Changeset 745 for trunk/server/source3/passdb
- Timestamp:
- Nov 27, 2012, 4:43:17 PM (13 years ago)
- Location:
- trunk/server
- Files:
-
- 4 deleted
- 15 edited
- 8 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 581,587,591,594,597,600,615,618,740
- Property svn:mergeinfo changed
-
trunk/server/source3/passdb/login_cache.c
r480 r745 3 3 struct samu local cache for 4 4 Copyright (C) Jim McDonough (jmcd@us.ibm.com) 2004. 5 5 6 6 This program is free software; you can redistribute it and/or modify 7 7 it under the terms of the GNU General Public License as published by 8 8 the Free Software Foundation; either version 3 of the License, or 9 9 (at your option) any later version. 10 10 11 11 This program is distributed in the hope that it will be useful, 12 12 but WITHOUT ANY WARRANTY; without even the implied warranty of 13 13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 14 GNU General Public License for more details. 15 15 16 16 You should have received a copy of the GNU General Public License 17 17 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 19 19 20 20 #include "includes.h" 21 #include "system/filesys.h" 22 #include "passdb.h" 23 #include "util_tdb.h" 21 24 22 25 #undef DBGC_CLASS … … 32 35 { 33 36 char* cache_fname = NULL; 34 37 35 38 /* skip file open if it's already opened */ 36 39 if (cache) return True; … … 64 67 65 68 /* if we can't read the cache, oh well, no need to return anything */ 66 LOGIN_CACHE * login_cache_read(struct samu *sampass)69 bool login_cache_read(struct samu *sampass, struct login_cache *entry) 67 70 { 68 71 char *keystr; 69 72 TDB_DATA databuf; 70 LOGIN_CACHE *entry;71 73 uint32_t entry_timestamp = 0, bad_password_time = 0; 72 74 uint16_t acct_ctrl; 73 75 74 if (!login_cache_init()) 75 return NULL; 76 if (!login_cache_init()) { 77 return false; 78 } 76 79 77 80 if (pdb_get_nt_username(sampass) == NULL) { 78 return NULL;81 return false; 79 82 } 80 83 … … 82 85 if (!keystr || !keystr[0]) { 83 86 SAFE_FREE(keystr); 84 return NULL;87 return false; 85 88 } 86 89 … … 90 93 SAFE_FREE(keystr); 91 94 92 if (!(entry = SMB_MALLOC_P(LOGIN_CACHE))) {93 DEBUG(1, ("Unable to allocate cache entry buffer!\n"));94 SAFE_FREE(databuf.dptr);95 return NULL;96 }97 95 ZERO_STRUCTP(entry); 98 96 … … 103 101 &bad_password_time) == -1) { 104 102 DEBUG(7, ("No cache entry found\n")); 105 SAFE_FREE(entry);106 103 SAFE_FREE(databuf.dptr); 107 return NULL;104 return false; 108 105 } 109 106 … … 123 120 (unsigned int)entry->entry_timestamp, entry->acct_ctrl, 124 121 entry->bad_password_count, (unsigned int)entry->bad_password_time)); 125 return entry; 126 } 127 128 bool login_cache_write(const struct samu *sampass, LOGIN_CACHE entry) 122 return true; 123 } 124 125 bool login_cache_write(const struct samu *sampass, 126 const struct login_cache *entry) 129 127 { 130 128 char *keystr; … … 132 130 bool ret; 133 131 uint32_t entry_timestamp; 134 uint32_t bad_password_time = (uint32_t)entry.bad_password_time;132 uint32_t bad_password_time = entry->bad_password_time; 135 133 136 134 if (!login_cache_init()) … … 152 150 tdb_pack(NULL, 0, SAM_CACHE_FORMAT, 153 151 entry_timestamp, 154 entry .acct_ctrl,155 entry .bad_password_count,152 entry->acct_ctrl, 153 entry->bad_password_count, 156 154 bad_password_time); 157 155 databuf.dptr = SMB_MALLOC_ARRAY(uint8, databuf.dsize); … … 160 158 return False; 161 159 } 162 160 163 161 if (tdb_pack(databuf.dptr, databuf.dsize, SAM_CACHE_FORMAT, 164 162 entry_timestamp, 165 entry .acct_ctrl,166 entry .bad_password_count,163 entry->acct_ctrl, 164 entry->bad_password_count, 167 165 bad_password_time) 168 166 != databuf.dsize) { … … 182 180 int ret; 183 181 char *keystr; 184 182 185 183 if (!login_cache_init()) 186 184 return False; … … 199 197 ret = tdb_delete_bystring(cache, keystr); 200 198 DEBUG(9, ("tdb_delete returned %d\n", ret)); 201 199 202 200 SAFE_FREE(keystr); 203 201 return ret == 0; -
trunk/server/source3/passdb/lookup_sid.c
r414 r745 5 5 Copyright (C) Gerald (Jerry) Carter 2003 6 6 Copyright (C) Volker Lendecke 2005 7 7 8 8 This program is free software; you can redistribute it and/or modify 9 9 it under the terms of the GNU General Public License as published by 10 10 the Free Software Foundation; either version 3 of the License, or 11 11 (at your option) any later version. 12 12 13 13 This program is distributed in the hope that it will be useful, 14 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 16 GNU General Public License for more details. 17 17 18 18 You should have received a copy of the GNU General Public License 19 19 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 21 21 22 22 #include "includes.h" 23 #include "passdb.h" 24 #include "../librpc/gen_ndr/ndr_security.h" 25 #include "secrets.h" 26 #include "memcache.h" 27 #include "idmap_cache.h" 28 #include "../libcli/security/security.h" 29 #include "lib/winbind_util.h" 23 30 24 31 /***************************************************************** … … 33 40 const char *full_name, int flags, 34 41 const char **ret_domain, const char **ret_name, 35 DOM_SID*ret_sid, enum lsa_SidType *ret_type)42 struct dom_sid *ret_sid, enum lsa_SidType *ret_type) 36 43 { 37 44 char *p; … … 40 47 const char *name = NULL; 41 48 uint32 rid; 42 DOM_SIDsid;49 struct dom_sid sid; 43 50 enum lsa_SidType type; 44 51 TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx); … … 66 73 } 67 74 68 DEBUG(10,("lookup_name: %s => %s (domain), %s (name)\n",75 DEBUG(10,("lookup_name: %s => domain=[%s], name=[%s]\n", 69 76 full_name, domain, name)); 70 77 DEBUG(10, ("lookup_name: flags = 0x0%x\n", flags)); … … 76 83 /* It's our own domain, lookup the name in passdb */ 77 84 if (lookup_global_sam_name(name, flags, &rid, &type)) { 78 sid_copy(&sid, get_global_sam_sid()); 79 sid_append_rid(&sid, rid); 85 sid_compose(&sid, get_global_sam_sid(), rid); 80 86 goto ok; 81 87 } … … 97 103 /* Explicit request for a name in BUILTIN */ 98 104 if (lookup_builtin_name(name, &rid)) { 99 sid_copy(&sid, &global_sid_Builtin); 100 sid_append_rid(&sid, rid); 105 sid_compose(&sid, &global_sid_Builtin, rid); 101 106 type = SID_NAME_ALIAS; 102 107 goto ok; … … 216 221 { 217 222 domain = talloc_strdup(tmp_ctx, builtin_domain_name()); 218 sid_copy(&sid, &global_sid_Builtin); 219 sid_append_rid(&sid, rid); 223 sid_compose(&sid, &global_sid_Builtin, rid); 220 224 type = SID_NAME_ALIAS; 221 225 goto ok; … … 231 235 { 232 236 domain = talloc_strdup(tmp_ctx, get_global_sam_name()); 233 sid_copy(&sid, get_global_sam_sid()); 234 sid_append_rid(&sid, rid); 237 sid_compose(&sid, get_global_sam_sid(), rid); 235 238 goto ok; 236 239 } … … 258 261 259 262 if (IS_DC && winbind_lookup_name("", name, &sid, &type)) { 260 DOM_SID dom_sid; 261 uint32 tmp_rid; 263 struct dom_sid dom_sid; 262 264 enum lsa_SidType domain_type; 263 265 264 266 if (type == SID_NAME_DOMAIN) { 265 267 /* Swap name and type */ … … 273 275 274 276 sid_copy(&dom_sid, &sid); 275 sid_split_rid(&dom_sid, &tmp_rid);277 sid_split_rid(&dom_sid, NULL); 276 278 277 279 if (!winbind_lookup_sid(tmp_ctx, &dom_sid, &domain, NULL, … … 362 364 const char *full_name, int flags, 363 365 const char **ret_domain, const char **ret_name, 364 DOM_SID*ret_sid, enum lsa_SidType *ret_type)366 struct dom_sid *ret_sid, enum lsa_SidType *ret_type) 365 367 { 366 368 char *qualified_name; … … 403 405 return true; 404 406 } 405 407 406 408 /* Finally try with "Unix Users" or "Unix Group" */ 407 409 qualified_name = talloc_asprintf(mem_ctx, "%s\\%s", … … 420 422 421 423 static bool wb_lookup_rids(TALLOC_CTX *mem_ctx, 422 const DOM_SID*domain_sid,424 const struct dom_sid *domain_sid, 423 425 int num_rids, uint32 *rids, 424 426 const char **domain_name, … … 470 472 } 471 473 472 static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID*domain_sid,474 static bool lookup_rids(TALLOC_CTX *mem_ctx, const struct dom_sid *domain_sid, 473 475 int num_rids, uint32_t *rids, 474 476 const char **domain_name, … … 544 546 if (sid_check_is_wellknown_domain(domain_sid, NULL)) { 545 547 for (i=0; i<num_rids; i++) { 546 DOM_SID sid; 547 sid_copy(&sid, domain_sid); 548 sid_append_rid(&sid, rids[i]); 548 struct dom_sid sid; 549 sid_compose(&sid, domain_sid, rids[i]); 549 550 if (lookup_wellknown_sid(mem_ctx, &sid, 550 551 domain_name, &(*names)[i])) { … … 606 607 */ 607 608 608 static bool lookup_as_domain(const DOM_SID*sid, TALLOC_CTX *mem_ctx,609 static bool lookup_as_domain(const struct dom_sid *sid, TALLOC_CTX *mem_ctx, 609 610 const char **name) 610 611 { … … 657 658 658 659 for (i=0; i<num_domains; i++) { 659 if ( sid_equal(sid, &domains[i]->sid)) {660 if (dom_sid_equal(sid, &domains[i]->sid)) { 660 661 *name = talloc_strdup(mem_ctx, 661 662 domains[i]->name); … … 694 695 */ 695 696 696 static bool check_dom_sid_to_level(const DOM_SID*sid, int level)697 static bool check_dom_sid_to_level(const struct dom_sid *sid, int level) 697 698 { 698 699 int ret = false; … … 729 730 * belonging to a domain and hands them in bulk to the appropriate lookup 730 731 * function. In particular pdb_lookup_rids with ldapsam_trusted benefits 731 * *hugely* from this. Winbind is going to be extended with a lookup_rids 732 * interface as well, so on a DC we can do a bulk lsa_lookuprids to the 733 * appropriate DC. 732 * *hugely* from this. 734 733 */ 735 734 736 735 NTSTATUS lookup_sids(TALLOC_CTX *mem_ctx, int num_sids, 737 const DOM_SID**sids, int level,736 const struct dom_sid **sids, int level, 738 737 struct lsa_dom_info **ret_domains, 739 738 struct lsa_name_info **ret_names) … … 783 782 784 783 for (i=0; i<num_sids; i++) { 785 DOM_SIDsid;786 uint32 rid;784 struct dom_sid sid; 785 uint32_t rid = 0; 787 786 const char *domain_name = NULL; 788 787 … … 802 801 goto fail; 803 802 } 804 803 805 804 name_infos[i].rid = 0; 806 805 name_infos[i].type = SID_NAME_DOMAIN; … … 836 835 break; 837 836 } 838 if ( sid_equal(&sid, &dom_infos[j].sid)) {837 if (dom_sid_equal(&sid, &dom_infos[j].sid)) { 839 838 break; 840 839 } … … 921 920 goto fail; 922 921 } 923 922 924 923 for (j=0; j<dom->num_idxs; j++) { 925 924 int idx = dom->idxs[j]; … … 954 953 *****************************************************************/ 955 954 956 bool lookup_sid(TALLOC_CTX *mem_ctx, const DOM_SID*sid,955 bool lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, 957 956 const char **ret_domain, const char **ret_name, 958 957 enum lsa_SidType *ret_type) … … 1018 1017 *****************************************************************/ 1019 1018 1020 static bool fetch_sid_from_uid_cache( DOM_SID*psid, uid_t uid)1019 static bool fetch_sid_from_uid_cache(struct dom_sid *psid, uid_t uid) 1021 1020 { 1022 1021 DATA_BLOB cache_value; … … 1030 1029 memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length)); 1031 1030 SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth)); 1032 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, NULL,0));1031 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, 0)); 1033 1032 1034 1033 return true; … … 1039 1038 *****************************************************************/ 1040 1039 1041 static bool fetch_uid_from_cache( uid_t *puid, const DOM_SID*psid )1040 static bool fetch_uid_from_cache( uid_t *puid, const struct dom_sid *psid ) 1042 1041 { 1043 1042 DATA_BLOB cache_value; 1044 1043 1045 1044 if (!memcache_lookup(NULL, SID_UID_CACHE, 1046 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)),1045 data_blob_const(psid, ndr_size_dom_sid(psid, 0)), 1047 1046 &cache_value)) { 1048 1047 return false; … … 1059 1058 *****************************************************************/ 1060 1059 1061 void store_uid_sid_cache(const DOM_SID*psid, uid_t uid)1060 void store_uid_sid_cache(const struct dom_sid *psid, uid_t uid) 1062 1061 { 1063 1062 memcache_add(NULL, SID_UID_CACHE, 1064 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)),1063 data_blob_const(psid, ndr_size_dom_sid(psid, 0)), 1065 1064 data_blob_const(&uid, sizeof(uid))); 1066 1065 memcache_add(NULL, UID_SID_CACHE, 1067 1066 data_blob_const(&uid, sizeof(uid)), 1068 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)));1067 data_blob_const(psid, ndr_size_dom_sid(psid, 0))); 1069 1068 } 1070 1069 … … 1073 1072 *****************************************************************/ 1074 1073 1075 static bool fetch_sid_from_gid_cache( DOM_SID*psid, gid_t gid)1074 static bool fetch_sid_from_gid_cache(struct dom_sid *psid, gid_t gid) 1076 1075 { 1077 1076 DATA_BLOB cache_value; … … 1085 1084 memcpy(psid, cache_value.data, MIN(sizeof(*psid), cache_value.length)); 1086 1085 SMB_ASSERT(cache_value.length >= offsetof(struct dom_sid, id_auth)); 1087 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, NULL,0));1086 SMB_ASSERT(cache_value.length == ndr_size_dom_sid(psid, 0)); 1088 1087 1089 1088 return true; … … 1094 1093 *****************************************************************/ 1095 1094 1096 static bool fetch_gid_from_cache(gid_t *pgid, const DOM_SID*psid)1095 static bool fetch_gid_from_cache(gid_t *pgid, const struct dom_sid *psid) 1097 1096 { 1098 1097 DATA_BLOB cache_value; 1099 1098 1100 1099 if (!memcache_lookup(NULL, SID_GID_CACHE, 1101 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)),1100 data_blob_const(psid, ndr_size_dom_sid(psid, 0)), 1102 1101 &cache_value)) { 1103 1102 return false; … … 1114 1113 *****************************************************************/ 1115 1114 1116 void store_gid_sid_cache(const DOM_SID*psid, gid_t gid)1115 void store_gid_sid_cache(const struct dom_sid *psid, gid_t gid) 1117 1116 { 1118 1117 memcache_add(NULL, SID_GID_CACHE, 1119 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)),1118 data_blob_const(psid, ndr_size_dom_sid(psid, 0)), 1120 1119 data_blob_const(&gid, sizeof(gid))); 1121 1120 memcache_add(NULL, GID_SID_CACHE, 1122 1121 data_blob_const(&gid, sizeof(gid)), 1123 data_blob_const(psid, ndr_size_dom_sid(psid, NULL,0)));1122 data_blob_const(psid, ndr_size_dom_sid(psid, 0))); 1124 1123 } 1125 1124 … … 1128 1127 *****************************************************************/ 1129 1128 1130 static void legacy_uid_to_sid( DOM_SID*psid, uid_t uid)1129 static void legacy_uid_to_sid(struct dom_sid *psid, uid_t uid) 1131 1130 { 1132 1131 bool ret; … … 1159 1158 *****************************************************************/ 1160 1159 1161 static void legacy_gid_to_sid( DOM_SID*psid, gid_t gid)1160 static void legacy_gid_to_sid(struct dom_sid *psid, gid_t gid) 1162 1161 { 1163 1162 bool ret; … … 1173 1172 goto done; 1174 1173 } 1175 1174 1176 1175 /* This is an unmapped group */ 1177 1176 … … 1190 1189 *****************************************************************/ 1191 1190 1192 static bool legacy_sid_to_uid(const DOM_SID*psid, uid_t *puid)1191 static bool legacy_sid_to_uid(const struct dom_sid *psid, uid_t *puid) 1193 1192 { 1194 1193 enum lsa_SidType type; 1195 uint32 rid; 1196 1197 if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) { 1194 1195 if (sid_check_is_in_our_domain(psid)) { 1198 1196 union unid_t id; 1199 1197 bool ret; … … 1234 1232 *****************************************************************/ 1235 1233 1236 static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid) 1237 { 1238 uint32 rid; 1234 static bool legacy_sid_to_gid(const struct dom_sid *psid, gid_t *pgid) 1235 { 1239 1236 GROUP_MAP map; 1240 1237 union unid_t id; … … 1258 1255 } 1259 1256 1260 if (sid_ peek_check_rid(get_global_sam_sid(), psid, &rid)) {1257 if (sid_check_is_in_our_domain(psid)) { 1261 1258 bool ret; 1262 1259 … … 1276 1273 goto done; 1277 1274 } 1278 1275 1279 1276 /* This was ours, but it was not mapped. Fail */ 1280 1277 } … … 1283 1280 sid_string_dbg(psid))); 1284 1281 return false; 1285 1282 1286 1283 done: 1287 1284 DEBUG(10,("LEGACY: sid %s -> gid %u\n", sid_string_dbg(psid), … … 1297 1294 *****************************************************************/ 1298 1295 1299 void uid_to_sid( DOM_SID*psid, uid_t uid)1296 void uid_to_sid(struct dom_sid *psid, uid_t uid) 1300 1297 { 1301 1298 bool expired = true; … … 1350 1347 *****************************************************************/ 1351 1348 1352 void gid_to_sid( DOM_SID*psid, gid_t gid)1349 void gid_to_sid(struct dom_sid *psid, gid_t gid) 1353 1350 { 1354 1351 bool expired = true; … … 1399 1396 } 1400 1397 1398 bool sids_to_unix_ids(const struct dom_sid *sids, uint32_t num_sids, 1399 struct wbcUnixId *ids) 1400 { 1401 struct wbcDomainSid *wbc_sids = NULL; 1402 struct wbcUnixId *wbc_ids = NULL; 1403 uint32_t i, num_not_cached; 1404 wbcErr err; 1405 bool ret = false; 1406 1407 wbc_sids = TALLOC_ARRAY(talloc_tos(), struct wbcDomainSid, num_sids); 1408 if (wbc_sids == NULL) { 1409 return false; 1410 } 1411 1412 num_not_cached = 0; 1413 1414 for (i=0; i<num_sids; i++) { 1415 bool expired; 1416 uint32_t rid; 1417 1418 if (fetch_uid_from_cache(&ids[i].id.uid, &sids[i])) { 1419 ids[i].type = WBC_ID_TYPE_UID; 1420 continue; 1421 } 1422 if (fetch_gid_from_cache(&ids[i].id.gid, &sids[i])) { 1423 ids[i].type = WBC_ID_TYPE_GID; 1424 continue; 1425 } 1426 if (sid_peek_check_rid(&global_sid_Unix_Users, 1427 &sids[i], &rid)) { 1428 ids[i].type = WBC_ID_TYPE_UID; 1429 ids[i].id.uid = rid; 1430 continue; 1431 } 1432 if (sid_peek_check_rid(&global_sid_Unix_Groups, 1433 &sids[i], &rid)) { 1434 ids[i].type = WBC_ID_TYPE_GID; 1435 ids[i].id.gid = rid; 1436 continue; 1437 } 1438 if (idmap_cache_find_sid2uid(&sids[i], &ids[i].id.uid, 1439 &expired) 1440 && !expired) { 1441 ids[i].type = WBC_ID_TYPE_UID; 1442 continue; 1443 } 1444 if (idmap_cache_find_sid2gid(&sids[i], &ids[i].id.gid, 1445 &expired) 1446 && !expired) { 1447 ids[i].type = WBC_ID_TYPE_GID; 1448 continue; 1449 } 1450 ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED; 1451 memcpy(&wbc_sids[num_not_cached], &sids[i], 1452 ndr_size_dom_sid(&sids[i], 0)); 1453 num_not_cached += 1; 1454 } 1455 if (num_not_cached == 0) { 1456 goto done; 1457 } 1458 wbc_ids = TALLOC_ARRAY(talloc_tos(), struct wbcUnixId, num_not_cached); 1459 if (wbc_ids == NULL) { 1460 goto fail; 1461 } 1462 for (i=0; i<num_not_cached; i++) { 1463 wbc_ids[i].type = WBC_ID_TYPE_NOT_SPECIFIED; 1464 } 1465 err = wbcSidsToUnixIds(wbc_sids, num_not_cached, wbc_ids); 1466 if (!WBC_ERROR_IS_OK(err)) { 1467 DEBUG(10, ("wbcSidsToUnixIds returned %s\n", 1468 wbcErrorString(err))); 1469 } 1470 1471 num_not_cached = 0; 1472 1473 for (i=0; i<num_sids; i++) { 1474 if (ids[i].type == WBC_ID_TYPE_NOT_SPECIFIED) { 1475 ids[i] = wbc_ids[num_not_cached]; 1476 num_not_cached += 1; 1477 } 1478 } 1479 1480 for (i=0; i<num_sids; i++) { 1481 if (ids[i].type != WBC_ID_TYPE_NOT_SPECIFIED) { 1482 continue; 1483 } 1484 if (legacy_sid_to_gid(&sids[i], &ids[i].id.gid)) { 1485 ids[i].type = WBC_ID_TYPE_GID; 1486 continue; 1487 } 1488 if (legacy_sid_to_uid(&sids[i], &ids[i].id.uid)) { 1489 ids[i].type = WBC_ID_TYPE_UID; 1490 continue; 1491 } 1492 } 1493 done: 1494 ret = true; 1495 fail: 1496 TALLOC_FREE(wbc_ids); 1497 TALLOC_FREE(wbc_sids); 1498 return ret; 1499 } 1500 1401 1501 /***************************************************************** 1402 1502 *THE CANONICAL* convert SID to uid function. 1403 1503 *****************************************************************/ 1404 1504 1405 bool sid_to_uid(const DOM_SID*psid, uid_t *puid)1505 bool sid_to_uid(const struct dom_sid *psid, uid_t *puid) 1406 1506 { 1407 1507 bool expired = true; … … 1465 1565 *****************************************************************/ 1466 1566 1467 bool sid_to_gid(const DOM_SID*psid, gid_t *pgid)1567 bool sid_to_gid(const struct dom_sid *psid, gid_t *pgid) 1468 1568 { 1469 1569 bool expired = true; … … 1521 1621 return true; 1522 1622 } 1623 1624 /** 1625 * @brief This function gets the primary group SID mapping the primary 1626 * GID of the user as obtained by an actual getpwnam() call. 1627 * This is necessary to avoid issues with arbitrary group SIDs 1628 * stored in passdb. We try as hard as we can to get the SID 1629 * corresponding to the GID, including trying group mapping. 1630 * If nothing else works, we will force "Domain Users" as the 1631 * primary group. 1632 * This is needed because we must always be able to lookup the 1633 * primary group SID, so we cannot settle for an arbitrary SID. 1634 * 1635 * This call can be expensive. Use with moderation. 1636 * If you have a "samu" struct around use pdb_get_group_sid() 1637 * instead as it does properly cache results. 1638 * 1639 * @param mem_ctx[in] The memory context iused to allocate the result. 1640 * @param username[in] The user's name 1641 * @param _pwd[in|out] If available, pass in user's passwd struct. 1642 * It will contain a tallocated passwd if NULL was 1643 * passed in. 1644 * @param _group_sid[out] The user's Primary Group SID 1645 * 1646 * @return NTSTATUS error code. 1647 */ 1648 NTSTATUS get_primary_group_sid(TALLOC_CTX *mem_ctx, 1649 const char *username, 1650 struct passwd **_pwd, 1651 struct dom_sid **_group_sid) 1652 { 1653 TALLOC_CTX *tmp_ctx; 1654 bool need_lookup_sid = false; 1655 struct dom_sid *group_sid; 1656 struct passwd *pwd = *_pwd; 1657 1658 tmp_ctx = talloc_new(mem_ctx); 1659 if (!tmp_ctx) { 1660 return NT_STATUS_NO_MEMORY; 1661 } 1662 1663 if (!pwd) { 1664 pwd = Get_Pwnam_alloc(mem_ctx, username); 1665 if (!pwd) { 1666 DEBUG(0, ("Failed to find a Unix account for %s", 1667 username)); 1668 TALLOC_FREE(tmp_ctx); 1669 return NT_STATUS_NO_SUCH_USER; 1670 } 1671 } 1672 1673 group_sid = talloc_zero(mem_ctx, struct dom_sid); 1674 if (!group_sid) { 1675 TALLOC_FREE(tmp_ctx); 1676 return NT_STATUS_NO_MEMORY; 1677 } 1678 1679 gid_to_sid(group_sid, pwd->pw_gid); 1680 if (!is_null_sid(group_sid)) { 1681 struct dom_sid domain_sid; 1682 uint32_t rid; 1683 1684 /* We need a sid within our domain */ 1685 sid_copy(&domain_sid, group_sid); 1686 sid_split_rid(&domain_sid, &rid); 1687 if (dom_sid_equal(&domain_sid, get_global_sam_sid())) { 1688 /* 1689 * As shortcut for the expensive lookup_sid call 1690 * compare the domain sid part 1691 */ 1692 switch (rid) { 1693 case DOMAIN_RID_ADMINS: 1694 case DOMAIN_RID_USERS: 1695 goto done; 1696 default: 1697 need_lookup_sid = true; 1698 break; 1699 } 1700 } else { 1701 /* Try group mapping */ 1702 ZERO_STRUCTP(group_sid); 1703 if (pdb_gid_to_sid(pwd->pw_gid, group_sid)) { 1704 need_lookup_sid = true; 1705 } 1706 } 1707 } 1708 1709 /* We must verify that this is a valid SID that resolves to a 1710 * group of the correct type */ 1711 if (need_lookup_sid) { 1712 enum lsa_SidType type = SID_NAME_UNKNOWN; 1713 bool lookup_ret; 1714 1715 DEBUG(10, ("do lookup_sid(%s) for group of user %s\n", 1716 sid_string_dbg(group_sid), username)); 1717 1718 /* Now check that it's actually a domain group and 1719 * not something else */ 1720 lookup_ret = lookup_sid(tmp_ctx, group_sid, 1721 NULL, NULL, &type); 1722 1723 if (lookup_ret && (type == SID_NAME_DOM_GRP)) { 1724 goto done; 1725 } 1726 1727 DEBUG(3, ("Primary group %s for user %s is" 1728 " a %s and not a domain group\n", 1729 sid_string_dbg(group_sid), username, 1730 sid_type_lookup(type))); 1731 } 1732 1733 /* Everything else, failed. 1734 * Just set it to the 'Domain Users' RID of 513 which will 1735 always resolve to a name */ 1736 DEBUG(3, ("Forcing Primary Group to 'Domain Users' for %s\n", 1737 username)); 1738 1739 sid_compose(group_sid, get_global_sam_sid(), DOMAIN_RID_USERS); 1740 1741 done: 1742 *_pwd = talloc_move(mem_ctx, &pwd); 1743 *_group_sid = talloc_move(mem_ctx, &group_sid); 1744 TALLOC_FREE(tmp_ctx); 1745 return NT_STATUS_OK; 1746 } 1747 1748 bool delete_uid_cache(uid_t puid) 1749 { 1750 DATA_BLOB uid = data_blob_const(&puid, sizeof(puid)); 1751 DATA_BLOB sid; 1752 1753 if (!memcache_lookup(NULL, UID_SID_CACHE, uid, &sid)) { 1754 DEBUG(3, ("UID %d is not memcached!\n", (int)puid)); 1755 return false; 1756 } 1757 DEBUG(3, ("Delete mapping UID %d <-> %s from memcache\n", (int)puid, 1758 sid_string_dbg((struct dom_sid*)sid.data))); 1759 memcache_delete(NULL, SID_UID_CACHE, sid); 1760 memcache_delete(NULL, UID_SID_CACHE, uid); 1761 return true; 1762 } 1763 1764 bool delete_gid_cache(gid_t pgid) 1765 { 1766 DATA_BLOB gid = data_blob_const(&pgid, sizeof(pgid)); 1767 DATA_BLOB sid; 1768 if (!memcache_lookup(NULL, GID_SID_CACHE, gid, &sid)) { 1769 DEBUG(3, ("GID %d is not memcached!\n", (int)pgid)); 1770 return false; 1771 } 1772 DEBUG(3, ("Delete mapping GID %d <-> %s from memcache\n", (int)pgid, 1773 sid_string_dbg((struct dom_sid*)sid.data))); 1774 memcache_delete(NULL, SID_GID_CACHE, sid); 1775 memcache_delete(NULL, GID_SID_CACHE, gid); 1776 return true; 1777 } 1778 1779 bool delete_sid_cache(const struct dom_sid* psid) 1780 { 1781 DATA_BLOB sid = data_blob_const(psid, ndr_size_dom_sid(psid, 0)); 1782 DATA_BLOB id; 1783 if (memcache_lookup(NULL, SID_GID_CACHE, sid, &id)) { 1784 DEBUG(3, ("Delete mapping %s <-> GID %d from memcache\n", 1785 sid_string_dbg(psid), *(int*)id.data)); 1786 memcache_delete(NULL, SID_GID_CACHE, sid); 1787 memcache_delete(NULL, GID_SID_CACHE, id); 1788 } else if (memcache_lookup(NULL, SID_UID_CACHE, sid, &id)) { 1789 DEBUG(3, ("Delete mapping %s <-> UID %d from memcache\n", 1790 sid_string_dbg(psid), *(int*)id.data)); 1791 memcache_delete(NULL, SID_UID_CACHE, sid); 1792 memcache_delete(NULL, UID_SID_CACHE, id); 1793 } else { 1794 DEBUG(3, ("SID %s is not memcached!\n", sid_string_dbg(psid))); 1795 return false; 1796 } 1797 return true; 1798 } 1799 1800 void flush_gid_cache(void) 1801 { 1802 DEBUG(3, ("Flush GID <-> SID memcache\n")); 1803 memcache_flush(NULL, SID_GID_CACHE); 1804 memcache_flush(NULL, GID_SID_CACHE); 1805 } 1806 1807 void flush_uid_cache(void) 1808 { 1809 DEBUG(3, ("Flush UID <-> SID memcache\n")); 1810 memcache_flush(NULL, SID_UID_CACHE); 1811 memcache_flush(NULL, UID_SID_CACHE); 1812 } -
