-/*
- Samba Unix/Linux SMB client utility profiles.c
-
- Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
- Copyright (C) Jelmer Vernooij (conversion to popt) 2003
- Copyright (C) Gerald (Jerry) Carter 2005
+/*
+ Samba Unix/Linux SMB client utility profiles.c
+
+ Copyright (C) Richard Sharpe, <rsharpe@richardsharpe.com> 2002
+ Copyright (C) Jelmer Vernooij (conversion to popt) 2003
+ Copyright (C) Gerald (Jerry) Carter 2005
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
- along with this program; if not, write to the Free Software
- Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-
+
#include "includes.h"
-#include "regfio.h"
+#include "system/filesys.h"
+#include "popt_common.h"
+#include "../libcli/security/security.h"
+<<<<<<< HEAD
/* GLOBAL VARIABLES */
-int verbose = 0;
-DOM_SID old_sid, new_sid;
+struct dom_sid old_sid, new_sid;
int change = 0, new_val = 0;
+int opt_verbose = False;
+/********************************************************************
+********************************************************************/
+
+static void verbose_output(const char *format, ...) PRINTF_ATTRIBUTE(1,2);
+static void verbose_output(const char *format, ...)
+{
+ va_list args;
+ char *var = NULL;
+
+ if (!opt_verbose) {
+ return;
+ }
+
+ va_start(args, format);
+ if ((vasprintf(&var, format, args)) == -1) {
+ va_end(args);
+ return;
+ }
+
+ fprintf(stdout, "%s", var);
+ va_end(args);
+ SAFE_FREE(var);
+}
/********************************************************************
********************************************************************/
-static void swap_sid_in_acl( SEC_DESC *sd, DOM_SID *s1, DOM_SID *s2 )
+static bool swap_sid_in_acl( struct security_descriptor *sd, struct dom_sid *s1, struct dom_sid *s2 )
{
- SEC_ACL *acl = sd->dacl;
+ struct security_acl *theacl;
int i;
+ bool update = False;
- if ( sid_equal( sd->owner_sid, s1 ) )
+ verbose_output(" Owner SID: %s\n", sid_string_tos(sd->owner_sid));
+ if ( dom_sid_equal( sd->owner_sid, s1 ) ) {
sid_copy( sd->owner_sid, s2 );
+ update = True;
+ verbose_output(" New Owner SID: %s\n",
+ sid_string_tos(sd->owner_sid));
+
+ }
+
+ verbose_output(" Group SID: %s\n", sid_string_tos(sd->group_sid));
+ if ( dom_sid_equal( sd->group_sid, s1 ) ) {
+ sid_copy( sd->group_sid, s2 );
+ update = True;
+ verbose_output(" New Group SID: %s\n",
+ sid_string_tos(sd->group_sid));
+ }
- if ( sid_equal( sd->grp_sid, s1 ) )
- sid_copy( sd->grp_sid, s2 );
+ theacl = sd->dacl;
+ verbose_output(" DACL: %d entries:\n", theacl->num_aces);
+ for ( i=0; i<theacl->num_aces; i++ ) {
+ verbose_output(" Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ sid_copy( &theacl->aces[i].trustee, s2 );
+ update = True;
+ verbose_output(" New Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ }
+ }
- for ( i=0; i<acl->num_aces; i++ ) {
- if ( sid_equal( &acl->ace[i].trustee, s1 ) )
- sid_copy( &acl->ace[i].trustee, s2 );
+#if 0
+ theacl = sd->sacl;
+ verbose_output(" SACL: %d entries: \n", theacl->num_aces);
+ for ( i=0; i<theacl->num_aces; i++ ) {
+ verbose_output(" Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ if ( dom_sid_equal( &theacl->aces[i].trustee, s1 ) ) {
+ sid_copy( &theacl->aces[i].trustee, s2 );
+ update = True;
+ verbose_output(" New Trustee SID: %s\n",
+ sid_string_tos(&theacl->aces[i].trustee));
+ }
}
+#endif
