekArg(pc) );
- pstr_sprintf( new_filename, "%s.new", orig_filename );
-
- if ( !(infile = regfio_open( orig_filename, O_RDONLY, 0 )) ) {
+ orig_filename = talloc_strdup(frame, poptPeekArg(pc));
+ if (!orig_filename) {
+ exit(ENOMEM);
+ }
+ new_filename = talloc_asprintf(frame,
+ "%s.new",
+ orig_filename);
+ if (!new_filename) {
+ exit(ENOMEM);
+ }
+
+ buf = (uint8_t *)file_load(orig_filename, &len, UINT32_MAX, frame);
+ if (buf == NULL) {
fprintf( stderr, "Failed to open %s!\n", orig_filename );
fprintf( stderr, "Error was (%s)\n", strerror(errno) );
exit (1);
}
-
- if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
- fprintf( stderr, "Failed to open new file %s!\n", new_filename );
- fprintf( stderr, "Error was (%s)\n", strerror(errno) );
+
+ ndr_err = ndr_push_struct_blob(&old_blob, frame, &old_sid,
+ (ndr_push_flags_fn_t) ndr_push_dom_sid);
+ SMB_ASSERT(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
+
+ ndr_err = ndr_push_struct_blob(&new_blob, frame, &new_sid,
+ (ndr_push_flags_fn_t) ndr_push_dom_sid);
+ SMB_ASSERT(NDR_ERR_CODE_IS_SUCCESS(ndr_err));
+
+ if (new_blob.length > old_blob.length) {
+ fprintf(stderr, "New SID[%s][%u] is longer than old SID[%s][%u]]\n",
+ sid_string_dbg(&new_sid), (unsigned)new_blob.length,
+ sid_string_dbg(&old_sid), (unsigned)old_blob.length);
exit (1);
}
-
- /* actually do the update now */
-
- nk = regfio_rootkey( infile );
-
- if ( !copy_registry_tree( infile, nk, NULL, outfile, "" ) ) {
- fprintf(stderr, "Failed to write updated registry file!\n");
- exit(2);
- }
-
- /* cleanup */
-
- regfio_close( infile );
- regfio_close( outfile );
+
+ if (new_blob.length < old_blob.length) {
+ static const uint8_t pad[1024];
+ size_t pad_len = old_blob.length - new_blob.length;
+ SMB_ASSERT(pad_len <= sizeof(pad));
+ data_blob_append(frame, &new_blob, pad, pad_len);
+ }
+
+ SMB_ASSERT(new_blob.length == old_blob.length);
+
+ for (ofs=0; ofs < len;) {
+ uint8_t *p = &buf[ofs];
+ size_t remaining = len - ofs;
+ int cmp;
+
+ if (remaining < old_blob.length) {
+ break;
+ }
+
+ cmp = memcmp(p, old_blob.data, old_blob.length);
+ if (cmp != 0) {
+ ofs += 1;
+ continue;
+ }
+
+ if (opt_verbose) {
+ fprintf(stdout, "replace at ofs[%u]\n", (unsigned)ofs);
+ }
+
+ memcpy(p, new_blob.data, new_blob.length);
+ ofs += new_blob.length;
+ }
+
+ file_save(new_filename, buf, len);
poptFreeContext(pc);
- exit( 0 );
+ TALLOC_FREE(frame);
+ return 0;
}