trunk/server/source3/passdb/machine_sid.c
r414 r745 6 6 Copyright (C) Gerald (Jerry) Carter 2000 7 7 Copyright (C) Stefan (metze) Metzmacher 2002 8 8 9 9 This program is free software; you can redistribute it and/or modify 10 10 it under the terms of the GNU General Public License as published by 11 11 the Free Software Foundation; either version 3 of the License, or 12 12 (at your option) any later version. 13 13 14 14 This program is distributed in the hope that it will be useful, 15 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 17 17 GNU General Public License for more details. 18 18 19 19 You should have received a copy of the GNU General Public License 20 20 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 22 22 23 23 #include "includes.h" 24 #include "passdb.h" 25 #include "secrets.h" 26 #include "dbwrap.h" 27 #include "../libcli/security/security.h" 24 28 25 29 /* NOTE! the global_sam_sid is the SID of our local SAM. This is only 26 30 equal to the domain SID when we are a DC, otherwise its our 27 31 workstation SID */ 28 static DOM_SID*global_sam_sid=NULL;32 static struct dom_sid *global_sam_sid=NULL; 29 33 30 34 #undef DBGC_CLASS … … 36 40 ****************************************************************************/ 37 41 38 static bool read_sid_from_file(const char *fname, DOM_SID*sid)42 static bool read_sid_from_file(const char *fname, struct dom_sid *sid) 39 43 { 40 44 char **lines; … … 43 47 44 48 lines = file_lines_load(fname, &numlines,0, NULL); 45 49 46 50 if (!lines || numlines < 1) { 47 if (lines)TALLOC_FREE(lines);51 TALLOC_FREE(lines); 48 52 return False; 49 53 } 50 54 51 55 ret = string_to_sid(sid, lines[0]); 52 56 TALLOC_FREE(lines); … … 57 61 generate a random sid - used to build our own sid if we don't have one 58 62 */ 59 static void generate_random_sid( DOM_SID*sid)63 static void generate_random_sid(struct dom_sid *sid) 60 64 { 61 65 int i; 62 66 uchar raw_sid_data[12]; 63 67 64 memset((char *)sid, '\0', sizeof(*sid)); 68 ZERO_STRUCTP(sid); 69 65 70 sid->sid_rev_num = 1; 66 71 sid->id_auth[5] = 5; … … 77 82 ****************************************************************************/ 78 83 79 static DOM_SID*pdb_generate_sam_sid(void)80 { 81 DOM_SIDdomain_sid;84 static struct dom_sid *pdb_generate_sam_sid(void) 85 { 86 struct dom_sid domain_sid; 82 87 char *fname = NULL; 83 DOM_SID*sam_sid;84 85 if(!(sam_sid=SMB_MALLOC_P( DOM_SID)))88 struct dom_sid *sam_sid; 89 90 if(!(sam_sid=SMB_MALLOC_P(struct dom_sid))) 86 91 return NULL; 87 92 … … 111 116 } 112 117 113 if (! sid_equal(&domain_sid, sam_sid)) {118 if (!dom_sid_equal(&domain_sid, sam_sid)) { 114 119 115 120 /* Domain name sid doesn't match global sam sid. Re-store domain sid as 'local' sid. */ … … 125 130 126 131 return sam_sid; 127 128 132 } 129 133 … … 180 184 181 185 /* return our global_sam_sid */ 182 DOM_SID*get_global_sam_sid(void)186 struct dom_sid *get_global_sam_sid(void) 183 187 { 184 188 struct db_context *db; … … 186 190 if (global_sam_sid != NULL) 187 191 return global_sam_sid; 188 192 189 193 /* 190 194 * memory for global_sam_sid is allocated in … … 229 233 *****************************************************************/ 230 234 231 bool sid_check_is_domain(const DOM_SID*sid)232 { 233 return sid_equal(sid, get_global_sam_sid());235 bool sid_check_is_domain(const struct dom_sid *sid) 236 { 237 return dom_sid_equal(sid, get_global_sam_sid()); 234 238 } 235 239 … … 238 242 *****************************************************************/ 239 243 240 bool sid_check_is_in_our_domain(const DOM_SID *sid) 241 { 242 DOM_SID dom_sid; 243 uint32 rid; 244 bool sid_check_is_in_our_domain(const struct dom_sid *sid) 245 { 246 struct dom_sid dom_sid; 244 247 245 248 sid_copy(&dom_sid, sid); 246 sid_split_rid(&dom_sid, &rid);249 sid_split_rid(&dom_sid, NULL); 247 250 return sid_check_is_domain(&dom_sid); 248 251 } -
trunk/server/source3/passdb/passdb.c
r429 r745 24 24 25 25 #include "includes.h" 26 #include "passdb.h" 27 #include "system/passwd.h" 26 28 #include "../libcli/auth/libcli_auth.h" 29 #include "secrets.h" 30 #include "../libcli/security/security.h" 31 #include "../lib/util/util_pw.h" 32 #include "util_tdb.h" 27 33 28 34 #undef DBGC_CLASS … … 146 152 const char *domain = global_myname(); 147 153 char *fullname; 148 uint32 urid;154 uint32_t urid; 149 155 150 156 if ( !pwd ) { … … 194 200 195 201 if ( strequal( pwd->pw_name, guest_account ) ) { 196 if ( !pdb_set_user_sid_from_rid(user, DOMAIN_ USER_RID_GUEST, PDB_DEFAULT)) {202 if ( !pdb_set_user_sid_from_rid(user, DOMAIN_RID_GUEST, PDB_DEFAULT)) { 197 203 return NT_STATUS_NO_SUCH_USER; 198 204 } … … 242 248 243 249 if ( create && (pdb_capabilities() & PDB_CAP_STORE_RIDS)) { 244 uint32 user_rid;245 DOM_SIDuser_sid;250 uint32_t user_rid; 251 struct dom_sid user_sid; 246 252 247 253 if ( !pdb_new_rid( &user_rid ) ) { … … 250 256 } 251 257 252 sid_copy( &user_sid, get_global_sam_sid() ); 253 sid_append_rid( &user_sid, user_rid ); 258 sid_compose(&user_sid, get_global_sam_sid(), user_rid); 254 259 255 260 if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) { … … 373 378 **************************************************************/ 374 379 375 void pdb_sethexpwd(char p[33], const unsigned char *pwd, uint32 acct_ctrl)380 void pdb_sethexpwd(char p[33], const unsigned char *pwd, uint32_t acct_ctrl) 376 381 { 377 382 if (pwd != NULL) { … … 403 408 404 409 for (i = 0; i < 32; i += 2) { 405 hinybble = toupper_ ascii(p[i]);406 lonybble = toupper_ ascii(p[i + 1]);410 hinybble = toupper_m(p[i]); 411 lonybble = toupper_m(p[i + 1]); 407 412 408 413 p1 = strchr(hexchars, hinybble); … … 453 458 454 459 for (i = 0; i < 42; i += 2) { 455 hinybble = toupper_ ascii(p[i]);456 lonybble = toupper_ ascii(p[i + 1]);460 hinybble = toupper_m(p[i]); 461 lonybble = toupper_m(p[i + 1]); 457 462 458 463 p1 = strchr(hexchars, hinybble); … … 497 502 ********************************************************************/ 498 503 499 uid_t algorithmic_pdb_user_rid_to_uid(uint32 user_rid)504 uid_t algorithmic_pdb_user_rid_to_uid(uint32_t user_rid) 500 505 { 501 506 int rid_offset = algorithmic_rid_base(); … … 512 517 ********************************************************************/ 513 518 514 uint32 algorithmic_pdb_uid_to_user_rid(uid_t uid)519 uint32_t algorithmic_pdb_uid_to_user_rid(uid_t uid) 515 520 { 516 521 int rid_offset = algorithmic_rid_base(); 517 return (((((uint32 )uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE);522 return (((((uint32_t)uid)*RID_MULTIPLIER) + rid_offset) | USER_RID_TYPE); 518 523 } 519 524 … … 522 527 ********************************************************************/ 523 528 524 gid_t pdb_group_rid_to_gid(uint32 group_rid)529 gid_t pdb_group_rid_to_gid(uint32_t group_rid) 525 530 { 526 531 int rid_offset = algorithmic_rid_base(); … … 541 546 ********************************************************************/ 542 547 543 uint32 algorithmic_pdb_gid_to_group_rid(gid_t gid)548 uint32_t algorithmic_pdb_gid_to_group_rid(gid_t gid) 544 549 { 545 550 int rid_offset = algorithmic_rid_base(); 546 return (((((uint32 )gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE);551 return (((((uint32_t)gid)*RID_MULTIPLIER) + rid_offset) | GROUP_RID_TYPE); 547 552 } 548 553 … … 551 556 ********************************************************************/ 552 557 553 static bool rid_is_well_known(uint32 rid)558 static bool rid_is_well_known(uint32_t rid) 554 559 { 555 560 /* Not using rid_offset here, because this is the actual … … 563 568 ********************************************************************/ 564 569 565 bool algorithmic_pdb_rid_is_user(uint32 rid)570 bool algorithmic_pdb_rid_is_user(uint32_t rid) 566 571 { 567 572 if ( rid_is_well_known(rid) ) { 568 573 /* 569 * The only well known user RIDs are DOMAIN_ USER_RID_ADMIN570 * and DOMAIN_ USER_RID_GUEST.574 * The only well known user RIDs are DOMAIN_RID_ADMINISTRATOR 575 * and DOMAIN_RID_GUEST. 571 576 */ 572 if(rid == DOMAIN_ USER_RID_ADMIN || rid == DOMAIN_USER_RID_GUEST)577 if(rid == DOMAIN_RID_ADMINISTRATOR || rid == DOMAIN_RID_GUEST) 573 578 return True; 574 579 } else if((rid & RID_TYPE_MASK) == USER_RID_TYPE) { … … 594 599 595 600 if ( strequal( name, "None" ) ) { 596 *rid = DOMAIN_ GROUP_RID_USERS;601 *rid = DOMAIN_RID_USERS; 597 602 *type = SID_NAME_DOM_GRP; 598 603 … … 606 611 if ((flags & LOOKUP_NAME_GROUP) == 0) { 607 612 struct samu *sam_account = NULL; 608 DOM_SIDuser_sid;613 struct dom_sid user_sid; 609 614 610 615 if ( !(sam_account = samu_new( NULL )) ) { … … 927 932 *********************************************************************/ 928 933 929 static bool init_samu_from_buffer_v0(struct samu *sampass, uint8 *buf, uint32buflen)934 static bool init_samu_from_buffer_v0(struct samu *sampass, uint8_t *buf, uint32_t buflen) 930 935 { 931 936 … … 933 938 take care on system with 64bit wide time_t 934 939 --SSS */ 935 uint32 logon_time,940 uint32_t logon_time, 936 941 logoff_time, 937 942 kickoff_time, … … 951 956 char *acct_desc = NULL; 952 957 char *workstations = NULL; 953 uint32 username_len, domain_len, nt_username_len,958 uint32_t username_len, domain_len, nt_username_len, 954 959 dir_drive_len, unknown_str_len, munged_dial_len, 955 960 fullname_len, homedir_len, logon_script_len, 956 961 profile_path_len, acct_desc_len, workstations_len; 957 962 958 uint32 user_rid, group_rid, remove_me, hours_len, unknown_6;959 uint16 acct_ctrl, logon_divs;960 uint16 bad_password_count, logon_count;961 uint8 *hours = NULL;962 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;963 uint32 len = 0;964 uint32 lm_pw_len, nt_pw_len, hourslen;963 uint32_t user_rid, group_rid, remove_me, hours_len, unknown_6; 964 uint16_t acct_ctrl, logon_divs; 965 uint16_t bad_password_count, logon_count; 966 uint8_t *hours = NULL; 967 uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL; 968 uint32_t len = 0; 969 uint32_t lm_pw_len, nt_pw_len, hourslen; 965 970 bool ret = True; 966 971 … … 1005 1010 &unknown_6); /* d */ 1006 1011 1007 if (len == (uint32 ) -1) {1012 if (len == (uint32_t) -1) { 1008 1013 ret = False; 1009 1014 goto done; … … 1086 1091 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 1087 1092 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 1088 pdb_set_hours(sampass, hours, PDB_SET);1093 pdb_set_hours(sampass, hours, hours_len, PDB_SET); 1089 1094 1090 1095 done: … … 1112 1117 *********************************************************************/ 1113 1118 1114 static bool init_samu_from_buffer_v1(struct samu *sampass, uint8 *buf, uint32buflen)1119 static bool init_samu_from_buffer_v1(struct samu *sampass, uint8_t *buf, uint32_t buflen) 1115 1120 { 1116 1121 … … 1118 1123 take care on system with 64bit wide time_t 1119 1124 --SSS */ 1120 uint32 logon_time,1125 uint32_t logon_time, 1121 1126 logoff_time, 1122 1127 kickoff_time, … … 1137 1142 char *acct_desc = NULL; 1138 1143 char *workstations = NULL; 1139 uint32 username_len, domain_len, nt_username_len,1144 uint32_t username_len, domain_len, nt_username_len, 1140 1145 dir_drive_len, unknown_str_len, munged_dial_len, 1141 1146 fullname_len, homedir_len, logon_script_len, 1142 1147 profile_path_len, acct_desc_len, workstations_len; 1143 1148 1144 uint32 user_rid, group_rid, remove_me, hours_len, unknown_6;1145 uint16 acct_ctrl, logon_divs;1146 uint16 bad_password_count, logon_count;1147 uint8 *hours = NULL;1148 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL;1149 uint32 len = 0;1150 uint32 lm_pw_len, nt_pw_len, hourslen;1149 uint32_t user_rid, group_rid, remove_me, hours_len, unknown_6; 1150 uint16_t acct_ctrl, logon_divs; 1151 uint16_t bad_password_count, logon_count; 1152 uint8_t *hours = NULL; 1153 uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL; 1154 uint32_t len = 0; 1155 uint32_t lm_pw_len, nt_pw_len, hourslen; 1151 1156 bool ret = True; 1152 1157 … … 1193 1198 &unknown_6); /* d */ 1194 1199 1195 if (len == (uint32 ) -1) {1200 if (len == (uint32_t) -1) { 1196 1201 ret = False; 1197 1202 goto done; … … 1278 1283 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 1279 1284 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 1280 pdb_set_hours(sampass, hours, PDB_SET);1285 pdb_set_hours(sampass, hours, hours_len, PDB_SET); 1281 1286 1282 1287 done: … … 1301 1306 } 1302 1307 1303 static bool init_samu_from_buffer_v2(struct samu *sampass, uint8 *buf, uint32buflen)1308 static bool init_samu_from_buffer_v2(struct samu *sampass, uint8_t *buf, uint32_t buflen) 1304 1309 { 1305 1310 … … 1307 1312 take care on system with 64bit wide time_t 1308 1313 --SSS */ 1309 uint32 logon_time,1314 uint32_t logon_time, 1310 1315 logoff_time, 1311 1316 kickoff_time, … … 1326 1331 char *acct_desc = NULL; 1327 1332 char *workstations = NULL; 1328 uint32 username_len, domain_len, nt_username_len,1333 uint32_t username_len, domain_len, nt_username_len, 1329 1334 dir_drive_len, unknown_str_len, munged_dial_len, 1330 1335 fullname_len, homedir_len, logon_script_len, 1331 1336 profile_path_len, acct_desc_len, workstations_len; 1332 1337 1333 uint32 user_rid, group_rid, hours_len, unknown_6;1334 uint16 acct_ctrl, logon_divs;1335 uint16 bad_password_count, logon_count;1336 uint8 *hours = NULL;1337 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;1338 uint32 len = 0;1339 uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;1340 uint32 pwHistLen = 0;1338 uint32_t user_rid, group_rid, hours_len, unknown_6; 1339 uint16_t acct_ctrl, logon_divs; 1340 uint16_t bad_password_count, logon_count; 1341 uint8_t *hours = NULL; 1342 uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; 1343 uint32_t len = 0; 1344 uint32_t lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen; 1345 uint32_t pwHistLen = 0; 1341 1346 bool ret = True; 1342 1347 fstring tmp_string; … … 1386 1391 &unknown_6); /* d */ 1387 1392 1388 if (len == (uint32 ) -1) {1393 if (len == (uint32_t) -1) { 1389 1394 ret = False; 1390 1395 goto done; … … 1475 1480 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); 1476 1481 if (pwHistLen) { 1477 uint8 *pw_hist = SMB_MALLOC_ARRAY(uint8, pwHistLen * PW_HISTORY_ENTRY_LEN);1482 uint8_t *pw_hist = SMB_MALLOC_ARRAY(uint8_t, pwHistLen * PW_HISTORY_ENTRY_LEN); 1478 1483 if (!pw_hist) { 1479 1484 ret = False; … … 1509 1514 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 1510 1515 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 1511 pdb_set_hours(sampass, hours, PDB_SET);1516 pdb_set_hours(sampass, hours, hours_len, PDB_SET); 1512 1517 1513 1518 done: … … 1536 1541 *********************************************************************/ 1537 1542 1538 static bool init_samu_from_buffer_v3(struct samu *sampass, uint8 *buf, uint32buflen)1543 static bool init_samu_from_buffer_v3(struct samu *sampass, uint8_t *buf, uint32_t buflen) 1539 1544 { 1540 1545 … … 1542 1547 take care on system with 64bit wide time_t 1543 1548 --SSS */ 1544 uint32 logon_time,1549 uint32_t logon_time, 1545 1550 logoff_time, 1546 1551 kickoff_time, … … 1561 1566 char *acct_desc = NULL; 1562 1567 char *workstations = NULL; 1563 uint32 username_len, domain_len, nt_username_len,1568 uint32_t username_len, domain_len, nt_username_len, 1564 1569 dir_drive_len, comment_len, munged_dial_len, 1565 1570 fullname_len, homedir_len, logon_script_len, 1566 1571 profile_path_len, acct_desc_len, workstations_len; 1567 1572 1568 uint32 user_rid, group_rid, hours_len, unknown_6, acct_ctrl;1569 uint16 logon_divs;1570 uint16 bad_password_count, logon_count;1571 uint8 *hours = NULL;1572 uint8 *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL;1573 uint32 len = 0;1574 uint32 lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen;1575 uint32 pwHistLen = 0;1573 uint32_t user_rid, group_rid, hours_len, unknown_6, acct_ctrl; 1574 uint16_t logon_divs; 1575 uint16_t bad_password_count, logon_count; 1576 uint8_t *hours = NULL; 1577 uint8_t *lm_pw_ptr = NULL, *nt_pw_ptr = NULL, *nt_pw_hist_ptr = NULL; 1578 uint32_t len = 0; 1579 uint32_t lm_pw_len, nt_pw_len, nt_pw_hist_len, hourslen; 1580 uint32_t pwHistLen = 0; 1576 1581 bool ret = True; 1577 1582 fstring tmp_string; … … 1612 1617 /* Change from V1 is addition of password history field. */ 1613 1618 &nt_pw_hist_len, &nt_pw_hist_ptr, /* B */ 1614 /* Change from V2 is the uint32 acb_mask */1619 /* Change from V2 is the uint32_t acb_mask */ 1615 1620 &acct_ctrl, /* d */ 1616 1621 /* Also "remove_me" field was removed. */ … … 1622 1627 &unknown_6); /* d */ 1623 1628 1624 if (len == (uint32 ) -1) {1629 if (len == (uint32_t) -1) { 1625 1630 ret = False; 1626 1631 goto done; 1627 1632 } 1628 1633 1629 pdb_set_logon_time(sampass, convert_uint32_t o_time_t(logon_time), PDB_SET);1630 pdb_set_logoff_time(sampass, convert_uint32_t o_time_t(logoff_time), PDB_SET);1631 pdb_set_kickoff_time(sampass, convert_uint32_t o_time_t(kickoff_time), PDB_SET);1632 pdb_set_bad_password_time(sampass, convert_uint32_t o_time_t(bad_password_time), PDB_SET);1633 pdb_set_pass_can_change_time(sampass, convert_uint32_t o_time_t(pass_can_change_time), PDB_SET);1634 pdb_set_pass_must_change_time(sampass, convert_uint32_t o_time_t(pass_must_change_time), PDB_SET);1635 pdb_set_pass_last_set_time(sampass, convert_uint32_t o_time_t(pass_last_set_time), PDB_SET);1634 pdb_set_logon_time(sampass, convert_uint32_t_to_time_t(logon_time), PDB_SET); 1635 pdb_set_logoff_time(sampass, convert_uint32_t_to_time_t(logoff_time), PDB_SET); 1636 pdb_set_kickoff_time(sampass, convert_uint32_t_to_time_t(kickoff_time), PDB_SET); 1637 pdb_set_bad_password_time(sampass, convert_uint32_t_to_time_t(bad_password_time), PDB_SET); 1638 pdb_set_pass_can_change_time(sampass, convert_uint32_t_to_time_t(pass_can_change_time), PDB_SET); 1639 pdb_set_pass_must_change_time(sampass, convert_uint32_t_to_time_t(pass_must_change_time), PDB_SET); 1640 pdb_set_pass_last_set_time(sampass, convert_uint32_t_to_time_t(pass_last_set_time), PDB_SET); 1636 1641 1637 1642 pdb_set_username(sampass, username, PDB_SET); … … 1710 1715 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); 1711 1716 if (pwHistLen) { 1712 uint8 *pw_hist = (uint8*)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN);1717 uint8_t *pw_hist = (uint8_t *)SMB_MALLOC(pwHistLen * PW_HISTORY_ENTRY_LEN); 1713 1718 if (!pw_hist) { 1714 1719 ret = False; … … 1741 1746 pdb_set_logon_count(sampass, logon_count, PDB_SET); 1742 1747 pdb_set_unknown_6(sampass, unknown_6, PDB_SET); 1743 /* Change from V2 is the uint32 acct_ctrl */1748 /* Change from V2 is the uint32_t acct_ctrl */ 1744 1749 pdb_set_acct_ctrl(sampass, acct_ctrl, PDB_SET); 1745 1750 pdb_set_logon_divs(sampass, logon_divs, PDB_SET); 1746 pdb_set_hours(sampass, hours, PDB_SET);1751 pdb_set_hours(sampass, hours, hours_len, PDB_SET); 1747 1752 1748 1753 done: … … 1771 1776 *********************************************************************/ 1772 1777 1773 static uint32 init_buffer_from_samu_v3 (uint8**buf, struct samu *sampass, bool size_only)1778 static uint32_t init_buffer_from_samu_v3 (uint8_t **buf, struct samu *sampass, bool size_only) 1774 1779 { 1775 1780 size_t len, buflen; … … 1778 1783 take care on system with 64bit wide time_t 1779 1784 --SSS */ 1780 uint32 logon_time,1785 uint32_t logon_time, 1781 1786 logoff_time, 1782 1787 kickoff_time, … … 1786 1791 pass_must_change_time; 1787 1792 1788 uint32 user_rid, group_rid;1793 uint32_t user_rid, group_rid; 1789 1794 1790 1795 const char *username; … … 1800 1805 const char *acct_desc; 1801 1806 const char *workstations; 1802 uint32 username_len, domain_len, nt_username_len,1807 uint32_t username_len, domain_len, nt_username_len, 1803 1808 dir_drive_len, comment_len, munged_dial_len, 1804 1809 fullname_len, homedir_len, logon_script_len, 1805 1810 profile_path_len, acct_desc_len, workstations_len; 1806 1811 1807 const uint8 *lm_pw;1808 const uint8 *nt_pw;1809 const uint8 *nt_pw_hist;1810 uint32 lm_pw_len = 16;1811 uint32 nt_pw_len = 16;1812 uint32 nt_pw_hist_len;1813 uint32 pwHistLen = 0;1812 const uint8_t *lm_pw; 1813 const uint8_t *nt_pw; 1814 const uint8_t *nt_pw_hist; 1815 uint32_t lm_pw_len = 16; 1816 uint32_t nt_pw_len = 16; 1817 uint32_t nt_pw_hist_len; 1818 uint32_t pwHistLen = 0; 1814 1819 1815 1820 *buf = NULL; 1816 1821 buflen = 0; 1817 1822 1818 logon_time = convert_time_t_to_uint32 (pdb_get_logon_time(sampass));1819 logoff_time = convert_time_t_to_uint32 (pdb_get_logoff_time(sampass));1820 kickoff_time = convert_time_t_to_uint32 (pdb_get_kickoff_time(sampass));1821 bad_password_time = convert_time_t_to_uint32 (pdb_get_bad_password_time(sampass));1822 pass_can_change_time = convert_time_t_to_uint32 (pdb_get_pass_can_change_time_noncalc(sampass));1823 pass_must_change_time = convert_time_t_to_uint32 (pdb_get_pass_must_change_time(sampass));1824 pass_last_set_time = convert_time_t_to_uint32 (pdb_get_pass_last_set_time(sampass));1823 logon_time = convert_time_t_to_uint32_t(pdb_get_logon_time(sampass)); 1824 logoff_time = convert_time_t_to_uint32_t(pdb_get_logoff_time(sampass)); 1825 kickoff_time = convert_time_t_to_uint32_t(pdb_get_kickoff_time(sampass)); 1826 bad_password_time = convert_time_t_to_uint32_t(pdb_get_bad_password_time(sampass)); 1827 pass_can_change_time = convert_time_t_to_uint32_t(pdb_get_pass_can_change_time_noncalc(sampass)); 1828 pass_must_change_time = convert_time_t_to_uint32_t(pdb_get_pass_must_change_time(sampass)); 1829 pass_last_set_time = convert_time_t_to_uint32_t(pdb_get_pass_last_set_time(sampass)); 1825 1830 1826 1831 user_rid = pdb_get_user_rid(sampass); … … 1990 1995 1991 1996 /* malloc the space needed */ 1992 if ( (*buf=(uint8 *)SMB_MALLOC(len)) == NULL) {1997 if ( (*buf=(uint8_t*)SMB_MALLOC(len)) == NULL) { 1993 1998 DEBUG(0,("init_buffer_from_samu_v3: Unable to malloc() memory for buffer!