+ return update;
}
/********************************************************************
********************************************************************/
-static BOOL copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
+static bool copy_registry_tree( REGF_FILE *infile, REGF_NK_REC *nk,
REGF_NK_REC *parent, REGF_FILE *outfile,
const char *parentpath )
{
REGF_NK_REC *key, *subkey;
- SEC_DESC *new_sd;
- REGVAL_CTR values;
- REGSUBKEY_CTR subkeys;
+ struct security_descriptor *new_sd;
+ struct regval_ctr *values;
+ struct regsubkey_ctr *subkeys;
int i;
- pstring path;
+ char *path;
+ WERROR werr;
/* swap out the SIDs in the security descriptor */
- if ( !(new_sd = dup_sec_desc( outfile->mem_ctx, nk->sec_desc->sec_desc )) ) {
- fprintf( stderr, "Failed to copy security descriptor!\n" );
+ if (nk->sec_desc->sec_desc == NULL) {
+ fprintf(stderr, "Invalid (NULL) security descriptor!\n");
+ return false;
+ }
+
+ new_sd = security_descriptor_copy(outfile->mem_ctx,
+ nk->sec_desc->sec_desc);
+ if (new_sd == NULL) {
+ fprintf(stderr, "Failed to copy security descriptor!\n");
return False;
}
+ verbose_output("ACL for %s%s%s\n", parentpath, parent ? "\\" : "", nk->keyname);
swap_sid_in_acl( new_sd, &old_sid, &new_sid );
- regsubkey_ctr_init( &subkeys );
- regval_ctr_init( &values );
+ werr = regsubkey_ctr_init(NULL, &subkeys);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
+ return False;
+ }
- /* copy values into the REGVAL_CTR */
+ werr = regval_ctr_init(subkeys, &values);
+ if (!W_ERROR_IS_OK(werr)) {
+ TALLOC_FREE( subkeys );
+ DEBUG(0,("copy_registry_tree: talloc() failure!\n"));
+ return False;
+ }
+
+ /* copy values into the struct regval_ctr */
for ( i=0; i<nk->num_values; i++ ) {
- regval_ctr_addvalue( &values, nk->values[i].valuename, nk->values[i].type,
+ regval_ctr_addvalue( values, nk->values[i].valuename, nk->values[i].type,
nk->values[i].data, (nk->values[i].data_size & ~VK_DATA_IN_OFFSET) );
}
- /* copy subkeys into the REGSUBKEY_CTR */
+ /* copy subkeys into the struct regsubkey_ctr */
while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
- regsubkey_ctr_addkey( &subkeys, subkey->keyname );
+ regsubkey_ctr_addkey( subkeys, subkey->keyname );
}
- key = regfio_write_key( outfile, nk->keyname, &values, &subkeys, new_sd, parent );
+ key = regfio_write_key( outfile, nk->keyname, values, subkeys, new_sd, parent );
/* write each one of the subkeys out */
- pstr_sprintf( path, "%s%s%s", parentpath, parent ? "\\" : "", nk->keyname );
-
+ path = talloc_asprintf(subkeys, "%s%s%s",
+ parentpath, parent ? "\\" : "",nk->keyname);
+ if (!path) {
+ TALLOC_FREE( subkeys );
+ return false;
+ }
+
nk->subkey_index = 0;
- while ( (subkey = regfio_fetch_subkey( infile, nk )) ) {
- if ( !copy_registry_tree( infile, subkey, key, outfile, path ) )
- return False;
+ while ((subkey = regfio_fetch_subkey(infile, nk))) {
+ if (!copy_registry_tree( infile, subkey, key, outfile, path)) {
+ TALLOC_FREE(subkeys);
+ return false;
+ }
}
- regval_ctr_destroy( &values );
- regsubkey_ctr_destroy( &subkeys );
- if ( verbose )
- printf("[%s]\n", path );
+ verbose_output("[%s]\n", path);
+
+ /* values is a talloc()'d child of subkeys here so just throw it all away */
+ TALLOC_FREE(subkeys);
return True;
}
+=======
+#include "../librpc/gen_ndr/ndr_security.h"
+>>>>>>> 1150460... profiles...