\n")); 1994 1999 return (-1); … … 2041 2046 } 2042 2047 2043 static bool init_samu_from_buffer_v4(struct samu *sampass, uint8 *buf, uint32buflen)2048 static bool init_samu_from_buffer_v4(struct samu *sampass, uint8_t *buf, uint32_t buflen) 2044 2049 { 2045 2050 /* nothing changed between V3 and V4 */ … … 2047 2052 } 2048 2053 2049 static uint32 init_buffer_from_samu_v4(uint8**buf, struct samu *sampass, bool size_only)2054 static uint32_t init_buffer_from_samu_v4(uint8_t **buf, struct samu *sampass, bool size_only) 2050 2055 { 2051 2056 /* nothing changed between V3 and V4 */ … … 2058 2063 2059 2064 bool init_samu_from_buffer(struct samu *sampass, uint32_t level, 2060 uint8 *buf, uint32buflen)2065 uint8_t *buf, uint32_t buflen) 2061 2066 { 2062 2067 switch (level) { … … 2080 2085 *********************************************************************/ 2081 2086 2082 uint32 init_buffer_from_samu (uint8**buf, struct samu *sampass, bool size_only)2087 uint32_t init_buffer_from_samu (uint8_t **buf, struct samu *sampass, bool size_only) 2083 2088 { 2084 2089 return init_buffer_from_samu_v4(buf, sampass, size_only); … … 2090 2095 bool pdb_copy_sam_account(struct samu *dst, struct samu *src ) 2091 2096 { 2092 uint8 *buf = NULL;2097 uint8_t *buf = NULL; 2093 2098 int len; 2094 2099 … … 2129 2134 { 2130 2135 time_t LastBadPassword; 2131 uint16 BadPasswordCount;2132 uint32 resettime;2136 uint16_t BadPasswordCount; 2137 uint32_t resettime; 2133 2138 bool res; 2134 2139 … … 2149 2154 2150 2155 /* First, check if there is a reset time to compare */ 2151 if ((resettime == (uint32 ) -1) || (resettime == 0)) {2156 if ((resettime == (uint32_t) -1) || (resettime == 0)) { 2152 2157 DEBUG(9, ("No reset time, can't reset bad pw count\n")); 2153 2158 return True; … … 2156 2161 LastBadPassword = pdb_get_bad_password_time(sampass); 2157 2162 DEBUG(7, ("LastBadPassword=%d, resettime=%d, current time=%d.\n", 2158 (uint32 ) LastBadPassword, resettime, (uint32)time(NULL)));2159 if (time(NULL) > (LastBadPassword + convert_uint32_t o_time_t(resettime)*60)){2163 (uint32_t) LastBadPassword, resettime, (uint32_t)time(NULL))); 2164 if (time(NULL) > (LastBadPassword + convert_uint32_t_to_time_t(resettime)*60)){ 2160 2165 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); 2161 2166 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); … … 2174 2179 bool pdb_update_autolock_flag(struct samu *sampass, bool *updated) 2175 2180 { 2176 uint32 duration;2181 uint32_t duration; 2177 2182 time_t LastBadPassword; 2178 2183 bool res; … … 2194 2199 2195 2200 /* First, check if there is a duration to compare */ 2196 if ((duration == (uint32 ) -1) || (duration == 0)) {2201 if ((duration == (uint32_t) -1) || (duration == 0)) { 2197 2202 DEBUG(9, ("pdb_update_autolock_flag: No reset duration, can't reset autolock\n")); 2198 2203 return True; … … 2201 2206 LastBadPassword = pdb_get_bad_password_time(sampass); 2202 2207 DEBUG(7, ("pdb_update_autolock_flag: Account %s, LastBadPassword=%d, duration=%d, current time =%d.\n", 2203 pdb_get_username(sampass), (uint32 )LastBadPassword, duration*60, (uint32)time(NULL)));2208 pdb_get_username(sampass), (uint32_t)LastBadPassword, duration*60, (uint32_t)time(NULL))); 2204 2209 2205 2210 if (LastBadPassword == (time_t)0) { … … 2211 2216 } 2212 2217 2213 if ((time(NULL) > (LastBadPassword + convert_uint32_t o_time_t(duration) * 60))) {2218 if ((time(NULL) > (LastBadPassword + convert_uint32_t_to_time_t(duration) * 60))) { 2214 2219 pdb_set_acct_ctrl(sampass, 2215 2220 pdb_get_acct_ctrl(sampass) & ~ACB_AUTOLOCK, … … 2231 2236 bool pdb_increment_bad_password_count(struct samu *sampass) 2232 2237 { 2233 uint32 account_policy_lockout;2238 uint32_t account_policy_lockout; 2234 2239 bool autolock_updated = False, badpw_updated = False; 2235 2240 bool ret; … … 2367 2372 *******************************************************************/ 2368 2373 2369 bool get_trust_pw_hash(const char *domain, uint8 ret_pwd[16],2374 bool get_trust_pw_hash(const char *domain, uint8_t ret_pwd[16], 2370 2375 const char **account_name, 2371 2376 enum netr_SchannelType *channel) … … 2399 2404 return False; 2400 2405 } 2401 2402 struct samr_LogonHours get_logon_hours_from_pdb(TALLOC_CTX *mem_ctx,2403 struct samu *pw)2404 {2405 struct samr_LogonHours hours;2406 const int units_per_week = 168;2407 2408 ZERO_STRUCT(hours);2409 hours.bits = talloc_array(mem_ctx, uint8_t, units_per_week);2410 if (!hours.bits) {2411 return hours;2412 }2413 2414 hours.units_per_week = units_per_week;2415 memset(hours.bits, 0xFF, units_per_week);2416 2417 if (pdb_get_hours(pw)) {2418 memcpy(hours.bits, pdb_get_hours(pw),2419 MIN(pdb_get_hours_len(pw), units_per_week));2420 }2421 2422 return hours;2423 } -
trunk/server/source3/passdb/pdb_ads.c
r414 r745 19 19 20 20 #include "includes.h" 21 #include "passdb.h" 22 #include "tldap.h" 23 #include "tldap_util.h" 24 #include "../libds/common/flags.h" 25 #include "secrets.h" 26 #include "../librpc/gen_ndr/samr.h" 27 #include "../libcli/ldap/ldap_ndr.h" 28 #include "../libcli/security/security.h" 29 #include "../libds/common/flag_mapping.h" 21 30 22 31 struct pdb_ads_state { … … 35 44 }; 36 45 37 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m,38 struct samu *sam_acct,39 const DOM_SID *sid);40 46 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, 41 DOM_SID*sid);47 struct dom_sid *sid); 42 48 static bool pdb_ads_dnblob2sid(struct pdb_ads_state *state, DATA_BLOB *dnblob, 43 49 struct dom_sid *psid); … … 64 70 return false; 65 71 } 66 *ptime = uint64s_nt_time_to_unix_abs(&tmp);72 *ptime = nt_time_to_unix(tmp); 67 73 return true; 68 74 } … … 151 157 } 152 158 153 sidstr = sid_binstring(talloc_tos(), pdb_get_user_sid(sam));159 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), pdb_get_user_sid(sam)); 154 160 if (sidstr == NULL) { 155 161 return NULL; … … 185 191 struct dom_sid sid; 186 192 uint64_t n; 193 uint32_t i; 187 194 DATA_BLOB blob; 188 195 … … 239 246 if (str != NULL) { 240 247 pdb_set_profile_path(sam, str, PDB_SET); 248 } 249 250 str = tldap_talloc_single_attribute(entry, "comment", 251 talloc_tos()); 252 if (str != NULL) { 253 pdb_set_comment(sam, str, PDB_SET); 254 } 255 256 str = tldap_talloc_single_attribute(entry, "description", 257 talloc_tos()); 258 if (str != NULL) { 259 pdb_set_acct_desc(sam, str, PDB_SET); 260 } 261 262 str = tldap_talloc_single_attribute(entry, "userWorkstations", 263 talloc_tos()); 264 if (str != NULL) { 265 pdb_set_workstations(sam, str, PDB_SET); 266 } 267 268 str = tldap_talloc_single_attribute(entry, "userParameters", 269 talloc_tos()); 270 if (str != NULL) { 271 pdb_set_munged_dial(sam, str, PDB_SET); 241 272 } 242 273 … … 276 307 277 308 } 309 310 if (tldap_pull_uint32(entry, "countryCode", &i)) { 311 pdb_set_country_code(sam, i, PDB_SET); 312 } 313 314 if (tldap_pull_uint32(entry, "codePage", &i)) { 315 pdb_set_code_page(sam, i, PDB_SET); 316 } 317 318 if (tldap_get_single_valueblob(entry, "logonHours", &blob)) { 319 320 if (blob.length > MAX_HOURS_LEN) { 321 status = NT_STATUS_INVALID_PARAMETER; 322 goto fail; 323 } 324 pdb_set_logon_divs(sam, blob.length * 8, PDB_SET); 325 pdb_set_hours_len(sam, blob.length, PDB_SET); 326 pdb_set_hours(sam, blob.data, blob.length, PDB_SET); 327 328 } else { 329 uint8_t hours[21]; 330 pdb_set_logon_divs(sam, sizeof(hours)/8, PDB_SET); 331 pdb_set_hours_len(sam, sizeof(hours), PDB_SET); 332 memset(hours, 0xff, sizeof(hours)); 333 pdb_set_hours(sam, hours, sizeof(hours), PDB_SET); 334 } 335 278 336 status = NT_STATUS_OK; 279 337 fail: … … 282 340 } 283 341 342 static bool pdb_ads_make_time_mod(struct tldap_message *existing, 343 TALLOC_CTX *mem_ctx, 344 struct tldap_mod **pmods, int *pnum_mods, 345 const char *attrib, time_t t) 346 { 347 uint64_t nt_time; 348 349 unix_to_nt_time(&nt_time, t); 350 351 return tldap_make_mod_fmt( 352 existing, mem_ctx, pmods, pnum_mods, attrib, 353 "%llu", nt_time); 354 } 355 284 356 static bool pdb_ads_init_ads_from_sam(struct pdb_ads_state *state, 285 357 struct tldap_message *existing, 286 358 TALLOC_CTX *mem_ctx, 287 int *pnum_mods, struct tldap_mod **pmods,359 struct tldap_mod **pmods, int *pnum_mods, 288 360 struct samu *sam) 289 361 { 290 362 bool ret = true; 291 363 DATA_BLOB blob; 364 const char *pw; 292 365 293 366 /* TODO: All fields :-) */ 294 367 295 368 ret &= tldap_make_mod_fmt( 296 existing, mem_ctx, p num_mods, pmods, "displayName",369 existing, mem_ctx, pmods, pnum_mods, "displayName", 297 370 "%s", pdb_get_fullname(sam)); 298 371 299 blob = data_blob_const(pdb_get_nt_passwd(sam), NT_HASH_LEN); 300 if (blob.data != NULL) { 301 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, 302 "unicodePwd", 1, &blob); 303 } 304 305 blob = data_blob_const(pdb_get_lanman_passwd(sam), NT_HASH_LEN); 306 if (blob.data != NULL) { 307 ret &= tldap_add_mod_blobs(mem_ctx, pmods, TLDAP_MOD_REPLACE, 308 "dBCSPwd", 1, &blob); 372 pw = pdb_get_plaintext_passwd(sam); 373 374 /* 375 * If we have the plain text pw, this is probably about to be 376 * set. Is this true always? 377 */ 378 if (pw != NULL) { 379 char *pw_quote; 380 uint8_t *pw_utf16; 381 size_t pw_utf16_len; 382 383 pw_quote = talloc_asprintf(talloc_tos(), "\"%s\"", pw); 384 if (pw_quote == NULL) { 385 ret = false; 386 goto fail; 387 } 388 389 ret &= convert_string_talloc(talloc_tos(), 390 CH_UNIX, CH_UTF16LE, 391 pw_quote, strlen(pw_quote), 392 &pw_utf16, &pw_utf16_len, false); 393 if (!ret) { 394 goto fail; 395 } 396 blob = data_blob_const(pw_utf16, pw_utf16_len); 397 398 ret &= tldap_add_mod_blobs(mem_ctx, pmods, pnum_mods, 399 TLDAP_MOD_REPLACE, 400 "unicodePwd", &blob, 1); 401 TALLOC_FREE(pw_utf16); 402 TALLOC_FREE(pw_quote); 309 403 } 310 404 311 405 ret &= tldap_make_mod_fmt( 312 existing, mem_ctx, p num_mods, pmods, "userAccountControl",406 existing, mem_ctx, pmods, pnum_mods, "userAccountControl", 313 407 "%d", ds_acb2uf(pdb_get_acct_ctrl(sam))); 314 408 315 409 ret &= tldap_make_mod_fmt( 316 existing, mem_ctx, p num_mods, pmods, "homeDirectory",410 existing, mem_ctx, pmods, pnum_mods, "homeDirectory", 317 411 "%s", pdb_get_homedir(sam)); 318 412 319 413 ret &= tldap_make_mod_fmt( 320 existing, mem_ctx, p num_mods, pmods, "homeDrive",414 existing, mem_ctx, pmods, pnum_mods, "homeDrive", 321 415 "%s", pdb_get_dir_drive(sam)); 322 416 323 417 ret &= tldap_make_mod_fmt( 324 existing, mem_ctx, p num_mods, pmods, "scriptPath",418 existing, mem_ctx, pmods, pnum_mods, "scriptPath", 325 419 "%s", pdb_get_logon_script(sam)); 326 420 327 421 ret &= tldap_make_mod_fmt( 328 existing, mem_ctx, p num_mods, pmods, "profilePath",422 existing, mem_ctx, pmods, pnum_mods, "profilePath", 329 423 "%s", pdb_get_profile_path(sam)); 330 424 425 ret &= tldap_make_mod_fmt( 426 existing, mem_ctx, pmods, pnum_mods, "comment", 427 "%s", pdb_get_comment(sam)); 428 429 ret &= tldap_make_mod_fmt( 430 existing, mem_ctx, pmods, pnum_mods, "description", 431 "%s", pdb_get_acct_desc(sam)); 432 433 ret &= tldap_make_mod_fmt( 434 existing, mem_ctx, pmods, pnum_mods, "userWorkstations", 435 "%s", pdb_get_workstations(sam)); 436 437 ret &= tldap_make_mod_fmt( 438 existing, mem_ctx, pmods, pnum_mods, "userParameters", 439 "%s", pdb_get_munged_dial(sam)); 440 441 ret &= tldap_make_mod_fmt( 442 existing, mem_ctx, pmods, pnum_mods, "countryCode", 443 "%i", (int)pdb_get_country_code(sam)); 444 445 ret &= tldap_make_mod_fmt( 446 existing, mem_ctx, pmods, pnum_mods, "codePage", 447 "%i", (int)pdb_get_code_page(sam)); 448 449 ret &= pdb_ads_make_time_mod( 450 existing, mem_ctx, pmods, pnum_mods, "accountExpires", 451 (int)pdb_get_kickoff_time(sam)); 452 453 ret &= tldap_make_mod_blob( 454 existing, mem_ctx, pmods, pnum_mods, "logonHours", 455 data_blob_const(pdb_get_hours(sam), pdb_get_hours_len(sam))); 456 457 fail: 331 458 return ret; 332 459 } … … 368 495 DEBUG(10, ("Expected 1 user, got %d\n", count)); 369 496 TALLOC_FREE(result); 370 return NT_STATUS_ INTERNAL_DB_CORRUPTION;497 return NT_STATUS_NO_SUCH_USER; 371 498 } 372 499 … … 427 554 static NTSTATUS pdb_ads_getsampwsid(struct pdb_methods *m, 428 555 struct samu *sam_acct, 429 const DOM_SID*sid)556 const struct dom_sid *sid) 430 557 { 431 558 struct pdb_ads_state *state = talloc_get_type_abort( … … 433 560 char *sidstr, *filter; 434 561 435 sidstr = sid_binstring(talloc_tos(), sid);562 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 436 563 NT_STATUS_HAVE_NO_MEMORY(sidstr); 437 564 … … 476 603 ok = true; 477 604 ok &= tldap_make_mod_fmt( 478 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "user");605 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "user"); 479 606 ok &= tldap_make_mod_fmt( 480 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",607 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 481 608 name); 482 609 if (!ok) { … … 485 612 486 613 487 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);614 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 488 615 if (rc != TLDAP_SUCCESS) { 489 616 DEBUG(10, ("ldap_add failed %s\n", … … 578 705 579 706 if (!pdb_ads_init_ads_from_sam(state, priv->ldapmsg, talloc_tos(), 580 & num_mods, &mods, sam)) {707 &mods, &num_mods, sam)) { 581 708 return NT_STATUS_NO_MEMORY; 582 709 } … … 587 714 } 588 715 589 rc = tldap_modify(ld, priv->dn, num_mods,mods, NULL, 0,716 rc = tldap_modify(ld, priv->dn, mods, num_mods, NULL, 0, 590 717 NULL, 0); 591 718 TALLOC_FREE(mods); … … 620 747 621 748 static NTSTATUS pdb_ads_getgrfilter(struct pdb_methods *m, GROUP_MAP *map, 622 const char *filter) 749 const char *filter, 750 TALLOC_CTX *mem_ctx, 751 struct tldap_message **pmsg) 623 752 { 624 753 struct pdb_ads_state *state = talloc_get_type_abort( … … 640 769 } 641 770 if (talloc_array_length(group) != 1) { 642 DEBUG(10, ("Expected 1 user, got %d\n",771 DEBUG(10, ("Expected 1 group, got %d\n", 643 772 (int)talloc_array_length(group))); 644 773 return NT_STATUS_INTERNAL_DB_CORRUPTION; … … 682 811 } 683 812 813 if (pmsg != NULL) { 814 *pmsg = talloc_move(mem_ctx, &group[0]); 815 } 684 816 TALLOC_FREE(group); 685 817 return NT_STATUS_OK; … … 687 819 688 820 static NTSTATUS pdb_ads_getgrsid(struct pdb_methods *m, GROUP_MAP *map, 689 DOM_SIDsid)821 struct dom_sid sid) 690 822 { 691 823 char *filter; … … 699 831 } 700 832 701 status = pdb_ads_getgrfilter(m, map, filter );833 status = pdb_ads_getgrfilter(m, map, filter, NULL, NULL); 702 834 TALLOC_FREE(filter); 703 835 return status; … … 725 857 } 726 858 727 status = pdb_ads_getgrfilter(m, map, filter );859 status = pdb_ads_getgrfilter(m, map, filter, NULL, NULL); 728 860 TALLOC_FREE(filter); 729 861 return status; … … 760 892 761 893 ok &= tldap_make_mod_fmt( 762 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",894 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 763 895 name); 764 896 ok &= tldap_make_mod_fmt( 765 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "group");897 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group"); 766 898 ok &= tldap_make_mod_fmt( 767 NULL, talloc_tos(), & num_mods, &mods, "groupType",899 NULL, talloc_tos(), &mods, &num_mods, "groupType", 768 900 "%d", (int)GTYPE_SECURITY_GLOBAL_GROUP); 769 901 … … 773 905 } 774 906 775 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);907 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 776 908 if (rc != TLDAP_SUCCESS) { 777 909 DEBUG(10, ("ldap_add failed %s\n", … … 825 957 sid_compose(&sid, &state->domainsid, rid); 826 958 827 sidstr = sid_binstring(talloc_tos(), &sid);959 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid); 828 960 NT_STATUS_HAVE_NO_MEMORY(sidstr); 829 961 … … 879 1011 GROUP_MAP *map) 880 1012 { 1013 struct pdb_ads_state *state = talloc_get_type_abort( 1014 m->private_data, struct pdb_ads_state); 1015 struct tldap_context *ld; 1016 struct tldap_mod *mods = NULL; 1017 char *filter; 1018 struct tldap_message *existing; 1019 char *dn; 1020 GROUP_MAP existing_map; 1021 int rc, num_mods = 0; 1022 bool ret; 1023 NTSTATUS status; 1024 1025 ld = pdb_ads_ld(state); 1026 if (ld == NULL) { 1027 return NT_STATUS_LDAP(TLDAP_SERVER_DOWN); 1028 } 1029 1030 filter = talloc_asprintf(talloc_tos(), 1031 "(&(objectsid=%s)(objectclass=group))", 1032 sid_string_talloc(talloc_tos(), &map->sid)); 1033 if (filter == NULL) { 1034 return NT_STATUS_NO_MEMORY; 1035 } 1036 status = pdb_ads_getgrfilter(m, &existing_map, filter, 1037 talloc_tos(), &existing); 1038 TALLOC_FREE(filter); 1039 1040 if (!tldap_entry_dn(existing, &dn)) { 1041 return NT_STATUS_LDAP(TLDAP_DECODING_ERROR); 1042 } 1043 1044 ret = true; 1045 1046 ret &= tldap_make_mod_fmt( 1047 existing, talloc_tos(), &mods, &num_mods, "description", 1048 "%s", map->comment); 1049 ret &= tldap_make_mod_fmt( 1050 existing, talloc_tos(), &mods, &num_mods, "samaccountname", 1051 "%s", map->nt_name); 1052 1053 if (!ret) { 1054 return NT_STATUS_NO_MEMORY; 1055 } 1056 1057 if (num_mods == 0) { 1058 TALLOC_FREE(existing); 1059 return NT_STATUS_OK; 1060 } 1061 1062 rc = tldap_modify(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1063 if (rc != TLDAP_SUCCESS) { 1064 DEBUG(10, ("ldap_modify for %s failed: %s\n", dn, 1065 tldap_errstr(talloc_tos(), ld, rc))); 1066 TALLOC_FREE(existing); 1067 return NT_STATUS_LDAP(rc); 1068 } 1069 TALLOC_FREE(existing); 1070 return NT_STATUS_OK; 1071 } 1072 1073 static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m, 1074 struct dom_sid sid) 1075 { 881 1076 return NT_STATUS_NOT_IMPLEMENTED; 882 1077 } 883 1078 884 static NTSTATUS pdb_ads_delete_group_mapping_entry(struct pdb_methods *m,885 DOM_SID sid)886 {887 return NT_STATUS_NOT_IMPLEMENTED;888 }889 890 1079 static NTSTATUS pdb_ads_enum_group_mapping(struct pdb_methods *m, 891 const DOM_SID*sid,1080 const struct dom_sid *sid, 892 1081 enum lsa_SidType sid_name_use, 893 1082 GROUP_MAP **pp_rmap, … … 900 1089 static NTSTATUS pdb_ads_enum_group_members(struct pdb_methods *m, 901 1090 TALLOC_CTX *mem_ctx, 902 const DOM_SID*group,1091 const struct dom_sid *group, 903 1092 uint32 **pmembers, 904 1093 size_t *pnum_members) … … 913 1102 uint32_t *members; 914 1103 915 sidstr = sid_binstring(talloc_tos(), group);1104 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), group); 916 1105 NT_STATUS_HAVE_NO_MEMORY(sidstr); 917 1106 … … 936 1125 } 937 1126 938 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) { 939 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1127 if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) { 1128 *pmembers = NULL; 1129 *pnum_members = 0; 1130 return NT_STATUS_OK; 940 1131 } 941 1132 … … 962 1153 TALLOC_CTX *mem_ctx, 963 1154 struct samu *user, 964 DOM_SID**pp_sids,1155 struct dom_sid **pp_sids, 965 1156 gid_t **pp_gids, 966 size_t *p_num_groups)1157 uint32_t *p_num_groups) 967 1158 { 968 1159 struct pdb_ads_state *state = talloc_get_type_abort( 969 1160 m->private_data, struct pdb_ads_state); 970 struct pdb_ads_samu_private *priv = pdb_ads_get_samu_private( 971 m, user); 1161 struct pdb_ads_samu_private *priv; 972 1162 const char *attrs[1] = { "objectSid" }; 973 1163 struct tldap_message **groups; … … 977 1167 gid_t *gids; 978 1168 979 rc = pdb_ads_search_fmt( 980 state, state->domaindn, TLDAP_SCOPE_SUB, 981 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups, 982 "(&(member=%s)(grouptype=%d)(objectclass=group))", 983 priv->dn, GTYPE_SECURITY_GLOBAL_GROUP); 984 if (rc != TLDAP_SUCCESS) { 985 DEBUG(10, ("ldap_search failed %s\n", 986 tldap_errstr(talloc_tos(), state->ld, rc))); 987 return NT_STATUS_LDAP(rc); 988 } 989 990 count = talloc_array_length(groups); 991 992 group_sids = talloc_array(mem_ctx, struct dom_sid, count); 1169 priv = pdb_ads_get_samu_private(m, user); 1170 if (priv != NULL) { 1171 rc = pdb_ads_search_fmt( 1172 state, state->domaindn, TLDAP_SCOPE_SUB, 1173 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &groups, 1174 "(&(member=%s)(grouptype=%d)(objectclass=group))", 1175 priv->dn, GTYPE_SECURITY_GLOBAL_GROUP); 1176 if (rc != TLDAP_SUCCESS) { 1177 DEBUG(10, ("ldap_search failed %s\n", 1178 tldap_errstr(talloc_tos(), state->ld, rc))); 1179 return NT_STATUS_LDAP(rc); 1180 } 1181 count = talloc_array_length(groups); 1182 } else { 1183 /* 1184 * This happens for artificial samu users 1185 */ 1186 DEBUG(10, ("Could not get pdb_ads_samu_private\n")); 1187 count = 0; 1188 } 1189 1190 group_sids = talloc_array(mem_ctx, struct dom_sid, count+1); 993 1191 if (group_sids == NULL) { 994 1192 return NT_STATUS_NO_MEMORY; 995 1193 } 996 gids = talloc_array(mem_ctx, gid_t, count );1194 gids = talloc_array(mem_ctx, gid_t, count+1); 997 1195 if (gids == NULL) { 998 1196 TALLOC_FREE(group_sids); 999 1197 return NT_STATUS_NO_MEMORY; 1000 1198 } 1001 num_groups = 0; 1199 1200 sid_copy(&group_sids[0], pdb_get_group_sid(user)); 1201 if (!sid_to_gid(&group_sids[0], &gids[0])) { 1202 TALLOC_FREE(gids); 1203 TALLOC_FREE(group_sids); 1204 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1205 } 1206 num_groups = 1; 1002 1207 1003 1208 for (i=0; i<count; i++) { … … 1039 1244 char *groupdn, *memberdn; 1040 1245 struct tldap_mod *mods; 1246 int num_mods; 1041 1247 int rc; 1042 1248 NTSTATUS status; … … 1062 1268 1063 1269 mods = NULL; 1064 1065 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op, 1270 num_mods = 0; 1271 1272 if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op, 1066 1273 "member", memberdn)) { 1067 1274 TALLOC_FREE(frame); … … 1069 1276 } 1070 1277 1071 rc = tldap_modify(ld, groupdn, 1,mods, NULL, 0, NULL, 0);1278 rc = tldap_modify(ld, groupdn, mods, num_mods, NULL, 0, NULL, 0); 1072 1279 TALLOC_FREE(frame); 1073 1280 if (rc != TLDAP_SUCCESS) { 1074 1281 DEBUG(10, ("ldap_modify failed: %s\n", 1075 1282 tldap_errstr(talloc_tos(), state->ld, rc))); 1076 if (rc == TLDAP_TYPE_OR_VALUE_EXISTS) { 1283 if ((mod_op == TLDAP_MOD_ADD) && 1284 (rc == TLDAP_ALREADY_EXISTS)) { 1077 1285 return NT_STATUS_MEMBER_IN_GROUP; 1078 1286 } 1079 if (rc == TLDAP_NO_SUCH_ATTRIBUTE) { 1287 if ((mod_op == TLDAP_MOD_DELETE) && 1288 (rc == TLDAP_UNWILLING_TO_PERFORM)) { 1080 1289 return NT_STATUS_MEMBER_NOT_IN_GROUP; 1081 1290 } … … 1131 1340 1132 1341 ok &= tldap_make_mod_fmt( 1133 NULL, talloc_tos(), & num_mods, &mods, "samAccountName", "%s",1342 NULL, talloc_tos(), &mods, &num_mods, "samAccountName", "%s", 1134 1343 name); 1135 1344 ok &= tldap_make_mod_fmt( 1136 NULL, talloc_tos(), & num_mods, &mods, "objectClass", "group");1345 NULL, talloc_tos(), &mods, &num_mods, "objectClass", "group"); 1137 1346 ok &= tldap_make_mod_fmt( 1138 NULL, talloc_tos(), & num_mods, &mods, "groupType",1347 NULL, talloc_tos(), &mods, &num_mods, "groupType", 1139 1348 "%d", (int)GTYPE_SECURITY_DOMAIN_LOCAL_GROUP); 1140 1349 … … 1144 1353 } 1145 1354 1146 rc = tldap_add(ld, dn, num_mods,mods, NULL, 0, NULL, 0);1355 rc = tldap_add(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1147 1356 if (rc != TLDAP_SUCCESS) { 1148 1357 DEBUG(10, ("ldap_add failed %s\n", … … 1183 1392 1184 1393 static NTSTATUS pdb_ads_delete_alias(struct pdb_methods *m, 1185 const DOM_SID*sid)1394 const struct dom_sid *sid) 1186 1395 { 1187 1396 struct pdb_ads_state *state = talloc_get_type_abort( … … 1189 1398 struct tldap_context *ld; 1190 1399 struct tldap_message **alias; 1191 char *sidstr, *dn ;1400 char *sidstr, *dn = NULL; 1192 1401 int rc; 1193 1402 … … 1197 1406 } 1198 1407 1199 sidstr = sid_binstring(talloc_tos(), sid);1408 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1200 1409 if (sidstr == NULL) { 1201 1410 return NT_STATUS_NO_MEMORY; … … 1212 1421 DEBUG(10, ("ldap_search failed: %s\n", 1213 1422 tldap_errstr(talloc_tos(), state->ld, rc))); 1214 TALLOC_FREE(dn);1215 1423 return NT_STATUS_LDAP(rc); 1216 1424 } … … 1230 1438 DEBUG(10, ("ldap_delete failed: %s\n", 1231 1439 tldap_errstr(talloc_tos(), state->ld, rc))); 1232 TALLOC_FREE(dn);1233 1440 return NT_STATUS_LDAP(rc); 1234 1441 } … … 1238 1445 1239 1446 static NTSTATUS pdb_ads_set_aliasinfo(struct pdb_methods *m, 1240 const DOM_SID*sid,1447 const struct dom_sid *sid, 1241 1448 struct acct_info *info) 1242 1449 { … … 1258 1465 } 1259 1466 1260 sidstr = sid_binstring(talloc_tos(), sid);1467 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1261 1468 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1262 1469 … … 1292 1499 1293 1500 ok &= tldap_make_mod_fmt( 1294 msg[0], msg, & num_mods, &mods, "description",1501 msg[0], msg, &mods, &num_mods, "description", 1295 1502 "%s", info->acct_desc); 1296 1503 ok &= tldap_make_mod_fmt( 1297 msg[0], msg, & num_mods, &mods, "samAccountName",1504 msg[0], msg, &mods, &num_mods, "samAccountName", 1298 1505 "%s", info->acct_name); 1299 1506 if (!ok) { … … 1307 1514 } 1308 1515 1309 rc = tldap_modify(ld, dn, num_mods,mods, NULL, 0, NULL, 0);1516 rc = tldap_modify(ld, dn, mods, num_mods, NULL, 0, NULL, 0); 1310 1517 TALLOC_FREE(msg); 1311 1518 if (rc != TLDAP_SUCCESS) { … … 1325 1532 int rc; 1326 1533 1327 sidstr = sid_binstring(talloc_tos(), sid);1534 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), sid); 1328 1535 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1329 1536 … … 1362 1569 1363 1570 static NTSTATUS pdb_ads_mod_aliasmem(struct pdb_methods *m, 1364 const DOM_SID*alias,1365 const DOM_SID*member,1571 const struct dom_sid *alias, 1572 const struct dom_sid *member, 1366 1573 int mod_op) 1367 1574 { … … 1371 1578 TALLOC_CTX *frame = talloc_stackframe(); 1372 1579 struct tldap_mod *mods; 1580 int num_mods; 1373 1581 int rc; 1374 1582 char *aliasdn, *memberdn; … … 1396 1604 1397 1605 mods = NULL; 1398 1399 if (!tldap_add_mod_str(talloc_tos(), &mods, mod_op, 1606 num_mods = 0; 1607 1608 if (!tldap_add_mod_str(talloc_tos(), &mods, &num_mods, mod_op, 1400 1609 "member", memberdn)) { 1401 1610 TALLOC_FREE(frame); … … 1403 1612 } 1404 1613 1405 rc = tldap_modify(ld, aliasdn, 1,mods, NULL, 0, NULL, 0);1614 rc = tldap_modify(ld, aliasdn, mods, num_mods, NULL, 0, NULL, 0); 1406 1615 TALLOC_FREE(frame); 1407 1616 if (rc != TLDAP_SUCCESS) { … … 1421 1630 1422 1631 static NTSTATUS pdb_ads_add_aliasmem(struct pdb_methods *m, 1423 const DOM_SID*alias,1424 const DOM_SID*member)1632 const struct dom_sid *alias, 1633 const struct dom_sid *member) 1425 1634 { 1426 1635 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_ADD); … … 1428 1637 1429 1638 static NTSTATUS pdb_ads_del_aliasmem(struct pdb_methods *m, 1430 const DOM_SID*alias,1431 const DOM_SID*member)1639 const struct dom_sid *alias, 1640 const struct dom_sid *member) 1432 1641 { 1433 1642 return pdb_ads_mod_aliasmem(m, alias, member, TLDAP_MOD_DELETE); … … 1466 1675 1467 1676 static NTSTATUS pdb_ads_enum_aliasmem(struct pdb_methods *m, 1468 const DOM_SID*alias,1677 const struct dom_sid *alias, 1469 1678 TALLOC_CTX *mem_ctx, 1470 DOM_SID**pmembers,1679 struct dom_sid **pmembers, 1471 1680 size_t *pnum_members) 1472 1681 { … … 1480 1689 struct dom_sid *members; 1481 1690 1482 sidstr = sid_binstring(talloc_tos(), alias);1691 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), alias); 1483 1692 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1484 1693 … … 1503 1712 } 1504 1713 1505 if (!tldap_entry_values(msg[0], "member", &num_members, &blobs)) { 1506 return NT_STATUS_INTERNAL_DB_CORRUPTION; 1714 if (!tldap_entry_values(msg[0], "member", &blobs, &num_members)) { 1715 *pmembers = NULL; 1716 *pnum_members = 0; 1717 return NT_STATUS_OK; 1507 1718 } 1508 1719 … … 1526 1737 static NTSTATUS pdb_ads_enum_alias_memberships(struct pdb_methods *m, 1527 1738 TALLOC_CTX *mem_ctx, 1528 const DOM_SID*domain_sid,1529 const DOM_SID*members,1739 const struct dom_sid *domain_sid, 1740 const struct dom_sid *members, 1530 1741 size_t num_members, 1531 1742 uint32_t **palias_rids, … … 1535 1746 m->private_data, struct pdb_ads_state); 1536 1747 const char *attrs[1] = { "objectSid" }; 1537 struct tldap_message **msg ;1748 struct tldap_message **msg = NULL; 1538 1749 uint32_t *alias_rids = NULL; 1539 1750 size_t num_alias_rids = 0; … … 1621 1832 1622 1833 static NTSTATUS pdb_ads_lookup_rids(struct pdb_methods *m, 1623 const DOM_SID*domain_sid,1834 const struct dom_sid *domain_sid, 1624 1835 int num_rids, 1625 1836 uint32 *rids, … … 1649 1860 sid_compose(&sid, domain_sid, rids[i]); 1650 1861 1651 sidstr = sid_binstring(talloc_tos(), &sid);1862 sidstr = ldap_encode_ndr_dom_sid(talloc_tos(), &sid); 1652 1863 NT_STATUS_HAVE_NO_MEMORY(sidstr); 1653 1864 … … 1697 1908 1698 1909 static NTSTATUS pdb_ads_lookup_names(struct pdb_methods *m, 1699 const DOM_SID*domain_sid,1910 const struct dom_sid *domain_sid, 1700 1911 int num_names, 1701 1912 const char **pp_names, … … 1777 1988 struct pdb_search *search, 1778 1989 const char *filter, 1990 uint32_t acct_flags, 1779 1991 struct pdb_ads_search_state **pstate) 1780 1992 { … … 1791 2003 return false; 1792 2004 } 2005 sstate->acct_flags = acct_flags; 1793 2006 1794 2007 rc = pdb_ads_search_fmt( … … 1816 2029 struct samr_displayentry *e; 1817 2030 struct dom_sid sid; 2031 uint32_t ctrl; 1818 2032 1819 2033 e = &sstate->entries[sstate->num_entries]; … … 1825 2039 } 1826 2040 sid_peek_rid(&sid, &e->rid); 1827 e->acct_flags = ACB_NORMAL; 1828 e->account_name = tldap_talloc_single_attribute( 1829 users[i], "samAccountName", sstate->entries); 2041 2042 if (tldap_pull_uint32(users[i], "userAccountControl", &ctrl)) { 2043 2044 e->acct_flags = ds_uf2acb(ctrl); 2045 2046 DEBUG(10, ("pdb_ads_search_filter: Found %x, " 2047 "filter %x\n", (int)e->acct_flags, 2048 (int)sstate->acct_flags)); 2049 2050 2051 if ((sstate->acct_flags != 0) && 2052 ((sstate->acct_flags & e->acct_flags) == 0)) { 2053 continue; 2054 } 2055 2056 if (e->acct_flags & (ACB_WSTRUST|ACB_SVRTRUST)) { 2057 e->acct_flags |= ACB_NORMAL; 2058 } 2059 } else { 2060 e->acct_flags = ACB_NORMAL; 2061 } 2062 2063 if (e->rid == DOMAIN_RID_GUEST) { 2064 /* 2065 * Guest is specially crafted in s3. Make 2066 * QueryDisplayInfo match QueryUserInfo 2067 */ 2068 e->account_name = lp_guestaccount(); 2069 e->fullname = lp_guestaccount(); 2070 e->description = ""; 2071 e->acct_flags = ACB_NORMAL; 2072 } else { 2073 e->account_name = tldap_talloc_single_attribute( 2074 users[i], "samAccountName", sstate->entries); 2075 e->fullname = tldap_talloc_single_attribute( 2076 users[i], "displayName", sstate->entries); 2077 e->description = tldap_talloc_single_attribute( 2078 users[i], "description", sstate->entries); 2079 } 1830 2080 if (e->account_name == NULL) { 1831 2081 return false; 1832 2082 } 1833 e->fullname = tldap_talloc_single_attribute(1834 users[i], "displayName", sstate->entries);1835 2083 if (e->fullname == NULL) { 1836 2084 e->fullname = ""; 1837 2085 } 1838 e->description = tldap_talloc_single_attribute(1839 users[i], "description", sstate->entries);1840 2086 if (e->description == NULL) { 1841 2087 e->description = ""; … … 1860 2106 { 1861 2107 struct pdb_ads_search_state *sstate; 2108 char *filter; 1862 2109 bool ret; 1863 2110 1864 ret = pdb_ads_search_filter(m, search, "(objectclass=user)", &sstate); 2111 DEBUG(10, ("pdb_ads_search_users got flags %x\n", acct_flags)); 2112 2113 if (acct_flags & ACB_NORMAL) { 2114 filter = talloc_asprintf( 2115 talloc_tos(), 2116 "(&(objectclass=user)(sAMAccountType=%d))", 2117 ATYPE_NORMAL_ACCOUNT); 2118 } else if (acct_flags & ACB_WSTRUST) { 2119 filter = talloc_asprintf( 2120 talloc_tos(), 2121 "(&(objectclass=user)(sAMAccountType=%d))", 2122 ATYPE_WORKSTATION_TRUST); 2123 } else { 2124 filter = talloc_strdup(talloc_tos(), "(objectclass=user)"); 2125 } 2126 if (filter == NULL) { 2127 return false; 2128 } 2129 2130 ret = pdb_ads_search_filter(m, search, filter, acct_flags, &sstate); 2131 TALLOC_FREE(filter); 1865 2132 if (!ret) { 1866 2133 return false; 1867 2134 } 1868 sstate->acct_flags = acct_flags;1869 2135 return true; 1870 2136 } … … 1883 2149 return false; 1884 2150 } 1885 ret = pdb_ads_search_filter(m, search, filter, &sstate);2151 ret = pdb_ads_search_filter(m, search, filter, 0, &sstate); 1886 2152 TALLOC_FREE(filter); 1887 2153 if (!ret) { 1888 2154 return false; 1889 2155 } 1890 sstate->acct_flags = 0;1891 2156 return true; 1892 2157 } … … 1894 2159 static bool pdb_ads_search_aliases(struct pdb_methods *m, 1895 2160 struct pdb_search *search, 1896 const DOM_SID*sid)2161 const struct dom_sid *sid) 1897 2162 { 1898 2163 struct pdb_ads_search_state *sstate; … … 1909 2174 return false; 1910 2175 } 1911 ret = pdb_ads_search_filter(m, search, filter, &sstate);2176 ret = pdb_ads_search_filter(m, search, filter, 0, &sstate); 1912 2177 TALLOC_FREE(filter); 1913 2178 if (!ret) { 1914 2179 return false; 1915 2180 } 1916 sstate->acct_flags = 0;1917 2181 return true; 1918 2182 } 1919 2183 1920 2184 static bool pdb_ads_uid_to_sid(struct pdb_methods *m, uid_t uid, 1921 DOM_SID*sid)2185 struct dom_sid *sid) 1922 2186 { 1923 2187 struct pdb_ads_state *state = talloc_get_type_abort( … … 1928 2192 1929 2193 static bool pdb_ads_gid_to_sid(struct pdb_methods *m, gid_t gid, 1930 DOM_SID*sid)2194 struct dom_sid *sid) 1931 2195 { 1932 2196 struct pdb_ads_state *state = talloc_get_type_abort( … … 1936 2200 } 1937 2201 1938 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const DOM_SID*sid,2202 static bool pdb_ads_sid_to_id(struct pdb_methods *m, const struct dom_sid *sid, 1939 2203 union unid_t *id, enum lsa_SidType *type) 1940 2204 { 1941 2205 struct pdb_ads_state *state = talloc_get_type_abort( 1942 2206 m->private_data, struct pdb_ads_state); 2207 const char *attrs[4] = { "objectClass", "samAccountType", 2208 "uidNumber", "gidNumber" }; 1943 2209 struct tldap_message **msg; 1944 char *sidstr ;1945 uint32_t rid;2210 char *sidstr, *base; 2211 uint32_t atype; 1946 2212 int rc; 1947 1948 /* 1949 * This is a big, big hack: Just hard-code the rid as uid/gid. 1950 */ 1951 1952 sid_peek_rid(sid, &rid); 1953 1954 sidstr = sid_binstring(talloc_tos(), sid); 2213 bool ret = false; 2214 2215 sidstr = sid_binstring_hex(sid); 1955 2216 if (sidstr == NULL) { 1956 2217 return false; 1957 2218 } 2219 base = talloc_asprintf(talloc_tos(), "<SID=%s>", sidstr); 2220 SAFE_FREE(sidstr); 1958 2221 1959 2222 rc = pdb_ads_search_fmt( 1960 state, state->domaindn, TLDAP_SCOPE_SUB, 1961 NULL, 0, 0, talloc_tos(), &msg, 1962 "(&(objectsid=%s)(objectclass=user))", sidstr); 1963 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) { 1964 id->uid = rid; 2223 state, base, TLDAP_SCOPE_BASE, 2224 attrs, ARRAY_SIZE(attrs), 0, talloc_tos(), &msg, 2225 "(objectclass=*)"); 2226 TALLOC_FREE(base); 2227 2228 if (rc != TLDAP_SUCCESS) { 2229 DEBUG(10, ("pdb_ads_search_fmt failed: %s\n", 2230 tldap_errstr(talloc_tos(), state->ld, rc))); 2231 return false; 2232 } 2233 if (talloc_array_length(msg) != 1) { 2234 DEBUG(10, ("Got %d objects, expected 1\n", 2235 (int)talloc_array_length(msg))); 2236 goto fail; 2237 } 2238 if (!tldap_pull_uint32(msg[0], "samAccountType", &atype)) { 2239 DEBUG(10, ("samAccountType not found\n")); 2240 goto fail; 2241 } 2242 if (atype == ATYPE_ACCOUNT) { 2243 uint32_t uid; 1965 2244 *type = SID_NAME_USER; 1966 TALLOC_FREE(sidstr); 1967 return true; 1968 } 1969 1970 rc = pdb_ads_search_fmt( 1971 state, state->domaindn, TLDAP_SCOPE_SUB, 1972 NULL, 0, 0, talloc_tos(), &msg, 1973 "(&(objectsid=%s)(objectclass=group))", sidstr); 1974 if ((rc == TLDAP_SUCCESS) && (talloc_array_length(msg) > 0)) { 1975 id->gid = rid; 2245 if (!tldap_pull_uint32(msg[0], "uidNumber", &uid)) { 2246 DEBUG(10, ("Did not find uidNumber\n")); 2247 goto fail; 2248 } 2249 id->uid = uid; 2250 } else { 2251 uint32_t gid; 1976 2252 *type = SID_NAME_DOM_GRP; 1977 TALLOC_FREE(sidstr); 1978 return true; 1979 } 1980 1981 TALLOC_FREE(sidstr); 1982 return false; 2253 if (!tldap_pull_uint32(msg[0], "gidNumber", &gid)) { 2254 DEBUG(10, ("Did not find gidNumber\n")); 2255 goto fail; 2256 } 2257 id->gid = gid; 2258 } 2259 ret = true; 2260 fail: 2261 TALLOC_FREE(msg); 2262 return ret; 1983 2263 } 1984 2264 … … 1995 2275 static bool pdb_ads_get_trusteddom_pw(struct pdb_methods *m, 1996 2276 const char *domain, char** pwd, 1997 DOM_SID*sid,2277 struct dom_sid *sid, 1998 2278 time_t *pass_last_set_time) 1999 2279 { … … 2003 2283 static bool pdb_ads_set_trusteddom_pw(struct pdb_methods *m, 2004 2284 const char* domain, const char* pwd, 2005 const DOM_SID*sid)2285 const struct dom_sid *sid) 2006 2286 { 2007 2287 return false; … … 2202 2482 ZERO_STRUCT(state->socket_address); 2203 2483 state->socket_address.sun_family = AF_UNIX; 2204 str ncpy(state->socket_address.sun_path, location,2205 sizeof(state->socket_address.sun_path) - 1);2484 strlcpy(state->socket_address.sun_path, location, 2485 sizeof(state->socket_address.sun_path)); 2206 2486 2207 2487 ld = pdb_ads_ld(state); … … 2231 2511 state->configdn = tldap_talloc_single_attribute( 2232 2512 rootdse, "configurationNamingContext", state); 2233 if (state-> domaindn == NULL) {2513 if (state->configdn == NULL) { 2234 2514 DEBUG(10, ("Could not get configurationNamingContext\n")); 2235 2515 status = NT_STATUS_INTERNAL_DB_CORRUPTION; … … 2320 2600 NTSTATUS status; 2321 2601 2322 m = talloc( talloc_autofree_context(), struct pdb_methods);2602 m = talloc(NULL, struct pdb_methods); 2323 2603 if (m == NULL) { 2324 2604 return NT_STATUS_NO_MEMORY; -
trunk/server/source3/passdb/pdb_compat.c
r414 r745 7 7 Copyright (C) Andrew Bartlett 2001-2002 8 8 Copyright (C) Stefan (metze) Metzmacher 2002 9 9 10 10 This program is free software; you can redistribute it and/or modify 11 11 it under the terms of the GNU General Public License as published by 12 12 the Free Software Foundation; either version 3 of the License, or 13 13 (at your option) any later version. 14 14 15 15 This program is distributed in the hope that it will be useful, 16 16 but WITHOUT ANY WARRANTY; without even the implied warranty of 17 17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 18 GNU General Public License for more details. 19 19 20 20 You should have received a copy of the GNU General Public License 21 21 along with this program. If not, see <http://www.gnu.org/licenses/>. … … 23 23 24 24 #include "includes.h" 25 #include "passdb.h" 26 #include "../libcli/security/security.h" 25 27 26 28 #undef DBGC_CLASS … … 34 36 if (sid_peek_check_rid(get_global_sam_sid(), pdb_get_user_sid(sampass),&u_rid)) 35 37 return u_rid; 36 38 37 39 return (0); 38 40 } … … 50 52 bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value_state flag) 51 53 { 52 DOM_SIDu_sid;53 const DOM_SID*global_sam_sid;54 54 struct dom_sid u_sid; 55 const struct dom_sid *global_sam_sid; 56 55 57 if (!sampass) 56 58 return False; … … 61 63 } 62 64 63 sid_copy(&u_sid, global_sam_sid); 64 65 if (!sid_append_rid(&u_sid, rid)) 65 if (!sid_compose(&u_sid, global_sam_sid, rid)) { 66 66 return False; 67 } 67 68 68 69 if (!pdb_set_user_sid(sampass, &u_sid, flag)) … … 77 78 bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32 grid, enum pdb_value_state flag) 78 79 { 79 DOM_SIDg_sid;80 const DOM_SID*global_sam_sid;80 struct dom_sid g_sid; 81 const struct dom_sid *global_sam_sid; 81 82 82 83 if (!sampass) 83 84 return False; 84 85 85 86 if (!(global_sam_sid = get_global_sam_sid())) { 86 87 DEBUG(1, ("pdb_set_user_sid_from_rid: Could not read global sam sid!\n")); … … 88 89 } 89 90 90 sid_copy(&g_sid, global_sam_sid); 91 92 if (!sid_append_rid(&g_sid, grid)) 91 if (!sid_compose(&g_sid, global_sam_sid, grid)) { 93 92 return False; 93 } 94 94 95 95 if (!pdb_set_group_sid(sampass, &g_sid, flag)) -
trunk/server/source3/passdb/pdb_get_set.c
r414 r745 23 23 24 24 #include "includes.h" 25 #include "passdb.h" 25 26 #include "../libcli/auth/libcli_auth.h" 27 #include "../libcli/security/security.h" 26 28 27 29 #undef DBGC_CLASS … … 41 43 ********************************************************************/ 42 44 43 uint32 pdb_get_acct_ctrl(const struct samu *sampass)45 uint32_t pdb_get_acct_ctrl(const struct samu *sampass) 44 46 { 45 47 return sampass->acct_ctrl; … … 73 75 time_t pdb_get_pass_can_change_time(const struct samu *sampass) 74 76 { 75 uint32 allow;77 uint32_t allow; 76 78 77 79 /* if the last set time is zero, it means the user cannot … … 86 88 */ 87 89 if (sampass->pass_can_change_time == get_time_t_max() && 88 pdb_get_init_flags(sampass, PDB_CANCHANGETIME) == PDB_CHANGED)90 IS_SAM_CHANGED(sampass, PDB_CANCHANGETIME)) 89 91 return sampass->pass_can_change_time; 90 92 … … 105 107 time_t pdb_get_pass_must_change_time(const struct samu *sampass) 106 108 { 107 uint32 expire;109 uint32_t expire; 108 110 109 111 if (sampass->pass_last_set_time == 0) … … 114 116 115 117 if (!pdb_get_account_policy(PDB_POLICY_MAX_PASSWORD_AGE, &expire) 116 || expire == (uint32 )-1 || expire == 0)118 || expire == (uint32_t)-1 || expire == 0) 117 119 return get_time_t_max(); 118 120 … … 122 124 bool pdb_get_pass_can_change(const struct samu *sampass) 123 125 { 124 if (sampass->pass_can_change_time == get_time_t_max() && 125 sampass->pass_last_set_time != 0) 126 if (sampass->pass_can_change_time == get_time_t_max()) 126 127 return False; 127 128 return True; 128 129 } 129 130 130 uint16 pdb_get_logon_divs(const struct samu *sampass)131 uint16_t pdb_get_logon_divs(const struct samu *sampass) 131 132 { 132 133 return sampass->logon_divs; 133 134 } 134 135 135 uint32 pdb_get_hours_len(const struct samu *sampass)136 uint32_t pdb_get_hours_len(const struct samu *sampass) 136 137 { 137 138 return sampass->hours_len; … … 157 158 } 158 159 159 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32 *current_hist_len)160 const uint8 *pdb_get_pw_history(const struct samu *sampass, uint32_t *current_hist_len) 160 161 { 161 162 SMB_ASSERT((!sampass->nt_pw_his.data) … … 176 177 } 177 178 178 const DOM_SID*pdb_get_user_sid(const struct samu *sampass)179 const struct dom_sid *pdb_get_user_sid(const struct samu *sampass) 179 180 { 180 181 return &sampass->user_sid; 181 182 } 182 183 183 const DOM_SID *pdb_get_group_sid(struct samu *sampass) 184 { 185 DOM_SID *gsid; 186 struct passwd *pwd; 187 bool need_lookup_sid = false; 184 const struct dom_sid *pdb_get_group_sid(struct samu *sampass) 185 { 186 NTSTATUS status; 188 187 189 188 /* Return the cached group SID if we have that */ 190 if ( sampass->group_sid) {189 if (sampass->group_sid) { 191 190 return sampass->group_sid; 192 }193 194 /* generate the group SID from the user's primary Unix group */195 196 if ( !(gsid = TALLOC_ZERO_P( sampass, DOM_SID )) ) {197 return NULL;198 191 } 199 192 … … 202 195 be a newly allocated one. We rely on the user's Unix primary gid. 203 196 We have no choice but to fail if we can't find it. */ 204 205 if ( sampass->unix_pw ) { 206 pwd = sampass->unix_pw; 207 } else { 208 pwd = Get_Pwnam_alloc( sampass, pdb_get_username(sampass) ); 209 } 210 211 if ( !pwd ) { 212 DEBUG(0,("pdb_get_group_sid: Failed to find Unix account for %s\n", pdb_get_username(sampass) )); 197 status = get_primary_group_sid(sampass, 198 pdb_get_username(sampass), 199 &sampass->unix_pw, 200 &sampass->group_sid); 201 if (!NT_STATUS_IS_OK(status)) { 213 202 return NULL; 214 203 } 215 204 216 gid_to_sid(gsid, pwd->pw_gid);217 if (!is_null_sid(gsid)) {218 DOM_SID dgsid;219 uint32_t rid;220 221 sid_copy(&dgsid, gsid);222 sid_split_rid(&dgsid, &rid);223 if (sid_equal(&dgsid, get_global_sam_sid())) {224 /*225 * As shortcut for the expensive lookup_sid call226 * compare the domain sid part227 */228 switch (rid) {229 case DOMAIN_RID_ADMINS:230 case DOMAIN_RID_USERS:231 sampass->group_sid = gsid;232 return sampass->group_sid;233 default:234 need_lookup_sid = true;235 break;236 }237 } else {238 ZERO_STRUCTP(gsid);239 if (pdb_gid_to_sid(pwd->pw_gid, gsid)) {240 need_lookup_sid = true;241 }242 }243 }244 245 if (need_lookup_sid) {246 enum lsa_SidType type = SID_NAME_UNKNOWN;247 TALLOC_CTX *mem_ctx;248 bool lookup_ret;249 const DOM_SID *usid = pdb_get_user_sid(sampass);250 251 mem_ctx = talloc_init("pdb_get_group_sid");252 if (!mem_ctx) {253 return NULL;254 }255 256 DEBUG(10,("do lookup_sid(%s) for group of user %s\n",257 sid_string_dbg(gsid), sid_string_dbg(usid)));258 259 /* Now check that it's actually a domain group and not something else */260 261 lookup_ret = lookup_sid(mem_ctx, gsid, NULL, NULL, &type);262 263 TALLOC_FREE( mem_ctx );264 265 if ( lookup_ret && (type == SID_NAME_DOM_GRP) ) {266 sampass->group_sid = gsid;267 return sampass->group_sid;268 }269 270 DEBUG(3, ("Primary group %s for user %s is a %s and not a domain group\n",271 sid_string_dbg(gsid), pwd->pw_name, sid_type_lookup(type)));272 }273 274 /* Just set it to the 'Domain Users' RID of 512 which will275 always resolve to a name */276 277 sid_copy( gsid, get_global_sam_sid() );278 sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );279 280 sampass->group_sid = gsid;281 282 205 return sampass->group_sid; 283 } 206 } 284 207 285 208 /** … … 373 296 } 374 297 375 uint16 pdb_get_bad_password_count(const struct samu *sampass)298 uint16_t pdb_get_bad_password_count(const struct samu *sampass) 376 299 { 377 300 return sampass->bad_password_count; 378 301 } 379 302 380 uint16 pdb_get_logon_count(const struct samu *sampass)303 uint16_t pdb_get_logon_count(const struct samu *sampass) 381 304 { 382 305 return sampass->logon_count; 383 306 } 384 307 385 uint32 pdb_get_unknown_6(const struct samu *sampass) 308 uint16_t pdb_get_country_code(const struct samu *sampass) 309 { 310 return sampass->country_code; 311 } 312 313 uint16_t pdb_get_code_page(const struct samu *sampass) 314 { 315 return sampass->code_page; 316 } 317 318 uint32_t pdb_get_unknown_6(const struct samu *sampass) 386 319 { 387 320 return sampass->unknown_6; … … 401 334 ********************************************************************/ 402 335 403 bool pdb_set_acct_ctrl(struct samu *sampass, uint32 acct_ctrl, enum pdb_value_state flag)336 bool pdb_set_acct_ctrl(struct samu *sampass, uint32_t acct_ctrl, enum pdb_value_state flag) 404 337 { 405 338 sampass->acct_ctrl = acct_ctrl; … … 449 382 } 450 383 451 bool pdb_set_hours_len(struct samu *sampass, uint32 len, enum pdb_value_state flag)384 bool pdb_set_hours_len(struct samu *sampass, uint32_t len, enum pdb_value_state flag) 452 385 { 453 386 sampass->hours_len = len; … … 455 388 } 456 389 457 bool pdb_set_logon_divs(struct samu *sampass, uint16 hours, enum pdb_value_state flag)390 bool pdb_set_logon_divs(struct samu *sampass, uint16_t hours, enum pdb_value_state flag) 458 391 { 459 392 sampass->logon_divs = hours; … … 527 460 } 528 461 529 bool pdb_set_user_sid(struct samu *sampass, const DOM_SID*u_sid, enum pdb_value_state flag)462 bool pdb_set_user_sid(struct samu *sampass, const struct dom_sid *u_sid, enum pdb_value_state flag) 530 463 { 531 464 if (!u_sid) … … 542 475 bool pdb_set_user_sid_from_string(struct samu *sampass, fstring u_sid, enum pdb_value_state flag) 543 476 { 544 DOM_SIDnew_sid;477 struct dom_sid new_sid; 545 478 546 479 if (!u_sid) … … 571 504 ********************************************************************/ 572 505 573 bool pdb_set_group_sid(struct samu *sampass, const DOM_SID*g_sid, enum pdb_value_state flag)506 bool pdb_set_group_sid(struct samu *sampass, const struct dom_sid *g_sid, enum pdb_value_state flag) 574 507 { 575 508 gid_t gid; 509 struct dom_sid dug_sid; 576 510 577 511 if (!g_sid) 578 512 return False; 579 513 580 if ( !(sampass->group_sid = TALLOC_P( sampass, DOM_SID)) ) {514 if ( !(sampass->group_sid = TALLOC_P( sampass, struct dom_sid )) ) { 581 515 return False; 582 516 } … … 585 519 store DOMAIN_USERS as the primary groupSID */ 586 520 587 if ( sid_to_gid( g_sid, &gid ) ) { 521 sid_compose(&dug_sid, get_global_sam_sid(), DOMAIN_RID_USERS); 522 523 if (dom_sid_equal(&dug_sid, g_sid)) { 524 sid_copy(sampass->group_sid, &dug_sid); 525 } else if (sid_to_gid( g_sid, &gid ) ) { 588 526 sid_copy(sampass->group_sid, g_sid); 589 527 } else { 590 sid_copy( sampass->group_sid, get_global_sam_sid() ); 591 sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS ); 528 sid_copy(sampass->group_sid, &dug_sid); 592 529 } 593 530 … … 909 846 ********************************************************************/ 910 847 911 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)848 bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32_t historyLen, enum pdb_value_state flag) 912 849 { 913 850 if (historyLen && pwd){ 851 data_blob_free(&(sampass->nt_pw_his)); 914 852 sampass->nt_pw_his = data_blob_talloc(sampass, 915 853 pwd, historyLen*PW_HISTORY_ENTRY_LEN); … … 949 887 } 950 888 951 bool pdb_set_bad_password_count(struct samu *sampass, uint16 bad_password_count, enum pdb_value_state flag)889 bool pdb_set_bad_password_count(struct samu *sampass, uint16_t bad_password_count, enum pdb_value_state flag) 952 890 { 953 891 sampass->bad_password_count = bad_password_count; … … 955 893 } 956 894 957 bool pdb_set_logon_count(struct samu *sampass, uint16 logon_count, enum pdb_value_state flag)895 bool pdb_set_logon_count(struct samu *sampass, uint16_t logon_count, enum pdb_value_state flag) 958 896 { 959 897 sampass->logon_count = logon_count; … … 961 899 } 962 900 963 bool pdb_set_unknown_6(struct samu *sampass, uint32 unkn, enum pdb_value_state flag) 901 bool pdb_set_country_code(struct samu *sampass, uint16_t country_code, 902 enum pdb_value_state flag) 903 { 904 sampass->country_code = country_code; 905 return pdb_set_init_flags(sampass, PDB_COUNTRY_CODE, flag); 906 } 907 908 bool pdb_set_code_page(struct samu *sampass, uint16_t code_page, 909 enum pdb_value_state flag) 910 { 911 sampass->code_page = code_page; 912 return pdb_set_init_flags(sampass, PDB_CODE_PAGE, flag); 913 } 914 915 bool pdb_set_unknown_6(struct samu *sampass, uint32_t unkn, enum pdb_value_state flag) 964 916 { 965 917 sampass->unknown_6 = unkn; … … 967 919 } 968 920 969 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, enum pdb_value_state flag) 970 { 921 bool pdb_set_hours(struct samu *sampass, const uint8 *hours, int hours_len, 922 enum pdb_value_state flag) 923 { 924 if (hours_len > sizeof(sampass->hours)) { 925 return false; 926 } 927 971 928 if (!hours) { 972 memset ((char *)sampass->hours, 0, MAX_HOURS_LEN);973 } else { 974 memcpy (sampass->hours, hours, MAX_HOURS_LEN);929 memset ((char *)sampass->hours, 0, hours_len); 930 } else { 931 memcpy (sampass->hours, hours, hours_len); 975 932 } 976 933 … … 1017 974 uchar new_nt_p16[NT_HASH_LEN]; 1018 975 uchar *pwhistory; 1019 uint32 pwHistLen;1020 uint32 current_history_len;976 uint32_t pwHistLen; 977 uint32_t current_history_len; 1021 978 1022 979 if (!plaintext) … … 1126 1083 1127 1084 /* check for any PDB_SET/CHANGED field and fill the appropriate mask bit */ 1128 uint32 pdb_build_fields_present(struct samu *sampass)1085 uint32_t pdb_build_fields_present(struct samu *sampass) 1129 1086 { 1130 1087 /* value set to all for testing */ -
trunk/server/source3/passdb/pdb_interface.c
r596 r745 22 22 23 23 #include "includes.h" 24 #include "system/passwd.h" 25 #include "passdb.h" 26 #include "secrets.h" 27 #include "../librpc/gen_ndr/samr.h" 28 #include "memcache.h" 29 #include "nsswitch/winbind_client.h" 30 #include "../libcli/security/security.h" 31 #include "../lib/util/util_pw.h" 24 32 25 33 #undef DBGC_CLASS … … 217 225 } 218 226 227 /** 228 * @brief Check if the user account has been locked out and try to unlock it. 229 * 230 * If the user has been automatically locked out and a lockout duration is set, 231 * then check if we can unlock the account and reset the bad password values. 232 * 233 * @param[in] sampass The sam user to check. 234 * 235 * @return True if the function was successfull, false on an error. 236 */ 237 static bool pdb_try_account_unlock(struct samu *sampass) 238 { 239 uint32_t acb_info = pdb_get_acct_ctrl(sampass); 240 241 if ((acb_info & ACB_NORMAL) && (acb_info & ACB_AUTOLOCK)) { 242 uint32_t lockout_duration; 243 time_t bad_password_time; 244 time_t now = time(NULL); 245 bool ok; 246 247 ok = pdb_get_account_policy(PDB_POLICY_LOCK_ACCOUNT_DURATION, 248 &lockout_duration); 249 if (!ok) { 250 DEBUG(0, ("pdb_try_account_unlock: " 251 "pdb_get_account_policy failed.\n")); 252 return false; 253 } 254 255 if (lockout_duration == (uint32_t) -1 || 256 lockout_duration == 0) { 257 DEBUG(9, ("pdb_try_account_unlock: No reset duration, " 258 "can't reset autolock\n")); 259 return false; 260 } 261 lockout_duration *= 60; 262 263 bad_password_time = pdb_get_bad_password_time(sampass); 264 if (bad_password_time == (time_t) 0) { 265 DEBUG(2, ("pdb_try_account_unlock: Account %s " 266 "administratively locked out " 267 "with no bad password " 268 "time. Leaving locked out.\n", 269 pdb_get_username(sampass))); 270 return true; 271 } 272 273 if ((bad_password_time + 274 convert_uint32_t_to_time_t(lockout_duration)) < now) { 275 NTSTATUS status; 276 277 pdb_set_acct_ctrl(sampass, acb_info & ~ACB_AUTOLOCK, 278 PDB_CHANGED); 279 pdb_set_bad_password_count(sampass, 0, PDB_CHANGED); 280 pdb_set_bad_password_time(sampass, 0, PDB_CHANGED); 281 282 become_root(); 283 status = pdb_update_sam_account(sampass); 284 unbecome_root(); 285 if (!NT_STATUS_IS_OK(status)) { 286 DEBUG(0, ("_samr_OpenUser: Couldn't " 287 "update account %s - %s\n", 288 pdb_get_username(sampass), 289 nt_errstr(status))); 290 return false; 291 } 292 } 293 } 294 295 return true; 296 } 297 298 /** 299 * @brief Get a sam user structure by the given username. 300 * 301 * This functions also checks if the account has been automatically locked out 302 * and unlocks it if a lockout duration time has been defined and the time has 303 * elapsed. 304 * 305 * @param[in] sam_acct The sam user structure to fill. 306 * 307 * @param[in] username The username to look for. 308 * 309 * @return True on success, false on error. 310 */ 219 311 bool pdb_getsampwnam(struct samu *sam_acct, const char *username) 220 312 { … … 222 314 struct samu *for_cache; 223 315 const struct dom_sid *user_sid; 224 225 if (!NT_STATUS_IS_OK(pdb->getsampwnam(pdb, sam_acct, username))) { 226 return False; 316 NTSTATUS status; 317 bool ok; 318 319 status = pdb->getsampwnam(pdb, sam_acct, username); 320 if (!NT_STATUS_IS_OK(status)) { 321 return false; 322 } 323 324 ok = pdb_try_account_unlock(sam_acct); 325 if (!ok) { 326 DEBUG(1, ("pdb_getsampwnam: Failed to unlock account %s\n", 327 username)); 227 328 } 228 329 … … 249 350 **********************************************************************/ 250 351 251 bool guest_user_info( struct samu *user )352 static bool guest_user_info( struct samu *user ) 252 353 { 253 354 struct passwd *pwd; … … 255 356 const char *guestname = lp_guestaccount(); 256 357 257 if ( !(pwd = Get_Pwnam_alloc(talloc_autofree_context(), guestname ) ) ) { 358 pwd = Get_Pwnam_alloc(talloc_tos(), guestname); 359 if (pwd == NULL) { 258 360 DEBUG(0,("guest_user_info: Unable to locate guest account [%s]!\n", 259 361 guestname)); … … 268 370 } 269 371 270 /********************************************************************** 271 **********************************************************************/ 272 273 bool pdb_getsampwsid(struct samu *sam_acct, const DOM_SID *sid) 274 { 275 struct pdb_methods *pdb = pdb_get_methods(); 276 uint32 rid; 372 /** 373 * @brief Get a sam user structure by the given username. 374 * 375 * This functions also checks if the account has been automatically locked out 376 * and unlocks it if a lockout duration time has been defined and the time has 377 * elapsed. 378 * 379 * 380 * @param[in] sam_acct The sam user structure to fill. 381 * 382 * @param[in] sid The user SDI to look up. 383 * 384 * @return True on success, false on error. 385 */ 386 bool pdb_getsampwsid(struct samu *sam_acct, const struct dom_sid *sid) 387 { 388 struct pdb_methods *pdb = pdb_get_methods(); 389 uint32_t rid; 277 390 void *cache_data; 391 bool ok = false; 278 392 279 393 /* hard code the Guest RID of 501 */ … … 282 396 return False; 283 397 284 if ( rid == DOMAIN_ USER_RID_GUEST ) {398 if ( rid == DOMAIN_RID_GUEST ) { 285 399 DEBUG(6,("pdb_getsampwsid: Building guest account\n")); 286 400 return guest_user_info( sam_acct ); … … 296 410 cache_data, struct samu); 297 411 298 return pdb_copy_sam_account(sam_acct, cache_copy); 299 } 300 301 return NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); 412 ok = pdb_copy_sam_account(sam_acct, cache_copy); 413 } else { 414 ok = NT_STATUS_IS_OK(pdb->getsampwsid(pdb, sam_acct, sid)); 415 } 416 417 if (!ok) { 418 return false; 419 } 420 421 ok = pdb_try_account_unlock(sam_acct); 422 if (!ok) { 423 DEBUG(1, ("pdb_getsampwsid: Failed to unlock account %s\n", 424 sam_acct->username)); 425 } 426 427 return true; 302 428 } 303 429 304 430 static NTSTATUS pdb_default_create_user(struct pdb_methods *methods, 305 431 TALLOC_CTX *tmp_ctx, const char *name, 306 uint32 acb_info, uint32*rid)432 uint32_t acb_info, uint32_t *rid) 307 433 { 308 434 struct samu *sam_pass; … … 354 480 355 481 pwd = Get_Pwnam_alloc(tmp_ctx, name); 482 483 if(pwd == NULL) { 484 DEBUG(3, ("Could not find user %s, add script did not work\n", name)); 485 return NT_STATUS_NO_SUCH_USER; 486 } 356 487 } 357 488 … … 390 521 } 391 522 392 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32 flags,393 uint32 *rid)523 NTSTATUS pdb_create_user(TALLOC_CTX *mem_ctx, const char *name, uint32_t flags, 524 uint32_t *rid) 394 525 { 395 526 struct pdb_methods *pdb = pdb_get_methods(); … … 538 669 } 539 670 540 bool pdb_getgrsid(GROUP_MAP *map, DOM_SIDsid)671 bool pdb_getgrsid(GROUP_MAP *map, struct dom_sid sid) 541 672 { 542 673 struct pdb_methods *pdb = pdb_get_methods(); … … 559 690 TALLOC_CTX *mem_ctx, 560 691 const char *name, 561 uint32 *rid)562 { 563 DOM_SIDgroup_sid;692 uint32_t *rid) 693 { 694 struct dom_sid group_sid; 564 695 struct group *grp; 565 696 fstring tmp; … … 596 727 597 728 NTSTATUS pdb_create_dom_group(TALLOC_CTX *mem_ctx, const char *name, 598 uint32 *rid)729 uint32_t *rid) 599 730 { 600 731 struct pdb_methods *pdb = pdb_get_methods(); … … 604 735 static NTSTATUS pdb_default_delete_dom_group(struct pdb_methods *methods, 605 736 TALLOC_CTX *mem_ctx, 606 uint32 rid)607 { 608 DOM_SIDgroup_sid;737 uint32_t rid) 738 { 739 struct dom_sid group_sid; 609 740 GROUP_MAP map; 610 741 NTSTATUS status; … … 653 784 } 654 785 655 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32 rid)786 NTSTATUS pdb_delete_dom_group(TALLOC_CTX *mem_ctx, uint32_t rid) 656 787 { 657 788 struct pdb_methods *pdb = pdb_get_methods(); … … 671 802 } 672 803 673 NTSTATUS pdb_delete_group_mapping_entry( DOM_SIDsid)804 NTSTATUS pdb_delete_group_mapping_entry(struct dom_sid sid) 674 805 { 675 806 struct pdb_methods *pdb = pdb_get_methods(); … … 677 808 } 678 809 679 bool pdb_enum_group_mapping(const DOM_SID*sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap,810 bool pdb_enum_group_mapping(const struct dom_sid *sid, enum lsa_SidType sid_name_use, GROUP_MAP **pp_rmap, 680 811 size_t *p_num_entries, bool unix_only) 681 812 { … … 686 817 687 818 NTSTATUS pdb_enum_group_members(TALLOC_CTX *mem_ctx, 688 const DOM_SID*sid,689 uint32 **pp_member_rids,819 const struct dom_sid *sid, 820 uint32_t **pp_member_rids, 690 821 size_t *p_num_members) 691 822 { … … 699 830 700 831 if ( !NT_STATUS_IS_OK( result ) ) { 701 uint32 rid;832 uint32_t rid; 702 833 703 834 sid_peek_rid( sid, &rid ); 704 835 705 if ( rid == DOMAIN_ GROUP_RID_USERS ) {836 if ( rid == DOMAIN_RID_USERS ) { 706 837 *p_num_members = 0; 707 838 *pp_member_rids = NULL; … … 715 846 716 847 NTSTATUS pdb_enum_group_memberships(TALLOC_CTX *mem_ctx, struct samu *user, 717 DOM_SID**pp_sids, gid_t **pp_gids,718 size_t *p_num_groups)848 struct dom_sid **pp_sids, gid_t **pp_gids, 849 uint32_t *p_num_groups) 719 850 { 720 851 struct pdb_methods *pdb = pdb_get_methods(); … … 757 888 758 889 static bool pdb_user_in_group(TALLOC_CTX *mem_ctx, struct samu *account, 759 const DOM_SID*group_sid)760 { 761 DOM_SID*sids;890 const struct dom_sid *group_sid) 891 { 892 struct dom_sid *sids; 762 893 gid_t *gids; 763 size_t i, num_groups;894 uint32_t i, num_groups; 764 895 765 896 if (!NT_STATUS_IS_OK(pdb_enum_group_memberships(mem_ctx, account, … … 770 901 771 902 for (i=0; i<num_groups; i++) { 772 if ( sid_equal(group_sid, &sids[i])) {903 if (dom_sid_equal(group_sid, &sids[i])) { 773 904 return True; 774 905 } … … 779 910 static NTSTATUS pdb_default_add_groupmem(struct pdb_methods *methods, 780 911 TALLOC_CTX *mem_ctx, 781 uint32 group_rid,782 uint32 member_rid)783 { 784 DOM_SIDgroup_sid, member_sid;912 uint32_t group_rid, 913 uint32_t member_rid) 914 { 915 struct dom_sid group_sid, member_sid; 785 916 struct samu *account = NULL; 786 917 GROUP_MAP map; … … 835 966 } 836 967 837 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,838 uint32 member_rid)968 NTSTATUS pdb_add_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid, 969 uint32_t member_rid) 839 970 { 840 971 struct pdb_methods *pdb = pdb_get_methods(); … … 844 975 static NTSTATUS pdb_default_del_groupmem(struct pdb_methods *methods, 845 976 TALLOC_CTX *mem_ctx, 846 uint32 group_rid,847 uint32 member_rid)848 { 849 DOM_SIDgroup_sid, member_sid;977 uint32_t group_rid, 978 uint32_t member_rid) 979 { 980 struct dom_sid group_sid, member_sid; 850 981 struct samu *account = NULL; 851 982 GROUP_MAP map; … … 897 1028 } 898 1029 899 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32 group_rid,900 uint32 member_rid)1030 NTSTATUS pdb_del_groupmem(TALLOC_CTX *mem_ctx, uint32_t group_rid, 1031 uint32_t member_rid) 901 1032 { 902 1033 struct pdb_methods *pdb = pdb_get_methods(); … … 904 1035 } 905 1036 906 NTSTATUS pdb_create_alias(const char *name, uint32 *rid)1037 NTSTATUS pdb_create_alias(const char *name, uint32_t *rid) 907 1038 { 908 1039 struct pdb_methods *pdb = pdb_get_methods(); … … 910 1041 } 911 1042 912 NTSTATUS pdb_delete_alias(const DOM_SID*sid)1043 NTSTATUS pdb_delete_alias(const struct dom_sid *sid) 913 1044 { 914 1045 struct pdb_methods *pdb = pdb_get_methods(); … … 916 1047 } 917 1048 918 NTSTATUS pdb_get_aliasinfo(const DOM_SID*sid, struct acct_info *info)1049 NTSTATUS pdb_get_aliasinfo(const struct dom_sid *sid, struct acct_info *info) 919 1050 { 920 1051 struct pdb_methods *pdb = pdb_get_methods(); … … 922 1053 } 923 1054 924 NTSTATUS pdb_set_aliasinfo(const DOM_SID*sid, struct acct_info *info)1055 NTSTATUS pdb_set_aliasinfo(const struct dom_sid *sid, struct acct_info *info) 925 1056 { 926 1057 struct pdb_methods *pdb = pdb_get_methods(); … … 928 1059 } 929 1060 930 NTSTATUS pdb_add_aliasmem(const DOM_SID *alias, const DOM_SID*member)1061 NTSTATUS pdb_add_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 931 1062 { 932 1063 struct pdb_methods *pdb = pdb_get_methods(); … … 934 1065 } 935 1066 936 NTSTATUS pdb_del_aliasmem(const DOM_SID *alias, const DOM_SID*member)1067 NTSTATUS pdb_del_aliasmem(const struct dom_sid *alias, const struct dom_sid *member) 937 1068 { 938 1069 struct pdb_methods *pdb = pdb_get_methods(); … … 940 1071 } 941 1072 942 NTSTATUS pdb_enum_aliasmem(const DOM_SID*alias, TALLOC_CTX *mem_ctx,943 DOM_SID**pp_members, size_t *p_num_members)1073 NTSTATUS pdb_enum_aliasmem(const struct dom_sid *alias, TALLOC_CTX *mem_ctx, 1074 struct dom_sid **pp_members, size_t *p_num_members) 944 1075 { 945 1076 struct pdb_methods *pdb = pdb_get_methods(); … … 949 1080 950 1081 NTSTATUS pdb_enum_alias_memberships(TALLOC_CTX *mem_ctx, 951 const DOM_SID*domain_sid,952 const DOM_SID*members, size_t num_members,953 uint32 **pp_alias_rids,1082 const struct dom_sid *domain_sid, 1083 const struct dom_sid *members, size_t num_members, 1084 uint32_t **pp_alias_rids, 954 1085 size_t *p_num_alias_rids) 955 1086 { … … 962 1093 } 963 1094 964 NTSTATUS pdb_lookup_rids(const DOM_SID*domain_sid,1095 NTSTATUS pdb_lookup_rids(const struct dom_sid *domain_sid, 965 1096 int num_rids, 966 uint32 *rids,1097 uint32_t *rids, 967 1098 const char **names, 968 1099 enum lsa_SidType *attrs) … … 984 1115 */ 985 1116 #if 0 986 NTSTATUS pdb_lookup_names(const DOM_SID*domain_sid,1117 NTSTATUS pdb_lookup_names(const struct dom_sid *domain_sid, 987 1118 int num_names, 988 1119 const char **names, 989 uint32 *rids,1120 uint32_t *rids, 990 1121 enum lsa_SidType *attrs) 991 1122 { … … 1025 1156 } 1026 1157 1027 bool pdb_uid_to_sid(uid_t uid, DOM_SID*sid)1158 bool pdb_uid_to_sid(uid_t uid, struct dom_sid *sid) 1028 1159 { 1029 1160 struct pdb_methods *pdb = pdb_get_methods(); … … 1031 1162 } 1032 1163 1033 bool pdb_gid_to_sid(gid_t gid, DOM_SID*sid)1164 bool pdb_gid_to_sid(gid_t gid, struct dom_sid *sid) 1034 1165 { 1035 1166 struct pdb_methods *pdb = pdb_get_methods(); … … 1037 1168 } 1038 1169 1039 bool pdb_sid_to_id(const DOM_SID*sid, union unid_t *id,1170 bool pdb_sid_to_id(const struct dom_sid *sid, union unid_t *id, 1040 1171 enum lsa_SidType *type) 1041 1172 { … … 1057 1188 ********************************************************************/ 1058 1189 1059 bool pdb_new_rid(uint32 *rid)1190 bool pdb_new_rid(uint32_t *rid) 1060 1191 { 1061 1192 struct pdb_methods *pdb = pdb_get_methods(); 1062 1193 const char *name = NULL; 1063 1194 enum lsa_SidType type; 1064 uint32 allocated_rid = 0;1195 uint32_t allocated_rid = 0; 1065 1196 int i; 1066 1197 TALLOC_CTX *ctx; … … 1137 1268 } 1138 1269 1139 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID*sid)1270 static NTSTATUS pdb_default_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid) 1140 1271 { 1141 1272 return NT_STATUS_NO_SUCH_USER; … … 1186 1317 1187 1318 static bool pdb_default_uid_to_sid(struct pdb_methods *methods, uid_t uid, 1188 DOM_SID*sid)1319 struct dom_sid *sid) 1189 1320 { 1190 1321 struct samu *sampw = NULL; … … 1225 1356 1226 1357 static bool pdb_default_gid_to_sid(struct pdb_methods *methods, gid_t gid, 1227 DOM_SID*sid)1358 struct dom_sid *sid) 1228 1359 { 1229 1360 GROUP_MAP map; … … 1238 1369 1239 1370 static bool pdb_default_sid_to_id(struct pdb_methods *methods, 1240 const DOM_SID*sid,1371 const struct dom_sid *sid, 1241 1372 union unid_t *id, enum lsa_SidType *type) 1242 1373 { … … 1244 1375 bool ret = False; 1245 1376 const char *name; 1246 uint32 rid;1377 uint32_t rid; 1247 1378 1248 1379 mem_ctx = talloc_new(NULL); … … 1311 1442 } 1312 1443 1313 static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, size_t *p_num)1444 static bool get_memberuids(TALLOC_CTX *mem_ctx, gid_t gid, uid_t **pp_uids, uint32_t *p_num) 1314 1445 { 1315 1446 struct group *grp; … … 1368 1499 static NTSTATUS pdb_default_enum_group_members(struct pdb_methods *methods, 1369 1500 TALLOC_CTX *mem_ctx, 1370 const DOM_SID*group,1371 uint32 **pp_member_rids,1501 const struct dom_sid *group, 1502 uint32_t **pp_member_rids, 1372 1503 size_t *p_num_members) 1373 1504 { 1374 1505 gid_t gid; 1375 1506 uid_t *uids; 1376 size_t i, num_uids;1507 uint32_t i, num_uids; 1377 1508 1378 1509 *pp_member_rids = NULL; … … 1388 1519 return NT_STATUS_OK; 1389 1520 1390 *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32 , num_uids);1521 *pp_member_rids = TALLOC_ZERO_ARRAY(mem_ctx, uint32_t, num_uids); 1391 1522 1392 1523 for (i=0; i<num_uids; i++) { 1393 DOM_SIDsid;1524 struct dom_sid sid; 1394 1525 1395 1526 uid_to_sid(&sid, uids[i]); … … 1411 1542 TALLOC_CTX *mem_ctx, 1412 1543 struct samu *user, 1413 DOM_SID**pp_sids,1544 struct dom_sid **pp_sids, 1414 1545 gid_t **pp_gids, 1415 size_t *p_num_groups)1546 uint32_t *p_num_groups) 1416 1547 { 1417 1548 size_t i; … … 1440 1571 } 1441 1572 1442 *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);1573 *pp_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, *p_num_groups); 1443 1574 1444 1575 if (*pp_sids == NULL) { … … 1458 1589 ********************************************************************/ 1459 1590 1460 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,1591 static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32_t rid, 1461 1592 const char **name, 1462 1593 enum lsa_SidType *psid_name_use, … … 1466 1597 GROUP_MAP map; 1467 1598 bool ret; 1468 DOM_SIDsid;1599 struct dom_sid sid; 1469 1600 1470 1601 *psid_name_use = SID_NAME_UNKNOWN; … … 1473 1604 (unsigned int)rid)); 1474 1605 1475 sid_copy(&sid, get_global_sam_sid()); 1476 sid_append_rid(&sid, rid); 1606 sid_compose(&sid, get_global_sam_sid(), rid); 1477 1607 1478 1608 /* see if the passdb