/*********************************************************************
*********************************************************************/
-int main( int argc, char *argv[] )
+int main( int argc, const char *argv[] )
{
+ TALLOC_CTX *frame = talloc_stackframe();
int opt;
- REGF_FILE *infile, *outfile;
- REGF_NK_REC *nk;
- pstring orig_filename, new_filename;
+ int change = 0, new_val = 0;
+ struct dom_sid old_sid, new_sid;
+ DATA_BLOB old_blob, new_blob;
+ enum ndr_err_code ndr_err;
+ char *orig_filename, *new_filename;
+ uint8_t *buf;
+ size_t len;
+ size_t ofs;
+ int opt_verbose = False;
struct poptOption long_options[] = {
POPT_AUTOHELP
- { "verbose", 'v', POPT_ARG_NONE, NULL, 'v', "Sets verbose mode" },
{ "change-sid", 'c', POPT_ARG_STRING, NULL, 'c', "Provides SID to change" },
{ "new-sid", 'n', POPT_ARG_STRING, NULL, 'n', "Provides SID to change to" },
- { 0, 0, 0, 0 }
+ { "verbose", 'v', POPT_ARG_NONE, &opt_verbose, 'v', "Verbose output" },
+ POPT_COMMON_SAMBA
+ POPT_COMMON_VERSION
+ POPT_TABLEEND
};
+ poptContext pc;
+ smb_init_locale();
- poptContext pc;
+ /* setup logging options */
+
+ setup_logging( "profiles", DEBUG_STDERR);
- pc = poptGetContext("profiles", argc, (const char **)argv, long_options,
+ pc = poptGetContext("profiles", argc, argv, long_options,
POPT_CONTEXT_KEEP_FIRST);
poptSetOtherOptionHelp(pc, "<profilefile>");
}
break;
- case 'v':
- verbose++;
- break;
}
}
- poptGetArg(pc); /* To get argv[0] */
+ poptGetArg(pc);
if (!poptPeekArg(pc)) {
poptPrintUsage(pc, stderr, 0);
exit(1);
}
- if ((!change & new_val) || (change & !new_val)) {
+ if ((!change && new_val) || (change && !new_val)) {
fprintf(stderr, "You must specify both -c and -n if one or the other is set!\n");
poptPrintUsage(pc, stderr, 0);
exit(252);
}
- pstrcpy( orig_filename, poptPeekArg(pc) );
- pstr_sprintf( new_filename, "%s.new", orig_filename );
-
- if ( !(infile = regfio_open( orig_filename, O_RDONLY, 0 )) ) {
+ orig_filename = talloc_strdup(frame, poptPeekArg(pc));
+ if (!orig_filename) {
+ exit(ENOMEM);
+ }
+ new_filename = talloc_asprintf(frame,
+ "%s.new",
+ orig_filename);
+ if (!new_filename) {
+ exit(ENOMEM);
+ }
+
+ buf = (uint8_t *)file_load(orig_filename, &len, UINT32_MAX, frame);
+ if (buf == NULL) {
fprintf( stderr, "Failed to open %s!\n", orig_filename );
fprintf( stderr, "Error was (%s)\n", strerror(errno) );
exit (1);
}
-
- if ( !(outfile = regfio_open( new_filename, (O_RDWR|O_CREAT|O_TRUNC), (S_IREAD|S_IWRITE) )) ) {
- fprintf( stderr, "Failed to open new file %s!\n", new_filename );
- fprintf( stderr, "Error was (%s)\n", strerror(errno) );
- exit (1);
+
+ ndr_err = ndr_push_struct_blob(&old_blob, frame, &old_sid,
+ (ndr_push_flags_fn_t) ndr_push_security_descriptor);
+ ndr_err = ndr_push_struct_blob(&new_blob, frame, &new_sid,
+ (ndr_push_flags_fn_t) ndr_push_security_descriptor);
+
+ if (new_blob.length > old_blob.length) {
+
}
-
- /* actually do the update now */
-
- nk = regfio_rootkey( infile );
-
- if ( !copy_registry_tree( infile, nk, NULL, outfile, "" ) ) {
- fprintf(stderr, "Failed to write updated registry file!\n");
- exit(2);
- }
-
- /* cleanup */
-
- regfio_close( infile );
- regfio_close( outfile );
+
+ if (new_blob.length < old_blob.length) {
+ static const uint8_t pad[1024];
+ size_t pad_len = old_blob.length - new_blob.length;
+ SMB_ASSERT(pad_len <= sizeof(pad));
+ data_blob_append(frame, &new_blob, pad, pad_len);
+ }
+
+ SMB_ASSERT(new_blob.length == old_blob.length);
+
+ for (ofs=0; ofs < len;) {
+ uint8_t *p = &buf[ofs];
+ size_t remaining = len - ofs;
+ int cmp;
+
+ if (remaining < old_blob.length) {
+ break;
+ }
+
+ cmp = memcmp(p, old_blob.data, old_blob.length);
+ if (cmp != 0) {
+ ofs += 1;
+ continue;
+ }
+
+ if (opt_verbose) {
+ fprintf(stdout, "replace at ofs[%u]\n", (unsigned)ofs);
+ }
+
+ memcpy(p, new_blob.data, new_blob.length);
+ ofs += new_blob.length;
+ }
+
+ file_save(new_filename, buf, len);
poptFreeContext(pc);
- exit( 0 );
+ TALLOC_FREE(frame);
+ return 0;
}