can help us with the name of the user */ … … 1482 1612 } 1483 1613 1484 /* BEING ROOT BL LOCK */1614 /* BEING ROOT BLOCK */ 1485 1615 become_root(); 1486 1616 if (pdb_getsampwsid(sam_account, &sid)) { … … 1538 1668 } 1539 1669 1540 if ( rid == DOMAIN_ GROUP_RID_USERS ) {1670 if ( rid == DOMAIN_RID_USERS ) { 1541 1671 *name = talloc_strdup(mem_ctx, "None" ); 1542 1672 *psid_name_use = SID_NAME_DOM_GRP; … … 1549 1679 1550 1680 static NTSTATUS pdb_default_lookup_rids(struct pdb_methods *methods, 1551 const DOM_SID*domain_sid,1681 const struct dom_sid *domain_sid, 1552 1682 int num_rids, 1553 uint32 *rids,1683 uint32_t *rids, 1554 1684 const char **names, 1555 1685 enum lsa_SidType *attrs) … … 1613 1743 #if 0 1614 1744 static NTSTATUS pdb_default_lookup_names(struct pdb_methods *methods, 1615 const DOM_SID*domain_sid,1745 const struct dom_sid *domain_sid, 1616 1746 int num_names, 1617 1747 const char **names, 1618 uint32 *rids,1748 uint32_t *rids, 1619 1749 enum lsa_SidType *attrs) 1620 1750 { … … 1627 1757 1628 1758 for (i=0; i<num_names; i++) { 1629 uint32 rid;1759 uint32_t rid; 1630 1760 1631 1761 if (lookup_builtin_name(names[i], &rid)) { … … 1705 1835 } 1706 1836 1707 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32 rid,1708 uint16 acct_flags,1837 static void fill_displayentry(TALLOC_CTX *mem_ctx, uint32_t rid, 1838 uint16_t acct_flags, 1709 1839 const char *account_name, 1710 1840 const char *fullname, … … 1740 1870 { 1741 1871 struct group_search *state = (struct group_search *)s->private_data; 1742 uint32 rid;1872 uint32_t rid; 1743 1873 GROUP_MAP *map = &state->groups[state->current_group]; 1744 1874 … … 1762 1892 1763 1893 static bool pdb_search_grouptype(struct pdb_search *search, 1764 const DOM_SID*sid, enum lsa_SidType type)1894 const struct dom_sid *sid, enum lsa_SidType type) 1765 1895 { 1766 1896 struct group_search *state; … … 1793 1923 static bool pdb_default_search_aliases(struct pdb_methods *methods, 1794 1924 struct pdb_search *search, 1795 const DOM_SID*sid)1925 const struct dom_sid *sid) 1796 1926 { 1797 1927 … … 1800 1930 1801 1931 static struct samr_displayentry *pdb_search_getentry(struct pdb_search *search, 1802 uint32 idx)1932 uint32_t idx) 1803 1933 { 1804 1934 if (idx < search->num_entries) … … 1825 1955 } 1826 1956 1827 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32 acct_flags)1957 struct pdb_search *pdb_search_users(TALLOC_CTX *mem_ctx, uint32_t acct_flags) 1828 1958 { 1829 1959 struct pdb_methods *pdb = pdb_get_methods(); … … 1859 1989 } 1860 1990 1861 struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const DOM_SID*sid)1991 struct pdb_search *pdb_search_aliases(TALLOC_CTX *mem_ctx, const struct dom_sid *sid) 1862 1992 { 1863 1993 struct pdb_methods *pdb = pdb_get_methods(); … … 1878 2008 } 1879 2009 1880 uint32 pdb_search_entries(struct pdb_search *search,1881 uint32 start_idx, uint32max_entries,2010 uint32_t pdb_search_entries(struct pdb_search *search, 2011 uint32_t start_idx, uint32_t max_entries, 1882 2012 struct samr_displayentry **result) 1883 2013 { 1884 2014 struct samr_displayentry *end_entry; 1885 uint32 end_idx = start_idx+max_entries-1;2015 uint32_t end_idx = start_idx+max_entries-1; 1886 2016 1887 2017 /* The first entry needs to be searched after the last. Otherwise the … … 1905 2035 *******************************************************************/ 1906 2036 1907 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, DOM_SID *sid,2037 bool pdb_get_trusteddom_pw(const char *domain, char** pwd, struct dom_sid *sid, 1908 2038 time_t *pass_last_set_time) 1909 2039 { … … 1914 2044 1915 2045 bool pdb_set_trusteddom_pw(const char* domain, const char* pwd, 1916 const DOM_SID*sid)2046 const struct dom_sid *sid) 1917 2047 { 1918 2048 struct pdb_methods *pdb = pdb_get_methods(); … … 1926 2056 } 1927 2057 1928 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32 *num_domains,2058 NTSTATUS pdb_enum_trusteddoms(TALLOC_CTX *mem_ctx, uint32_t *num_domains, 1929 2059 struct trustdom_info ***domains) 1930 2060 { … … 1942 2072 const char *domain, 1943 2073 char** pwd, 1944 DOM_SID *sid,2074 struct dom_sid *sid, 1945 2075 time_t *pass_last_set_time) 1946 2076 { … … 1953 2083 const char* domain, 1954 2084 const char* pwd, 1955 const DOM_SID*sid)2085 const struct dom_sid *sid) 1956 2086 { 1957 2087 return secrets_store_trusted_domain_password(domain, pwd, sid); … … 1966 2096 static NTSTATUS pdb_default_enum_trusteddoms(struct pdb_methods *methods, 1967 2097 TALLOC_CTX *mem_ctx, 1968 uint32 *num_domains,2098 uint32_t *num_domains, 1969 2099 struct trustdom_info ***domains) 1970 2100 { 1971 2101 return secrets_trusted_domains(mem_ctx, num_domains, domains); 2102 } 2103 2104 /******************************************************************* 2105 trusted_domain methods 2106 *******************************************************************/ 2107 2108 NTSTATUS pdb_get_trusted_domain(TALLOC_CTX *mem_ctx, const char *domain, 2109 struct pdb_trusted_domain **td) 2110 { 2111 struct pdb_methods *pdb = pdb_get_methods(); 2112 return pdb->get_trusted_domain(pdb, mem_ctx, domain, td); 2113 } 2114 2115 NTSTATUS pdb_get_trusted_domain_by_sid(TALLOC_CTX *mem_ctx, struct dom_sid *sid, 2116 struct pdb_trusted_domain **td) 2117 { 2118 struct pdb_methods *pdb = pdb_get_methods(); 2119 return pdb->get_trusted_domain_by_sid(pdb, mem_ctx, sid, td); 2120 } 2121 2122 NTSTATUS pdb_set_trusted_domain(const char* domain, 2123 const struct pdb_trusted_domain *td) 2124 { 2125 struct pdb_methods *pdb = pdb_get_methods(); 2126 return pdb->set_trusted_domain(pdb, domain, td); 2127 } 2128 2129 NTSTATUS pdb_del_trusted_domain(const char *domain) 2130 { 2131 struct pdb_methods *pdb = pdb_get_methods(); 2132 return pdb->del_trusted_domain(pdb, domain); 2133 } 2134 2135 NTSTATUS pdb_enum_trusted_domains(TALLOC_CTX *mem_ctx, uint32_t *num_domains, 2136 struct pdb_trusted_domain ***domains) 2137 { 2138 struct pdb_methods *pdb = pdb_get_methods(); 2139 return pdb->enum_trusted_domains(pdb, mem_ctx, num_domains, domains); 2140 } 2141 2142 static NTSTATUS pdb_default_get_trusted_domain(struct pdb_methods *methods, 2143 TALLOC_CTX *mem_ctx, 2144 const char *domain, 2145 struct pdb_trusted_domain **td) 2146 { 2147 return NT_STATUS_NOT_IMPLEMENTED; 2148 } 2149 2150 static NTSTATUS pdb_default_get_trusted_domain_by_sid(struct pdb_methods *methods, 2151 TALLOC_CTX *mem_ctx, 2152 struct dom_sid *sid, 2153 struct pdb_trusted_domain **td) 2154 { 2155 return NT_STATUS_NOT_IMPLEMENTED; 2156 } 2157 2158 static NTSTATUS pdb_default_set_trusted_domain(struct pdb_methods *methods, 2159 const char* domain, 2160 const struct pdb_trusted_domain *td) 2161 { 2162 return NT_STATUS_NOT_IMPLEMENTED; 2163 } 2164 2165 static NTSTATUS pdb_default_del_trusted_domain(struct pdb_methods *methods, 2166 const char *domain) 2167 { 2168 return NT_STATUS_NOT_IMPLEMENTED; 2169 } 2170 2171 static NTSTATUS pdb_default_enum_trusted_domains(struct pdb_methods *methods, 2172 TALLOC_CTX *mem_ctx, 2173 uint32_t *num_domains, 2174 struct pdb_trusted_domain ***domains) 2175 { 2176 return NT_STATUS_NOT_IMPLEMENTED; 1972 2177 } 1973 2178 … … 1989 2194 /* allocate memory for the structure as its own talloc CTX */ 1990 2195 1991 *methods = talloc_zero( talloc_autofree_context(), struct pdb_methods);2196 *methods = talloc_zero(NULL, struct pdb_methods); 1992 2197 if (*methods == NULL) { 1993 2198 return NT_STATUS_NO_MEMORY; … … 2043 2248 (*methods)->enum_trusteddoms = pdb_default_enum_trusteddoms; 2044 2249 2250 (*methods)->get_trusted_domain = pdb_default_get_trusted_domain; 2251 (*methods)->get_trusted_domain_by_sid = pdb_default_get_trusted_domain_by_sid; 2252 (*methods)->set_trusted_domain = pdb_default_set_trusted_domain; 2253 (*methods)->del_trusted_domain = pdb_default_del_trusted_domain; 2254 (*methods)->enum_trusted_domains = pdb_default_enum_trusted_domains; 2255 2045 2256 return NT_STATUS_OK; 2046 2257 } -
trunk/server/source3/passdb/pdb_ldap.c
r596 r745 45 45 46 46 #include "includes.h" 47 #include "passdb.h" 47 48 #include "../libcli/auth/libcli_auth.h" 49 #include "secrets.h" 50 #include "idmap_cache.h" 51 #include "../libcli/security/security.h" 52 #include "../lib/util/util_pw.h" 53 #include "lib/winbind_util.h" 48 54 49 55 #undef DBGC_CLASS … … 52 58 #include <lber.h> 53 59 #include <ldap.h> 54 55 /*56 * Work around versions of the LDAP client libs that don't have the OIDs57 * defined, or have them defined under the old name.58 * This functionality is really a factor of the server, not the client59 *60 */61 62 #if defined(LDAP_EXOP_X_MODIFY_PASSWD) && !defined(LDAP_EXOP_MODIFY_PASSWD)63 #define LDAP_EXOP_MODIFY_PASSWD LDAP_EXOP_X_MODIFY_PASSWD64 #elif !defined(LDAP_EXOP_MODIFY_PASSWD)65 #define LDAP_EXOP_MODIFY_PASSWD "1.3.6.1.4.1.4203.1.11.1"66 #endif67 68 #if defined(LDAP_EXOP_X_MODIFY_PASSWD_ID) && !defined(LDAP_EXOP_MODIFY_PASSWD_ID)69 #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID LDAP_EXOP_X_MODIFY_PASSWD_ID70 #elif !defined(LDAP_EXOP_MODIFY_PASSWD_ID)71 #define LDAP_TAG_EXOP_MODIFY_PASSWD_ID ((ber_tag_t) 0x80U)72 #endif73 74 #if defined(LDAP_EXOP_X_MODIFY_PASSWD_NEW) && !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)75 #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW LDAP_EXOP_X_MODIFY_PASSWD_NEW76 #elif !defined(LDAP_EXOP_MODIFY_PASSWD_NEW)77 #define LDAP_TAG_EXOP_MODIFY_PASSWD_NEW ((ber_tag_t) 0x82U)78 #endif79 60 80 61 … … 85 66 **********************************************************************/ 86 67 87 staticLDAP *priv2ld(struct ldapsam_privates *priv)68 LDAP *priv2ld(struct ldapsam_privates *priv) 88 69 { 89 70 return priv->smbldap_state->ldap_struct; … … 377 358 378 359 static int ldapsam_search_suffix_by_rid (struct ldapsam_privates *ldap_state, 379 uint32 rid, LDAPMessage ** result,360 uint32_t rid, LDAPMessage ** result, 380 361 const char **attr) 381 362 { … … 400 381 401 382 static int ldapsam_search_suffix_by_sid (struct ldapsam_privates *ldap_state, 402 const DOM_SID*sid, LDAPMessage ** result,383 const struct dom_sid *sid, LDAPMessage ** result, 403 384 const char **attr) 404 385 { … … 530 511 *workstations = NULL, 531 512 *munged_dial = NULL; 532 uint32 user_rid;513 uint32_t user_rid; 533 514 uint8 smblmpwd[LM_HASH_LEN], 534 515 smbntpwd[NT_HASH_LEN]; 535 516 bool use_samba_attrs = True; 536 uint32 acct_ctrl = 0;537 uint16 logon_divs;538 uint16 bad_password_count = 0,517 uint32_t acct_ctrl = 0; 518 uint16_t logon_divs; 519 uint16_t bad_password_count = 0, 539 520 logon_count = 0; 540 uint32 hours_len;521 uint32_t hours_len; 541 522 uint8 hours[MAX_HOURS_LEN]; 542 523 char *temp = NULL; 543 LOGIN_CACHE *cache_entry = NULL;544 uint32 pwHistLen;524 struct login_cache cache_entry; 525 uint32_t pwHistLen; 545 526 bool expand_explicit = lp_passdb_expand_explicit(); 546 527 bool ret = false; … … 605 586 LDAP_ATTR_USER_RID), 606 587 ctx))!=NULL) { 607 user_rid = (uint32 )atol(temp);588 user_rid = (uint32_t)atol(temp); 608 589 pdb_set_user_sid_from_rid(sampass, user_rid, PDB_SET); 609 590 } 610 591 } 611 592 612 if ( pdb_get_init_flags(sampass,PDB_USERSID) == PDB_DEFAULT) {593 if (IS_SAM_DEFAULT(sampass, PDB_USERSID)) { 613 594 DEBUG(1, ("init_sam_from_ldap: no %s or %s attribute found for this user %s\n", 614 595 get_userattr_key2string(ldap_state->schema_ver, … … 916 897 pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN); 917 898 918 if ((pwhist = TALLOC_ARRAY(ctx, uint8,919 pwHistLen * PW_HISTORY_ENTRY_LEN)) ==920 NULL){899 pwhist = TALLOC_ARRAY(ctx, uint8, 900 pwHistLen * PW_HISTORY_ENTRY_LEN); 901 if (pwhist == NULL) { 921 902 DEBUG(0, ("init_sam_from_ldap: talloc failed!\n")); 922 903 goto fn_exit; … … 986 967 ctx); 987 968 if (temp) { 988 bad_password_count = (uint32 ) atol(temp);969 bad_password_count = (uint32_t) atol(temp); 989 970 pdb_set_bad_password_count(sampass, 990 971 bad_password_count, PDB_SET); … … 1010 991 ctx); 1011 992 if (temp) { 1012 logon_count = (uint32 ) atol(temp);993 logon_count = (uint32_t) atol(temp); 1013 994 pdb_set_logon_count(sampass, logon_count, PDB_SET); 1014 995 } … … 1025 1006 pdb_gethexhours(temp, hours); 1026 1007 memset((char *)temp, '\0', strlen(temp) +1); 1027 pdb_set_hours(sampass, hours, PDB_SET);1008 pdb_set_hours(sampass, hours, hours_len, PDB_SET); 1028 1009 ZERO_STRUCT(hours); 1029 1010 } … … 1033 1014 bool have_uid = false; 1034 1015 bool have_gid = false; 1035 DOM_SIDmapped_gsid;1036 const DOM_SID*primary_gsid;1016 struct dom_sid mapped_gsid; 1017 const struct dom_sid *primary_gsid; 1037 1018 1038 1019 ZERO_STRUCT(unix_pw); … … 1105 1086 gid_to_sid(&mapped_gsid, sampass->unix_pw->pw_gid); 1106 1087 primary_gsid = pdb_get_group_sid(sampass); 1107 if (primary_gsid && sid_equal(primary_gsid, &mapped_gsid)) {1088 if (primary_gsid && dom_sid_equal(primary_gsid, &mapped_gsid)) { 1108 1089 store_gid_sid_cache(primary_gsid, 1109 1090 sampass->unix_pw->pw_gid); … … 1121 1102 1122 1103 /* see if we have newer updates */ 1123 if (! (cache_entry = login_cache_read(sampass))) {1104 if (!login_cache_read(sampass, &cache_entry)) { 1124 1105 DEBUG (9, ("No cache entry, bad count = %u, bad time = %u\n", 1125 1106 (unsigned int)pdb_get_bad_password_count(sampass), … … 1131 1112 DEBUG(7, ("ldap time is %u, cache time is %u, bad time = %u\n", 1132 1113 (unsigned int)ldap_entry_time, 1133 (unsigned int)cache_entry ->entry_timestamp,1134 (unsigned int)cache_entry ->bad_password_time));1135 1136 if (ldap_entry_time > cache_entry ->entry_timestamp) {1114 (unsigned int)cache_entry.entry_timestamp, 1115 (unsigned int)cache_entry.bad_password_time)); 1116 1117 if (ldap_entry_time > cache_entry.entry_timestamp) { 1137 1118 /* cache is older than directory , so 1138 1119 we need to delete the entry but allow the … … 1143 1124 pdb_set_acct_ctrl(sampass, 1144 1125 pdb_get_acct_ctrl(sampass) | 1145 (cache_entry ->acct_ctrl & ACB_AUTOLOCK),1126 (cache_entry.acct_ctrl & ACB_AUTOLOCK), 1146 1127 PDB_SET); 1147 1128 pdb_set_bad_password_count(sampass, 1148 cache_entry ->bad_password_count,1129 cache_entry.bad_password_count, 1149 1130 PDB_SET); 1150 1131 pdb_set_bad_password_time(sampass, 1151 cache_entry ->bad_password_time,1132 cache_entry.bad_password_time, 1152 1133 PDB_SET); 1153 1134 } … … 1158 1139 1159 1140 TALLOC_FREE(ctx); 1160 SAFE_FREE(cache_entry);1161 1141 return ret; 1162 1142 } … … 1174 1154 { 1175 1155 char *temp = NULL; 1176 uint32 rid;1156 uint32_t rid; 1177 1157 1178 1158 if (mods == NULL || sampass == NULL) { … … 1203 1183 if (need_update(sampass, PDB_USERSID)) { 1204 1184 fstring sid_string; 1205 const DOM_SID*user_sid = pdb_get_user_sid(sampass);1185 const struct dom_sid *user_sid = pdb_get_user_sid(sampass); 1206 1186 1207 1187 switch ( ldap_state->schema_ver ) { … … 1240 1220 if (need_update(sampass, PDB_GROUPSID)) { 1241 1221 fstring sid_string; 1242 const DOM_SID*group_sid = pdb_get_group_sid(sampass);1222 const struct dom_sid *group_sid = pdb_get_group_sid(sampass); 1243 1223 1244 1224 switch ( ldap_state->schema_ver ) { … … 1398 1378 if (need_update(sampass, PDB_PWHISTORY)) { 1399 1379 char *pwstr = NULL; 1400 uint32 pwHistLen = 0;1380 uint32_t pwHistLen = 0; 1401 1381 pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen); 1402 1382 … … 1411 1391 } else { 1412 1392 int i; 1413 uint32 currHistLen = 0;1393 uint32_t currHistLen = 0; 1414 1394 const uint8 *pwhist = pdb_get_pw_history(sampass, &currHistLen); 1415 1395 if (pwhist != NULL) { … … 1473 1453 if (need_update(sampass, PDB_BAD_PASSWORD_COUNT)) /* && 1474 1454 need_update(sampass, PDB_BAD_PASSWORD_TIME)) */ { 1475 uint16 badcount = pdb_get_bad_password_count(sampass);1455 uint16_t badcount = pdb_get_bad_password_count(sampass); 1476 1456 time_t badtime = pdb_get_bad_password_time(sampass); 1477 uint32 pol;1457 uint32_t pol; 1478 1458 pdb_get_account_policy(PDB_POLICY_BAD_ATTEMPT_LOCKOUT, &pol); 1479 1459 … … 1512 1492 login_cache_delentry(sampass); 1513 1493 } else { 1514 LOGIN_CACHEcache_entry;1494 struct login_cache cache_entry; 1515 1495 1516 1496 cache_entry.entry_timestamp = time(NULL); … … 1520 1500 1521 1501 DEBUG(7, ("Updating bad password count and time in login cache\n")); 1522 login_cache_write(sampass, cache_entry);1502 login_cache_write(sampass, &cache_entry); 1523 1503 } 1524 1504 } … … 1626 1606 1627 1607 static int ldapsam_get_ldap_user_by_sid(struct ldapsam_privates *ldap_state, 1628 const DOM_SID *sid, LDAPMessage **result)1608 const struct dom_sid *sid, LDAPMessage **result) 1629 1609 { 1630 1610 int rc = -1; 1631 1611 const char ** attr_list; 1632 uint32 rid;1612 uint32_t rid; 1633 1613 1634 1614 switch ( ldap_state->schema_ver ) { … … 1676 1656 *********************************************************************/ 1677 1657 1678 static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const DOM_SID*sid)1658 static NTSTATUS ldapsam_getsampwsid(struct pdb_methods *my_methods, struct samu * user, const struct dom_sid *sid) 1679 1659 { 1680 1660 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; … … 1737 1717 if (!newpwd || !dn) { 1738 1718 return NT_STATUS_INVALID_PARAMETER; 1739 }1740 1741 if (!mods) {1742 DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n"));1743 /* may be password change below however */1744 } else {1745 switch(ldap_op) {1746 case LDAP_MOD_ADD:1747 if (ldap_state->is_nds_ldap) {1748 smbldap_set_mod(&mods, LDAP_MOD_ADD,1749 "objectclass",1750 "inetOrgPerson");1751 } else {1752 smbldap_set_mod(&mods, LDAP_MOD_ADD,1753 "objectclass",1754 LDAP_OBJ_ACCOUNT);1755 }1756 rc = smbldap_add(ldap_state->smbldap_state,1757 dn, mods);1758 break;1759 case LDAP_MOD_REPLACE:1760 rc = smbldap_modify(ldap_state->smbldap_state,1761 dn ,mods);1762 break;1763 default:1764 DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n",1765 ldap_op));1766 return NT_STATUS_INVALID_PARAMETER;1767 }1768 1769 if (rc!=LDAP_SUCCESS) {1770 return NT_STATUS_UNSUCCESSFUL;1771 }1772 1719 } 1773 1720 … … 1897 1844 ber_bvfree(bv); 1898 1845 } 1846 1847 if (!mods) { 1848 DEBUG(5,("ldapsam_modify_entry: mods is empty: nothing to modify\n")); 1849 /* may be password change below however */ 1850 } else { 1851 switch(ldap_op) { 1852 case LDAP_MOD_ADD: 1853 if (ldap_state->is_nds_ldap) { 1854 smbldap_set_mod(&mods, LDAP_MOD_ADD, 1855 "objectclass", 1856 "inetOrgPerson"); 1857 } else { 1858 smbldap_set_mod(&mods, LDAP_MOD_ADD, 1859 "objectclass", 1860 LDAP_OBJ_ACCOUNT); 1861 } 1862 rc = smbldap_add(ldap_state->smbldap_state, 1863 dn, mods); 1864 break; 1865 case LDAP_MOD_REPLACE: 1866 rc = smbldap_modify(ldap_state->smbldap_state, 1867 dn ,mods); 1868 break; 1869 default: 1870 DEBUG(0,("ldapsam_modify_entry: Wrong LDAP operation type: %d!\n", 1871 ldap_op)); 1872 return NT_STATUS_INVALID_PARAMETER; 1873 } 1874 1875 if (rc!=LDAP_SUCCESS) { 1876 return NT_STATUS_UNSUCCESSFUL; 1877 } 1878 } 1879 1899 1880 return NT_STATUS_OK; 1900 1881 } … … 2070 2051 static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods, 2071 2052 TALLOC_CTX *tmp_ctx, 2072 uint32 group_rid,2073 uint32 member_rid);2053 uint32_t group_rid, 2054 uint32_t member_rid); 2074 2055 2075 2056 static NTSTATUS ldapsam_enum_group_memberships(struct pdb_methods *methods, 2076 2057 TALLOC_CTX *mem_ctx, 2077 2058 struct samu *user, 2078 DOM_SID**pp_sids,2059 struct dom_sid **pp_sids, 2079 2060 gid_t **pp_gids, 2080 size_t *p_num_groups);2061 uint32_t *p_num_groups); 2081 2062 2082 2063 static NTSTATUS ldapsam_rename_sam_account(struct pdb_methods *my_methods, … … 2177 2158 LDAPMod **mods = NULL; 2178 2159 int ldap_op = LDAP_MOD_REPLACE; 2179 uint32 num_result;2160 uint32_t num_result; 2180 2161 const char **attr_list; 2181 2162 char *escape_user = NULL; 2182 2163 const char *username = pdb_get_username(newpwd); 2183 const DOM_SID*sid = pdb_get_user_sid(newpwd);2164 const struct dom_sid *sid = pdb_get_user_sid(newpwd); 2184 2165 char *filter = NULL; 2185 2166 char *dn = NULL; … … 2594 2575 2595 2576 static NTSTATUS ldapsam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, 2596 DOM_SIDsid)2577 struct dom_sid sid) 2597 2578 { 2598 2579 char *filter = NULL; … … 2664 2645 static bool ldapsam_extract_rid_from_entry(LDAP *ldap_struct, 2665 2646 LDAPMessage *entry, 2666 const DOM_SID*domain_sid,2667 uint32 *rid)2647 const struct dom_sid *domain_sid, 2648 uint32_t *rid) 2668 2649 { 2669 2650 fstring str; 2670 DOM_SIDsid;2651 struct dom_sid sid; 2671 2652 2672 2653 if (!smbldap_get_single_attribute(ldap_struct, entry, "sambaSID", … … 2681 2662 } 2682 2663 2683 if ( sid_compare_domain(&sid, domain_sid) != 0) {2664 if (dom_sid_compare_domain(&sid, domain_sid) != 0) { 2684 2665 DEBUG(10, ("SID %s is not in expected domain %s\n", 2685 2666 str, sid_string_dbg(domain_sid))); … … 2697 2678 static NTSTATUS ldapsam_enum_group_members(struct pdb_methods *methods, 2698 2679 TALLOC_CTX *mem_ctx, 2699 const DOM_SID*group,2700 uint32 **pp_member_rids,2680 const struct dom_sid *group, 2681 uint32_t **pp_member_rids, 2701 2682 size_t *p_num_members) 2702 2683 { … … 2815 2796 { 2816 2797 char *sidstr; 2817 DOM_SIDsid;2818 uint32 rid;2798 struct dom_sid sid; 2799 uint32_t rid; 2819 2800 2820 2801 sidstr = smbldap_talloc_single_attribute(conn->ldap_struct, … … 2867 2848 entry = ldap_next_entry(conn->ldap_struct, entry)) 2868 2849 { 2869 uint32 rid;2850 uint32_t rid; 2870 2851 2871 2852 if (!ldapsam_extract_rid_from_entry(conn->ldap_struct, … … 2898 2879 TALLOC_CTX *mem_ctx, 2899 2880 struct samu *user, 2900 DOM_SID**pp_sids,2881 struct dom_sid **pp_sids, 2901 2882 gid_t **pp_gids, 2902 size_t *p_num_groups)2883 uint32_t *p_num_groups) 2903 2884 { 2904 2885 struct ldapsam_privates *ldap_state = … … 2912 2893 LDAPMessage *entry; 2913 2894 NTSTATUS ret = NT_STATUS_UNSUCCESSFUL; 2914 size_t num_sids, num_gids; 2895 uint32_t num_sids; 2896 uint32_t num_gids; 2915 2897 char *gidstr; 2916 2898 gid_t primary_gid = -1; … … 3015 2997 { 3016 2998 fstring str; 3017 DOM_SIDsid;2999 struct dom_sid sid; 3018 3000 gid_t gid; 3019 3001 char *end; … … 3053 3035 } 3054 3036 3055 if ( sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) {3037 if (dom_sid_compare(&global_sid_NULL, &(*pp_sids)[0]) == 0) { 3056 3038 DEBUG(3, ("primary group of [%s] not found\n", 3057 3039 pdb_get_username(user))); … … 3140 3122 NTSTATUS result; 3141 3123 3142 DOM_SIDsid;3124 struct dom_sid sid; 3143 3125 3144 3126 int rc; … … 3345 3327 3346 3328 static NTSTATUS ldapsam_delete_group_mapping_entry(struct pdb_methods *methods, 3347 DOM_SIDsid)3329 struct dom_sid sid) 3348 3330 { 3349 3331 struct ldapsam_privates *priv = … … 3508 3490 3509 3491 static NTSTATUS ldapsam_enum_group_mapping(struct pdb_methods *methods, 3510 const DOM_SID*domsid, enum lsa_SidType sid_name_use,3492 const struct dom_sid *domsid, enum lsa_SidType sid_name_use, 3511 3493 GROUP_MAP **pp_rmap, 3512 3494 size_t *p_num_entries, 3513 3495 bool unix_only) 3514 3496 { 3515 GROUP_MAP map ;3497 GROUP_MAP map = { 0, }; 3516 3498 size_t entries = 0; 3517 3499 … … 3558 3540 3559 3541 static NTSTATUS ldapsam_modify_aliasmem(struct pdb_methods *methods, 3560 const DOM_SID*alias,3561 const DOM_SID*member,3542 const struct dom_sid *alias, 3543 const struct dom_sid *member, 3562 3544 int modop) 3563 3545 { … … 3663 3645 3664 3646 static NTSTATUS ldapsam_add_aliasmem(struct pdb_methods *methods, 3665 const DOM_SID*alias,3666 const DOM_SID*member)3647 const struct dom_sid *alias, 3648 const struct dom_sid *member) 3667 3649 { 3668 3650 return ldapsam_modify_aliasmem(methods, alias, member, LDAP_MOD_ADD); … … 3670 3652 3671 3653 static NTSTATUS ldapsam_del_aliasmem(struct pdb_methods *methods, 3672 const DOM_SID*alias,3673 const DOM_SID*member)3654 const struct dom_sid *alias, 3655 const struct dom_sid *member) 3674 3656 { 3675 3657 return ldapsam_modify_aliasmem(methods, alias, member, … … 3678 3660 3679 3661 static NTSTATUS ldapsam_enum_aliasmem(struct pdb_methods *methods, 3680 const DOM_SID*alias,3662 const struct dom_sid *alias, 3681 3663 TALLOC_CTX *mem_ctx, 3682 DOM_SID**pp_members,3664 struct dom_sid **pp_members, 3683 3665 size_t *p_num_members) 3684 3666 { … … 3691 3673 int i; 3692 3674 char *filter = NULL; 3693 size_t num_members = 0;3675 uint32_t num_members = 0; 3694 3676 enum lsa_SidType type = SID_NAME_USE_NONE; 3695 3677 fstring tmp; … … 3766 3748 3767 3749 for (i=0; i<count; i++) { 3768 DOM_SIDmember;3750 struct dom_sid member; 3769 3751 NTSTATUS status; 3770 3752 … … 3790 3772 static NTSTATUS ldapsam_alias_memberships(struct pdb_methods *methods, 3791 3773 TALLOC_CTX *mem_ctx, 3792 const DOM_SID*domain_sid,3793 const DOM_SID*members,3774 const struct dom_sid *domain_sid, 3775 const struct dom_sid *members, 3794 3776 size_t num_members, 3795 uint32 **pp_alias_rids,3777 uint32_t **pp_alias_rids, 3796 3778 size_t *p_num_alias_rids) 3797 3779 { … … 3871 3853 { 3872 3854 fstring sid_str; 3873 DOM_SIDsid;3874 uint32 rid;3855 struct dom_sid sid; 3856 uint32_t rid; 3875 3857 3876 3858 if (!smbldap_get_single_attribute(ldap_struct, entry, … … 3909 3891 static NTSTATUS ldapsam_set_account_policy_in_ldap(struct pdb_methods *methods, 3910 3892 enum pdb_policy_type type, 3911 uint32 value)3893 uint32_t value) 3912 3894 { 3913 3895 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; … … 3965 3947 static NTSTATUS ldapsam_get_account_policy_from_ldap(struct pdb_methods *methods, 3966 3948 enum pdb_policy_type type, 3967 uint32 *value)3949 uint32_t *value) 3968 3950 { 3969 3951 NTSTATUS ntstatus = NT_STATUS_UNSUCCESSFUL; … … 3997 3979 attrs[1] = NULL; 3998 3980 3999 filter = talloc_asprintf( NULL, "(objectClass=%s)", LDAP_OBJ_DOMINFO);3981 filter = talloc_asprintf(talloc_tos(), "(objectClass=%s)", LDAP_OBJ_DOMINFO); 4000 3982 if (filter == NULL) { 4001 3983 return NT_STATUS_NO_MEMORY; … … 4004 3986 LDAP_SCOPE_BASE, filter, attrs, 0, 4005 3987 &result); 4006 3988 TALLOC_FREE(filter); 4007 3989 if (rc != LDAP_SUCCESS) { 4008 3990 return ntstatus; … … 4024 4006 } 4025 4007 4026 *value = (uint32 )atol(vals[0]);4008 *value = (uint32_t)atol(vals[0]); 4027 4009 4028 4010 ntstatus = NT_STATUS_OK; … … 4100 4082 4101 4083 static NTSTATUS ldapsam_lookup_rids(struct pdb_methods *methods, 4102 const DOM_SID*domain_sid,4084 const struct dom_sid *domain_sid, 4103 4085 int num_rids, 4104 uint32 *rids,4086 uint32_t *rids, 4105 4087 const char **names, 4106 4088 enum lsa_SidType *attrs) … … 4143 4125 4144 4126 for (i=0; i<num_rids; i++) { 4145 DOM_SIDsid;4127 struct dom_sid sid; 4146 4128 sid_compose(&sid, domain_sid, rids[i]); 4147 4129 allsids = talloc_asprintf_append_buffer( … … 4183 4165 entry != NULL; 4184 4166 entry = ldap_next_entry(ld, entry)) { 4185 uint32 rid;4167 uint32_t rid; 4186 4168 int rid_index; 4187 4169 const char *name; … … 4257 4239 entry = ldap_next_entry(ld, entry)) 4258 4240 { 4259 uint32 rid;4241 uint32_t rid; 4260 4242 int rid_index; 4261 4243 const char *attr; … … 4348 4330 } 4349 4331 4350 const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...)4332 static const char **talloc_attrs(TALLOC_CTX *mem_ctx, ...) 4351 4333 { 4352 4334 int i, num = 0; … … 4381 4363 struct smbldap_state *connection; 4382 4364 4383 uint32 acct_flags;4384 uint16 group_type;4365 uint32_t acct_flags; 4366 uint16_t group_type; 4385 4367 4386 4368 const char *base; … … 4557 4539 char **vals; 4558 4540 size_t converted_size; 4559 DOM_SIDsid;4560 uint32 acct_flags;4541 struct dom_sid sid; 4542 uint32_t acct_flags; 4561 4543 4562 4544 vals = ldap_get_values(ld, entry, "sambaAcctFlags"); … … 4650 4632 static bool ldapsam_search_users(struct pdb_methods *methods, 4651 4633 struct pdb_search *search, 4652 uint32 acct_flags)4634 uint32_t acct_flags) 4653 4635 { 4654 4636 struct ldapsam_privates *ldap_state = … … 4703 4685 char **vals; 4704 4686 size_t converted_size; 4705 DOM_SIDsid;4706 uint16 group_type;4687 struct dom_sid sid; 4688 uint16_t group_type; 4707 4689 4708 4690 result->account_name = ""; … … 4811 4793 4812 4794 default: 4813 DEBUG(0,("unk own group type: %d\n", group_type));4795 DEBUG(0,("unknown group type: %d\n", group_type)); 4814 4796 return False; 4815 4797 } … … 4822 4804 static bool ldapsam_search_grouptype(struct pdb_methods *methods, 4823 4805 struct pdb_search *search, 4824 const DOM_SID*sid,4806 const struct dom_sid *sid, 4825 4807 enum lsa_SidType type) 4826 4808 { … … 4874 4856 static bool ldapsam_search_aliases(struct pdb_methods *methods, 4875 4857 struct pdb_search *search, 4876 const DOM_SID*sid)4858 const struct dom_sid *sid) 4877 4859 { 4878 4860 return ldapsam_search_grouptype(methods, search, sid, SID_NAME_ALIAS); … … 4885 4867 4886 4868 static NTSTATUS ldapsam_get_new_rid(struct ldapsam_privates *priv, 4887 uint32 *rid)4869 uint32_t *rid) 4888 4870 { 4889 4871 struct smbldap_state *smbldap_state = priv->smbldap_state; … … 4895 4877 char *value; 4896 4878 int rc; 4897 uint32 nextRid = 0;4879 uint32_t nextRid = 0; 4898 4880 const char *dn; 4899 4881 … … 4932 4914 "sambaNextRid", mem_ctx); 4933 4915 if (value != NULL) { 4934 uint32 tmp = (uint32)strtoul(value, NULL, 10);4916 uint32_t tmp = (uint32_t)strtoul(value, NULL, 10); 4935 4917 nextRid = MAX(nextRid, tmp); 4936 4918 } … … 4939 4921 "sambaNextUserRid", mem_ctx); 4940 4922 if (value != NULL) { 4941 uint32 tmp = (uint32)strtoul(value, NULL, 10);4923 uint32_t tmp = (uint32_t)strtoul(value, NULL, 10); 4942 4924 nextRid = MAX(nextRid, tmp); 4943 4925 } … … 4946 4928 "sambaNextGroupRid", mem_ctx); 4947 4929 if (value != NULL) { 4948 uint32 tmp = (uint32)strtoul(value, NULL, 10);4930 uint32_t tmp = (uint32_t)strtoul(value, NULL, 10); 4949 4931 nextRid = MAX(nextRid, tmp); 4950 4932 } … … 4981 4963 } 4982 4964 4983 static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32 *rid)4965 static NTSTATUS ldapsam_new_rid_internal(struct pdb_methods *methods, uint32_t *rid) 4984 4966 { 4985 4967 int i; … … 5003 4985 } 5004 4986 5005 static bool ldapsam_new_rid(struct pdb_methods *methods, uint32 *rid)4987 static bool ldapsam_new_rid(struct pdb_methods *methods, uint32_t *rid) 5006 4988 { 5007 4989 NTSTATUS result = ldapsam_new_rid_internal(methods, rid); … … 5010 4992 5011 4993 static bool ldapsam_sid_to_id(struct pdb_methods *methods, 5012 const DOM_SID*sid,4994 const struct dom_sid *sid, 5013 4995 union unid_t *id, enum lsa_SidType *type) 5014 4996 { … … 5107 5089 */ 5108 5090 static bool ldapsam_uid_to_sid(struct pdb_methods *methods, uid_t uid, 5109 DOM_SID*sid)5091 struct dom_sid *sid) 5110 5092 { 5111 5093 struct ldapsam_privates *priv = … … 5117 5099 bool ret = false; 5118 5100 char *user_sid_string; 5119 DOM_SID *user_sid;5101 struct dom_sid user_sid; 5120 5102 int rc; 5121 5103 TALLOC_CTX *tmp_ctx = talloc_stackframe(); … … 5156 5138 } 5157 5139 5158 user_sid = string_sid_talloc(tmp_ctx, user_sid_string); 5159 if (user_sid == NULL) { 5140 if (!string_to_sid(&user_sid, user_sid_string)) { 5160 5141 DEBUG(3, ("Error calling sid_string_talloc for sid '%s'\n", 5161 5142 user_sid_string)); … … 5163 5144 } 5164 5145 5165 sid_copy(sid, user_sid);5146 sid_copy(sid, &user_sid); 5166 5147 5167 5148 store_uid_sid_cache(sid, uid); … … 5180 5161 */ 5181 5162 static bool ldapsam_gid_to_sid(struct pdb_methods *methods, gid_t gid, 5182 DOM_SID*sid)5163 struct dom_sid *sid) 5183 5164 { 5184 5165 struct ldapsam_privates *priv = … … 5190 5171 bool ret = false; 5191 5172 char *group_sid_string; 5192 DOM_SIDgroup_sid;5173 struct dom_sid group_sid; 5193 5174 int rc; 5194 5175 TALLOC_CTX *tmp_ctx = talloc_stackframe(); … … 5262 5243 static NTSTATUS ldapsam_create_user(struct pdb_methods *my_methods, 5263 5244 TALLOC_CTX *tmp_ctx, const char *name, 5264 uint32 acb_info, uint32*rid)5245 uint32_t acb_info, uint32_t *rid) 5265 5246 { 5266 5247 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; 5267 5248 LDAPMessage *entry = NULL; 5268 5249 LDAPMessage *result = NULL; 5269 uint32 num_result;5250 uint32_t num_result; 5270 5251 bool is_machine = False; 5271 5252 bool add_posix = False; … … 5279 5260 char *shell; 5280 5261 const char *dn = NULL; 5281 DOM_SIDgroup_sid;5282 DOM_SIDuser_sid;5262 struct dom_sid group_sid; 5263 struct dom_sid user_sid; 5283 5264 gid_t gid = -1; 5284 5265 uid_t uid = -1; … … 5387 5368 } 5388 5369 5389 if (!init_ldap_from_sam(ldap_state, NULL, &mods, user, element_is_set_or_changed)) {5370 if (!init_ldap_from_sam(ldap_state, entry, &mods, user, element_is_set_or_changed)) { 5390 5371 DEBUG(1,("ldapsam_create_user: Unable to fill user structs\n")); 5391 5372 return NT_STATUS_UNSUCCESSFUL; … … 5403 5384 5404 5385 /* retrieve the Domain Users group gid */ 5405 if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_ GROUP_RID_USERS) ||5386 if (!sid_compose(&group_sid, get_global_sam_sid(), DOMAIN_RID_USERS) || 5406 5387 !sid_to_gid(&group_sid, &gid)) { 5407 5388 DEBUG (0, ("ldapsam_create_user: Unable to get the Domain Users gid: bailing out!\n")); … … 5534 5515 struct dom_sid *sids = NULL; 5535 5516 gid_t *gids = NULL; 5536 size_t num_groups = 0;5517 uint32_t num_groups = 0; 5537 5518 int i; 5538 5519 uint32_t user_rid = pdb_get_user_rid(sam_acct); … … 5584 5565 TALLOC_CTX *tmp_ctx, 5585 5566 const char *name, 5586 uint32 *rid)5567 uint32_t *rid) 5587 5568 { 5588 5569 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; … … 5590 5571 LDAPMessage *entry = NULL; 5591 5572 LDAPMessage *result = NULL; 5592 uint32 num_result;5573 uint32_t num_result; 5593 5574 bool is_new_entry = False; 5594 5575 LDAPMod **mods = NULL; … … 5599 5580 char *gidstr; 5600 5581 const char *dn = NULL; 5601 DOM_SIDgroup_sid;5582 struct dom_sid group_sid; 5602 5583 gid_t gid = -1; 5603 5584 int rc; … … 5656 5637 5657 5638 if (num_result == 0) { 5639 is_new_entry = true; 5640 } 5641 5642 if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) { 5643 DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n")); 5644 return ret; 5645 } 5646 5647 sid_compose(&group_sid, get_global_sam_sid(), *rid); 5648 5649 groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx, 5650 &group_sid)); 5651 grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP); 5652 5653 if (!groupsidstr || !grouptype) { 5654 DEBUG(0,("ldapsam_create_group: Out of memory!\n")); 5655 return NT_STATUS_NO_MEMORY; 5656 } 5657 5658 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP); 5659 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr); 5660 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype); 5661 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name); 5662 5663 if (is_new_entry) { 5658 5664 char *escape_name; 5659 5665 5660 5666 DEBUG(3,("ldapsam_create_user: Creating new posix group\n")); 5661 5662 is_new_entry = True;5663 5667 5664 5668 /* lets allocate a new groupid for this group */ … … 5690 5694 } 5691 5695 5692 if (!NT_STATUS_IS_OK((ret = ldapsam_new_rid_internal(my_methods, rid)))) {5693 DEBUG(1, ("ldapsam_create_group: Could not allocate a new RID\n"));5694 return ret;5695 }5696 5697 sid_compose(&group_sid, get_global_sam_sid(), *rid);5698 5699 groupsidstr = talloc_strdup(tmp_ctx, sid_string_talloc(tmp_ctx,5700 &group_sid));5701 grouptype = talloc_asprintf(tmp_ctx, "%d", SID_NAME_DOM_GRP);5702 5703 if (!groupsidstr || !grouptype) {5704 DEBUG(0,("ldapsam_create_group: Out of memory!\n"));5705 return NT_STATUS_NO_MEMORY;5706 }5707 5708 smbldap_set_mod(&mods, LDAP_MOD_ADD, "objectClass", LDAP_OBJ_GROUPMAP);5709 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaSid", groupsidstr);5710 smbldap_set_mod(&mods, LDAP_MOD_ADD, "sambaGroupType", grouptype);5711 smbldap_set_mod(&mods, LDAP_MOD_ADD, "displayName", name);5712 5696 talloc_autofree_ldapmod(tmp_ctx, mods); 5713 5697 … … 5736 5720 } 5737 5721 5738 static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32 rid)5722 static NTSTATUS ldapsam_delete_dom_group(struct pdb_methods *my_methods, TALLOC_CTX *tmp_ctx, uint32_t rid) 5739 5723 { 5740 5724 struct ldapsam_privates *ldap_state = (struct ldapsam_privates *)my_methods->private_data; … … 5745 5729 char *gidstr; 5746 5730 char *filter; 5747 DOM_SIDgroup_sid;5731 struct dom_sid group_sid; 5748 5732 int rc; 5749 5733 … … 5832 5816 static NTSTATUS ldapsam_change_groupmem(struct pdb_methods *my_methods, 5833 5817 TALLOC_CTX *tmp_ctx, 5834 uint32 group_rid,5835 uint32 member_rid,5818 uint32_t group_rid, 5819 uint32_t member_rid, 5836 5820 int modop) 5837 5821 { … … 5839 5823 LDAPMessage *entry = NULL; 5840 5824 LDAPMessage *result = NULL; 5841 uint32 num_result;5825 uint32_t num_result; 5842 5826 LDAPMod **mods = NULL; 5843 5827 char *filter; 5844 5828 char *uidstr; 5845 5829 const char *dn = NULL; 5846 DOM_SIDgroup_sid;5847 DOM_SIDmember_sid;5830 struct dom_sid group_sid; 5831 struct dom_sid member_sid; 5848 5832 int rc; 5849 5833 … … 5994 5978 static NTSTATUS ldapsam_add_groupmem(struct pdb_methods *my_methods, 5995 5979 TALLOC_CTX *tmp_ctx, 5996 uint32 group_rid,5997 uint32 member_rid)5980 uint32_t group_rid, 5981 uint32_t member_rid) 5998 5982 { 5999 5983 return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_ADD); … … 6001 5985 static NTSTATUS ldapsam_del_groupmem(struct pdb_methods *my_methods, 6002 5986 TALLOC_CTX *tmp_ctx, 6003 uint32 group_rid,6004 uint32 member_rid)5987 uint32_t group_rid, 5988 uint32_t member_rid) 6005 5989 { 6006 5990 return ldapsam_change_groupmem(my_methods, tmp_ctx, group_rid, member_rid, LDAP_MOD_DELETE); … … 6014 5998 LDAPMessage *entry = NULL; 6015 5999 LDAPMessage *result = NULL; 6016 uint32 num_result;6000 uint32_t num_result; 6017 6001 LDAPMod **mods = NULL; 6018 6002 char *filter; … … 6129 6113 LDAPMessage *result = NULL; 6130 6114 char *trusted_dn; 6131 uint32 num_result;6115 uint32_t num_result; 6132 6116 6133 6117 filter = talloc_asprintf(talloc_tos(), … … 6179 6163 const char *domain, 6180 6164 char** pwd, 6181 DOM_SID*sid,6165 struct dom_sid *sid, 6182 6166 time_t *pass_last_set_time) 6183 6167 { … … 6223 6207 if (sid != NULL) { 6224 6208 char *sid_str; 6225 DOM_SID *dom_sid;6209 struct dom_sid dom_sid; 6226 6210 sid_str = smbldap_talloc_single_attribute(priv2ld(ldap_state), 6227 6211 entry, "sambaSID", … … 6230 6214 return False; 6231 6215 } 6232 dom_sid = string_sid_talloc(talloc_tos(), sid_str); 6233 if (dom_sid == NULL) { 6216 if (!string_to_sid(&dom_sid, sid_str)) { 6234 6217 return False; 6235 6218 } 6236 sid_copy(sid, dom_sid);6219 sid_copy(sid, &dom_sid); 6237 6220 } 6238 6221 … … 6243 6226 const char* domain, 6244 6227 const char* pwd, 6245 const DOM_SID*sid)6228 const struct dom_sid *sid) 6246 6229 { 6247 6230 struct ldapsam_privates *ldap_state = … … 6341 6324 static NTSTATUS ldapsam_enum_trusteddoms(struct pdb_methods *methods, 6342 6325 TALLOC_CTX *mem_ctx, 6343 uint32 *num_domains,6326 uint32_t *num_domains, 6344 6327 struct trustdom_info ***domains) 6345 6328 { … … 6558 6541 NTSTATUS nt_status; 6559 6542 struct ldapsam_privates *ldap_state = NULL; 6560 uint32 alg_rid_base;6543 uint32_t alg_rid_base; 6561 6544 char *alg_rid_base_string = NULL; 6562 6545 LDAPMessage *result = NULL; 6563 6546 LDAPMessage *entry = NULL; 6564 DOM_SIDldap_domain_sid;6565 DOM_SIDsecrets_domain_sid;6547 struct dom_sid ldap_domain_sid; 6548 struct dom_sid secrets_domain_sid; 6566 6549 char *domain_sid_string = NULL; 6567 6550 char *dn = NULL; … … 6570 6553 trim_char( uri, '\"', '\"' ); 6571 6554 nt_status = pdb_init_ldapsam_common(pdb_method, uri); 6572 if (uri) { 6573 TALLOC_FREE(uri); 6574 } 6555 6556 TALLOC_FREE(uri); 6575 6557 6576 6558 if (!NT_STATUS_IS_OK(nt_status)) { … … 6622 6604 DEBUGADD(2, ("pdb_init_ldapsam: Continuing on regardless, " 6623 6605 "will be unable to allocate new users/groups, " 6624 "and will risk BDCs having inconsist ant SIDs\n"));6606 "and will risk BDCs having inconsistent SIDs\n")); 6625 6607 sid_copy(&ldap_state->domain_sid, get_global_sam_sid()); 6626 6608 return NT_STATUS_OK; … … 6666 6648 found_sid = secrets_fetch_domain_sid(ldap_state->domain_name, 6667 6649 &secrets_domain_sid); 6668 if (!found_sid || ! sid_equal(&secrets_domain_sid,6650 if (!found_sid || !dom_sid_equal(&secrets_domain_sid, 6669 6651 &ldap_domain_sid)) { 6670 6652 DEBUG(1, ("pdb_init_ldapsam: Resetting SID for domain " … … 6691 6673 talloc_tos()); 6692 6674 if (alg_rid_base_string) { 6693 alg_rid_base = (uint32 )atol(alg_rid_base_string);6675 alg_rid_base = (uint32_t)atol(alg_rid_base_string); 6694 6676 if (alg_rid_base != algorithmic_rid_base()) { 6695 6677 DEBUG(0, ("The value of 'algorithmic RID base' has " … … 6719 6701 pdb_nds_init(); 6720 6702 6703 pdb_ipa_init(); 6704 6721 6705 return NT_STATUS_OK; 6722 6706 } -
trunk/server/source3/passdb/pdb_nds.c
r414 r745 20 20 21 21 #include "includes.h" 22 #include "passdb.h" 22 23 23 24 #include <lber.h> -
trunk/server/source3/passdb/pdb_smbpasswd.c
r596 r745 22 22 23 23 #include "includes.h" 24 #include "passdb.h" 25 #include "system/passwd.h" 26 #include "system/filesys.h" 27 #include "../librpc/gen_ndr/samr.h" 28 #include "../libcli/security/security.h" 24 29 25 30 #undef DBGC_CLASS … … 31 36 stored by an smbpasswd entry 32 37 */ 33 38 34 39 struct smb_passwd 35 40 { … … 40 45 const unsigned char *smb_nt_passwd; /* Null if no password */ 41 46 42 uint16 acct_ctrl; /* account info (ACB_xxxx bit-mask) */47 uint16_t acct_ctrl; /* account info (ACB_xxxx bit-mask) */ 43 48 time_t pass_last_set_time; /* password last set time */ 44 49 }; … … 48 53 /* used for maintain locks on the smbpasswd file */ 49 54 int pw_file_lock_depth; 50 55 51 56 /* Global File pointer */ 52 57 FILE *pw_file; 53 58 54 59 /* formerly static variables */ 55 60 struct smb_passwd pw_buf; … … 70 75 ****************************************************************/ 71 76 72 static void gotalarm_sig( void)77 static void gotalarm_sig(int signum) 73 78 { 74 79 gotalarm = 1; … … 87 92 88 93 gotalarm = 0; 89 oldsig_handler = CatchSignal(SIGALRM, SIGNAL_CASTgotalarm_sig);94 oldsig_handler = CatchSignal(SIGALRM, gotalarm_sig); 90 95 91 96 lock.l_type = type; … … 99 104 ret = fcntl(fd, SMB_F_SETLKW, &lock); 100 105 alarm(0); 101 CatchSignal(SIGALRM, SIGNAL_CASToldsig_handler);106 CatchSignal(SIGALRM, oldsig_handler); 102 107 103 108 if (gotalarm && ret == -1) { … … 169 174 return; 170 175 ZERO_STRUCTP (user); 171 176 172 177 user->pass_last_set_time = (time_t)0; 173 178 } … … 224 229 break; 225 230 } 226 } 227 231 default: 232 DEBUG(10, ("Invalid open mode: %d\n", type)); 233 return NULL; 234 } 235 228 236 for(race_loop = 0; race_loop < 5; race_loop++) { 229 237 DEBUG(10, ("startsmbfilepwent_internal: opening file %s\n", pfile)); … … 621 629 slprintf((char *)p, new_entry_length - 1 - (p - new_entry), "%s:LCT-%08X:\n", 622 630 pdb_encode_acct_ctrl(newpwd->acct_ctrl, NEW_PW_FORMAT_SPACE_PADDED_LEN), 623 (uint32 )newpwd->pass_last_set_time);631 (uint32_t)newpwd->pass_last_set_time); 624 632 625 633 return new_entry; … … 1010 1018 sizeof(ascii_p16)-(strlen(ascii_p16)+1), 1011 1019 "%s:LCT-%08X:", 1012 encode_bits, (uint32 )pwd->pass_last_set_time );1020 encode_bits, (uint32_t)pwd->pass_last_set_time ); 1013 1021 wr_len = strlen(ascii_p16); 1014 1022 } … … 1174 1182 * Do an atomic rename - then release the locks. 1175 1183 */ 1184 1176 1185 #ifdef __OS2__ 1177 1186 endsmbfilepwent(fp, &smbpasswd_state->pw_file_lock_depth); 1178 1187 endsmbfilepwent(fp_write,&pfile2_lockdepth); 1179 1188 #endif 1180 1181 1189 if(rename(pfile2,pfile) != 0) { 1182 1190 unlink(pfile2); … … 1198 1206 static bool build_smb_pass (struct smb_passwd *smb_pw, const struct samu *sampass) 1199 1207 { 1200 uint32 rid;1208 uint32_t rid; 1201 1209 1202 1210 if (sampass == NULL) … … 1206 1214 if (!IS_SAM_DEFAULT(sampass, PDB_USERSID)) { 1207 1215 rid = pdb_get_user_rid(sampass); 1208 1216 1209 1217 /* If the user specified a RID, make sure its able to be both stored and retreived */ 1210 if (rid == DOMAIN_ USER_RID_GUEST) {1218 if (rid == DOMAIN_RID_GUEST) { 1211 1219 struct passwd *passwd = Get_Pwnam_alloc(NULL, lp_guestaccount()); 1212 1220 if (!passwd) { 1213 DEBUG(0, ("Could not find guest account via getpwnam()! (%s)\n", lp_guestaccount()));1221 DEBUG(0, ("Could not find guest account via Get_Pwnam_alloc()! (%s)\n", lp_guestaccount())); 1214 1222 return False; 1215 1223 } … … 1243 1251 { 1244 1252 struct passwd *pwfile; 1245 1253 1246 1254 if ( !sam_pass ) { 1247 1255 DEBUG(5,("build_sam_account: struct samu is NULL\n")); … … 1256 1264 return False; 1257 1265 } 1258 1266 1259 1267 if ( !NT_STATUS_IS_OK( samu_set_unix(sam_pass, pwfile )) ) 1260 1268 return False; 1261 1269 1262 1270 TALLOC_FREE(pwfile); 1263 1271 1264 1272 /* set remaining fields */ 1265 1273 1266 1274 if (!pdb_set_nt_passwd (sam_pass, pw_buf->smb_nt_passwd, PDB_SET)) 1267 1275 return False; … … 1271 1279 pdb_set_pass_last_set_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET); 1272 1280 pdb_set_pass_can_change_time (sam_pass, pw_buf->pass_last_set_time, PDB_SET); 1273 1281 1274 1282 return True; 1275 1283 } … … 1307 1315 while ( ((smb_pw=getsmbfilepwent(smbpasswd_state, fp)) != NULL)&& (!strequal(smb_pw->smb_name, username)) ) 1308 1316 /* do nothing....another loop */ ; 1309 1317 1310 1318 endsmbfilepwent(fp, &(smbpasswd_state->pw_file_lock_depth)); 1311 1319 … … 1314 1322 if (smb_pw == NULL) 1315 1323 return nt_status; 1316 1324 1317 1325 DEBUG(10, ("getsampwnam (smbpasswd): found by name: %s\n", smb_pw->smb_name)); 1318 1326 … … 1321 1329 return nt_status; 1322 1330 } 1323 1331 1324 1332 /* now build the struct samu */ 1325 1333 if (!build_sam_account(smbpasswd_state, sam_acct, smb_pw)) … … 1330 1338 } 1331 1339 1332 static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct samu *sam_acct, const DOM_SID*sid)1340 static NTSTATUS smbpasswd_getsampwsid(struct pdb_methods *my_methods, struct samu *sam_acct, const struct dom_sid *sid) 1333 1341 { 1334 1342 NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; … … 1336 1344 struct smb_passwd *smb_pw; 1337 1345 FILE *fp = NULL; 1338 uint32 rid;1339 1346 uint32_t rid; 1347 1340 1348 DEBUG(10, ("smbpasswd_getsampwrid: search by sid: %s\n", 1341 1349 sid_string_dbg(sid))); … … 1345 1353 1346 1354 /* More special case 'guest account' hacks... */ 1347 if (rid == DOMAIN_ USER_RID_GUEST) {1355 if (rid == DOMAIN_RID_GUEST) { 1348 1356 const char *guest_account = lp_guestaccount(); 1349 1357 if (!(guest_account && *guest_account)) { … … 1371 1379 if (smb_pw == NULL) 1372 1380 return nt_status; 1373 1381 1374 1382 DEBUG(10, ("getsampwrid (smbpasswd): found by name: %s\n", smb_pw->smb_name)); 1375 1383 1376 1384 if (!sam_acct) { 1377 1385 DEBUG(10,("getsampwrid: (smbpasswd) struct samu is NULL\n")); … … 1384 1392 1385 1393 /* build_sam_account might change the SID on us, if the name was for the guest account */ 1386 if (NT_STATUS_IS_OK(nt_status) && ! sid_equal(pdb_get_user_sid(sam_acct), sid)) {1394 if (NT_STATUS_IS_OK(nt_status) && !dom_sid_equal(pdb_get_user_sid(sam_acct), sid)) { 1387 1395 DEBUG(1, ("looking for user with sid %s instead returned %s " 1388 1396 "for account %s!?!\n", sid_string_dbg(sid), … … 1400 1408 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; 1401 1409 struct smb_passwd smb_pw; 1402 1410 1403 1411 /* convert the struct samu */ 1404 1412 if (!build_smb_pass(&smb_pw, sampass)) { 1405 1413 return NT_STATUS_UNSUCCESSFUL; 1406 1414 } 1407 1415 1408 1416 /* add the entry */ 1409 1417 return add_smbfilepwd_entry(smbpasswd_state, &smb_pw); … … 1414 1422 struct smbpasswd_privates *smbpasswd_state = (struct smbpasswd_privates*)my_methods->private_data; 1415 1423 struct smb_passwd smb_pw; 1416 1424 1417 1425 /* convert the struct samu */ 1418 1426 if (!build_smb_pass(&smb_pw, sampass)) { … … 1420 1428 return NT_STATUS_UNSUCCESSFUL; 1421 1429 } 1422 1430 1423 1431 /* update the entry */ 1424 1432 if(!mod_smbfilepwd_entry(smbpasswd_state, &smb_pw)) { … … 1426 1434 return NT_STATUS_UNSUCCESSFUL; 1427 1435 } 1428 1436 1429 1437 return NT_STATUS_OK; 1430 1438 } … … 1458 1466 return NT_STATUS_NO_MEMORY; 1459 1467 } 1460 1468 1461 1469 if ( !pdb_copy_sam_account( new_acct, old_acct ) 1462 1470 || !pdb_set_username(new_acct, newname, PDB_CHANGED)) … … 1529 1537 if (new_acct) 1530 1538 TALLOC_FREE(new_acct); 1531 1539 1532 1540 return (ret); 1533 1541 } … … 1541 1549 { 1542 1550 struct smbpasswd_privates **privates = (struct smbpasswd_privates**)vp; 1543 1551 1544 1552 endsmbfilepwent((*privates)->pw_file, &((*privates)->pw_file_lock_depth)); 1545 1553 1546 1554 *privates = NULL; 1547 1555 /* No need to free any further, as it is talloc()ed */ … … 1711 1719 privates->smbpasswd_file = talloc_strdup(*pdb_method, lp_smb_passwd_file()); 1712 1720 } 1713 1721 1714 1722 if (!privates->smbpasswd_file) { 1715 1723 DEBUG(0, ("talloc_strdp() failed for storing smbpasswd location!\n")); -
trunk/server/source3/passdb/pdb_tdb.c
r657 r745 24 24 25 25 #include "includes.h" 26 #include "system/filesys.h" 27 #include "passdb.h" 28 #include "dbwrap.h" 29 #include "../libcli/security/security.h" 30 #include "util_tdb.h" 26 31 27 32 #if 0 /* when made a module use this */ … … 618 623 619 624 static NTSTATUS tdbsam_getsampwsid(struct pdb_methods *my_methods, 620 struct samu * user, const DOM_SID*sid)625 struct samu * user, const struct dom_sid *sid) 621 626 { 622 627 uint32 rid; -
trunk/server/source3/passdb/pdb_wbc_sam.c
r414 r745 38 38 39 39 #include "includes.h" 40 #include "passdb.h" 41 #include "lib/winbind_util.h" 40 42 41 43 /*************************************************************************** … … 51 53 return NT_STATUS_NO_SUCH_USER; 52 54 53 memset(user, 0, sizeof(user));55 ZERO_STRUCTP(user); 54 56 55 57 /* Can we really get away with this little of information */ … … 65 67 } 66 68 67 static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const DOM_SID*sid)69 static NTSTATUS pdb_wbc_sam_getsampwsid(struct pdb_methods *methods, struct samu *user, const struct dom_sid *sid) 68 70 { 69 71 return _pdb_wbc_sam_getsampw(methods, user, winbind_getpwsid(sid)); … … 71 73 72 74 static bool pdb_wbc_sam_uid_to_sid(struct pdb_methods *methods, uid_t uid, 73 DOM_SID*sid)75 struct dom_sid *sid) 74 76 { 75 77 return winbind_uid_to_sid(sid, uid); … … 77 79 78 80 static bool pdb_wbc_sam_gid_to_sid(struct pdb_methods *methods, gid_t gid, 79 DOM_SID*sid)81 struct dom_sid *sid) 80 82 { 81 83 return winbind_gid_to_sid(sid, gid); … … 84 86 static NTSTATUS pdb_wbc_sam_enum_group_members(struct pdb_methods *methods, 85 87 TALLOC_CTX *mem_ctx, 86 const DOM_SID*group,88 const struct dom_sid *group, 87 89 uint32 **pp_member_rids, 88 90 size_t *p_num_members) … … 94 96 TALLOC_CTX *mem_ctx, 95 97 struct samu *user, 96 DOM_SID**pp_sids,98 struct dom_sid **pp_sids, 97 99 gid_t **pp_gids, 98 size_t *p_num_groups)100 uint32_t *p_num_groups) 99 101 { 100 102 size_t i; … … 111 113 } 112 114 113 *pp_sids = TALLOC_ARRAY(mem_ctx, DOM_SID, *p_num_groups);115 *pp_sids = TALLOC_ARRAY(mem_ctx, struct dom_sid, *p_num_groups); 114 116 115 117 if (*pp_sids == NULL) { … … 126 128 127 129 static NTSTATUS pdb_wbc_sam_lookup_rids(struct pdb_methods *methods, 128 const DOM_SID*domain_sid,130 const struct dom_sid *domain_sid, 129 131 int num_rids, 130 132 uint32 *rids, … … 186 188 static bool pdb_wbc_sam_search_aliases(struct pdb_methods *methods, 187 189 struct pdb_search *search, 188 const DOM_SID*sid)190 const struct dom_sid *sid) 189 191 { 190 192 … … 195 197 const char *domain, 196 198 char **pwd, 197 DOM_SID*sid,199 struct dom_sid *sid, 198 200 time_t *pass_last_set_time) 199 201 { … … 205 207 const char *domain, 206 208 const char *pwd, 207 const DOM_SID*sid)209 const struct dom_sid *sid) 208 210 { 209 211 return false; … … 224 226 } 225 227 226 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, DOM_SID*sid, GROUP_MAP *map)228 static bool _make_group_map(struct pdb_methods *methods, const char *domain, const char *name, enum lsa_SidType name_type, gid_t gid, struct dom_sid *sid, GROUP_MAP *map) 227 229 { 228 230 snprintf(map->nt_name, sizeof(map->nt_name), "%s%c%s", … … 235 237 236 238 static NTSTATUS pdb_wbc_sam_getgrsid(struct pdb_methods *methods, GROUP_MAP *map, 237 DOM_SIDsid)239 struct dom_sid sid) 238 240 { 239 241 NTSTATUS result = NT_STATUS_OK; … … 279 281 char *name = NULL; 280 282 char *domain = NULL; 281 DOM_SIDsid;283 struct dom_sid sid; 282 284 enum lsa_SidType name_type; 283 285 … … 318 320 NTSTATUS result = NT_STATUS_OK; 319 321 const char *domain = ""; 320 DOM_SIDsid;322 struct dom_sid sid; 321 323 gid_t gid; 322 324 enum lsa_SidType name_type; … … 351 353 352 354 static NTSTATUS pdb_wbc_sam_enum_group_mapping(struct pdb_methods *methods, 353 const DOM_SID*sid, enum lsa_SidType sid_name_use,355 const struct dom_sid *sid, enum lsa_SidType sid_name_use, 354 356 GROUP_MAP **pp_rmap, size_t *p_num_entries, 355 357 bool unix_only) … … 359 361 360 362 static NTSTATUS pdb_wbc_sam_get_aliasinfo(struct pdb_methods *methods, 361 const DOM_SID*sid,363 const struct dom_sid *sid, 362 364 struct acct_info *info) 363 365 { … … 366 368 367 369 static NTSTATUS pdb_wbc_sam_enum_aliasmem(struct pdb_methods *methods, 368 const DOM_SID*alias,370 const struct dom_sid *alias, 369 371 TALLOC_CTX *mem_ctx, 370 DOM_SID**pp_members,372 struct dom_sid **pp_members, 371 373 size_t *p_num_members) 372 374 { … … 376 378 static NTSTATUS pdb_wbc_sam_alias_memberships(struct pdb_methods *methods, 377 379 TALLOC_CTX *mem_ctx, 378 const DOM_SID*domain_sid,379 const DOM_SID*members,380 const struct dom_sid *domain_sid, 381 const struct dom_sid *members, 380 382 size_t num_members, 381 383 uint32 **pp_alias_rids, -
trunk/server/source3/passdb/secrets.c
r480 r745 24 24 25 25 #include "includes.h" 26 #include "system/filesys.h" 27 #include "passdb.h" 26 28 #include "../libcli/auth/libcli_auth.h" 27 29 #include "librpc/gen_ndr/ndr_secrets.h" 30 #include "secrets.h" 31 #include "dbwrap.h" 32 #include "../libcli/security/security.h" 33 #include "util_tdb.h" 28 34 29 35 #undef DBGC_CLASS … … 31 37 32 38 static struct db_context *db_ctx; 33 34 /* Urrrg. global.... */35 bool global_machine_password_needs_changing;36 39 37 40 /** … … 171 174 172 175 /** 173 * Form a key for fetching the domain sid174 *175 * @param domain domain name176 *177 * @return keystring178 **/179 static const char *domain_sid_keystr(const char *domain)180 {181 char *keystr;182 183 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",184 SECRETS_DOMAIN_SID, domain);185 SMB_ASSERT(keystr != NULL);186 return keystr;187 }188 189 bool secrets_store_domain_sid(const char *domain, const DOM_SID *sid)190 {191 bool ret;192 193 ret = secrets_store(domain_sid_keystr(domain), sid, sizeof(DOM_SID));194 195 /* Force a re-query, in case we modified our domain */196 if (ret)197 reset_global_sam_sid();198 return ret;199 }200 201 bool secrets_fetch_domain_sid(const char *domain, DOM_SID *sid)202 {203 DOM_SID *dyn_sid;204 size_t size = 0;205 206 dyn_sid = (DOM_SID *)secrets_fetch(domain_sid_keystr(domain), &size);207 208 if (dyn_sid == NULL)209 return False;210 211 if (size != sizeof(DOM_SID)) {212 SAFE_FREE(dyn_sid);213 return False;214 }215 216 *sid = *dyn_sid;217 SAFE_FREE(dyn_sid);218 return True;219 }220 221 bool secrets_store_domain_guid(const char *domain, struct GUID *guid)222 {223 fstring key;224 225 slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);226 strupper_m(key);227 return secrets_store(key, guid, sizeof(struct GUID));228 }229 230 bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid)231 {232 struct GUID *dyn_guid;233 fstring key;234 size_t size = 0;235 struct GUID new_guid;236 237 slprintf(key, sizeof(key)-1, "%s/%s", SECRETS_DOMAIN_GUID, domain);238 strupper_m(key);239 dyn_guid = (struct GUID *)secrets_fetch(key, &size);240 241 if (!dyn_guid) {242 if (lp_server_role() == ROLE_DOMAIN_PDC) {243 new_guid = GUID_random();244 if (!secrets_store_domain_guid(domain, &new_guid))245 return False;246 dyn_guid = (struct GUID *)secrets_fetch(key, &size);247 }248 if (dyn_guid == NULL) {249 return False;250 }251 }252 253 if (size != sizeof(struct GUID)) {254 DEBUG(1,("UUID size %d is wrong!\n", (int)size));255 SAFE_FREE(dyn_guid);256 return False;257 }258 259 *guid = *dyn_guid;260 SAFE_FREE(dyn_guid);261 return True;262 }263 264 bool secrets_store_local_schannel_key(uint8_t schannel_key[16])265 {266 return secrets_store(SECRETS_LOCAL_SCHANNEL_KEY, schannel_key, 16);267 }268 269 bool secrets_fetch_local_schannel_key(uint8_t schannel_key[16])270 {271 size_t size = 0;272 uint8_t *key;273 274 key = (uint8_t *)secrets_fetch(SECRETS_LOCAL_SCHANNEL_KEY, &size);275 if (key == NULL) {276 return false;277 }278 279 if (size != 16) {280 SAFE_FREE(key);281 return false;282 }283 284 memcpy(schannel_key, key, 16);285 SAFE_FREE(key);286 return true;287 }288 289 /**290 * Form a key for fetching the machine trust account sec channel type291 *292 * @param domain domain name293 *294 * @return keystring295 **/296 static const char *machine_sec_channel_type_keystr(const char *domain)297 {298 char *keystr;299 300 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",301 SECRETS_MACHINE_SEC_CHANNEL_TYPE,302 domain);303 SMB_ASSERT(keystr != NULL);304 return keystr;305 }306 307 /**308 * Form a key for fetching the machine trust account last change time309 *310 * @param domain domain name311 *312 * @return keystring313 **/314 static const char *machine_last_change_time_keystr(const char *domain)315 {316 char *keystr;317 318 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",319 SECRETS_MACHINE_LAST_CHANGE_TIME,320 domain);321 SMB_ASSERT(keystr != NULL);322 return keystr;323 }324 325 326 /**327 * Form a key for fetching the machine previous trust account password328 *329 * @param domain domain name330 *331 * @return keystring332 **/333 static const char *machine_prev_password_keystr(const char *domain)334 {335 char *keystr;336 337 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",338 SECRETS_MACHINE_PASSWORD_PREV, domain);339 SMB_ASSERT(keystr != NULL);340 return keystr;341 }342 343 /**344 * Form a key for fetching the machine trust account password345 *346 * @param domain domain name347 *348 * @return keystring349 **/350 static const char *machine_password_keystr(const char *domain)351 {352 char *keystr;353 354 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",355 SECRETS_MACHINE_PASSWORD, domain);356 SMB_ASSERT(keystr != NULL);357 return keystr;358 }359 360 /**361 * Form a key for fetching the machine trust account password362 *363 * @param domain domain name364 *365 * @return stored password's key366 **/367 static const char *trust_keystr(const char *domain)368 {369 char *keystr;370 371 keystr = talloc_asprintf_strupper_m(talloc_tos(), "%s/%s",372 SECRETS_MACHINE_ACCT_PASS, domain);373 SMB_ASSERT(keystr != NULL);374 return keystr;375 }376 377 /**378 176 * Form a key for fetching a trusted domain password 379 177 * … … 394 192 395 193 /************************************************************************ 396 Lock the trust password entry.397 ************************************************************************/398 399 void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain)400 {401 if (!secrets_init()) {402 return NULL;403 }404 405 return db_ctx->fetch_locked(406 db_ctx, mem_ctx, string_term_tdb_data(trust_keystr(domain)));407 }408 409 /************************************************************************410 Routine to get the default secure channel type for trust accounts411 ************************************************************************/412 413 enum netr_SchannelType get_default_sec_channel(void)414 {415 if (lp_server_role() == ROLE_DOMAIN_BDC ||416 lp_server_role() == ROLE_DOMAIN_PDC) {417 return SEC_CHAN_BDC;418 } else {419 return SEC_CHAN_WKSTA;420 }421 }422 423 /************************************************************************424 Routine to get the trust account password for a domain.425 This only tries to get the legacy hashed version of the password.426 The user of this function must have locked the trust password file using427 the above secrets_lock_trust_account_password().428 ************************************************************************/429 430 bool secrets_fetch_trust_account_password_legacy(const char *domain,431 uint8 ret_pwd[16],432 time_t *pass_last_set_time,433 enum netr_SchannelType *channel)434 {435 struct machine_acct_pass *pass;436 size_t size = 0;437 438 if (!(pass = (struct machine_acct_pass *)secrets_fetch(439 trust_keystr(domain), &size))) {440 DEBUG(5, ("secrets_fetch failed!\n"));441 return False;442 }443 444 if (size != sizeof(*pass)) {445 DEBUG(0, ("secrets were of incorrect size!\n"));446 SAFE_FREE(pass);447 return False;448 }449 450 if (pass_last_set_time) {451 *pass_last_set_time = pass->mod_time;452 }453 memcpy(ret_pwd, pass->hash, 16);454 455 if (channel) {456 *channel = get_default_sec_channel();457 }458 459 /* Test if machine password has expired and needs to be changed */460 if (lp_machine_password_timeout()) {461 if (pass->mod_time > 0 && time(NULL) > (pass->mod_time +462 (time_t)lp_machine_password_timeout())) {463 global_machine_password_needs_changing = True;464 }465 }466 467 SAFE_FREE(pass);468 return True;469 }470 471 /************************************************************************472 Routine to get the trust account password for a domain.473 The user of this function must have locked the trust password file using474 the above secrets_lock_trust_account_password().475 ************************************************************************/476 477 bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],478 time_t *pass_last_set_time,479 enum netr_SchannelType *channel)480 {481 char *plaintext;482 483 plaintext = secrets_fetch_machine_password(domain, pass_last_set_time,484 channel);485 if (plaintext) {486 DEBUG(4,("Using cleartext machine password\n"));487 E_md4hash(plaintext, ret_pwd);488 SAFE_FREE(plaintext);489 return True;490 }491 492 return secrets_fetch_trust_account_password_legacy(domain, ret_pwd,493 pass_last_set_time,494 channel);495 }496 497 /************************************************************************498 194 Routine to get account password to trusted domain 499 195 ************************************************************************/ 500 196 501 197 bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd, 502 DOM_SID*sid, time_t *pass_last_set_time)198 struct dom_sid *sid, time_t *pass_last_set_time) 503 199 { 504 200 struct TRUSTED_DOM_PASS pass; … … 516 212 517 213 /* unpack trusted domain password */ 518 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL,&pass,214 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass, 519 215 (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); 216 217 SAFE_FREE(blob.data); 218 520 219 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { 521 220 return false; 522 221 } 523 222 524 SAFE_FREE(blob.data);525 223 526 224 /* the trust's password */ … … 552 250 553 251 bool secrets_store_trusted_domain_password(const char* domain, const char* pwd, 554 const DOM_SID*sid)252 const struct dom_sid *sid) 555 253 { 556 254 bool ret; … … 575 273 sid_copy(&pass.domain_sid, sid); 576 274 577 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), NULL,&pass,275 ndr_err = ndr_push_struct_blob(&blob, talloc_tos(), &pass, 578 276 (ndr_push_flags_fn_t)ndr_push_TRUSTED_DOM_PASS); 579 277 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { … … 584 282 585 283 data_blob_free(&blob); 586 587 return ret;588 }589 590 /************************************************************************591 Routine to delete the old plaintext machine account password if any592 ************************************************************************/593 594 static bool secrets_delete_prev_machine_password(const char *domain)595 {596 char *oldpass = (char *)secrets_fetch(machine_prev_password_keystr(domain), NULL);597 if (oldpass == NULL) {598 return true;599 }600 SAFE_FREE(oldpass);601 return secrets_delete(machine_prev_password_keystr(domain));602 }603 604 /************************************************************************605 Routine to delete the plaintext machine account password and old606 password if any607 ************************************************************************/608 609 bool secrets_delete_machine_password(const char *domain)610 {611 if (!secrets_delete_prev_machine_password(domain)) {612 return false;613 }614 return secrets_delete(machine_password_keystr(domain));615 }616 617 /************************************************************************618 Routine to delete the plaintext machine account password, old password,619 sec channel type and last change time from secrets database620 ************************************************************************/621 622 bool secrets_delete_machine_password_ex(const char *domain)623 {624 if (!secrets_delete_prev_machine_password(domain)) {625 return false;626 }627 if (!secrets_delete(machine_password_keystr(domain))) {628 return false;629 }630 if (!secrets_delete(machine_sec_channel_type_keystr(domain))) {631 return false;632 }633 return secrets_delete(machine_last_change_time_keystr(domain));634 }635 636 /************************************************************************637 Routine to delete the domain sid638 ************************************************************************/639 640 bool secrets_delete_domain_sid(const char *domain)641 {642 return secrets_delete(domain_sid_keystr(domain));643 }644 645 /************************************************************************646 Routine to store the previous machine password (by storing the current password647 as the old)648 ************************************************************************/649 650 static bool secrets_store_prev_machine_password(const char *domain)651 {652 char *oldpass;653 bool ret;654 655 oldpass = (char *)secrets_fetch(machine_password_keystr(domain), NULL);656 if (oldpass == NULL) {657 return true;658 }659 ret = secrets_store(machine_prev_password_keystr(domain), oldpass, strlen(oldpass)+1);660 SAFE_FREE(oldpass);661 return ret;662 }663 664 /************************************************************************665 Routine to set the plaintext machine account password for a realm666 the password is assumed to be a null terminated ascii string.667 Before storing668 ************************************************************************/669 670 bool secrets_store_machine_password(const char *pass, const char *domain,671 enum netr_SchannelType sec_channel)672 {673 bool ret;674 uint32 last_change_time;675 uint32 sec_channel_type;676 677 if (!secrets_store_prev_machine_password(domain)) {678 return false;679 }680 681 ret = secrets_store(machine_password_keystr(domain), pass, strlen(pass)+1);682 if (!ret)683 return ret;684 685 SIVAL(&last_change_time, 0, time(NULL));686 ret = secrets_store(machine_last_change_time_keystr(domain), &last_change_time, sizeof(last_change_time));687 688 SIVAL(&sec_channel_type, 0, sec_channel);689 ret = secrets_store(machine_sec_channel_type_keystr(domain), &sec_channel_type, sizeof(sec_channel_type));690 691 return ret;692 }693 694 695 /************************************************************************696 Routine to fetch the previous plaintext machine account password for a realm697 the password is assumed to be a null terminated ascii string.698 ************************************************************************/699 700 char *secrets_fetch_prev_machine_password(const char *domain)701 {702 return (char *)secrets_fetch(machine_prev_password_keystr(domain), NULL);703 }704 705 /************************************************************************706 Routine to fetch the plaintext machine account password for a realm707 the password is assumed to be a null terminated ascii string.708 ************************************************************************/709 710 char *secrets_fetch_machine_password(const char *domain,711 time_t *pass_last_set_time,712 enum netr_SchannelType *channel)713 {714 char *ret;715 ret = (char *)secrets_fetch(machine_password_keystr(domain), NULL);716 717 if (pass_last_set_time) {718 size_t size;719 uint32 *last_set_time;720 last_set_time = (unsigned int *)secrets_fetch(machine_last_change_time_keystr(domain), &size);721 if (last_set_time) {722 *pass_last_set_time = IVAL(last_set_time,0);723 SAFE_FREE(last_set_time);724 } else {725 *pass_last_set_time = 0;726 }727 }728 729 if (channel) {730 size_t size;731 uint32 *channel_type;732 channel_type = (unsigned int *)secrets_fetch(machine_sec_channel_type_keystr(domain), &size);733 if (channel_type) {734 *channel = IVAL(channel_type,0);735 SAFE_FREE(channel_type);736 } else {737 *channel = get_default_sec_channel();738 }739 }740 284 741 285 return ret; … … 863 407 blob = data_blob_const(rec->value.dptr, rec->value.dsize); 864 408 865 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), NULL,&pass,409 ndr_err = ndr_pull_struct_blob(&blob, talloc_tos(), &pass, 866 410 (ndr_pull_flags_fn_t)ndr_pull_TRUSTED_DOM_PASS); 867 411 if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) { … … 905 449 struct list_trusted_domains_state state; 906 450 907 secrets_init(); 908 909 if (db_ctx == NULL) { 451 if (!secrets_init()) { 910 452 return NT_STATUS_ACCESS_DENIED; 911 453 } … … 1064 606 1065 607 if (( ! owner) || ( ! key)) { 1066 DEBUG(1, ("Invalid Param ters"));608 DEBUG(1, ("Invalid Parameters")); 1067 609 return NULL; 1068 610 }
Note:
See TracChangeset
for help on using the changeset viewer.